{ "swagger": "2.0", "basePath": "/api/v3/onezone", "info": { "version": "20.02.13", "title": "Onezone", "x-bash-codegen-description": "This is the RESTful API definition of Onezone component of Onedata\ndata management system [onedata.org](http://onedata.org).\n\nThis API allows control and configuration of local Onezone service deployment,\nin particular management of users, groups, spaces, shares, providers,\nhandle services, handles and clusters.\n\n## Authentication and authorization\nTo be able to use this API, the REST client must authenticate with the Onezone\nservice and posses required authorization, which is determined based on\nclient's privileges and relations in the system.\n\nThere are essentially three types of REST clients depending on the authentication:\n * **users** - can authenticate using an access token or basic credentials\n (only for users originating from Onezone's onepanel). Examples:\n ```bash\n curl -H \"x-auth-token: $TOKEN\" [...]\n curl -H \"authorization: Bearer $TOKEN\" [...]\n curl -u \"username:password\" [...]\n curl -H \"macaroon: $TOKEN\" [...] # DEPRECATED\n ```\n > `$TOKEN` can ba a Onedata access token, obtained via Onezone GUI or API, in the form\n `MDAxNWxvY2F00aW9...`. If authority delegation for given IdP is enabled,\n it is possible to provide an access token from the IdP, which must be prefixed\n properly (depending on the configuration), e.g.: `github/GST5aasdA...`.\n\n * **Oneproviders** - can authenticate using the provider root token,\n which was assigned during registration in Onezone. It can be found in\n `/etc/op_worker/provider_root_token.txt`. It is used just like a user\n access token, for example:\n ```bash\n curl -H \"x-auth-token: $TOKEN\" [...]\n curl -H \"authorization: Bearer $TOKEN\" [...]\n curl -H \"macaroon: $TOKEN\" [...] # DEPRECATED\n ```\n > Please mind that the provider root token is highly confidential and must\n be kept secret (similarly to a private RSA key).\n\n * **anonymous** - there is a small subset of operations that do not require\n any authentication and are publicly available (look for information about\n public availability in the endpoint descriptions).\n\nThe authorization of the client is determined based on existing relations and\nprivileges in the system. In most cases, the rules below can be roughly applied:\n * users and providers can access and modify their own data\n * users can perform operations in groups, spaces, handle services, handles\n and clusters depending on their privileges in subject entity - the required\n privileges are listed in the description of each operation\n * users can be given special admin privileges (fine-grained) that allow to\n access and modify all entities in the system - see certain operations for\n details.\n\nAuthentication and Authorization errors have the following meaning:\n * HTTP 401 UNAUTHORIZED - the client could not be authenticated\n * HTTP 403 FORBIDDEN - the client was authenticated, but is not permitted to\n perform the action\n\n## Effective users and effective groups and spaces\nOnedata supports creation of arbitrary nested group and space membership tree\nstructures. In order to determine if a given user belongs to the group\ndirectly or indirectly by belonging to a subgroup of a group, separate API\ncalls are provided for getting information about group users\n(direct group members) and effective users (indirect group members).\n\n## API structure\nThe API is divided into several categories, corresponding to entities in Onedata:\n\n**Space management**\nThe space management operations of this API provide means for accessing\ninformation about spaces and their management.\n\n**Share management**\nThe share management operations of this API provide means for accessing\ninformation about shares and their management.\n\n**Group management**\nThe group management operations allow creation of user groups, assigning\ntheir authorization rights, adding and removing users from groups.\n\n**User management**\nThe user management methods allow creation of users, managing their\nauthorization credentials as well as space and group membership.\n\n**Provider management**\nProvider specific calls allow getting global information about the spaces\nmanaged by the provider, and some administrative operations which can be used\nfor monitoring or accounting.\n\n**Handle service management**\nThe handle service management operations of this API provide means for\naccessing information about handle services and their management.\n\n**Handle API**\nOnezone provides extensive support for integration with Handle system\nregistration services, including support for DOI and PID identifier assignment\nservices. The API provides methods for adding new Handle services to the\nsystem, managing which users can use which registration services and complete\nAPI for registering identifiers to users' data sets which are made public.\n\n**Cluster management**\nOperations for managing Onezone / Oneprovider clusters and their members -\nusers and groups that can access the Onepanel interfaces (REST or GUI) of\na cluster.\n", "description": "# Overview\nThis is the RESTful API definition of Onezone component of Onedata\ndata management system [onedata.org](http://onedata.org).\n\n> This API is defined using [Swagger](http://swagger.io/), the JSON\nspecification can be used to automatically generate client libraries -\n[swagger.json](../../../swagger/onezone/swagger.json).\n\nThis API allows control and configuration of local Onezone service deployment,\nin particular management of users, groups, spaces, shares, providers,\nhandle services, handles and clusters.\n\n## Authentication and authorization\nTo be able to use this API, the REST client must authenticate with the Onezone\nservice and posses required authorization, which is determined based on\nclient's privileges and relations in the system.\n\nThere are essentially three types of REST clients depending on the authentication:\n * **users** - can authenticate using an access token or basic credentials\n (only for users originating from Onezone's onepanel). Examples:\n ```bash\n curl -H \"x-auth-token: $TOKEN\" [...]\n curl -H \"authorization: Bearer $TOKEN\" [...]\n curl -u \"username:password\" [...]\n curl -H \"macaroon: $TOKEN\" [...] # DEPRECATED\n ```\n > `$TOKEN` can ba a Onedata access token, obtained via Onezone GUI or API, in the form\n `MDAxNWxvY2F00aW9...`. If authority delegation for given IdP is enabled,\n it is possible to provide an access token from the IdP, which must be prefixed\n properly (depending on the configuration), e.g.: `github/GST5aasdA...`.\n\n * **Oneproviders** - can authenticate using the provider root token,\n which was assigned during registration in Onezone. It can be found in\n `/etc/op_worker/provider_root_token.txt`. It is used just like a user\n access token, for example:\n ```bash\n curl -H \"x-auth-token: $TOKEN\" [...]\n curl -H \"authorization: Bearer $TOKEN\" [...]\n curl -H \"macaroon: $TOKEN\" [...] # DEPRECATED\n ```\n > Please mind that the provider root token is highly confidential and must\n be kept secret (similarly to a private RSA key).\n\n * **anonymous** - there is a small subset of operations that do not require\n any authentication and are publicly available (look for information about\n public availability in the endpoint descriptions).\n\nThe authorization of the client is determined based on existing relations and\nprivileges in the system. In most cases, the rules below can be roughly applied:\n * users and providers can access and modify their own data\n * users can perform operations in groups, spaces, handle services, handles\n and clusters depending on their privileges in subject entity - the required\n privileges are listed in the description of each operation\n * users can be given special admin privileges (fine-grained) that allow to\n access and modify all entities in the system - see certain operations for\n details.\n\nAuthentication and Authorization errors have the following meaning:\n * HTTP 401 UNAUTHORIZED - the client could not be authenticated\n * HTTP 403 FORBIDDEN - the client was authenticated, but is not permitted to\n perform the action\n\n## Effective users and effective groups and spaces\nOnedata supports creation of arbitrary nested group and space membership tree\nstructures. In order to determine if a given user belongs to the group\ndirectly or indirectly by belonging to a subgroup of a group, separate API\ncalls are provided for getting information about group users\n(direct group members) and effective users (indirect group members).\n\n## API structure\nThe API is divided into several categories, corresponding to entities in Onedata:\n\n**Space management**\nThe space management operations of this API provide means for accessing\ninformation about spaces and their management.\n\n**Share management**\nThe share management operations of this API provide means for accessing\ninformation about shares and their management.\n\n**Group management**\nThe group management operations allow creation of user groups, assigning\ntheir authorization rights, adding and removing users from groups.\n\n**User management**\nThe user management methods allow creation of users, managing their\nauthorization credentials as well as space and group membership.\n\n**Provider management**\nProvider specific calls allow getting global information about the spaces\nmanaged by the provider, and some administrative operations which can be used\nfor monitoring or accounting.\n\n**Handle service management**\nThe handle service management operations of this API provide means for\naccessing information about handle services and their management.\n\n**Handle API**\nOnezone provides extensive support for integration with Handle system\nregistration services, including support for DOI and PID identifier assignment\nservices. The API provides methods for adding new Handle services to the\nsystem, managing which users can use which registration services and complete\nAPI for registering identifiers to users' data sets which are made public.\n\n**Cluster management**\nOperations for managing Onezone / Oneprovider clusters and their members -\nusers and groups that can access the Onepanel interfaces (REST or GUI) of\na cluster.\n\n\n## Using the API\nOnezone API is quite complex and thus it might be difficult to quickly figure\nout how to perform specific action, however the following guidelines might\nbe useful:\n * Operations performed by a regular users on their resources are grouped under\n `/user` path (**USER** group in the menu)\n * Operations performed by administrators of specific resources (e.g. groups,\n spaces, shares) start with specific resource (e.g. `/groups`)\n * By default the operations which list resource membership\n (e.g. `/spaces/SPACE_ID/groups/`) will list explicit resource membership.\n To get list of effective resource membership (i.e. including indirect\n membership), special paths are provided\n (e.g. `/spaces/SPACE_ID/effective_groups/`)\n\nFurthermore, we have prepared a command-line client environment based on Docker\nwhich gives easy access to each of Onedata services via command-line clients,\nwith pre-configured shell with full help on the APIs and autocomplete for\noperations and attributes.\n\n```\ndocker run -it onedata/rest-cli:20.02.13\n```\n\nBelow you can find some tutorials which show how to use this API in practice:\n * [User oriented tutorial](https://onedata.org/#/home/documentation/doc/using_onedata/using_onedata_from_cli.html)\n * [Administrator oriented tutorial](https://onedata.org/#/home/documentation/doc/administering_onedata/administering_onedata_from_cli.html)\n\n\n## Examples\n\n**Generate new authentication token**\n```bash\ncurl -u user:password -X POST -H 'Content-type: application/json' -d '{}' \\\nhttps://$ONEZONE_HOST/api/v3/onezone/user/client_tokens\n```\n\n**Get user details**\n```bash\ncurl -H 'X-Auth-Token: $TOKEN' -X GET \\\nhttps://$ONEZONE_HOST/api/v3/onezone/user\n```\n\n**Get user details using an access token from github**\n```bash\ncurl -H 'X-Auth-Token: github/ijaAVWq3j9234jA9gPoR9agFja89t9UiPf8tiueSdx' -X GET \\\nhttps://$ONEZONE_HOST/api/v3/onezone/user\n```\n> Note that GitHub IdP must be properly configured for the example to work:\n> * authority delegation must be enabled\n> * tokenPrefix must be set to \"github/\"\n>\n> You can learn more in\n> [the documentation](https://onedata.org/#/home/documentation/doc/administering_onedata/openid_saml_configuration/openid_saml_configuration_19_02[authority-delegation].html).\n", "contact": { "name": "Onedata support", "url": "https://onedata.org/#/home/support", "email": "info@onedata.org" }, "license": { "name": "Apache 2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0.html" }, "x-logo": { "url": "https://onedata.org/assets/images/api/onezone-logo.svg", "backgroundColor": "#FFFFFF" } }, "paths": { "/configuration": { "get": { "operationId": "get_configuration", "tags": [ "Zone" ], "x-onedata-gri": { "type": "oz_worker", "aspect": "configuration" }, "x-onedata-permissions": [], "summary": "Returns public configuration of Onezone service.", "x-bash-codegen-description": "Returns public information about the Onezone service.\n\nThis endpoint does not require authentication.\n", "description": "Returns public information about the Onezone service.\n\nThis endpoint does not require authentication.\n\n***Example cURL requests***\n\n**Get public information about the Onezone service**\n```bash\n curl https://$HOST/api/v3/onezone/configuration\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Configuration returned successfully.", "schema": { "$ref": "#/definitions/Configuration" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getConfiguration" } ] } }, "/test_image": { "get": { "operationId": "test_image", "tags": [ "Zone" ], "x-onedata-gri": { "type": "oz_worker", "aspect": "test_image" }, "x-onedata-permissions": [], "summary": "Get test image.", "x-bash-codegen-description": "This endpoint returns a dummy image in `.png` format. It is used internally\nby web applications across Onedata to check connectivity with certain services.\nThis endpoint does not require authentication.\n", "description": "This endpoint returns a dummy image in `.png` format. It is used internally by web applications across Onedata to check connectivity with certain services. This endpoint does not require authentication.\n", "produces": [ "image/png" ], "responses": { "200": { "description": "Test image." }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli testImage" } ] } }, "/privileges": { "get": { "operationId": "list_privileges", "tags": [ "Zone" ], "x-onedata-gri": { "type": "oz_worker", "aspect": "privileges" }, "x-onedata-permissions": [], "summary": "List all admin privileges.", "x-bash-codegen-description": "Returns list of all possible Onezone admin privileges.\n\nThis endpoint does not require authentication.\n", "description": "Returns list of all possible Onezone admin privileges.\n\nThis endpoint does not require authentication.\n\n***Example cURL requests***\n\n**Get list of all Onezone admin privileges**\n```bash\ncurl https://$HOST/api/v3/onezone/privileges\n\n{\n \"admin\": [\n \"oz_view_privileges\",\n \"oz_set_privileges\",\n \"oz_users_list\",\n \"oz_users_view\",\n \"oz_users_create\",\n \"oz_users_manage_passwords\",\n \"oz_users_update\",\n \"oz_users_delete\",\n \"oz_users_list_relationships\",\n \"oz_users_add_relationships\",\n \"oz_users_remove_relationships\",\n \"oz_groups_list\",\n \"oz_groups_view\",\n \"oz_groups_create\",\n \"oz_groups_update\",\n \"oz_groups_delete\",\n \"oz_groups_view_privileges\",\n \"oz_groups_set_privileges\",\n \"oz_groups_list_relationships\",\n \"oz_groups_add_relationships\",\n \"oz_groups_remove_relationships\",\n \"oz_spaces_list\",\n \"oz_spaces_view\",\n \"oz_spaces_create\",\n \"oz_spaces_update\",\n \"oz_spaces_delete\",\n \"oz_spaces_view_privileges\",\n \"oz_spaces_set_privileges\",\n \"oz_spaces_list_relationships\",\n \"oz_spaces_add_relationships\",\n \"oz_spaces_remove_relationships\",\n \"oz_shares_list\",\n \"oz_shares_view\",\n \"oz_shares_create\",\n \"oz_shares_update\",\n \"oz_shares_delete\",\n \"oz_providers_list\",\n \"oz_providers_view\",\n \"oz_providers_update\",\n \"oz_providers_delete\",\n \"oz_providers_list_relationships\",\n \"oz_providers_invite\",\n \"oz_handle_services_list\",\n \"oz_handle_services_view\",\n \"oz_handle_services_create\",\n \"oz_handle_services_update\",\n \"oz_handle_services_delete\",\n \"oz_handle_services_view_privileges\",\n \"oz_handle_services_set_privileges\",\n \"oz_handle_services_list_relationships\",\n \"oz_handle_services_add_relationships\",\n \"oz_handle_services_remove_relationships\",\n \"oz_handles_list\",\n \"oz_handles_view\",\n \"oz_handles_create\",\n \"oz_handles_update\",\n \"oz_handles_delete\",\n \"oz_handles_view_privileges\",\n \"oz_handles_set_privileges\",\n \"oz_handles_list_relationships\",\n \"oz_handles_add_relationships\",\n \"oz_handles_remove_relationships\",\n \"oz_harvesters_list\",\n \"oz_harvesters_view\",\n \"oz_harvesters_create\",\n \"oz_harvesters_update\",\n \"oz_harvesters_delete\",\n \"oz_harvesters_view_privileges\",\n \"oz_harvesters_set_privileges\",\n \"oz_harvesters_list_relationships\",\n \"oz_harvesters_add_relationships\",\n \"oz_harvesters_remove_relationships\",\n \"oz_clusters_list\",\n \"oz_clusters_view\",\n \"oz_clusters_update\",\n \"oz_clusters_view_privileges\",\n \"oz_clusters_set_privileges\",\n \"oz_clusters_list_relationships\",\n \"oz_clusters_add_relationships\",\n \"oz_clusters_remove_relationships\"\n ],\n \"viewer\": [\n \"oz_users_list\",\n \"oz_users_view\",\n \"oz_users_list_relationships\",\n \"oz_groups_list\",\n \"oz_groups_view\",\n \"oz_groups_list_relationships\",\n \"oz_spaces_list\",\n \"oz_spaces_view\",\n \"oz_spaces_list_relationships\",\n \"oz_shares_list\",\n \"oz_shares_view\",\n \"oz_providers_list\",\n \"oz_providers_view\",\n \"oz_providers_list_relationships\",\n \"oz_handle_services_list\",\n \"oz_handle_services_view\",\n \"oz_handle_services_list_relationships\",\n \"oz_handles_list\",\n \"oz_handles_view\",\n \"oz_handles_list_relationships\",\n \"oz_harvesters_list\",\n \"oz_harvesters_view\",\n \"oz_harvesters_list_relationships\",\n \"oz_clusters_list\",\n \"oz_clusters_view\",\n \"oz_clusters_list_relationships\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "List of all Onezone admin privileges", "schema": { "type": "object", "properties": { "admin": { "$ref": "#/definitions/AdminPrivileges" }, "viewer": { "$ref": "#/definitions/ViewerPrivileges" } } } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listPrivileges" } ] } }, "/users": { "get": { "operationId": "oz_users_list", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "aspect": "list" }, "x-onedata-permissions": [ "oz_users_list" ], "summary": "List all users", "x-bash-codegen-description": "Returns the list of all users in the system.\n\nRequires `oz_users_list` admin privilege.\n", "description": "Returns the list of all users in the system.\n\nRequires `oz_users_list` admin privilege.\n\n***Example cURL requests***\n\n**List all users in the system**\n```bash\n curl -u username:password -X GET https://$HOST/api/v3/onezone/users\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of user Ids registered within the Onezone service.\n", "schema": { "$ref": "#/definitions/Users" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listUsers" } ] }, "post": { "operationId": "create_user", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "aspect": "instance" }, "x-onedata-permissions": [ "oz_users_create" ], "summary": "Create new user", "x-bash-codegen-description": "Creates a new user.\n\nThis operation requires `oz_users_create` admin privilege.\n", "description": "Creates a new user.\n\nThis operation requires `oz_users_create` admin privilege.\n\n***Example cURL requests***\n\n**Create new user**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" \\\n-X POST -d '{ \"username\" : \"new_user\", \"password\": \"lS1c6FD2mxB2ff\" }' \\\nhttps://$HOST/api/v3/onezone/users\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the created user in the form https://$HOST/api/onezone/v3/users/{id} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created user.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "name", "in": "body", "description": "User name.", "schema": { "$ref": "#/definitions/UserCreateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createUser username==new_user password=lS1c6FD2mxB2ff" } ] } }, "/users/{id}": { "get": { "operationId": "get_user", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?BINDING(id)", "aspect": "instance", "scope": "protected" }, "x-onedata-permissions": [ "oz_users_view" ], "summary": "Get user details", "x-bash-codegen-description": "Returns the information about a specific user.\n\nThis operation requires `oz_users_view` admin privilege.\n", "description": "Returns the information about a specific user.\n\nThis operation requires `oz_users_view` admin privilege.\n\n***Example cURL requests***\n\n**Get user details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/users/$USER_ID\n\n{\n \"userId\": \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"fullName\": \"Rudolf Lingens\",\n \"username\": \"r.lingens\",\n \"linkedAccounts\": [\n {\n \"idp\": \"github\",\n \"subjectId\": \"1978f5775ae2dc16730418bf3fc81764\"\n },\n {\n \"idp\": \"elixir\",\n \"subjectId\": \"38bf3fc2f4c16730481764bd775ae2d1\"\n }\n ],\n \"emails\": [\n \"rudolf.lingens@example.com\",\n \"john.doe@example.com\"\n ],\n \"basicAuthEnabled\": false,\n \"blocked\": false,\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Information about a user.", "schema": { "$ref": "#/definitions/UserProtectedInfo" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getUser id=a5b469a2b0516b662a49da74d6d7d7bc" } ] }, "delete": { "operationId": "remove_user", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?BINDING(id)", "aspect": "instance" }, "x-onedata-permissions": [ "oz_users_delete" ], "summary": "Remove user", "x-bash-codegen-description": "Removes a specific user.\n\nThis operation requires `oz_users_delete` admin privilege.\n", "description": "Removes a specific user.\n\nThis operation requires `oz_users_delete` admin privilege.\n\n***Example cURL requests***\n\n**Remove user**\n```bash\ncurl -u admin:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/users/$USER_ID\n```\n", "responses": { "204": { "description": "The user was removed." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeUser id=a4d3bc73aada63052310652d421609f1" } ] } }, "/users/{id}/basic_auth": { "patch": { "operationId": "change_user_basic_auth_settings", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?BINDING(id)", "aspect": "basic_auth" }, "summary": "Change user's basic auth settings", "x-bash-codegen-description": "Changes user's basic auth settings - the ability to authenticate with\nusername & password, and/or the password itself.\n\nThis operation requires `oz_users_manage_passwords` admin privilege.\n", "description": "Changes user's basic auth settings - the ability to authenticate with\nusername & password, and/or the password itself.\n\nThis operation requires `oz_users_manage_passwords` admin privilege.\n\n***Example cURL requests***\n\n**Change user's basic auth settings**\n```bash\ncurl -u admin:password -H \"Content-type: application/json\" -X PATCH \\\n-d '{\"basicAuthEnabled\": true, \"newPassword\": \"password123\"}' \\\nhttps://$HOST/api/v3/onezone/users/c5cb69ce45940468596ed16310a45e49/basic_auth\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "User basic auth settings updated successfully." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "User Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "User basic auth settings update request.", "schema": { "$ref": "#/definitions/UserBasicAuthSettingsUpdate" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli changeUserBasicAuthSettings id=c5cb69ce45940468596ed16310a45e49 basicAuthEnabled==true newPassword==password123" } ] } }, "/users/{id}/access_block": { "patch": { "operationId": "toggle_user_access_block", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?BINDING(id)", "aspect": "access_block" }, "x-onedata-permissions": [ "oz_users_update" ], "summary": "Block or unblock user access", "x-bash-codegen-description": "Allows to block or unblock access to Onedata services for a specific user.\n\nThis operation requires `oz_users_update` admin privilege.\n", "description": "Allows to block or unblock access to Onedata services for a specific user.\n\nThis operation requires `oz_users_update` admin privilege.\n\n***Example cURL requests***\n\n**Block or unblock user access**\n```bash\ncurl -u admin:password -X PATCH https://$HOST/api/v3/onezone/users/$USER_ID/access_block \\\n-H \"Content-Type: application/json\" -d '{\"blocked\": true}'\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "User was successfully blocked / unblocked." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "User Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "User access block modification request.", "schema": { "$ref": "#/definitions/UserAccessBlockUpdate" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli toggleUserAccessBlock id=c5cb69ce45940468596ed16310a45e49 blocked==true" } ] } }, "/users/{id}/privileges": { "get": { "operationId": "list_user_admin_privileges", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?BINDING(id)", "aspect": "oz_privileges" }, "x-onedata-permissions": [ "oz_view_privileges" ], "summary": "List user admin privileges", "x-bash-codegen-description": "Returns the list of user's (`{id}`) admin privileges in Onezone.\n\nThis operation requires `oz_view_privileges` admin privilege.\n", "description": "Returns the list of user's (`{id}`) admin privileges in Onezone.\n\nThis operation requires `oz_view_privileges` admin privilege.\n\n***Example cURL requests***\n\n**List user's admin privileges in Onezone**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/users/$USER_ID/privileges\n\n{\n \"privileges\": [\n \"oz_view_privileges\",\n \"oz_users_list\",\n \"oz_users_view\",\n \"oz_groups_list\",\n \"oz_groups_view\",\n \"oz_spaces_list\",\n \"oz_spaces_view\",\n \"oz_shares_list\",\n \"oz_shares_view\",\n \"oz_providers_list\",\n \"oz_providers_view\",\n \"oz_handle_services_list\",\n \"oz_handle_services_view\",\n \"oz_handles_list\",\n \"oz_handles_view\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of user's admin privileges in Onezone.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/AdminPrivileges" } }, "example": { "privileges": [ "oz_view_privileges", "oz_users_list", "oz_users_view", "oz_groups_list", "oz_groups_view", "oz_spaces_list", "oz_spaces_view", "oz_shares_list", "oz_shares_view", "oz_providers_list", "oz_providers_view", "oz_handle_services_list", "oz_handle_services_view", "oz_handles_list", "oz_handles_view" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listUserAdminPrivileges id=f1c8b1a37aa7447b22eb65a742d40524" } ] }, "patch": { "operationId": "update_user_admin_privileges", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?BINDING(id)", "aspect": "oz_privileges" }, "x-onedata-permissions": [ "oz_set_privileges" ], "summary": "Update user's admin privileges", "x-bash-codegen-description": "Updates user's (`{id}`) admin privileges in Onezone.\n\nThis operation requires `oz_set_privileges` admin privilege.\n", "description": "Updates user's (`{id}`) admin privileges in Onezone.\n\nThis operation requires `oz_set_privileges` admin privilege.\n\n***Example cURL requests***\n\n**Updates user's admin privileges in Onezone**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" -X PATCH \\\n-d '{\"grant\": [\"oz_spaces_list\"], \"revoke\": [\"oz_groups_update\"]}' \\\nhttps://$HOST/api/v3/onezone/users/$USER_ID/privileges\n```\n", "responses": { "204": { "description": "The privileges have been updated." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "User Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "User admin privileges.", "schema": { "$ref": "#/definitions/AdminPrivilegesUpdate" } } ], "x-code-samples": [ { "lang": "Shell", "source": "echo '[\"oz_spaces_list\", \"oz_groups_update\"]' | onezone-rest-cli updateUserAdminPrivileges id=f1c8b1a37aa7447b22eb65a742d40524 -" } ] }, "delete": { "operationId": "remove_user_admin_privileges", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?BINDING(id)", "aspect": "oz_privileges" }, "x-onedata-permissions": [ "oz_set_privileges" ], "summary": "Remove user's admin privileges", "x-bash-codegen-description": "Removes all user's (`{id}`) admin privileges in Onezone.\n\nThis operation requires `oz_set_privileges` admin privilege.\n", "description": "Removes all user's (`{id}`) admin privileges in Onezone.\n\nThis operation requires `oz_set_privileges` admin privilege.\n\nThe `grant` field specifies a list of privileges to be granted. The `revoke`\nfield specifies a list of privileges to be revoked. At least one of those\nfields must be given.\n\n***Example cURL requests***\n\n**Removes all user's admin privileges in Onezone**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/users/$USER_ID/privileges\n```\n", "responses": { "204": { "description": "The user admin privileges have been removed." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeUserAdminPrivileges id=f1c8b1a37aa7447b22eb65a742d40524" } ] } }, "/users/{id}/effective_privileges": { "get": { "operationId": "list_user_effective_admin_privileges", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?BINDING(id)", "aspect": "eff_oz_privileges" }, "x-onedata-permissions": [ "oz_view_privileges" ], "summary": "List user's effective admin privileges", "x-bash-codegen-description": "Returns the list of user's (`{id}`) admin privileges in Onezone.\n\nEffective privileges are a sum of user's privileges and privileges inherited\nfrom his group memberships.\n\nThis operation requires `oz_view_privileges` admin privilege.\n", "description": "Returns the list of user's (`{id}`) admin privileges in Onezone.\n\nEffective privileges are a sum of user's privileges and privileges inherited\nfrom his group memberships.\n\nThis operation requires `oz_view_privileges` admin privilege.\n\n***Example cURL requests***\n\n**List user's effective admin privileges in Onezone**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/users/$USER_ID/effective_privileges\n\n\n{\n \"privileges\": [\n \"oz_view_privileges\",\n \"oz_users_list\",\n \"oz_users_view\",\n \"oz_groups_list\",\n \"oz_groups_view\",\n \"oz_spaces_list\",\n \"oz_spaces_view\",\n \"oz_shares_list\",\n \"oz_shares_view\",\n \"oz_providers_list\",\n \"oz_providers_view\",\n \"oz_handle_services_list\",\n \"oz_handle_services_view\",\n \"oz_handles_list\",\n \"oz_handles_view\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of user's effective admin privileges in Onezone.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/AdminPrivileges" } }, "example": { "privileges": [ "oz_view_privileges", "oz_users_list", "oz_users_view", "oz_groups_list", "oz_groups_view", "oz_spaces_list", "oz_spaces_view", "oz_shares_list", "oz_shares_view", "oz_providers_list", "oz_providers_view", "oz_handle_services_list", "oz_handle_services_view", "oz_handles_list", "oz_handles_view" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listUserEffectiveAdminPrivileges id=f1c8b1a37aa7447b22eb65a742d40524" } ] } }, "/users/{id}/clusters/provider_registration_token": { "post": { "deprecated": true, "operationId": "create_provider_registration_token_for_user", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?BINDING(id)", "aspect": "provider_registration_token" }, "summary": "Create provider registration token for a user", "x-bash-codegen-description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user)\n\nCreates a token for a specific user allowing him to register a new provider\nin Onezone. After the registration, the user's account will be automatically\nlinked to the new Oneprovider cluster\n(granting him access to Oneprovider's onepanel).\n\nIf registration policy in Onezone is configured as `open`, any user can\ngenerate the token for himself. In case of `restricted` policy or issuing\nthe token for another user, this operation requires `oz_providers_invite` privilege.\n", "description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user)\n\nCreates a token for a specific user allowing him to register a new provider\nin Onezone. After the registration, the user's account will be automatically\nlinked to the new Oneprovider cluster\n(granting him access to Oneprovider's onepanel).\n\nIf registration policy in Onezone is configured as `open`, any user can\ngenerate the token for himself. In case of `restricted` policy or issuing\nthe token for another user, this operation requires `oz_providers_invite` privilege.\n\n***Example cURL requests***\n\n**Create provider registration token for a user**\n```bash\ncurl -u username:password -X POST \\\nhttps://$HOST/api/v3/onezone/users/$USER_ID/clusters/$CLUSTER_ID\n\n{\n \"token\": [\n \"MDAxNmxvY2F00aW9uIHJlZ2lzdHJ5CjAwM2JpZGVudGlmaW-0Y8\"\n ]\n}\n```\n", "consumes": [ "application/json" ], "produces": [ "application/json" ], "responses": { "200": { "description": "A provider registration token.", "schema": { "$ref": "#/definitions/ProviderRegistrationToken" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createProviderRegistrationTokenForUser id=99b930e38a8f46a1a0036db7d6422591" } ] } }, "/user": { "get": { "operationId": "get_current_user", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "instance", "scope": "protected" }, "summary": "Get current user details", "x-bash-codegen-description": "Returns details about currently authenticated user.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns details about currently authenticated user.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user details**\n```bash\ncurl -u admin:password -X GET https://$HOST/api/v3/onezone/user\n\n{\n \"userId\": \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"fullName\": \"Rudolf Lingens\",\n \"username\": \"r.lingens\",\n \"linkedAccounts\": [\n {\n \"idp\": \"github\",\n \"subjectId\": \"1978f5775ae2dc16730418bf3fc81764\"\n },\n {\n \"idp\": \"elixir\",\n \"subjectId\": \"38bf3fc2f4c16730481764bd775ae2d1\"\n }\n ],\n \"emails\": [\n \"rudolf.lingens@example.com\",\n \"john.doe@example.com\"\n ],\n \"basicAuthEnabled\": false,\n \"blocked\": false,\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the information about user.", "schema": { "$ref": "#/definitions/UserProtectedInfo" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Forbidden request.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found..", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getCurrentUser" } ] }, "patch": { "operationId": "modify_current_user", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "instance" }, "summary": "Modify current user", "x-bash-codegen-description": "Modifies user account details based on information provided in the request body.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Modifies user account details based on information provided in the request body.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Change user fullName**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" -X PATCH \\\n-d '{\"fullName\": \"John Doe\"}' \\\nhttps://$HOST/api/v3/onezone/user\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "User information updated successfully." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "data", "in": "body", "description": "User data.", "schema": { "$ref": "#/definitions/UserUpdateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli modifyCurrentUser fullName==new_name" } ] }, "delete": { "operationId": "remove_current_user", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "instance" }, "summary": "Remove current user", "x-bash-codegen-description": "Removes the account of currently authenticated user.\n", "description": "Removes the account of currently authenticated user.\n\n***Example cURL requests***\n\n**Remove user account**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/user\n```\n", "responses": { "204": { "description": "User was removed." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeCurrentUser" } ] } }, "/user/password": { "patch": { "operationId": "change_user_password", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "password" }, "summary": "Change user's password", "x-bash-codegen-description": "Changes user's password, the old password must be given.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Changes user's password, the old password must be given.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Change user's password**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" -X PATCH \\\n-d '{\"oldPassword\": \"password\", \"newPassword\": \"password123\"}' \\\nhttps://$HOST/api/v3/onezone/user/password\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "User password changed successfully." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "data", "in": "body", "description": "User password update request.", "schema": { "$ref": "#/definitions/UserPasswordUpdate" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli changeUserPassword oldPassword==password newPassword==password123" } ] } }, "/user/privileges": { "get": { "operationId": "list_current_user_admin_privileges", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "oz_privileges" }, "summary": "List current user privileges", "x-bash-codegen-description": "Returns the list of currently authenticated user's admin privileges in Onezone.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the list of currently authenticated user's admin privileges in Onezone.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**List current user's admin privileges in Onezone**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/privileges\n\n{\n \"privileges\": [\n \"oz_view_privileges\",\n \"oz_users_list\",\n \"oz_users_view\",\n \"oz_groups_list\",\n \"oz_groups_view\",\n \"oz_spaces_list\",\n \"oz_spaces_view\",\n \"oz_shares_list\",\n \"oz_shares_view\",\n \"oz_providers_list\",\n \"oz_providers_view\",\n \"oz_handle_services_list\",\n \"oz_handle_services_view\",\n \"oz_handles_list\",\n \"oz_handles_view\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of user's admin privileges in Onezone.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/AdminPrivileges" } }, "example": { "privileges": [ "oz_view_privileges", "oz_users_list", "oz_users_view", "oz_groups_list", "oz_groups_view", "oz_spaces_list", "oz_spaces_view", "oz_shares_list", "oz_shares_view", "oz_providers_list", "oz_providers_view", "oz_handle_services_list", "oz_handle_services_view", "oz_handles_list", "oz_handles_view" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listCurrentUserAdminPrivileges" } ] }, "patch": { "operationId": "update_current_user_admin_privileges", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "oz_privileges" }, "x-onedata-permissions": [ "oz_set_privileges" ], "summary": "Update current user's admin privileges", "x-bash-codegen-description": "Updates currently authenticated user's admin privileges in Onezone.\n\nThis operation can be invoked on behalf of the current user only and requires\n`oz_set_privileges` admin privilege.\n", "description": "Updates currently authenticated user's admin privileges in Onezone.\n\nThis operation can be invoked on behalf of the current user only and requires\n`oz_set_privileges` admin privilege.\n\nThe `grant` field specifies a list of privileges to be granted. The `revoke`\nfield specifies a list of privileges to be revoked. At least one of those\nfields must be given.\n\n***Example cURL requests***\n\n**Updates current user's admin privileges in Onezone**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" -X PATCH \\\n-d '{\"grant\": [\"oz_spaces_list\"], \"revoke\": [\"oz_groups_update\"]}' \\\nhttps://$HOST/api/v3/onezone/user/privileges\n```\n", "responses": { "204": { "description": "The privileges have been updated." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "data", "in": "body", "description": "User admin privileges.", "schema": { "$ref": "#/definitions/AdminPrivilegesUpdate" } } ], "x-code-samples": [ { "lang": "Shell", "source": "echo '[\"oz_spaces_list\", \"oz_groups_update\"]' | onezone-rest-cli updateCurrentUserAdminPrivileges -" } ] }, "delete": { "operationId": "remove_current_user_admin_privileges", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "oz_privileges" }, "x-onedata-permissions": [ "oz_set_privileges" ], "summary": "Remove current user's admin privileges", "x-bash-codegen-description": "Removes all currently authenticated user's admin privileges in Onezone.\n\nThis operation can be invoked on behalf of the current user only and requires\n`oz_set_privileges` admin privilege.\n", "description": "Removes all currently authenticated user's admin privileges in Onezone.\n\nThis operation can be invoked on behalf of the current user only and requires\n`oz_set_privileges` admin privilege.\n\n***Example cURL requests***\n\n**Remove all user's admin privileges in Onezone**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/users/privileges\n```\n", "responses": { "204": { "description": "The user admin privileges have been removed." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeCurrentUserAdminPrivileges" } ] } }, "/user/effective_privileges": { "get": { "operationId": "list_current_user_effective_admin_privileges", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "eff_oz_privileges" }, "summary": "List current user effective privileges", "x-bash-codegen-description": "Returns the list of currently authenticated user's admin privileges in Onezone.\n\nEffective privileges are a sum of user's privileges and privileges inherited\nfrom his group memberships.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the list of currently authenticated user's admin privileges in Onezone.\n\nEffective privileges are a sum of user's privileges and privileges inherited\nfrom his group memberships.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**List user's effective admin privileges in Onezone**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/effective_privileges\n\n{\n \"privileges\": [\n \"oz_view_privileges\",\n \"oz_users_list\",\n \"oz_users_view\",\n \"oz_groups_list\",\n \"oz_groups_view\",\n \"oz_spaces_list\",\n \"oz_spaces_view\",\n \"oz_shares_list\",\n \"oz_shares_view\",\n \"oz_providers_list\",\n \"oz_providers_view\",\n \"oz_handle_services_list\",\n \"oz_handle_services_view\",\n \"oz_handles_list\",\n \"oz_handles_view\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of user's effective admin privileges in Onezone.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/AdminPrivileges" } }, "example": { "privileges": [ "oz_view_privileges", "oz_users_list", "oz_users_view", "oz_groups_list", "oz_groups_view", "oz_spaces_list", "oz_spaces_view", "oz_shares_list", "oz_shares_view", "oz_providers_list", "oz_providers_view", "oz_handle_services_list", "oz_handle_services_view", "oz_handles_list", "oz_handles_view" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listCurrentUserEffectiveAdminPrivileges" } ] } }, "/user/client_tokens": { "get": { "deprecated": true, "operationId": "list_client_tokens", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "client_tokens" }, "summary": "List user access tokens", "x-bash-codegen-description": "This enpoint is deprecated and will be removed in future release,\nplease use [this one](#operation/list_named_tokens_of_current_user).\n\nReturns the list of user tokens.\n\nThis operation can be invoked on behalf of currently authenticated user only.\n", "description": "This enpoint is deprecated and will be removed in future release,\nplease use [this one](#operation/list_named_tokens_of_current_user).\n\nReturns the list of user tokens.\n\nThis operation can be invoked on behalf of currently authenticated user only.\n\n***Example cURL requests***\n\n**Get user tokens**\n```bash\ncurl -u username:password -X GET https://$HOST/api/v3/onezone/user/client_tokens\n\n{\n \"tokens: [\n \"12da582337ff25cc86db30580b20d3cd\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of user access tokens.", "schema": { "$ref": "#/definitions/ClientTokens" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listClientTokens" } ] }, "post": { "deprecated": true, "operationId": "create_client_token", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "client_tokens" }, "summary": "Generate user access token", "x-bash-codegen-description": "This enpoint is deprecated and will be removed in future release,\nplease use [this one](#operation/create_named_token_for_current_user).\n\nCreates new user token.\n\nThis operation can be invoked on behalf of currently authenticated user only.\n", "description": "This enpoint is deprecated and will be removed in future release,\nplease use [this one](#operation/create_named_token_for_current_user).\n\nCreates new user token. The token is returned in the response body.\n\nThis operation can be invoked on behalf of currently authenticated user only.\n\n***Example cURL requests***\n\n**Generate user token**\n```bash\ncurl -u username:password -X POST -d '' -H 'content-type: application/json' \\\n https://$HOST/api/v3/onezone/user/client_tokens\n\n{\n \"token\": \"MDAxNWxvY2F00aW9uIG9uZXpvbmUKMDAzYmlkZW500aWZpZXIgSlVxNGFLVkJSTXVFN3FLbHNQVHlNX00lLeHpYZXNWdVFSMGNfMldpOXFZNAowMDFhY2lkIHRpbWUgPCAxNTIyMzU4MzMzCjAwMmZzaWduYXR1cmUgv02ByyOA9802H02rPMB7Y9mIhDVAjYDmjAUjtrMs13znukK\"\n}\n```\n", "produces": [ "application/json" ], "consumes": [ "application/json" ], "responses": { "200": { "description": "The token has been successfully created.", "schema": { "$ref": "#/definitions/ClientToken" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createClientToken" } ] } }, "/user/client_tokens/{tid}": { "delete": { "deprecated": true, "operationId": "remove_client_token", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "{client_token, ?BINDING(tid)}" }, "summary": "Delete access token", "x-bash-codegen-description": "This enpoint is deprecated and will be removed in future release,\nplease use [this one](#operation/delete_named_token_of_current_user).\n\nRemoves a specific access token.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "This enpoint is deprecated and will be removed in future release,\nplease use [this one](#operation/delete_named_token_of_current_user).\n\nRemoves a specific access token.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Delete user access token**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/user/client_tokens/PMPs42mROSS7Rg7z7BwU9JYpSof4SvIW5v14uQY8X08\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "The token will be deleted." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "tid", "in": "path", "description": "Token.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeClientToken tid=13c6bf68ed88dd01f396571f976b148d" } ] } }, "/user/idp_access_token/{idp}": { "post": { "operationId": "acquire_idp_access_token", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "{idp_access_token, ?BINDING(idp)}" }, "summary": "Acquire IdP access token", "x-bash-codegen-description": "Acquires an access token issued by given IdP for the current user. This\noperation requires that the IdP is configured to support offline access -\nissues refresh tokens upon user's login to Onezone, which are later used\nto acquire new access tokens when they expire. Offline access can be\nconfigured by the Onezone admin.\n\nThe user must first log in to Onezone using given IdP,\notherwise the operation will return a 404 error.\n\nThis operation can be invoked on behalf of current user only.\n", "description": "Acquires an access token issued by given IdP for the current user. This\noperation requires that the IdP is configured to support offline access -\nissues refresh tokens upon user's login to Onezone, which are later used\nto acquire new access tokens when they expire. Offline access can be\nconfigured by the Onezone admin.\n\nThe user must first log in to Onezone using given IdP,\notherwise the operation will return a 404 error.\n\nThis operation can be invoked on behalf of current user only.\n\n***Example cURL requests***\n\n**Acquire IdP access token**\n```bash\ncurl -u username:password -X POST \\\nhttps://$HOST/api/v3/onezone/user/idp_access_token/github\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The access token issued by given IdP.", "schema": { "$ref": "#/definitions/IdPAccessToken" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "idp", "in": "path", "description": "IdP identifier.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli acquireIdpAccessToken idp=github" } ] } }, "/user/groups": { "get": { "operationId": "list_user_groups", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "groups" }, "summary": "List user groups", "x-bash-codegen-description": "Returns the list of user's groups.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the list of user's groups.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user groups**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/groups\n\n{\n \"groups\": [\n \"13c6bf68ed88dd01f396571f976b148d\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of groups.", "schema": { "$ref": "#/definitions/Groups" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listUserGroups" } ] }, "post": { "operationId": "create_user_group", "tags": [ "User" ], "x-onedata-gri": { "type": "od_group", "aspect": "instance" }, "x-onedata-auth-hint": "?AS_USER(?CLIENT_ID)", "summary": "Create a new group for the current user", "x-bash-codegen-description": "Creates a new group for the current user.\nThe user automatically becomes a member of this group.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Creates a new group for the current user.\nThe user automatically becomes a member of this group.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Create new group**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" \\\n-X POST -d '{ \"name\" : \"test_group\" , \"type\" : \"team\" }' \\\nhttps://$HOST/api/v3/onezone/user/groups\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the created group in form https://$HOST/api/onezone/v3/user/groups/{gid} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created group.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "group", "in": "body", "description": "New group parameters.", "schema": { "$ref": "#/definitions/Group" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createUserGroup name==Group1 type==team" } ] } }, "/user/groups/join": { "post": { "operationId": "join_group", "tags": [ "User" ], "x-onedata-gri": { "type": "od_group", "aspect": "join" }, "x-onedata-auth-hint": "?AS_USER(?CLIENT_ID)", "summary": "Join group", "x-bash-codegen-description": "Join existing group using an invitation token.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Join existing group using an invitation token.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Join group**\n\n```bash\ncurl -u username:password -H \"Content-type: application/json\" \\\n-X POST -d '{ \"token\": \"9ef3973a007d616cb6b3e95829dec18a\" }' \\\nhttps://$HOST/api/v3/onezone/user/groups/join\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the joined group in form https://$HOST/api/onezone/v3/user/groups/{id} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the joined group.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "groupinvitetoken", "in": "body", "description": "Token for joining a group.", "schema": { "$ref": "#/definitions/GroupInviteToken" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli joinGroup token==MDAxNmxvY2F00aW9uRVM2TVo5UlZ5cGFjZV9jcm" } ] } }, "/user/groups/{gid}": { "get": { "operationId": "get_user_group", "tags": [ "User" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(gid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_USER(?CLIENT_ID)", "summary": "Get group details", "x-bash-codegen-description": "Returns information about a specific group to which the user has access.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns information about a specific group to which the user has access.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user groups**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/groups/$GROUP_ID\n\n{\n \"groupId\": \"59fec3bd894eef1cdae81623f477e370\",\n \"name\": \"admins\",\n \"type\": \"team\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the information about a specific group.", "schema": { "$ref": "#/definitions/Group" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getUserGroup gid=59fec3bd894eef1cdae81623f477e370" } ] }, "delete": { "operationId": "leave_group", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "{group, ?BINDING(gid)}" }, "summary": "Leave group", "x-bash-codegen-description": "Removes the current user from a specific group.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Removes the current user from a specific group.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Leave group**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/user/groups/$GROUP_ID\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "The user was removed from group." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli leaveGroup gid=59fec3bd894eef1cdae81623f477e370" } ] } }, "/user/effective_groups": { "get": { "operationId": "list_effective_user_groups", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "eff_groups" }, "summary": "List effective user groups", "x-bash-codegen-description": "Returns the list of user's effective groups.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the list of user's effective groups.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user effective groups**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/effective_groups\n\n{\n \"groups\": [\n \"admins\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of groups.", "schema": { "$ref": "#/definitions/Groups" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveUserGroups" } ] } }, "/user/effective_groups/{gid}": { "get": { "operationId": "get_user_effective_group", "tags": [ "User" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(gid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_USER(?CLIENT_ID)", "summary": "Get effective group details", "x-bash-codegen-description": "Returns information about a specific effective group to which the user has access.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns information about a specific effective group to which the user has access.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user's effective group details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/effective_groups/$GROUP_ID\n\n{\n \"groupId\": \"59fec3bd894eef1cdae81623f477e370\",\n \"name\": \"admins\",\n \"type\": \"team\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the information about a specific effective group.", "schema": { "$ref": "#/definitions/Group" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getUserEffectiveGroup gid=59fec3bd894eef1cdae81623f477e370" } ] } }, "/user/spaces": { "get": { "operationId": "list_user_spaces", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "spaces" }, "summary": "List user spaces", "x-bash-codegen-description": "Returns the list of users' spaces.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the list of users' spaces.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user spaces**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/spaces\n\n{\n \"spaces\": [\n \"c45fb16186931e6c2b44648cedd6b878ed1f6931\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the list of user spaces.\n", "schema": { "type": "object", "properties": { "spaces": { "description": "The list of all user spaces Ids.", "type": "array", "items": { "type": "string" } } } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listUserSpaces" } ] }, "post": { "operationId": "create_user_space", "tags": [ "User" ], "x-onedata-gri": { "type": "od_space", "aspect": "instance" }, "x-onedata-auth-hint": "?AS_USER(?CLIENT_ID)", "summary": "Create a new space for the current user", "x-bash-codegen-description": "Creates a new space as current user. The user automaticaly becomes\nthe spaces' member.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Creates a new space as current user. The user automaticaly becomes\nthe spaces' member.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Create new user space**\n```bash\ncurl -u admin:password -H \"Content-type: application/json\" -X POST \\\n-d '{ \"name\" : \"test_space\"}' https://$HOST/api/v3/onezone/user/spaces\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the created space in form https://$HOST/api/onezone/v3/user/spaces/{id} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created space.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "space", "in": "body", "description": "New space parameters.", "schema": { "$ref": "#/definitions/SpaceCreateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createUserSpace name==test_space" } ] } }, "/user/spaces/join": { "post": { "operationId": "join_space", "tags": [ "User" ], "x-onedata-gri": { "type": "od_space", "aspect": "join" }, "x-onedata-auth-hint": "?AS_USER(?CLIENT_ID)", "summary": "Join space", "x-bash-codegen-description": "Join existing space using an invitation token.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Join existing space using an invitation token.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Join an existing space**\n```bash\ncurl -u admin:password -H \"Content-type: application/json\" -X POST \\\n-d '{ \"token\" : \"MDAxNmxvY2F00aW9uRVM2TVo5UlZ5cGFjZV9jcmLciFsOgyUkPI3f02le6PM01IX8go\" }' \\\nhttps://$HOST/api/v3/onezone/user/spaces/join\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the joined space in form https://$HOST/api/onezone/v3/user/spaces/{id} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the joined space.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "spaceinvitetoken", "in": "body", "description": "Token for joining a space.", "schema": { "$ref": "#/definitions/SpaceInviteToken" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli joinSpace token==MDAxNmxvY2F00aW9uRVM2TVo5UlZ5cGFjZV9jcm" } ] } }, "/user/spaces/{sid}": { "get": { "operationId": "get_user_space", "tags": [ "User" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(sid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_USER(?CLIENT_ID)", "summary": "Get space details", "x-bash-codegen-description": "Returns the details of a specific space.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the details of a specific space.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get space details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/spaces/$SPACE_ID\n\n{\n \"spaceId\": \"2c0160248ba9a66f45da751ca459535a\",\n \"name\": \"new_space1\",\n \"providers\": {\n \"296ebe3c20e9666dc489b647f8647f12\" : 5368709120\n },\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebfc1a770c3\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the details of a specific space.", "schema": { "$ref": "#/definitions/Space" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "sid", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getUserSpace sid=95b663a6467c72ab1256865efef9e387" } ] }, "delete": { "operationId": "leave_space", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "{space, ?BINDING(sid)}" }, "summary": "Leave space", "x-bash-codegen-description": "Removes the user's ownership or access to a specific space.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Removes the user's ownership or access to a specific space.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Delete user space**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/user/spaces/$SPACE_ID\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "The user is no longer a member of the space." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "sid", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli leaveSpace sid=95b663a6467c72ab1256865efef9e387" } ] } }, "/user/spaces/{sid}/alias": { "get": { "deprecated": true, "operationId": "get_user_space_alias", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "{space_alias, ?BINDING(sid)}" }, "summary": "Get user space alias", "x-bash-codegen-description": "Returns the alias (user defined name) for a specific space. Will return\n404 NOT FOUND if no alias is defined for the space.\n\nNOTE: Space aliases are not yet implemented - setting an alias is possible\nbut will have no effect.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the alias (user defined name) for a specific space. Will return\n404 NOT FOUND if no alias is defined for the space.\n\nNOTE: Space aliases are not yet implemented - setting an alias is possible\nbut will have no effect.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get space alias**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/spaces/$SPACE_ID/alias\n\n{\n \"alias\": \"Test space 2\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the details of a specific space.", "schema": { "$ref": "#/definitions/SpaceAlias" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "sid", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getUserSpaceAlias sid=95b663a6467c72ab1256865efef9e387" } ] }, "put": { "deprecated": true, "operationId": "set_user_space_alias", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "{space_alias, ?BINDING(sid)}" }, "summary": "Set user space alias", "x-bash-codegen-description": "Sets the alias (user defined name) for a specific space.\n\nNOTE: Space aliases are not yet implemented - setting an alias is possible\nbut will have no effect.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Sets the alias (user defined name) for a specific space.\n\nNOTE: Space aliases are not yet implemented - setting an alias is possible\nbut will have no effect.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Set space alias**\n```bash\ncurl -u username:password -X PUT -d '{\"alias\": \"Space alias\"}' \\\n-H 'Content-type: application/json' \\\nhttps://$HOST/api/v3/onezone/user/spaces/$SPACE_ID/alias\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "Space alias has been successfully set.", "schema": { "$ref": "#/definitions/SpaceAlias" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "sid", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "New space alias.", "schema": { "$ref": "#/definitions/SpaceAlias" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli setUserSpaceAlias sid=95b663a6467c72ab1256865efef9e387 alias==\"Space alias\"" } ] }, "delete": { "deprecated": true, "operationId": "remove_user_space_alias", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "{space_alias, ?BINDING(sid)}" }, "summary": "Remove space alias", "x-bash-codegen-description": "Removes the alias (user defined name) for a specific space.\n\nNOTE: Space aliases are not yet implemented - setting an alias is possible\nbut will have no effect.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Removes the alias (user defined name) for a specific space.\n\nNOTE: Space aliases are not yet implemented - setting an alias is possible\nbut will have no effect.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Remove user space alias**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/user/spaces/$SPACE_ID/alias\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "The space alias was removed." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "sid", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeUserSpaceAlias sid=95b663a6467c72ab1256865efef9e387" } ] } }, "/user/effective_spaces": { "get": { "operationId": "list_effective_user_spaces", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "eff_spaces" }, "summary": "List effective user spaces", "x-bash-codegen-description": "Returns the list of user's effective spaces.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the list of user's effective spaces.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user effective spaces**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/effective_spaces\n\n{\n \"spaces\": [\n \"40090ed592dc7975d2a9cd6bbe6c9a67\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of spaces.", "schema": { "$ref": "#/definitions/Spaces" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveUserSpaces" } ] } }, "/user/effective_spaces/{sid}": { "get": { "operationId": "get_effective_user_space", "tags": [ "User" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(sid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_USER(?CLIENT_ID)", "summary": "Get effective space details", "x-bash-codegen-description": "Returns information about a specific effective space to which the user has access.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns information about a specific effective space to which the user has access.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user effective space**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/effective_spaces/$SPACE_ID\n\n{\n \"spaceId\": \"2c0160248ba9a66f45da751ca459535a\",\n \"name\": \"new_space1\",\n \"providers\": {\n \"296ebe3c20e9666dc489b647f8647f12\" : 5368709120\n },\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebfc1a770c3\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the information about a specific effective space.", "schema": { "$ref": "#/definitions/Space" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "sid", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveUserSpace sid=95b663a6467c72ab1256865efef9e387" } ] } }, "/user/effective_providers": { "get": { "operationId": "list_effective_user_providers", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "eff_providers" }, "summary": "List user effective providers", "x-bash-codegen-description": "Returns the list of user's effective providers.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the list of user's effective providers.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user effective providers**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/effective_providers\n\n{\n \"providers\": [\n \"LKJASHGDFKLJHASKLJDH\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of providers.", "schema": { "$ref": "#/definitions/Providers" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveUserProviders" } ] } }, "/user/effective_providers/{pid}": { "get": { "operationId": "get_user_effective_provider", "tags": [ "User" ], "x-onedata-gri": { "type": "od_provider", "id": "?BINDING(pid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_USER(?CLIENT_ID)", "summary": "Get user's effective provider details", "x-bash-codegen-description": "Returns information about a specific effective provider for the user.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns information about a specific effective provider for the user.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user effective provider**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/effective_providers/$PROVIDER_ID\n\n{\n \"providerId\": \"6b9bc70630547d925861a27e1f050dfe\",\n \"name\": \"Example provider\",\n \"domain\": \"provider1.example.com\",\n \"latitude\": 50.0647,\n \"longitude\": 19.945,\n \"clusterId\": \"6b9bc70630547d925861a27e1f050dfe\",\n \"online\": true,\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns information about a specific effective provider for the user.", "schema": { "$ref": "#/definitions/ProviderDetails" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "pid", "in": "path", "description": "Provider Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getUserEffectiveProvider pid=95b663a6467c72ab1256865efef9e387" } ] } }, "/user/effective_providers/{pid}/spaces": { "get": { "operationId": "get_user_spaces_in_effective_provider", "tags": [ "User" ], "x-onedata-gri": { "type": "od_provider", "id": "?BINDING(pid)", "aspect": "{user_spaces, ?CLIENT_ID}", "scope": "private" }, "summary": "Get user's spaces that are supported by given effective provider", "x-bash-codegen-description": "Returns the list of user's spaces that are supported by given effective provider.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the list of user's spaces that are supported by given effective provider.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user's spaces supported by effective provider**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/effective_providers/$PROVIDER_ID/spaces\n\n{\n \"spaces\": [\n \"6825604b0eb6a47b8b7a04b6369eb24d\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the list of user's spaces that are supported by given effective provider.", "schema": { "$ref": "#/definitions/Spaces" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "pid", "in": "path", "description": "Provider Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getUserSpacesInEffectiveProvider pid=95b663a6467c72ab1256865efef9e387" } ] } }, "/user/handle_services": { "get": { "operationId": "list_user_handle_services", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "handle_services" }, "summary": "List user handle services", "x-bash-codegen-description": "Returns the list of registered user handle services.\n", "description": "Returns the list of registered user handle services.\n\n***Example cURL requests***\n\n**Get user handle services**\n```bash\ncurl -u username:password -X GET https://$HOST/api/v3/user/handle_services\n\n{\n \"handle_services\": [\n \"0fe7c8a20ffdf07480c46f084bc3b8d5\",\n \"302da048de67e2ea05f0af1d0fe7c8a2\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of identifiers of registered handle services.", "schema": { "$ref": "#/definitions/HandleServices" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listUserHandleServices" } ] }, "post": { "operationId": "add_user_handle_service", "tags": [ "User" ], "x-onedata-gri": { "type": "od_handle_service", "aspect": "instance" }, "x-onedata-auth-hint": "?AS_USER(?CLIENT_ID)", "x-onedata-permissions": [ "oz_handle_service_create" ], "summary": "Create a new handle service for the current user", "x-bash-codegen-description": "Allows to register a new handle service.\n\nThis operation can be invoked on behalf of the current user only and requires\n`oz_handle_service_create` admin privilege.\n", "description": "Allows to register a new handle service.\n\nThis operation can be invoked on behalf of the current user only and requires\n`oz_handle_service_create` admin privilege.\n\n***Example cURL requests***\n\n**Add user handle services**\n```bash\ncurl -u username:password -X POST -H \"Content-type: application/json\" \\\n-d '{ ... }' https://$HOST/api/v3/user/handle_services\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the created handle service in form https://$HOST/api/onezone/v3/user/handle_services/{id} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created handle service.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "handleService", "in": "body", "required": true, "schema": { "$ref": "#/definitions/HandleService" } } ], "x-code-samples": [ { "lang": "Shell", "source": "cat hndl_service.json | onezone-rest-cli addUserHandleService -" } ] } }, "/user/handle_services/{hsid}": { "get": { "operationId": "get_user_handle_service", "tags": [ "User" ], "x-onedata-gri": { "type": "od_handle_service", "id": "?BINDING(hsid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_USER(?CLIENT_ID)", "summary": "Get user handle service details", "x-bash-codegen-description": "Returns the details of a specific handle service.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the details of a specific handle service.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get handle service details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/handle_services/$HANDLE_SERVICE_ID\n\n{\n \"name\": \"MyCommunity Handle service\",\n \"proxyEndpoint\": \"https://localhost:17000/handle_proxy\",\n \"serviceProperties\": {\n \"allowTemplateOverride\": false,\n \"doiEndpoint\": \"/doi\",\n \"host\": \"https://mds.test.datacite.org\",\n \"identifierTemplate\": \"{{space.name}}-{{space.guid}}\",\n \"mediaEndpoint\": \"/media\",\n \"metadataEndpoint\": \"/metadata\",\n \"password\": \"pa$$word\",\n \"prefix\": 10.5072,\n \"type\": \"DOI\",\n \"username\": \"alice\"\n }\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the details of a specific handle service.", "schema": { "$ref": "#/definitions/HandleService" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "hsid", "in": "path", "description": "Handle service Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getUserHandleService hsid=95b663a6467c72ab1256865efef9e387" } ] }, "delete": { "operationId": "leave_handle_service", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "{handle_service, ?BINDING(hsid)}" }, "summary": "Leave handle service", "x-bash-codegen-description": "Removes the user's ownership or access to a specific handle service.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Removes the user's ownership or access to a specific handle service.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Delete user handle service**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/user/handle_services/$HANDLE_SERVICE_ID\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "The user is no longer a member of the handle service." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "hsid", "in": "path", "description": "Handle service Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli leaveHandleService hsid=95b663a6467c72ab1256865efef9e387" } ] } }, "/user/effective_handle_services": { "get": { "operationId": "list_user_effective_handle_services", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "eff_handle_services" }, "summary": "List user effective handle services", "x-bash-codegen-description": "Returns the list of user's effective handle services.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the list of user's effective handle services.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user effective handle services**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/effective_handle_services\n\n{\n \"handle_services\": [\n \"LKJASHGDFKLJHASKLJDH\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of handle services.", "schema": { "$ref": "#/definitions/HandleServices" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listUserEffectiveHandleServices" } ] } }, "/user/effective_handle_services/{hsid}": { "get": { "operationId": "get_user_effective_handle_service", "tags": [ "User" ], "x-onedata-gri": { "type": "od_handle_service", "id": "?BINDING(hsid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_USER(?CLIENT_ID)", "summary": "Get effective handle service details", "x-bash-codegen-description": "Returns information about a specific effective handle service for the user.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns information about a specific effective handle service for the user.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user effective handle service**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/effective_handle_services/$HANDLE_SERVICE_ID\n\n{\n \"name\": \"MyCommunity Handle service\",\n \"proxyEndpoint\": \"https://localhost:17000/handle_proxy\",\n \"serviceProperties\": {\n \"allowTemplateOverride\": false,\n \"doiEndpoint\": \"/doi\",\n \"host\": \"https://mds.test.datacite.org\",\n \"identifierTemplate\": \"{{space.name}}-{{space.guid}}\",\n \"mediaEndpoint\": \"/media\",\n \"metadataEndpoint\": \"/metadata\",\n \"password\": \"pa$$word\",\n \"prefix\": 10.5072,\n \"type\": \"DOI\",\n \"username\": \"alice\"\n }\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the information about a specific effective handle service.", "schema": { "$ref": "#/definitions/HandleService" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "hsid", "in": "path", "description": "Handle service Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getUserEffectiveHandleService hsid=95b663a6467c72ab1256865efef9e387" } ] } }, "/user/handles": { "get": { "operationId": "list_user_handles", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "handles" }, "summary": "List user handles", "x-bash-codegen-description": "Returns the list of users' handles.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the list of users' handles.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user handles**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/handles\n\n{\n \"handles\": [\n \"c45fb16186931e6c2b44648cedd6b878ed1f6931\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the list of user handles.\n", "schema": { "$ref": "#/definitions/Handles" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listUserHandles" } ] }, "post": { "operationId": "create_user_handle", "tags": [ "User" ], "x-onedata-gri": { "type": "od_handle", "aspect": "instance" }, "x-onedata-auth-hint": "?AS_USER(?CLIENT_ID)", "x-onedata-permissions": [ "handle_service_register_handle" ], "summary": "Create a new handle for the current user", "x-bash-codegen-description": "Creates a new handle as current user.\n\nThis operation can be invoked on behalf of the current user only and requires\n'handle_service_register_handle' privilege in the handle service\nwhere the new handle is to be registered\n", "description": "Creates a new handle as current user.\n\nThis operation can be invoked on behalf of the current user only and requires\n'handle_service_register_handle' privilege in the handle service\nwhere the new handle is to be registered\n\n***Example cURL requests***\n\n**Create new user handle**\n```bash\ncurl -u admin:password -H \"Content-type: application/json\" -X POST \\\n-d '{ \"handleServiceId\": \"ddb06ed993bae95f2f430664fff122f7\", \"resourceType\": \"Share\", \"resourceId\": \"4fa683cbda8d8f686d15d42720af431d\", \"metadata\": \"...\" }'\nhttps://$HOST/api/v3/onezone/user/handles\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the created space in form https://$HOST/api/onezone/v3/user/handles/{id} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created handle.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "handle", "in": "body", "description": "New handle parameters.", "schema": { "$ref": "#/definitions/HandleRegistrationRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "cat handle.json | onezone-rest-cli createUserHandle -" } ] } }, "/user/handles/{hid}": { "get": { "operationId": "get_user_handle", "tags": [ "User" ], "x-onedata-gri": { "type": "od_handle", "id": "?BINDING(hid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_USER(?CLIENT_ID)", "summary": "Get handle details", "x-bash-codegen-description": "Returns the details of a specific handle.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the details of a specific handle.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get handle details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/handles/$HANDLE_ID\n\n{\n \"publicHandle\": \"10.5072/w95Zlng\",\n \"handleId\": \"95b663a6467c72ab1256865efef9e387\",\n \"handleServiceId\": \"97c27230017cd54c1220189e357322c4\",\n \"resourceType\": \"Share\",\n \"resourceId\": \"d6ee1aecf03b23f09756d6a49e435455\",\n \"metadata\": \"\n \n \n \n Example Resource\n John Doe\n MIT\n 2000-06-06\n \n \",\n \"timestamp\": \"1997-07-16T19:20\",\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the details of a specific handle.", "schema": { "$ref": "#/definitions/Handle" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "hid", "in": "path", "description": "Handle Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getUserHandle hid=95b663a6467c72ab1256865efef9e387" } ] }, "delete": { "operationId": "remove_user_handle", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "{handle, ?BINDING(hid)}" }, "summary": "Leave handle", "x-bash-codegen-description": "Removes the user's ownership or access to a specific space.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Removes the user's ownership or access to a specific space.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Delete user space**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/user/handles/$HANDLE_ID\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "The handle will be deleted." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "hid", "in": "path", "description": "Handle Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeUserHandle hid=95b663a6467c72ab1256865efef9e387" } ] } }, "/user/effective_handles": { "get": { "operationId": "list_user_effective_handles", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "eff_handles" }, "summary": "Get user effective handles", "x-bash-codegen-description": "Returns the list of user's effective handles.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the list of user's effective handles.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user effective handles**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/effective_handles\n\n{\n \"handles\": [\n \"8f8304077af3a834f0d484cd673073f0\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of handles.", "schema": { "$ref": "#/definitions/Handles" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listUserEffectiveHandles" } ] } }, "/user/effective_handles/{hid}": { "get": { "operationId": "get_user_effective_handle", "tags": [ "User" ], "x-onedata-gri": { "type": "od_handle", "id": "?BINDING(hid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_USER(?CLIENT_ID)", "summary": "Get effective handle details", "x-bash-codegen-description": "Returns information about a specific effective handle to which the user has access.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns information about a specific effective handle to which the user has access.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user effective handle**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/effective_handles/$HANDLE_ID\n\n{\n \"publicHandle\": \"10.5072/w95Zlng\",\n \"handleId\": \"95b663a6467c72ab1256865efef9e387\",\n \"handleServiceId\": \"97c27230017cd54c1220189e357322c4\",\n \"resourceType\": \"Share\",\n \"resourceId\": \"d6ee1aecf03b23f09756d6a49e435455\",\n \"metadata\": \"\n \n \n \n Example Resource\n John Doe\n MIT\n 2000-06-06\n \n \",\n \"timestamp\": \"1997-07-16T19:20\",\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the information about a specific effective handle.", "schema": { "$ref": "#/definitions/Handle" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "hid", "in": "path", "description": "Handle Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getUserEffectiveHandle hid=95b663a6467c72ab1256865efef9e387" } ] } }, "/user/harvesters": { "get": { "operationId": "list_user_harvesters", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "harvesters" }, "summary": "List user harvesters", "x-bash-codegen-description": "Returns the list of users' harvesters.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the list of users' harvesters.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user harvesters**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/harvesters\n\n{\n \"harvesters\": [\n \"c45fb16186931e6c2b44648cedd6b878ed1f6931\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the list of user harvesters.\n", "schema": { "type": "object", "properties": { "harvesters": { "description": "The list of all user harvesters Ids.", "type": "array", "items": { "type": "string" } } } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listUserHarvesters" } ] }, "post": { "operationId": "create_user_harvester", "tags": [ "User" ], "x-onedata-gri": { "type": "od_harvester", "aspect": "instance" }, "x-onedata-auth-hint": "?AS_USER(?CLIENT_ID)", "summary": "Create a new harvester for the current user", "x-bash-codegen-description": "Creates a new harvester as current user. The user automaticaly becomes\nthe harvesters' member.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Creates a new harvester as current user. The user automaticaly becomes\nthe harvesters' member.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Create new user harvester**\n```bash\ncurl -u admin:password -H \"Content-type: application/json\" -X POST \\\n-X POST -d '{ \"name\" : \"new_harvester\", \"endpoint\" : \"example.elastic.com:9200\", \"harvestingBackendType\" : \"elasticsearch_harvesting_backend\" \\\n\"config\" : { \"typeMapping\": [ { \"id\": 0, \"name\": \"Type 1\" }, { \"id\": 1, \"name\": \"Type 1\" } ],\n \"externalHelpLink\": \"http://example.com/some_help_page\",\n \"refreshDataTimeout\": 1000 }, \\\nhttps://$HOST/api/v3/onezone/user/harvesters\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the created harvester in form https://$HOST/api/onezone/v3/user/harvesters/{id} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created harvester.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "harvester", "in": "body", "description": "New harvester parameters.", "schema": { "$ref": "#/definitions/HarvesterCreateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createUserHarvester name==test_harvester harvestingBackendEndpoint== \"example.elastic.com:9200\" harvestingBackendType==\"elasticsearch_harvesting_backend\" config=={ \"typeMapping\": [ { \"id\": 0, \"name\": \"Type 1\" }, { \"id\": 1, \"name\": \"Type 1\" } ], \"externalHelpLink\": \"http://example.com/some_help_page\", \"refreshDataTimeout\": 1000 } " } ] } }, "/user/harvesters/join": { "post": { "operationId": "join_harvester", "tags": [ "User" ], "x-onedata-gri": { "type": "od_harvester", "aspect": "join" }, "x-onedata-auth-hint": "?AS_USER(?CLIENT_ID)", "summary": "Join harvester", "x-bash-codegen-description": "Join existing harvester using invitation token.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Join existing harvester using invitation token.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Join existing harvester**\n```bash\ncurl -u admin:password -H \"Content-type: application/json\" -X POST \\\n-d '{ \"token\" : \"MDAxNmxvY2F00aW9uRVM2TVo5UlZ5cGFjZV9jcmLciFsOgyUkPI3f02le6PM01IX8go\" }' \\\nhttps://$HOST/api/v3/onezone/user/harvesters/join\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the joined harvester in form https://$HOST/api/onezone/v3/user/harvesters/{id} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the joined harvester.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "harvesterinvitetoken", "in": "body", "description": "Token for joining a harvester.", "schema": { "$ref": "#/definitions/HarvesterInviteToken" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli joinHarvester token==MDAxNmxvY2F00aW9uRVM2TVo5UlZ5cGFjZV9jcm" } ] } }, "/user/harvesters/{hid}": { "get": { "operationId": "get_user_harvester", "tags": [ "User" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(hid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_USER(?CLIENT_ID)", "summary": "Get harvester details", "x-bash-codegen-description": "Returns the details of a specific harvester.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the details of a specific harvester.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get harvester details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/harvesters/$HARVESTER_ID\n\n{\n \"harvesterId\": \"2c0160248ba9a66f45da751ca459535a\",\n \"name\": \"new_harvester1\",\n \"public\" : true,\n \"harvestingBackendType\" : \"elasticsearch_harvesting_backend\",\n \"harvestingBackendEndpoint\" : \"example.elastic.com:9200\",\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the details of a specific harvester.", "schema": { "$ref": "#/definitions/Harvester" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "hid", "in": "path", "description": "Harvester Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getUserHarvester hid=95b663a6467c72ab1256865efef9e387" } ] }, "delete": { "operationId": "user_leave_harvester", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "{harvester, ?BINDING(hid)}" }, "summary": "Leave harvester", "x-bash-codegen-description": "Removes the users ownership or access to a specific harvester.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Removes the users ownership or access to a specific harvester.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Delete user harvester**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/user/harvesters/$HARVESTER_ID\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "The user was removed from harvester." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "hid", "in": "path", "description": "Harvester Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli userLeaveHarvester hid=95b663a6467c72ab1256865efef9e387" } ] } }, "/user/effective_harvesters": { "get": { "operationId": "list_effective_user_harvesters", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "eff_harvesters" }, "summary": "List effective user harvesters", "x-bash-codegen-description": "Returns the list of user's effective harvesters.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the list of user's effective harvesters.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user effective harvesters**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/effective_harvesters\n\n{\n \"harvesters\": [\n \"40090ed592dc7975d2a9cd6bbe6c9a67\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of harvesters.", "schema": { "$ref": "#/definitions/Harvesters" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveUserHarvesters" } ] } }, "/user/effective_harvesters/{hid}": { "get": { "operationId": "get_effective_user_harvester", "tags": [ "User" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(hid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_USER(?CLIENT_ID)", "summary": "Get effective harvester details", "x-bash-codegen-description": "Returns information about a specific effective harvester to which the user has access.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns information about a specific effective harvester to which the user has access.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user effective harvester**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/effective_harvesters/$HARVESTER_ID\n\n{\n \"harvesterId\": \"2c0160248ba9a66f45da751ca459535a\",\n \"name\": \"new_harvester1\",\n \"public\" : true,\n \"harvestingBackendType\" : \"elasticsearch_harvesting_backend\",\n \"harvestingBackendEndpoint\" : \"example.elastic.com:9200\",\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the information about a specific effective harvester.", "schema": { "$ref": "#/definitions/Harvester" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "hid", "in": "path", "description": "Harvester Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveUserHarvester hid=95b663a6467c72ab1256865efef9e387" } ] } }, "/user/clusters": { "get": { "operationId": "list_user_clusters", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "clusters" }, "summary": "List user's clusters", "x-bash-codegen-description": "Returns the list of user's clusters.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the list of user's clusters.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user's clusters**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/clusters\n\n{\n \"clusters\": [\n \"c45fb16186931e6c2b44648cedd6b878ed1f6931\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of user's clusters.\n", "schema": { "$ref": "#/definitions/Clusters" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listUserClusters" } ] } }, "/user/clusters/provider_registration_token": { "post": { "deprecated": true, "operationId": "create_provider_registration_token_for_current_user", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "provider_registration_token" }, "summary": "Create provider registration token for current user", "x-bash-codegen-description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user)\n\nCreates a token for the current user allowing him to register a new provider\nin Onezone. After the registration, the user's account will be automatically\nlinked to the new Oneprovider cluster\n(granting him access to Oneprovider's onepanel).\n\nThis operation can be invoked on behalf of the current user only.\n\nIf registration policy in Onezone is configured as `open`, any user can\ngenerate the token for himself. In case of `restricted` policy, this\noperation requires `oz_providers_invite` privilege.\n", "description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user)\n\nCreates a token for the current user allowing him to register a new provider\nin Onezone. After the registration, the user's account will be automatically\nlinked to the new Oneprovider cluster\n(granting him access to Oneprovider's onepanel).\n\nThis operation can be invoked on behalf of the current user only.\n\nIf registration policy in Onezone is configured as `open`, any user can\ngenerate the token for himself. In case of `restricted` policy, this\noperation requires `oz_providers_invite` privilege.\n\n***Example cURL requests***\n\n**Create provider registration token for current user**\n```bash\ncurl -u username:password -X POST \\\nhttps://$HOST/api/v3/onezone/user/clusters/$CLUSTER_ID\n\n{\n \"token\": [\n \"MDAxNmxvY2F00aW9uIHJlZ2lzdHJ5CjAwM2JpZGVudGlmaW-0Y8\"\n ]\n}\n```\n", "consumes": [ "application/json" ], "produces": [ "application/json" ], "responses": { "200": { "description": "A provider registration token.", "schema": { "$ref": "#/definitions/ProviderRegistrationToken" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createProviderRegistrationTokenForCurrentUser" } ] } }, "/user/clusters/join": { "post": { "operationId": "user_join_cluster", "tags": [ "User" ], "x-onedata-gri": { "type": "od_cluster", "aspect": "join" }, "x-onedata-auth-hint": "?AS_USER(?CLIENT_ID)", "summary": "Join cluster", "x-bash-codegen-description": "Join an existing cluster using an inivitation token.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Join an existing cluster using an inivitation token.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Join an existing cluster**\n```bash\ncurl -u admin:password -H \"Content-type: application/json\" -X POST \\\n-d '{ \"token\" : \"MDAxNmxvY2F00aW9uRVM2TVo5UlZ5cGFjZV9jcmLciFsOgyUkPI3f02le6PM01IX8go\" }' \\\nhttps://$HOST/api/v3/onezone/user/clusters/join\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the joined cluster in form https://$HOST/api/onezone/v3/user/clusters/{id} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the joined cluster.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "clusterinvitetoken", "in": "body", "description": "Token for joining a cluster.", "schema": { "$ref": "#/definitions/ClusterInviteToken" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli userJoinCluster token==MDAxNmxvY2F00aW9uRVM2TVo5UlZ5cGFjZV9jcm" } ] } }, "/user/clusters/{cid}": { "get": { "operationId": "get_user_cluster", "tags": [ "User" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(cid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_USER(?CLIENT_ID)", "summary": "Get user's cluster details", "x-bash-codegen-description": "Returns the details of a specific user's cluster.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the details of a specific user's cluster.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user's cluster details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/clusters/$CLUSTER_ID\n\n{\n \"clusterId\": \"f8d843beda24e54545455ecc0f4b8886\",\n \"type\": \"oneprovider\",\n \"workerVersion\": {\n \"release\": \"20.02.13\",\n \"build\": \"1-gfabf02d\",\n \"gui\": \"129c549fbe9b3e730c3d9910492228566e39e1236945766a74381405cc57fb04\"\n },\n \"onepanelVersion\": {\n \"release\": \"20.02.13\",\n \"build\": \"3-89fc6bad\",\n \"gui\": \"68e7e1472adb719ddf2d88908775091dfb10e5d0b916f06125ea1af4056044e3\"\n },\n \"online\": true,\n \"onepanelProxy\": false,\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Details of a specific cluster.", "schema": { "$ref": "#/definitions/Cluster" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "cid", "in": "path", "description": "Cluster Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getUserCluster cid=95b663a6467c72ab1256865efef9e387" } ] }, "delete": { "operationId": "user_leave_cluster", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "{cluster, ?BINDING(cid)}" }, "summary": "Leave cluster", "x-bash-codegen-description": "Removes the users membership in a specific cluster.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Removes the users membership in a specific cluster.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**User leave cluster**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/user/clusters/$CLUSTER_ID\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "The user is no longer a member of the cluster." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "cid", "in": "path", "description": "Cluster Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli userLeaveCluster cid=95b663a6467c72ab1256865efef9e387" } ] } }, "/user/effective_clusters": { "get": { "operationId": "list_user_effective_clusters", "tags": [ "User" ], "x-onedata-gri": { "type": "od_user", "id": "?CLIENT_ID", "aspect": "eff_clusters" }, "summary": "List user's effective clusters", "x-bash-codegen-description": "Returns the list of user's effective clusters.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the list of user's effective clusters.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user's effective clusters**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/effective_clusters\n\n{\n \"clusters\": [\n \"c45fb16186931e6c2b44648cedd6b878ed1f6931\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of user's effective clusters.\n", "schema": { "$ref": "#/definitions/Clusters" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listUserEffectiveClusters" } ] } }, "/user/effective_clusters/{cid}": { "get": { "operationId": "get_user_effective_cluster", "tags": [ "User" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(cid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_USER(?CLIENT_ID)", "summary": "Get user's effective cluster details", "x-bash-codegen-description": "Returns information about a specific user's effective cluster.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns information about a specific user's effective cluster.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get user's effective cluster details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/clusters/$CLUSTER_ID\n\n{\n \"clusterId\": \"f8d843beda24e54545455ecc0f4b8886\",\n \"type\": \"oneprovider\",\n \"workerVersion\": {\n \"release\": \"20.02.13\",\n \"build\": \"1-gfabf02d\",\n \"gui\": \"129c549fbe9b3e730c3d9910492228566e39e1236945766a74381405cc57fb04\"\n },\n \"onepanelVersion\": {\n \"release\": \"20.02.13\",\n \"build\": \"3-89fc6bad\",\n \"gui\": \"68e7e1472adb719ddf2d88908775091dfb10e5d0b916f06125ea1af4056044e3\"\n },\n \"online\": true,\n \"onepanelProxy\": false,\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Details of a specific effective cluster.", "schema": { "$ref": "#/definitions/Cluster" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "cid", "in": "path", "description": "Cluster Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getUserEffectiveCluster cid=95b663a6467c72ab1256865efef9e387" } ] } }, "/groups": { "get": { "operationId": "list_groups", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "aspect": "list" }, "x-onedata-permissions": [ "oz_groups_list" ], "summary": "List all groups", "x-bash-codegen-description": "Returns the list of all groups in the system.\n\nRequires `oz_groups_list` admin privilege.\n", "description": "Returns the list of all groups in the system.\n\nRequires `oz_groups_list` admin privilege.\n\n***Example cURL requests***\n\n**List all groups in the system**\n```bash\n curl -u username:password -X GET https://$HOST/api/v3/onezone/groups\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of group Ids created within the Onezone service.\n", "schema": { "$ref": "#/definitions/Groups" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listGroups" } ] }, "post": { "operationId": "create_group", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "aspect": "instance" }, "x-onedata-permissions": [ "oz_groups_create" ], "summary": "Create new group", "x-bash-codegen-description": "Creates a new group.\n\nThis operation requires `oz_groups_create` privilege.\n", "description": "Creates a new group.\n\nThis operation requires `oz_groups_create` privilege. \n\nSee also: \n[Create a new group for the current user](#operation/create_group_for_user) \n[Create a new parent group for given group](#operation/create_parent_group) \n\n***Example cURL requests***\n\n**Create new group of type `team`**\n```bash\n curl -u username:password -H \"Content-type: application/json\" \\\n -X POST -d '{ \"name\":\"new_group\" , \"type\":\"team\" }' \\\n https://$HOST/api/v3/onezone/groups/$GROUP_ID\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the group created in form https://$HOST/api/onezone/v3/groups/{id} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created group.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "data", "in": "body", "description": "Group properties.", "schema": { "$ref": "#/definitions/GroupCreateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createGroup name==Group2 type==team" } ] } }, "/groups/privileges": { "get": { "operationId": "list_group_privileges", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "aspect": "privileges" }, "x-onedata-permissions": [], "summary": "List all group privileges", "x-bash-codegen-description": "Returns list of all possible group privileges.\n\nThis endpoint does not require authentication.\n", "description": "Returns list of all possible group privileges.\n\nThis endpoint does not require authentication.\n\n***Example cURL requests***\n\n**Get list of all group privileges**\n```bash\ncurl https://$HOST/api/v3/onezone/groups/privileges\n\n{\n \"admin\": [\n \"group_view\",\n \"group_update\",\n \"group_delete\",\n \"group_view_privileges\",\n \"group_set_privileges\",\n \"group_add_parent\",\n \"group_leave_parent\",\n \"group_add_child\",\n \"group_remove_child\",\n \"group_add_user\",\n \"group_remove_user\",\n \"group_add_space\",\n \"group_leave_space\",\n \"group_create_handle_service\",\n \"group_leave_handle_service\",\n \"group_create_handle\",\n \"group_leave_handle\",\n \"group_add_harvester\",\n \"group_remove_harvester\"\n ],\n \"manager\": [\n \"group_view\",\n \"group_view_privileges\",\n \"group_add_parent\",\n \"group_leave_parent\",\n \"group_add_child\",\n \"group_remove_child\",\n \"group_add_user\",\n \"group_remove_user\",\n \"group_add_harvester\",\n \"group_remove_harvester\"\n ],\n \"member\": [\n \"group_view\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "List of all group privileges", "schema": { "type": "object", "properties": { "admin": { "$ref": "#/definitions/GroupPrivileges" }, "manager": { "$ref": "#/definitions/GroupManagerPrivileges" }, "member": { "$ref": "#/definitions/GroupMemberPrivileges" } } } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listGroupPrivileges" } ] } }, "/groups/{id}": { "get": { "operationId": "get_group", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "instance", "scope": "protected" }, "x-onedata-permissions": [ "oz_groups_view" ], "summary": "Get group details", "x-bash-codegen-description": "Returns the information about a specific group.\n\nThis operation requires membership in the group or\n`oz_groups_view` admin privilege.\n", "description": "Returns the information about a specific group.\n\nThis operation requires membership in the group or\n`oz_groups_view` admin privilege.\n\n***Example cURL requests***\n\n**Get group details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID\n\n{\n \"groupId\": \"a4d3bc73aada63052310652d421609f1\",\n \"name\": \"Test group\",\n \"type\": \"team\",\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Information about a group.", "schema": { "$ref": "#/definitions/Group" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getGroup id=a4d3bc73aada63052310652d421609f1" } ] }, "patch": { "operationId": "modify_group", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "instance" }, "x-onedata-permissions": [ "group_update", "oz_groups_update" ], "summary": "Modify group details", "x-bash-codegen-description": "Updates the details about a group.\n\nThis operation requires `group_update` privilege.\nFor administrator who does not belong to this group\n`oz_groups_update` privilege is required.\n", "description": "Updates the details about a group.\n\nThis operation requires `group_update` privilege.\nFor administrator who does not belong to this group\n`oz_groups_update` privilege is required.\n\n***Example cURL requests***\n\n**Modify group name**\n```bash\ncurl -u admin:password -H \"Content-type: application/json\" \\\n-X PATCH -d '{\"name\": \"new_group_name\"}' \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "Group details modified." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Group parameters", "schema": { "$ref": "#/definitions/GroupUpdateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli modifyGroup id=a4d3bc73aada63052310652d421609f1 name==\"New Group Name\" type==team" } ] }, "delete": { "operationId": "remove_group", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "instance" }, "x-onedata-permissions": [ "group_delete", "oz_groups_delete" ], "summary": "Remove group", "x-bash-codegen-description": "Removes a specific group.\n\nThis operation requires `group_delete` privilege.\nFor administrator who does not belong to this group\n`oz_groups_delete` privilege is required.\n", "description": "Removes a specific group.\n\nThis operation requires `group_delete` privilege.\nFor administrator who does not belong to this group\n`oz_groups_delete` privilege is required.\n\n***Example cURL requests***\n\n**Remove group**\n```bash\ncurl -u admin:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/user/groups/$GROUP_ID\n```\n", "responses": { "204": { "description": "The group was removed." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeGroup id=a4d3bc73aada63052310652d421609f1" } ] } }, "/groups/{id}/privileges": { "get": { "operationId": "list_group_admin_privileges", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "oz_privileges" }, "x-onedata-permissions": [ "oz_view_privileges" ], "summary": "List group's admin privileges", "x-bash-codegen-description": "Returns the list of group's (`{id}`) admin privileges in Onezone.\n\nThis operation requires `oz_view_privileges` admin privilege.\n", "description": "Returns the list of group's (`{id}`) admin privileges in Onezone.\n\nThis operation requires `oz_view_privileges` admin privilege.\n\n***Example cURL requests***\n\n**List group's admin privileges in Onezone**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/privileges\n\n{\n \"privileges\": [\n \"oz_view_privileges\",\n \"oz_users_list\",\n \"oz_users_view\",\n \"oz_groups_list\",\n \"oz_groups_view\",\n \"oz_spaces_list\",\n \"oz_spaces_view\",\n \"oz_shares_list\",\n \"oz_shares_view\",\n \"oz_providers_list\",\n \"oz_providers_view\",\n \"oz_handle_services_list\",\n \"oz_handle_services_view\",\n \"oz_handles_list\",\n \"oz_handles_view\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of group's admin privileges in Onezone.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/AdminPrivileges" } }, "example": { "privileges": [ "oz_view_privileges", "oz_users_list", "oz_users_view", "oz_groups_list", "oz_groups_view", "oz_spaces_list", "oz_spaces_view", "oz_shares_list", "oz_shares_view", "oz_providers_list", "oz_providers_view", "oz_handle_services_list", "oz_handle_services_view", "oz_handles_list", "oz_handles_view" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listGroupAdminPrivileges id=f1c8b1a37aa7447b22eb65a742d40524" } ] }, "patch": { "operationId": "update_group_admin_privileges", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "oz_privileges" }, "x-onedata-permissions": [ "oz_set_privileges" ], "summary": "Update group's admin privileges", "x-bash-codegen-description": "Updates group's (`{id}`) admin privileges in Onezone.\n\nThis operation requires `oz_set_privileges` admin privilege.\n", "description": "Updates group's (`{id}`) admin privileges in Onezone.\n\nThis operation requires `oz_set_privileges` admin privilege.\n\nThe `grant` field specifies a list of privileges to be granted. The `revoke`\nfield specifies a list of privileges to be revoked. At least one of those\nfields must be given.\n\n***Example cURL requests***\n\n**Update group's admin privileges in Onezone**\n```bash\ncurl -H \"Content-type: application/json\" -X PATCH \\\n-d '{\"grant\": [\"oz_spaces_list\"], \"revoke\": [\"oz_groups_update\"]}' \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/privileges\n```\n", "responses": { "204": { "description": "The privileges have been updated." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "admin privileges update request.", "schema": { "$ref": "#/definitions/AdminPrivilegesUpdate" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "echo '{\"privileges\": [\"oz_spaces_list\", \"oz_groups_update\"]}' | onezone-rest-cli updateGroupAdminPrivileges id=f1c8b1a37aa7447b22eb65a742d40524 -" } ] }, "delete": { "operationId": "remove_group_admin_privileges", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "oz_privileges" }, "x-onedata-permissions": [ "oz_set_privileges" ], "summary": "Remove group's admin privileges", "x-bash-codegen-description": "Removes all group's (`{id}`) admin privileges in Onezone.\n\nThis operation requires `oz_set_privileges` admin privilege.\n", "description": "Removes all group's (`{id}`) admin privileges in Onezone.\n\nThis operation requires `oz_set_privileges` admin privilege.\n\n***Example cURL requests***\n\n**Remove all group's admin privileges in Onezone**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/privileges\n```\n", "responses": { "204": { "description": "The group admin privileges have been removed." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeGroupAdminPrivileges id=f1c8b1a37aa7447b22eb65a742d40524" } ] } }, "/groups/{id}/effective_privileges": { "get": { "operationId": "list_group_effective_admin_privileges", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "eff_oz_privileges" }, "x-onedata-permissions": [ "oz_view_privileges" ], "summary": "List group's effective admin privileges", "x-bash-codegen-description": "Returns the list of group's (`{id}`) effective admin privileges in Onezone.\n\nEffective privileges are a sum of group's privileges and privileges inherited\nfrom its parent group memberships.\n\nThis operation requires `oz_view_privileges` admin privilege.\n", "description": "Returns the list of group's (`{id}`) effective admin privileges in Onezone.\n\nEffective privileges are a sum of group's privileges and privileges inherited\nfrom its parent group memberships.\n\nThis operation requires `oz_view_privileges` admin privilege.\n\n***Example cURL requests***\n\n**List group's effective admin privileges in Onezone**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/effective_privileges\n\n{\n \"privileges\": [\n \"oz_view_privileges\",\n \"oz_users_list\",\n \"oz_users_view\",\n \"oz_groups_list\",\n \"oz_groups_view\",\n \"oz_spaces_list\",\n \"oz_spaces_view\",\n \"oz_shares_list\",\n \"oz_shares_view\",\n \"oz_providers_list\",\n \"oz_providers_view\",\n \"oz_handle_services_list\",\n \"oz_handle_services_view\",\n \"oz_handles_list\",\n \"oz_handles_view\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of group's effective admin privileges in Onezone.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/AdminPrivileges" } }, "example": { "privileges": [ "oz_view_privileges", "oz_users_list", "oz_users_view", "oz_groups_list", "oz_groups_view", "oz_spaces_list", "oz_spaces_view", "oz_shares_list", "oz_shares_view", "oz_providers_list", "oz_providers_view", "oz_handle_services_list", "oz_handle_services_view", "oz_handles_list", "oz_handles_view" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listGroupEffectiveAdminPrivileges id=f1c8b1a37aa7447b22eb65a742d40524" } ] } }, "/groups/{id}/users": { "get": { "operationId": "list_group_users", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "users" }, "x-onedata-permissions": [ "group_view", "oz_groups_list_relationships" ], "summary": "List group users", "x-bash-codegen-description": "Returns the list of users belonging to a specific group.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n", "description": "Returns the list of users belonging to a specific group.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Get group users**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/users\n\n{\n \"users\": [\n \"a5b469a2b0516b662a49da74d6d7d7bc\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of all user Ids that belong to a specific group", "schema": { "$ref": "#/definitions/Users" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listGroupUsers id=a4d3bc73aada63052310652d421609f1" } ] } }, "/groups/{id}/users/token": { "post": { "deprecated": true, "operationId": "create_user_group_invite_token", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "invite_user_token" }, "x-onedata-permissions": [ "group_add_user", "oz_groups_add_relationships" ], "summary": "Create user invite token for group", "x-bash-codegen-description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user)\n\nCreates a token allowing new user to join the group.\n\nThis operation requires `group_add_user` privilege.\nFor administrator who does not belong to this group\n`oz_groups_add_relationships` privilege is required.\n", "description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user)\n\nCreates a token allowing new user to join the group.\n\nThis operation requires `group_add_user` privilege.\nFor administrator who does not belong to this group\n`oz_groups_add_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Generate user group invite token**\n```bash\ncurl -u username:password -X POST \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/users/token\n\n{\n \"token\": \"MDAxNmxvY2F00aW9uIHJlZlFTUbnZpdGVthHo8xmai4RqqBO2MZM00mrYGgo\"\n}\n```\n", "consumes": [ "application/json" ], "produces": [ "application/json" ], "responses": { "200": { "description": "The token for joining a specific group.", "schema": { "$ref": "#/definitions/GroupInviteToken" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createUserGroupInviteToken id=a4d3bc73aada63052310652d421609f1" } ] } }, "/groups/{id}/users/{uid}": { "get": { "operationId": "get_group_user", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_user", "id": "?BINDING(uid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_view,", "oz_users_view" ], "summary": "Get group user details", "x-bash-codegen-description": "Returns basic information about a user {uid} in group {id}.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_users_view` privilege is required.\n", "description": "Returns basic information about a user {uid} in group {id}.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_users_view` privilege is required.\n\n***Example cURL requests***\n\n**Generate user group invite token**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/users/$USER_ID\n\n{\n \"userId\" : \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"fullName\" : \"John Doe\",\n \"username\" : \"jodoe\",\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Information about a group user.", "schema": { "$ref": "#/definitions/User" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getGroupUser id=a4d3bc73aada63052310652d421609f1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] }, "put": { "operationId": "add_group_user", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "{user, ?BINDING(uid)}" }, "x-onedata-permissions": [ "group_add_user", "group_set_privileges", "oz_groups_add_relationships", "oz_users_add_relationships", "oz_groups_set_privileges" ], "summary": "Add user to group", "x-bash-codegen-description": "Adds user {uid} as member of group {id}. Optional privileges\ncan be passed in the request body, otherwise default\nprivileges will be set for the user in this group.\n\nThis operation can only be invoked by the user {uid} to add himself to the\ngroup (if he is not a member already) and requires `group_add_user`\nprivilege in the group. If `privileges` are specified in the request,\n`group_set_privileges` privilege is also required.\n\nAdministrators having the `oz_groups_add_relationships` and\n`oz_users_add_relationships` admin privileges can add any user to any group,\nthough `oz_groups_set_privileges` privilege is required if `privileges` are\nspecified in the request.\n", "description": "Adds user {uid} as member of group {id}. Optional privileges\ncan be passed in the request body, otherwise default\nprivileges will be set for the user in this group.\n\nThis operation can only be invoked by the user {uid} to add himself to the\ngroup (if he is not a member already) and requires `group_add_user`\nprivilege in the group. If `privileges` are specified in the request,\n`group_set_privileges` privilege is also required.\n\nAdministrators having the `oz_groups_add_relationships` and\n`oz_users_add_relationships` admin privileges can add any user to any group,\nthough `oz_groups_set_privileges` privilege is required if `privileges` are\nspecified in the request.\n\n***Example cURL requests***\n\n**Generate user group invite token**\n```bash\ncurl -u admin:password -X PUT \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/users/$USER_ID\n```\n", "produces": [ "application/json" ], "responses": { "201": { "description": "URI of the added user in form https://$HOST/api/onezone/v3/groups/{id}/users/{uid} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the added user.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "required": false, "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/GroupPrivileges" } } } } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli addGroupUser id=a4d3bc73aada63052310652d421609f1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] }, "delete": { "operationId": "remove_group_user", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "{user, ?BINDING(uid)}" }, "x-onedata-permissions": [ "group_remove_user", "oz_groups_remove_relationships", "oz_users_remove_relationships" ], "summary": "Remove user from group", "x-bash-codegen-description": "Removes the user {uid} from a group {id} (the user will no longer have\naccess to spaces accessible to the group).\n\nThis operation requires `group_remove_user` privilege.\nFor administrator who does not belong to this group\n`oz_groups_remove_relationships` and `oz_users_remove_relationships` privileges are required.\n", "description": "Removes the user {uid} from a group {id} (the user will no longer have access\nto spaces accessible to the group).\n\nThis operation requires `group_remove_user` privilege.\nFor administrator who does not belong to this group\n`oz_groups_remove_relationships` and `oz_users_remove_relationships` privileges are required.\n\n***Example cURL requests***\n\n**Remove user from group**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/users/$USER_ID\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "The user was removed from the group." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeGroupUser id=a4d3bc73aada63052310652d421609f1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] } }, "/groups/{id}/users/{uid}/privileges": { "get": { "operationId": "list_user_group_privileges", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "{user_privileges, ?BINDING(uid)}" }, "x-onedata-permissions": [ "group_view_privileges", "oz_groups_view_privileges" ], "summary": "List user's group privileges", "x-bash-codegen-description": "Returns the list of user's (`{uid}`) privileges in a group (`{id}`).\n\nThis operation requires `group_view_privileges` privilege.\nFor administrator who does not belong to this group\n`oz_groups_view_privileges` privilege is required.\n", "description": "Returns the list of user's (`{uid}`) privileges in a group (`{id}`).\n\nThis operation requires `group_view_privileges` privilege.\nFor administrator who does not belong to this group\n`oz_groups_view_privileges` privilege is required.\n\n***Example cURL requests***\n\n**List user's privileges in a group**\n```bash\ncurl -u username:password -X GET\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/users/$USER_ID/privileges\n\n{\n \"privileges\": [\n \"group_view\",\n \"group_update\",\n \"group_delete\",\n \"group_view_privileges\",\n \"group_set_privileges\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of user's privileges in the group.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/GroupPrivileges" } }, "example": { "privileges": [ "group_view", "group_update", "group_delete", "group_view_privileges", "group_set_privileges" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listUserGroupPrivileges id=a4d3bc73aada63052310652d421609f1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] }, "patch": { "operationId": "update_user_group_privileges", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "{user_privileges, ?BINDING(uid)}" }, "x-onedata-permissions": [ "group_set_privileges", "oz_groups_set_privileges" ], "summary": "Update user's group privileges", "x-bash-codegen-description": "Updates user's (`{uid}`) privileges in a group (`{id}`).\n\nThis operation requires `group_set_privileges` privilege.\nFor administrator who does not belong to this group\n`oz_groups_set_privileges` privilege is required.\n", "description": "Updates user's (`{uid}`) privileges in a group (`{id}`).\n\nThis operation requires `group_set_privileges` privilege.\nFor administrator who does not belong to this group\n`oz_groups_set_privileges` privilege is required.\n\nThe `grant` field specifies a list of privileges to be granted. The `revoke`\nfield specifies a list of privileges to be revoked. At least one of those\nfields must be given.\n\n***Example cURL requests***\n\n**Update user's privileges in a group**\n```bash\ncurl -H \"Content-type: application/json\" -X PATCH \\\n-d '{\"grant\": [\"group_view\", \"group_update\"], \"revoke\": [\"group_delete\"]}' \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/users/$USER_ID/privileges\n```\n", "responses": { "204": { "description": "The privileges have been updated." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Group privileges update request.", "schema": { "$ref": "#/definitions/GroupPrivilegesUpdate" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "echo '{\"grant\": [\"group_view\", \"group_update\"], \"revoke\": [\"group_delete\"]}' | onezone-rest-cli updateUserGroupPrivileges id=a4d3bc73aada63052310652d421609f1 uid=a5b469a2b0516b662a49da74d6d7d7bc -" } ] } }, "/groups/{id}/effective_users": { "get": { "operationId": "list_effective_group_users", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "eff_users" }, "x-onedata-permissions": [ "group_view", "oz_groups_list_relationships" ], "summary": "List effective group users", "x-bash-codegen-description": "Returns the list of effective group users, which includes both who directly\nbelong to the group, as well as users who belong to the group indirectly\nthrough its parent groups.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n", "description": "Returns the list of effective group users, which includes both who directly\nbelong to the group, as well as users who belong to the group indirectly\nthrough its parent groups.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Get effective group users**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/effective_users\n\n{\n \"users\": [\n \"lb0NvUXIVguzjQ3dBOXAyd1c11fWKB5dKJDQ6YvB7a0\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of effective user Ids that belong to a specific group", "schema": { "$ref": "#/definitions/Users" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveGroupUsers id=538ef9643ae6b9e40817e51eece7e341" } ] } }, "/groups/{id}/effective_users/{uid}": { "get": { "operationId": "get_effective_group_user", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_user", "id": "?BINDING(uid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_view", "oz_users_view" ], "summary": "Get effective group user details", "x-bash-codegen-description": "Returns information about a specific effective group user.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_users_view` privilege is required.\n", "description": "Returns information about a specific effective group user.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_users_view` privilege is required.\n\n***Example cURL requests***\n\n**Get group user details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/effective_users/$USER_ID\n\n{\n \"userId\" : \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"fullName\" : \"John Doe\",\n \"username\" : \"jodoe\",\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the information about a group user.", "schema": { "$ref": "#/definitions/User" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveGroupUser id=538ef9643ae6b9e40817e51eece7e341 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] } }, "/groups/{id}/effective_users/{uid}/privileges": { "get": { "operationId": "list_effective_user_group_privileges", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "{eff_user_privileges, ?BINDING(uid)}" }, "x-onedata-permissions": [ "group_view_privileges", "oz_groups_view_privileges" ], "summary": "List effective user's group privileges", "x-bash-codegen-description": "Returns the list of effective user's (`{uid}`) privileges in a group (`{id}`).\n\nEffective privileges are a sum of user's privileges and privileges\ninherited from his group memberships.\n\nThis operation requires `group_view_privileges` privilege.\nFor administrator who does not belong to this group\n`oz_groups_view_privileges` privilege is required.\n", "description": "Returns the list of effective user's (`{uid}`) privileges in a group (`{id}`).\n\nEffective privileges are a sum of user's privileges and privileges\ninherited from his group memberships.\n\nThis operation requires `group_view_privileges` privilege.\nFor administrator who does not belong to this group\n`oz_groups_view_privileges` privilege is required.\n\n***Example cURL requests***\n\n**List effective user's privileges in a group**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/effective_users/$USER_ID/privileges\n\n{\n \"privileges\": [\n \"group_view\",\n \"group_update\",\n \"group_delete\",\n \"group_view_privileges\",\n \"group_set_privileges\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of effective user's privileges in the group.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/GroupPrivileges" } }, "example": { "privileges": [ "group_view", "group_update", "group_delete", "group_view_privileges", "group_set_privileges" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveUserGroupPrivileges id=a4d3bc73aada63052310652d421609f1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] } }, "/groups/{id}/effective_users/{uid}/membership": { "get": { "operationId": "get_effective_user_group_membership_intermediaries", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "{eff_user_membership, ?BINDING(uid)}" }, "x-onedata-permissions": [ "group_view", "oz_groups_view" ], "summary": "Get effective user's group membership intermediaries", "x-bash-codegen-description": "Returns the effective user's (`{uid}`) group membership intermediaries -\nentities from which the user inherits access to the group (`{id}`).\nSpecial keyword `\"self\"` in entity id indicates that the user (`{uid}`)\nhas a direct access to the group (`{id}`).\n\nThis operation requires any of the following authentication:\n* as user (`{uid}`) who is an effective member of the group (`{id}`),\n* as user who has `group_view` privilege in the group (`{id}`),\n* as user who has `oz_groups_view` admin privilege.\n", "description": "Returns the effective user's (`{uid}`) group membership intermediaries -\nentities from which the user inherits access to the group (`{id}`).\nSpecial keyword `\"self\"` in entity id indicates that the user (`{uid}`)\nhas a direct access to the group (`{id}`).\n\nThis operation requires any of the following authentication:\n* as user (`{uid}`) who is an effective member of the group (`{id}`),\n* as user who has `group_view` privilege in the group (`{id}`),\n* as user who has `oz_groups_view` admin privilege.\n\n***Example cURL requests***\n\n**Get effective user's group membership intermediaries**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/effective_users/$USER_ID/membership\n\n{\n \"intermediaries\": [\n {\"type\": \"group\", \"id\": \"95527367966a95639e93a88718450b36\"},\n {\"type\": \"group\", \"id\": \"2ef3de15fd49b3d6420f58428a6ad219\"},\n {\"type\": \"group\", \"id\": \"self\"}\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of membership intermediaries.", "schema": { "$ref": "#/definitions/MembershipIntermediaries" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveUserGroupMembershipIntermediaries id=a4d3bc73aada63052310652d421609f1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] } }, "/groups/{id}/parents": { "get": { "operationId": "list_parent_groups", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "parents" }, "x-onedata-permissions": [ "group_view", "oz_groups_list_relationships" ], "summary": "List parent groups", "x-bash-codegen-description": "Returns the parent groups of a specific group.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n", "description": "Returns the parent groups of a specific group.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Get parent groups**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/parents\n\n{\n \"groups\": []\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of parent group Ids.", "schema": { "$ref": "#/definitions/Groups" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listParentGroups id=f1c8b1a37aa7447b22eb65a742d40524" } ] }, "post": { "operationId": "create_parent_group", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "aspect": "instance" }, "x-onedata-auth-hint": "?AS_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_add_parent", "oz_groups_add_relationships", "oz_groups_create" ], "summary": "Create a new parent group for given group", "x-bash-codegen-description": "Creates a new group for the current group.\nThe group automatically becomes a member of this group.\n\nThis operation requires `group_add_parent` privilege.\nFor administrator who does not belong to this group\n`oz_groups_add_relationships` and `oz_groups_create` privileges are required.\n", "description": "Creates a new group for the current group.\nThe group automatically becomes a member of this group.\n\nThis operation requires `group_add_parent` privilege.\nFor administrator who does not belong to this group\n`oz_groups_add_relationships` and `oz_groups_create` privileges are required.\n\n***Example cURL requests***\n\n**Create new group**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" \\\n-X POST -d '{ \"name\" : \"test_group\" , \"type\" : \"team\" }' \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/parents\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the created group in form https://$HOST/api/onezone/v3/groups/{gid}/parents/{pid} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created group.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "group", "in": "body", "description": "New group parameters.", "schema": { "$ref": "#/definitions/Group" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createParentGroup name==Group1 type==team" } ] } }, "/groups/{id}/parents/join": { "post": { "operationId": "join_parent_group", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "aspect": "join" }, "x-onedata-auth-hint": "?AS_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_add_parent", "oz_groups_add_relationships" ], "summary": "Join parent group", "x-bash-codegen-description": "Adds given group as a child group of a specific group based on provided token.\n\nThe parent group to which the group will be added is identified from the\ntoken (the token is issued in the context of a group).\n\nThis operation requires `group_add_parent` privilege.\nFor administrator who does not belong to this group\n`oz_groups_add_relationships` privilege is required.\n", "description": "Adds given group as a child group of a specific group based on provided token.\n\nThe parent group to which the group will be added is identified from the token\n(the token is issued in the context of a group).\n\nThis operation requires `group_add_parent` privilege.\nFor administrator who does not belong to this group\n`oz_groups_add_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Join parent group**\n\n```bash\ncurl -u admin:password -H \"Content-type: application/json\" -X POST \\\n-d '{\"token\":\"MDAxNmxvY2F00aW9uIHJlZ2lzdHJ5CjAwM2JpZGVudGlmaW\"}' \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/parents/join\n```\n", "responses": { "201": { "description": "URI of the joined group in form https://$HOST/api/onezone/v3/groups/{id}/parents/{pid} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the joined group.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Group join token.", "schema": { "$ref": "#/definitions/GroupInviteToken" } } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli joinParentGroup id=538ef9643ae6b9e40817e51eece7e341 token==MDAxNmxvY2F00aW9uRVM2TVo5UlZ5cGFjZV9jcm" } ] } }, "/groups/{id}/parents/{pid}": { "get": { "operationId": "get_parent_group", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(pid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_view", "oz_groups_view" ], "summary": "Get parent group details", "x-bash-codegen-description": "Returns details about a specific parent group.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_view` privilege is required.\n", "description": "Returns details about a specific parent group.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_view` privilege is required.\n\n***Example cURL requests***\n\n**Get parent group details**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/parents/$PARENT_GROUP_ID\n\n{\n \"groupId\": \"9OqgExw00RwaU2MXT51\",\n \"name\": \"Group1\",\n \"type\": \"organization\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Information about a specific parent group.", "schema": { "$ref": "#/definitions/Group" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "pid", "in": "path", "description": "Parent group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getParentGroup id=f1c8b1a37aa7447b22eb65a742d40524 pid=9OqgExw00RwaU2MXT51" } ] }, "delete": { "operationId": "leave_parent_group", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "{parent, ?BINDING(pid)}" }, "summary": "Leave parent group", "x-onedata-permissions": [ "group_leave_parent", "oz_groups_remove_relationships" ], "x-bash-codegen-description": "Removes the group access to a specific parent group.\n\nThis operation requires `group_leave_parent` privilege.\nFor administrator who does not belong to this group\n`oz_groups_remove_relationships` privilege is required.\n", "description": "Removes the group access to a specific parent group.\n\nThis operation requires `group_leave_parent` privilege.\nFor administrator who does not belong to this group\n`oz_groups_remove_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Leave parent group as group**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/parents/$PARENT_GROUP_ID\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "The group membership will be revoked." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "pid", "in": "path", "description": "Parent group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli leaveParentGroup id=b7b4c806040d906c0d93d9db7644f39f pid=95b663a6467c72ab1256865efef9e387" } ] } }, "/groups/{id}/effective_parents": { "get": { "operationId": "list_effective_parent_groups", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "eff_parents" }, "x-onedata-permissions": [ "group_view", "oz_groups_list_relationships" ], "summary": "List effective parent groups", "x-bash-codegen-description": "Returns the effective parent groups of a specific group.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n", "description": "Returns the effective parent groups of a specific group.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Get effective parent groups**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/effective_parents\n\n{\n \"groups\": []\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of effective parent group Ids.", "schema": { "$ref": "#/definitions/Groups" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveParentGroups id=f1c8b1a37aa7447b22eb65a742d40524" } ] } }, "/groups/{id}/effective_parents/{pid}": { "get": { "operationId": "get_effective_parent_group", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(pid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_view", "oz_groups_view" ], "summary": "Get effective parent group details", "x-bash-codegen-description": "Returns details about a specific effective parent group.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_view` privilege is required.\n", "description": "Returns details about a specific effective parent group.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_view` privilege is required.\n\n***Example cURL requests***\n\n**Get effective parent group details**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/effective_parents/$PARENT_GROUP_ID\n\n{\n \"groupId\": \"9OqgExw00RwaU2MXT51\",\n \"name\": \"Group1\",\n \"type\": \"organization\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Information about a specific effective parent group.", "schema": { "$ref": "#/definitions/Group" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "pid", "in": "path", "description": "Effective parent group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveParentGroup id=f1c8b1a37aa7447b22eb65a742d40524 pid=9OqgExw00RwaU2MXT51" } ] } }, "/groups/{id}/children": { "get": { "operationId": "list_child_groups", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "children" }, "x-onedata-permissions": [ "group_view", "oz_groups_list_relationships" ], "summary": "Get child groups", "x-bash-codegen-description": "Returns the list of child groups of a specific group.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n", "description": "Returns the list of child groups of a specific group.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Get child groups**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/children\n\n{\n \"groups\": []\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of child group Ids.", "schema": { "$ref": "#/definitions/Groups" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listChildGroups id=538ef9643ae6b9e40817e51eece7e341" } ] }, "post": { "operationId": "create_child_group", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "child" }, "x-onedata-auth-hint": "?AS_USER(?CLIENT_ID)", "x-onedata-permissions": [ "group_add_child", "oz_groups_create", "oz_groups_add_relationships" ], "summary": "Create child group", "x-bash-codegen-description": "Creates a new child group belonging to the group of {id}.\n\nThis operation requires `group_add_child` privilege.\nFor administrator who does not belong to this group\n`oz_groups_add_relationships` and `oz_groups_create`\nprivileges are required.\n", "description": "Creates a new child group belonging to the group of {id}.\n\nThis operation requires `group_add_child` privilege.\nFor administrator who does not belong to this group\n`oz_groups_add_relationships` and `oz_groups_create`\nprivileges are required.\n\n***Example cURL requests***\n\n**Create child group**\n```bash\ncurl -u username:password -X POST \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/children\n```\n", "produces": [ "application/json" ], "responses": { "201": { "description": "URI of the added group in form https://$HOST/api/onezone/v3/groups/{id}/children/{cid} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created group.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Group properties.", "schema": { "$ref": "#/definitions/GroupCreateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createChildGroup id=538ef9643ae6b9e40817e51eece7e341 name==Group2 type==team" } ] } }, "/groups/{id}/children/token": { "post": { "deprecated": true, "operationId": "create_child_group_token", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "invite_group_token" }, "x-onedata-permissions": [ "group_add_child", "oz_groups_add_relationships" ], "summary": "Create child group invitation token", "x-bash-codegen-description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user)\n\nCreates a token that can be used to add a group as child group of group with {id}.\n\nThis operation requires `group_add_child` privilege.\nFor administrator who does not belong to this group\n`oz_groups_add_relationships` privilege is required.\n", "description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user)\n\nCreates a token that can be used to add a group as child group of group with {id}.\n\nThis operation requires `group_add_child` privilege.\nFor administrator who does not belong to this group\n`oz_groups_add_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Create invitation token for child group**\n```bash\ncurl -u username:password -X POST \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID\n\n{\n \"token\": \"MDAxNmxvY2F00aW9uIHJlZ2lzdHJ5CjAwM2JpZGVudGlmaWVyIZdrenY00SX\"\n}\n```\n", "produces": [ "application/json" ], "consumes": [ "application/json" ], "responses": { "200": { "description": "The token for joining a specific group.", "schema": { "$ref": "#/definitions/GroupInviteToken" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createChildGroupToken id=538ef9643ae6b9e40817e51eece7e341" } ] } }, "/groups/{id}/children/{cid}": { "get": { "operationId": "get_child_group", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(cid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_view", "oz_groups_view" ], "summary": "Get child group details", "x-bash-codegen-description": "Returns information about a specific child group.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n `oz_groups_view` privilege is required.\n", "description": "Returns information about a specific child group.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n `oz_groups_view` privilege is required.\n\n***Example cURL requests***\n\n**Get child group details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/children/$CHILD_GROUP_ID\n\n{\n \"groupId\": \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"name\": \"new_group1\",\n \"type\": \"team\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Information about a specific child group.", "schema": { "$ref": "#/definitions/Group" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "cid", "in": "path", "description": "Child group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getChildGroup id=538ef9643ae6b9e40817e51eece7e341 cid=0ec9817801d74e2fa6cc50a476ed5d4d" } ] }, "put": { "operationId": "add_child_group", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "{child, ?BINDING(cid)}" }, "x-onedata-permissions": [ "oz_groups_add_relationships" ], "summary": "Add child group", "x-bash-codegen-description": "Adds group {cid} as child group of group {id}. Optional privileges\ncan be passed in the request body, otherwise default\nprivileges will be set for the child group in this group.\n\nThis operation requires `group_add_child` privilege in the parent group and\n`group_add_parent` privilege in the child group. If `privileges` are\nspecified in the request, `group_set_privileges` privilege is also required.\n\nFor administrator who does not belong to those groups,\n`oz_groups_add_relationships` privilege is required, and\n`oz_groups_set_privileges` if `privileges` are specified in the request.\n", "description": "Adds group {cid} as child group of group {id}. Optional privileges\ncan be passed in the request body, otherwise default\nprivileges will be set for the child group in this group.\n\nThis operation requires `group_add_child` privilege in the parent group and\n`group_add_parent` privilege in the child group. If `privileges` are\nspecified in the request, `group_set_privileges` privilege is also required.\n\nFor administrator who does not belong to those groups,\n`oz_groups_add_relationships` privilege is required, and\n`oz_groups_set_privileges` if `privileges` are specified in the request.\n\n***Example cURL requests***\n\n**Add child group**\n```bash\ncurl -u username:password -X PUT \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/children/$CHILD_GROUP_ID\n```\n", "produces": [ "application/json" ], "responses": { "201": { "description": "URI of the added group in form https://$HOST/api/onezone/v3/groups/{id}/children/{cid} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created group.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "cid", "in": "path", "description": "Child group Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "required": false, "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/GroupPrivileges" } } } } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli addChildGroup id=538ef9643ae6b9e40817e51eece7e341 cid=0ec9817801d74e2fa6cc50a476ed5d4d" } ] }, "delete": { "operationId": "remove_child_group", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "{child, ?BINDING(cid)}" }, "x-onedata-permissions": [ "group_remove_child", "oz_groups_remove_relationships" ], "summary": "Remove child group", "x-bash-codegen-description": "Removes a specific child with {cid} from parent group with {id}.\n\nThis operation requires `group_remove_child` privilege.\nFor administrator who does not belong to this group\n`oz_groups_remove_relationships` privilege is required.\n", "description": "Removes a specific child with {cid} from parent group with {id}.\n\nThis operation requires `group_remove_child` privilege.\nFor administrator who does not belong to this group\n`oz_groups_remove_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Remove child group**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/children/$CHILD_GROUP_ID\n```\n", "responses": { "204": { "description": "A child group was removed." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "cid", "in": "path", "description": "Child group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeChildGroup id=538ef9643ae6b9e40817e51eece7e341 cid=0ec9817801d74e2fa6cc50a476ed5d4d" } ] } }, "/groups/{id}/children/{cid}/privileges": { "get": { "operationId": "list_child_group_privileges", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "{child_privileges, ?BINDING(cid)}" }, "x-onedata-permissions": [ "group_view_privileges", "oz_groups_view_privileges" ], "summary": "List child's group privileges", "x-bash-codegen-description": "Returns the list of child group's (`{cid}`) privileges in a group (`{id}`).\n\nThis operation requires `group_view_privileges` privilege.\nFor administrator who does not belong to this group\n`oz_groups_view_privileges` privilege is required.\n", "description": "Returns the list of child group's (`{cid}`) privileges in a group (`{id}`).\n\nThis operation requires `group_view_privileges` privilege.\nFor administrator who does not belong to this group\n`oz_groups_view_privileges` privilege is required.\n\n***Example cURL requests***\n\n**List child group's privileges in a group**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/children/$CHILD_GROUP_ID/privileges\n\n{\n \"privileges\": [\n \"group_view\",\n \"group_update\",\n \"group_delete\",\n \"group_view_privileges\",\n \"group_set_privileges\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of child group's privileges in the group.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/GroupPrivileges" } }, "example": { "privileges": [ "group_view", "group_update", "group_delete", "group_view_privileges", "group_set_privileges" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "cid", "in": "path", "description": "Child group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listChildGroupPrivileges id=a4d3bc73aada63052310652d421609f1 cid=0638a0718d554b5bf96bfadc47ddb63d" } ] }, "patch": { "operationId": "update_child_group_privileges", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "{child_privileges, ?BINDING(cid)}" }, "x-onedata-permissions": [ "group_set_privileges", "oz_groups_set_privileges" ], "summary": "Update child's group privileges", "x-bash-codegen-description": "Updates child group's (`{cid}`) privileges in a group (`{id}`).\n\nThis operation requires `group_set_privileges` privilege.\nFor administrator who does not belong to this group\n`oz_groups_set_privileges` privilege is required.\n", "description": "Updates child group's (`{cid}`) privileges in a group (`{id}`).\n\nThis operation requires `group_set_privileges` privilege.\nFor administrator who does not belong to this group\n`oz_groups_set_privileges` privilege is required.\n\nThe `grant` field specifies a list of privileges to be granted. The `revoke`\nfield specifies a list of privileges to be revoked. At least one of those\nfields must be given.\n\n***Example cURL requests***\n\n**Update child group's privileges in a group**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" -X PATCH \\\n-d '{\"grant\": [\"group_view\", \"group_update\"], \"revoke\": [\"group_delete\"]}' \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/children/$CHILD_GROUP_ID/privileges\n```\n", "responses": { "204": { "description": "The privileges have been updated." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "cid", "in": "path", "description": "Child group Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Group privileges update request.", "schema": { "$ref": "#/definitions/GroupPrivilegesUpdate" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "echo '{\"grant\": [\"group_view\", \"group_update\"], \"revoke\": [\"group_delete\"]}' | onezone-rest-cli updateChildGroupPrivileges id=538ef9643ae6b9e40817e51eece7e341 cid=0ec9817801d74e2fa6cc50a476ed5d4d -" } ] } }, "/groups/{id}/effective_children": { "get": { "operationId": "get_effective_children_groups", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "eff_children" }, "x-onedata-permissions": [ "group_view", "oz_groups_list_relationships" ], "summary": "Get effective child groups", "x-bash-codegen-description": "Returns the list of effective child groups of a specific group.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n", "description": "Returns the list of effective child groups of a specific group.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Get effective child groups**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/effective_children\n\n{\n \"groups\": []\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of child group Ids.", "schema": { "$ref": "#/definitions/Groups" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveChildGroups id=538ef9643ae6b9e40817e51eece7e341" } ] } }, "/groups/{id}/effective_children/{cid}": { "get": { "operationId": "get_effective_child_group", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(cid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_view", "oz_groups_view" ], "summary": "Get effective child group details", "x-bash-codegen-description": "Returns information about a specific effective child group.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_view` privilege is required.\n", "description": "Returns information about a specific effective child group.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_view` privilege is required.\n\n***Example cURL requests***\n\n**Get effective child details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/effective_children/$CHILD_GROUP_ID\n\n{\n \"groupId\": \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"name\": \"new_group1\",\n \"type\": \"team\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Information about a specific effective child group.", "schema": { "$ref": "#/definitions/Group" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "cid", "in": "path", "description": "Effective child group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveChildGroup id=538ef9643ae6b9e40817e51eece7e341 cid=0ec9817801d74e2fa6cc50a476ed5d4d" } ] } }, "/groups/{id}/effective_children/{cid}/privileges": { "get": { "operationId": "list_effective_child_group_privileges", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "{eff_child_privileges, ?BINDING(cid)}" }, "x-onedata-permissions": [ "group_view_privileges", "oz_groups_view_privileges" ], "summary": "List effective child's group privileges", "x-bash-codegen-description": "Returns the list of effective child group's (`{cid}`) privileges in a group (`{id}`).\n\nEffective privileges are a sum of child group's privileges and privileges\ninherited from its parent group memberships.\n\nThis operation requires `group_view_privileges` privilege.\nFor administrator who does not belong to this group\n`oz_groups_view_privileges` privilege is required.\n", "description": "Returns the list of effective child group's (`{cid}`) privileges in a group (`{id}`).\n\nEffective privileges are a sum of child group's privileges and privileges\ninherited from its parent group memberships.\n\nThis operation requires `group_view_privileges` privilege.\nFor administrator who does not belong to this group\n`oz_groups_view_privileges` privilege is required.\n\n***Example cURL requests***\n\n**List effective child group's privileges in a group**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/effective_children/$CHILD_GROUP_ID/privileges\n\n{\n \"privileges\": [\n \"group_view\",\n \"group_update\",\n \"group_delete\",\n \"group_view_privileges\",\n \"group_set_privileges\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of effective child group's privileges in the group.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/GroupPrivileges" } }, "example": { "privileges": [ "group_view", "group_update", "group_delete", "group_view_privileges", "group_set_privileges" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "cid", "in": "path", "description": "Effective child group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveChildGroupPrivileges id=538ef9643ae6b9e40817e51eece7e341 cid=0ec9817801d74e2fa6cc50a476ed5d4d" } ] } }, "/groups/{id}/effective_children/{cid}/membership": { "get": { "operationId": "get_effective_child_group_membership_intermediaries", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "{eff_child_membership, ?BINDING(cid)}" }, "x-onedata-permissions": [ "group_view", "oz_groups_view" ], "summary": "Get effective child's group membership intermediaries", "x-bash-codegen-description": "Returns the effective child's (`{cid}`) group membership intermediaries -\nentities from which the child inherits access to the group (`{id}`).\nSpecial keyword `\"self\"` in entity id indicates that the child (`{cid}`)\nhas a direct access to the group (`{id}`).\n\nThis operation requires any of the following authentication:\n* as user who is an effective member of the child group (`{cid}`),\n* as user who has `group_view` privilege in the group (`{id}`),\n* as user who has `oz_groups_view` admin privilege.\n", "description": "Returns the effective child's (`{cid}`) group membership intermediaries -\nentities from which the child inherits access to the group (`{id}`).\nSpecial keyword `\"self\"` in entity id indicates that the child (`{cid}`)\nhas a direct access to the group (`{id}`).\n\nThis operation requires any of the following authentication:\n* as user who is an effective member of the child group (`{cid}`),\n* as user who has `group_view` privilege in the group (`{id}`),\n* as user who has `oz_groups_view` admin privilege.\n\n***Example cURL requests***\n\n**Get effective child's group membership intermediaries**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/effective_children/$CHILD_GROUP_ID/membership\n\n{\n \"intermediaries\": [\n {\"type\": \"group\", \"id\": \"95527367966a95639e93a88718450b36\"},\n {\"type\": \"group\", \"id\": \"2ef3de15fd49b3d6420f58428a6ad219\"},\n {\"type\": \"group\", \"id\": \"self\"}\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of membership intermediaries.", "schema": { "$ref": "#/definitions/MembershipIntermediaries" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "cid", "in": "path", "description": "Child Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveChildGroupMembershipIntermediaries id=a4d3bc73aada63052310652d421609f1 cid=a5b469a2b0516b662a49da74d6d7d7bc" } ] } }, "/groups/{id}/spaces": { "get": { "operationId": "list_group_spaces", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "spaces" }, "x-onedata-permissions": [ "group_view", "oz_groups_list_relationships" ], "summary": "List group's spaces", "x-bash-codegen-description": "Returns the list of spaces to which the group has access.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n", "description": "Returns the list of spaces to which the group has access.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Get group spaces**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/spaces\n\n{\n \"spaces\": [\n \"GVC8lKEasj4q253sptVqF8HwUpk8jrwxKOe45uzLFX2\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of space Ids for which the group has access.", "schema": { "$ref": "#/definitions/Spaces" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listGroupSpaces id=a4d3bc73aada63052310652d421609f1" } ] }, "post": { "operationId": "create_space_for_group", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_space", "aspect": "instance" }, "x-onedata-auth-hint": "?AS_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_add_space", "oz_groups_add_relationships", "oz_spaces_create" ], "summary": "Create a new space for given group", "x-bash-codegen-description": "Creates a new space for a specific group.\n\nThis operation requires `group_add_space` privilege.\nFor administrator who does not belong to this group\n`oz_groups_add_relationships` and `oz_spaces_create` privileges are required.\n", "description": "Creates a new space for a specific group.\n\nThis operation requires `group_add_space` privilege.\nFor administrator who does not belong to this group\n`oz_groups_add_relationships` and `oz_spaces_create` privileges are required.\n\n***Example cURL requests***\n\n**Create new space for group**\n```bash\ncurl -u admin:password -H \"Content-type: application/json\" \\\n-X POST -d '{\"name\": \"new_space\"}' \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/spaces\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "Id of the created space in the form /groups/{id}/spaces/{sid} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "Id of the created space.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Forbidden request.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found..", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "spaceName", "in": "body", "schema": { "type": "object", "properties": { "name": { "type": "string", "description": "Name of the new space." } }, "required": [ "name" ] } } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createSpaceForGroup id=a4d3bc73aada63052310652d421609f1 name==\"New space name\"" } ] } }, "/groups/{id}/spaces/join": { "post": { "operationId": "group_join_space", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_space", "aspect": "join" }, "x-onedata-auth-hint": "?AS_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_add_space", "oz_spaces_add_relationships", "oz_groups_add_relationships" ], "summary": "Join space by group", "x-bash-codegen-description": "Joins the group to an existing space based on provided space invitation token.\n\nThis operation requires `group_add_space` privilege.\nFor administrator who does not belong to this group\n`oz_spaces_add_relationships` and `oz_groups_add_relationships` privilege is required.\n", "description": "Joins the group to an existing space based on provided space invitation token.\n\nThis operation requires `group_add_space` privilege.\nFor administrator who does not belong to this group\n`oz_spaces_add_relationships` and `oz_groups_add_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Join group's space**\n```bash\ncurl -u admin:password -H \"Content-type: application/json\" \\\n-d '{\"token\":\"MDAxNmxvY2F00aW9uIHJlZ2lzdHJ5CjAwM2JpZGVuJ3l02U1JXzstRdK00ZHbso02rRcG8bJLAo\"}' \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/spaces/join\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the joined space in form https://$HOST/api/onezone/v3/groups/{id}/spaces/{sid} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the joined space.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Space join token.", "schema": { "$ref": "#/definitions/SpaceInviteToken" } } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli groupJoinSpace id=f1c8b1a37aa7447b22eb65a742d40524 token==MDAxNmxvY2F00aW9uRVM2TVo5UlZ5cGFjZV9jcm" } ] } }, "/groups/{id}/spaces/{sid}": { "get": { "operationId": "get_group_space", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(sid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_view", "oz_spaces_view" ], "summary": "Get group's space details", "x-bash-codegen-description": "Returns information about a specific space to which the group has access.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_spaces_view` privilege is required.\n", "description": "Returns information about a specific space to which the group has access.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_spaces_view` privilege is required.\n\n***Example cURL requests***\n\n**Get group's space details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/spaces/$SPACE_ID\n\n{\n \"spaceId\": \"7e1af0c5f0bfdfe9d2e7edb731247f5f\",\n \"name\": \"Personal space\",\n \"providers\": {\n \"296ebe3c20e9666dc489b647f8647f12\" : 5368709120\n },\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebfc1a770c3\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Information about a specific space in a group.", "schema": { "$ref": "#/definitions/Space" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "sid", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getGroupSpace id=a4d3bc73aada63052310652d421609f1 sid=HUUPOMNGzikwiLXHaFYcE8" } ] }, "delete": { "operationId": "remove_group_from_space", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "{space, ?BINDING(sid)}" }, "x-onedata-permissions": [ "group_leave_space", "oz_spaces_remove_relationships", "oz_groups_remove_relationships" ], "summary": "Remove group from space", "x-bash-codegen-description": "Removes the group {id} from space {sid} (the group will no longer have access to space).\n\nThis operation requires `group_leave_space` privilege.\n", "description": "Removes the group {id} from space {sid} (the group will no longer have access to space).\n\nThis operation requires `group_leave_space` privilege.\nFor administrator who does not belong to this group\n`oz_groups_remove_relationships` and `oz_spaces_remove_relationships` privileges are required.\n\n***Example cURL requests***\n\n**Remove space from group**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/spaces/$SPACE_ID\n```\n", "responses": { "204": { "description": "A group was removed from the space." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "sid", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeGroupFromSpace id=a4d3bc73aada63052310652d421609f1 sid=HUUPOMNGzikwiLXHaFYcE8" } ] } }, "/groups/{id}/effective_spaces": { "get": { "operationId": "list_effective_group_spaces", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "eff_spaces" }, "x-onedata-permissions": [ "group_view", "oz_groups_list_relationships" ], "summary": "List effective group's spaces", "x-bash-codegen-description": "Returns the list of effective spaces to which the group has access.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n", "description": "Returns the list of effective spaces to which the group has access.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Get group effective spaces**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/effective_spaces\n\n{\n \"spaces\": [\n \"GVC8lKEasj4q253sptVqF8HwUpk8jrwxKOe45uzLFX2\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "the list of effective space Ids for which the group has access.", "schema": { "$ref": "#/definitions/Spaces" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveGroupSpaces id=a4d3bc73aada63052310652d421609f1" } ] } }, "/groups/{id}/effective_spaces/{sid}": { "get": { "operationId": "get_effective_group_space", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(sid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_view", "oz_spaces_view" ], "summary": "Get effective group space details", "x-bash-codegen-description": "Returns information about a specific effective space to which the group has access.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_spaces_view` privilege is required.\n", "description": "Returns information about a specific effective space to which the group has access.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_spaces_view` privilege is required.\n\n***Example cURL requests***\n\n**Get group's space details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/effective_spaces/$SPACE_ID\n\n{\n \"spaceId\": \"2c0160248ba9a66f45da751ca459535a\",\n \"name\": \"new_space1\",\n \"providers\": {\n \"296ebe3c20e9666dc489b647f8647f12\" : 5368709120\n },\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebfc1a770c3\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Information about a specific space in a group.", "schema": { "$ref": "#/definitions/Space" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "sid", "in": "path", "description": "Effective space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveGroupSpace id=a4d3bc73aada63052310652d421609f1 sid=HUUPOMNGzikwiLXHaFYcE8" } ] } }, "/groups/{id}/effective_providers": { "get": { "operationId": "list_effective_group_providers", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "eff_providers" }, "x-onedata-permissions": [ "group_view", "oz_groups_list_relationships" ], "summary": "List effective group's providers", "x-bash-codegen-description": "Returns the list of effective providers supporting group spaces.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n", "description": "Returns the list of effective providers supporting group spaces.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Get group effective providers**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/effective_providers\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "the list of effective providers supporting group spaces.", "schema": { "$ref": "#/definitions/Providers" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveGroupProviders id=a4d3bc73aada63052310652d421609f1" } ] } }, "/groups/{id}/effective_providers/{pid}": { "get": { "operationId": "get_group_effective_provider", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_provider", "id": "?BINDING(pid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_view", "oz_providers_view" ], "summary": "Get group's effective provider details", "x-bash-codegen-description": "Returns information about a specific effective provider for the group.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_providers_view` privilege is required.\n", "description": "Returns information about a specific effective provider for the group.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_providers_view` privilege is required.\n\n***Example cURL requests***\n\n**Get group's effective provider details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/effective_providers/$PROVIDER_ID\n\n{\n \"providerId\": \"6b9bc70630547d925861a27e1f050dfe\",\n \"name\": \"Example provider\",\n \"domain\": \"provider1.example.com\",\n \"latitude\": 50.0647,\n \"longitude\": 19.945,\n \"clusterId\": \"6b9bc70630547d925861a27e1f050dfe\",\n \"online\": true,\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns information about a specific effective provider for the group.", "schema": { "$ref": "#/definitions/ProviderDetails" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "pid", "in": "path", "description": "Effective provider Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getGroupEffectiveProvider id=a4d3bc73aada63052310652d421609f1 pid=HUUPOMNGzikwiLXHaFYcE8" } ] } }, "/groups/{id}/effective_providers/{pid}/spaces": { "get": { "operationId": "get_group_spaces_in_effective_provider", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_provider", "id": "?BINDING(pid)", "aspect": "{group_spaces, ?BINDING(id)}", "scope": "private" }, "x-onedata-permissions": [ "group_view" ], "summary": "Get group's spaces that are supported by given effective provider", "x-bash-codegen-description": "Returns the list of group's spaces that are supported by given effective provider.\n\nThis operation requires `group_view` privilege.\n", "description": "Returns the list of group's spaces that are supported by given effective provider.\n\nThis operation requires `group_view` privilege.\n\n***Example cURL requests***\n\n**Get groups's spaces supported by effective provider**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/effective_providers/$PROVIDER_ID/spaces\n\n{\n \"spaces\": [\n \"6825604b0eb6a47b8b7a04b6369eb24d\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the list of group's spaces that are supported by given effective provider.", "schema": { "$ref": "#/definitions/ProviderDetails" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "pid", "in": "path", "description": "Effective provider Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getGroupSpacesInEffectiveProvider id=a4d3bc73aada63052310652d421609f1 pid=HUUPOMNGzikwiLXHaFYcE8" } ] } }, "/groups/{id}/handle_services": { "get": { "operationId": "list_group_handle_services", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "handle_services" }, "x-onedata-permissions": [ "group_view", "oz_groups_list_relationships" ], "summary": "List group handle services", "x-bash-codegen-description": "Returns the list of registered group handle services.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n", "description": "Returns the list of registered group handle services.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Get group handle services**\n```bash\ncurl -u username:password -X GET https://$HOST/api/v3/groups/$GROUP_ID/handle_services\n\n{\n \"handle_services\": [\n \"0fe7c8a20ffdf07480c46f084bc3b8d5\",\n \"302da048de67e2ea05f0af1d0fe7c8a2\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of identifiers of registered handle services.", "schema": { "$ref": "#/definitions/HandleServices" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listGroupHandleServices id=8c2ef25065401e0e3dca3a7f94c3b05e" } ] }, "post": { "operationId": "add_group_handle_service", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_handle_service", "aspect": "instance" }, "x-onedata-auth-hint": "?AS_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_create_handle_service", "oz_handle_services_create", "oz_groups_add_relationships" ], "summary": "Create a new handle service for given group.", "x-bash-codegen-description": "Creates a new handle service for given group.\n\nThis operation requires `group_create_handle_service` privilege and\n`oz_handle_services_create` admin privilege.\nFor administrator who does not belong to this group\n`oz_handle_services_create` and `oz_groups_add_relationships` privileges are required.\n", "description": "Creates a new handle service for group.\n\nThis operation requires `group_create_handle_service` privilege and\n`oz_handle_services_create` admin privilege.\nFor administrator who does not belong to this group\n`oz_handle_services_create` and `oz_groups_add_relationships` privileges are required.\n\n***Example cURL requests***\n\n**Add group handle services**\n```bash\ncurl -u username:password -X POST -H \"Content-type: application/json\" \\\n-d '{ ... }' https://$HOST/api/v3/groups/4ebd9efd1e67f6c18695db1d762a914a/handle_services\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the created space in form https://$HOST/api/onezone/v3/groups/{id}/handle_services/{sid} is returned in the response `Location` header.", "headers": { "Location": { "type": "string", "description": "The endpoint of the new handle service resource including the generated Id.\n" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "handleService", "in": "body", "required": true, "schema": { "$ref": "#/definitions/HandleServiceCreateRequest" } }, { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "cat hndl_service.json | onezone-rest-cli addGroupHandleService id=4ebd9efd1e67f6c18695db1d762a914a -" } ] } }, "/groups/{id}/handle_services/{hsid}": { "get": { "operationId": "get_group_handle_service", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_handle_service", "id": "?BINDING(hsid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_view", "oz_handle_services_view" ], "summary": "Get group handle service details", "x-bash-codegen-description": "Returns the details of a specific handle service.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_handle_services_view` privilege is required.\n", "description": "Returns the details of a specific handle service.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_handle_services_view` privilege is required.\n\n***Example cURL requests***\n\n**Get handle service details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/handle_services/$HANDLE_SERVICE_ID\n\n{\n \"name\": \"MyCommunity Handle service\",\n \"handleServiceId\": \"0fe7c8a20ffdf07480c46f084bc3b8d5\",\n \"proxyEndpoint\": \"https://localhost:17000/handle_proxy\",\n \"serviceProperties\": {\n \"allowTemplateOverride\": false,\n \"doiEndpoint\": \"/doi\",\n \"host\": \"https://mds.test.datacite.org\",\n \"identifierTemplate\": \"{{space.name}}-{{space.guid}}\",\n \"mediaEndpoint\": \"/media\",\n \"metadataEndpoint\": \"/metadata\",\n \"password\": \"pa$$word\",\n \"prefix\": 10.5072,\n \"type\": \"DOI\",\n \"username\": \"alice\"\n },\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the details of a specific handle service.", "schema": { "$ref": "#/definitions/HandleService" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "hsid", "in": "path", "description": "Handle service Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getGroupHandleService id=9f63efbd952391af88e096c2bb33bb5d hsid=95b663a6467c72ab1256865efef9e387" } ] }, "delete": { "operationId": "group_leave_handle_service", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "{handle_service, ?BINDING(hsid)}" }, "summary": "Group leave handle service", "x-onedata-permissions": [ "group_leave_handle_service", "oz_groups_remove_relationships", "oz_handle_services_remove_relationships" ], "x-bash-codegen-description": "Removes the group's ownership or access to a specific handle service.\n\nThis operation requires `group_leave_handle_service` privilege.\nFor administrator who does not belong to this group\n`oz_groups_remove_relationships` and `oz_handle_services_remove_relationships` privilege is required.\n", "description": "Removes the group's ownership or access to a specific handle service.\n\nThis operation requires `group_leave_handle_service` privilege.\nFor administrator who does not belong to this group\n`oz_groups_remove_relationships` and `oz_handle_services_remove_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Delete user handle service**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/handle_services/$HANDLE_SERVICE_ID\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "The group is no longer a member of the handle service." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "hsid", "in": "path", "description": "Handle service Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli groupLeaveHandleService hsid=95b663a6467c72ab1256865efef9e387" } ] } }, "/groups/{id}/effective_handle_services": { "get": { "operationId": "list_effective_group_handle_services", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "eff_handle_services" }, "x-onedata-permissions": [ "group_view", "oz_groups_list_relationships" ], "summary": "List effective group handle services", "x-bash-codegen-description": "Returns the list of registered group effective handle services.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n", "description": "Returns the list of registered group effective handle services.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Get group effective handle services**\n```bash\ncurl -u username:password -X GET https://$HOST/api/v3/groups/$GROUP_ID/effective_handle_services\n\n{\n \"handle_services\": [\n \"95b663a6467c72ab1256865efef9e387\",\n \"67222da37f90559bcca1f85edd745e5c\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of identifiers of effective handle services.", "schema": { "$ref": "#/definitions/HandleServices" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listGroupEffectiveHandleServices" } ] } }, "/groups/{id}/effective_handle_services/{hsid}": { "get": { "operationId": "get_group_effective_handle_service", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_handle_service", "id": "?BINDING(hsid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_view", "oz_handle_services_view" ], "summary": "Get effective group handle service details", "x-bash-codegen-description": "Returns the details of a specific effective handle service.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_handle_services_view` privilege is required.\n", "description": "Returns the details of a specific effective handle service.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_handle_services_view` privilege is required.\n\n***Example cURL requests***\n\n**Get effective handle service details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/effective_handle_services/$HANDLE_SERVICE_ID\n\n{\n \"handleServiceId\": \"0fe7c8a20ffdf07480c46f084bc3b8d5\",\n \"name\": \"MyCommunity Handle service\",\n \"proxyEndpoint\": \"https://localhost:17000/handle_proxy\",\n \"serviceProperties\": {\n \"allowTemplateOverride\": false,\n \"doiEndpoint\": \"/doi\",\n \"host\": \"https://mds.test.datacite.org\",\n \"identifierTemplate\": \"{{space.name}}-{{space.guid}}\",\n \"mediaEndpoint\": \"/media\",\n \"metadataEndpoint\": \"/metadata\",\n \"password\": \"pa$$word\",\n \"prefix\": 10.5072,\n \"type\": \"DOI\",\n \"username\": \"alice\"\n },\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The handle service details have been returned successfully.", "schema": { "$ref": "#/definitions/HandleService" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "hsid", "in": "path", "description": "Handle service Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveGroupHandleService id=9f63efbd952391af88e096c2bb33bb5d hsid=0fe7c8a20ffdf07480c46f084bc3b8d5" } ] } }, "/groups/{id}/handles": { "get": { "operationId": "list_group_handles", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "handles" }, "x-onedata-permissions": [ "group_view", "oz_groups_list_relationships" ], "summary": "List group handles", "x-bash-codegen-description": "Returns the list of groups handles.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n", "description": "Returns the list of groups handles.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Get group handles**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/handles\n\n{\n \"handles\": [\n \"c45fb16186931e6c2b44648cedd6b878ed1f6931\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the list of group handles.\n", "schema": { "$ref": "#/definitions/Handles" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listGroupHandles id=12da582337ff25cc86db30580b20d3cd" } ] }, "post": { "operationId": "create_group_handle", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_handle", "aspect": "instance" }, "x-onedata-auth-hint": "?AS_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_create_handle", "handle_service_register_handle", "oz_handles_create", "oz_groups_add_relationships" ], "summary": "Create a new handle for given group", "x-bash-codegen-description": "Creates a new handle on behalf of a group.\n\nThis operation requires `group_create_handle` privilege in the group and\n`handle_service_register_handle` privilege in the handle service specified\nin the `handleServiceId` field. \nFor administrator who does not belong to this group\n`oz_groups_add_relationships` and `oz_handles_create` privilege is required.\n", "description": "Creates a new handle on behalf of a group.\n\nThis operation requires `group_create_handle` privilege in the group and\n`handle_service_register_handle` privilege in the handle service specified\nin the `handleServiceId` field. \nFor administrator who does not belong to this group\n`oz_groups_add_relationships` and `oz_handles_create` privilege is required.\n\n\n***Example cURL requests***\n\n**Create new group handle**\n```bash\ncurl -u admin:password -H \"Content-type: application/json\" -X POST \\\n-d '{ \"handleServiceId\": \"ddb06ed993bae95f2f430664fff122f7\", \"resourceType\": \"Share\", \"resourceId\": \"4fa683cbda8d8f686d15d42720af431d\", \"metadata\": \"...\" }'\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/handles\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the created space in form https://$HOST/api/onezone/v3/groups/{id}/handles/{sid} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created handle.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "handle", "in": "body", "description": "New handle parameters.", "schema": { "$ref": "#/definitions/HandleRegistrationRequest" }, "required": true }, { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "cat handle.json | onezone-rest-cli createGroupHandle id=12da582337ff25cc86db30580b20d3cd" } ] } }, "/groups/{id}/handles/{hid}": { "get": { "operationId": "get_group_handle", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_handle", "id": "?BINDING(hid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_view", "oz_handles_view" ], "summary": "Get group handle details", "x-bash-codegen-description": "Returns the details of a specific handle.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_handles_view` privilege is required.\n", "description": "Returns the details of a specific handle.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_handles_view` privilege is required.\n\n***Example cURL requests***\n\n**Get handle details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/handles/$HANDLE_ID\n\n{\n \"publicHandle\": \"10.5072/w95Zlng\",\n \"handleId\": \"95b663a6467c72ab1256865efef9e387\",\n \"handleServiceId\": \"97c27230017cd54c1220189e357322c4\",\n \"resourceType\": \"Share\",\n \"resourceId\": \"d6ee1aecf03b23f09756d6a49e435455\",\n \"metadata\": \"\n \n \n \n Example Resource\n John Doe\n MIT\n 2000-06-06\n \n \",\n \"timestamp\": \"1997-07-16T19:20\",\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the details of a specific handle.", "schema": { "$ref": "#/definitions/Handle" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "hid", "in": "path", "description": "Handle Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getGroupHandle id=KLAJSHDjhkahsdkasjdKLHSALD hid=95b663a6467c72ab1256865efef9e387" } ] }, "delete": { "operationId": "group_leave_handle", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "{handle, ?BINDING(hid)}" }, "x-onedata-permissions": [ "group_leave_handle", "oz_groups_remove_relationships", "oz_handles_remove_relationships" ], "summary": "Group leave handle", "x-bash-codegen-description": "Removes the group's ownership or access to a specific handle.\n\nThis operation requires `group_leave_handle` privilege.\nFor administrator who does not belong to this group\n`oz_groups_remove_relationships` and `oz_handles_remove_relationships` privileges are required.\n", "description": "Removes the group's ownership or access to a specific handle.\n\nThis operation requires `group_leave_handle` privilege.\nFor administrator who does not belong to this group\n`oz_groups_remove_relationships` and `oz_handles_remove_relationships` privileges are required.\n\n***Example cURL requests***\n\n**Delete user space**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/handles/$HANDLE_ID\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "The group is no longer a member of the handle." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "hid", "in": "path", "description": "Handle Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli groupLeaveHandle id=KLAJSHDjhkahsdkasjdKLHSALD hid=95b663a6467c72ab1256865efef9e387" } ] } }, "/groups/{id}/effective_handles": { "get": { "operationId": "list_effective_group_handles", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "eff_handles" }, "x-onedata-permissions": [ "group_view", "oz_groups_list_relationships" ], "summary": "List effective group handles", "x-bash-codegen-description": "Returns the list of effective groups' handles.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n", "description": "Returns the list of effective groups' handles.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n\n***Example cURL requests***\n\n**List effective group handles**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/effective_handles\n\n{\n \"handles\": [\n \"c45fb16186931e6c2b44648cedd6b878ed1f6931\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the list of group effective handles.", "schema": { "$ref": "#/definitions/Handles" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveGroupHandles id=12da582337ff25cc86db30580b20d3cd" } ] } }, "/groups/{id}/effective_handles/{hid}": { "get": { "operationId": "get_effective_group_handle", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_handle", "id": "?BINDING(hid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_view", "oz_handles_view" ], "summary": "Get effective group handle details", "x-bash-codegen-description": "Returns the details of a specific effective handle.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_handles_view` privilege is required.\n", "description": "Returns the details of a specific effective handle.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_handles_view` privilege is required.\n\n***Example cURL requests***\n\n**Get effective handle details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/effective_handles/$HANDLE_ID\n\n{\n \"publicHandle\": \"10.5072/w95Zlng\",\n \"handleId\": \"95b663a6467c72ab1256865efef9e387\",\n \"handleServiceId\": \"97c27230017cd54c1220189e357322c4\",\n \"resourceType\": \"Share\",\n \"resourceId\": \"d6ee1aecf03b23f09756d6a49e435455\",\n \"metadata\": \"\n \n \n \n Example Resource\n John Doe\n MIT\n 2000-06-06\n \n \",\n \"timestamp\": \"1997-07-16T19:20\",\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the details of a specific effective handle.", "schema": { "$ref": "#/definitions/Handle" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "hid", "in": "path", "description": "Handle Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveGroupHandle id=KLAJSHDjhkahsdkasjdKLHSALD hid=95b663a6467c72ab1256865efef9e387" } ] } }, "/groups/{id}/harvesters": { "get": { "operationId": "list_group_harvesters", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "harvesters" }, "x-onedata-permissions": [ "group_view", "oz_groups_list_relationships" ], "summary": "List group's harvesters", "x-bash-codegen-description": "Returns the list of harvesters to which the group has access.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n", "description": "Returns the list of harvesters to which the group has access.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Get group harvesters**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/harvesters\n\n{\n \"harvesters\": [\n \"GVC8lKEasj4q253sptVqF8HwUpk8jrwxKOe45uzLFX2\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of harvester Ids for which the group has access.", "schema": { "$ref": "#/definitions/Harvesters" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listGroupHarvesters id=a4d3bc73aada63052310652d421609f1" } ] }, "post": { "operationId": "create_harvester_for_group", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_harvester", "aspect": "instance" }, "x-onedata-auth-hint": "?AS_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_add_harvester", "oz_groups_add_relationships", "oz_harvesters_create" ], "summary": "Create a new harvester for given group", "x-bash-codegen-description": "Creates a new harvester for a specific group.\n\nThis operation requires `group_add_harvester` privilege.\nFor administrator who does not belong to this group\n`oz_groups_add_relationships` and `oz_harvesters_create` privileges are required.\n", "description": "Creates a new harvester for a specific group.\n\nThis operation requires `group_add_harvester` privilege.\nFor administrator who does not belong to this group\n`oz_groups_add_relationships` and `oz_harvesters_create` privileges are required.\n\n***Example cURL requests***\n\n**Create new harvester for group**\n```bash\ncurl -u admin:password -H \"Content-type: application/json\" \\\n-X POST -d '{ \"name\" : \"new_harvester\", \"harvestingBackendEndpoint\" : \"example.elastic.com:9200\", \"harvestingBackendType\" : \"elasticsearch_harvesting_backend\" \\\n\"config\" : { \"typeMapping\": [ { \"id\": 0, \"name\": \"Type 1\" }, { \"id\": 1, \"name\": \"Type 1\" } ],\n \"externalHelpLink\": \"http://example.com/some_help_page\",\n \"refreshDataTimeout\": 1000 }, \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/harvesters\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "Id of the created harvester in the form /groups/{id}/harvesters/{hid} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "Id of the created harvester.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Forbidden request.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found..", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Harvester properties.", "schema": { "$ref": "#/definitions/HarvesterCreateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createHarvesterForGroup id=a4d3bc73aada63052310652d421609f1 name==\"New harvester name\" harvestingBackendEndpoint== \"example.elastic.com:9200\" harvestingBackendType==\"elasticsearch_harvesting_backend\" config=={ \"typeMapping\": [ { \"id\": 0, \"name\": \"Type 1\" }, { \"id\": 1, \"name\": \"Type 1\" } ], \"externalHelpLink\": \"http://example.com/some_help_page\", \"refreshDataTimeout\": 1000 } " } ] } }, "/groups/{id}/harvesters/join": { "post": { "operationId": "group_join_harvester", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_harvester", "aspect": "join" }, "x-onedata-auth-hint": "?AS_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_add_harvester", "oz_harvesters_add_relationships", "oz_groups_add_relationships" ], "summary": "Join harvester by group", "x-bash-codegen-description": "Joins the group to an existing harvester based on provided harvester invitation token.\n\nThis operation requires `group_add_harvester` privilege.\nFor administrator who does not belong to this group\n`oz_harvesters_add_relationships` and `oz_groups_add_relationships` privilege is required.\n", "description": "Joins the group to an existing harvester based on provided harvester invitation token.\n\nThis operation requires `group_add_harvester` privilege.\nFor administrator who does not belong to this group\n`oz_harvesters_add_relationships` and `oz_groups_add_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Join group's harvester**\n```bash\ncurl -u admin:password -H \"Content-type: application/json\" \\\n-d '{\"token\":\"MDAxNmxvY2F00aW9uIHJlZ2lzdHJ5CjAwM2JpZGVuJ3l02U1JXzstRdK00ZHbso02rRcG8bJLAo\"}' \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/harvesters/join\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the joined harvester in form https://$HOST/api/onezone/v3/groups/{id}/harvesters/{hid} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the joined harvester.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Harvester join token.", "schema": { "$ref": "#/definitions/HarvesterInviteToken" } } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli groupJoinHarvester id=f1c8b1a37aa7447b22eb65a742d40524 token==MDAxNmxvY2F00aW9uRVM2TVo5UlZ5cGFjZV9jcm" } ] } }, "/groups/{id}/harvesters/{hid}": { "get": { "operationId": "get_group_harvester", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(hid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_view", "oz_harvesters_view" ], "summary": "Get group's harvester details", "x-bash-codegen-description": "Returns information about a specific harvester to which the group has access.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_harvesters_view` privilege is required.\n", "description": "Returns information about a specific harvester to which the group has access.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_harvesters_view` privilege is required.\n\n***Example cURL requests***\n\n**Get group's harvester details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/harvesters/$HARVESTER_ID\n\n{\n \"harvesterId\": \"2c0160248ba9a66f45da751ca459535a\",\n \"name\": \"new_harvester1\",\n \"public\" : true,\n \"harvestingBackendType\" : \"elasticsearch_harvesting_backend\",\n \"harvestingBackendEndpoint\" : \"example.elastic.com:9200\",\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Information about a specific harvester in a group.", "schema": { "$ref": "#/definitions/Harvester" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "hid", "in": "path", "description": "Harvester Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getGroupHarvester id=a4d3bc73aada63052310652d421609f1 hid=HUUPOMNGzikwiLXHaFYcE8" } ] }, "delete": { "operationId": "remove_group_from_harvester", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "{harvester, ?BINDING(hid)}" }, "x-onedata-permissions": [ "group_leave_harvester", "oz_harvesters_remove_relationships", "oz_groups_remove_relationships" ], "summary": "Remove group from harvester", "x-bash-codegen-description": "Removes the group {id} from harvester {hid} (the group will no longer have access to harvester).\n\nThis operation requires `group_leave_harvester` privilege.\n", "description": "Removes the group {id} from harvester {hid} (the group will no longer have access to harvester).\n\nThis operation requires `group_leave_harvester` privilege.\nFor administrator who does not belong to this group\n`oz_groups_remove_relationships` and `oz_harvesters_remove_relationships` privileges are required.\n\n***Example cURL requests***\n\n**Remove harvester from group**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/harvesters/$HARVESTER_ID\n```\n", "responses": { "204": { "description": "A group was removed from the harvester." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "hid", "in": "path", "description": "Harvester Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeGroupFromHarvester id=a4d3bc73aada63052310652d421609f1 hid=HUUPOMNGzikwiLXHaFYcE8" } ] } }, "/groups/{id}/effective_harvesters": { "get": { "operationId": "list_effective_group_harvesters", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "eff_harvesters" }, "x-onedata-permissions": [ "group_view", "oz_groups_list_relationships" ], "summary": "List effective group's harvesters", "x-bash-codegen-description": "Returns the effective list of harvesters to which the group has access.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n", "description": "Returns the effective list of harvesters to which the group has access.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_groups_list_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Get group effective harvesters**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/effective_harvesters\n\n{\n \"harvesters\": [\n \"GVC8lKEasj4q253sptVqF8HwUpk8jrwxKOe45uzLFX2\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The effective list of harvester Ids for which the group has access.", "schema": { "$ref": "#/definitions/Harvesters" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveGroupHarvesters id=a4d3bc73aada63052310652d421609f1" } ] } }, "/groups/{id}/effective_harvesters/{hid}": { "get": { "operationId": "get_effective_group_harvester", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(hid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_GROUP(?BINDING(id))", "x-onedata-permissions": [ "group_view", "oz_harvesters_view" ], "summary": "Get effective group harvester details", "x-bash-codegen-description": "Returns information about a specific effective harvester to which the group has access.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_harvesters_view` privilege is required.\n", "description": "Returns information about a specific effective harvester to which the group has access.\n\nThis operation requires `group_view` privilege.\nFor administrator who does not belong to this group\n`oz_harvesters_view` privilege is required.\n\n***Example cURL requests***\n\n**Get group's harvester details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/effective_harvesters/$HARVESTER_ID\n\n{\n \"harvesterId\": \"2c0160248ba9a66f45da751ca459535a\",\n \"name\": \"new_harvester1\",\n \"public\" : true,\n \"harvestingBackendType\" : \"elasticsearch_harvesting_backend\",\n \"harvestingBackendEndpoint\" : \"example.elastic.com:9200\",\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Information about a specific harvester in a group.", "schema": { "$ref": "#/definitions/Harvester" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "hid", "in": "path", "description": "Effective harvester Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveGroupHarvester id=a4d3bc73aada63052310652d421609f1 hid=HUUPOMNGzikwiLXHaFYcE8" } ] } }, "/groups/{id}/clusters": { "get": { "operationId": "list_group_clusters", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "clusters" }, "summary": "List group's clusters", "x-bash-codegen-description": "Returns the list of clusters to which the group has access.\n", "description": "Returns the list of clusters to which the group has access.\n\n***Example cURL requests***\n\n**Get group's clusters**\n```bash\ncurl -u groupname:password -X GET \\\nhttps://$HOST/api/v3/onezone/group/GVC8lKEasj4q253sptVqF8HwUpk8j/clusters\n\n{\n \"clusters\": [\n \"c45fb16186931e6c2b44648cedd6b878ed1f6931\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of groups's clusters.\n", "schema": { "$ref": "#/definitions/Clusters" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listGroupClusters id=GVC8lKEasj4q253sptVqF8HwUpk8j" } ] } }, "/groups/{id}/clusters/join": { "post": { "operationId": "group_join_cluster", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_cluster", "aspect": "join" }, "x-onedata-auth-hint": "?AS_GROUP(?BINDING(id))", "summary": "Join group to a cluster", "x-bash-codegen-description": "Join an existing cluster using an inivitation token.\n", "description": "Join an existing cluster using an inivitation token.\n\n***Example cURL requests***\n\n**Join group to an existing cluster**\n```bash\ncurl -u admin:password -H \"Content-type: application/json\" -X POST \\\n-d '{ \"token\" : \"MDAxNmxvY2F00aW9uRVM2TVo5UlZ5cGFjZV9jcmLciFsOgyUkPI3f02le6PM01IX8go\" }' \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/clusters/join\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the joined cluster in form https://$HOST/api/onezone/v3/groups/$GROUP_ID/clusters/{id} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the joined cluster.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "clusterinvitetoken", "in": "body", "description": "Token for joining a cluster.", "schema": { "$ref": "#/definitions/ClusterInviteToken" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli groupJoinCluster id=f8d843beda24e54545455ecc0f4b8886 token==MDAxNmxvY2F00aW9uRVM2TVo5UlZ5cGFjZV9jcm" } ] } }, "/groups/{id}/clusters/{cid}": { "get": { "operationId": "get_group_cluster", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(cid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_GROUP(?BINDING(id))", "summary": "Get group's cluster details", "x-bash-codegen-description": "Returns the details of a specific group's cluster.\n\nThis operation can be invoked on behalf of the current group only.\n", "description": "Returns the details of a specific group's cluster.\n\nThis operation can be invoked on behalf of the current group only.\n\n***Example cURL requests***\n\n**Get group's cluster details**\n```bash\ncurl -u groupname:password -X GET \\\nhttps://$HOST/api/v3/onezone/group/clusters/$CLUSTER_ID\n\n{\n \"clusterId\": \"f8d843beda24e54545455ecc0f4b8886\",\n \"type\": \"oneprovider\",\n \"workerVersion\": {\n \"release\": \"20.02.13\",\n \"build\": \"1-gfabf02d\",\n \"gui\": \"129c549fbe9b3e730c3d9910492228566e39e1236945766a74381405cc57fb04\"\n },\n \"onepanelVersion\": {\n \"release\": \"20.02.13\",\n \"build\": \"3-89fc6bad\",\n \"gui\": \"68e7e1472adb719ddf2d88908775091dfb10e5d0b916f06125ea1af4056044e3\"\n },\n \"online\": true,\n \"onepanelProxy\": false,\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the details of a specific cluster.", "schema": { "$ref": "#/definitions/Cluster" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "cid", "in": "path", "description": "Cluster Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getGroupCluster cid=95b663a6467c72ab1256865efef9e387" } ] }, "delete": { "operationId": "group_leave_cluster", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "{cluster, ?BINDING(cid)}" }, "summary": "Leave cluster", "x-bash-codegen-description": "Removes the groups membership in a specific cluster.\n", "description": "Removes the groups membership in a specific cluster.\n\n***Example cURL requests***\n\n**Group leave cluster**\n```bash\ncurl -u groupname:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/clusters/$CLUSTER_ID\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "The group is no longer a member of the cluster." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "cid", "in": "path", "description": "Cluster Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli groupLeaveCluster id=GVC8lKEasj4q253sptVqF8HwUpk8j cid=95b663a6467c72ab1256865efef9e387" } ] } }, "/groups/{id}/effective_clusters": { "get": { "operationId": "list_group_effective_clusters", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(id)", "aspect": "eff_clusters" }, "summary": "List group's effective clusters", "x-bash-codegen-description": "Returns the list of effective clusters to which the group has access.\n", "description": "Returns the list of effective clusters to which the group has access.\n\n***Example cURL requests***\n\n**Get group's effective clusters**\n```bash\ncurl -u groupname:password -X GET \\\nhttps://$HOST/api/v3/onezone/groups/$GROUP_ID/effective_clusters\n\n{\n \"clusters\": [\n \"c45fb16186931e6c2b44648cedd6b878ed1f6931\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of groups's effective clusters.\n", "schema": { "$ref": "#/definitions/Clusters" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listGroupEffectiveClusters id=GVC8lKEasj4q253sptVqF8HwUpk8j" } ] } }, "/groups/{id}/effective_clusters/{cid}": { "get": { "operationId": "get_group_effective_cluster", "tags": [ "Group" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(cid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_GROUP(?BINDING(id))", "summary": "Get group's effective cluster details", "x-bash-codegen-description": "Returns information about a specific effective cluster to which the group belongs.\n\nThis operation can be invoked on behalf of the current group only.\n", "description": "Returns information about a specific effective cluster to which the group belongs.\n\nThis operation can be invoked on behalf of the current group only.\n\n***Example cURL requests***\n\n**Get group's effective cluster details**\n```bash\ncurl -u groupname:password -X GET \\\nhttps://$HOST/api/v3/onezone/group/clusters/$CLUSTER_ID\n\n{\n \"clusterId\": \"f8d843beda24e54545455ecc0f4b8886\",\n \"type\": \"oneprovider\",\n \"workerVersion\": {\n \"release\": \"20.02.13\",\n \"build\": \"1-gfabf02d\",\n \"gui\": \"129c549fbe9b3e730c3d9910492228566e39e1236945766a74381405cc57fb04\"\n },\n \"onepanelVersion\": {\n \"release\": \"20.02.13\",\n \"build\": \"3-89fc6bad\",\n \"gui\": \"68e7e1472adb719ddf2d88908775091dfb10e5d0b916f06125ea1af4056044e3\"\n },\n \"online\": true,\n \"onepanelProxy\": false,\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the details of a specific group's effective cluster.", "schema": { "$ref": "#/definitions/Cluster" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "cid", "in": "path", "description": "Cluster Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getGroupEffectiveCluster cid=95b663a6467c72ab1256865efef9e387" } ] } }, "/spaces": { "get": { "operationId": "oz_spaces_list", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "aspect": "list" }, "x-onedata-permissions": [ "oz_spaces_list" ], "summary": "List all spaces", "x-bash-codegen-description": "Returns the list of all spaces managed by the Onezone service.\n\nThis operation requires `oz_spaces_list` admin privilege.\n", "description": "Returns the list of all spaces managed by the Onezone service.\n\nThis operation requires `oz_spaces_list` admin privilege.\n\n***Example cURL requests***\n\n**List all spaces**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/spaces\n\n{\n \"spaces\": [\n \"S0Y9FSe9TFJFFzzLtBEs8\",\n \"IkHBv8CoAFmbFU4fj26\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "List of spaces Ids.", "schema": { "$ref": "#/definitions/Spaces" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listSpaces" } ] }, "post": { "operationId": "create_space", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "aspect": "instance" }, "x-onedata-permissions": [ "oz_spaces_create" ], "summary": "Create new space", "x-bash-codegen-description": "Creates new space.\n\nThis operation requires `oz_spaces_create` admin privilege.\n", "description": "Creates new space.\n\nThis operation requires `oz_spaces_create` admin privilege.\n\nSee also: \n[Create a new space for the current user](#operation/create_user_space) \n[Create a new space for given group](#operation/create_space_for_group) \n\n***Example cURL requests***\n\n**Create new space**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" \\\n-X POST -d '{ \"name\" : \"new_space\" }' \\\nhttps://$HOST/api/v3/onezone/spaces\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the created space in the form https://$HOST/api/onezone/v3/spaces/{id} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created space.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "name", "in": "body", "description": "Space name.", "schema": { "type": "object", "properties": { "name": { "type": "string", "description": "The name of the new space." } } } } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createSpace name==\"Space 1\"" } ] } }, "/spaces/privileges": { "get": { "operationId": "list_space_privileges", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "aspect": "privileges" }, "x-onedata-permissions": [], "summary": "List all space privileges", "x-bash-codegen-description": "Returns list of all possible space privileges.\n\nThis endpoint does not require authentication.\n", "description": "Returns list of all possible space privileges.\n\nThis endpoint does not require authentication.\n\n***Example cURL requests***\n\n**Get list of all space privileges**\n```bash\ncurl https://$HOST/api/v3/onezone/spaces/privileges\n\n{\n \"admin\": [\n \"space_view\",\n \"space_update\",\n \"space_delete\",\n \"space_view_privileges\",\n \"space_set_privileges\",\n \"space_read_data\",\n \"space_write_data\",\n \"space_register_files\",\n \"space_manage_shares\",\n \"space_view_views\",\n \"space_manage_views\",\n \"space_query_views\",\n \"space_view_statistics\",\n \"space_view_changes_stream\",\n \"space_view_transfers\",\n \"space_schedule_replication\",\n \"space_cancel_replication\",\n \"space_schedule_eviction\",\n \"space_cancel_eviction\",\n \"space_view_qos\",\n \"space_manage_qos\",\n \"space_add_user\",\n \"space_remove_user\",\n \"space_add_group\",\n \"space_remove_group\",\n \"space_add_provider\",\n \"space_remove_provider\",\n \"space_add_harvester\",\n \"space_remove_harvester\"\n ],\n \"manager\": [\n \"space_view\",\n \"space_view_privileges\",\n \"space_read_data\",\n \"space_write_data\",\n \"space_register_files\",\n \"space_manage_shares\",\n \"space_view_views\",\n \"space_query_views\",\n \"space_view_statistics\",\n \"space_view_changes_stream\",\n \"space_view_transfers\",\n \"space_schedule_replication\",\n \"space_view_qos\",\n \"space_add_user\",\n \"space_remove_user\",\n \"space_add_group\",\n \"space_remove_group\",\n \"space_add_harvester\",\n \"space_remove_harvester\"\n ],\n \"member\": [\n \"space_view\",\n \"space_read_data\",\n \"space_write_data\",\n \"space_view_transfers\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "List of all space privileges", "schema": { "type": "object", "properties": { "admin": { "$ref": "#/definitions/SpacePrivileges" }, "manager": { "$ref": "#/definitions/SpaceManagerPrivileges" }, "member": { "$ref": "#/definitions/SpaceMemberPrivileges" } } } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listSpacePrivileges" } ] } }, "/spaces/{id}": { "get": { "operationId": "get_space", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "instance", "scope": "protected" }, "x-onedata-permissions": [ "oz_spaces_view" ], "summary": "Get space details", "x-bash-codegen-description": "Returns the details about a specific space.\n\nThis operation requires any of the following authentication:\n* as user who is an effective member of the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_view` admin privilege.\n", "description": "Returns the details about a specific space.\n\nThis operation requires any of the following authentication:\n* as user who is an effective member of the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_view` admin privilege.\n\n***Example cURL requests***\n\n**Get space details**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID\n\n{\n \"spaceId\": \"2c0160248ba9a66f45da751ca459535a\",\n \"name\": \"My Private space\",\n \"providers\": {\n \"296ebe3c20e9666dc489b647f8647f12\": 5368709120,\n \"dcf12429647c204896eebe3b6f686967\": 14400000\n },\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebfc1a770c3\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Information about a space.", "schema": { "$ref": "#/definitions/Space" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getSpace id=b752ceafabb662b4e5728b2ded25cdd1" } ] }, "patch": { "operationId": "modify_space", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "instance" }, "x-onedata-permissions": [ "space_update", "oz_spaces_update" ], "summary": "Modify space details", "x-bash-codegen-description": "Updates the details about a space.\n\nThis operation requires `space_update` privilege\nor `oz_spaces_update` admin privilege.\n", "description": "Updates the details about a space.\n\nThis operation requires `space_update` privilege\nor `oz_spaces_update` admin privilege.\n\n***Example cURL requests***\n\n**Change space name**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" \\\n-X PATCH -d '{\"name\": \"new_space12\"}' \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "Space has been updated successfully." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Space parameters", "schema": { "type": "object", "properties": { "name": { "type": "string", "description": "The new name of the space." } } }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli modifySpace id=b752ceafabb662b4e5728b2ded25cdd1 name==\"New Space Name\"" } ] }, "delete": { "operationId": "remove_space", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "instance" }, "x-onedata-permissions": [ "space_delete", "oz_spaces_delete" ], "summary": "Remove space", "x-bash-codegen-description": "Removes a specific space.\n\nThis operation requires `space_delete` privilege\nor `oz_spaces_delete` admin privilege.\n", "description": "Removes a specific space.\n\nThis operation requires `space_delete` privilege\nor `oz_spaces_delete` admin privilege.\n\n***Example cURL requests***\n\n**Remove space**\n```bash\ncurl -u admin:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID\n```\n", "responses": { "204": { "description": "The space was removed." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeSpace id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/spaces/{id}/users": { "get": { "operationId": "list_space_users", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "users" }, "x-onedata-permissions": [ "space_view", "oz_spaces_list_relationships" ], "summary": "List space users", "x-bash-codegen-description": "Returns the list of users belonging to a specific space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_list_relationships` admin privilege.\n", "description": "Returns the list of users belonging to a specific space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Get space users**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/users\n\n{\n \"users\": [\n \"a5b469a2b0516b662a49da74d6d7d7bc\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of all user Ids that belong to a specific space", "schema": { "$ref": "#/definitions/Users" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listSpaceUsers id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/spaces/{id}/users/token": { "post": { "deprecated": true, "operationId": "create_space_user_invite_token", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "invite_user_token" }, "x-onedata-permissions": [ "space_add_user", "oz_spaces_add_relationships" ], "summary": "Create space user invite token", "x-bash-codegen-description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user)\n\nCreates a token allowing new user to join a space.\n\nThis operation requires `space_add_user` privilege.\nFor administrators who do not have to be members of this space,\n`oz_spaces_add_relationships` privilege is required.\n", "description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user)\n\nCreates a token allowing new user to join a space.\n\nThis operation requires `space_add_user` privilege.\nFor administrators who do not have to be members of this space,\n`oz_spaces_add_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Create space user invite token**\n```bash\ncurl -u username:password -X POST \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/users/token\n\n{\n \"token\": \"MDAxNmxvY2F00aW9uIHJlZ2lzdHJ5CjAwM2JpZGVudGlmaWVyIG00zcEJ2UDVuOHhkQUNhdk9hbTlyNnIwNldPSzVhc\"\n}\n```\n", "produces": [ "application/json" ], "consumes": [ "application/json" ], "responses": { "200": { "description": "The token for joining a specific group.", "schema": { "$ref": "#/definitions/SpaceInviteToken" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createSpaceUserInviteToken id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/spaces/{id}/users/{uid}": { "get": { "operationId": "get_space_user", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_user", "id": "?BINDING(uid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_SPACE(?BINDING(id))", "x-onedata-permissions": [ "space_view", "oz_users_view" ], "summary": "Get space user details", "x-bash-codegen-description": "Returns basic information about a specific user in a space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_users_view` admin privilege.\n", "description": "Returns basic information about a specific user in a space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_users_view` admin privilege.\n\n***Example cURL requests***\n\n**Get space user data**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/users/$USER_ID\n\n{\n \"userId\" : \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"fullName\" : \"John Doe\",\n \"username\" : \"jodoe\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Information about a space user.", "schema": { "$ref": "#/definitions/User" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getSpaceUser id=b752ceafabb662b4e5728b2ded25cdd1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] }, "put": { "operationId": "add_space_user", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "{user, ?BINDING(uid)}" }, "x-onedata-permissions": [ "space_add_user", "space_set_privileges", "oz_spaces_add_relationships", "oz_users_add_relationships", "oz_spaces_set_privileges" ], "summary": "Add user to space", "x-bash-codegen-description": "Adds user {uid} as member of space {id}. Optional privileges\ncan be passed in the request body, otherwise default\nprivileges will be set for the user in this space.\n\nThis operation can only be invoked by the user {uid} to add himself to the\nspace (if he is not a member already) and requires `space_add_user`\nprivilege in the space. If `privileges` are specified in the request,\n`space_set_privileges` privilege is also required.\n\nAdministrators having the `oz_spaces_add_relationships` and\n`oz_users_add_relationships` admin privileges can add any user to any space,\nthough `oz_spaces_set_privileges` privilege is required if `privileges` are\nspecified in the request.\n", "description": "Adds user {uid} as member of space {id}. Optional privileges\ncan be passed in the request body, otherwise default\nprivileges will be set for the user in this space.\n\nThis operation can only be invoked by the user {uid} to add himself to the\nspace (if he is not a member already) and requires `space_add_user`\nprivilege in the space. If `privileges` are specified in the request,\n`space_set_privileges` privilege is also required.\n\nAdministrators having the `oz_spaces_add_relationships` and\n`oz_users_add_relationships` admin privileges can add any user to any space,\nthough `oz_spaces_set_privileges` privilege is required if `privileges` are\nspecified in the request.\n\n***Example cURL requests***\n\n**Add user to space**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" -X PUT \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/users/$USER_ID\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "The user was added to the space." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/SpacePrivileges" } } }, "required": false } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli addSpaceUser id=b752ceafabb662b4e5728b2ded25cdd1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] }, "delete": { "operationId": "remove_space_user", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "{user, ?BINDING(uid)}" }, "x-onedata-permissions": [ "space_remove_user", "oz_spaces_remove_relationships", "oz_users_remove_relationships" ], "summary": "Remove user from space", "x-bash-codegen-description": "Removes user from specific space.\n\nThis operation requires `space_remove_user` or\nrequires `oz_spaces_add_relationships` and `oz_users_add_relationships` admin privilege.\n", "description": "Removes user from specific space.\n\nThis operation requires `space_remove_user` or\nrequires `oz_spaces_add_relationships` and `oz_users_add_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Remove user from space**\n```bash\ncurl -u admin:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/users/$USER_ID\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "User was removed from space." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeSpaceUser id=b752ceafabb662b4e5728b2ded25cdd1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] } }, "/spaces/{id}/users/{uid}/privileges": { "get": { "operationId": "list_user_space_privileges", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "{user_privileges, ?BINDING(uid)}" }, "x-onedata-permissions": [ "space_view_privileges", "oz_spaces_view_privileges" ], "summary": "List user's space privileges", "x-bash-codegen-description": "Returns the list of user's (`{uid}`) privileges in a space (`{id}`).\n\nThis operation requires any of the following authentication:\n* as user who has `space_view_privileges` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_view_privileges` admin privilege.\n", "description": "Returns the list of user's (`{uid}`) privileges in a space (`{id}`).\n\nThis operation requires any of the following authentication:\n* as user who has `space_view_privileges` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_view_privileges` admin privilege.\n\n***Example cURL requests***\n\n**List user's privileges in a space**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/users/$USER_ID/privileges\n\n{\n \"privileges\": [\n \"space_view\",\n \"space_update\",\n \"space_delete\",\n \"space_view_privileges\",\n \"space_set_privileges\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of user's privileges in the space.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/SpacePrivileges" } }, "example": { "privileges": [ "space_view", "space_update", "space_delete", "space_view_privileges", "space_set_privileges" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listUserSpacePrivileges id=b752ceafabb662b4e5728b2ded25cdd1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] }, "patch": { "operationId": "update_user_space_privileges", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "{user_privileges, ?BINDING(uid)}" }, "x-onedata-permissions": [ "space_set_privileges", "oz_spaces_set_privileges" ], "summary": "Update user's space privileges", "x-bash-codegen-description": "Updates user's (`{uid}`) privileges in a space (`{id}`).\n\nThis operation requires `space_set_privileges` privilege.\nFor administrators who do not have to be members of this space,\n`oz_spaces_set_privileges` privilege is required.\n", "description": "Updates user's (`{uid}`) privileges in a space (`{id}`).\n\nThis operation requires `space_set_privileges` privilege.\nFor administrators who do not have to be members of this space,\n`oz_spaces_set_privileges` privilege is required.\n\nThe `grant` field specifies a list of privileges to be granted. The `revoke`\nfield specifies a list of privileges to be revoked. At least one of those\nfields must be given.\n\n***Example cURL requests***\n\n**Update user's privileges in a space**\n```bash\ncurl -u admin:password -X PATCH -H \"Content-type: application/json\" \\\n-d '{\"grant\": [\"space_view\", \"space_update\"], \"revoke\": [\"space_delete\"]}' \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/users/$USER_ID/privileges\n```\n", "responses": { "204": { "description": "The privileges have been updated." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Space privileges update request.", "schema": { "$ref": "#/definitions/SpacePrivilegesUpdate" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "echo '{\"grant\": [\"space_view\", \"space_update\"], \"revoke\": [\"space_delete\"]}' | onezone-rest-cli updateUserSpacePrivileges id=b752ceafabb662b4e5728b2ded25cdd1 uid=a5b469a2b0516b662a49da74d6d7d7bc -" } ] } }, "/spaces/{id}/effective_users": { "get": { "operationId": "list_effective_space_users", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "eff_users" }, "summary": "List effective space users", "x-onedata-permissions": [ "space_view", "oz_spaces_list_relationships" ], "x-bash-codegen-description": "Returns the list of effective users belonging to a specific space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_list_relationships` admin privilege.\n", "description": "Returns the list of effective users belonging to a specific space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Get space effective users**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/effective_users\n\n{\n \"users\": [\n \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"8e1cea0b379e3683257c32f896d55115\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of effective user Ids that belong to a specific space.", "schema": { "$ref": "#/definitions/Users" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveSpaceUsers id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/spaces/{id}/effective_users/{uid}": { "get": { "operationId": "get_effective_space_user", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_user", "id": "?BINDING(uid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_SPACE(?BINDING(id))", "x-onedata-permissions": [ "space_view", "oz_users_view" ], "summary": "Get effective space user details", "x-bash-codegen-description": "Returns details about a specific effective user in a space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_users_view` admin privilege.\n", "description": "Returns details about a specific effective user in a space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_users_view` admin privilege.\n\n***Example cURL requests***\n\n**Get effective space user details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/effective_users/$USER_ID\n\n{\n \"userId\": \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"fullName\" : \"John Doe\",\n \"username\" : \"jodoe\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Details of a specific user in a space.", "schema": { "$ref": "#/definitions/User" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveSpaceUser id=b752ceafabb662b4e5728b2ded25cdd1 uid=f1c8b1a37aa7447b22eb65a742d40524" } ] } }, "/spaces/{id}/effective_users/{uid}/privileges": { "get": { "operationId": "list_effective_user_space_privileges", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "{eff_user_privileges, ?BINDING(uid)}" }, "x-onedata-permissions": [ "space_view_privileges", "oz_spaces_view_privileges" ], "summary": "List effective user's space privileges", "x-bash-codegen-description": "Returns the list of effective user's (`{uid}`) privileges in a space (`{id}`).\n\nEffective privileges are a sum of user's privileges and privileges\ninherited from his group memberships.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view_privileges` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_users_view_privileges` admin privilege.\n", "description": "Returns the list of effective user's (`{uid}`) privileges in a space (`{id}`).\n\nEffective privileges are a sum of user's privileges and privileges\ninherited from his group memberships.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view_privileges` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_users_view_privileges` admin privilege.\n\n***Example cURL requests***\n\n**List effective user's privileges in a space**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/effective_users/$USER_ID/privileges\n\n{\n \"privileges\": [\n \"space_view\",\n \"space_update\",\n \"space_delete\",\n \"space_view_privileges\",\n \"space_set_privileges\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of effective user's privileges in the space.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/SpacePrivileges" } }, "example": { "privileges": [ "space_view", "space_update", "space_delete", "space_view_privileges", "space_set_privileges" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveUserSpacePrivileges id=b752ceafabb662b4e5728b2ded25cdd1 uid=c44d4ab910245342be5a0a89fdff095e" } ] } }, "/spaces/{id}/effective_users/{uid}/membership": { "get": { "operationId": "get_effective_user_space_membership_intermediaries", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "{eff_user_membership, ?BINDING(uid)}" }, "x-onedata-permissions": [ "space_view", "oz_spaces_view" ], "summary": "Get effective user's space membership intermediaries", "x-bash-codegen-description": "Returns the effective user's (`{uid}`) space membership intermediaries -\nentities from which the user inherits access to the space (`{id}`).\nSpecial keyword `\"self\"` in entity id indicates that the user (`{uid}`)\nhas a direct access to the space (`{id}`).\n\nThis operation requires any of the following authentication:\n* as user (`{uid}`) who is an effective member of the space (`{id}`),\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_view` admin privilege.\n", "description": "Returns the effective user's (`{uid}`) space membership intermediaries -\nentities from which the user inherits access to the space (`{id}`).\nSpecial keyword `\"self\"` in entity id indicates that the user (`{uid}`)\nhas a direct access to the space (`{id}`).\n\nThis operation requires any of the following authentication:\n* as user (`{uid}`) who is an effective member of the space (`{id}`),\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_view` admin privilege.\n\n***Example cURL requests***\n\n**Get effective user's space membership intermediaries**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/effective_users/$USER_ID/membership\n\n{\n \"intermediaries\": [\n {\"type\": \"group\", \"id\": \"95527367966a95639e93a88718450b36\"},\n {\"type\": \"group\", \"id\": \"2ef3de15fd49b3d6420f58428a6ad219\"},\n {\"type\": \"space\", \"id\": \"self\"}\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of membership intermediaries.", "schema": { "$ref": "#/definitions/MembershipIntermediaries" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveUserSpaceMembershipIntermediaries id=b752ceafabb662b4e5728b2ded25cdd1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] } }, "/spaces/{id}/groups": { "get": { "operationId": "list_space_groups", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "groups" }, "summary": "List space groups", "x-onedata-permissions": [ "space_view", "oz_spaces_list_relationships" ], "x-bash-codegen-description": "Returns the list of groups belonging to a specific space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_list_relationships` admin privilege.\n", "description": "Returns the list of groups belonging to a specific space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Get space groups**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/groups\n\n{\n \"groups\": [\n \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"8e1cea0b379e3683257c32f896d55115\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of all group Ids that belong to a specific space", "schema": { "$ref": "#/definitions/Groups" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listSpaceGroups id=b752ceafabb662b4e5728b2ded25cdd1" } ] }, "post": { "operationId": "create_space_group", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "group" }, "x-onedata-auth-hint": "?AS_USER(?CLIENT_ID)", "x-onedata-permissions": [ "space_add_group", "oz_groups_create", "oz_spaces_add_relationships" ], "summary": "Create group in space", "x-bash-codegen-description": "Creates a new group belonging to the space of {id}.\n\nThis operation requires `space_add_group` privilege.\nFor administrator who does not belong to this group\n`oz_spaces_add_relationships` and `oz_groups_create`\nprivileges are required.\n", "description": "Creates a new group belonging to the space of {id}.\n\nThis operation requires `space_add_group` privilege.\nFor administrator who does not belong to this group\n`oz_spaces_add_relationships` and `oz_groups_create`\nprivileges are required.\n\n***Example cURL requests***\n\n**Create group in space**\n```bash\ncurl -u username:password -X POST \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/groups\n```\n", "produces": [ "application/json" ], "responses": { "201": { "description": "URI of the added group in form https://$HOST/api/onezone/v3/spaces/{id}/groups/{cid} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created group.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Group properties.", "schema": { "$ref": "#/definitions/GroupCreateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createSpaceGroup id=538ef9643ae6b9e40817e51eece7e341 name==Group2 type==team" } ] } }, "/spaces/{id}/groups/token": { "post": { "deprecated": true, "operationId": "create_space_group_token", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "invite_group_token" }, "x-onedata-permissions": [ "space_add_group", "oz_spaces_add_relationships" ], "summary": "Create space invite token for group", "x-bash-codegen-description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user)\n\nCreates a token allowing to add a group to a specific space.\n\nThis operation requires `space_add_group` privilege.\nor `oz_spaces_add_relationships` admin privilege.\n", "description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user).\n\nCreates a token allowing to add a group to a specific space.\n\nThis operation requires `space_add_group` privilege\nor `oz_spaces_add_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Create space invitation token for group**\n```bash\ncurl -u username:password -X POST \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/groups/token\n\n{\n \"token\": \"MDAxNmxvY0cGUgKWsjcpnrLE00RtOd2F00cGUgKWsjcpnrLE00RtOdhmnQycSICwMsugo\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The token for joining a specific group.", "schema": { "$ref": "#/definitions/SpaceInviteToken" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createSpaceGroupToken id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/spaces/{id}/groups/{gid}": { "get": { "operationId": "get_space_group", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(gid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_SPACE(?BINDING(id))", "x-onedata-permissions": [ "space_view", "oz_groups_view" ], "summary": "Get space's group details", "x-bash-codegen-description": "Returns details about a specific group in a space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_groups_view` admin privilege.\n", "description": "Returns details about a specific group in a space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_groups_view` admin privilege.\n\n***Example cURL requests***\n\n**Get space group details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/groups/$GROUP_ID\n\n{\n \"groupId\": \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"name\": \"new_groupX\",\n \"type\": \"team\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Details of a specific group in a space.", "schema": { "$ref": "#/definitions/Group" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getSpaceGroup id=b752ceafabb662b4e5728b2ded25cdd1 gid=f1c8b1a37aa7447b22eb65a742d40524" } ] }, "put": { "operationId": "add_group_to_space", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "{group, ?BINDING(gid)}" }, "x-onedata-permissions": [ "space_add_group", "space_set_privileges", "oz_spaces_add_relationships", "oz_groups_add_relationships", "oz_space_set_privileges" ], "summary": "Add group to space", "x-bash-codegen-description": "Adds group {gid} as member of space {id}. Optional privileges\ncan be passed in the request body, otherwise default\nprivileges will be set for the group in this space.\n\nThis operation requires `space_add_group` privilege in the space and\n`group_add_space` privilege in the group. If `privileges` are\nspecified in the request, `space_set_privileges` privilege is also required.\n\nFor administrator who does not belong to the group / space,\n`oz_groups_add_relationships` and `oz_spaces_add_relationships` privileges\nare required, and `oz_spaces_set_privileges` if `privileges` are specified\nin the request.\n", "description": "Adds group {gid} as member of space {id}. Optional privileges\ncan be passed in the request body, otherwise default\nprivileges will be set for the group in this space.\n\nThis operation requires `space_add_group` privilege in the space and\n`group_add_space` privilege in the group. If `privileges` are\nspecified in the request, `space_set_privileges` privilege is also required.\n\nFor administrator who does not belong to the group / space,\n`oz_groups_add_relationships` and `oz_spaces_add_relationships` privileges\nare required, and `oz_spaces_set_privileges` if `privileges` are specified\nin the request.\n\n***Example cURL requests***\n\n**Add group to space**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" -X PUT \\\n https://$HOST/api/v3/onezone/spaces/$SPACE_ID/groups/$GROUP_ID\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "The group was added to the space." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/SpacePrivileges" } } }, "required": false } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli addGroupToSpace id=b752ceafabb662b4e5728b2ded25cdd1 gid=f1c8b1a37aa7447b22eb65a742d40524" } ] }, "delete": { "operationId": "remove_space_group", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "{group, ?BINDING(gid)}" }, "x-onedata-permissions": [ "space_remove_group", "oz_spaces_remove_relationships" ], "summary": "Remove group from space", "x-bash-codegen-description": "Removes a specific group from space.\n\nFor regular users, who belong to this space it requires\n`space_remove_group` privilege to remove a group from this space.\n\nFor administrators, who are not members of this space,\n`oz_spaces_remove_relationships` privilege is required.\n", "description": "Removes a specific group from space.\n\nFor regular users, who belong to this space it requires\n`space_remove_group` privilege to remove a group from this space.\n\nFor administrators, who are not members of this space,\n`oz_spaces_remove_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Get space group details**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/groups/$GROUP_ID\n```\n", "responses": { "204": { "description": "A group was removed from space." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeSpaceGroup id=b752ceafabb662b4e5728b2ded25cdd1 gid=f1c8b1a37aa7447b22eb65a742d40524" } ] } }, "/spaces/{id}/groups/{gid}/privileges": { "get": { "operationId": "list_group_space_privileges", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "{group_privileges, ?BINDING(gid)}" }, "x-onedata-permissions": [ "space_view_privileges", "oz_spaces_view_privileges" ], "summary": "List group's space privileges", "x-bash-codegen-description": "Returns the list of group's (`{gid}`) privileges in a space (`{id}`).\n\nThis operation requires any of the following authentication:\n* as user who has `space_view_privileges` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_view_privileges` admin privilege.\n", "description": "Returns the list of group's (`{gid}`) privileges in a space (`{id}`).\n\nThis operation requires any of the following authentication:\n* as user who has `space_view_privileges` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_view_privileges` admin privilege.\n\n***Example cURL requests***\n\n**List groups's privileges in a space**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/groups/$GROUP_ID/privileges\n\n{\n \"privileges\": [\n \"space_view\",\n \"space_update\",\n \"space_delete\",\n \"space_view_privileges\",\n \"space_set_privileges\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of group's privileges in the space.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/SpacePrivileges" } }, "example": { "privileges": [ "space_view", "space_update", "space_delete", "space_view_privileges", "space_set_privileges" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listGroupSpacePrivileges id=b752ceafabb662b4e5728b2ded25cdd1 gid=c44d4ab910245342be5a0a89fdff095e" } ] }, "patch": { "operationId": "update_group_space_privileges", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "{group_privileges, ?BINDING(gid)}" }, "x-onedata-permissions": [ "space_set_privileges", "oz_spaces_set_privileges" ], "summary": "Update group privileges to space", "x-bash-codegen-description": "Updates group's (`{gid}`) privileges in a space (`{id}`).\n\nThis operation requires `space_set_privileges` privilege\nor `oz_spaces_set_privileges` admin privilege.\n", "description": "Updates group's (`{gid}`) privileges in a space (`{id}`).\n\nThis operation requires `space_set_privileges` privilege\nor `oz_spaces_set_privileges` admin privilege.\n\nThe `grant` field specifies a list of privileges to be granted. The `revoke`\nfield specifies a list of privileges to be revoked. At least one of those\nfields must be given.\n\n***Example cURL requests***\n\n**Update group's privileges in a space**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" \\\n-d '{\"grant\": [\"space_view\", \"space_update\"], \"revoke\": [\"space_delete\"]}' \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/groups/$GROUP_ID/privileges\n```\n", "responses": { "204": { "description": "The privileges have been updated." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Space privileges update request.", "schema": { "$ref": "#/definitions/SpacePrivilegesUpdate" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "echo '{\"grant\": [\"space_view\", \"space_update\"], \"revoke\": [\"space_delete\"]}' | onezone-rest-cli updateGroupSpacePrivileges id=SPACE_ID gid=GROUP_ID -" } ] } }, "/spaces/{id}/effective_groups": { "get": { "operationId": "list_effective_space_groups", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "eff_groups" }, "x-onedata-permissions": [ "space_view", "oz_spaces_list_relationships" ], "summary": "List effective space groups", "x-bash-codegen-description": "Returns the list of effective groups belonging to a specific space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_list_relationships` admin privilege.\n", "description": "Returns the list of effective groups belonging to a specific space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Get space effective groups**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/effective_groups\n\n{\n \"groups\": [\n \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"8e1cea0b379e3683257c32f896d55115\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of effective group Ids that belong to a specific space.", "schema": { "$ref": "#/definitions/Groups" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveSpaceGroups id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/spaces/{id}/effective_groups/{gid}": { "get": { "operationId": "get_effective_space_group", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(gid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_SPACE(?BINDING(id))", "x-onedata-permissions": [ "space_view", "oz_groups_view" ], "summary": "Get effective space group details", "x-bash-codegen-description": "Returns details about a specific effective group in a space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_groups_view` admin privilege.\n", "description": "Returns details about a specific effective group in a space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_groups_view` admin privilege.\n\n***Example cURL requests***\n\n**Get effective space group details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/effective_groups/$GROUP_ID\n\n{\n \"groupId\": \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"name\": \"new_groupX\",\n \"type\": \"team\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Details of a specific group in a space.", "schema": { "$ref": "#/definitions/Group" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveSpaceGroup id=b752ceafabb662b4e5728b2ded25cdd1 gid=f1c8b1a37aa7447b22eb65a742d40524" } ] } }, "/spaces/{id}/effective_groups/{gid}/privileges": { "get": { "operationId": "list_effective_group_space_privileges", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "{eff_group_privileges, ?BINDING(gid)}" }, "x-onedata-permissions": [ "space_view_privileges", "oz_spaces_view_privileges" ], "summary": "List effective group's space privileges", "x-bash-codegen-description": "Returns the list of effective group's (`{gid}`) privileges in a space (`{id}`).\n\nEffective privileges are a sum of group's privileges and privileges\ninherited from its parent group memberships.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view_privileges` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_groups_view_privileges` admin privilege.\n", "description": "Returns the list of effective group's (`{gid}`) privileges in a space (`{id}`).\n\nEffective privileges are a sum of group's privileges and privileges\ninherited from its parent group memberships.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view_privileges` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_groups_view_privileges` admin privilege.\n\n***Example cURL requests***\n\n**List effective groups's privileges in a space**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/effective_groups/$GROUP_ID/privileges\n\n{\n \"privileges\": [\n \"space_view\",\n \"space_update\",\n \"space_delete\",\n \"space_view_privileges\",\n \"space_set_privileges\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of effective group's privileges in the space.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/SpacePrivileges" } }, "example": { "privileges": [ "space_view", "space_update", "space_delete", "space_view_privileges", "space_set_privileges" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveGroupSpacePrivileges id=b752ceafabb662b4e5728b2ded25cdd1 gid=c44d4ab910245342be5a0a89fdff095e" } ] } }, "/spaces/{id}/effective_groups/{gid}/membership": { "get": { "operationId": "get_effective_group_space_membership_intermediaries", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "{eff_group_membership, ?BINDING(gid)}" }, "x-onedata-permissions": [ "space_view", "oz_spaces_view" ], "summary": "Get effective group's space membership intermediaries", "x-bash-codegen-description": "Returns the effective group's (`{gid}`) space membership intermediaries -\nentities from which the group inherits access to the space (`{id}`).\nSpecial keyword `\"self\"` in entity id indicates that the group (`{gid}`)\nhas a direct access to the space (`{id}`).\n\nThis operation requires any of the following authentication:\n* as user who is an effective member of the group (`{gid}`),\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space,\n* as user who has `oz_spaces_view` admin privilege.\n", "description": "Returns the effective group's (`{gid}`) space membership intermediaries -\nentities from which the group inherits access to the space (`{id}`).\nSpecial keyword `\"self\"` in entity id indicates that the group (`{gid}`)\nhas a direct access to the space (`{id}`).\n\nThis operation requires any of the following authentication:\n* as user who is an effective member of the group (`{gid}`),\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space,\n* as user who has `oz_spaces_view` admin privilege.\n\n***Example cURL requests***\n\n**Get effective group's space membership intermediaries**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/effective_groups/$GROUP_ID/membership\n\n{\n \"intermediaries\": [\n {\"type\": \"group\", \"id\": \"95527367966a95639e93a88718450b36\"},\n {\"type\": \"group\", \"id\": \"2ef3de15fd49b3d6420f58428a6ad219\"},\n {\"type\": \"space\", \"id\": \"self\"}\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of membership intermediaries.", "schema": { "$ref": "#/definitions/MembershipIntermediaries" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveGroupSpaceMembershipIntermediaries id=b752ceafabb662b4e5728b2ded25cdd1 gid=a5b469a2b0516b662a49da74d6d7d7bc" } ] } }, "/spaces/{id}/shares": { "get": { "operationId": "list_space_shares", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "shares" }, "x-onedata-permissions": [ "space_view", "oz_spaces_list_relationships" ], "summary": "List space shares", "x-bash-codegen-description": "Returns the list of shares from specific space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_list_relationships` admin privilege.\n", "description": "Returns the list of shares from specific space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**List space shares**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/shares\n\n{\n \"shares\": [\n \"MDAxNmxvYZjUGlIcGkweGZta1ZOdEp00eUNINVNvR2001Wl\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of all share Ids that have been created in specific space.", "schema": { "$ref": "#/definitions/Shares" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listSpaceShares id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/spaces/{id}/shares/{sid}": { "get": { "operationId": "get_space_share", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_share", "id": "?BINDING(sid)", "aspect": "instance", "scope": "private" }, "x-onedata-auth-hint": "?THROUGH_SPACE(?BINDING(id))", "x-onedata-permissions": [ "space_view", "oz_shares_view" ], "summary": "Get space share", "x-bash-codegen-description": "Returns the details about a share from specific space.\n\nNOTE: Only Oneprovider API supports creating / deleting shares and is\npreferred for all share operations. Onezone API is limited to retrieving\nand modifying share details.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_shares_view` admin privilege.\n", "description": "Returns the details about a share from specific space.\n\nNOTE: Only Oneprovider API supports creating / deleting shares and is\npreferred for all share operations. Onezone API is limited to retrieving\nand modifying share details.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_shares_view` admin privilege.\n\n***Example cURL requests***\n\n**Get space share**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" -X GET \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/shares/$SHARE_ID\n\n{\n \"shareId\": \"1f4b762b1380946e73aeca574c77f14c\",\n \"name\": \"Experiment XYZ\",\n \"description\": \"# Experiment XYZ\\nThis collection contains results from Experiment XYZ.\",\n \"publicUrl\": \"https://example.com/shares/1f4b762b1380946e73aeca574c77f14c\",\n \"publicRestUrl\": \"https://example.com/api/v3/onezone/shares/1f4b762b1380946e73aeca574c77f14c/public\",\n \"fileType\": \"dir\",\n \"rootFileId\": \"00000000006CB663736861726547756964233339643236366165646365\\\n 6266666164353939663761373734313235363166342336656331613534313362366634653\\\n 2623031613563383561386664373937653223316634623736326231333830393436653733\\\n 6165636135373463373766313463\",\n \"spaceId\": \"6ec1a5413b6f4e2b01a5c85a8fd797e2\",\n \"handleId\" \"70570c0ebcd081835ca29560708fd98f\",\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "consumes": [ "application/json" ], "responses": { "200": { "description": "The shares was successfully created.", "schema": { "$ref": "#/definitions/Share" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "sid", "in": "path", "description": "Share Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getSpaceShare id=b752ceafabb662b4e5728b2ded25cdd1 sid=b45d02d01066b8794ad7f927becf4bde" } ] } }, "/spaces/{id}/providers": { "get": { "operationId": "list_space_providers", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "eff_providers" }, "x-onedata-permissions": [ "space_view", "oz_spaces_list_relationships" ], "summary": "List space providers", "x-bash-codegen-description": "Returns the list of providers supporting specific space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_list_relationships` admin privilege.\n", "description": "Returns the list of providers supporting specific space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Get space support token**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/providers\n\n{\n \"providers\": [\n \"MDAxNmxvYZjUGlIcGkweGZta1ZOdEp00eUNINVNvR2001Wl\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of all provider Ids that support a specific space.", "schema": { "$ref": "#/definitions/Providers" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listSpaceProviders id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/spaces/{id}/providers/token": { "post": { "deprecated": true, "operationId": "create_space_support_token", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "space_support_token" }, "x-onedata-permissions": [ "space_add_support", "oz_spaces_add_relationships" ], "summary": "Create space support token", "x-bash-codegen-description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user)\n\nCreates a token which can be submitted to a selected provider in order to\nadd storage support for the space.\n\nThis operation requires `space_add_support` privilege\nor `oz_spaces_add_relationships` admin privilege.\n", "description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user).\n\nCreates a token which can be submitted to a selected provider in order to\nadd storage support for the space.\n\nThis operation requires `space_add_support` privilege\nor `oz_spaces_add_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Create space support token**\n```bash\ncurl -u admin:password -X POST \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/providers/token\n\n{\n \"token\": \"MDAxNmxvY2F00aW9uIHJlZ2lzdHJ5CjAwM2JpZGVudGlmaWVyIHZjUGlIcGkweGZta1ZOdEp00eUNINVNvR2001Wl\"\n}\n```\n", "produces": [ "application/json" ], "consumes": [ "application/json" ], "responses": { "200": { "description": "The token for getting space storage support from a provider.", "schema": { "$ref": "#/definitions/SpaceSupportToken" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createSpaceSupportToken id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/spaces/{id}/providers/{pid}": { "get": { "operationId": "get_space_provider", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_provider", "id": "?BINDING(pid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_SPACE(?BINDING(id))", "x-onedata-permissions": [ "space_view", "oz_providers_view" ], "summary": "Get space provider details", "x-bash-codegen-description": "Returns details about a specific provider supporting the space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_providers_view` admin privilege.\n", "description": "Returns details about a specific provider supporting the space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_providers_view` admin privilege.\n\n***Example cURL requests***\n\n**Get space provider details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/providers/$PROVIDER_ID\n\n{\n \"providerId\": \"6b9bc70630547d925861a27e1f050dfe\",\n \"name\": \"Example provider\",\n \"domain\": \"provider1.example.com\",\n \"latitude\": 50.0647,\n \"longitude\": 19.945,\n \"clusterId\": \"6b9bc70630547d925861a27e1f050dfe\",\n \"online\": true,\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Details about a specific provider supporting a space.", "schema": { "$ref": "#/definitions/ProviderDetails" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "pid", "in": "path", "description": "Provider Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getSpaceProvider id=b752ceafabb662b4e5728b2ded25cdd1 pid=f1c8b1a37aa7447b22eb65a742d40524" } ] }, "delete": { "operationId": "cease_support_by_provider", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "{provider, ?BINDING(pid)}" }, "x-onedata-permissions": [ "space_remove_provider", "oz_spaces_remove_relationships" ], "summary": "Ceases space support by provider", "x-bash-codegen-description": "Ceases the space's support from given provider. WARNING: this will cause irreversible\ndata loss if the data located in given space on given provider is not replicated beforehand.\n\nThis operation requires `space_remove_support` privilege\nor `oz_spaces_remove_relationships` admin privilege.\n", "description": "Ceases the space's support from given provider. WARNING: this will cause irreversible\ndata loss if the data located in given space on given provider is not replicated beforehand.\n\nThis operation requires `space_remove_support` privilege\nor `oz_spaces_remove_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Remove space support**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/providers/$PROVIDER_ID\n```\n", "responses": { "204": { "description": "A space is no longer supported by this provider." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "pid", "in": "path", "description": "Provider Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli ceaseSupportByProvider id=b752ceafabb662b4e5728b2ded25cdd1 pid=f1c8b1a37aa7447b22eb65a742d40524" } ] } }, "/spaces/{id}/harvesters": { "get": { "operationId": "list_space_harvesters", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "harvesters" }, "summary": "List space harvesters", "x-onedata-permissions": [ "space_view", "oz_spaces_list_relationships" ], "x-bash-codegen-description": "Returns the list of harvesters of a specific space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_list_relationships` admin privilege.\n", "description": "Returns the list of harvesters of a specific space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Get space harvesters**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/harvesters\n\n{\n \"harvesters\": [\n \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"8e1cea0b379e3683257c32f896d55115\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of all harvester Ids of a specific space", "schema": { "$ref": "#/definitions/Harvesters" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listSpaceHarvesters id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/spaces/{id}/harvesters/join": { "post": { "operationId": "space_join_harvester", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_harvester", "aspect": "join" }, "x-onedata-auth-hint": "?AS_SPACE(?BINDING(id))", "x-onedata-permissions": [ "space_add_harvester", "oz_harvesters_add_relationships", "oz_spaces_add_relationships" ], "summary": "Join space to a harvester", "x-bash-codegen-description": "Joins the space to an existing harvester based on provided `spaceJoinHarvester`\ninvitation token (the space becomes a metadata source for the harvester).\n\nThis operation requires `space_add_harvester` privilege.\nFor administrator who does not belong to this space\n`oz_harvesters_add_relationships` and `oz_spaces_add_relationships` privilege is required.\n", "description": "Joins the space to an existing harvester based on provided `spaceJoinHarvester`\ninvitation token (the space becomes a metadata source for the harvester).\n\nThis operation requires `space_add_harvester` privilege.\nFor administrator who does not belong to this space\n`oz_harvesters_add_relationships` and `oz_spaces_add_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Join space to a harvester**\n```bash\ncurl -u admin:password -H \"Content-type: application/json\" \\\n-d '{\"token\":\"MDAxNmxvY2F00aW9uIHJlZ2lzdHJ5CjAwM2JpZGVuJ3l02U1JXzstRdK00ZHbso02rRcG8bJLAo\"}' \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/harvesters/join\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the joined harvester in form https://$HOST/api/onezone/v3/spaces/{id}/harvesters/{hid} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the joined harvester.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "spaceJoinHarvester invite token.", "schema": { "$ref": "#/definitions/HarvesterInviteToken" } } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli spaceJoinHarvester id=f1c8b1a37aa7447b22eb65a742d40524 token==MDAxNmxvY2F00aW9uRVM2TVo5UlZ5cGFjZV9jcm" } ] } }, "/spaces/{id}/harvesters/{hid}": { "get": { "operationId": "get_space_harvester", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(hid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_SPACE(?BINDING(id))", "x-onedata-permissions": [ "space_view", "oz_harvesters_view" ], "summary": "Get harvester details", "x-bash-codegen-description": "Returns details about a specific harvester in a space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_harvesters_view` admin privilege.\n", "description": "Returns details about a specific harvester in a space.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_harvesters_view` admin privilege.\n\n***Example cURL requests***\n\n**Get space harvester details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/harvesters/$HARVESTER_ID\n\n{\n \"harvesterId\": \"2c0160248ba9a66f45da751ca459535a\",\n \"name\": \"new_harvester1\",\n \"public\" : true,\n \"harvestingBackendType\" : \"elasticsearch_harvesting_backend\",\n \"harvestingBackendEndpoint\" : \"example.elastic.com:9200\",\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Details of a specific harvester in a space.", "schema": { "$ref": "#/definitions/Harvester" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "hid", "in": "path", "description": "Harvester Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getSpaceHarvester id=b752ceafabb662b4e5728b2ded25cdd1 hid=f1c8b1a37aa7447b22eb65a742d40524" } ] }, "delete": { "operationId": "remove_space_from_harvester", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "{harvester, ?BINDING(hid)}" }, "x-onedata-permissions": [ "space_remove_harvester", "oz_spaces_remove_relationships", "oz_harvesters_remove_relationships" ], "summary": "Remove space from harvester.", "x-bash-codegen-description": "Removes the space {id} from harvester {hid} (metadata from given space will no longer be submitted to given harvester).\n\nThis operation requires `space_remove_harvester` privilege().\nFor administrator who does not belong to this group\n`oz_spaces_remove_relationships` and `oz_harvesters_remove_relationships` privileges are required.\n", "description": "Removes the space {id} from harvester {hid} (metadata from given space will no longer be submitted to given harvester).\n\nThis operation requires `space_remove_harvester` privilege.\nFor administrator who does not belong to this group\n`oz_spaces_remove_relationships` and `oz_harvesters_remove_relationships` privileges are required.\n\n***Example cURL requests***\n\n**Get space harvester details**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/harvesters/$HARVESTER_ID\n```\n", "responses": { "204": { "description": "A space was removed from harvester." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "hid", "in": "path", "description": "Harvester Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeSpaceFromHarvester id=b752ceafabb662b4e5728b2ded25cdd1 hid=f1c8b1a37aa7447b22eb65a742d40524" } ] } }, "/spaces/{id}/owners": { "get": { "operationId": "list_space_owners", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "owners" }, "x-onedata-permissions": [ "space_view", "oz_spaces_view" ], "summary": "List space owners", "x-bash-codegen-description": "Returns the list of owners of a specific space.\n\nSpace owners are members (users) of the space that have absolute power\nregarding the space API and files (analogical to \"root\", but in the scope\nof one space). Being an owner means that user privileges are essentially\nignored and all API operations are allowed.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_view` admin privilege.\n", "description": "Returns the list of owners of a specific space.\n\nSpace owners are members (users) of the space that have absolute power\nregarding the space API and files (analogical to \"root\", but in the scope\nof one space). Being an owner means that user privileges are essentially\nignored and all API operations are allowed.\n\nThis operation requires any of the following authentication:\n* as user who has `space_view` privilege in the space (`{id}`),\n* as provider that supports the space (`{id}`),\n* as user who has `oz_spaces_view` admin privilege.\n\n***Example cURL requests***\n\n**Get space owners**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/owners\n\n{\n \"users\": [\n \"a5b469a2b0516b662a49da74d6d7d7bc\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of all user Ids that are owners of the space.", "schema": { "$ref": "#/definitions/Users" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listSpaceOwners id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/spaces/{id}/owners/{uid}": { "put": { "operationId": "add_space_owner", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "{owner, ?BINDING(uid)}" }, "x-onedata-permissions": [ "oz_spaces_set_privileges" ], "summary": "Add space owner", "x-bash-codegen-description": "Adds user `{uid}` as an owner of space `{id}`. Ownership can only be granted\nto effective members of the space - if the desired user is not a member, they\nhave to be added to the space first. If the new owner is only an indirect\nmember (via a group), he is automatically added as a direct member when\ngranted ownership.\n\nSpace owners are members of the space (users) that have absolute power\nregarding the space API and files (analogical to \"root\", but in the scope\nof one space). Being an owner means that user privileges are essentially\nignored and all API operations are allowed.\n\nThis operation requires any of the following authentication:\n* as user who is currently an owner of the space (`{id}`),\n* as user who has `oz_spaces_set_privileges` admin privilege.\n", "description": "Adds user `{uid}` as an owner of space `{id}`. Ownership can only be granted\nto effective members of the space - if the desired user is not a member, they\nhave to be added to the space first. If the new owner is only an indirect\nmember (via a group), he is automatically added as a direct member when\ngranted ownership.\n\nSpace owners are members of the space (users) that have absolute power\nregarding the space API and files (analogical to \"root\", but in the scope\nof one space). Being an owner means that user privileges are essentially\nignored and all API operations are allowed.\n\nThis operation requires any of the following authentication:\n* as user who is currently an owner of the space (`{id}`),\n* as user who has `oz_spaces_set_privileges` admin privilege.\n\n***Example cURL requests***\n\n**Add space space owner**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" -X PUT \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/owners/$USER_ID\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "The user was added as an owner of the space." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli addSpaceOwner id=b752ceafabb662b4e5728b2ded25cdd1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] }, "delete": { "operationId": "remove_space_owner", "tags": [ "Space" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(id)", "aspect": "{owner, ?BINDING(uid)}" }, "x-onedata-permissions": [ "oz_spaces_set_privileges" ], "summary": "Remove space owner", "x-bash-codegen-description": "Removes user `{uid}` from the owners of space `{id}`. The user is not\nremoved from the space as a member, but his ownership is revoked.\n\nThis operation will fail if the `{uid}` is the last owner of the space.\nFirst, ownership must be granted to another user so that the space has at\nleast one owner.\n\nThis operation requires any of the following authentication:\n* as user who is currently an owner of the space (`{id}`),\n* as user who has `oz_spaces_set_privileges` admin privilege.\n", "description": "Removes user `{uid}` from the owners of space `{id}`. The user is not\nremoved from the space as a member, but his ownership is revoked.\n\nThis operation will fail if the `{uid}` is the last owner of the space.\nFirst, ownership must be granted to another user so that the space has at\nleast one owner.\n\nThis operation requires any of the following authentication:\n* as user who is currently an owner of the space (`{id}`),\n* as user who has `oz_spaces_set_privileges` admin privilege.\n\n***Example cURL requests***\n\n**Remove space owner**\n```bash\ncurl -u admin:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/spaces/$SPACE_ID/owners/$USER_ID\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "The user was removed from the space owners." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeSpaceOwner id=b752ceafabb662b4e5728b2ded25cdd1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] } }, "/shares": { "get": { "operationId": "list_shares", "tags": [ "Share" ], "x-onedata-gri": { "type": "od_share", "aspect": "list" }, "summary": "List all shares", "x-onedata-permissions": [ "oz_shares_list" ], "x-bash-codegen-description": "Returns the list of all shares managed by the Onezone service.\n\nNOTE: Only Oneprovider API supports creating / deleting shares and is\npreferred for all share operations. Onezone API is limited to retrieving\nand modifying share details.\n\nThis operation requires admin privilege `oz_shares_list`.\n", "description": "Returns the list of all shares managed by the Onezone service.\n\nNOTE: Only Oneprovider API supports creating / deleting shares and is\npreferred for all share operations. Onezone API is limited to retrieving\nand modifying share details.\n\nThis operation requires admin privilege `oz_shares_list`.\n\n***Example cURL requests***\n\n**Get shares**\n```bash\ncurl -u admin:password -X GET https://$HOST/api/v3/onezone/shares\n\n{\n \"shares\": [\n \"303884afb761d91a7362b2841647bc08\",\n \"32919d6a51bac9b040c7cb7961fdccf3\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of shares.", "schema": { "$ref": "#/definitions/Shares" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listShares" } ] } }, "/shares/{id}": { "get": { "operationId": "get_share", "tags": [ "Share" ], "x-onedata-gri": { "type": "od_share", "id": "?BINDING(id)", "aspect": "instance", "scope": "private" }, "x-onedata-permissions": [ "space_view", "oz_shares_view" ], "summary": "Get share details", "x-bash-codegen-description": "Returns the private details about a specific share.\n\nNOTE: Only Oneprovider API supports creating / deleting shares and is\npreferred for all share operations. Onezone API is limited to retrieving\nand modifying share details.\n\nThis operation requires `space_view` privilege in space where share is created or\n`oz_shares_view` admin privilege.\n", "description": "Returns the private details about a specific share.\n\nNOTE: Only Oneprovider API supports creating / deleting shares and is\npreferred for all share operations. Onezone API is limited to retrieving\nand modifying share details.\n\nThis operation requires `space_view` privilege in space where share is created or\n`oz_shares_view` admin privilege.\n\n***Example cURL requests***\n\n**Get share details**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/shares/$SHARE_ID\n\n{\n \"shareId\": \"1f4b762b1380946e73aeca574c77f14c\",\n \"name\": \"Experiment XYZ\",\n \"description\": \"# Experiment XYZ\\nThis collection contains results from Experiment XYZ.\",\n \"publicUrl\": \"https://example.com/shares/1f4b762b1380946e73aeca574c77f14c\",\n \"publicRestUrl\": \"https://example.com/api/v3/onezone/shares/1f4b762b1380946e73aeca574c77f14c/public\",\n \"fileType\": \"dir\",\n \"rootFileId\": \"00000000006CB663736861726547756964233339643236366165646365\\\n 6266666164353939663761373734313235363166342336656331613534313362366634653\\\n 2623031613563383561386664373937653223316634623736326231333830393436653733\\\n 6165636135373463373766313463\",\n \"spaceId\": \"6ec1a5413b6f4e2b01a5c85a8fd797e2\",\n \"handleId\" \"70570c0ebcd081835ca29560708fd98f\",\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Information about a share.", "schema": { "$ref": "#/definitions/Share" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Share Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getShare id=303884afb761d91a7362b2841647bc08" } ] }, "patch": { "operationId": "modify_share", "tags": [ "Share" ], "x-onedata-gri": { "type": "od_share", "id": "?BINDING(id)", "aspect": "instance" }, "x-onedata-permissions": [ "space_manage_shares", "oz_shares_update" ], "summary": "Modify share details", "x-bash-codegen-description": "Updates the share details - name or description.\n\nNOTE: Only Oneprovider API supports creating / deleting shares and is\npreferred for all share operations. Onezone API is limited to retrieving\nand modifying share details.\n\nThis operation requires privilege `space_manage_shares` in space\nin which the share was created or `oz_shares_update` admin privilege.\n", "description": "Updates the share details - name or description.\n\nNOTE: Only Oneprovider API supports creating / deleting shares and is\npreferred for all share operations. Onezone API is limited to retrieving\nand modifying share details.\n\nThis operation requires privilege `space_manage_shares` in space\nin which the share was created or `oz_shares_update` admin privilege.\n\n***Example cURL requests***\n\n**Modify share details**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" \\\n-X PATCH -d '{\"name\": \"NewShareName\", \"description\": \"# New description\"}' \\\nhttps://$HOST/api/v3/onezone/shares/$SHARE_ID\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "Share details have been updated." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "New share details", "schema": { "type": "object", "properties": { "name": { "type": "string", "description": "New name for the share." }, "description": { "type": "string", "description": "New description of the share." } } }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli modifyShare id=303884afb761d91a7362b2841647bc08 name==NewShareName description==\"# New description\"" } ] } }, "/shares/{id}/public": { "get": { "operationId": "get_public_share_details", "tags": [ "Share" ], "x-onedata-gri": { "type": "od_share", "id": "?BINDING(id)", "aspect": "instance", "scope": "public" }, "summary": "Get public share details", "x-bash-codegen-description": "Returns the publicly available details of a specific share. This endpoint\nis available for anyone knowing the share Id, without authentication.\n", "description": "Returns the publicly available details of a specific share. This endpoint\nis available for anyone knowing the share Id, without authentication.\n\n***Example cURL requests***\n\n**Get public share details**\n```bash\ncurl -X GET https://$HOST/api/v3/onezone/shares/$SHARE_ID/public\n\n{\n \"shareId\": \"1f4b762b1380946e73aeca574c77f14c\",\n \"name\": \"Experiment XYZ\",\n \"description\": \"# Experiment XYZ\\nThis collection contains results from Experiment XYZ.\",\n \"publicUrl\": \"https://example.com/shares/1f4b762b1380946e73aeca574c77f14c\",\n \"publicRestUrl\": \"https://example.com/api/v3/onezone/shares/1f4b762b1380946e73aeca574c77f14c/public\",\n \"fileType\": \"dir\",\n \"rootFileId\": \"00000000006CB663736861726547756964233339643236366165646365\\\n 6266666164353939663761373734313235363166342336656331613534313362366634653\\\n 2623031613563383561386664373937653223316634623736326231333830393436653733\\\n 6165636135373463373766313463\",\n \"handleId\" \"70570c0ebcd081835ca29560708fd98f\",\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Public information about a share.", "schema": { "$ref": "#/definitions/Share" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Share Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getPublicShareDetails id=303884afb761d91a7362b2841647bc08" } ] } }, "/shares/data/{file_id}/{subpath}": { "get": { "operationId": "get_shared_data", "tags": [ "Share" ], "x-onedata-gri": { "type": "od_share", "id": "undefined", "aspect": "{shared_data, ?BINDING(file_id)}", "scope": "public" }, "summary": "Get shared file or directory data", "x-bash-codegen-description": "This endpoint can be used to fetch publicly available information and\ncontent of a shared file or directory knowing its Id, without any\nauthentication. It redirects to the corresponding REST endpoint in one of\nthe supporting Oneproviders. The Oneprovider is chosen dynamically and may\nchange in time, so the redirection URL should not be cached.\n\nThe endpoint accepts only identifiers of shared files/directories and will\nreject requests if a containing share is deleted. The shared file/directory\nId can be acquired either by fetching public share details or by listing a\nshared directory.\n\nThe provided query string (if any) is preserved during redirection - consult\ncorresponding Oneprovider REST endpoints for possible options.\n\nCurrently, publicly available operations are:\n* `{...}/$FILE_ID/content` - download binary file content\n (see Oneprovider [REST endpoint](https://onedata.org/#/home/api/stable/oneprovider?anchor=operation/download_file_content))\n\n* `{...}/$FILE_ID/children` - list directory files and subdirectories\n (see Oneprovider [REST endpoint](https://onedata.org/#/home/api/stable/oneprovider?anchor=operation/list_children))\n\n* `{...}/$FILE_ID` - get basic attributes of a file or directory\n (see Oneprovider [REST endpoint](https://onedata.org/#/home/api/stable/oneprovider?anchor=operation/get_attrs))\n\n* `{...}/$FILE_ID/metadata/xattrs` - get custom extended attributes (xattrs) associated with a file or directory\n (see Oneprovider [REST endpoint](https://onedata.org/#/home/api/stable/oneprovider?anchor=operation/get_xattrs))\n\n* `{...}/$FILE_ID/metadata/json` - get custom JSON metadata associated with a file or directory\n (see Oneprovider [REST endpoint](https://onedata.org/#/home/api/stable/oneprovider?anchor=operation/get_json_metadata))\n\n* `{...}/$FILE_ID/metadata/rdf` - get custom RDF metadata associated with a file or directory\n (see Oneprovider [REST endpoint](https://onedata.org/#/home/api/stable/oneprovider?anchor=operation/get_rdf_metadata))\n\nThe endpoint will return `503 Service Unavailable` when there is no suitable\nOneprovider to handle the request and `501 Not Implemented` when all available\nOneproviders are in versions older than `20.02.*`. If an invalid subpath\nis requested, the target Oneprovider will respond with a proper error.\n", "description": "This endpoint can be used to fetch publicly available information and\ncontent of a shared file or directory knowing its Id, without any\nauthentication. It redirects to the corresponding REST endpoint in one of\nthe supporting Oneproviders. The Oneprovider is chosen dynamically and may\nchange in time, so the redirection URL should not be cached.\n\nThe endpoint accepts only identifiers of shared files/directories and will\nreject requests if a containing share is deleted. The shared file/directory\nId can be acquired either by fetching public share details or by listing a\nshared directory.\n\nThe provided query string (if any) is preserved during redirection - consult\ncorresponding Oneprovider REST endpoints for possible options.\n\nCurrently, publicly available operations are:\n* `{...}/$FILE_ID/content` - download binary file content\n (see Oneprovider [REST endpoint](https://onedata.org/#/home/api/stable/oneprovider?anchor=operation/download_file_content))\n\n* `{...}/$FILE_ID/children` - list directory files and subdirectories\n (see Oneprovider [REST endpoint](https://onedata.org/#/home/api/stable/oneprovider?anchor=operation/list_children))\n\n* `{...}/$FILE_ID` - get basic attributes of a file or directory\n (see Oneprovider [REST endpoint](https://onedata.org/#/home/api/stable/oneprovider?anchor=operation/get_attrs))\n\n* `{...}/$FILE_ID/metadata/xattrs` - get custom extended attributes (xattrs) associated with a file or directory\n (see Oneprovider [REST endpoint](https://onedata.org/#/home/api/stable/oneprovider?anchor=operation/get_xattrs))\n\n* `{...}/$FILE_ID/metadata/json` - get custom JSON metadata associated with a file or directory\n (see Oneprovider [REST endpoint](https://onedata.org/#/home/api/stable/oneprovider?anchor=operation/get_json_metadata))\n\n* `{...}/$FILE_ID/metadata/rdf` - get custom RDF metadata associated with a file or directory\n (see Oneprovider [REST endpoint](https://onedata.org/#/home/api/stable/oneprovider?anchor=operation/get_rdf_metadata))\n\nThe endpoint will return `503 Service Unavailable` when there is no suitable\nOneprovider to handle the request and `501 Not Implemented` when all available\nOneproviders are in versions older than `20.02.*`. If an invalid subpath\nis requested, the target Oneprovider will respond with a proper error.\n\n***Example cURL requests***\n\n**Get shared file or directory data**\n```bash\ncurl -v -X GET https://$HOST/api/v3/onezone/shares/data/$FILE_ID/content\n\n< HTTP/1.1 307 Temporary Redirect\n< location: https://provider.example.com/api/v3/oneprovider/data/$FILE_ID/content\n\n# -------------------------------------------------------------------------------\n\ncurl -v -X GET https://$HOST/api/v3/onezone/shares/data/$FILE_ID/children?limit=3\n\n< HTTP/1.1 307 Temporary Redirect\n< location: https://provider.example.com/api/v3/oneprovider/data/$FILE_ID/children?limit=3\n\n# -------------------------------------------------------------------------------\n\n# automatically follow redirects with -L option, request a byte range\ncurl -L -X GET https://$HOST/api/v3/onezone/shares/data/$FILE_ID/content \\\n-H \"Range: bytes=5-8\"\n\nfghi\n```\n", "produces": [ "application/json" ], "responses": { "307": { "description": "Redirection to one of the supporting providers in the response `Location` header.\n", "headers": { "Location": { "description": "URL of the endpoint that can be used to perform the operation.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } }, "501": { "description": "Not Implemented - all available providers are in versions older than `20.02.*`.", "schema": { "$ref": "#/definitions/Error" } }, "503": { "description": "Service Unavailable - there is no suitable provider to handle the request.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "file_id", "in": "path", "description": "Shared file/directory Id.", "type": "string", "required": true }, { "name": "subpath", "in": "path", "description": "Subpath corresponding to desired\n[Oneprovider REST API](https://onedata.org/#/home/api/stable/oneprovider?anchor=tag/Basic-File-Operations)\noperation.\n", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getSharedData file_id=000000000055D4E4836803640004677569646D00 subpath='content'" } ] } }, "/providers": { "get": { "operationId": "oz_providers_list", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_provider", "aspect": "list" }, "x-onedata-permissions": [ "oz_providers_list" ], "summary": "List providers", "x-bash-codegen-description": "Returns the list of providers registered in the Onezone service.\n\nThis operation requires `oz_providers_list` admin privilege.\n", "description": "Returns the list of providers registered in the Onezone service.\n\nThis operation requires `oz_providers_list` admin privilege.\n\n***Example cURL requests***\n\n**Get list of providers**\n```bash\ncurl -Ssk -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/providers\n\n{\n \"providers\": [\n \"WEavnRE7c49EU2sjF0Rz7l_kpiA1IBrwbDxNfH87Plc\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "List of provider Ids.", "schema": { "$ref": "#/definitions/Providers" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli ozProvidersList" } ] }, "post": { "operationId": "register_provider", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_provider", "aspect": "instance" }, "summary": "Register provider", "x-bash-codegen-description": "Registers a Oneprovider in Onezone service. Upon success, a new cluster is\ncreated, with the registering user linked to it. The cluster Id is the same\nas Oneprovider Id.\n\nRequires a valid provider registration token - see:\n * [Create provider registration token for self](#operation/user_create_provider_registration_token_for_self)\n * [Create provider registration token for a user](#operation/user_create_provider_registration_token)\n\nThis operation has public access.\n", "description": "Registers a Oneprovider in Onezone service. Upon success, a new cluster is\ncreated, with the registering user linked to it. The cluster Id is the same\nas Oneprovider Id.\n\nRequires a valid provider registration token - see:\n * [Create provider registration token for self](#operation/user_create_provider_registration_token_for_self)\n * [Create provider registration token for a user](#operation/user_create_provider_registration_token)\n\nThis operation has public access.\n\n***Example cURL requests***\n\n**Register provider**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" \\\n-X POST -d '{\n \"token\" : \"MDAxNmxvY2F00aW9uIHJlZ2lzdHJ5CjAwM2JpZGVudGlmaW\",\n \"name\" : \"My provider\",\n \"subdomainDelegation\" : \"false\",\n \"domain\" : \"my-provider.example.com\",\n \"latitude\" : \"50.0647\",\n \"longitude\" : \"19.9450\",\n}' \\\nhttps://$HOST/api/v3/onezone/provider\n```\n", "consumes": [ "application/json" ], "responses": { "200": { "description": "Provider registered successfully.", "schema": { "$ref": "#/definitions/ProviderRegistrationResponse" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "data", "in": "body", "description": "Provider reqistration request.", "schema": { "$ref": "#/definitions/ProviderRegistrationRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "cat registration_request.json | onezone-rest-cli registerProvider -" } ] } }, "/providers/{id}": { "get": { "operationId": "get_provider_details", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_provider", "id": "?BINDING(id)", "aspect": "instance", "scope": "protected" }, "x-onedata-permissions": [ "oz_providers_view" ], "summary": "Get provider details", "x-bash-codegen-description": "Returns the information about a specific Oneprovider service that is\nregistered in Onezone.\n\nThis operation requires any of the following authentication:\n* as any provider (providers are allowed to view each other's data),\n* as user who is an effective member in a space supported by the subject provider,\n* as user who has `oz_providers_view` admin privilege.\n", "description": "Returns the information about a specific Oneprovider service that is\nregistered in Onezone.\n\nThis operation requires any of the following authentication:\n* as any provider (providers are allowed to view each other's data),\n* as user who is an effective member in a space supported by the subject provider,\n* as user who has `oz_providers_view` admin privilege.\n\n***Example cURL requests***\n\n**Get specific provider details**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X GET \\\nhttps://$HOST/api/v3/onezone/providers/$PROVIDER_ID\n\n{\n \"providerId\": \"6b9bc70630547d925861a27e1f050dfe\",\n \"name\": \"Example provider\",\n \"domain\": \"provider1.example.com\",\n \"latitude\": 50.0647,\n \"longitude\": 19.945,\n \"clusterId\": \"6b9bc70630547d925861a27e1f050dfe\",\n \"online\": true,\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Information about a provider.", "schema": { "$ref": "#/definitions/ProviderDetails" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Provider Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getProviderDetails id=WEavnRE7c49EU2sjF0Rz7l_kpiA1IBrwbDxNfH87Plc" } ] }, "delete": { "operationId": "remove_provider", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_provider", "id": "?BINDING(id)", "aspect": "instance" }, "summary": "Remove provider", "x-onedata-permissions": [ "oz_providers_delete" ], "x-bash-codegen-description": "Removes (unregisters) given Oneprovider from Onezone.\n\nThis operation requires any of the following authentication:\n* as the subject provider (`{id}`),\n* as user who has `oz_providers_delete` admin privilege.\n", "description": "Removes (unregisters) given Oneprovider from Onezone.\n\nThis operation requires any of the following authentication:\n* as the subject provider (`{id}`),\n* as user who has `oz_providers_delete` admin privilege.\n\n***Example cURL requests***\n\n**Get specific provider details**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X DELETE \\\nhttps://$HOST/api/v3/onezone/providers/$PROVIDER_ID\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "Provider will be unregistered." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Provider Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeProvider id=WEavnRE7c49EU2sjF0Rz7l_kpiA1IBrwbDxNfH87Plc" } ] } }, "/providers/{id}/effective_users": { "get": { "operationId": "list_effective_provider_users", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_provider", "id": "?BINDING(id)", "aspect": "eff_users" }, "x-onedata-permissions": [ "oz_providers_list_relationships" ], "summary": "List effective users of provider", "x-bash-codegen-description": "Returns the list of effective users of a specific provider.\n\nThis operation requires any of the following authentication:\n* as the subject provider (`{id}`),\n* as user who has `cluster_view` privilege in the cluster corresponding to\n the subject provider,\n* as user who has `oz_providers_list_relationships` admin privilege.\n", "description": "Returns the list of effective users of a specific provider.\n\nThis operation requires any of the following authentication:\n* as the subject provider (`{id}`),\n* as user who has `cluster_view` privilege in the cluster corresponding to\n the subject provider,\n* as user who has `oz_providers_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**List effective users of a provider**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/providers/$PROVIDER_ID/users\n\n{\n \"users\": [\n \"1ad4551e2c127fac3850374eeb2dfec4\",\n \"a6c6e47cc477aa4d3f8c61ce71df9850\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of effective user Ids.", "schema": { "$ref": "#/definitions/Users" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "description": "Provider Id.", "type": "string", "in": "path", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveProviderUsers id=bf01a1d82c0f3032be369a223bc4457a" } ] } }, "/providers/{id}/effective_users/{uid}": { "get": { "operationId": "get_effective_provider_user", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_user", "id": "?BINDING(uid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_PROVIDER(?BINDING(id))", "x-onedata-permissions": [ "oz_users_view" ], "summary": "Get effective user of provider", "x-bash-codegen-description": "Returns the details of an effective user of a specific provider.\nThis operation requires any of the following authentication:\n* as the subject provider (`{id}`),\n* as user who has `cluster_view` privilege in the cluster corresponding to\n the subject provider,\n* as user who has `oz_users_view` admin privilege.\n", "description": "Returns the details of an effective user of a specific provider.\nThis operation requires any of the following authentication:\n* as the subject provider (`{id}`),\n* as user who has `cluster_view` privilege in the cluster corresponding to\n the subject provider,\n* as user who has `oz_users_view` admin privilege.\n\n***Example cURL requests***\n\n**Get effective user of a provider**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/providers/$PROVIDER_ID/effective_users/$USER_ID\n\n{\n \"userId\" : \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"fullName\" : \"John Doe\",\n \"username\" : \"jodoe\",\n \"emails\" : [],\n \"linkedAccounts\" : []\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The effective user details.", "schema": { "$ref": "#/definitions/User" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "description": "Provider Id.", "type": "string", "in": "path", "required": true }, { "name": "uid", "description": "User Id.", "type": "string", "in": "path", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveProviderUser id=1f290dd428ff09aab8ca014d24154a35 uid=051f1a51d80c664b0d9528d81ee56a93" } ] } }, "/providers/{id}/effective_users/{uid}/membership": { "get": { "operationId": "get_effective_user_provider_membership_intermediaries", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_provider", "id": "?BINDING(id)", "aspect": "{eff_user_membership, ?BINDING(uid)}" }, "x-onedata-permissions": [ "provider_view", "oz_providers_view" ], "summary": "Get effective user's provider membership intermediaries", "x-bash-codegen-description": "Returns the effective user's (`{uid}`) provider membership intermediaries -\nspaces from which the user inherits access to the provider (`{id}`).\n\nThis operation requires any of the following authentication:\n* as the subject provider (`{id}`),\n* as user who has `cluster_view` privilege in the cluster corresponding to\n the subject provider,\n* as user (`{uid}`) who is an effective member of the provider (`{id}`),\n* as user who has `oz_providers_view` admin privilege.\n", "description": "Returns the effective user's (`{uid}`) provider membership intermediaries -\nspaces from which the user inherits access to the provider (`{id}`).\n\nThis operation requires any of the following authentication:\n* as the subject provider (`{id}`),\n* as user who has `cluster_view` privilege in the cluster corresponding to\n the subject provider,\n* as user (`{uid}`) who is an effective member of the provider (`{id}`),\n* as user who has `oz_providers_view` admin privilege.\n\n***Example cURL requests***\n\n**Get effective user's provider membership intermediaries**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/providers/$PROVIDER_ID/effective_users/$USER_ID/membership\n\n{\n \"intermediaries\": [\n {\"type\": \"space\", \"id\": \"95527367966a95639e93a88718450b36\"},\n {\"type\": \"space\", \"id\": \"2ef3de15fd49b3d6420f58428a6ad219\"}\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of membership intermediaries.", "schema": { "$ref": "#/definitions/MembershipIntermediaries" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Provider Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveUserProviderMembershipIntermediaries id=b752ceafabb662b4e5728b2ded25cdd1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] } }, "/providers/{id}/effective_groups": { "get": { "operationId": "list_effective_provider_groups", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_provider", "id": "?BINDING(id)", "aspect": "eff_groups" }, "x-onedata-permissions": [ "oz_providers_list_relationships" ], "summary": "List effective groups of provider", "x-bash-codegen-description": "Returns the list of effective groups of a specific provider.\n\nThis operation requires any of the following authentication:\n* as the subject provider (`{id}`),\n* as user who has `cluster_view` privilege in the cluster corresponding to\n the subject provider,\n* as user who has `oz_providers_list_relationships` admin privilege.\n", "description": "Returns the list of effective groups of a specific provider.\n\nThis operation requires any of the following authentication:\n* as the subject provider (`{id}`),\n* as user who has `cluster_view` privilege in the cluster corresponding to\n the subject provider,\n* as user who has `oz_providers_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**List groups of a provider**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/providers/$PROVIDER_ID/groups\n\n{\n \"groups\": [\n \"1ad4551e2c127fac3850374eeb2dfec4\",\n \"a6c6e47cc477aa4d3f8c61ce71df9850\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of group Ids.", "schema": { "$ref": "#/definitions/Groups" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "description": "Provider Id.", "type": "string", "in": "path", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveProviderGroups id=4bcbbee276f0ff703dce2029f6cdf37c" } ] } }, "/providers/{id}/effective_groups/{gid}": { "get": { "operationId": "get_effective_provider_group", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(gid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_PROVIDER(?BINDING(id))", "x-onedata-permissions": [ "oz_groups_view" ], "summary": "Get group of provider", "x-bash-codegen-description": "Returns the details of an effective group of a specific provider.\n\nThis operation requires any of the following authentication:\n* as the subject provider (`{id}`),\n* as user who has `cluster_view` privilege in the cluster corresponding to\n the subject provider,\n* as user who has `oz_groups_view` admin privilege.\n", "description": "Returns the details of an effective group of a specific provider.\n\nThis operation requires any of the following authentication:\n* as the subject provider (`{id}`),\n* as user who has `cluster_view` privilege in the cluster corresponding to\n the subject provider,\n* as user who has `oz_groups_view` admin privilege.\n\n***Example cURL requests***\n\n**Get group of a provider**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/providers/$PROVIDER_ID/groups/$GROUP_ID\n\n{\n \"groupId\":\"051f1a51d80c664b0d9528d81ee56a93\",\n \"name\":\"new_group\",\n \"type\":\"team\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The group Id.", "schema": { "$ref": "#/definitions/Group" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "description": "Provider Id.", "type": "string", "in": "path", "required": true }, { "name": "gid", "description": "Group Id.", "type": "string", "in": "path", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveProviderGroup id=1f290dd428ff09aab8ca014d24154a35 gid=051f1a51d80c664b0d9528d81ee56a93" } ] } }, "/providers/{id}/effective_groups/{gid}/membership": { "get": { "operationId": "get_effective_group_provider_membership_intermediaries", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_provider", "id": "?BINDING(id)", "aspect": "{eff_group_membership, ?BINDING(gid)}" }, "x-onedata-permissions": [ "provider_view", "oz_providers_view" ], "summary": "Get effective group's provider membership intermediaries", "x-bash-codegen-description": "Returns the effective group's (`{gid}`) provider membership intermediaries -\nspaces from which the group inherits access to the provider (`{id}`).\n\nThis operation requires any of the following authentication:\n* as the subject provider (`{id}`),\n* as user who has `cluster_view` privilege in the cluster corresponding to\n the subject provider,\n* as user (`{uid}`) who is an effective member of the group (`{gid}`),\n* as user who has `oz_providers_view` admin privilege.\n", "description": "Returns the effective group's (`{gid}`) provider membership intermediaries -\nspaces from which the group inherits access to the provider (`{id}`).\n\nThis operation requires any of the following authentication:\n* as the subject provider (`{id}`),\n* as user who has `cluster_view` privilege in the cluster corresponding to\n the subject provider,\n* as user (`{uid}`) who is an effective member of the group (`{gid}`),\n* as user who has `oz_providers_view` admin privilege.\n\n***Example cURL requests***\n\n**Get effective group's provider membership intermediaries**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/providers/$PROVIDER_ID/effective_groups/$GROUP_ID/membership\n\n{\n \"intermediaries\": [\n {\"type\": \"space\", \"id\": \"95527367966a95639e93a88718450b36\"},\n {\"type\": \"space\", \"id\": \"2ef3de15fd49b3d6420f58428a6ad219\"}\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of membership intermediaries.", "schema": { "$ref": "#/definitions/MembershipIntermediaries" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Provider Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveGroupProviderMembershipIntermediaries id=b752ceafabb662b4e5728b2ded25cdd1 gid=a5b469a2b0516b662a49da74d6d7d7bc" } ] } }, "/providers/{id}/spaces": { "get": { "operationId": "list_provider_supported_spaces", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_provider", "id": "?BINDING(id)", "aspect": "spaces" }, "summary": "List provider's supported spaces", "x-onedata-permissions": [ "oz_providers_list_relationships" ], "x-bash-codegen-description": "Returns the list of spaces supported by specific provider.\n\nThis operation requires any of the following authentication:\n* as the subject provider (`{id}`),\n* as user who has `cluster_view` privilege in the cluster corresponding to\n the subject provider,\n* as user who has `oz_providers_list_relationships` admin privilege.\n", "description": "Returns the list of spaces supported by specific provider.\n\nThis operation requires any of the following authentication:\n* as the subject provider (`{id}`),\n* as user who has `cluster_view` privilege in the cluster corresponding to\n the subject provider,\n* as user who has `oz_providers_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**List spaces supported by provider**\n```bash\ncurlsS -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/providers/$PROVIDER_ID/spaces\n\n{\n \"spaces\": [\n \"1ad4551e2c127fac3850374eeb2dfec4\",\n \"a6c6e47cc477aa4d3f8c61ce71df9850\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of space Ids.", "schema": { "$ref": "#/definitions/Spaces" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "description": "Provider Id.", "type": "string", "in": "path", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listProviderSupportedSpaces id=0f7fa3347bd2f090acc6ed246e1f1747" } ] } }, "/providers/{id}/spaces/{sid}": { "get": { "operationId": "get_provider_space", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(sid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_PROVIDER(?BINDING(id))", "x-onedata-permissions": [ "oz_spaces_view" ], "summary": "Get space supported by provider", "x-bash-codegen-description": "Returns the details of space supported by a specific provider.\n\nThis operation requires any of the following authentication:\n* as the subject provider (`{id}`),\n* as user who has `cluster_view` privilege in the cluster corresponding to\n the subject provider,\n* as user who has `oz_spaces_view` admin privilege.\n", "description": "Returns the details of space supported by a specific provider.\n\nThis operation requires any of the following authentication:\n* as the subject provider (`{id}`),\n* as user who has `cluster_view` privilege in the cluster corresponding to\n the subject provider,\n* as user who has `oz_spaces_view` admin privilege.\n\n***Example cURL requests***\n\n**Get space supported by provider**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/providers/$PROVIDER_ID/spaces/$SPACE_ID\n\n{\n \"spaceId\": \"2c0160248ba9a66f45da751ca459535a\",\n \"name\": \"new_space1\",\n \"providers\": {\n \"296ebe3c20e9666dc489b647f8647f12\" : 5368709120\n },\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebfc1a770c3\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The space details.", "schema": { "$ref": "#/definitions/Space" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "description": "Provider Id.", "type": "string", "in": "path", "required": true }, { "name": "sid", "description": "Space Id.", "type": "string", "in": "path", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getProviderSpace id=1f290dd428ff09aab8ca014d24154a35 sid=051f1a51d80c664b0d9528d81ee56a93" } ] } }, "/providers/{id}/domain_config": { "get": { "operationId": "get_provider_domain_config", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_provider", "id": "?BINDING(id)", "aspect": "domain_config" }, "summary": "Get provider's domain config", "x-onedata-permissions": [ "oz_providers_view" ], "x-bash-codegen-description": "Returns the domain config of specific Oneprovider.\n\nThis operation requires any of the following authentication:\n* as the subject provider (`{id}`),\n* as user who has `cluster_view` privilege in the cluster corresponding to\n the subject provider,\n* as user who has `oz_providers_view` admin privilege.\n", "description": "Returns the domain config of specific provider.\n\nThis operation requires any of the following authentication:\n* as the subject provider (`{id}`),\n* as user who has `cluster_view` privilege in the cluster corresponding to\n the subject provider,\n* as user who has `oz_providers_view` admin privilege.\n\n***Example cURL requests***\n\n**Get provider's domain config**\n```bash\ncurl -sS -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/providers/$PROVIDER_ID/domain_config\n\n{\n \"subdomainDelegation\": true,\n \"domain\": \"provider1.onezone.example.com\",\n \"subdomain\": \"provider1\",\n \"ipList\": [\"172.17.0.1\", \"172.17.0.2\", \"172.17.0.3\"]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The provider's domain config.", "schema": { "$ref": "#/definitions/ProviderDomainConfig" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "description": "Provider Id.", "type": "string", "in": "path", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getProviderDomainConfig id=0f7fa3347bd2f090acc6ed246e1f1747" } ] } }, "/provider": { "get": { "operationId": "get_current_provider_details", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_provider", "id": "?CLIENT_ID", "aspect": "instance", "scope": "protected" }, "summary": "Get current provider details", "x-bash-codegen-description": "Returns information about the Oneprovider that performed the request.\n\nThis operation requires provider authentication - see\n[provider auth token](#section/Overview/Authentication-and-authorization).\n", "description": "Returns information about the Oneprovider that performed the request.\n\nThis operation requires provider authentication - see\n[provider auth token](#section/Overview/Authentication-and-authorization).\n\n***Example cURL requests***\n\n**Get information about provider**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" https://$HOST/api/v3/onezone/provider\n\n{\n \"providerId\": \"6b9bc70630547d925861a27e1f050dfe\",\n \"name\": \"Example provider\",\n \"domain\": \"provider1.example.com\",\n \"latitude\": 50.0647,\n \"longitude\": 19.945,\n \"clusterId\": \"6b9bc70630547d925861a27e1f050dfe\",\n \"online\": true,\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the information about Oneprovider.", "schema": { "$ref": "#/definitions/ProviderDetails" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getCurrentProviderDetails" } ] }, "patch": { "operationId": "modify_provider", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_provider", "id": "?CLIENT_ID", "aspect": "instance" }, "summary": "Modify provider details", "x-bash-codegen-description": "Updates information about the Oneprovider that performed the request.\n\nThis operation requires provider authentication - see\n[provider auth token](#section/Overview/Authentication-and-authorization).\n", "description": "Updates information about the Oneprovider that performed the request.\n\nThis operation requires provider authentication - see\n[provider auth token](#section/Overview/Authentication-and-authorization).\n\n***Example cURL requests***\n\n**Update provider geo location**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -H \"Content-type: application/json\" -X PATCH \\\n-d '{\"latitude\": 50.068968,\"longitude\": 20.909444}' \\\nhttps://$HOST/api/v3/onezone/provider\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "Provider details updated successfully." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "data", "in": "body", "description": "Provider data.", "schema": { "$ref": "#/definitions/ProviderUpdateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "cat provider_details.json | onezone-rest-cli modifyProvider -" } ] }, "delete": { "operationId": "unregister_provider", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_provider", "id": "?CLIENT_ID", "aspect": "instance" }, "summary": "Unregister provider", "x-bash-codegen-description": "Allows Oneprovider service to unregister from Onezone - concerns the\nOneprovider that performed the request.\n\nThis operation requires provider authentication - see\n[provider auth token](#section/Overview/Authentication-and-authorization).\n", "description": "Allows Oneprovider service to unregister from Onezone - concerns the\nOneprovider that performed the request.\n\nThis operation requires provider authentication - see\n[provider auth token](#section/Overview/Authentication-and-authorization).\n\n***Example cURL requests***\n\n**Unregister provider from Onezone**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X DELETE \\\nhttps://$HOST/api/v3/onezone/provider\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "Provider will be unregistered." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli unregisterProvider" } ] } }, "/provider/spaces": { "get": { "operationId": "list_current_provider_supported_spaces", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_provider", "id": "?CLIENT_ID", "aspect": "spaces" }, "summary": "List current provider's supported spaces", "x-bash-codegen-description": "Returns the list of spaces managed by the Oneprovider that performed the request.\n\nThis operation requires provider authentication - see\n[provider auth token](#section/Overview/Authentication-and-authorization).\n", "description": "Returns the list of spaces managed by the Oneprovider that performed the request.\n\nThis operation requires provider authentication - see\n[provider auth token](#section/Overview/Authentication-and-authorization).\n\n***Example cURL requests***\n\n**Get spaces supported by provider**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X GET https://$HOST/api/v3/onezone/provider/spaces\n\n{\n \"spaces\": [\n \"1ad4551e2c127fac3850374eeb2dfec4\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of space Ids.", "schema": { "$ref": "#/definitions/Spaces" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listCurrentProviderSupportedSpaces" } ] } }, "/provider/spaces/{sid}": { "get": { "operationId": "get_supported_space", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(sid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_PROVIDER(?CLIENT_ID)", "summary": "Get space details by provider", "x-bash-codegen-description": "Returns information about a specific space supported by the Oneprovider that\nperformed the request.\n\nThis operation requires provider authentication - see\n[provider auth token](#section/Overview/Authentication-and-authorization).\n", "description": "Returns information about a specific space supported by the Oneprovider that\nperformed the request.\n\nThis operation requires provider authentication - see\n[provider auth token](#section/Overview/Authentication-and-authorization).\n\n***Example cURL requests***\n\n**Get space details**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X GET \\\nhttps://$HOST/api/v3/onezone/provider/spaces/$SPACE_ID\n\n{\n \"spaceId\": \"2c0160248ba9a66f45da751ca459535a\",\n \"name\": \"new_space1\",\n \"providers\": {\n \"296ebe3c20e9666dc489b647f8647f12\" : 5368709120\n },\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebfc1a770c3\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the information about a specific space.", "schema": { "$ref": "#/definitions/Space" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "sid", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getSupportedSpace sid=WEavnRE7c49EU2sjF0Rz7l_kpiA1IBrwbDxNfH87Plc" } ] }, "patch": { "deprecated": true, "operationId": "modify_supported_space", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_provider", "id": "?CLIENT_ID", "aspect": "{space, ?BINDING(sid)}" }, "summary": "Modify supported space", "x-bash-codegen-description": "Modifies the support size of a space supported by the Oneprovider that\nperformed the request.\n\nThis operation requires provider authentication - see\n[provider auth token](#section/Overview/Authentication-and-authorization).\n", "description": "Modifies the support size of a space supported by the Oneprovider that\nperformed the request.\n\nThis operation requires provider authentication - see\n[provider auth token](#section/Overview/Authentication-and-authorization).\n\n***Example cURL requests***\n\n**Change supported size**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -H \"Content-type: application/json\" \\\n-X PATCH -d '{\"size\": 1024000}' \\\nhttps://$HOST/api/v3/onezone/provider/spaces/$SPACE_ID\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "Space modified successfully." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "sid", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli modifySupportedSpace sid=WEavnRE7c49EU2sjF0Rz7l_kpiA1IBrwbDxNfH87Plc name==\"New space name\"" } ] }, "delete": { "deprecated": true, "operationId": "remove_space_support", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_provider", "id": "?CLIENT_ID", "aspect": "{space, ?BINDING(sid)}" }, "summary": "Remove space support", "x-bash-codegen-description": "Revokes support for a space supported by the Oneprovider that performed the\nrequest.\n\nThis operation requires provider authentication - see\n[provider auth token](#section/Overview/Authentication-and-authorization).\n", "description": "Revokes support for a space supported by the Oneprovider that performed the\nrequest.\n\nThis operation requires provider authentication - see\n[provider auth token](#section/Overview/Authentication-and-authorization).\n\n***Example cURL requests***\n\n**Revoke space support**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X DELETE \\\nhttps://$HOST/api/v3/onezone/provider/spaces/$SPACE_ID\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "Support for space will be revoked." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "sid", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeSpaceSupport sid=WEavnRE7c49EU2sjF0Rz7l_kpiA1IBrwbDxNfH87Plc" } ] } }, "/provider/public/check_my_ip": { "get": { "operationId": "check_my_ip", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_provider", "aspect": "{check_my_ip, ?CLIENT_IP}" }, "summary": "Show client IP address", "x-bash-codegen-description": "Returns the IP of the request peer. Will return the external IP (as seen\nby the Onezone).\n\nThis operation has public access.\n", "description": "Returns the IP of the request peer. Will return the external IP (as seen\nby the Onezone).\n\nThis operation has public access.\n\n***Example cURL requests***\n\n**Check provider IP**\n```bash\ncurl -H \"X-Auth-Token: $TOKEN\" -X GET https://onezone.example.com/api/v3/onezone/provider/public/check_my_ip\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The IP of the requesting peer.", "schema": { "type": "string" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli checkMyIp" } ] } }, "/provider/public/get_current_time": { "get": { "operationId": "check_current_time", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_provider", "aspect": "current_time" }, "summary": "Show current clock time", "x-bash-codegen-description": "Returns current clock time of this Onezone instance,\nin milliseconds since epoch.\n\nThis operation has public access.\n", "description": "Returns current clock time of this Onezone instance,\nin milliseconds since epoch.\n\nThis operation has public access.\n\n***Example cURL requests***\n\n**Check provider IP**\n```bash\ncurl -H \"X-Auth-Token: $TOKEN\" -X GET https://onezone.example.com/api/v3/onezone/provider/public/get_current_time\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The current clock time of this Onezone.", "schema": { "type": "integer" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli checkCurrentTime" } ] } }, "/provider/public/map_idp_user": { "post": { "operationId": "map_idp_user", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_provider", "aspect": "map_idp_user" }, "summary": "Map IdP user to Onezone user", "x-bash-codegen-description": "Maps external IdP user id into internal user id in Onezone.\n\nThe user does not have to exist in Onezone or the IdP - this method merely\ntransforms the Id using a deterministic procedure. It can be used to\npredict the user Id in Onezone before it is created.\n\nThis operation has public access.\n", "description": "Maps external IdP user id into internal user id in Onezone.\n\nThe user does not have to exist in Onezone or the IdP - this method merely\ntransforms the Id using a deterministic procedure. It can be used to\npredict the user Id in Onezone before it is created.\n\nThis operation has public access.\n\n***Example cURL requests***\n\n**Map IdP user to Onezone user**\n```bash\ncurl -H 'Content-type: application/json' \\\n-d '{\"idp\": \"elixir\", \"userId\": \"dqs1ew2afn9q28rnweu8fb23r9jqwtfg\"}' \\\n-X POST https://onezone.example.com/api/v3/onezone/provider/public/map_idp_user\n\n{\n \"userId\": \"0fe7c8a20ffdf07480c46f084bc3b8d5\"\n}\n```\n", "produces": [ "application/json" ], "consumes": [ "application/json" ], "responses": { "200": { "description": "The user Id in external IdP.", "schema": { "type": "object", "properties": { "userId": { "type": "string", "description": "Internal user Id in Onezone.", "items": { "type": "string" } } }, "example": { "userId": "0fe7c8a20ffdf07480c46f084bc3b8d5" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "data", "in": "body", "description": "Mapping parameters", "schema": { "type": "object", "properties": { "ipd": { "type": "string", "description": "External IdP (identity provider)." }, "userId": { "type": "string", "description": "UserId in given IdP." } } }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli mapIdpUser ipd==elixir userId==elixir:members" } ] } }, "/provider/public/map_idp_group": { "post": { "operationId": "map_idp_group", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_provider", "aspect": "map_idp_group" }, "summary": "Map IdP group to Onezone group", "x-bash-codegen-description": "Maps external IdP group Id into internal group Id in Onezone.\nThe IdP must have group mapping enabled.\n\nThe group does not have to exist in Onezone or the IdP - this method merely\ntransforms the Id using a deterministic procedure. It can be used to\npredict the group Id in Onezone before it is created.\n\nThis operation has public access.\n", "description": "Maps external IdP group Id into internal group Id in Onezone.\nThe IdP must have group mapping enabled.\n\nThe group does not have to exist in Onezone or the IdP - this method merely\ntransforms the Id using a deterministic procedure. It can be used to\npredict the group Id in Onezone before it is created.\n\nThis operation has public access.\n\n***Example cURL requests***\n\n**Map IdP group to Onezone group**\n```bash\ncurl -H 'Content-type: application/json' \\\n-d '{\"idp\": \"elixir\", \"groupId\": \"elixir:members\"}' \\\n-X POST https://onezone.example.com/api/v3/onezone/provider/public/map_idp_group\n\n{\n \"groupId\": \"302da048de67e2ea05f0af1d0fe7c8a2\"\n}\n```\n", "produces": [ "application/json" ], "consumes": [ "application/json" ], "responses": { "200": { "description": "The group Id in external IdP.", "schema": { "type": "object", "properties": { "groupId": { "type": "string", "description": "Internal group Id in Onezone.", "items": { "type": "string" } } }, "example": { "groupId": "302da048de67e2ea05f0af1d0fe7c8a2" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "data", "in": "body", "description": "Mapping parameters", "schema": { "type": "object", "properties": { "ipd": { "type": "string", "description": "External IdP (identity provider)." }, "groupId": { "type": "string", "description": "GroupId in given IdP." } } }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli mapIdpGroup ipd==elixir groupId==elixir:members" } ] } }, "/provider/public/verify_provider_identity": { "post": { "deprecated": true, "operationId": "verify_provider_identity", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_provider", "aspect": "verify_provider_identity" }, "summary": "Verify the identity of given provider", "x-bash-codegen-description": "Verifies the identity of given provider based on its identity token.\n\nThis operation has public access.\n", "description": "Verifies the identity of given provider based on its identity token.\n\nThis operation has public access.\n\n***Example cURL requests***\n\n**Check provider IP**\n```bash\ncurl -H \"X-Auth-Token: $TOKEN\" -H \"Content-type: application/json\" \\\n-d '{\"providerId\": \"f3a3fbcc6e85e1b7829e4901a8e1809\", \"token\": \"JKAxNWxvY2F0aW9uIG9uZXp...\"}' \\\n-X POST https://onezone.example.com/api/v3/onezone/provider/public/verify_provider_identity\n```\n", "produces": [ "application/json" ], "consumes": [ "application/json" ], "responses": { "204": { "description": "The identity token is valid for this provider." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "data", "in": "body", "description": "Identity parameters", "schema": { "type": "object", "properties": { "providerId": { "type": "string", "description": "Provider Id." }, "token": { "type": "string", "description": "Provider identity token." } } }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli verifyProviderIdentity providerId==\"dqs1ew2afn9q28rnweu8fb23r9jqwtfg\" token==\"JKAxNWxvY2F0aW9uIG9uZXp...\" " } ] } }, "/provider/domain_config": { "get": { "operationId": "get_current_provider_domain_config", "tags": [ "Provider" ], "x-onedata-gri": { "type": "od_provider", "id": "?CLIENT_ID", "aspect": "domain_config" }, "summary": "Get current provider's domain config", "x-onedata-permissions": [ "oz_providers_view" ], "x-bash-codegen-description": "Returns the domain config of the Oneprovider that performed the request.\n\nThis operation requires provider authentication - see\n[provider auth token](#section/Overview/Authentication-and-authorization).\n", "description": "Returns the domain config of the Oneprovider that performed the request.\n\nThis operation requires provider authentication - see\n[provider auth token](#section/Overview/Authentication-and-authorization).\n\n***Example cURL requests***\n\n**Get provider's domain config**\n```bash\ncurl -sS -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/provider/domain_config\n\n{\n \"subdomainDelegation\": true,\n \"domain\": \"provider1.onezone.example.com\",\n \"subdomain\": \"provider1\",\n \"ipList\": [\"172.17.0.1\", \"172.17.0.2\", \"172.17.0.3\"]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The provider's domain config.", "schema": { "$ref": "#/definitions/ProviderDomainConfig" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getCurrentProviderDomainConfig" } ] } }, "/tokens/examine": { "post": { "operationId": "examine_token", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "examine", "scope": "public" }, "summary": "Examine a token", "x-bash-codegen-description": "Examines a token provided in serialized form. Returns all the information\nthat can be inferred from the token. Does not verify the token.\n\nThis operation has public access.\n", "description": "Examines a token provided in serialized form. Returns all the information\nthat can be inferred from the token. Does not verify the token.\n\nThis operation has public access.\n\n***Example cURL requests***\n\n**Examine a token**\n```bash\ncurl -d '{\"token\": \"MDAxNmxvY2F00aW9uIHJlZ2lzdHJ5CjAwM2JpZGVudGlmaW\"}' \\\n-H 'Content-type: application/json' \\\nhttps://$HOST/api/v3/onezone/tokens/examine\n```\n", "consumes": [ "application/json" ], "responses": { "200": { "description": "Returns the inferred information about the token.", "schema": { "$ref": "#/definitions/ExaminedToken" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "data", "in": "body", "description": "The token to be examined (encapsulated in an object).", "schema": { "type": "object", "properties": { "token": { "$ref": "#/definitions/SerializedToken" } }, "required": [ "token" ] }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli examineToken token==MDAxNmxvY2F00aW9uRVM2TVo5UlZ5cGFjZV9jcm" } ] } }, "/tokens/confine": { "post": { "operationId": "confine_token", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "confine", "scope": "public" }, "summary": "Confine a token", "x-bash-codegen-description": "Confines (restricts) a token provided in serialized form with given caveats.\nReturns the confined token. Does not verify the token.\n\nThis operation has public access.\n", "description": "Confines (restricts) a token provided in serialized form with given caveats.\nReturns the confined token. Does not verify the token.\n\nThis operation has public access.\n\n***Example cURL requests***\n\n**Confine a token**\n```bash\ncurl -d '{\n \"token\": \"MDAxNmxvY2F00aW9uIHJlZ2lzdHJ5CjAwM2JpZGVudGlmaW\",\n \"caveats\": [{\"type\": \"time\", \"validUntil\": 1571147494}]\n}' \\\n-H 'Content-type: application/json' \\\nhttps://$HOST/api/v3/onezone/tokens/confine\n```\n", "consumes": [ "application/json" ], "responses": { "200": { "description": "Returns the confined token.", "schema": { "type": "object", "properties": { "token": { "$ref": "#/definitions/SerializedToken" } } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "data", "in": "body", "description": "The token to be confined and caveats.", "schema": { "type": "object", "properties": { "token": { "$ref": "#/definitions/SerializedToken" }, "caveats": { "$ref": "#/definitions/TokenPropertyCaveats" } }, "required": [ "token", "caveats" ] }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "echo '{\"token\": \"MDAx...\", \"caveats\": [{\"type\": \"time\", \"validUntil\": 1571147494}]}' | onezone-rest-cli confineToken -" } ] } }, "/tokens/verify_access_token": { "post": { "operationId": "verify_access_token", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "verify_access_token", "scope": "public" }, "summary": "Verify an access token", "x-bash-codegen-description": "Verifies an\n[access token](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[access-tokens].html)\nprovided in serialized form. Upon success, returns the token's subject.\n\nOptionally, contextual information that may be required to verify token\ncaveats can be provided in the request body:\n\n* IP address of the token bearer - defaults to the requesting client's IP,\n* identity token of the service which is handling the request - defaults to `null`,\n* consumer's identity token - consumer defaults to the authenticated client\n if valid token credentials are sent with this request, or `null` otherwise,\n* interface to which the token bearer has connected - defaults to `null` (undefined interface),\n* information if data access caveats should be allowed in the token - defaults to `false`.\n\nIf the token cannot be positively verified, HTTP code 4xx is returned with\nan error describing the reason of failure.\n\nThis operation has public access.\n", "description": "Verifies an\n[access token](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[access-tokens].html)\nprovided in serialized form. Upon success, returns the token's subject.\n\nOptionally, contextual information that may be required to verify token\ncaveats can be provided in the request body:\n\n* IP address of the token bearer - defaults to the requesting client's IP,\n* identity token of the service which is handling the request - defaults to `null`,\n* consumer's identity token - consumer defaults to the authenticated client\n if valid token credentials are sent with this request, or `null` otherwise,\n* interface to which the token bearer has connected - defaults to `null` (undefined interface),\n* information if data access caveats should be allowed in the token - defaults to `false`.\n\nIf the token cannot be positively verified, HTTP code 4xx is returned with\nan error describing the reason of failure.\n\nThis operation has public access.\n\n***Example cURL requests***\n\n**Verify an access token**\n```bash\ncurl -d '{\"token\": \"MDAxNmxvY2F00aW9uIHZ2...\", \"peerIp\": \"38.190.241.12\"}' \\\n-H 'Content-type: application/json' \\\nhttps://$HOST/api/v3/onezone/tokens/verify_access_token\n\n{\n \"subject\": {\n \"type\": \"user\",\n \"id\": \"1b510f18b3b05611871c0acdffa9aed4\"\n },\n \"ttl\": 3600\n}\n```\n", "consumes": [ "application/json" ], "responses": { "200": { "description": "Successful token verification result.", "schema": { "$ref": "#/definitions/VerifyTokenResponse" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "data", "in": "body", "description": "The token to be verified and optionally peer's IP address.", "schema": { "$ref": "#/definitions/VerifyAccessTokenRequest" } } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli verifyAccessToken token==MDAxNmxvY2F00aW9uRVM2TVo5UlZ5cGFjZV9jcm" } ] } }, "/tokens/verify_identity_token": { "post": { "operationId": "verify_identity_token", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "verify_identity_token", "scope": "public" }, "summary": "Verify an identity token", "x-bash-codegen-description": "Verifies an\n[identity token](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[identity-tokens].html)\nprovided in serialized form. Identity token is a token that carries proof\nof identity, but does not carry authorization to perform any operations in\nthe system. Upon success, returns the token's subject.\n\nOptionally, contextual information that may be required to verify token\ncaveats can be provided in the request body:\n\n* IP address of the token bearer - defaults to the requesting client's IP,\n* consumer's identity token - consumer defaults to the authenticated client\n if valid token credentials are sent with this request, or `null` otherwise,\n* interface to which the token bearer has connected - defaults to `null` (undefined interface).\n\nIf the token cannot be positively verified, HTTP code 4xx is returned with\nan error describing the reason of failure.\n\nThis operation has public access.\n", "description": "Verifies an\n[identity token](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[identity-tokens].html)\nprovided in serialized form. Identity token is a token that carries proof\nof identity, but does not carry authorization to perform any operations in\nthe system. Upon success, returns the token's subject.\n\nOptionally, contextual information that may be required to verify token\ncaveats can be provided in the request body:\n\n* IP address of the token bearer - defaults to the requesting client's IP,\n* consumer's identity token - consumer defaults to the authenticated client\n if valid token credentials are sent with this request, or `null` otherwise,\n* interface to which the token bearer has connected - defaults to `null` (undefined interface).\n\nIf the token cannot be positively verified, HTTP code 4xx is returned with\nan error describing the reason of failure.\n\nThis operation has public access.\n\n***Example cURL requests***\n\n**Verify an identity token**\n```bash\ncurl -d '{\"token\": \"MDAxNmxvY2F00aW9uIHZ2...\", \"peerIp\": \"38.190.241.12\"}' \\\n-H 'Content-type: application/json' \\\nhttps://$HOST/api/v3/onezone/tokens/verify_identity_token\n\n{\n \"subject\": {\n \"type\": \"user\",\n \"id\": \"1b510f18b3b05611871c0acdffa9aed4\"\n },\n \"ttl\": 3600\n}\n```\n", "consumes": [ "application/json" ], "responses": { "200": { "description": "Successful token verification result.", "schema": { "$ref": "#/definitions/VerifyTokenResponse" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "data", "in": "body", "description": "The token to be verified and optionally peer's IP address.", "schema": { "$ref": "#/definitions/VerifyIdentityTokenRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli verifyIdentityToken token==MDAxNmxvY2F00aW9uRVM2TVo5UlZ5cGFjZV9jcm" } ] } }, "/tokens/verify_invite_token": { "post": { "operationId": "verify_invite_token", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "verify_invite_token", "scope": "public" }, "summary": "Verify an invite token", "x-bash-codegen-description": "Verifies an\n[invite token](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[invite-tokens].html)\nprovided in serialized form. Upon success, returns the token's subject.\nDoes not check if the token can be effectively consumed\n(only if prerequisites are satisfied - the token itself is valid).\n\nOptionally, contextual information that may be required to verify token\ncaveats can be provided in the request body:\n\n* IP address of the token bearer - defaults to the requesting client's IP,\n* consumer's identity token - consumer defaults to the authenticated client\n if valid token credentials are sent with this request, or `null` otherwise,\n* expected invite token type, which will cause verification to fail if it\n does not match the actual token type. If not specified, the procedure will\n check if given token is an invite token of any type.\n\nIf the token cannot be positively verified, HTTP code 4xx is returned with\nan error describing the reason of failure.\n\nThis operation has public access.\n", "description": "Verifies an\n[invite token](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[invite-tokens].html)\nprovided in serialized form. Upon success, returns the token's subject.\nDoes not check if the token can be effectively consumed\n(only if prerequisites are satisfied - the token itself is valid).\n\nOptionally, contextual information that may be required to verify token\ncaveats can be provided in the request body:\n\n* IP address of the token bearer - defaults to the requesting client's IP,\n* consumer's identity token - consumer defaults to the authenticated client\n if valid token credentials are sent with this request, or `null` otherwise,\n* expected invite token type, which will cause verification to fail if it\n does not match the actual token type. If not specified, the procedure will\n check if given token is an invite token of any type.\n\nIf the token cannot be positively verified, HTTP code 4xx is returned with\nan error describing the reason of failure.\n\nThis operation has public access.\n\n***Example cURL requests***\n\n**Verify an invite token**\n```bash\ncurl -d '{\n \"token\": \"MDAxNmxvY2F00aW9uIHJlZ2lzdHJ5CjAwM2JpZGVudGlmaW\",\n \"peerIp\": \"38.190.241.12\",\n \"expectedInviteType\": \"userJoinGroup\"\n}' \\\n-H 'Content-type: application/json' \\\nhttps://$HOST/api/v3/onezone/tokens/verify_invite_token\n\n{\n \"subject\": {\n \"type\": \"user\",\n \"id\": \"1b510f18b3b05611871c0acdffa9aed4\"\n },\n \"ttl\": 3600\n}\n```\n", "consumes": [ "application/json" ], "responses": { "200": { "description": "Successful token verification result.", "schema": { "$ref": "#/definitions/VerifyTokenResponse" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "data", "in": "body", "description": "The token to be verified and optional parameters.", "schema": { "$ref": "#/definitions/VerifyInviteTokenRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli verifyInviteToken token==MDAxNmxvY2F00aW9uRVM2TVo5UlZ5cGFjZV9jcm" } ] } }, "/tokens/named": { "get": { "operationId": "list_all_named_tokens", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "list" }, "x-onedata-permissions": [ "oz_tokens_manage" ], "summary": "List all named tokens", "x-bash-codegen-description": "Returns the list of all tokens in the system. The results include ids of\nusers' and providers' named tokens - temporary tokens are not included\nas they are not persisted in the system.\n\nRequires `oz_tokens_manage` admin privilege.\n", "description": "Returns the list of all tokens in the system. The results include ids of\nusers' and providers' named tokens - temporary tokens are not included\nas they are not persisted in the system.\n\nRequires `oz_tokens_manage` admin privilege.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**List all named tokens**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/tokens\n\n{\n \"tokens\": [\n \"2b5d0dd5aa6443a69277b5ce0544fec2\",\n \"818bf8d4404c2bcee2b47f024f6c0890\",\n \"4a5e5dabcd55e03f1e9237eeca2548ff\",\n \"81336b59656653a481d1e65168f3f213\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of all named token ids", "schema": { "$ref": "#/definitions/Tokens" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listAllNamedTokens" } ] } }, "/tokens/named/{id}": { "get": { "operationId": "get_named_token", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "?BINDING(id)", "aspect": "instance" }, "x-onedata-permissions": [ "oz_tokens_manage" ], "summary": "Get named token", "x-bash-codegen-description": "Returns the information about a specific named token.\n\nThis operation is available for the token owner (subject), or (in case of\nprovider tokens) cluster member with `cluster_update` privilege.\nOtherwise requires `oz_tokens_manage` admin privilege.\n", "description": "Returns the information about a specific named token.\n\nThis operation is available for the token owner (subject), or (in case of\nprovider tokens) cluster member with `cluster_update` privilege.\nOtherwise requires `oz_tokens_manage` admin privilege.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Get named token**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/tokens/named/$TOKEN_ID\n{\n \"id\": \"2b5d0dd5aa6443a69277b5ce0544fec2\",\n \"name\": \"my-token-1\",\n \"subject\": {\n \"type\": \"user\",\n \"id\": \"1b510f18b3b05611871c0acdffa9aed4\"\n },\n \"type\": {\n \"inviteToken\": {\n \"inviteType\": \"userJoinCluster\",\n \"clusterId\": \"fb73f7ceff5abd995357abbe01c812ce\"\n }\n },\n \"caveats\": [\n {\n \"type\": \"time\",\n \"validUntil\": 1571147494\n },\n {\n \"type\": \"ip\",\n \"whitelist\": [\n \"189.34.15.0/8\",\n \"127.0.0.0/24\",\n \"167.73.12.17\"\n ]\n }\n ],\n \"metadata\": {\n \"creationTime\": 1564721024,\n \"usageLimit\": 15,\n \"usageCount\": 3,\n \"privileges\": [\n \"space_view\",\n \"space_read_data\",\n \"space_view_views\",\n \"space_view_statistics\"\n ],\n \"custom\": {\n \"jobName\": \"experiment-15\",\n \"vm\": \"worker156.cloud.local\"\n }\n },\n \"revoked\": false,\n \"token\": \"MDAxNWxvY2F0aW9uIG9uZXpvbmUKMDAzYmlkZW50aWZpZXIgOEhmSEFSSGdrbHFCa1pWSTR\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the details of a specific named token.", "schema": { "$ref": "#/definitions/NamedToken" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Token Id", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getNamedToken id=$TOKEN_ID" } ] }, "patch": { "operationId": "modify_named_token", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "?BINDING(id)", "aspect": "instance" }, "x-onedata-permissions": [ "oz_tokens_manage" ], "summary": "Modify named token", "x-bash-codegen-description": "Modifies a specific named token. Supports renaming the token,\ntoggling the revoked flag and modifying the metadata.\n\nThis operation is available for the token owner (subject), or (in case of\nprovider tokens) cluster member with `cluster_update` privilege.\nOtherwise requires `oz_tokens_manage` admin privilege.\n", "description": "Modifies a specific named token. Supports renaming the token,\ntoggling the revoked flag and modifying the metadata.\n\nThis operation is available for the token owner (subject), or (in case of\nprovider tokens) cluster member with `cluster_update` privilege.\nOtherwise requires `oz_tokens_manage` admin privilege.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Modify named token**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" \\\n-X PATCH -d '{\"revoked\": true}' \\\nhttps://$HOST/api/v3/onezone/tokens/named/$TOKEN_ID\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "Named token has been updated successfully." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Token Id", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Named token update request", "schema": { "$ref": "#/definitions/NamedTokenUpdateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli modifyNamedToken id=$TOKEN_ID revoked==true" } ] }, "delete": { "operationId": "delete_named_token", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "?BINDING(id)", "aspect": "instance" }, "x-onedata-permissions": [ "oz_tokens_manage" ], "summary": "Delete named token", "x-bash-codegen-description": "Deletes a specific named token.\n\nThis operation is available for the token owner (subject), or (in case of\nprovider tokens) cluster member with `cluster_update` privilege.\nOtherwise requires `oz_tokens_manage` admin privilege.\n", "description": "Deletes a specific named token.\n\nThis operation is available for the token owner (subject), or (in case of\nprovider tokens) cluster member with `cluster_update` privilege.\nOtherwise requires `oz_tokens_manage` admin privilege.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Delete named token**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/tokens/named/$TOKEN_ID\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "The named token was deleted." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Token Id", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli deleteNamedToken id=$TOKEN_ID" } ] } }, "/tokens/named/{id}/status": { "get": { "operationId": "get_named_token_status", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "?BINDING(id)", "aspect": "instance", "scope": "shared" }, "x-onedata-permissions": [ "oz_tokens_manage" ], "summary": "Get named token status", "x-bash-codegen-description": "Returns the status of a specific named token - information if the token is\ncurrently revoked.\n\nThis operation is available for:\n* the token owner (subject)\n* in case of user tokens - a provider that supports the user\n* in case of provider tokens - the provider cluster member\n* admins with `oz_tokens_manage` privilege.\n", "description": "Returns the status of a specific named token - information if the token is\ncurrently revoked.\n\nThis operation is available for:\n* the token owner (subject)\n* in case of user tokens - a provider that supports the user\n* in case of provider tokens - the provider cluster member\n* admins with `oz_tokens_manage` privilege.\n\n***Example cURL requests***\n\n**Get named token status**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/tokens/named/$TOKEN_ID/status\n{\n \"revoked\": false\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the status of a specific named token.", "schema": { "$ref": "#/definitions/NamedTokenStatus" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Token Id", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getNamedTokenStatus id=$TOKEN_ID" } ] } }, "/users/{id}/tokens/temporary": { "post": { "operationId": "create_temporary_token_for_user", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "{user_temporary_token, ?BINDING(id)}" }, "x-onedata-permissions": [ "oz_tokens_manage" ], "summary": "Create temporary token for a user", "x-bash-codegen-description": "Creates a new temporary token for specific user. Temporary tokens must be\nconfined with a time caveat and are not persisted (cannot be retrieved, listed,\nrevoked, updated or deleted). However, it is possible to revoke all\nexisting temporary tokens of the user:\n[see more](#operation/revoke_all_temporary_tokens_of_user)).\n\nIn case of invite tokens, invite / add member privileges are required in\nthe target entity to create a token. For example, `space_add_group` in\nthe space when creating a `groupJoinSpace` invite token.\n\nThis operation is available for the currently authorized user,\notherwise requires `oz_tokens_manage` admin privilege.\n", "description": "Creates a new temporary token for specific user. Temporary tokens must be\nconfined with a time caveat and are not persisted (cannot be retrieved, listed,\nrevoked, updated or deleted). However, it is possible to revoke all\nexisting temporary tokens of the user:\n[see more](#operation/revoke_all_temporary_tokens_of_user)).\n\nIn case of invite tokens, invite / add member privileges are required in\nthe target entity to create a token. For example, `space_add_group` in\nthe space when creating a `groupJoinSpace` invite token.\n\nThis operation is available for the currently authorized user,\notherwise requires `oz_tokens_manage` admin privilege.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Create temporary token for a user**\n```bash\ncurl -u username:password -X POST \\\n-d '{\"type\": {\"accessToken\":{}}, \"caveats\": [{\"type\": \"time\", \"validUntil\": 1571147494}]}' \\\n-H 'Content-type: application/json' \\\nhttps://$HOST/api/v3/onezone/users/$USER_ID/tokens/temporary\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "Returns the newly created temporary token in serialized form.", "schema": { "type": "object", "properties": { "token": { "$ref": "#/definitions/SerializedToken" } } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "User Id", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Properties of the new temporary token.", "schema": { "$ref": "#/definitions/TemporaryTokenCreateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createTemporaryTokenForUser id=c26bab23d12f7389c3c311caf9c15902" } ] }, "get": { "operationId": "get_temporary_token_generation_of_user", "tags": [ "Token" ], "x-onedata-gri": { "type": "temporary_token_secret", "id": "?BINDING(id)", "aspect": "user", "scope": "shared" }, "summary": "Get temporary token generation of a user", "x-bash-codegen-description": "Returns the generation of temporary tokens of a specific user. The\ngeneration is an increasing number that denotes the generation of shared\ntoken secret - if the secret changes (temporary tokens are revoked), the\ngeneration is incremented.\n\nThis operation is available for the currently authorized user and provider\nthat supports the user, otherwise requires `oz_tokens_manage` admin privilege.\n", "description": "Returns the generation of temporary tokens of a specific user. The\ngeneration is an increasing number that denotes the generation of shared\ntoken secret - if the secret changes (temporary tokens are revoked), the\ngeneration is incremented.\n\nThis operation is available for the currently authorized user and provider\nthat supports the user, otherwise requires `oz_tokens_manage` admin privilege.\n\n***Example cURL requests***\n\n**Get temporary token generation of a user**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X GET \\\nhttps://$HOST/api/v3/onezone/users/$USER_ID/tokens/temporary\n\n{\n \"generation\": 3\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the current temporary token generation.", "schema": { "$ref": "#/definitions/TemporaryTokenGeneration" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "User Id", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getTemporaryTokenGenerationOfUser id=c26bab23d12f7389c3c311caf9c15902" } ] }, "delete": { "operationId": "revoke_all_temporary_tokens_of_user", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "{user_temporary_tokens, ?BINDING(id)}" }, "x-onedata-permissions": [ "oz_tokens_manage" ], "summary": "Revoke all temporary tokens of a user", "x-bash-codegen-description": "Immediately revokes (invalidates) all temporary tokens belonging\nto a specific user. The operation cannot be undone.\n\nThis operation is available for the currently authorized user,\notherwise requires `oz_tokens_manage` admin privilege.\n", "description": "Immediately revokes (invalidates) all temporary tokens belonging\nto a specific user. The operation cannot be undone.\n\nThis operation is available for the currently authorized user,\notherwise requires `oz_tokens_manage` admin privilege.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Revoke all temporary tokens of a user**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X DELETE \\\nhttps://$HOST/api/v3/onezone/users/$USER_ID/tokens/temporary\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "The temporary tokens have been revoked." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "User Id", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli revokeAllTemporaryTokensOfUser id=c26bab23d12f7389c3c311caf9c15902" } ] } }, "/users/{id}/tokens/named": { "post": { "operationId": "create_named_token_for_user", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "{user_named_token, ?BINDING(id)}" }, "x-onedata-permissions": [ "oz_tokens_manage" ], "summary": "Create named token for a user", "x-bash-codegen-description": "Creates a new named token for specific user. The token name must be unique\nfor the user.\n\nIn case of invite tokens, invite / add member privileges are required in\nthe target entity to create a token. For example, `space_add_group` in\nthe space when creating a `groupJoinSpace` invite token.\n\nThis operation is available for the token owner (subject),\notherwise requires `oz_tokens_manage` admin privilege.\n", "description": "Creates a new named token for specific user. The token name must be unique\nfor the user.\n\nIn case of invite tokens, invite / add member privileges are required in\nthe target entity to create a token. For example, `space_add_group` in\nthe space when creating a `groupJoinSpace` invite token.\n\nThis operation is available for the token owner (subject),\notherwise requires `oz_tokens_manage` admin privilege.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Create named token for a user**\n```bash\ncurl -u username:password -X POST -d '{\"name\": \"new-token-1\"}' \\\n-H 'Content-type: application/json' \\\nhttps://$HOST/api/v3/onezone/users/$USER_ID/tokens/named\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "Response body contains the Id of newly created named token and its serialized form. Additionally, URI of the created named token in form https://$HOST/api/onezone/v3/tokens/named/{id} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created named token.", "type": "string" } }, "schema": { "$ref": "#/definitions/NamedTokenCreateResponse" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "User Id", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Properties of the new named token.", "schema": { "$ref": "#/definitions/NamedTokenCreateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createNamedTokenForUser id=$USER_ID name==new-token" } ] }, "get": { "operationId": "list_named_tokens_of_user", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "{user_named_tokens, ?BINDING(id)}" }, "x-onedata-permissions": [ "oz_tokens_manage" ], "summary": "List named tokens of a user", "x-bash-codegen-description": "Returns the list of specific user's named tokens.\n\nThis operation is available for the currently authorized user,\notherwise requires `oz_tokens_manage` admin privilege.\n", "description": "Returns the list of specific user's named tokens.\n\nThis operation is available for the currently authorized user,\notherwise requires `oz_tokens_manage` admin privilege.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**List named tokens of a user**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/users/$USER_ID/tokens/named\n\n{\n \"tokens\": [\n \"2b5d0dd5aa6443a69277b5ce0544fec2\",\n \"818bf8d4404c2bcee2b47f024f6c0890\",\n \"4a5e5dabcd55e03f1e9237eeca2548ff\",\n \"81336b59656653a481d1e65168f3f213\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of all user named tokens", "schema": { "$ref": "#/definitions/Tokens" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "User Id", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listNamedTokensOfUser id=c26bab23d12f7389c3c311caf9c15902" } ] }, "delete": { "operationId": "delete_named_tokens_of_user", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "{user_named_tokens, ?BINDING(id)}" }, "summary": "Delete named tokens of a user", "x-bash-codegen-description": "Deletes all named tokens belonging to a specific user.\n\nThis operation is available for the currently authorized user,\notherwise requires `oz_tokens_manage` admin privilege.\n", "description": "Deletes all named tokens belonging to a specific user.\n\nThis operation is available for the currently authorized user,\notherwise requires `oz_tokens_manage` admin privilege.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Delete named tokens of a user**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/users/$USER_ID/tokens/named\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "All user's named tokens have been deleted." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "User Id", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli deleteNamedTokensOfUser id=c26bab23d12f7389c3c311caf9c15902" } ] } }, "/users/{id}/tokens/named/name/{name}": { "get": { "operationId": "get_named_token_of_user_by_name", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "?BINDING(name)", "aspect": "{user_named_token, ?BINDING(id)}" }, "x-onedata-permissions": [ "oz_tokens_manage" ], "summary": "Get named token of a user by name", "x-bash-codegen-description": "Returns the information about a specific user's named token by token name.\n\nThis operation is available for the token owner (subject),\notherwise requires `oz_tokens_manage` admin privilege.\n", "description": "Returns the information about a specific user's named token by token name.\n\nThis operation is available for the token owner (subject),\notherwise requires `oz_tokens_manage` admin privilege.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Get named token of a user by name**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/users/$USER_ID/tokens/named/name/my-token-1\n{\n \"id\": \"2b5d0dd5aa6443a69277b5ce0544fec2\",\n \"name\": \"my-token-1\",\n \"subject\": {\n \"type\": \"user\",\n \"id\": \"c26bab23d12f7389c3c311caf9c15902\"\n },\n \"type\": {\n \"inviteToken\": {\n \"inviteType\": \"userJoinCluster\",\n \"clusterId\": \"fb73f7ceff5abd995357abbe01c812ce\"\n }\n },\n \"caveats\": [\n {\n \"type\": \"time\",\n \"validUntil\": 1571147494\n },\n {\n \"type\": \"ip\",\n \"whitelist\": [\n \"189.34.15.0/8\",\n \"127.0.0.0/24\",\n \"167.73.12.17\"\n ]\n }\n ],\n \"metadata\": {\n \"creationTime\": 1564721024,\n \"usageLimit\": 15,\n \"usageCount\": 3,\n \"privileges\": [\n \"space_view\",\n \"space_read_data\",\n \"space_view_views\",\n \"space_view_statistics\"\n ],\n \"custom\": {\n \"jobName\": \"experiment-15\",\n \"vm\": \"worker156.cloud.local\"\n }\n },\n \"revoked\": false,\n \"token\": \"MDAxNWxvY2F0aW9uIG9uZXpvbmUKMDAzYmlkZW50aWZpZXIgOEhmSEFSSGdrbHFCa1pWSTR\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the details of a specific named token.", "schema": { "$ref": "#/definitions/NamedToken" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "User Id", "type": "string", "required": true }, { "name": "name", "in": "path", "description": "Token name", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getNamedTokenOfUserByName id=$USER_ID name==my-token-1" } ] } }, "/user/tokens/temporary": { "post": { "operationId": "create_temporary_token_for_current_user", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "{user_temporary_token, ?CLIENT_ID}" }, "summary": "Create temporary token for current user", "x-bash-codegen-description": "Creates a new temporary token for the user. Temporary tokens must be\nconfined with a time caveat and are not persisted (cannot be retrieved, listed,\nrevoked, updated or deleted). However, it is possible to revoke all\nexisting temporary tokens of the user:\n[see more](#operation/revoke_all_temporary_tokens_of_current_user)).\n\nIn case of invite tokens, invite / add member privileges are required in\nthe target entity to create a token. For example, `space_add_group` in\nthe space when creating a `groupJoinSpace` invite token.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Creates a new temporary token for the user. Temporary tokens must be\nconfined with a time caveat and are not persisted (cannot be retrieved, listed,\nrevoked, updated or deleted). However, it is possible to revoke all\nexisting temporary tokens of the user:\n[see more](#operation/revoke_all_temporary_tokens_of_current_user)).\n\nIn case of invite tokens, invite / add member privileges are required in\nthe target entity to create a token. For example, `space_add_group` in\nthe space when creating a `groupJoinSpace` invite token.\n\nThis operation can be invoked on behalf of the current user only.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Create temporary token for current user**\n```bash\ncurl -u username:password -X POST \\\n-d '{\"type\": {\"accessToken\":{}}, \"caveats\": [{\"type\": \"time\", \"validUntil\": 1571147494}]}' \\\n-H 'Content-type: application/json' \\\nhttps://$HOST/api/v3/onezone/user/tokens/temporary\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "Returns the newly created temporary token in serialized form.", "schema": { "type": "object", "properties": { "token": { "$ref": "#/definitions/SerializedToken" } } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "data", "in": "body", "description": "Properties of the new temporary token.", "schema": { "$ref": "#/definitions/TemporaryTokenCreateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createTemporaryTokenForCurrentUser" } ] }, "get": { "operationId": "get_temporary_token_generation_of_current_user", "tags": [ "Token" ], "x-onedata-gri": { "type": "temporary_token_secret", "id": "?CLIENT_ID", "aspect": "user", "scope": "shared" }, "summary": "Get temporary token generation of current user", "x-bash-codegen-description": "Returns the generation of temporary tokens of the user. The generation is an\nincreasing number that denotes the generation of shared token secret - if\nthe secret changes (temporary tokens are revoked), the generation is\nincremented.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the generation of temporary tokens of the user. The generation is an\nincreasing number that denotes the generation of shared token secret - if\nthe secret changes (temporary tokens are revoked), the generation is\nincremented.\n\nThis operation can be invoked on behalf of the current user only.\n\n***Example cURL requests***\n\n**Get temporary token generation of current user**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X GET \\\nhttps://$HOST/api/v3/onezone/user/tokens/temporary\n\n{\n \"generation\": 3\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the current temporary token generation.", "schema": { "$ref": "#/definitions/TemporaryTokenGeneration" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getTemporaryTokenGenerationOfCurrentUser" } ] }, "delete": { "operationId": "revoke_all_temporary_tokens_of_current_user", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "{user_temporary_tokens, ?CLIENT_ID}" }, "summary": "Revoke all temporary tokens of current user", "x-bash-codegen-description": "Immediately revokes (invalidates) all temporary tokens belonging\nto the user. The operation cannot be undone.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Immediately revokes (invalidates) all temporary tokens belonging\nto the user. The operation cannot be undone.\n\nThis operation can be invoked on behalf of the current user only.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Revoke all temporary tokens of current user**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X DELETE \\\nhttps://$HOST/api/v3/onezone/user/tokens/temporary\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "The temporary tokens have been revoked." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli revokeAllTemporaryTokensOfCurrentUser" } ] } }, "/user/tokens/named": { "post": { "operationId": "create_named_token_for_current_user", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "{user_named_token, ?CLIENT_ID}" }, "summary": "Create named token for current user", "x-bash-codegen-description": "Creates a new named token for the user. The token name must be unique\nfor the user.\n\nIn case of invite tokens, invite / add member privileges are required in\nthe target entity to create a token. For example, `space_add_group` in\nthe space when creating a `groupJoinSpace` invite token.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Creates a new named token for the user. The token name must be unique\nfor the user.\n\nIn case of invite tokens, invite / add member privileges are required in\nthe target entity to create a token. For example, `space_add_group` in\nthe space when creating a `groupJoinSpace` invite token.\n\nThis operation can be invoked on behalf of the current user only.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Create named token for current user**\n```bash\ncurl -u username:password -X POST -d '{\"name\": \"new-token-1\"}' \\\n-H 'Content-type: application/json' \\\nhttps://$HOST/api/v3/onezone/user/tokens/named\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "Response body contains the Id of newly created named token and its serialized form. Additionally, URI of the created named token in form https://$HOST/api/onezone/v3/tokens/named/{id} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created named token.", "type": "string" } }, "schema": { "$ref": "#/definitions/NamedTokenCreateResponse" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "data", "in": "body", "description": "Properties of the new named token.", "schema": { "$ref": "#/definitions/NamedTokenCreateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createNamedTokenForCurrentUser name==new-token" } ] }, "get": { "operationId": "list_named_tokens_of_current_user", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "{user_named_tokens, ?CLIENT_ID}" }, "summary": "List named tokens of current user", "x-bash-codegen-description": "Returns the list of user's named tokens.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the list of user's named tokens.\n\nThis operation can be invoked on behalf of the current user only.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**List named tokens of current user**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/tokens/named\n\n{\n \"tokens\": [\n \"2b5d0dd5aa6443a69277b5ce0544fec2\",\n \"818bf8d4404c2bcee2b47f024f6c0890\",\n \"4a5e5dabcd55e03f1e9237eeca2548ff\",\n \"81336b59656653a481d1e65168f3f213\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of all user named tokens", "schema": { "$ref": "#/definitions/Tokens" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listNamedTokensOfCurrentUser" } ] }, "delete": { "operationId": "delete_named_tokens_of_current_user", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "{user_named_tokens, ?CLIENT_ID}" }, "summary": "Delete named tokens of current user", "x-bash-codegen-description": "Deletes all user's named tokens.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Deletes all user's named tokens.\n\nThis operation can be invoked on behalf of the current user only.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Delete named tokens of current user**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/user/tokens/named\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "All user's named tokens have been deleted." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli deleteNamedTokensOfCurrentUser" } ] } }, "/user/tokens/named/name/{name}": { "get": { "operationId": "get_named_token_of_current_user_by_name", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "?BINDING(name)", "aspect": "{user_named_token, ?CLIENT_ID}" }, "summary": "Get named token of current user by name", "x-bash-codegen-description": "Returns the information about a user's named token by token name.\n\nThis operation can be invoked on behalf of the current user only.\n", "description": "Returns the information about a user's named token by token name.\n\nThis operation can be invoked on behalf of the current user only.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Get named token of current user by name**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/user/tokens/named/name/my-token-1\n{\n \"id\": \"2b5d0dd5aa6443a69277b5ce0544fec2\",\n \"name\": \"my-token-1\",\n \"subject\": {\n \"type\": \"user\",\n \"id\": \"c26bab23d12f7389c3c311caf9c15902\"\n },\n \"type\": {\n \"inviteToken\": {\n \"inviteType\": \"userJoinCluster\",\n \"clusterId\": \"fb73f7ceff5abd995357abbe01c812ce\"\n }\n },\n \"caveats\": [\n {\n \"type\": \"time\",\n \"validUntil\": 1571147494\n },\n {\n \"type\": \"ip\",\n \"whitelist\": [\n \"189.34.15.0/8\",\n \"127.0.0.0/24\",\n \"167.73.12.17\"\n ]\n }\n ],\n \"metadata\": {\n \"creationTime\": 1564721024,\n \"usageLimit\": 15,\n \"usageCount\": 3,\n \"privileges\": [\n \"space_view\",\n \"space_read_data\",\n \"space_view_views\",\n \"space_view_statistics\"\n ],\n \"custom\": {\n \"jobName\": \"experiment-15\",\n \"vm\": \"worker156.cloud.local\"\n }\n },\n \"revoked\": false,\n \"token\": \"MDAxNWxvY2F0aW9uIG9uZXpvbmUKMDAzYmlkZW50aWZpZXIgOEhmSEFSSGdrbHFCa1pWSTR\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the details of a specific named token.", "schema": { "$ref": "#/definitions/NamedToken" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "name", "in": "path", "description": "Token name", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getNamedTokenOfCurrentUserByName name==my-token-1" } ] } }, "/providers/{id}/tokens/temporary": { "post": { "operationId": "create_temporary_token_for_provider", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "{provider_temporary_token, ?BINDING(id)}" }, "x-onedata-permissions": [ "oz_tokens_manage" ], "summary": "Create temporary token for a provider", "x-bash-codegen-description": "Creates a new temporary token for specific provider. Temporary tokens must be\nconfined with a time caveat and are not persisted (cannot be retrieved, listed,\nrevoked, updated or deleted). However, it is possible to revoke all\nexisting temporary tokens of the provider:\n[see more](#operation/revoke_all_temporary_tokens_of_provider)).\n\nThis operation is available for the subject provider (`id`), or the provider's\ncluster member with `cluster_update` privilege. Otherwise requires\n`oz_tokens_manage` admin privilege.\n", "description": "Creates a new temporary token for specific provider. Temporary tokens must be\nconfined with a time caveat and are not persisted (cannot be retrieved, listed,\nrevoked, updated or deleted). However, it is possible to revoke all\nexisting temporary tokens of the provider:\n[see more](#operation/revoke_all_temporary_tokens_of_provider)).\n\nThis operation is available for the subject provider (`id`), or the provider's\ncluster member with `cluster_update` privilege. Otherwise requires\n`oz_tokens_manage` admin privilege.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Create temporary token for a provider**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X POST \\\n-d '{\"type\": {\"accessToken\":{}}, \"caveats\": [{\"type\": \"time\", \"validUntil\": 1571147494}]}' \\\n-H 'Content-type: application/json' \\\nhttps://$HOST/api/v3/onezone/providers/$PROVIDER_ID/tokens/temporary\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "Returns the newly created temporary token in serialized form.", "schema": { "type": "object", "properties": { "token": { "$ref": "#/definitions/SerializedToken" } } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Provider Id", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Properties of the new temporary token.", "schema": { "$ref": "#/definitions/TemporaryTokenCreateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createTemporaryTokenForProvider id=6ebe7ac282e0188b5336b5d8cfa564d5" } ] }, "get": { "operationId": "get_temporary_token_generation_of_provider", "tags": [ "Token" ], "x-onedata-gri": { "type": "temporary_token_secret", "id": "?BINDING(id)", "aspect": "provider", "scope": "shared" }, "summary": "Get temporary token generation of a provider", "x-bash-codegen-description": "Returns the generation of temporary tokens of a specific provider. The\ngeneration is an increasing number that denotes the generation of shared\ntoken secret - if the secret changes (temporary tokens are revoked), the\ngeneration is incremented.\n\nThis operation is available for the subject provider (`id`), or the provider's\ncluster member. Otherwise requires `oz_tokens_manage` admin privilege.\n", "description": "Returns the generation of temporary tokens of a specific provider. The\ngeneration is an increasing number that denotes the generation of shared\ntoken secret - if the secret changes (temporary tokens are revoked), the\ngeneration is incremented.\n\nThis operation is available for the subject provider (`id`), or the provider's\ncluster member. Otherwise requires `oz_tokens_manage` admin privilege.\n\n***Example cURL requests***\n\n**Get temporary token generation of a provider**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X GET \\\nhttps://$HOST/api/v3/onezone/providers/$PROVIDER_ID/tokens/temporary\n\n{\n \"generation\": 3\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the current temporary token generation.", "schema": { "$ref": "#/definitions/TemporaryTokenGeneration" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "User Id", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getTemporaryTokenGenerationOfProvider id=6ebe7ac282e0188b5336b5d8cfa564d5" } ] }, "delete": { "operationId": "revoke_all_temporary_tokens_of_provider", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "{provider_temporary_tokens, ?BINDING(id)}" }, "x-onedata-permissions": [ "oz_tokens_manage" ], "summary": "Revoke all temporary tokens of a provider", "x-bash-codegen-description": "Immediately revokes (invalidates) all temporary tokens belonging\nto a specific provider. The operation cannot be undone.\n\nThis operation is available for the subject provider (`id`), or the provider's\ncluster member with `cluster_update` privilege. Otherwise requires\n`oz_tokens_manage` admin privilege.\n", "description": "Immediately revokes (invalidates) all temporary tokens belonging\nto a specific provider. The operation cannot be undone.\n\nThis operation is available for the subject provider (`id`), or the provider's\ncluster member with `cluster_update` privilege. Otherwise requires\n`oz_tokens_manage` admin privilege.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Revoke all temporary tokens of a provider**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X DELETE \\\nhttps://$HOST/api/v3/onezone/providers/$PROVIDER_ID/tokens/temporary\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "The temporary tokens have been revoked." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Provider Id", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli revokeAllTemporaryTokensOfProvider id=6ebe7ac282e0188b5336b5d8cfa564d5" } ] } }, "/providers/{id}/tokens/named": { "post": { "operationId": "create_named_token_for_provider", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "{provider_named_token, ?BINDING(id)}" }, "x-onedata-permissions": [ "oz_tokens_manage" ], "summary": "Create named token for a provider", "x-bash-codegen-description": "Creates a new named token for specific provider. The token name must be unique\nfor the provider.\n\nThis operation is available for the subject provider (`id`), or the provider's\ncluster member with `cluster_update` privilege. Otherwise requires\n`oz_tokens_manage` admin privilege.\n", "description": "Creates a new named token for specific provider. The token name must be unique\nfor the provider.\n\nThis operation is available for the subject provider (`id`), or the provider's\ncluster member with `cluster_update` privilege. Otherwise requires\n`oz_tokens_manage` admin privilege.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Create named token for a provider**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X POST -d '{\"name\": \"new-token\"}' \\\n-H 'Content-type: application/json' \\\nhttps://$HOST/api/v3/onezone/providers/$PROVIDER_ID/tokens/named/\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "Response body contains the Id of newly created named token and its serialized form. Additionally, URI of the created named token in form https://$HOST/api/onezone/v3/tokens/named/{id} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created named token.", "type": "string" } }, "schema": { "$ref": "#/definitions/NamedTokenCreateResponse" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Provider Id", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Properties of the new named token.", "schema": { "$ref": "#/definitions/NamedTokenCreateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createNamedTokenForProvider id=$PROVIDER_ID name==new-token" } ] }, "get": { "operationId": "list_named_tokens_of_provider", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "{provider_named_tokens, ?BINDING(id)}" }, "x-onedata-permissions": [ "oz_tokens_manage" ], "summary": "List named tokens of a provider", "x-bash-codegen-description": "Returns the list of specific provider's named tokens.\n\nThis operation is available for the subject provider (`id`), or the provider's\ncluster member with `cluster_update` privilege. Otherwise requires\n`oz_tokens_manage` admin privilege.\n", "description": "Returns the list of specific provider's named tokens.\n\nThis operation is available for the subject provider (`id`), or the provider's\ncluster member with `cluster_update` privilege. Otherwise requires\n`oz_tokens_manage` admin privilege.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**List named tokens of a provider**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X GET \\\nhttps://$HOST/api/v3/onezone/providers/$PROVIDER_ID/tokens/named\n\n{\n \"tokens\": [\n \"2b5d0dd5aa6443a69277b5ce0544fec2\",\n \"818bf8d4404c2bcee2b47f024f6c0890\",\n \"4a5e5dabcd55e03f1e9237eeca2548ff\",\n \"81336b59656653a481d1e65168f3f213\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of all provider named tokens", "schema": { "$ref": "#/definitions/Tokens" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Provider Id", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listNamedTokensOfProvider id=6ebe7ac282e0188b5336b5d8cfa564d5" } ] }, "delete": { "operationId": "delete_named_tokens_of_provider", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "{provider_named_tokens, ?BINDING(id)}" }, "summary": "Delete named tokens of a provider", "x-bash-codegen-description": "Deletes all named tokens belonging to a specific provider.\n\nThis operation is available for the subject provider (`id`), or the provider's\ncluster member with `cluster_update` privilege. Otherwise requires\n`oz_tokens_manage` admin privilege.\n", "description": "Deletes all named tokens belonging to a specific provider.\n\nThis operation is available for the subject provider (`id`), or the provider's\ncluster member with `cluster_update` privilege. Otherwise requires\n`oz_tokens_manage` admin privilege.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Delete named tokens of a provider**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X DELETE \\\nhttps://$HOST/api/v3/onezone/providers/$PROVIDER_ID/tokens/named\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "All provider's named tokens have been deleted." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Provider Id", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli deleteNamedTokensOfProvider id=6ebe7ac282e0188b5336b5d8cfa564d5" } ] } }, "/providers/{id}/tokens/named/name/{name}": { "get": { "operationId": "get_named_token_of_provider_by_name", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "?BINDING(name)", "aspect": "{provider_named_token, ?BINDING(id)}" }, "x-onedata-permissions": [ "oz_tokens_manage" ], "summary": "Get named token of a provider by name", "x-bash-codegen-description": "Returns the information about a specific provider's named token by token name.\n\nThis operation is available for the subject provider (`id`), or the provider's\ncluster member with `cluster_update` privilege. Otherwise requires\n`oz_tokens_manage` admin privilege.\n", "description": "Returns the information about a specific provider's named token by token name.\n\nThis operation is available for the subject provider (`id`), or the provider's\ncluster member with `cluster_update` privilege. Otherwise requires\n`oz_tokens_manage` admin privilege.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Get named token of a provider by name**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X GET \\\nhttps://$HOST/api/v3/onezone/providers/$PROVIDER_ID/tokens/named/name/my-token-1\n{\n \"id\": \"2b5d0dd5aa6443a69277b5ce0544fec2\",\n \"name\": \"my-token-1\",\n \"subject\": {\n \"type\": \"provider\",\n \"id\": \"6ebe7ac282e0188b5336b5d8cfa564d5\"\n },\n \"type\": {\n \"inviteToken\": {\n \"inviteType\": \"userJoinCluster\",\n \"clusterId\": \"fb73f7ceff5abd995357abbe01c812ce\"\n }\n },\n \"caveats\": [\n {\n \"type\": \"time\",\n \"validUntil\": 1571147494\n },\n {\n \"type\": \"ip\",\n \"whitelist\": [\n \"189.34.15.0/8\",\n \"127.0.0.0/24\",\n \"167.73.12.17\"\n ]\n }\n ],\n \"metadata\": {\n \"creationTime\": 1564721024,\n \"usageLimit\": 15,\n \"usageCount\": 3,\n \"privileges\": [\n \"space_view\",\n \"space_read_data\",\n \"space_view_views\",\n \"space_view_statistics\"\n ],\n \"custom\": {\n \"jobName\": \"experiment-15\",\n \"vm\": \"worker156.cloud.local\"\n }\n },\n \"revoked\": false,\n \"token\": \"MDAxNWxvY2F0aW9uIG9uZXpvbmUKMDAzYmlkZW50aWZpZXIgOEhmSEFSSGdrbHFCa1pWSTR\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the details of a specific named token.", "schema": { "$ref": "#/definitions/NamedToken" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Provider Id", "type": "string", "required": true }, { "name": "name", "in": "path", "description": "Token name", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getNamedTokenOfProviderByName id=$PROVIDER_ID name==my-token-1" } ] } }, "/provider/tokens/temporary": { "post": { "operationId": "create_temporary_token_for_current_provider", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "{provider_temporary_token, ?CLIENT_ID}" }, "summary": "Create temporary token for current provider", "x-bash-codegen-description": "Creates a new temporary token for the provider. Temporary tokens must be\nconfined with a time caveat and are not persisted (cannot be retrieved, listed,\nrevoked, updated or deleted). However, it is possible to revoke all\nexisting temporary tokens of the provider:\n[see more](#operation/revoke_all_temporary_tokens_of_current_provider)).\n\nThis operation can be invoked on behalf of the current provider only.\n", "description": "Creates a new temporary token for the provider. Temporary tokens must be\nconfined with a time caveat and are not persisted (cannot be retrieved, listed,\nrevoked, updated or deleted). However, it is possible to revoke all\nexisting temporary tokens of the provider:\n[see more](#operation/revoke_all_temporary_tokens_of_current_provider)).\n\nThis operation can be invoked on behalf of the current provider only.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Create temporary token for current provider**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X POST \\\n-d '{\"type\": {\"accessToken\":{}}, \"caveats\": [{\"type\": \"time\", \"validUntil\": 1571147494}]}' \\\n-H 'Content-type: application/json' \\\nhttps://$HOST/api/v3/onezone/provider/tokens/temporary\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "Returns the newly created temporary token in serialized form.", "schema": { "type": "object", "properties": { "token": { "$ref": "#/definitions/SerializedToken" } } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "data", "in": "body", "description": "Properties of the new temporary token.", "schema": { "$ref": "#/definitions/TemporaryTokenCreateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createTemporaryTokenForCurrentProvider" } ] }, "get": { "operationId": "get_temporary_token_generation_of_current_provider", "tags": [ "Token" ], "x-onedata-gri": { "type": "temporary_token_secret", "id": "?CLIENT_ID", "aspect": "provider", "scope": "shared" }, "summary": "Get temporary token generation of current provider", "x-bash-codegen-description": "Returns the generation of temporary tokens of the provider. The generation\nis an increasing number that denotes the generation of shared token secret -\nif the secret changes (temporary tokens are revoked), the generation is\nincremented.\n\nThis operation can be invoked on behalf of the current provider only.\n", "description": "Returns the generation of temporary tokens of the provider. The generation\nis an increasing number that denotes the generation of shared token secret -\nif the secret changes (temporary tokens are revoked), the generation is\nincremented.\n\nThis operation can be invoked on behalf of the current provider only.\n\n***Example cURL requests***\n\n**Get temporary token generation of current provider**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X GET \\\nhttps://$HOST/api/v3/onezone/provider/tokens/temporary\n\n{\n \"generation\": 3\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the current temporary token generation.", "schema": { "$ref": "#/definitions/TemporaryTokenGeneration" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getTemporaryTokenGenerationOfCurrentProvider" } ] }, "delete": { "operationId": "revoke_all_temporary_tokens_of_current_provider", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "{provider_temporary_tokens, ?CLIENT_ID}" }, "summary": "Revoke all temporary tokens of current provider", "x-bash-codegen-description": "Immediately revokes (invalidates) all temporary tokens belonging\nto the provider. The operation cannot be undone.\n\nThis operation can be invoked on behalf of the current provider only.\n", "description": "Immediately revokes (invalidates) all temporary tokens belonging\nto the provider. The operation cannot be undone.\n\nThis operation can be invoked on behalf of the current provider only.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Revoke all temporary tokens of current provider**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X DELETE \\\nhttps://$HOST/api/v3/onezone/provider/tokens/temporary\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "The temporary tokens have been revoked." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli revokeAllTemporaryTokensOfCurrentProvider" } ] } }, "/provider/tokens/named": { "post": { "operationId": "create_named_token_for_current_provider", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "{provider_named_token, ?CLIENT_ID}" }, "summary": "Create named token for current provider", "x-bash-codegen-description": "Creates a new named token for the provider. The token name must be unique\nfor the provider.\n\nThis operation can be invoked on behalf of the current provider only.\n", "description": "Creates a new named token for the provider. The token name must be unique\nfor the provider.\n\nThis operation can be invoked on behalf of the current provider only.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Create named token for current provider**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X POST -d '{\"name\": \"new-token\"}' \\\n-H 'Content-type: application/json' \\\nhttps://$HOST/api/v3/onezone/provider/tokens/named\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "Response body contains the Id of newly created named token and its serialized form. Additionally, URI of the created named token in form https://$HOST/api/onezone/v3/tokens/named/{id} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created named token.", "type": "string" } }, "schema": { "$ref": "#/definitions/NamedTokenCreateResponse" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "data", "in": "body", "description": "Properties of the new named token.", "schema": { "$ref": "#/definitions/NamedTokenCreateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createNamedTokenForCurrentProvider name==new-token" } ] }, "get": { "operationId": "list_named_tokens_of_current_provider", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "{provider_named_tokens, ?CLIENT_ID}" }, "summary": "List named tokens of current provider", "x-bash-codegen-description": "Returns the list of provider's named tokens.\n\nThis operation can be invoked on behalf of the current provider only.\n", "description": "Returns the list of provider's named tokens.\n\nThis operation can be invoked on behalf of the current provider only.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**List named tokens of current provider**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X GET \\\nhttps://$HOST/api/v3/onezone/provider/tokens/named\n\n{\n \"tokens\": [\n \"2b5d0dd5aa6443a69277b5ce0544fec2\",\n \"818bf8d4404c2bcee2b47f024f6c0890\",\n \"4a5e5dabcd55e03f1e9237eeca2548ff\",\n \"81336b59656653a481d1e65168f3f213\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of all provider named tokens", "schema": { "$ref": "#/definitions/Tokens" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listNamedTokensOfCurrentProvider" } ] }, "delete": { "operationId": "delete_named_tokens_of_current_provider", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "undefined", "aspect": "{provider_named_tokens, ?CLIENT_ID}" }, "summary": "Delete named tokens of current provider", "x-bash-codegen-description": "Deletes all provider's named tokens.\n\nThis operation can be invoked on behalf of the current provider only.\n", "description": "Deletes all provider's named tokens.\n\nThis operation can be invoked on behalf of the current provider only.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Delete named tokens of current provider**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X DELETE \\\nhttps://$HOST/api/v3/onezone/provider/tokens/named\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "All provider's named tokens have been deleted." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli deleteNamedTokensOfCurrentProvider" } ] } }, "/provider/tokens/named/name/{name}": { "get": { "operationId": "get_named_token_of_current_provider_by_name", "tags": [ "Token" ], "x-onedata-gri": { "type": "od_token", "id": "?BINDING(name)", "aspect": "{provider_named_token, ?CLIENT_ID}" }, "summary": "Get named token of current provider by name", "x-bash-codegen-description": "Returns the information about a provider's named token by token name.\n\nThis operation can be invoked on behalf of the current provider only.\n", "description": "Returns the information about a provider's named token by token name.\n\nThis operation can be invoked on behalf of the current provider only.\n\nYou can learn more about named and temporary tokens\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[named-and-temporary-tokens].html).\n\n***Example cURL requests***\n\n**Get named token of current provider by name**\n```bash\ncurl -H \"x-auth-token: $TOKEN\" -X GET \\\nhttps://$HOST/api/v3/onezone/provider/tokens/named/name/my-token-1\n{\n \"id\": \"2b5d0dd5aa6443a69277b5ce0544fec2\",\n \"name\": \"my-token-1\",\n \"subject\": {\n \"type\": \"provider\",\n \"id\": \"6ebe7ac282e0188b5336b5d8cfa564d5\"\n },\n \"type\": {\n \"inviteToken\": {\n \"inviteType\": \"userJoinCluster\",\n \"clusterId\": \"fb73f7ceff5abd995357abbe01c812ce\"\n }\n },\n \"caveats\": [\n {\n \"type\": \"time\",\n \"validUntil\": 1571147494\n },\n {\n \"type\": \"ip\",\n \"whitelist\": [\n \"189.34.15.0/8\",\n \"127.0.0.0/24\",\n \"167.73.12.17\"\n ]\n }\n ],\n \"metadata\": {\n \"creationTime\": 1564721024,\n \"usageLimit\": 15,\n \"usageCount\": 3,\n \"privileges\": [\n \"space_view\",\n \"space_read_data\",\n \"space_view_views\",\n \"space_view_statistics\"\n ],\n \"custom\": {\n \"jobName\": \"experiment-15\",\n \"vm\": \"worker156.cloud.local\"\n }\n },\n \"revoked\": false,\n \"token\": \"MDAxNWxvY2F0aW9uIG9uZXpvbmUKMDAzYmlkZW50aWZpZXIgOEhmSEFSSGdrbHFCa1pWSTR\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Returns the details of a specific named token.", "schema": { "$ref": "#/definitions/NamedToken" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "name", "in": "path", "description": "Token name", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getNamedTokenOfCurrentProviderByName name==my-token-1" } ] } }, "/handle_services": { "get": { "operationId": "list_handle_services", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_handle_service", "aspect": "list" }, "x-onedata-permissions": [ "oz_handle_services_list" ], "summary": "List handle services", "x-bash-codegen-description": "Returns the list of registered handle services.\n\nThis operation requires `oz_handle_services_list` admin privilege.\n", "description": "Returns the list of registered handle services.\n\nThis operation requires `oz_handle_services_list` admin privilege.\n\n\n***Example cURL requests***\n\n**Get handle services**\n```bash\ncurl -u username:password -X GET https://$HOST/api/v3/handle_services\n\n{\n \"handle_services\": [\n \"0fe7c8a20ffdf07480c46f084bc3b8d5\",\n \"302da048de67e2ea05f0af1d0fe7c8a2\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of identifiers of registered handle services.", "schema": { "$ref": "#/definitions/HandleServices" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getHandleServices" } ] }, "post": { "operationId": "add_handle_service", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_handle_service", "aspect": "instance" }, "x-onedata-permissions": [ "oz_handle_services_create" ], "summary": "Add handle service", "x-bash-codegen-description": "Allows to register a new handle service.\n\nThis operation requires `oz_handle_services_create` admin privilege.\n", "description": "Allows to register a new handle service.\n\nThis operation requires `oz_handle_services_create` admin privilege.\n\nSee also: \n[Create a new handle service for the current user](#operation/add_user_handle_service) \n[Create a new handle service for given group](#operation/add_group_handle_service) \n\n***Example cURL requests***\n\n**Add handle services**\n```bash\ncurl -u username:password -X POST -H \"Content-type: application/json\" \\\n-d '{ ... }' https://$HOST/api/v3/handle_services\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the created handle service in form https://$HOST/api/onezone/v3/handle_services/{id} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created handle service.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "handleService", "in": "body", "required": true, "schema": { "$ref": "#/definitions/HandleService" } } ], "x-code-samples": [ { "lang": "Shell", "source": "cat hndl_service.json | onezone-rest-cli addHandleService -" } ] } }, "/handle_services/privileges": { "get": { "operationId": "list_handle_service_privileges", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_handle_service", "aspect": "privileges" }, "x-onedata-permissions": [], "summary": "List all handle service privileges", "x-bash-codegen-description": "Returns list of all possible handle service privileges.\n\nThis endpoint does not require authentication.\n", "description": "Returns list of all possible handle service privileges.\n\nThis endpoint does not require authentication.\n\n***Example cURL requests***\n\n**Get list of all handle service privileges**\n```bash\ncurl https://$HOST/api/v3/onezone/handle_services/privileges\n\n{\n \"admin\": [\n \"handle_service_view\",\n \"handle_service_update\",\n \"handle_service_delete\",\n \"handle_service_register_handle\",\n \"handle_service_list_handles\"\n ],\n \"member\": [\n \"handle_service_view\",\n \"handle_service_register_handle\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "List of all handle service privileges", "schema": { "type": "object", "properties": { "admin": { "$ref": "#/definitions/HandleServicePrivileges" }, "member": { "$ref": "#/definitions/HandleServiceMemberPrivileges" } } } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listHandleServicePrivileges" } ] } }, "/handle_services/{id}": { "get": { "operationId": "get_handle_service", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_handle_service", "id": "?BINDING(id)", "aspect": "instance", "scope": "protected" }, "x-onedata-permissions": [ "oz_handle_services_view" ], "summary": "Get handle service", "x-bash-codegen-description": "Returns the properties of a specific handle service.\n\nThis operation requires `oz_handle_services_view` admin privilege or\nhandle service membership.\n", "description": "Returns the properties of a specific handle service.\n\nThis operation requires `oz_handle_services_view` admin privilege or\nhandle service membership.\n\n***Example cURL requests***\n\n**Get handle services**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handle_services/$HANDLE_SERVICE_ID\n\n{\n \"handleServiceId\": \"0fe7c8a20ffdf07480c46f084bc3b8d5\",\n \"name\": \"MyCommunity Handle service\",\n \"proxyEndpoint\": \"https://localhost:17000/handle_proxy\",\n \"serviceProperties\": {\n \"allowTemplateOverride\": false,\n \"doiEndpoint\": \"/doi\",\n \"host\": \"https://mds.test.datacite.org\",\n \"identifierTemplate\": \"{{space.name}}-{{space.guid}}\",\n \"mediaEndpoint\": \"/media\",\n \"metadataEndpoint\": \"/metadata\",\n \"password\": \"pa$$word\",\n \"prefix\": 10.5072,\n \"type\": \"DOI\",\n \"username\": \"alice\"\n },\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The details of specific handle service.", "schema": { "$ref": "#/definitions/HandleService" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getHandleService id=a4d3bc73aada63052310652d421609f1" } ] }, "patch": { "operationId": "handle_service_update", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_handle_service", "id": "?BINDING(id)", "aspect": "instance" }, "x-onedata-permissions": [ "handle_service_update", "oz_handle_services_update" ], "summary": "Modify handle service", "x-bash-codegen-description": "Allows to update a registered handle service.\n\nThis operation requires `handle_service_update` privilege or\n`oz_handle_services_update` admin privilege.\n", "description": "Allows to update a registered handle service.\n\nThis operation requires `handle_service_update` privilege or\n`oz_handle_services_update` admin privilege.\n\n***Example cURL requests***\n\n**Modify handle service password**\n```bash\ncurl -u username:password -X PATCH -H \"Content-type: application/json\" \\\n-d '{\"name\": \"New handle service name\"}' \\\nhttps://$HOST/api/v3/handle_services/$HANDLE_SERVICE_ID\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "Update was successful." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "required": true, "type": "string" }, { "name": "handleService", "in": "body", "required": true, "schema": { "$ref": "#/definitions/HandleServiceUpdate" } } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli modifyHandleService id=a4d3bc73aada63052310652d421609f1 password==\"new_password\" -" } ] }, "delete": { "operationId": "remove_handle_service", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_handle_service", "id": "?BINDING(id)", "aspect": "instance" }, "x-onedata-permissions": [ "handle_service_delete", "oz_handle_services_delete" ], "summary": "Unregister handle service", "x-bash-codegen-description": "Allows to unregister a registeed handle service.\n\nThis operation requires `handle_service_delete` privilege or\n`oz_handle_services_delete` admin privilege.\n", "description": "Allows to unregister a registeed handle service.\n\nThis operation requires `handle_service_delete` privilege or\n`oz_handle_services_delete` admin privilege.\n\n***Example cURL requests***\n\n**Unregister handle service**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/handle_services/$HANDLE_SERVICE_ID\n```\n", "responses": { "204": { "description": "Handle service will be unregistered." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeHandleService id=a4d3bc73aada63052310652d421609f1" } ] } }, "/handle_services/{id}/users": { "get": { "operationId": "list_handle_service_users", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_handle_service", "id": "?BINDING(id)", "aspect": "users" }, "x-onedata-permissions": [ "handle_service_view", "oz_handle_services_list_relationships" ], "summary": "Get handle service users", "x-bash-codegen-description": "Returns all users with access to a handle service instance\n\nThis operation requires `handle_service_view` privilege\nor `oz_handle_services_list_relationships` admin privilege.\n", "description": "Returns all users with access to a handle service instance\n\nThis operation requires `handle_service_view` privilege\nor `oz_handle_services_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Get handle service users**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handle_services/$HANDLE_SERVICE_ID/users\n\n{\n \"users\": [\n \"9d9687a61855be21a31c34359b1fa0d4\",\n \"89389b5483bb60288e6f0a7af488e710\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of identifiers of users with access to specific handle service.", "schema": { "$ref": "#/definitions/Users" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listHandleServiceUsers id=a4d3bc73aada63052310652d421609f1" } ] } }, "/handle_services/{id}/users/{uid}": { "get": { "operationId": "get_handle_service_user", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_user", "id": "?BINDING(uid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_HANDLE_SERVICE(?BINDING(id))", "x-onedata-permissions": [ "handle_service_view", "oz_users_view" ], "summary": "Get handle service user", "x-bash-codegen-description": "Allows to get a user to a handle service.\n\nThis operation requires `handle_service_view` privilege\nor `oz_users_view` admin privilege.\n", "description": "Allows to get a user to a handle service.\n\nThis operation requires `handle_service_view` privilege\nor `oz_users_view` admin privilege.\n\n***Example cURL requests***\n\n**Add handle service user**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handle_services/$HANDLE_SERVICE_ID/users/$USER_ID\n\n{\n \"userId\" : \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"fullName\" : \"John Doe\",\n \"username\" : \"jodoe\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "User details returned.", "schema": { "$ref": "#/definitions/User" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "required": true, "type": "string" }, { "name": "uid", "in": "path", "description": "The Id of the user to return information about.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getHandleServiceUser id=a4d3bc73aada63052310652d421609f1 uid=5ca9574418d5a2c509265d37356ee549" } ] }, "put": { "operationId": "add_handle_service_user", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_handle_service", "id": "?BINDING(id)", "aspect": "{user, ?BINDING(uid)}" }, "x-onedata-permissions": [ "handle_service_update", "oz_handle_services_add_relationships", "oz_users_add_relationships" ], "summary": "Add handle service user", "x-bash-codegen-description": "Allows to add a user to a handle service.\n\nThis operation requires `handle_service_update` privilege\nor `oz_handle_services_add_relationships` and `oz_users_add_relationships` admin privilege.\n", "description": "Allows to add a user to a handle service.\n\nThis operation requires `handle_service_update` privilege\nor `oz_handle_services_add_relationships` and `oz_users_add_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Add handle service user**\n```bash\ncurl -u username:password -X PUT \\\nhttps://$HOST/api/v3/handle_services/$HANDLE_SERVICE_ID/users/$USER_ID\n```\n", "produces": [ "application/json" ], "responses": { "204": { "description": "User added successfully." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "required": true, "type": "string" }, { "name": "uid", "in": "path", "description": "The Id of the user to add to handle service.", "required": true, "type": "string" }, { "name": "data", "in": "body", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/HandleServicePrivileges" } } }, "required": false } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli addHandleServiceUser id=a4d3bc73aada63052310652d421609f1 uid=5ca9574418d5a2c509265d37356ee549" } ] }, "delete": { "operationId": "remove_handle_service_user", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_handle_service", "id": "?BINDING(id)", "aspect": "{user, ?BINDING(uid)}" }, "x-onedata-permissions": [ "handle_service_update", "oz_handle_services_remove_relationships", "oz_users_remove_relationships" ], "summary": "Remove handle service user", "x-bash-codegen-description": "Allows to remove a user from access to a handle service.\n\nThis operation requires `handle_service_update` privilege\nor `oz_handle_services_remove_relationships` and `oz_users_remove_relationships` admin privilege.\n", "description": "Allows to remove a user from access to a handle service.\n\nThis operation requires `handle_service_update` privilege\nor `oz_handle_services_remove_relationships` and `oz_users_remove_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Remove handle service user**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/handle_services/$HANDLE_SERVICE_ID/users/$USER_ID\n```\n", "responses": { "204": { "description": "User was removed from handle service." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "required": true, "type": "string" }, { "name": "uid", "in": "path", "description": "The Id of the user to remove from handle service.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeHandleServiceUser id=a4d3bc73aada63052310652d421609f1 uid=5ca9574418d5a2c509265d37356ee549" } ] } }, "/handle_services/{id}/users/{uid}/privileges": { "get": { "operationId": "list_user_handle_service_privileges", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_handle_service", "id": "?BINDING(id)", "aspect": "{user_privileges, ?BINDING(uid)}" }, "x-onedata-permissions": [ "handle_service_view", "oz_handle_services_view_privileges" ], "summary": "List user's handle service privileges", "x-bash-codegen-description": "Returns the list of user's (`{uid}`) privileges in a handle service (`{id}`).\n\nThis operation requires `handle_service_view` privilege\nor `oz_handle_services_view_privileges` admin privilege.\n", "description": "Returns the list of user's (`{uid}`) privileges in a handle service (`{id}`).\n\nThis operation requires `handle_service_view` privilege\nor `oz_handle_services_view_privileges` admin privilege.\n\n***Example cURL requests***\n\n**List user's privileges in a handle service**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handle_services/$HANDLE_SERVICE_ID/users/$USER_ID/privileges\n\n{\n \"privileges\": [\n \"handle_service_register_handle\",\n \"handle_service_update\",\n \"handle_service_view\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of user's privileges in the handle service.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/HandleServicePrivileges" } }, "example": { "privileges": [ "handle_service_register_handle", "handle_service_update", "handle_service_view" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "Effective group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listUserHandleServicePrivileges id=a4d3bc73aada63052310652d421609f1 uid=5ca9574418d5a2c509265d37356ee549" } ] }, "patch": { "operationId": "update_group_handle_service_privileges", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_handle_service", "id": "?BINDING(id)", "aspect": "{user_privileges, ?BINDING(uid)}" }, "x-onedata-permissions": [ "handle_service_update", "oz_handle_services_set_privileges" ], "summary": "Update user's handle service privileges", "x-bash-codegen-description": "Updates user's (`{uid}`) privileges in a handle service (`{id}`).\n\nThis operation requires `handle_service_update` privilege\nor `oz_handle_services_set_privileges` admin privilege.\n", "description": "Updates user's (`{uid}`) privileges in a handle service (`{id}`).\n\nThis operation requires `handle_service_update` privilege\nor `oz_handle_services_set_privileges` admin privilege.\n\nThe `grant` field specifies a list of privileges to be granted. The `revoke`\nfield specifies a list of privileges to be revoked. At least one of those\nfields must be given.\n\n***Example cURL requests***\n\n**Update user's privileges in a handle service**\n```bash\ncurl -u username:password -X PATCH -H \"Content-type: application/json\" \\\n-d '{\"grant\": [\"handle_service_register_handle\"], \"revoke\": [\"handle_service_update\"]}' \\\nhttps://$HOST/api/v3/handle_services/$HANDLE_SERVICE_ID/users/$USER_ID/privileges\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "The privileges have been updated." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true }, { "name": "privileges", "in": "body", "description": "Handle service privileges update request.", "schema": { "$ref": "#/definitions/HandleServicePrivileges" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "echo '{\"grant\": [\"handle_service_register_handle\"], \"revoke\": [\"handle_service_update\"]}' | onezone-rest-cli updateUserHandleServicePrivileges id=a4d3bc73aada63052310652d421609f1 uid=5ca9574418d5a2c509265d37356ee549 -" } ] } }, "/handle_services/{id}/effective_users": { "get": { "operationId": "list_effective_handle_service_users", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_handle_service", "id": "?BINDING(id)", "aspect": "eff_users" }, "x-onedata-permissions": [ "handle_service_view", "oz_handle_services_list_relationships" ], "summary": "Get effective handle service users", "x-bash-codegen-description": "Returns all users with access to a handle service instance\n\nThis operation requires `handle_service_view` privilege \nor `oz_handle_services_list_relationships` admin privilege.\n", "description": "Returns all users with access to a handle service instance\n\nThis operation requires `handle_service_view` privilege\nor `oz_handle_services_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Get handle service users**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handle_services/$HANDLE_SERVICE_ID/effective_users\n\n{\n \"users\": [\n \"9d9687a61855be21a31c34359b1fa0d4\",\n \"89389b5483bb60288e6f0a7af488e710\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of identifiers of users with access to specific handle service.", "schema": { "$ref": "#/definitions/Users" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveHandleServiceUsers id=a4d3bc73aada63052310652d421609f1" } ] } }, "/handle_services/{id}/effective_users/{uid}": { "get": { "operationId": "get_effective_handle_service_user", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_user", "id": "?BINDING(uid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_HANDLE_SERVICE(?BINDING(id))", "x-onedata-permissions": [ "handle_service_view", "oz_users_view" ], "summary": "Get effective handle service user", "x-bash-codegen-description": "Allows to get a user to a handle service.\n\nThis operation requires `handle_service_view` privilege\nor `oz_users_view` admin privilege.\n", "description": "Allows to get a user to a handle service.\n\nThis operation requires `handle_service_view` privilege\nor `oz_users_view` admin privilege.\n\n***Example cURL requests***\n\n**Get effective handle service user**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handle_services/$HANDLE_SERVICE_ID/effective_users/$USER_ID\n\n{\n \"userId\" : \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"fullName\" : \"John Doe\",\n \"username\" : \"jodoe\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "User added successfully.", "schema": { "$ref": "#/definitions/User" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "required": true, "type": "string" }, { "name": "uid", "in": "path", "description": "The Id of the user to return information about.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveHandleServiceUser id=a4d3bc73aada63052310652d421609f1 uid=5ca9574418d5a2c509265d37356ee549" } ] } }, "/handle_services/{id}/effective_users/{uid}/privileges": { "get": { "operationId": "list_effective_user_handle_service_privileges", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_handle_service", "id": "?BINDING(id)", "aspect": "{eff_user_privileges, ?BINDING(uid)}" }, "x-onedata-permissions": [ "handle_service_view", "oz_handle_services_view_privileges" ], "summary": "List effective user's handle service privileges", "x-bash-codegen-description": "Returns the list of effective user's (`{uid}`) privileges in a handle service (`{id}`).\n\nEffective privileges are a sum of user's privileges and privileges\ninherited from his group memberships.\n\nThis operation requires `handle_service_view` privilege\nor `oz_handle_services_view_privileges` admin privilege.\n", "description": "Returns the list of effective user's (`{uid}`) privileges in a handle service (`{id}`).\n\nEffective privileges are a sum of user's privileges and privileges\ninherited from his group memberships.\n\nThis operation requires `handle_service_view` privilege\nor `oz_handle_services_view_privileges` admin privilege.\n\n***Example cURL requests***\n\n**List effective user's privileges in a handle service**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handle_services/$HANDLE_SERVICE_ID/effective_users/$USER_ID/privileges\n\n{\n \"privileges\": [\n \"handle_service_register_handle\",\n \"handle_service_update\",\n \"handle_service_view\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of effective user's privileges in the handle service.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/HandleServicePrivileges" } }, "example": { "privileges": [ "handle_service_register_handle", "handle_service_update", "handle_service_view" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "Effective user Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listUserEffectiveHandleServicePrivileges id=a4d3bc73aada63052310652d421609f1 uid=5ca9574418d5a2c509265d37356ee549" } ] } }, "/handle_services/{id}/groups": { "get": { "operationId": "list_handle_service_groups", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_handle_service", "id": "?BINDING(id)", "aspect": "groups" }, "x-onedata-permissions": [ "handle_service_view", "oz_handle_services_list_relationships" ], "summary": "List handle service groups", "x-bash-codegen-description": "Returns all groups with access to a handle service instance\n\nThis operation requires `handle_service_view` privilege\nor `oz_handle_services_list_relationships` admin privilege.\n", "description": "Returns all groups with access to a handle service instance\n\nThis operation requires `handle_service_view` privilege\nor `oz_handle_services_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Get handle service groups**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handle_services/$HANDLE_SERVICE_ID/groups\n\n{\n \"groups\": [\n \"9d9687a61855be21a31c34359b1fa0d4\",\n \"89389b5483bb60288e6f0a7af488e710\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of identifiers of groups with access to specific handle service.", "schema": { "$ref": "#/definitions/Groups" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listHandleServiceGroups id=a4d3bc73aada63052310652d421609f1" } ] } }, "/handle_services/{id}/groups/{gid}": { "get": { "operationId": "get_handle_service_group", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(gid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_HANDLE_SERVICE(?BINDING(id))", "x-onedata-permissions": [ "handle_service_view", "oz_groups_view" ], "summary": "Get handle service group details", "x-bash-codegen-description": "Get details of a group with access to handle service.\n\nThis operation requires `handle_service_view` privilege\nor `oz_groups_view` admin privilege.\n", "description": "Get details of a group with access to handle service.\n\nThis operation requires `handle_service_view` privilege\nor `oz_groups_view` admin privilege.\n\n***Example cURL requests***\n\n**Get group handle service**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handle_services/$HANDLE_SERVICE_ID/groups/$GROUP_ID\n\n{\n \"groupId\":\"HwUpk8jrwxKOe45uzLFX2GVa8lKEasj4q253sptVqF8\",\n \"name\":\"Group name\",\n \"type\":\"team\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Group details returned.", "schema": { "$ref": "#/definitions/Group" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "required": true, "type": "string" }, { "name": "gid", "in": "path", "description": "The Id of the group to return information about.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getHandleServiceGroup id=a4d3bc73aada63052310652d421609f1 gid=5ca9574418d5a2c509265d37356ee549" } ] }, "put": { "operationId": "add_handle_service_group", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_handle_service", "id": "?BINDING(id)", "aspect": "{group, ?BINDING(gid)}" }, "x-onedata-permissions": [ "handle_service_update", "oz_handle_services_add_relationships", "oz_groups_add_relationships" ], "summary": "Add handle service group", "x-bash-codegen-description": "Allows to add a group to a handle service.\n\nThis operation requires `handle_service_update` privilege\nor `oz_handle_services_add_relationships` and `oz_groups_add_relationships` admin privilege.\n", "description": "Allows to add a group to a handle service.\n\nThis operation requires `handle_service_update` privilege\nor `oz_handle_services_add_relationships` and `oz_groups_add_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Add handle service user**\n```bash\ncurl -u username:password -X PUT \\\nhttps://$HOST/api/v3/handle_services/$HANDLE_SERVICE_ID/groups/$GROUP_ID\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the added group in form https://$HOST/api/onezone/v3/handle_services/{id}/groups/{gid} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the added group.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "required": true, "type": "string" }, { "name": "gid", "in": "path", "description": "The Id of the group to add to handle service.", "required": true, "type": "string" }, { "name": "data", "in": "body", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/HandleServicePrivileges" } } } } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli addHandleServiceGroup id=a4d3bc73aada63052310652d421609f1 gid=5ca9574418d5a2c509265d37356ee549" } ] }, "delete": { "operationId": "remove_handle_service_group", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_handle_service", "id": "?BINDING(id)", "aspect": "{group, ?BINDING(gid)}" }, "x-onedata-permissions": [ "handle_service_update", "oz_handle_services_remove_relationships", "oz_users_remove_relationships" ], "summary": "Remove handle service group", "x-bash-codegen-description": "Allows to remove a group from access to a handle service.\n\nThis operation requires `handle_service_update` privilege\nor `oz_handle_services_remove_relationships` and `oz_groups_remove_relationships` admin privilege.\n", "description": "Allows to remove a group from access to a handle service.\n\nThis operation requires `handle_service_update` privilege\nor `oz_handle_services_remove_relationships` and `oz_groups_remove_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Remove handle service group**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/handle_services/$HANDLE_SERVICE_ID/groups/$GROUP_ID\n```\n", "responses": { "204": { "description": "Group was removed." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "required": true, "type": "string" }, { "name": "gid", "in": "path", "description": "The Id of the group to remove from handle service.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeHandleServiceGroup id=a4d3bc73aada63052310652d421609f1 gid=5ca9574418d5a2c509265d37356ee549" } ] } }, "/handle_services/{id}/groups/{gid}/privileges": { "get": { "operationId": "list_group_handle_service_privileges", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_handle_service", "id": "?BINDING(id)", "aspect": "{group_privileges, ?BINDING(gid)}" }, "x-onedata-permissions": [ "handle_service_view", "oz_handle_services_view_privileges" ], "summary": "List group's handle service privileges", "x-bash-codegen-description": "Returns the list of group's (`{gid}`) privileges in a handle service (`{id}`).\n\nThis operation requires `handle_service_view` privilege.\nFor administrator who does not belong to this group\n`oz_handle_services_view_privileges` privilege is required.\n", "description": "Returns the list of group's (`{gid}`) privileges in a handle service (`{id}`).\n\nThis operation requires `handle_service_view` privilege.\nFor administrator who does not belong to this group\n`oz_handle_services_view_privileges` privilege is required.\n\n***Example cURL requests***\n\n**List group's privileges in a handle service**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handle_services/$HANDLE_SERVICE_ID/groups/$GROUP_ID/privileges\n\n{\n \"privileges\": [\n \"handle_service_register_handle\",\n \"handle_service_update\",\n \"handle_service_view\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of group's privileges in the handle service.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/HandleServicePrivileges" } }, "example": { "privileges": [ "handle_service_register_handle", "handle_service_update", "handle_service_view" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Effective group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listGroupHandleServicePrivileges id=a4d3bc73aada63052310652d421609f1 gid=5ca9574418d5a2c509265d37356ee549" } ] }, "patch": { "operationId": "update_group_handle_service_privileges", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_handle_service", "id": "?BINDING(id)", "aspect": "{group_privileges, ?BINDING(gid)}" }, "x-onedata-permissions": [ "handle_service_update", "oz_handle_services_set_privileges" ], "summary": "Update group's handle service privileges", "x-bash-codegen-description": "Updates group's (`{gid}`) privileges in a handle service (`{id}`).\n\nThis operation requires `handle_service_update` privilege.\nFor administrator who does not belong to this group\n`oz_handle_services_set_privileges` privilege is required.\n", "description": "Updates group's (`{gid}`) privileges in a handle service (`{id}`).\n\nThis operation requires `handle_service_update` privilege.\nFor administrator who does not belong to this group\n`oz_handle_services_set_privileges` privilege is required.\n\nThe `grant` field specifies a list of privileges to be granted. The `revoke`\nfield specifies a list of privileges to be revoked. At least one of those\nfields must be given.\n\n***Example cURL requests***\n\n**Update group's privileges in a handle service**\n```bash\ncurl -u username:password -X PATCH -H \"Content-type: application/json\" \\\n-d '{\"grant\": [\"handle_service_register_handle\"], \"revoke\": [\"handle_service_update\"]}' \\\nhttps://$HOST/api/v3/handle_services/$HANDLE_SERVICE_ID/groups/$GROUP_ID/privileges\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "The privileges have been updated." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "privileges", "in": "body", "description": "Handle service privileges update request.", "schema": { "$ref": "#/definitions/HandleServicePrivilegesUpdate" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "echo '{\"grant\": [\"handle_service_register_handle\"], \"revoke\": [\"handle_service_update\"]}' | onezone-rest-cli updateGroupHandleServicePrivileges id=a4d3bc73aada63052310652d421609f1 gid=5ca9574418d5a2c509265d37356ee549 -" } ] } }, "/handle_services/{id}/effective_groups": { "get": { "operationId": "list_effective_handle_service_groups", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_handle_service", "id": "?BINDING(id)", "aspect": "eff_groups" }, "x-onedata-permissions": [ "handle_service_view", "oz_handle_services_list_relationships" ], "summary": "List effective handle service groups", "x-bash-codegen-description": "Returns all groups with effective access to a handle service instance\n\nThis operation requires `handle_service_view` privilege or\n`oz_handle_services_list_relationships` admin privilege.\n", "description": "Returns all groups with effective access to a handle service instance\n\nThis operation requires `handle_service_view` privilege or\n`oz_handle_services_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Get effective handle service groups**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handle_services/$HANDLE_SERVICE_ID/effective_groups\n\n{\n \"groups\": [\n \"9d9687a61855be21a31c34359b1fa0d4\",\n \"89389b5483bb60288e6f0a7af488e710\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of identifiers of groups with access to specific handle service.", "schema": { "$ref": "#/definitions/Groups" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveHandleServiceGroups id=a4d3bc73aada63052310652d421609f1" } ] } }, "/handle_services/{id}/effective_groups/{gid}": { "get": { "operationId": "get_effective_handle_service_group", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(gid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_HANDLE_SERVICE(?BINDING(id))", "x-onedata-permissions": [ "handle_service_view", "oz_groups_view" ], "summary": "Get effective handle service group", "x-bash-codegen-description": "Get details of a group with effective access to handle service.\n\nThis operation requires `handle_service_view` privilege\nor `oz_groups_view` admin privilege.\n", "description": "Get details of a group with effective access to handle service.\n\nThis operation requires `handle_service_view` privilege\nor `oz_groups_view` admin privilege.\n\n***Example cURL requests***\n\n**Get effective handle service group details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handle_services/$HANDLE_SERVICE_ID/effective_groups/$GROUP_ID\n\n{\n \"groupId\":\"HwUpk8jrwxKOe45uzLFX2GVa8lKEasj4q253sptVqF8\",\n \"name\":\"Group name\",\n \"type\":\"team\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Group details returned.", "schema": { "$ref": "#/definitions/Group" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "required": true, "type": "string" }, { "name": "gid", "in": "path", "description": "The Id of the group to return information about.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveHandleServiceGroup id=a4d3bc73aada63052310652d421609f1 gid=5ca9574418d5a2c509265d37356ee549" } ] } }, "/handle_services/{id}/effective_groups/{gid}/privileges": { "get": { "operationId": "list_effective_group_handle_service_privileges", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_handle_service", "id": "?BINDING(id)", "aspect": "{eff_group_privileges, ?BINDING(gid)}" }, "x-onedata-permissions": [ "handle_service_view", "oz_handle_services_view_privileges" ], "summary": "List effective group's handle service privileges", "x-bash-codegen-description": "Returns the list of effective group's (`{gid}`) privileges in a handle service (`{id}`).\n\nEffective privileges are a sum of group's privileges and privileges\ninherited from its parent group memberships.\n\nThis operation requires `handle_service_view` privilege\nor `oz_handle_services_view_privileges` admin privilege.\n", "description": "Returns the list of effective group's (`{gid}`) privileges in a handle service (`{id}`).\n\nEffective privileges are a sum of group's privileges and privileges\ninherited from its parent group memberships.\n\nThis operation requires `handle_service_view` privilege\nor `oz_handle_services_view_privileges` admin privilege.\n\n***Example cURL requests***\n\n**List effective group's privileges in a handle service**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handle_services/$HANDLE_SERVICE_ID/effective_groups/$GROUP_ID/privileges\n\n{\n \"privileges\": [\n \"handle_service_register_handle\",\n \"handle_service_update\",\n \"handle_service_view\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of effective group's privileges in the handle service.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/HandleServicePrivileges" } }, "example": { "privileges": [ "handle_service_register_handle", "handle_service_update", "handle_service_view" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Effective group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveGroupHandleServicePrivileges id=a4d3bc73aada63052310652d421609f1 gid=5ca9574418d5a2c509265d37356ee549" } ] } }, "/handle_services/{id}/handles": { "get": { "operationId": "list_handleservice_handles", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_handle_service", "id": "?BINDING(id)", "aspect": "handles" }, "x-onedata-permissions": [ "handle_service_list_handles", "oz_handle_services_list_relationships" ], "summary": "List handle service handles", "x-bash-codegen-description": "Returns the list of Ids of all handles registered by handle service.\n\nThis operation requires `handle_service_list_handles` privilege\nor `oz_handle_services_list_relationships` admin privilege.\n", "description": "Returns the list of Ids of all handles registered by handle service.\n\nThis operation requires `handle_service_list_handles` privilege\nor `oz_handle_services_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Get handle services handles**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handle_services/13c6bf68ed88dd01f396571f976b148d/handles\n\n{\n \"handles\": [\n \"0fe7c8a20ffdf07480c46f084bc3b8d5\",\n \"302da048de67e2ea05f0af1d0fe7c8a2\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of handle identifiers.", "schema": { "$ref": "#/definitions/Handles" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getHandleServicesHandles id=33f5e5925f6ec7ddf8f68516b2980fdb" } ] } }, "/handle_services/{id}/handles/{hid}": { "get": { "operationId": "get_handle_service_handle", "tags": [ "Handle Service" ], "x-onedata-gri": { "type": "od_handle", "id": "?BINDING(hid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_HANDLE_SERVICE(?BINDING(id))", "x-onedata-permissions": [ "handle_service_view", "oz_handles_view" ], "summary": "Get handle from handle service", "x-bash-codegen-description": "Returns the details of a specific handle registered by handle service.\n\nThis operation requires `handle_service_view` privilege or\n`oz_handles_view` admin privilege.\n", "description": "Returns the details of a specific handle registered by handle service.\n\nThis operation requires `handle_service_view` privilege\nor `oz_handles_view` admin privilege.\n\n***Example cURL requests***\n\n**Get handle services handle**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handle_services/13c6bf68ed88dd01f396571f976b148d/handles/$HANDLE_ID\n\n{\n \"handleId\": \"95b663a6467c72ab1256865efef9e387\",\n \"handleServiceId\": \"97c27230017cd54c1220189e357322c4\",\n \"resourceType\": \"Share\",\n \"resourceId\": \"d6ee1aecf03b23f09756d6a49e435455\",\n \"metadata\": \"\n \n \n \n Example Resource\n John Doe\n MIT\n 2000-06-06\n \n \",\n \"timestamp\": \"1997-07-16T19:20\",\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of handle identifiers.", "schema": { "$ref": "#/definitions/Handle" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle service Id.", "required": true, "type": "string" }, { "name": "hid", "in": "path", "description": "Handle Id.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getHandleServiceHandle id=33f5e5925f6ec7ddf8f68516b2980fdb hid=f3322ec0d5557f9d94c89180f83b462f" } ] } }, "/handles": { "get": { "operationId": "list_handles", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_handle", "aspect": "list" }, "x-onedata-permissions": [ "oz_handles_list" ], "summary": "List handles", "x-bash-codegen-description": "Returns the list of Ids of all handles registered in Onezone.\n\nThis operation requires `oz_handles_list` admin privilege.\n", "description": "Returns the list of Ids of all handles registered in Onezone.\n\nThis operation requires `oz_handles_list` admin privilege.\n\n***Example cURL requests***\n\n**Get handles**\n```bash\ncurl -u username:password -X GET https://$HOST/api/v3/handles\n\n{\n \"handles\": [\n \"0fe7c8a20ffdf07480c46f084bc3b8d5\",\n \"302da048de67e2ea05f0af1d0fe7c8a2\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of handle identifiers.", "schema": { "$ref": "#/definitions/Handles" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listHandles" } ] }, "post": { "operationId": "handle_service_register_handle", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_handle", "aspect": "instance" }, "x-onedata-permissions": [ "handle_service_register_handle", "oz_handles_create" ], "summary": "Register handle", "x-bash-codegen-description": "Allows to register a new handle identifier, using a specific handle service.\n\nThe handle service must be registered in Onedata separately.\n\nThis operation requires `handle_service_register_handle` privilege, which needs to\nbe assigned to a specific handle service\nor `oz_handles_create` admin privilege.\n", "description": "Allows to register a new handle identifier, using a specific handle service.\n\nThe handle service must be registered in Onedata separately.\n\nSee also: \n[Create a new handle for the current user](#operation/create_user_handle) \n[Create a new handle for given group](#operation/create_group_handle) \n\nThis operation requires `handle_service_register_handle` privilege, which needs to\nbe assigned to a specific handle service\nor `oz_handles_create` admin privilege.\n\n***Example cURL requests***\n\n**Register handle**\n```bash\ncurl -u username:password -X POST -H \"Content-type: application/json\" \\\n-d '{ \"handleServiceId\": \"ddb06ed993bae95f2f430664fff122f7\", \"resourceType\": \"Share\", \"resourceId\": \"4fa683cbda8d8f686d15d42720af431d\", \"metadata\": \"...\" }' \\\nhttps://$HOST/api/v3/handles\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the created handle in form https://$HOST/api/onezone/v3/handles/{id} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created handle.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "handleRegistrationRequest", "in": "body", "required": true, "schema": { "$ref": "#/definitions/HandleRegistrationRequest" } } ], "x-code-samples": [ { "lang": "Shell", "source": "cat hndl_request.json | onezone-rest-cli registerHandle -" } ] } }, "/handles/privileges": { "get": { "operationId": "list_handle_privileges", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_handle", "aspect": "privileges" }, "x-onedata-permissions": [], "summary": "List all handle privileges", "x-bash-codegen-description": "Returns list of all possible handle privileges.\n\nThis endpoint does not require authentication.\n", "description": "Returns list of all possible handle privileges.\n\nThis endpoint does not require authentication.\n\n***Example cURL requests***\n\n**Get list of all handle privileges**\n```bash\ncurl https://$HOST/api/v3/onezone/handles/privileges\n\n{\n \"admin\": [\n \"handle_view\",\n \"handle_update\",\n \"handle_delete\"\n ],\n \"member\": [\n \"handle_view\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "List of all handle privileges", "schema": { "type": "object", "properties": { "admin": { "$ref": "#/definitions/HandlePrivileges" }, "member": { "$ref": "#/definitions/HandleMemberPrivileges" } } } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listHandlePrivileges" } ] } }, "/handles/{id}": { "get": { "operationId": "get_handle", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_handle", "id": "?BINDING(id)", "aspect": "instance", "scope": "protected" }, "x-onedata-permissions": [ "handle_view", "oz_handles_view" ], "summary": "Get handle", "x-bash-codegen-description": "Returns the details of a specific handle.\n\nThis operation requires `handle_view` privilege\nor `oz_handles_view` admin privilege.\n", "description": "Returns the details of a specific handle.\n\nThis operation requires `handle_view` privilege\nor `oz_handles_view` admin privilege.\n\n***Example cURL requests***\n\n**Get handle**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handles/$HANDLE_ID\n\n{\n \"publicHandle\": \"10.5072/w95Zlng\",\n \"handleId\": \"95b663a6467c72ab1256865efef9e387\",\n \"handleServiceId\": \"97c27230017cd54c1220189e357322c4\",\n \"resourceType\": \"Share\",\n \"resourceId\": \"d6ee1aecf03b23f09756d6a49e435455\",\n \"metadata\": \"\n \n \n \n Example Resource\n John Doe\n MIT\n 2000-06-06\n \n \",\n \"timestamp\": \"1997-07-16T19:20\",\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The properties of a specific handle.", "schema": { "$ref": "#/definitions/Handle" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "required": true, "type": "string", "description": "The handle Id." } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getHandle id=45bf25a5cb16e12a9faa6d088a2c7088" } ] }, "patch": { "operationId": "handle_update", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_handle", "id": "?BINDING(id)", "aspect": "instance" }, "x-onedata-permissions": [ "handle_update", "oz_handles_update" ], "summary": "Modify handle", "x-bash-codegen-description": "Allows to update a registered handle, currently it only allows\nto modify the handle metadata property.\n\nThis operation requires `handle_update` privilege\nor `oz_handles_update` admin privilege.\n", "description": "Allows to update a registered handle, currently it only allows\nto modify the handle metadata property.\n\nThis operation requires `handle_update` privilege\nor `oz_handles_update` admin privilege.\n\n***Example cURL requests***\n\n**Modify handle resource**\n```bash\ncurl -u username:password -X PATCH -H \"Content-type: application/json\" \\\n-d '{\"metadata\": \"\n \n \n \n Example Resource\n John Doe\n MIT\n 2000-06-06\n \n \",\n \"timestamp\": \"1997-07-16T19:20\",\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The publicly available details of a specific handle.", "schema": { "$ref": "#/definitions/Handle" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "required": true, "type": "string", "description": "The handle Id." } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getPublicHandleDetails id=45bf25a5cb16e12a9faa6d088a2c7088" } ] } }, "/handles/{id}/users": { "get": { "operationId": "list_handle_users", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_handle", "id": "?BINDING(id)", "aspect": "users" }, "x-onedata-permissions": [ "handle_view", "oz_handles_list_relationships" ], "summary": "List handle users", "x-bash-codegen-description": "Returns all users with access to a handle instance\n\nThis operation requires `handle_view` privilege\nor `oz_handles_list_relationships` admin privilege.\n", "description": "Returns all users with access to a handle instance\n\nThis operation requires `handle_view` privilege\nor `oz_handles_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Get handle users**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handles/$HANDLE_ID/users\n\n{\n \"users\": [\n \"5bcd19ea6b3e308347fd12ccefc96b09\",\n \"cef7eb7463ed17acd3ffd9bc53b796ea\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of identifiers of users with access to specific handle.", "schema": { "$ref": "#/definitions/Users" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle Id.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listHandleUsers id=45bf25a5cb16e12a9faa6d088a2c7088" } ] } }, "/handles/{id}/users/{uid}": { "get": { "operationId": "get_handle_user", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_user", "id": "?BINDING(uid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_HANDLE(?BINDING(id))", "x-onedata-permissions": [ "handle_view", "oz_users_view" ], "summary": "Get handle user", "x-bash-codegen-description": "Allows to add a user to a handle.\n\nThis operation requires `handle_view` privilege\nor `oz_users_view` admin privilege.\n", "description": "Allows to add a user to a handle.\n\nThis operation requires `handle_view` privilege\nor `oz_users_view` admin privilege.\n\n***Example cURL requests***\n\n**Get handle user**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handles/$HANDLE_ID/users/$USER_ID\n\n{\n \"userId\" : \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"fullName\" : \"John Doe\",\n \"username\" : \"jodoe\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "User details returned successfully.", "schema": { "$ref": "#/definitions/User" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle Id.", "required": true, "type": "string" }, { "name": "uid", "in": "path", "description": "The Id of the user to add to handle.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getHandleUser id=45bf25a5cb16e12a9faa6d088a2c7088 uid=5ca9574418d5a2c509265d37356ee549" } ] }, "put": { "operationId": "add_handle_user", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_handle", "id": "?BINDING(id)", "aspect": "{user, ?BINDING(uid)}" }, "x-onedata-permissions": [ "handle_update", "oz_handles_add_relationships", "oz_users_add_relationships" ], "summary": "Add handle user", "x-bash-codegen-description": "Allows to add a user to a handle.\n\nThis operation requires `handle_update` privilege\nor `oz_handles_add_relationships` and `oz_users_add_relationships` admin privilege.\n", "description": "Allows to add a user to a handle.\n\nThis operation requires `handle_update` privilege\nor `oz_handles_add_relationships` and `oz_users_add_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Add handle user**\n```bash\ncurl -u username:password -X PUT \\\nhttps://$HOST/api/v3/handles/$HANDLE_ID/users/$USER_ID\n```\n", "produces": [ "application/json" ], "responses": { "201": { "description": "URI of the added user in form https://$HOST/api/onezone/v3/handles/{id}/users/{uid} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the added user.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle Id.", "required": true, "type": "string" }, { "name": "uid", "in": "path", "description": "The Id of the user to add to handle.", "required": true, "type": "string" }, { "name": "data", "in": "body", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/HandlePrivileges" } } } } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli addHandleUser id=45bf25a5cb16e12a9faa6d088a2c7088 uid=5ca9574418d5a2c509265d37356ee549" } ] }, "delete": { "operationId": "remove_handle_user", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_handle", "id": "?BINDING(id)", "aspect": "{user, ?BINDING(uid)}" }, "x-onedata-permissions": [ "handle_update", "oz_handles_remove_relationships", "oz_users_remove_relationships" ], "summary": "Remove handle user", "x-bash-codegen-description": "Allows to revoke users access to a handle.\n\nThis operation requires `handle_update` privilege\nor `oz_handles_remove_relationships` and `oz_users_remove_relationships` admin privilege.\n", "description": "Allows to revoke users access to a handle.\n\nThis operation requires `handle_update` privilege\nor `oz_handles_remove_relationships` and `oz_users_remove_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Remove handle service user**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/handles/$HANDLE_ID/users/$USER_ID\n```\n", "responses": { "204": { "description": "User was removed." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle Id.", "required": true, "type": "string" }, { "name": "uid", "in": "path", "description": "The Id of the user to remove from handle.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeHandleUser id=45bf25a5cb16e12a9faa6d088a2c7088 uid=5ca9574418d5a2c509265d37356ee549" } ] } }, "/handles/{id}/users/{uid}/privileges": { "get": { "operationId": "list_user_handle_privileges", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_handle", "id": "?BINDING(id)", "aspect": "{user_privileges, ?BINDING(uid)}" }, "x-onedata-permissions": [ "handle_view", "oz_handles_view_privileges" ], "summary": "List user handle privileges", "x-bash-codegen-description": "Returns the list of user's (`{uid}`) privileges in a handle (`{id}`).\n\nThis operation requires `handle_view` privilege\nor `oz_handles_view_privileges` admin privilege.\n", "description": "Returns the list of user's (`{uid}`) privileges in a handle (`{id}`).\n\nThis operation requires `handle_view` privilege\nor `oz_handles_view_privileges` admin privilege.\n\n***Example cURL requests***\n\n**List handle user privileges**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handles/$HANDLE_ID/users/$USER_ID/privileges\n\n{\n \"privileges\": [\n \"handle_delete\",\n \"handle_update\",\n \"handle_view\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of user's privileges in the handle.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/HandleServicePrivileges" } }, "example": { "privileges": [ "handle_delete", "handle_update", "handle_view" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle Id.", "required": true, "type": "string" }, { "name": "uid", "in": "path", "description": "User Id.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listUserHandlePrivileges id=45bf25a5cb16e12a9faa6d088a2c7088 uid=5ca9574418d5a2c509265d37356ee549" } ] }, "patch": { "operationId": "update_handle_user_privileges", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_handle", "id": "?BINDING(id)", "aspect": "{user_privileges, ?BINDING(uid)}" }, "x-onedata-permissions": [ "handle_update", "oz_handles_set_privileges" ], "summary": "Update user handle privileges", "x-bash-codegen-description": "Updates user's (`{uid}`) privileges in a handle (`{id}`).\n\nThis operation requires `handle_update` privilege\nor `oz_handles_set_privileges` admin privilege.\n", "description": "Updates user's (`{uid}`) privileges in a handle (`{id}`).\n\nThis operation requires `handle_update` privilege\nor `oz_handles_set_privileges` admin privilege.\n\nThe `grant` field specifies a list of privileges to be granted. The `revoke`\nfield specifies a list of privileges to be revoked. At least one of those\nfields must be given.\n\n***Example cURL requests***\n\n**Update group's privileges in a handle**\n```bash\ncurl -u username:password -X PATCH -H \"Content-type: application/json\" \\\n-d '{\"grant\": [\"handle_view\"], \"revoke\": [\"handle_delete\"]}' \\\nhttps://$HOST/api/v3/handles/$HANDLE_ID/users/$USER_ID/privileges\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "The privileges have been updated." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle Id.", "required": true, "type": "string" }, { "name": "uid", "in": "path", "description": "User Id.", "required": true, "type": "string" }, { "name": "privileges", "in": "body", "description": "Handle privileges update request.", "required": true, "schema": { "$ref": "#/definitions/HandlePrivilegesUpdate" } } ], "x-code-samples": [ { "lang": "Shell", "source": "echo '{\"grant\": [\"handle_view\"], \"revoke\": [\"handle_delete\"]}' | onezone-rest-cli updateUserHandlePrivileges id=45bf25a5cb16e12a9faa6d088a2c7088 uid=5ca9574418d5a2c509265d37356ee549 -" } ] } }, "/handles/{id}/effective_users": { "get": { "operationId": "list_effective_handle_users", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_handle", "id": "?BINDING(id)", "aspect": "eff_users" }, "x-onedata-permissions": [ "handle_view", "oz_handles_list_relationships" ], "summary": "List effective handle users", "x-bash-codegen-description": "Returns effective list of users with access to a handle instance.\n\nThis operation requires `handle_view` privilege\nor `oz_handles_list_relationships` admin privilege.\n", "description": "Returns effective list of users with access to a handle instance.\n\nThis operation requires `handle_view` privilege\nor `oz_handles_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Get handle users**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handles/$HANDLE_ID/effective_users\n\n{\n \"users\": [\n \"5bcd19ea6b3e308347fd12ccefc96b09\",\n \"cef7eb7463ed17acd3ffd9bc53b796ea\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of identifiers of effective users with access to specific handle.", "schema": { "$ref": "#/definitions/Users" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle Id.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveHandleUsers id=45bf25a5cb16e12a9faa6d088a2c7088" } ] } }, "/handles/{id}/effective_users/{uid}": { "get": { "operationId": "get_effective_handle_user", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_user", "id": "?BINDING(uid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_HANDLE(?BINDING(id))", "x-onedata-permissions": [ "handle_view", "oz_users_view" ], "summary": "Get effective handle user", "x-bash-codegen-description": "Returns effective handle user details.\n\nThis operation requires `handle_view` privilege\nor `oz_users_view` admin privilege.\n", "description": "Returns effective handle user details.\n\nThis operation requires `handle_view` privilege\nor `oz_users_view` admin privilege.\n\n***Example cURL requests***\n\n**Add handle user**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handles/$HANDLE_ID/effective_users/$USER_ID\n\n{\n \"userId\" : \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"fullName\" : \"John Doe\",\n \"username\" : \"jodoe\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "User details returned succesfully.", "schema": { "$ref": "#/definitions/User" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle Id.", "required": true, "type": "string" }, { "name": "uid", "in": "path", "description": "The Id of the user to add to handle.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveHandleUser id=45bf25a5cb16e12a9faa6d088a2c7088 uid=5ca9574418d5a2c509265d37356ee549" } ] } }, "/handles/{id}/effective_users/{uid}/privileges": { "get": { "operationId": "list_effective_user_handle_privileges", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_handle", "id": "?BINDING(id)", "aspect": "{eff_user_privileges, ?BINDING(uid)}" }, "x-onedata-permissions": [ "handle_view", "oz_handles_view_privileges" ], "summary": "List effective user's handle privileges", "x-bash-codegen-description": "Returns the list of effective user's (`{uid}`) privileges in a handle (`{id}`).\n\nEffective privileges are a sum of user's privileges and privileges\ninherited from his group memberships.\n\nThis operation requires `handle_view` privilege\nor `oz_handles_view_privileges` admin privilege.\n", "description": "Returns the list of effective user's (`{uid}`) privileges in a handle (`{id}`).\n\nEffective privileges are a sum of user's privileges and privileges\ninherited from his group memberships.\n\nThis operation requires `handle_view` privilege\nor `oz_handles_view_privileges` admin privilege.\n\n***Example cURL requests***\n\n**List effective user's privileges in a handle**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handles/$HANDLE_ID/effective_users/$USER_ID/privileges\n\n{\n \"privileges\": [\n \"handle_delete\",\n \"handle_update\",\n \"handle_view\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of effective user's privileges in the handle.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/HandleServicePrivileges" } }, "example": { "privileges": [ "handle_delete", "handle_update", "handle_view" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle Id.", "required": true, "type": "string" }, { "name": "uid", "in": "path", "description": "User Id.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveUserHandlePrivileges id=45bf25a5cb16e12a9faa6d088a2c7088 uid=5ca9574418d5a2c509265d37356ee549" } ] } }, "/handles/{id}/groups": { "get": { "operationId": "list_handle_groups", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_handle", "id": "?BINDING(id)", "aspect": "groups" }, "x-onedata-permissions": [ "handle_view", "oz_handles_list_relationships" ], "summary": "List handle groups", "x-bash-codegen-description": "Returns all groups with access to a handle instance\n\nThis operation requires `handle_view` privilege\nor `oz_handles_list_relationships` admin privilege.\n", "description": "Returns all groups with access to a handle instance\n\nThis operation requires `handle_view` privilege\nor `oz_handles_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Get handle groups**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handles/$HANDLE_ID/groups\n\n{\n \"groups\": [\n \"16969b9d4d1f1457b7c1d061022f6b96\",\n \"a6c6e47cc477aa4d3f8c61ce71df9850\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of identifiers of groups with access to specific handle.", "schema": { "$ref": "#/definitions/Groups" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle Id.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listHandleGroups id=45bf25a5cb16e12a9faa6d088a2c7088" } ] } }, "/handles/{id}/groups/{gid}": { "get": { "operationId": "get_handle_group", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(gid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_HANDLE(?BINDING(id))", "x-onedata-permissions": [ "handle_view", "oz_groups_view" ], "summary": "Get handle group", "x-bash-codegen-description": "Returns the details of a group with access to handle.\n\nThis operation requires `handle_view` privilege\nor `oz_groups_view` admin privilege.\n", "description": "Returns the details of a group with access to handle.\n\nThis operation requires `handle_view` privilege\nor `oz_groups_view` admin privilege.\n\n***Example cURL requests***\n\n**Add handle group**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handles/$HANDLE_ID/groups/$GROUP_ID\n\n{\n \"groupId\":\"HwUpk8jrwxKOe45uzLFX2GVa8lKEasj4q253sptVqF8\",\n \"name\":\"Group name\",\n \"type\":\"team\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Group details returned successfully.", "schema": { "$ref": "#/definitions/Group" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle Id.", "required": true, "type": "string" }, { "name": "gid", "in": "path", "description": "The Id of the group to add to handle.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getHandleGroup id=45bf25a5cb16e12a9faa6d088a2c7088 gid=c44d4ab910245342be5a0a89fdff095e" } ] }, "put": { "operationId": "add_handle_group", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_handle", "id": "?BINDING(id)", "aspect": "{group, ?BINDING(gid)}" }, "x-onedata-permissions": [ "handle_update", "oz_handles_add_relationships", "oz_groups_add_relationships" ], "summary": "Add handle group", "x-bash-codegen-description": "Allows to add a group to a handle.\n\nThis operation requires `handle_update` privilege\nor `oz_handles_add_relationships` and `oz_groups_add_relationships` admin privilege.\n", "description": "Allows to add a group to a handle.\n\nThis operation requires `handle_update` privilege\nor `oz_handles_add_relationships` and `oz_groups_add_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Add handle group**\n```bash\ncurl -u username:password -X PUT \\\nhttps://$HOST/api/v3/handles/$HANDLE_ID/groups/$GROUP_ID\n```\n", "produces": [ "application/json" ], "responses": { "201": { "description": "URI of the added group in form https://$HOST/api/onezone/v3/handles/{id}/groups/{gid} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the added group.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle Id.", "required": true, "type": "string" }, { "name": "gid", "in": "path", "description": "The Id of the group to add to handle.", "required": true, "type": "string" }, { "name": "data", "in": "body", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/HandlePrivileges" } } } } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli addHandleGroup id=45bf25a5cb16e12a9faa6d088a2c7088 gid=c44d4ab910245342be5a0a89fdff095e" } ] }, "delete": { "operationId": "remove_handle_group", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_handle", "id": "?BINDING(id)", "aspect": "{group, ?BINDING(gid)}" }, "x-onedata-permissions": [ "handle_update", "oz_handles_remove_relationships", "oz_groups_remove_relationships" ], "summary": "Remove handle group", "x-bash-codegen-description": "Allows to remove a group from access to a handle.\n\nThis operation requires `handle_update` privilege\nor `oz_handles_remove_relationships` and `oz_groups_remove_relationships` admin privilege.\n", "description": "Allows to remove a group from access to a handle.\n\nThis operation requires `handle_update` privilege\nor `oz_handles_remove_relationships` and `oz_groups_remove_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Remove handle service group**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/handles/$HANDLE_ID/groups/$GROUP_ID\n```\n", "responses": { "204": { "description": "Group was removed." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle Id.", "required": true, "type": "string" }, { "name": "gid", "in": "path", "description": "The Id of the group to remove from handle.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeHandleGroup id=45bf25a5cb16e12a9faa6d088a2c7088 gid=c44d4ab910245342be5a0a89fdff095e" } ] } }, "/handles/{id}/groups/{gid}/privileges": { "get": { "operationId": "list_group_handle_privileges", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_handle", "id": "?BINDING(id)", "aspect": "{group_privileges, ?BINDING(gid)}" }, "x-onedata-permissions": [ "handle_view", "oz_handles_view_privileges" ], "summary": "List group's handle privileges", "x-bash-codegen-description": "Returns the list of group's (`{gid}`) privileges in a handle (`{id}`).\n\nThis operation requires `handle_view` privilege\nor `oz_handles_view_privileges` admin privilege.\n", "description": "Returns the list of group's (`{gid}`) privileges in a handle (`{id}`).\n\nThis operation requires `handle_view` privilege\nor `oz_handles_view_privileges` admin privilege.\n\n***Example cURL requests***\n\n**List group's privileges in a handle**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handles/$HANDLE_ID/groups/$GROUP_ID/privileges\n\n{\n \"privileges\": [\n \"handle_delete\",\n \"handle_update\",\n \"handle_view\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of group's privileges in the handle.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/HandleServicePrivileges" } }, "example": { "privileges": [ "handle_delete", "handle_update", "handle_view" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle Id.", "required": true, "type": "string" }, { "name": "gid", "in": "path", "description": "Group Id.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listGroupHandlePrivileges id=45bf25a5cb16e12a9faa6d088a2c7088 gid=c44d4ab910245342be5a0a89fdff095e" } ] }, "patch": { "operationId": "update_group_handle_privileges", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_handle", "id": "?BINDING(id)", "aspect": "{group_privileges, ?BINDING(gid)}" }, "x-onedata-permissions": [ "handle_update", "oz_handles_set_privileges" ], "summary": "Update handle groups privileges", "x-bash-codegen-description": "Updates group's (`{gid}`) privileges in a handle (`{id}`).\n\nThis operation requires `handle_update` privilege\nor `oz_handles_set_privileges` admin privilege.\n", "description": "Updates group's (`{gid}`) privileges in a handle (`{id}`).\n\nThis operation requires `handle_update` privilege\nor `oz_handles_set_privileges` admin privilege.\n\nThe `grant` field specifies a list of privileges to be granted. The `revoke`\nfield specifies a list of privileges to be revoked. At least one of those\nfields must be given.\n\n***Example cURL requests***\n\n**Update group's privileges in a handle**\n```bash\ncurl -u username:password -X PATCH -H \"Content-type: application/json\" \\\n-d '{\"grant\": [\"handle_view\"], \"revoke\": [\"handle_delete\"]}' \\\nhttps://$HOST/api/v3/handles/$HANDLE_ID/groups/$GROUP_ID/privileges\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "The privileges have been updated." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle Id.", "required": true, "type": "string" }, { "name": "gid", "in": "path", "description": "Group Id.", "required": true, "type": "string" }, { "name": "privileges", "in": "body", "description": "Handle privileges update request.", "schema": { "$ref": "#/definitions/HandlePrivilegesUpdate" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "echo '{\"grant\": [\"handle_view\"], \"revoke\": [\"handle_delete\"]}' | onezone-rest-cli updateGroupHandlePrivileges id=45bf25a5cb16e12a9faa6d088a2c7088 gid=c44d4ab910245342be5a0a89fdff095e -" } ] } }, "/handles/{id}/effective_groups": { "get": { "operationId": "list_effective_handle_groups", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_handle", "id": "?BINDING(id)", "aspect": "eff_groups" }, "x-onedata-permissions": [ "handle_view", "oz_handles_list_relationships" ], "summary": "Get effective handle groups", "x-bash-codegen-description": "Returns effective groups with access to a handle instance.\n\nThis operation requires `handle_view` privilege\nor `oz_handles_list_relationships` admin privilege.\n", "description": "Returns effective groups with access to a handle instance.\n\nThis operation requires `handle_view` privilege\nor `oz_handles_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Get handle groups**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handles/$HANDLE_ID/effective_groups\n\n{\n \"groups\": [\n \"16969b9d4d1f1457b7c1d061022f6b96\",\n \"a6c6e47cc477aa4d3f8c61ce71df9850\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of identifiers of effective groups with access to specific handle.", "schema": { "$ref": "#/definitions/Groups" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle Id.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveHandleGroups id=45bf25a5cb16e12a9faa6d088a2c7088" } ] } }, "/handles/{id}/effective_groups/{gid}": { "get": { "operationId": "get_effective_handle_group", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(gid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_HANDLE(?BINDING(id))", "x-onedata-permissions": [ "handle_view", "oz_groups_view" ], "summary": "Get effective handle group", "x-bash-codegen-description": "Returns the details of an effective group with access to handle.\n\nThis operation requires `handle_view` privilege\nor `oz_groups_view` admin privilege.\n", "description": "Returns the details of an effective group with access to handle.\n\nThis operation requires `handle_view` privilege\nor `oz_groups_view` admin privilege.\n\n***Example cURL requests***\n\n**Get effective handle group**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handles/$HANDLE_ID/effective_groups/$GROUP_ID\n\n{\n \"groupId\":\"HwUpk8jrwxKOe45uzLFX2GVa8lKEasj4q253sptVqF8\",\n \"name\":\"Group name\",\n \"type\":\"team\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Group details returned successfully.", "schema": { "$ref": "#/definitions/Group" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle Id.", "required": true, "type": "string" }, { "name": "gid", "in": "path", "description": "The Id of the group to add to handle.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveHandleGroup id=45bf25a5cb16e12a9faa6d088a2c7088 gid=c44d4ab910245342be5a0a89fdff095e" } ] } }, "/handles/{id}/effective_groups/{gid}/privileges": { "get": { "operationId": "list_effective_group_handle_privileges", "tags": [ "Handle" ], "x-onedata-gri": { "type": "od_handle", "id": "?BINDING(id)", "aspect": "{eff_group_privileges, ?BINDING(gid)}" }, "x-onedata-permissions": [ "handle_view", "oz_handles_view_privileges" ], "summary": "List effective group's handle privileges", "x-bash-codegen-description": "Returns the list of effective group's (`{gid}`) privileges in a handle (`{id}`).\n\nEffective privileges are a sum of group's privileges and privileges\ninherited from its parent group memberships.\n\nThis operation requires `handle_view` privilege\nor `oz_handles_view_privileges` admin privilege.\n", "description": "Returns the list of effective group's (`{gid}`) privileges in a handle (`{id}`).\n\nEffective privileges are a sum of group's privileges and privileges\ninherited from its parent group memberships.\n\nThis operation requires `handle_view` privilege\nor `oz_handles_view_privileges` admin privilege.\n\n***Example cURL requests***\n\n**List effective group's privileges in a handle**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/handles/$HANDLE_ID/effective_groups/$GROUP_ID/privileges\n\n{\n \"privileges\": [\n \"handle_delete\",\n \"handle_update\",\n \"handle_view\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of effective group's privileges in the handle.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/HandleServicePrivileges" } }, "example": { "privileges": [ "handle_delete", "handle_update", "handle_view" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Handle Id.", "required": true, "type": "string" }, { "name": "gid", "in": "path", "description": "Group Id.", "required": true, "type": "string" } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveGroupHandlePrivileges id=45bf25a5cb16e12a9faa6d088a2c7088 gid=c44d4ab910245342be5a0a89fdff095e" } ] } }, "/harvesters": { "get": { "operationId": "oz_harvesters_list", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "aspect": "list" }, "x-onedata-permissions": [ "oz_harvesters_list" ], "summary": "List all harvesters", "x-bash-codegen-description": "Returns the list of all harvesters managed by the Onezone service.\n\nThis operation requires `oz_harvesters_list` admin privilege.\n", "description": "Returns the list of all harvesters managed by the Onezone service.\n\nThis operation requires `oz_harvesters_list` admin privilege.\n\n***Example cURL requests***\n\n**List all harvesters**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/harvesters\n\n{\n \"harvesters\": [\n \"S0Y9FSe9TFJFFzzLtBEs8\",\n \"IkHBv8CoAFmbFU4fj26\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "List of harvesters Ids.", "schema": { "$ref": "#/definitions/Harvesters" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listHarvesters" } ] }, "post": { "operationId": "create_harvester", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "aspect": "instance" }, "x-onedata-permissions": [ "oz_harvesters_create" ], "summary": "Create new harvester", "x-bash-codegen-description": "Creates new harvester.\n\nThis operation requires `oz_harvesters_create` admin privilege.\n", "description": "Creates new harvester.\n\nThis operation requires `oz_harvesters_create` admin privilege.\n\nSee also: \n[Create a new harvester for the current user](#operation/create_user_harvester) \n[Create a new harvester for given group](#operation/create_harvester_for_group) \n\n***Example cURL requests***\n\n**Create new harvester**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" \\\n-X POST -d '{ \"name\" : \"new_harvester\", \"harvestingBackendEndpoint\" : \"example.elastic.com:9200\", \"harvestingBackendType\" : \"elasticsearch_harvesting_backend\" \\\n\"guiPluginConfig\" : { \"typeMapping\": [ { \"id\": 0, \"name\": \"Type 1\" }, { \"id\": 1, \"name\": \"Type 1\" } ],\n \"externalHelpLink\": \"http://example.com/some_help_page\",\n \"refreshDataTimeout\": 1000 }\n }' \\\nhttps://$HOST/api/v3/onezone/harvesters\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the created harvester in the form https://$HOST/api/onezone/v3/harvesters/{id} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created harvester.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "data", "in": "body", "description": "Harvester properties.", "schema": { "$ref": "#/definitions/HarvesterCreateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createHarvester name==\"Harvester 1\" harvestingBackendEndpoint== \"example.elastic.com:9200\" harvestingBackendType==\"elasticsearch_harvesting_backend\" guiPluginConfig=={ \"typeMapping\": [ { \"id\": 0, \"name\": \"Type 1\" }, { \"id\": 1, \"name\": \"Type 1\" } ], \"externalHelpLink\": \"http://example.com/some_help_page\", \"refreshDataTimeout\": 1000 } " } ] } }, "/harvesters/privileges": { "get": { "operationId": "list_harvester_privileges", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "aspect": "privileges" }, "x-onedata-permissions": [], "summary": "List all harvester privileges", "x-bash-codegen-description": "Returns list of all possible harvester privileges.\n\nThis endpoint does not require authentication.\n", "description": "Returns list of all possible harvester privileges.\n\nThis endpoint does not require authentication.\n\n***Example cURL requests***\n\n**Get list of all harvester privileges**\n```bash\ncurl https://$HOST/api/v3/onezone/harvesters/privileges\n\n{\n \"admin\": [\n \"harvester_view\",\n \"harvester_update\",\n \"harvester_delete\",\n \"harvester_view_privileges\",\n \"harvester_set_privileges\",\n \"harvester_add_user\",\n \"harvester_remove_user\",\n \"harvester_add_group\",\n \"harvester_remove_group\",\n \"harvester_add_space\",\n \"harvester_remove_space\"\n ],\n \"manager\": [\n \"harvester_view\",\n \"harvester_add_user\",\n \"harvester_remove_user\",\n \"harvester_add_group\",\n \"harvester_remove_group\",\n \"harvester_add_space\",\n \"harvester_remove_space\"\n ],\n \"member\": [\n \"harvester_view\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "List of all harvester privileges", "schema": { "type": "object", "properties": { "admin": { "$ref": "#/definitions/HarvesterPrivileges" }, "manager": { "$ref": "#/definitions/HarvesterManagerPrivileges" }, "member": { "$ref": "#/definitions/HarvesterMemberPrivileges" } } } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listHarvesterPrivileges" } ] } }, "/harvesters/{id}": { "get": { "operationId": "get_harvester", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "instance", "scope": "protected" }, "x-onedata-permissions": [ "oz_harvesters_view" ], "summary": "Get harvester details", "x-bash-codegen-description": "Returns the details about a specific harvester.\n\nIf called by user who is not member of the harvester, requires `oz_harvesters_view`\nadmin privilege.\n", "description": "Returns the details about a specific harvester.\n\nIf called by user who is not member of the harvester, requires `oz_harvesters_view`\nadmin privilege.\n\n***Example cURL requests***\n\n**Get harvester details**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID\n\n{\n \"harvesterId\": \"2c0160248ba9a66f45da751ca459535a\",\n \"name\": \"new_harvester1\",\n \"public\" : true,\n \"harvestingBackendType\" : \"elasticsearch_harvesting_backend\",\n \"harvestingBackendEndpoint\" : \"example.elastic.com:9200\",\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Information about a harvester.", "schema": { "$ref": "#/definitions/Harvester" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getHarvester id=b752ceafabb662b4e5728b2ded25cdd1" } ] }, "patch": { "operationId": "modify_harvester", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "instance" }, "x-onedata-permissions": [ "harvester_update", "oz_harvesters_update" ], "summary": "Modify harvester details", "x-bash-codegen-description": "Updates the details about a harvester.\n\nThis operation requires `harvester_update` privilege\nor `oz_harvesters_update` admin privilege.\n", "description": "Updates the details about a harvester.\n\nThis operation requires `harvester_update` privilege\nor `oz_harvesters_update` admin privilege.\n\n***Example cURL requests***\n\n**Change harvester name**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" \\\n-X PATCH -d '{\"name\": \"new_harvester12\"}' \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "Harvester has been updated successfully." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Harvester parameters", "schema": { "$ref": "#/definitions/HarvesterUpdateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli modifyHarvester id=b752ceafabb662b4e5728b2ded25cdd1 name==\"New Harvester Name\"" } ] }, "delete": { "operationId": "remove_harvester", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "instance" }, "x-onedata-permissions": [ "harvester_delete", "oz_harvesters_delete" ], "summary": "Remove harvester", "x-bash-codegen-description": "Removes a specific harvester. **It will be no longer possible to access harvested data through onezone service**.\n\nThis operation requires `harvester_delete` privilege\nor `oz_harvesters_delete` admin privilege.\n", "description": "Removes a specific harvester. **It will be no longer possible to access harvested data through onezone service**.\\\nIf you wish to remove harvested metadata see: \n[Remove harvested data](#operation/remove_harvested_data)\n\nThis operation requires `harvester_delete` privilege\nor `oz_harvesters_delete` admin privilege.\n\n***Example cURL requests***\n\n**Remove harvester**\n```bash\ncurl -u admin:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID\n```\n", "responses": { "204": { "description": "The harvester was removed." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeHarvester id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/harvesters/{id}/metadata": { "delete": { "operationId": "remove_harvested_metadata", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "metadata" }, "x-onedata-permissions": [ "harvester_delete", "oz_harvesters_delete" ], "summary": "Remove harvested metadata", "x-bash-codegen-description": "Schedules removal of harvested metadata in all indices in given harvester.\n\nThis operation requires `harvester_delete` privilege\nor `oz_harvesters_delete` admin privilege.\n", "description": "Schedules removal of harvested metadata in all indices in given harvester.\\\nSee also: [Remove harvester](#operation/remove_harvester)\n\nThis operation requires `harvester_delete` privilege\nor `oz_harvesters_delete` admin privilege.\n\n***Example cURL requests***\n\n**Remove harvested metadata**\n```bash\ncurl -u admin:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID\n```\n", "responses": { "204": { "description": "All harvested metadata have been scheduled to be removed." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeHarvestedMetadata id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/harvesters/{id}/users": { "get": { "operationId": "list_harvester_users", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "users" }, "x-onedata-permissions": [ "harvester_view", "oz_harvesters_list_relationships" ], "summary": "List harvester users", "x-bash-codegen-description": "Returns the list of users belonging to a specific harvester.\n\nThis operation requires `harvester_view` privilege.\nFor administrators who do not have to be members of this harvester,\n`oz_harvesters_list_relationships` privilege is required.\n", "description": "Returns the list of users belonging to a specific harvester.\n\nThis operation requires `harvester_view` privilege.\nFor administrators who do not have to be members of this harvester,\n`oz_harvesters_list_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Get harvester users**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/users\n\n{\n \"users\": [\n \"a5b469a2b0516b662a49da74d6d7d7bc\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of all user Ids that belong to a specific harvester", "schema": { "$ref": "#/definitions/Users" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listHarvesterUsers id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/harvesters/{id}/users/token": { "post": { "deprecated": true, "operationId": "create_harvester_user_invite_token", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "invite_user_token" }, "x-onedata-permissions": [ "harvester_invite_user", "oz_harvesters_add_relationships" ], "summary": "Create harvester user invite token", "x-bash-codegen-description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user)\n\nCreates a token allowing new user to join a harvester.\n\nThis operation requires `harvester_invite_user` privilege.\nFor administrators who do not have to be members of this harvester,\n`oz_harvesters_add_relationships` privilege is required.\n", "description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user)\n\nCreates a token allowing new user to join a harvester.\n\nThis operation requires `harvester_invite_user` privilege.\nFor administrators who do not have to be members of this harvester,\n`oz_harvesters_add_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Create harvester user invite token**\n```bash\ncurl -u username:password -X POST \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/users/token\n\n{\n \"token\": \"MDAxNmxvY2F00aW9uIHJlZ2lzdHJ5CjAwM2JpZGVudGlmaWVyIG00zcEJ2UDVuOHhkQUNhdk9hbTlyNnIwNldPSzVhc\"\n}\n```\n", "produces": [ "application/json" ], "consumes": [ "application/json" ], "responses": { "200": { "description": "The token for joining a specific harvester.", "schema": { "$ref": "#/definitions/HarvesterInviteToken" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createHarvesterUserInviteToken id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/harvesters/{id}/users/{uid}": { "get": { "operationId": "get_harvester_user", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_user", "id": "?BINDING(uid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_HARVESTER(?BINDING(id))", "x-onedata-permissions": [ "harvester_view", "oz_users_view" ], "summary": "Get harvester user details", "x-bash-codegen-description": "Returns basic information about a specific user in a harvester.\n\nThis operation requires `harvester_view` privilege.\nFor administrators who do not have to be members of this harvester,\n`oz_users_view` privilege is required.\n", "description": "Returns basic information about a specific user in a harvester.\n\nThis operation requires `harvester_view` privilege.\nFor administrators who do not have to be members of this harvester,\n`oz_users_view` privilege is required.\n\n***Example cURL requests***\n\n**Get harvester user data**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/users/$USER_ID\n\n{\n \"userId\" : \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"fullName\" : \"John Doe\",\n \"username\" : \"jodoe\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Information about a harvester user.", "schema": { "$ref": "#/definitions/User" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getHarvesterUser id=b752ceafabb662b4e5728b2ded25cdd1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] }, "put": { "operationId": "add_harvester_user", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "{user, ?BINDING(uid)}" }, "x-onedata-permissions": [ "harvester_invite_user", "harvester_set_privileges", "oz_harvesters_add_relationships", "oz_users_add_relationships", "oz_harvesters_set_privileges" ], "summary": "Add user to harvester", "x-bash-codegen-description": "Adds user {uid} as member of harvester {id}. Optional privileges\ncan be passed in the request body, otherwise default\nprivileges will be set for the user in this harvester.\n\nThis operation can only be invoked by the user {uid} to add himself to the\nharvester (if he is not a member already) and requires `harvester_invite_user`\nprivilege in the harvester. If `privileges` are specified in the request,\n`harvester_set_privileges` privilege is also required.\n\nAdministrators having the `oz_harvesters_add_relationships` and\n`oz_users_add_relationships` admin privileges can add any user to any harvester,\nthough `oz_harvesters_set_privileges` privilege is required if `privileges` are\nspecified in the request.\n", "description": "Adds user {uid} as member of harvester {id}. Optional privileges\ncan be passed in the request body, otherwise default\nprivileges will be set for the user in this harvester.\n\nThis operation can only be invoked by the user {uid} to add himself to the\nharvester (if he is not a member already) and requires `harvester_invite_user`\nprivilege in the harvester. If `privileges` are specified in the request,\n`harvester_set_privileges` privilege is also required.\n\nAdministrators having the `oz_harvesters_add_relationships` and\n`oz_users_add_relationships` admin privileges can add any user to any harvester,\nthough `oz_harvesters_set_privileges` privilege is required if `privileges` are\nspecified in the request.\n\n***Example cURL requests***\n\n**Add user to harvester**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" -X PUT \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/users/$USER_ID\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "The user was added to the harvester." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true }, { "name": "privileges", "in": "body", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/HarvesterPrivileges" } } }, "required": false } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli addHarvesterUser id=b752ceafabb662b4e5728b2ded25cdd1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] }, "delete": { "operationId": "remove_harvester_user", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "{user, ?BINDING(uid)}" }, "x-onedata-permissions": [ "harvester_remove_user", "oz_harvesters_remove_relationships", "oz_users_remove_relationships" ], "summary": "Remove user from harvester", "x-bash-codegen-description": "Removes user from specific harvester.\n\nThis operation requires `harvester_remove_user` or\nrequires `oz_harvesters_add_relationships` and `oz_users_add_relationships` admin privilege.\n", "description": "Removes user from specific harvester.\n\nThis operation requires `harvester_remove_user` or\nrequires `oz_harvesters_add_relationships` and `oz_users_add_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Get harvester user data**\n```bash\ncurl -u admin:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/users/$USER_ID\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "User was removed from harvester." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeHarvesterUser id=b752ceafabb662b4e5728b2ded25cdd1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] } }, "/harvesters/{id}/users/{uid}/privileges": { "get": { "operationId": "list_user_harvester_privileges", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "{user_privileges, ?BINDING(uid)}" }, "x-onedata-permissions": [ "harvester_view_privileges", "oz_harvesters_view_privileges" ], "summary": "List user's harvester privileges", "x-bash-codegen-description": "Returns the list of user's (`{uid}`) privileges in a harvester (`{id}`).\n\nThis operation requires `harvester_view_privileges` privilege.\nFor administrators who do not have to be members of this harvester,\n`oz_harvesters_view_privileges` privilege is required.\n", "description": "Returns the list of user's (`{uid}`) privileges in a harvester (`{id}`).\n\nThis operation requires `harvester_view_privileges` privilege.\nFor administrators who do not have to be members of this harvester,\n`oz_harvesters_view_privileges` privilege is required.\n\n***Example cURL requests***\n\n**List user's privileges in a harvester**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/users/$USER_ID/privileges\n\n{\n \"privileges\": [\n \"harvester_view\",\n \"harvester_update\",\n \"harvester_delete\",\n \"harvester_view_privileges\",\n \"harvester_set_privileges\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of user's privileges in the harvester.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/HarvesterPrivileges" } }, "example": { "privileges": [ "harvester_view", "harvester_update", "harvester_delete", "harvester_view_privileges", "harvester_set_privileges" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listUserHarvesterPrivileges id=b752ceafabb662b4e5728b2ded25cdd1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] }, "patch": { "operationId": "update_user_harvester_privileges", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "{user_privileges, ?BINDING(uid)}" }, "x-onedata-permissions": [ "harvester_set_privileges", "oz_set_privileges" ], "summary": "Update user's harvester privileges", "x-bash-codegen-description": "Updates user's (`{uid}`) privileges in a harvester (`{id}`).\n\nThis operation requires `harvester_set_privileges` privilege.\nFor administrators who do not have to be members of this harvester,\n`oz_harvesters_set_privileges` privilege is required.\n", "description": "Updates user's (`{uid}`) privileges in a harvester (`{id}`).\n\nThis operation requires `harvester_set_privileges` privilege.\nFor administrators who do not have to be members of this harvester,\n`oz_harvesters_set_privileges` privilege is required.\n\nThe `grant` field specifies a list of privileges to be granted. The `revoke`\nfield specifies a list of privileges to be revoked. At least one of those\nfields must be given.\n\n***Example cURL requests***\n\n**Update user's privileges in a harvester**\n```bash\ncurl -u admin:password -X PATCH -H \"Content-type: application/json\" \\\n-d '{\"grant\": [\"harvester_view\", \"harvester_update\"], \"revoke\": [\"harvester_delete\"]}' \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/users/$USER_ID/privileges\n```\n", "responses": { "204": { "description": "The privileges have been updated." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Harvester privileges update request.", "schema": { "$ref": "#/definitions/HarvesterPrivilegesUpdate" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "echo '{\"grant\": [\"harvester_view\", \"harvester_update\"], \"revoke\": [\"harvester_delete\"]}' | onezone-rest-cli updateUserHarvesterPrivileges id=b752ceafabb662b4e5728b2ded25cdd1 uid=a5b469a2b0516b662a49da74d6d7d7bc -" } ] } }, "/harvesters/{id}/effective_users": { "get": { "operationId": "list_effective_harvester_users", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "eff_users" }, "summary": "List effective harvester users", "x-onedata-permissions": [ "harvester_view", "oz_harvesters_list_relationships" ], "x-bash-codegen-description": "Returns the effective list of users belonging to a specific harvester.\n\nThis operation requires `harvester_view` privilege\nor `oz_harvesters_list_relationships` admin privilege.\n", "description": "Returns the effective list of users belonging to a specific harvester.\n\nThis operation requires `harvester_view` privilege\nor `oz_harvesters_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Get harvester effective users**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/effective_users\n\n{\n \"users\": [\n \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"8e1cea0b379e3683257c32f896d55115\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of effective user Ids that belong to a specific harvester.", "schema": { "$ref": "#/definitions/Users" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveHarvesterUsers id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/harvesters/{id}/effective_users/{uid}": { "get": { "operationId": "get_effective_harvester_user", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_user", "id": "?BINDING(uid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_HARVESTER(?BINDING(id))", "x-onedata-permissions": [ "harvester_view", "oz_users_view" ], "summary": "Get effective harvester user details", "x-bash-codegen-description": "Returns details about a specific effective user in a harvester.\n\nThis operation requires `harvester_view` privilege\nor `oz_users_view` admin privilege.\n", "description": "Returns details about a specific effective user in a harvester.\n\nThis operation requires `harvester_view` privilege\nor `oz_users_view` admin privilege.\n\n***Example cURL requests***\n\n**Get effective harvester user details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/effective_users/$USER_ID\n\n{\n \"userId\": \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"username\" : \"jodoe\",\n \"fullName\" : \"John Doe\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Details of a specific user in a harvester.", "schema": { "$ref": "#/definitions/User" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveHarvesterUser id=b752ceafabb662b4e5728b2ded25cdd1 uid=f1c8b1a37aa7447b22eb65a742d40524" } ] } }, "/harvesters/{id}/effective_users/{uid}/privileges": { "get": { "operationId": "list_effective_user_harvester_privileges", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "{eff_user_privileges, ?BINDING(uid)}" }, "x-onedata-permissions": [ "harvester_view_privileges", "oz_harvesters_view_privileges" ], "summary": "List effective user's harvester privileges", "x-bash-codegen-description": "Returns the list of effective user's (`{uid}`) privileges in a harvester (`{id}`).\n\nEffective privileges are a sum of user's privileges and privileges\ninherited from his group memberships.\n\nThis operation requires `harvester_view_privileges` privilege\nor `oz_harvesters_view_privileges` admin privilege.\n", "description": "Returns the list of effective user's (`{uid}`) privileges in a harvester (`{id}`).\n\nEffective privileges are a sum of user's privileges and privileges\ninherited from his group memberships.\n\nThis operation requires `harvester_view_privileges` privilege\nor `oz_harvesters_view_privileges` admin privilege.\n\n***Example cURL requests***\n\n**List effective user's privileges in a harvester**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/effective_users/$USER_ID/privileges\n\n{\n \"privileges\": [\n \"harvester_view\",\n \"harvester_update\",\n \"harvester_delete\",\n \"harvester_view_privileges\",\n \"harvester_set_privileges\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of effective user's privileges in the harvester.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/HarvesterPrivileges" } }, "example": { "privileges": [ "harvester_view", "harvester_update", "harvester_delete", "harvester_view_privileges", "harvester_set_privileges" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveUserHarvesterPrivileges id=b752ceafabb662b4e5728b2ded25cdd1 uid=c44d4ab910245342be5a0a89fdff095e" } ] } }, "/harvesters/{id}/effective_users/{uid}/membership": { "get": { "operationId": "get_effective_user_harvester_membership_intermediaries", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "{eff_user_membership, ?BINDING(uid)}" }, "x-onedata-permissions": [ "harvester_view", "oz_harvesters_view" ], "summary": "Get effective user's harvester membership intermediaries", "x-bash-codegen-description": "Returns the effective user's (`{uid}`) harvester membership intermediaries -\nentities from which the user inherits access to the harvester (`{id}`).\nSpecial keyword `\"self\"` in entity id indicates that the user (`{uid}`)\nhas a direct access to the harvester (`{id}`).\n\nThis operation requires any of the following authorization:\n* as user (`{uid}`) who is an effective member of the harvester (`{id}`)\n* as user who has `harvester_view` privilege in the harvester (`{id}`)\n* as user who has `oz_harvesters_view` admin privilege.\n", "description": "Returns the effective user's (`{uid}`) harvester membership intermediaries -\nentities from which the user inherits access to the harvester (`{id}`).\nSpecial keyword `\"self\"` in entity id indicates that the user (`{uid}`)\nhas a direct access to the harvester (`{id}`).\n\nThis operation requires any of the following authorization:\n* as user (`{uid}`) who is an effective member of the harvester (`{id}`)\n* as user who has `harvester_view` privilege in the harvester (`{id}`)\n* as user who has `oz_harvesters_view` admin privilege.\n\n***Example cURL requests***\n\n**Get effective user's harvester membership intermediaries**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/effective_users/$USER_ID/membership\n\n{\n \"intermediaries\": [\n {\"type\": \"group\", \"id\": \"95527367966a95639e93a88718450b36\"},\n {\"type\": \"group\", \"id\": \"2ef3de15fd49b3d6420f58428a6ad219\"},\n {\"type\": \"harvester\", \"id\": \"self\"}\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of membership intermediaries.", "schema": { "$ref": "#/definitions/MembershipIntermediaries" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveUserHarvesterMembershipIntermediaries id=b752ceafabb662b4e5728b2ded25cdd1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] } }, "/harvesters/{id}/groups": { "get": { "operationId": "list_harvester_groups", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "groups" }, "summary": "List harvester groups", "x-onedata-permissions": [ "harvester_view", "oz_harvesters_list_relationships" ], "x-bash-codegen-description": "Returns the list of groups belonging to a specific harvester.\n\nThis operation requires `harvester_view` privilege in the harvester.\n\nFor administrator who does not belong to the harvester,\n`oz_harvesters_list_relationships` privilege is required.\n", "description": "Returns the list of groups belonging to a specific harvester.\n\nThis operation requires `harvester_view` privilege in the harvester.\n\nFor administrator who does not belong to the harvester,\n`oz_harvesters_list_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Get harvester groups**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/groups\n\n{\n \"groups\": [\n \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"8e1cea0b379e3683257c32f896d55115\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of all group Ids that belong to a specific harvester", "schema": { "$ref": "#/definitions/Groups" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listHarvesterGroups id=b752ceafabb662b4e5728b2ded25cdd1" } ] }, "post": { "operationId": "create_harvester_group", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "group" }, "x-onedata-auth-hint": "?AS_USER(?CLIENT_ID)", "x-onedata-permissions": [ "harvester_add_group", "oz_groups_create", "oz_harvesters_add_relationships" ], "summary": "Create group in harvester", "x-bash-codegen-description": "Creates a new group belonging to the harvester of {id}.\n\nThis operation requires `harvester_add_group` privilege.\nFor administrator who does not belong to this group\n`oz_harvesters_add_relationships` and `oz_groups_create`\nprivileges are required.\n", "description": "Creates a new group belonging to the harvester of {id}.\n\nThis operation requires `harvester_add_group` privilege.\nFor administrator who does not belong to this group\n`oz_harvesters_add_relationships` and `oz_groups_create`\nprivileges are required.\n\n***Example cURL requests***\n\n**Create group in harvester**\n```bash\ncurl -u username:password -X POST \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/groups\n```\n", "produces": [ "application/json" ], "responses": { "201": { "description": "URI of the added group in form https://$HOST/api/onezone/v3/harvesters/{id}/groups/{gid} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created group.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Group properties.", "schema": { "$ref": "#/definitions/GroupCreateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createHarvesterGroup id=538ef9643ae6b9e40817e51eece7e341 name==Group2 type==team" } ] } }, "/harvesters/{id}/groups/token": { "post": { "deprecated": true, "operationId": "create_harvester_group_token", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "invite_group_token" }, "x-onedata-permissions": [ "harvester_add_group", "oz_harvesters_add_relationships" ], "summary": "Create harvester invite token for group", "x-bash-codegen-description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user)\n\nCreates a token allowing to add a group to a specific harvester.\n\nThis operation requires `harvester_add_group` privilege.\nor `oz_harvesters_add_relationships` admin privilege.\n", "description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user)\n\nCreates a token allowing to add a group to a specific harvester.\n\nThis operation requires `harvester_add_group` privilege\nor `oz_harvesters_add_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Create harvester invitation token for group**\n```bash\ncurl -u username:password -X POST \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/groups/token\n\n{\n \"token\": \"MDAxNmxvY0cGUgKWsjcpnrLE00RtOd2F00cGUgKWsjcpnrLE00RtOdhmnQycSICwMsugo\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The token for joining a specific harvester.", "schema": { "$ref": "#/definitions/HarvesterInviteToken" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createHarvesterGroupToken id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/harvesters/{id}/groups/{gid}": { "get": { "operationId": "get_harvester_group", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(gid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_HARVESTER(?BINDING(id))", "x-onedata-permissions": [ "harvester_view", "oz_groups_view" ], "summary": "Get harvester's group details", "x-bash-codegen-description": "Returns details about a specific group in a harvester.\n\nThis operation requires `harvester_view` privilege.\nFor administrators who do not have to be members of this harvester,\n`oz_groups_view` privilege is required.\n", "description": "Returns details about a specific group in a harvester.\n\nThis operation requires `harvester_view` privilege.\nFor administrators who do not have to be members of this harvester,\n`oz_groups_view` privilege is required.\n\n***Example cURL requests***\n\n**Get harvester group details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/groups/$GROUP_ID\n\n{\n \"groupId\": \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"name\": \"new_groupX\",\n \"type\": \"team\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Details of a specific group in a harvester.", "schema": { "$ref": "#/definitions/Group" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getHarvesterGroup id=b752ceafabb662b4e5728b2ded25cdd1 gid=f1c8b1a37aa7447b22eb65a742d40524" } ] }, "put": { "operationId": "add_group_to_harvester", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "{group, ?BINDING(gid)}" }, "x-onedata-permissions": [ "harvester_add_group", "harvester_set_privileges", "oz_harvesters_add_relationships", "oz_groups_add_relationships", "oz_harvester_set_privileges" ], "summary": "Add group to harvester", "x-bash-codegen-description": "Adds group {gid} as member of harvester {id}. Optional privileges\ncan be passed in the request body, otherwise default\nprivileges will be set for the group in this harvester.\n\nThis operation requires `harvester_add_group` privilege in the harvester and\n`group_add_harvester` privilege in the group. If `privileges` are\nspecified in the request, `harvester_set_privileges` privilege is also required.\n\nFor administrator who does not belong to the group / harvester,\n`oz_groups_add_relationships` and `oz_harvesters_add_relationships` privileges\nare required, and `oz_harvesters_set_privileges` if `privileges` are specified\nin the request.\n", "description": "Adds group {gid} as member of harvester {id}. Optional privileges\ncan be passed in the request body, otherwise default\nprivileges will be set for the group in this harvester.\n\nThis operation requires `harvester_add_group` privilege in the harvester and\n`group_add_harvester` privilege in the group. If `privileges` are\nspecified in the request, `harvester_set_privileges` privilege is also required.\n\nFor administrator who does not belong to the group / harvester,\n`oz_groups_add_relationships` and `oz_harvesters_add_relationships` privileges\nare required, and `oz_harvesters_set_privileges` if `privileges` are specified\nin the request.\n\n***Example cURL requests***\n\n**Add group to harvester**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" -X PUT \\\n https://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/groups/$GROUP_ID\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "The group was added to the harvester." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "privileges", "in": "body", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/HarvesterPrivileges" } } }, "required": false } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli addGroupToHarvester id=b752ceafabb662b4e5728b2ded25cdd1 gid=f1c8b1a37aa7447b22eb65a742d40524" } ] }, "delete": { "operationId": "remove_harvester_group", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "{group, ?BINDING(gid)}" }, "x-onedata-permissions": [ "harvester_remove_group", "oz_harvesters_remove_relationships" ], "summary": "Remove group from harvester", "x-bash-codegen-description": "Removes a specific group from harvester.\n\nFor regular users, who belong to this harvester it requires\n`harvester_remove_group` privilege to remove a group from this harvester.\n\nFor administrators, who are not members of this harvester,\n`oz_harvesters_remove_relationships` privilege is required.\n", "description": "Removes a specific group from harvester.\n\nFor regular users, who belong to this harvester it requires\n`harvester_remove_group` privilege to remove a group from this harvester.\n\nFor administrators, who are not members of this harvester,\n`oz_harvesters_remove_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Get harvester group details**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/groups/$GROUP_ID\n```\n", "responses": { "204": { "description": "A group was removed from harvester." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeHarvesterGroup id=b752ceafabb662b4e5728b2ded25cdd1 gid=f1c8b1a37aa7447b22eb65a742d40524" } ] } }, "/harvesters/{id}/groups/{gid}/privileges": { "get": { "operationId": "list_group_harvester_privileges", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "{group_privileges, ?BINDING(gid)}" }, "x-onedata-permissions": [ "harvester_view_privileges", "oz_harvesters_view_privileges" ], "summary": "List group's harvester privileges", "x-bash-codegen-description": "Returns the list of group's (`{gid}`) privileges in a harvester (`{id}`).\n\nThis operation requires `harvester_view_privileges` privilege\nor `oz_harvesters_view_privileges` admin privilege.\n", "description": "Returns the list of group's (`{gid}`) privileges in a harvester (`{id}`).\n\nThis operation requires `harvester_view_privileges` privilege\nor `oz_harvesters_view_privileges` admin privilege.\n\n***Example cURL requests***\n\n**List groups's privileges in a harvester**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/groups/$GROUP_ID/privileges\n\n{\n \"privileges\": [\n \"harvester_view\",\n \"harvester_update\",\n \"harvester_delete\",\n \"harvester_view_privileges\",\n \"harvester_set_privileges\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of group's privileges in the harvester.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/HarvesterPrivileges" } }, "example": { "privileges": [ "harvester_view", "harvester_update", "harvester_delete", "harvester_view_privileges", "harvester_set_privileges" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listGroupHarvesterPrivileges id=b752ceafabb662b4e5728b2ded25cdd1 gid=c44d4ab910245342be5a0a89fdff095e" } ] }, "patch": { "operationId": "update_group_harvester_privileges", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "{group_privileges, ?BINDING(gid)}" }, "x-onedata-permissions": [ "harvester_set_privileges", "oz_harvesters_set_privileges" ], "summary": "Update group privileges to harvester", "x-bash-codegen-description": "Updates group's (`{gid}`) privileges in a harvester (`{id}`).\n\nThis operation requires `harvester_set_privileges` privilege\nor `oz_harvesters_set_privileges` admin privilege.\n", "description": "Updates group's (`{gid}`) privileges in a harvester (`{id}`).\n\nThis operation requires `harvester_set_privileges` privilege\nor `oz_harvesters_set_privileges` admin privilege.\n\nThe `grant` field specifies a list of privileges to be granted. The `revoke`\nfield specifies a list of privileges to be revoked. At least one of those\nfields must be given.\n\n***Example cURL requests***\n\n**Update group's privileges in a harvester**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" \\\n-d '{\"grant\": [\"harvester_view\", \"harvester_update\"], \"revoke\": [\"harvester_delete\"]}' \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/groups/$GROUP_ID/privileges\n```\n", "responses": { "204": { "description": "The privileges have been updated." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Harvester privileges update request.", "schema": { "$ref": "#/definitions/HarvesterPrivilegesUpdate" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "echo '{\"grant\": [\"harvester_view\", \"harvester_update\"], \"revoke\": [\"harvester_delete\"]}' | onezone-rest-cli updateGroupHarvesterPrivileges id=SPACE_ID gid=GROUP_ID -" } ] } }, "/harvesters/{id}/effective_groups": { "get": { "operationId": "list_effective_harvester_groups", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "eff_groups" }, "x-onedata-permissions": [ "harvester_view", "oz_harvesters_list_relationships" ], "summary": "List effective harvester groups", "x-bash-codegen-description": "Returns the effective list of groups belonging to a specific harvester.\n\nThis operation requires `harvester_view` privilege\nor `oz_harvesters_list_relationships` admin privilege.\n", "description": "Returns the effective list of groups belonging to a specific harvester.\n\nThis operation requires `harvester_view` privilege\nor `oz_harvesters_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Get harvester effective groups**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/effective_groups\n\n{\n \"groups\": [\n \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"8e1cea0b379e3683257c32f896d55115\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of effective group Ids that belong to a specific harvester.", "schema": { "$ref": "#/definitions/Groups" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveHarvesterGroups id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/harvesters/{id}/effective_groups/{gid}": { "get": { "operationId": "get_effective_harvester_group", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(gid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_HARVESTER(?BINDING(id))", "x-onedata-permissions": [ "harvester_view", "oz_groups_view" ], "summary": "Get effective harvester group details", "x-bash-codegen-description": "Returns details about a specific effective group in a harvester.\n\nThis operation requires `harvester_view` privilege\nor `oz_groups_view` admin privilege.\n", "description": "Returns details about a specific effective group in a harvester.\n\nThis operation requires `harvester_view` privilege\nor `oz_groups_view` admin privilege.\n\n***Example cURL requests***\n\n**Get effective harvester group details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/effective_groups/$GROUP_ID\n\n{\n \"groupId\": \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"name\": \"new_groupX\",\n \"type\": \"team\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Details of a specific group in a harvester.", "schema": { "$ref": "#/definitions/Group" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveHarvesterGroup id=b752ceafabb662b4e5728b2ded25cdd1 gid=f1c8b1a37aa7447b22eb65a742d40524" } ] } }, "/harvesters/{id}/effective_groups/{gid}/privileges": { "get": { "operationId": "list_effective_group_harvester_privileges", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "{eff_group_privileges, ?BINDING(gid)}" }, "x-onedata-permissions": [ "harvester_view_privileges", "oz_harvesters_view_privileges" ], "summary": "List effective group's harvester privileges", "x-bash-codegen-description": "Returns the list of effective group's (`{gid}`) privileges in a harvester (`{id}`).\n\nEffective privileges are a sum of group's privileges and privileges\ninherited from its parent group memberships.\n\nThis operation requires `harvester_view_privileges` privilege\nor `oz_harvesters_view_privileges` admin privilege.\n", "description": "Returns the list of effective group's (`{gid}`) privileges in a harvester (`{id}`).\n\nEffective privileges are a sum of group's privileges and privileges\ninherited from its parent group memberships.\n\nThis operation requires `harvester_view_privileges` privilege\nor `oz_harvesters_view_privileges` admin privilege.\n\n***Example cURL requests***\n\n**List effective groups's privileges in a harvester**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/effective_groups/$GROUP_ID/privileges\n\n{\n \"privileges\": [\n \"harvester_view\",\n \"harvester_update\",\n \"harvester_delete\",\n \"harvester_view_privileges\",\n \"harvester_set_privileges\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of effective group's privileges in the harvester.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/HarvesterPrivileges" } }, "example": { "privileges": [ "harvester_view", "harvester_update", "harvester_delete", "harvester_view_privileges", "harvester_set_privileges" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveGroupHarvesterPrivileges id=b752ceafabb662b4e5728b2ded25cdd1 gid=c44d4ab910245342be5a0a89fdff095e" } ] } }, "/harvesters/{id}/effective_groups/{gid}/membership": { "get": { "operationId": "get_effective_group_harvester_membership_intermediaries", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "{eff_group_membership, ?BINDING(gid)}" }, "x-onedata-permissions": [ "harvester_view", "oz_harvesters_view" ], "summary": "Get effective group's harvester membership intermediaries", "x-bash-codegen-description": "Returns the effective group's (`{gid}`) harvester membership intermediaries -\nentities from which the group inherits access to the harvester (`{id}`).\nSpecial keyword `\"self\"` in entity id indicates that the group (`{gid}`)\nhas a direct access to the harvester (`{id}`).\n\nThis operation requires any of the following authorization:\n* as user who is an effective member of the group (`{gid}`)\n* as user who has `harvester_view` privilege in the harvester (`{id}`)\n* as user who has `oz_harvesters_view` admin privilege.\n", "description": "Returns the effective group's (`{gid}`) harvester membership intermediaries -\nentities from which the group inherits access to the harvester (`{id}`).\nSpecial keyword `\"self\"` in entity id indicates that the group (`{gid}`)\nhas a direct access to the harvester (`{id}`).\n\nThis operation requires any of the following authorization:\n* as user who is an effective member of the group (`{gid}`)\n* as user who has `harvester_view` privilege in the harvester (`{id}`)\n* as user who has `oz_harvesters_view` admin privilege.\n\n***Example cURL requests***\n\n**Get effective group's harvester membership intermediaries**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/effective_groups/$GROUP_ID/membership\n\n{\n \"intermediaries\": [\n {\"type\": \"group\", \"id\": \"95527367966a95639e93a88718450b36\"},\n {\"type\": \"group\", \"id\": \"2ef3de15fd49b3d6420f58428a6ad219\"},\n {\"type\": \"harvester\", \"id\": \"self\"}\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of membership intermediaries.", "schema": { "$ref": "#/definitions/MembershipIntermediaries" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveGroupHarvesterMembershipIntermediaries id=b752ceafabb662b4e5728b2ded25cdd1 gid=a5b469a2b0516b662a49da74d6d7d7bc" } ] } }, "/harvesters/{id}/spaces": { "get": { "operationId": "list_harvester_spaces", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "spaces" }, "x-onedata-permissions": [ "harvester_view", "oz_harvesters_list_relationships" ], "summary": "List harvester spaces", "x-bash-codegen-description": "Returns the list of spaces in specific harvester.\n\nFor users who are members of harvester it requires `harvester_view`.\n\nFor administrators who do not have to be members of this harvester,\n`oz_harvesters_list_relationships` privilege is required.\n", "description": "Returns the list of spaces in specific harvester.\n\nFor users who are members of harvester it requires `harvester_view`.\n\nFor administrators who do not have to be members of this harvester,\n`oz_harvesters_list_relationships` privilege is required.\n\n***Example cURL requests***\n\n**List harvester spaces**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/spaces\n\n{\n \"spaces\": [\n \"MDAxNmxvYZjUGlIcGkweGZta1ZOdEp00eUNINVNvR2001Wl\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of all space Ids that are in a specific harvester.", "schema": { "$ref": "#/definitions/Spaces" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listHarvesterSpaces id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/harvesters/{id}/spaces/token": { "post": { "deprecated": true, "operationId": "create_harvester_invite_space_token", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "invite_space_token" }, "x-onedata-permissions": [ "harvester_invite_space", "oz_harvesters_add_relationships" ], "summary": "Create harvester invite token for space", "x-bash-codegen-description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user)\n\nCreates a token which can be can be consumed to add a space to a harvester.\n\nThis operation requires `harvester_invite_space` privilege\nor `oz_harvesters_add_relationships` admin privilege.\n", "description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user)\n\nCreates a token which can be can be consumed to add a space to a harvester.\n\nThis operation requires `harvester_invite_space` privilege\nor `oz_harvesters_add_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Create harvester invite space token**\n```bash\ncurl -u admin:password -X POST \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/spaces/token\n\n{\n \"token\": \"MDAxNmxvY2F00aW9uIHJlZ2lzdHJ5CjAwM2JpZGVudGlmaWVyIHZjUGlIcGkweGZta1ZOdEp00eUNINVNvR2001Wl\"\n}\n```\n", "produces": [ "application/json" ], "consumes": [ "application/json" ], "responses": { "200": { "description": "The token for joining a specific harvester.", "schema": { "$ref": "#/definitions/HarvesterInviteToken" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createHarvesterInviteSpaceToken id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/harvesters/{id}/spaces/join": { "post": { "operationId": "harvester_join_space", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_space", "aspect": "join" }, "x-onedata-auth-hint": "?AS_HARVESTER(?BINDING(id))", "x-onedata-permissions": [ "harvester_add_space", "oz_harvesters_add_relationships", "oz_spaces_add_relationships" ], "summary": "Join harvester to a space", "x-bash-codegen-description": "Joins the harvester to an existing space based on provided `harvesterJoinSpace`\ninvitation token (the space becomes a metadata source for the harvester).\n\nThis operation requires `harvester_add_space` privilege.\nFor administrator who does not belong to this space\n`oz_harvesters_add_relationships` and `oz_spaces_add_relationships` privilege is required.\n", "description": "Joins the harvester to an existing space based on provided `harvesterJoinSpace`\ninvitation token (the space becomes a metadata source for the harvester).\n\nThis operation requires `harvester_add_space` privilege.\nFor administrator who does not belong to this space\n`oz_harvesters_add_relationships` and `oz_spaces_add_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Join harvester to a space**\n```bash\ncurl -u admin:password -H \"Content-type: application/json\" \\\n-d '{\"token\":\"MDAxNmxvY2F00aW9uIHJlZ2lzdHJ5CjAwM2JpZGVuJ3l02U1JXzstRdK00ZHbso02rRcG8bJLAo\"}' \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/spaces/join\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the joined harvester in form https://$HOST/api/onezone/v3/harvesters/{id}/spaces/{sid} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the space where harvested was added.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "harvesterJoinSpace invite token.", "schema": { "$ref": "#/definitions/SpaceInviteToken" } } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli harvesterJoinSpace id=f1c8b1a37aa7447b22eb65a742d40524 token==MDAxNmxvY2F00aW9uRVM2TVo5UlZ5cGFjZV9jcm" } ] } }, "/harvesters/{id}/spaces/{sid}": { "get": { "operationId": "get_harvester_space", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_space", "id": "?BINDING(sid)", "aspect": "instance", "scope": "protected" }, "x-onedata-auth-hint": "?THROUGH_HARVESTER(?BINDING(id))", "x-onedata-permissions": [ "harvester_view", "oz_spaces_view" ], "summary": "Get harvester space details", "x-bash-codegen-description": "Returns details about a specific space in the harvester.\n\nFor users who are members of harvester it requires `harvester_view`.\nFor administrators who do not have to be members of this harvester,\n`oz_spaces_view` privilege is required.\n", "description": "Returns details about a specific space in the harvester.\n\nFor users who are members of harvester it requires `harvester_view`.\nFor administrators who do not have to be members of this harvester,\n`oz_spaces_view` privilege is required.\n\n***Example cURL requests***\n\n**Get harvester space details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/spaces/$SPACE_ID\n\n{\n \"spaceId\": \"H8ez0CwDZ7JMYRWn1ipmBpgJHPXzIXj0-upGkf9tk\",\n \"name\": \"example\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Details about a specific space in a harvester.", "schema": { "$ref": "#/definitions/Space" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "sid", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getHarvesterSpace id=b752ceafabb662b4e5728b2ded25cdd1 sid=f1c8b1a37aa7447b22eb65a742d40524" } ] }, "put": { "operationId": "add_space_to_harvester", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "{space, ?BINDING(sid)}" }, "x-onedata-permissions": [ "harvester_add_space", "oz_harvesters_add_relationships", "oz_spaces_add_relationships" ], "summary": "Add space to harvester", "x-bash-codegen-description": "Adds space {sid} as member of harvester {id}.\n\nThis operation requires `harvester_add_space` privilege in the harvester and\n`space_add_harvester` privilege in the space.\n\nFor administrator who does not belong to the space / harvester,\n`oz_spaces_add_relationships` and `oz_harvesters_add_relationships` privileges\nare required.\n", "description": "Adds space {sid} as member of harvester {id}.\n\nThis operation requires `harvester_add_space` privilege in the harvester and\n`space_add_harvester` privilege in the space.\n\nFor administrator who does not belong to the space / harvester,\n`oz_spaces_add_relationships` and `oz_harvesters_add_relationships` privileges\nare required.\n\n***Example cURL requests***\n\n**Add space to harvester**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" -X PUT \\\n https://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/spaces/$SPACE_ID\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "The space was added to the harvester." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "sid", "in": "path", "description": "Space Id.", "type": "string", "required": true }, { "name": "privileges", "in": "body", "schema": { "$ref": "#/definitions/HarvesterPrivileges" }, "required": false } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli addSpaceToHarvester id=b752ceafabb662b4e5728b2ded25cdd1 sid=f1c8b1a37aa7447b22eb65a742d40524" } ] }, "delete": { "operationId": "remove_harvester_space", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "{space, ?BINDING(sid)}" }, "x-onedata-permissions": [ "harvester_remove_space", "oz_harvesters_remove_relationships" ], "summary": "Remove harvester space", "x-bash-codegen-description": "Removes space from a specific harvester.\n\nThis operation requires `harvester_remove_space` privilege\nor `oz_harvesters_remove_relationships` admin privilege.\n", "description": "Removes space from a specific harvester.\n\nThis operation requires `harvester_remove_space` privilege\nor `oz_harvesters_remove_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Remove harvester space**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/spaces/$SPACE_ID\n```\n", "responses": { "204": { "description": "This space is no longer member of a harvester." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "sid", "in": "path", "description": "Space Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeHarvesterSpace id=b752ceafabb662b4e5728b2ded25cdd1 sid=f1c8b1a37aa7447b22eb65a742d40524" } ] } }, "/harvesters/{id}/gui_plugin_config": { "get": { "operationId": "get_harvester_config", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "gui_plugin_config", "scope": "private" }, "x-onedata-permissions": [ "oz_harvesters_view" ], "summary": "Get harvester configuration", "x-bash-codegen-description": "Returns JSON configuration for harvester GUI plugin.\n\nIf called by user who is not member of the harvester, requires `oz_harvesters_view`\nadmin privilege.\n", "description": "Returns JSON configuration for harvester GUI plugin.\n\nIf called by user who is not member of the harvester, requires `oz_harvesters_view`\nadmin privilege.\n\n***Example cURL requests***\n\n**Get harvester details**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/config\n\n{\n \"config\" : {\n \"typeMapping\": [ { \"id\": 0, \"name\": \"Type 1\" }, { \"id\": 1, \"name\": \"Type 1\" } ],\n \"externalHelpLink\": \"http://example.com/some_help_page\",\n \"refreshDataTimeout\": 1000\n }\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Harvester GUI plugin configuration.", "schema": { "$ref": "#/definitions/HarvesterGuiPluginConfig" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getHarvesterConfig id=b752ceafabb662b4e5728b2ded25cdd1" } ] }, "patch": { "operationId": "modify_harvester_config", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "gui_plugin_config" }, "x-onedata-permissions": [ "harvester_update", "oz_harvesters_update" ], "summary": "Modify harvester configuration", "x-bash-codegen-description": "Updates harvester GUI plugin configuration.\n\nThis operation requires `harvester_update` privilege\nor `oz_harvesters_update` admin privilege.\n", "description": "Updates harvester GUI plugin configuration.\n\nThis operation requires `harvester_update` privilege\nor `oz_harvesters_update` admin privilege.\n\n***Example cURL requests***\n\n**Change harvester name**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" \\\n-X PATCH -d '{\"config\": {}}' \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/config\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "Harvester configuration has been updated successfully." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "New harvester config", "schema": { "$ref": "#/definitions/HarvesterGuiPluginConfig" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli modifyHarvesterConfig id=b752ceafabb662b4e5728b2ded25cdd1 config=={}" } ] } }, "/harvesters/{id}/indices": { "get": { "operationId": "list_harvester_indices", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "indices" }, "x-onedata-permissions": [ "harvester_view", "oz_harvesters_view" ], "summary": "List harvester indices", "x-bash-codegen-description": "Returns the list of indices in specific harvester.\n\nFor users who are members of harvester it requires `harvester_view`.\n\nFor administrators who do not have to be members of this harvester,\n`oz_harvesters_view` privilege is required.\n", "description": "Returns the list of indices in specific harvester.\n\nFor users who are members of harvester it requires `harvester_view`.\n\nFor administrators who do not have to be members of this harvester,\n`oz_harvesters_view` privilege is required.\n\n***Example cURL requests***\n\n**Get harvester index**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/indices\n\n{\n \"indices\": [\n \"MDAxNmxvYZjUGlIcGkweGZta1ZOdEp00eUNINVNvR2001Wl\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of all index Ids that are in a specific harvester.", "schema": { "$ref": "#/definitions/HarvesterIndices" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listHarvesterIndices id=b752ceafabb662b4e5728b2ded25cdd1" } ] }, "post": { "operationId": "create_harvester_index", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "index" }, "x-onedata-permissions": [ "oz_harvesters_update" ], "summary": "Create new index in harvester", "x-bash-codegen-description": "Creates new index in given harvester.\n\nThis operation requires `oz_harvesters_update` admin privilege.\n", "description": "Creates new index in given harvester.\n\nThis operation requires `oz_harvesters_update` admin privilege.\n\n***Example cURL requests***\n\n**Create new index in harvester**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" \\\n-X POST -d '{ \"name\" : \"My study index\", \"guiPluginName\" : \"study\"}\\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/indices\n```\n", "consumes": [ "application/json" ], "responses": { "201": { "description": "URI of the created index in the form https://$HOST/api/onezone/v3/harvesters/{id}/indices/{iid} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created index.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Index properties.", "schema": { "$ref": "#/definitions/HarvesterIndexCreateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createHarvesterIndex name==\"Index\" guiPluginName== \"Index\" schema==\"{}\" " } ] } }, "/harvesters/{id}/indices/{idx}/query": { "post": { "operationId": "query_harvester_index", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "{query, ?BINDING(idx)}" }, "x-onedata-permissions": [ "oz_harvesters_view" ], "summary": "Query harvester index", "x-bash-codegen-description": "Performs query to index {idx} in harvester {id}.\n\nThis operation does not require any privileges when the harvester is public \notherwise being member of the harvester is required.\nFor administrators who do not have to be members of this harvester,\n`oz_harvesters_view` privilege is required.\n\nRequest body depends on selected `harvester_plugin`. This is example for `elasticsearch_plugin`.\n", "description": "Performs query to index {idx} in harvester {id}.\n\nThis operation does not require any privileges when the harvester is public \notherwise being member of the harvester is required.\nFor administrators who do not have to be members of this harvester,\n`oz_harvesters_view` privilege is required.\n\nRequest body and response depend on selected `harvester_plugin`. Below examples are for `elasticsearch_plugin`.\n\n***Example cURL requests***\n\n**query harvester index**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" -X POST \\\n-d '{ \"method\" : \"get\", \"path\" : \"resource_id\"}'\n https://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/indices/$INDEX_ID/query\n```\n", "consumes": [ "application/json" ], "responses": { "200": { "description": "Results of the query on given index.", "schema": { "$ref": "#/definitions/HarvesterQueryResponse" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "idx", "in": "path", "description": "Index Id.", "type": "string", "required": true }, { "name": "query", "in": "body", "schema": { "$ref": "#/definitions/HarvesterQuery" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli queryHarvesterIndex id=b752ceafabb662b4e5728b2ded25cdd1 idx=f1c8b1a37aa7447b22eb65a742d40524" } ] } }, "/harvesters/{id}/indices/{idx}/stats": { "get": { "operationId": "get_harvester_index_stats", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "{index_stats, ?BINDING(idx)}", "scope": "private" }, "x-onedata-permissions": [ "harvester_view", "oz_harvesters_view" ], "summary": "Get harvester index stats", "x-bash-codegen-description": "Returns details about harvesting stats of a specific index in the harvester.\n\nFor users who are members of harvester it requires `harvester_view`.\nFor administrators who do not have to be members of this harvester,\n`oz_harvesters_view` privilege is required.\n", "description": "Returns details about harvesting stats of a specific index in the harvester.\n\nFor users who are members of harvester it requires `harvester_view`.\nFor administrators who do not have to be members of this harvester,\n`oz_harvesters_view` privilege is required.\n\n***Example cURL requests***\n\n**Get harvester index stats**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/indices/$INDEX_ID\n\n{\n $SPACE_ID1 : {\n $PROVIDER_ID1 : {\n \"currentSeq\" : 5,\n \"maxSeq\" : 8,\n \"error\" : null,\n \"lastUpdate\" : 1557928576,\n \"archival\" : false\n },\n $PROVIDER_ID2 : {\n \"currentSeq\" : 8,\n \"maxSeq\" : 13,\n \"error\" : \"Service unavailable: temporary failure.\",\n \"lastUpdate\" : 1557928576,\n \"archival\" : false\n }\n },\n $SPACE_ID2 : {\n $PROVIDER_ID1 : {\n \"currentSeq\" : 13,\n \"maxSeq\" : 21,\n \"error\" : null,\n \"lastUpdate\" : 1557928576,\n \"archival\" : false\n },\n $PROVIDER_ID3 : {\n \"currentSeq\" : 21,\n \"maxSeq\" : 34,\n \"error\" : null,\n \"lastUpdate\" : 1557928576,\n \"archival\" : true\n }\n }\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "JSON with an index harvesting stats.", "schema": { "$ref": "#/definitions/HarvesterIndexStatsDetails" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "idx", "in": "path", "description": "Index Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getHarvesterIndexStats id=b752ceafabb662b4e5728b2ded25cdd1 idx=f1c8b1a37aa7447b22eb65a742d40524" } ] } }, "/harvesters/{id}/indices/{idx}": { "get": { "operationId": "get_harvester_index", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "{index, ?BINDING(idx)}", "scope": "private" }, "x-onedata-permissions": [ "harvester_view", "oz_harvesters_view" ], "summary": "Get harvester index details", "x-bash-codegen-description": "Returns details about a specific index in the harvester.\n\nFor users who are members of harvester it requires `harvester_view`.\nFor administrators who do not have to be members of this harvester,\n`oz_harvesters_view` privilege is required.\n", "description": "Returns details about a specific index in the harvester.\n\nFor users who are members of harvester it requires `harvester_view`.\nFor administrators who do not have to be members of this harvester,\n`oz_harvesters_view` privilege is required.\n\n***Example cURL requests***\n\n**Get harvester space details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/indices/$INDEX_ID\n\n{\n \"indexId\": \"H8ez0CwDZ7JMYRWn1ipmBpgJHPXzIXj0-upGkf9tk\",\n \"name\": \"My study index\"\n \"guiPluginName\": \"study\"\n \"schema\": \"{ \\\"mappings\\\": { \\\"properties\\\": { \\\"foo\\\": { \\\"type\\\": \\\"keyword\\\" } } } }\"\n \"includeMetadata\": [\"json\", \"xattrs\"]\n \"includeFileDetails\": [\"fileName\", \"metadataExistenceFlags\"]\n \"includeRejectionReason\": false\n \"retryOnRejection\": true\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Details about a specific index in a harvester.", "schema": { "$ref": "#/definitions/HarvesterIndex" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "idx", "in": "path", "description": "Index Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getHarvesterIndex id=b752ceafabb662b4e5728b2ded25cdd1 idx=f1c8b1a37aa7447b22eb65a742d40524" } ] }, "patch": { "operationId": "modify_harvester_index", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "{index, ?BINDING(idx)}" }, "x-onedata-permissions": [ "harvester_update", "oz_harvesters_update" ], "summary": "Modify harvester index", "x-bash-codegen-description": "Modifies harvester index.\n\nThis operation requires `harvester_update` privilege\nor `oz_harvesters_update` admin privilege.\n", "description": "Modifies harvester index.\n\nThis operation requires `harvester_update` privilege\nor `oz_harvesters_update` admin privilege.\n\n***Example cURL requests***\n\n**Change harvester name**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" \\\n-X PATCH -d '{\"name\" : \"new_name\", \"guiPluginName\" : \"new_gui_plugin_name\"}' \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/indices/$INDEX_ID\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "Harvester index has been modified successfully." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "idx", "in": "path", "description": "Index Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "The new data of the index.", "schema": { "type": "object", "properties": { "name": { "type": "string", "description": "The new name of the index." }, "guiPluginName": { "type": "string", "description": "The new gui plugin name of the index." } } }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli modifyHarvesterIndex id=b752ceafabb662b4e5728b2ded25cdd1 name==\"New name\"" } ] }, "delete": { "operationId": "remove_harvester_index", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "{index, ?BINDING(idx)}" }, "x-onedata-permissions": [ "harvester_update", "oz_harvesters_update" ], "summary": "Remove harvester index", "x-bash-codegen-description": "Removes index from a specific harvester. **It will be no longer possible to access harvested data through onezone service**.\n\nThis operation requires `harvester_update` privilege\nor `oz_harvesters_update` admin privilege.\n", "description": "Removes index from a specific harvester. **It will be no longer possible to access harvested data through onezone service**.\\\nIf you wish to remove harvested metadata see:\n[Remove harvested metadata in index](#operation/remove_harvested_index_data)\n\nThis operation requires `harvester_update` privilege\nor `oz_harvesters_update` admin privilege.\n\n***Example cURL requests***\n\n**Remove harvester index**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/indices/$INDEX_ID\n```\n", "responses": { "204": { "description": "This index have been removed from given harvester." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "idx", "in": "path", "description": "Index Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeHarvesterIndex id=b752ceafabb662b4e5728b2ded25cdd1 idx=f1c8b1a37aa7447b22eb65a742d40524" } ] } }, "/harvesters/{id}/indices/{idx}/metadata": { "delete": { "operationId": "remove_harvested_index_metadata", "tags": [ "Harvester" ], "x-onedata-gri": { "type": "od_harvester", "id": "?BINDING(id)", "aspect": "{index_metadata, ?BINDING(idx)}" }, "x-onedata-permissions": [ "harvester_update", "oz_harvesters_update" ], "summary": "Remove harvested index metadata", "x-bash-codegen-description": "Schedules removal of all harvested metadata in given index.\n\nThis operation requires `harvester_update` privilege\nor `oz_harvesters_update` admin privilege.\n", "description": "Schedules removal of all harvested metadata in given index.\\\nSee also: [Remove index](#operation/remove_harvester_index)\n\nThis operation requires `harvester_update` privilege\nor `oz_harvesters_update` admin privilege.\n\n***Example cURL requests***\n\n**Remove harvested index metadata**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/harvesters/$HARVESTER_ID/indices/$INDEX_ID\n```\n", "responses": { "204": { "description": "All harvested metadata in this index have been scheduled to be removed." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Harvester Id.", "type": "string", "required": true }, { "name": "idx", "in": "path", "description": "Index Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeHarvestedIndexMetadata id=b752ceafabb662b4e5728b2ded25cdd1 idx=f1c8b1a37aa7447b22eb65a742d40524" } ] } }, "/clusters": { "get": { "operationId": "oz_clusters_list", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "aspect": "list" }, "x-onedata-permissions": [ "oz_clusters_list" ], "summary": "List all clusters", "x-bash-codegen-description": "Returns the list of all clusters managed by the Onezone service.\n\nThis operation requires `oz_clusters_list` admin privilege.\n", "description": "Returns the list of all clusters managed by the Onezone service.\n\nThis operation requires `oz_clusters_list` admin privilege.\n\n***Example cURL requests***\n\n**List all clusters**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/clusters\n\n{\n \"clusters\": [\n \"S0Y9FSe9TFJFFzzLtBEs8\",\n \"IkHBv8CoAFmbFU4fj26\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "List of all clusters Ids.", "schema": { "$ref": "#/definitions/Clusters" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listClusters" } ] } }, "/clusters/privileges": { "get": { "operationId": "list_cluster_privileges", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "aspect": "privileges" }, "x-onedata-permissions": [], "summary": "List all cluster privileges", "x-bash-codegen-description": "Returns list of all possible cluster privileges.\n\nThis endpoint does not require authentication.\n", "description": "Returns list of all possible cluster privileges.\n\nThis endpoint does not require authentication.\n\n***Example cURL requests***\n\n**Get list of all cluster privileges**\n```bash\ncurl https://$HOST/api/v3/onezone/clusters/privileges\n\n{\n \"admin\": [\n \"cluster_view\",\n \"cluster_update\",\n \"cluster_delete\",\n \"cluster_view_privileges\",\n \"cluster_set_privileges\",\n \"cluster_add_user\",\n \"cluster_remove_user\",\n \"cluster_add_group\",\n \"cluster_remove_group\"\n ],\n \"manager\": [\n \"cluster_view\",\n \"cluster_add_user\",\n \"cluster_remove_user\",\n \"cluster_add_group\",\n \"cluster_remove_group\"\n ],\n \"member\": [\n \"cluster_view\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "List of all cluster privileges", "schema": { "type": "object", "properties": { "admin": { "$ref": "#/definitions/ClusterPrivileges" }, "manager": { "$ref": "#/definitions/ClusterManagerPrivileges" }, "member": { "$ref": "#/definitions/ClusterMemberPrivileges" } } } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listClusterPrivileges" } ] } }, "/clusters/{id}": { "get": { "operationId": "get_cluster", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(id)", "aspect": "instance", "scope": "protected" }, "x-onedata-permissions": [ "oz_clusters_view" ], "summary": "Get cluster details", "x-bash-codegen-description": "Returns the details about a specific cluster.\n\nThis operation requires membership in the cluster or\n`oz_clusters_view` admin privilege.\n", "description": "Returns the details about a specific cluster.\n\nThis operation requires membership in the cluster or\n`oz_clusters_view` admin privilege.\n\n***Example cURL requests***\n\n**Get cluster details**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID\n\n{\n \"clusterId\": \"f8d843beda24e54545455ecc0f4b8886\",\n \"type\": \"oneprovider\",\n \"workerVersion\": {\n \"release\": \"20.02.13\",\n \"build\": \"1-gfabf02d\",\n \"gui\": \"129c549fbe9b3e730c3d9910492228566e39e1236945766a74381405cc57fb04\"\n },\n \"onepanelVersion\": {\n \"release\": \"20.02.13\",\n \"build\": \"3-89fc6bad\",\n \"gui\": \"68e7e1472adb719ddf2d88908775091dfb10e5d0b916f06125ea1af4056044e3\"\n },\n \"online\": true,\n \"onepanelProxy\": false,\n \"creator\": {\n \"type\": \"user\",\n \"id\": \"7434b256e71e1052e0d5e3e9da657ebf\"\n },\n \"creationTime\": 1576152793\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Information about a cluster.", "schema": { "$ref": "#/definitions/Cluster" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getCluster id=b752ceafabb662b4e5728b2ded25cdd1" } ] }, "patch": { "operationId": "modify_cluster", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(id)", "aspect": "instance" }, "x-onedata-permissions": [ "cluster_update", "oz_clusters_update" ], "summary": "Modify cluster details", "x-bash-codegen-description": "Updates the details about a cluster.\n\nThis operation requires `cluster_update` privilege\nor `oz_clusters_update` admin privilege.\n", "description": "Updates the details about a cluster.\n\nThis operation requires `cluster_update` privilege\nor `oz_clusters_update` admin privilege.\n\n***Example cURL requests***\n\n**Change cluster name**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" \\\n-X PATCH -d '{\"name\": \"new_cluster12\"}' \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "Cluster has been updated successfully." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Cluster data.", "schema": { "$ref": "#/definitions/ClusterUpdateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli modifyCluster id=b752ceafabb662b4e5728b2ded25cdd1 proxy=true" } ] } }, "/clusters/{id}/users": { "get": { "operationId": "list_cluster_users", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(id)", "aspect": "users" }, "x-onedata-permissions": [ "cluster_view", "oz_clusters_list_relationships" ], "summary": "List cluster's users", "x-bash-codegen-description": "Returns the list of users belonging to a specific cluster.\n\nThis operation requires `cluster_view` privilege.\nFor administrators who do not have to be members of this cluster,\n`oz_clusters_list_relationships` privilege is required.\n", "description": "Returns the list of users belonging to a specific cluster.\n\nThis operation requires `cluster_view` privilege.\nFor administrators who do not have to be members of this cluster,\n`oz_clusters_list_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Get cluster users**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/users\n\n{\n \"users\": [\n \"a5b469a2b0516b662a49da74d6d7d7bc\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of all user Ids that belong to a specific cluster", "schema": { "$ref": "#/definitions/Users" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listClusterUsers id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/clusters/{id}/users/token": { "post": { "deprecated": true, "operationId": "create_cluster_user_invite_token", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(id)", "aspect": "invite_user_token" }, "x-onedata-permissions": [ "cluster_add_user", "oz_clusters_add_relationships" ], "summary": "Create cluster user invite token", "x-bash-codegen-description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user)\n\nCreates a token allowing new user to join a cluster.\n\nThis operation requires `cluster_add_user` privilege.\nFor administrators who do not have to be members of this cluster,\n`oz_clusters_add_relationships` privilege is required.\n", "description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user)\n\nCreates a token allowing new user to join a cluster.\n\nThis operation requires `cluster_add_user` privilege.\nFor administrators who do not have to be members of this cluster,\n`oz_clusters_add_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Create cluster user invite token**\n```bash\ncurl -u username:password -X POST \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/users/token\n\n{\n \"token\": \"MDAxNmxvY2F00aW9uIHJlZ2lzdHJ5CjAwM2JpZGVudGlmaWVyIG00zcEJ2UDVuOHhkQUNhdk9hbTlyNnIwNldPSzVhc\"\n}\n```\n", "produces": [ "application/json" ], "consumes": [ "application/json" ], "responses": { "200": { "description": "The token for joining a specific cluster.", "schema": { "$ref": "#/definitions/ClusterInviteToken" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createClusterUserInviteToken id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/clusters/{id}/users/{uid}": { "get": { "operationId": "get_cluster_user", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_user", "id": "?BINDING(uid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_CLUSTER(?BINDING(id))", "x-onedata-permissions": [ "cluster_view", "oz_users_view" ], "summary": "Get cluster's user details", "x-bash-codegen-description": "Returns basic information about a specific user in a cluster.\n\nThis operation requires `cluster_view` privilege.\nFor administrators who do not have to be members of this cluster,\n`oz_users_view` privilege is required.\n", "description": "Returns basic information about a specific user in a cluster.\n\nThis operation requires `cluster_view` privilege.\nFor administrators who do not have to be members of this cluster,\n`oz_users_view` privilege is required.\n\n***Example cURL requests***\n\n**Get cluster user data**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/users/$USER_ID\n\n{\n \"userId\" : \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"fullName\" : \"John Doe\",\n \"username\" : \"jodoe\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Information about a cluster user.", "schema": { "$ref": "#/definitions/User" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getClusterUser id=b752ceafabb662b4e5728b2ded25cdd1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] }, "put": { "operationId": "add_cluster_user", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(id)", "aspect": "{user, ?BINDING(uid)}" }, "x-onedata-permissions": [ "cluster_add_user", "cluster_set_privileges", "oz_clusters_add_relationships", "oz_users_add_relationships", "oz_clusters_set_privileges" ], "summary": "Add user to cluster", "x-bash-codegen-description": "Adds user {uid} as member of cluster {id}. Optionally, privileges\ncan be passed in the request body, otherwise default\nprivileges will be set for the user in this cluster.\n\nThis operation can only be invoked by the user {uid} to add himself to the\ncluster (if he is not a member already) and requires `cluster_add_user`\nprivilege in the cluster. If `privileges` are specified in the request,\n`cluster_set_privileges` privilege is also required.\n\nAdministrators having the `oz_clusters_add_relationships` and\n`oz_users_add_relationships` admin privileges can add any user to any cluster,\nthough `oz_clusters_set_privileges` privilege is required if `privileges` are\nspecified in the request.\n", "description": "Adds user {uid} as member of cluster {id}. Optionally, privileges\ncan be passed in the request body, otherwise default\nprivileges will be set for the user in this cluster.\n\nThis operation can only be invoked by the user {uid} to add himself to the\ncluster (if he is not a member already) and requires `cluster_add_user`\nprivilege in the cluster. If `privileges` are specified in the request,\n`cluster_set_privileges` privilege is also required.\n\nAdministrators having the `oz_clusters_add_relationships` and\n`oz_users_add_relationships` admin privileges can add any user to any cluster,\nthough `oz_clusters_set_privileges` privilege is required if `privileges` are\nspecified in the request.\n\n***Example cURL requests***\n\n**Add user to cluster**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" -X PUT \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/users/$USER_ID\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "The user was added to the cluster." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/ClusterPrivileges" } } }, "required": false } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli addClusterUser id=b752ceafabb662b4e5728b2ded25cdd1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] }, "delete": { "operationId": "remove_cluster_user", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(id)", "aspect": "{user, ?BINDING(uid)}" }, "x-onedata-permissions": [ "cluster_remove_user", "oz_clusters_remove_relationships", "oz_users_remove_relationships" ], "summary": "Remove user from cluster", "x-bash-codegen-description": "Removes user from specific cluster.\n\nThis operation requires `cluster_remove_user` privilege in the cluster or\n`oz_clusters_remove_relationships` and `oz_users_remove_relationships` admin privilege.\n", "description": "Removes user from specific cluster.\n\nThis operation requires `cluster_remove_user` privilege in the cluster or\n`oz_clusters_remove_relationships` and `oz_users_remove_relationships` admin privileges.\n\n***Example cURL requests***\n\n**Get cluster user data**\n```bash\ncurl -u admin:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/users/$USER_ID\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "User was removed from cluster." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeClusterUser id=b752ceafabb662b4e5728b2ded25cdd1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] } }, "/clusters/{id}/users/{uid}/privileges": { "get": { "operationId": "list_user_cluster_privileges", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(id)", "aspect": "{user_privileges, ?BINDING(uid)}" }, "x-onedata-permissions": [ "cluster_view_privileges", "oz_clusters_view_privileges" ], "summary": "List user's cluster privileges", "x-bash-codegen-description": "Returns the list of user's (`{uid}`) privileges in a cluster (`{id}`).\n\nThis operation requires `cluster_view_privileges` privilege.\nFor administrators who do not have to be members of this cluster,\n`oz_clusters_view_privileges` privilege is required.\n", "description": "Returns the list of user's (`{uid}`) privileges in a cluster (`{id}`).\n\nThis operation requires `cluster_view_privileges` privilege.\nFor administrators who do not have to be members of this cluster,\n`oz_clusters_view_privileges` privilege is required.\n\n***Example cURL requests***\n\n**List user's privileges in a cluster**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/users/$USER_ID/privileges\n\n{\n \"privileges\": [\n \"cluster_view\",\n \"cluster_update\",\n \"cluster_delete\",\n \"cluster_view_privileges\",\n \"cluster_set_privileges\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of user's privileges in the cluster.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/ClusterPrivileges" } }, "example": { "privileges": [ "cluster_view", "cluster_update", "cluster_delete", "cluster_view_privileges", "cluster_set_privileges" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listUserClusterPrivileges id=b752ceafabb662b4e5728b2ded25cdd1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] }, "patch": { "operationId": "update_user_cluster_privileges", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(id)", "aspect": "{user_privileges, ?BINDING(uid)}" }, "x-onedata-permissions": [ "cluster_set_privileges", "oz_clusters_set_privileges" ], "summary": "Update user's cluster privileges", "x-bash-codegen-description": "Updates user's (`{uid}`) privileges in a cluster (`{id}`).\n\nThis operation requires `cluster_set_privileges` privilege.\nFor administrators who do not have to be members of this cluster,\n`oz_clusters_set_privileges` privilege is required.\n", "description": "Updates user's (`{uid}`) privileges in a cluster (`{id}`).\n\nThis operation requires `cluster_set_privileges` privilege.\nFor administrators who do not have to be members of this cluster,\n`oz_clusters_set_privileges` privilege is required.\n\nThe `grant` field specifies a list of privileges to be granted. The `revoke`\nfield specifies a list of privileges to be revoked. At least one of those\nfields must be given.\n\n***Example cURL requests***\n\n**Update user's privileges in a cluster**\n```bash\ncurl -u admin:password -X PATCH -H \"Content-type: application/json\" \\\n-d '{\"grant\": [\"cluster_view\", \"cluster_update\"], \"revoke\": [\"cluster_delete\"]}' \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/users/$USER_ID/privileges\n```\n", "responses": { "204": { "description": "The privileges have been updated." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Cluster privileges update request.", "schema": { "$ref": "#/definitions/ClusterPrivilegesUpdate" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "echo '{\"grant\": [\"cluster_view\", \"cluster_update\"], \"revoke\": [\"cluster_delete\"]}' | onezone-rest-cli updateUserClusterPrivileges id=b752ceafabb662b4e5728b2ded25cdd1 uid=a5b469a2b0516b662a49da74d6d7d7bc -" } ] } }, "/clusters/{id}/effective_users": { "get": { "operationId": "list_cluster_effective_users", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(id)", "aspect": "eff_users" }, "summary": "List cluster's effective users", "x-onedata-permissions": [ "cluster_view", "oz_clusters_list_relationships" ], "x-bash-codegen-description": "Returns the list of effective users belonging to a specific cluster.\n\nThis operation requires `cluster_view` privilege\nor `oz_clusters_list_relationships` admin privilege.\n", "description": "Returns the list of effective users belonging to a specific cluster.\n\nThis operation requires `cluster_view` privilege\nor `oz_clusters_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Get cluster effective users**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/effective_users\n\n{\n \"users\": [\n \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"8e1cea0b379e3683257c32f896d55115\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of effective user Ids that belong to a specific cluster.", "schema": { "$ref": "#/definitions/Users" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listClusterEffectiveUsers id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/clusters/{id}/effective_users/{uid}": { "get": { "operationId": "get_cluster_effective_user", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_user", "id": "?BINDING(uid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_CLUSTER(?BINDING(id))", "x-onedata-permissions": [ "cluster_view", "oz_users_view" ], "summary": "Get cluster's effective user details", "x-bash-codegen-description": "Returns details about a specific effective user in a cluster.\n\nThis operation requires `cluster_view` privilege\nor `oz_users_view` admin privilege.\n", "description": "Returns details about a specific effective user in a cluster.\n\nThis operation requires `cluster_view` privilege\nor `oz_users_view` admin privilege.\n\n***Example cURL requests***\n\n**Get effective cluster user details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/effective_users/$USER_ID\n\n{\n \"userId\": \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"fullName\" : \"John Doe\",\n \"username\" : \"jodoe\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Details of a specific user in a cluster.", "schema": { "$ref": "#/definitions/User" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getClusterEffectiveUser id=b752ceafabb662b4e5728b2ded25cdd1 uid=f1c8b1a37aa7447b22eb65a742d40524" } ] } }, "/clusters/{id}/effective_users/{uid}/privileges": { "get": { "operationId": "list_effective_user_cluster_privileges", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(id)", "aspect": "{eff_user_privileges, ?BINDING(uid)}" }, "x-onedata-permissions": [ "cluster_view_privileges", "oz_clusters_view_privileges" ], "summary": "List effective user's cluster privileges", "x-bash-codegen-description": "Returns the list of effective user's (`{uid}`) privileges in a cluster (`{id}`).\n\nEffective privileges are a sum of user's privileges and privileges\ninherited from his group memberships.\n\nThis operation requires `cluster_view_privileges` privilege\nor `oz_clusters_view_privileges` admin privilege.\n", "description": "Returns the list of effective user's (`{uid}`) privileges in a cluster (`{id}`).\n\nEffective privileges are a sum of user's privileges and privileges\ninherited from his group memberships.\n\nThis operation requires `cluster_view_privileges` privilege\nor `oz_clusters_view_privileges` admin privilege.\n\n***Example cURL requests***\n\n**List effective user's privileges in a cluster**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/effective_users/$USER_ID/privileges\n\n{\n \"privileges\": [\n \"cluster_view\",\n \"cluster_update\",\n \"cluster_delete\",\n \"cluster_view_privileges\",\n \"cluster_set_privileges\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of effective user's privileges in the cluster.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/ClusterPrivileges" } }, "example": { "privileges": [ "cluster_view", "cluster_update", "cluster_delete", "cluster_view_privileges", "cluster_set_privileges" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveUserClusterPrivileges id=b752ceafabb662b4e5728b2ded25cdd1 uid=c44d4ab910245342be5a0a89fdff095e" } ] } }, "/clusters/{id}/effective_users/{uid}/membership": { "get": { "operationId": "get_effective_user_cluster_membership_intermediaries", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(id)", "aspect": "{eff_user_membership, ?BINDING(uid)}" }, "x-onedata-permissions": [ "cluster_view", "oz_clusters_view" ], "summary": "Get effective user's cluster membership intermediaries", "x-bash-codegen-description": "Returns the effective user's (`{uid}`) cluster membership intermediaries -\nentities from which the user inherits membership in the cluster (`{id}`).\nSpecial keyword `\"self\"` in entity id indicates that the user (`{uid}`)\nhas a direct membership in the cluster (`{id}`).\n\nThis operation requires any of the following authentication:\n* as user (`{uid}`) who is an effective member of the cluster (`{id}`),\n* as user who has `cluster_view` privilege in the cluster (`{id}`),\n* as user who has `oz_clusters_view` admin privilege.\n", "description": "Returns the effective user's (`{uid}`) cluster membership intermediaries -\nentities from which the user inherits membership in the cluster (`{id}`).\nSpecial keyword `\"self\"` in entity id indicates that the user (`{uid}`)\nhas a direct membership in the cluster (`{id}`).\n\nThis operation requires any of the following authentication:\n* as user (`{uid}`) who is an effective member of the cluster (`{id}`),\n* as user who has `cluster_view` privilege in the cluster (`{id}`),\n* as user who has `oz_clusters_view` admin privilege.\n\n***Example cURL requests***\n\n**Get effective user's cluster membership intermediaries**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/effective_users/$USER_ID/membership\n\n{\n \"intermediaries\": [\n {\"type\": \"group\", \"id\": \"95527367966a95639e93a88718450b36\"},\n {\"type\": \"group\", \"id\": \"2ef3de15fd49b3d6420f58428a6ad219\"},\n {\"type\": \"cluster\", \"id\": \"self\"}\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of membership intermediaries.", "schema": { "$ref": "#/definitions/MembershipIntermediaries" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true }, { "name": "uid", "in": "path", "description": "User Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveUserClusterMembershipIntermediaries id=b752ceafabb662b4e5728b2ded25cdd1 uid=a5b469a2b0516b662a49da74d6d7d7bc" } ] } }, "/clusters/{id}/groups": { "get": { "operationId": "list_cluster_groups", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(id)", "aspect": "groups" }, "summary": "List cluster's groups", "x-onedata-permissions": [ "cluster_view", "oz_clusters_list_relationships" ], "x-bash-codegen-description": "Returns the list of groups belonging to a specific cluster.\n\nThis operation requires `cluster_view` privilege.\nFor administrator who does not belong to this cluster\n`oz_clusters_list_relationships` privilege is required.\n", "description": "Returns the list of groups belonging to a specific cluster.\n\nThis operation requires `cluster_view` privilege.\nFor administrator who does not belong to this cluster\n`oz_clusters_list_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Get cluster groups**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/groups\n\n{\n \"groups\": [\n \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"8e1cea0b379e3683257c32f896d55115\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of all group Ids that belong to a specific cluster", "schema": { "$ref": "#/definitions/Groups" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listClusterGroups id=b752ceafabb662b4e5728b2ded25cdd1" } ] }, "post": { "operationId": "create_cluster_group", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(id)", "aspect": "group" }, "x-onedata-auth-hint": "?AS_USER(?CLIENT_ID)", "x-onedata-permissions": [ "cluster_add_group", "oz_groups_create", "oz_clusters_add_relationships" ], "summary": "Create group in cluster", "x-bash-codegen-description": "Creates a new group belonging to the cluster of {id}.\n\nThis operation requires `cluster_add_group` privilege.\nFor administrator who does not belong to this group\n`oz_clusters_add_relationships` and `oz_groups_create`\nprivileges are required.\n", "description": "Creates a new group belonging to the cluster of {id}.\n\nThis operation requires `cluster_add_group` privilege.\nFor administrator who does not belong to this group\n`oz_clusters_add_relationships` and `oz_groups_create`\nprivileges are required.\n\n***Example cURL requests***\n\n**Create group in cluster**\n```bash\ncurl -u username:password -X POST \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/groups\n```\n", "produces": [ "application/json" ], "responses": { "201": { "description": "URI of the added group in form https://$HOST/api/onezone/v3/clusters/{id}/groups/{gid} is returned in the response `Location` header.\n", "headers": { "Location": { "description": "URI of the created group.", "type": "string" } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Group properties.", "schema": { "$ref": "#/definitions/GroupCreateRequest" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createClusterGroup id=538ef9643ae6b9e40817e51eece7e341 name==Group2 type==team" } ] } }, "/clusters/{id}/groups/token": { "post": { "deprecated": true, "operationId": "create_cluster_group_invite_token", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(id)", "aspect": "invite_group_token" }, "x-onedata-permissions": [ "cluster_add_group", "oz_clusters_add_relationships" ], "summary": "Create cluster invite token for group", "x-bash-codegen-description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user)\n\nCreates a token allowing to add a group to a specific cluster.\n\nThis operation requires `cluster_add_group` privilege.\nor `oz_clusters_add_relationships` admin privilege.\n", "description": "This enpoint is deprecated and will be removed in future release,\nplease use one of:\n* [create named token](#operation/create_named_token_for_current_user)\n* [create temporary token](#operation/create_temporary_token_for_current_user)\n\nCreates a token allowing to add a group to a specific cluster.\n\nThis operation requires `cluster_add_group` privilege\nor `oz_clusters_add_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Create cluster invitation token for group**\n```bash\ncurl -u username:password -X POST \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/groups/token\n\n{\n \"token\": \"MDAxNmxvY0cGUgKWsjcpnrLE00RtOd2F00cGUgKWsjcpnrLE00RtOdhmnQycSICwMsugo\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The token for joining a specific cluster.", "schema": { "$ref": "#/definitions/ClusterInviteToken" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli createClusterGroupInviteToken id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/clusters/{id}/groups/{gid}": { "get": { "operationId": "get_cluster_group", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(gid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_CLUSTER(?BINDING(id))", "x-onedata-permissions": [ "cluster_view", "oz_groups_view" ], "summary": "Get cluster group details", "x-bash-codegen-description": "Returns details about a specific group in a cluster.\n\nThis operation requires `cluster_view` privilege.\nFor administrators who do not have to be members of this cluster,\n`oz_groups_view` privilege is required.\n", "description": "Returns details about a specific group in a cluster.\n\nThis operation requires `cluster_view` privilege.\nFor administrators who do not have to be members of this cluster,\n`oz_groups_view` privilege is required.\n\n***Example cURL requests***\n\n**Get cluster group details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/groups/$GROUP_ID\n\n{\n \"groupId\": \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"name\": \"new_groupX\",\n \"type\": \"team\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Details of a specific group in a cluster.", "schema": { "$ref": "#/definitions/Group" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getClusterGroup id=b752ceafabb662b4e5728b2ded25cdd1 gid=f1c8b1a37aa7447b22eb65a742d40524" } ] }, "put": { "operationId": "add_group_to_cluster", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(id)", "aspect": "{group, ?BINDING(gid)}" }, "x-onedata-permissions": [ "cluster_add_group", "cluster_set_privileges", "oz_clusters_add_relationships", "oz_groups_add_relationships", "oz_clusters_set_privileges" ], "summary": "Add group to cluster", "x-bash-codegen-description": "Adds group {gid} as member of cluster {id}. Optionally, privileges\ncan be passed in the request body, otherwise default\nprivileges will be set for the group in this cluster.\n\nThis operation requires `cluster_add_group` privilege in the cluster and\n`group_add_cluster` privilege in the group. If `privileges` are\nspecified in the request, `cluster_set_privileges` privilege is also required.\n\nFor administrator who does not belong to the group / cluster,\n`oz_groups_add_relationships` and `oz_clusters_add_relationships` privileges\nare required, and `oz_clusters_set_privileges` if `privileges` are specified\nin the request.\n", "description": "Adds group {gid} as member of cluster {id}. Optionally, privileges\ncan be passed in the request body, otherwise default\nprivileges will be set for the group in this cluster.\n\nThis operation requires `cluster_add_group` privilege in the cluster and\n`group_add_cluster` privilege in the group. If `privileges` are\nspecified in the request, `cluster_set_privileges` privilege is also required.\n\nFor administrator who does not belong to the group / cluster,\n`oz_groups_add_relationships` and `oz_clusters_add_relationships` privileges\nare required, and `oz_clusters_set_privileges` if `privileges` are specified\nin the request.\n\n***Example cURL requests***\n\n**Add group to cluster**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" -X PUT \\\n https://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/groups/$GROUP_ID\n```\n", "consumes": [ "application/json" ], "responses": { "204": { "description": "The group was added to the cluster." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/ClusterPrivileges" } } }, "required": false } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli addGroupToCluster id=b752ceafabb662b4e5728b2ded25cdd1 gid=f1c8b1a37aa7447b22eb65a742d40524" } ] }, "delete": { "operationId": "remove_cluster_group", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(id)", "aspect": "{group, ?BINDING(gid)}" }, "x-onedata-permissions": [ "cluster_remove_group", "oz_clusters_remove_relationships" ], "summary": "Remove group from cluster", "x-bash-codegen-description": "Removes a specific group from cluster.\n\nFor regular users, who belong to this cluster it requires\n`cluster_remove_group` privilege to remove a group from this cluster.\n\nFor administrators, who are not members of this cluster,\n`oz_clusters_remove_relationships` privilege is required.\n", "description": "Removes a specific group from cluster.\n\nFor regular users, who belong to this cluster it requires\n`cluster_remove_group` privilege to remove a group from this cluster.\n\nFor administrators, who are not members of this cluster,\n`oz_clusters_remove_relationships` privilege is required.\n\n***Example cURL requests***\n\n**Get cluster group details**\n```bash\ncurl -u username:password -X DELETE \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/groups/$GROUP_ID\n```\n", "responses": { "204": { "description": "A group was removed from cluster." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli removeClusterGroup id=b752ceafabb662b4e5728b2ded25cdd1 gid=f1c8b1a37aa7447b22eb65a742d40524" } ] } }, "/clusters/{id}/groups/{gid}/privileges": { "get": { "operationId": "list_group_cluster_privileges", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(id)", "aspect": "{group_privileges, ?BINDING(gid)}" }, "x-onedata-permissions": [ "cluster_view_privileges", "oz_clusters_view_privileges" ], "summary": "List group's cluster privileges", "x-bash-codegen-description": "Returns the list of group's (`{gid}`) privileges in a cluster (`{id}`).\n\nThis operation requires `cluster_view_privileges` privilege\nor `oz_clusters_view_privileges` admin privilege.\n", "description": "Returns the list of group's (`{gid}`) privileges in a cluster (`{id}`).\n\nThis operation requires `cluster_view_privileges` privilege\nor `oz_clusters_view_privileges` admin privilege.\n\n***Example cURL requests***\n\n**List groups's privileges in a cluster**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/groups/$GROUP_ID/privileges\n\n{\n \"privileges\": [\n \"cluster_view\",\n \"cluster_update\",\n \"cluster_delete\",\n \"cluster_view_privileges\",\n \"cluster_set_privileges\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of group's privileges in the cluster.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/ClusterPrivileges" } }, "example": { "privileges": [ "cluster_view", "cluster_update", "cluster_delete", "cluster_view_privileges", "cluster_set_privileges" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listGroupClusterPrivileges id=b752ceafabb662b4e5728b2ded25cdd1 gid=c44d4ab910245342be5a0a89fdff095e" } ] }, "patch": { "operationId": "update_group_cluster_privileges", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(id)", "aspect": "{group_privileges, ?BINDING(gid)}" }, "x-onedata-permissions": [ "cluster_set_privileges", "oz_clusters_set_privileges" ], "summary": "Update group's privileges in a cluster", "x-bash-codegen-description": "Updates group's (`{gid}`) privileges in a cluster (`{id}`).\n\nThis operation requires `cluster_set_privileges` privilege\nor `oz_clusters_set_privileges` admin privilege.\n", "description": "Updates group's (`{gid}`) privileges in a cluster (`{id}`).\n\nThis operation requires `cluster_set_privileges` privilege\nor `oz_clusters_set_privileges` admin privilege.\n\nThe `grant` field specifies a list of privileges to be granted. The `revoke`\nfield specifies a list of privileges to be revoked. At least one of those\nfields must be given.\n\n***Example cURL requests***\n\n**Update group's privileges in a cluster**\n```bash\ncurl -u username:password -H \"Content-type: application/json\" \\\n-d '{\"grant\": [\"cluster_view\", \"cluster_update\"], \"revoke\": [\"cluster_delete\"]}' \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/groups/$GROUP_ID/privileges\n```\n", "responses": { "204": { "description": "The privileges have been updated." }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true }, { "name": "data", "in": "body", "description": "Cluster privileges update request.", "schema": { "$ref": "#/definitions/ClusterPrivilegesUpdate" }, "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "echo '{\"grant\": [\"cluster_view\", \"cluster_update\"], \"revoke\": [\"cluster_delete\"]}' | onezone-rest-cli updateGroupClusterPrivileges id=CLUSTER_ID gid=GROUP_ID -" } ] } }, "/clusters/{id}/effective_groups": { "get": { "operationId": "list_cluster_effective_groups", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(id)", "aspect": "eff_groups" }, "x-onedata-permissions": [ "cluster_view", "oz_clusters_list_relationships" ], "summary": "List cluster's effective groups", "x-bash-codegen-description": "Returns the list of effective groups belonging to a specific cluster.\n\nThis operation requires `cluster_view` privilege\nor `oz_clusters_list_relationships` admin privilege.\n", "description": "Returns the list of effective groups belonging to a specific cluster.\n\nThis operation requires `cluster_view` privilege\nor `oz_clusters_list_relationships` admin privilege.\n\n***Example cURL requests***\n\n**Get cluster effective groups**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/effective_groups\n\n{\n \"groups\": [\n \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"8e1cea0b379e3683257c32f896d55115\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of effective group Ids that belong to a specific cluster.", "schema": { "$ref": "#/definitions/Groups" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listClusterEffectiveGroups id=b752ceafabb662b4e5728b2ded25cdd1" } ] } }, "/clusters/{id}/effective_groups/{gid}": { "get": { "operationId": "get_cluster_effective_group", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_group", "id": "?BINDING(gid)", "aspect": "instance", "scope": "shared" }, "x-onedata-auth-hint": "?THROUGH_CLUSTER(?BINDING(id))", "x-onedata-permissions": [ "cluster_view", "oz_groups_view" ], "summary": "Get cluster's effective group details", "x-bash-codegen-description": "Returns details about a specific effective group in a cluster.\n\nThis operation requires `cluster_view` privilege\nor `oz_groups_view` admin privilege.\n", "description": "Returns details about a specific effective group in a cluster.\n\nThis operation requires `cluster_view` privilege\nor `oz_groups_view` admin privilege.\n\n***Example cURL requests***\n\n**Get effective cluster group details**\n```bash\ncurl -u username:password -X GET \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/effective_groups/$GROUP_ID\n\n{\n \"groupId\": \"f1c8b1a37aa7447b22eb65a742d40524\",\n \"name\": \"new_groupX\",\n \"type\": \"team\"\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "Details of a specific group in a cluster.", "schema": { "$ref": "#/definitions/Group" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getClusterEffectiveGroup id=b752ceafabb662b4e5728b2ded25cdd1 gid=f1c8b1a37aa7447b22eb65a742d40524" } ] } }, "/clusters/{id}/effective_groups/{gid}/privileges": { "get": { "operationId": "list_effective_group_cluster_privileges", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(id)", "aspect": "{eff_group_privileges, ?BINDING(gid)}" }, "x-onedata-permissions": [ "cluster_view_privileges", "oz_clusters_view_privileges" ], "summary": "List effective group's cluster privileges", "x-bash-codegen-description": "Returns the list of effective group's (`{gid}`) privileges in a cluster (`{id}`).\n\nEffective privileges are a sum of group's privileges and privileges\ninherited from its parent group memberships.\n\nThis operation requires `cluster_view_privileges` privilege\nor `oz_clusters_view_privileges` admin privilege.\n", "description": "Returns the list of effective group's (`{gid}`) privileges in a cluster (`{id}`).\n\nEffective privileges are a sum of group's privileges and privileges\ninherited from its parent group memberships.\n\nThis operation requires `cluster_view_privileges` privilege\nor `oz_clusters_view_privileges` admin privilege.\n\n***Example cURL requests***\n\n**List effective groups's privileges in a cluster**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/effective_groups/$GROUP_ID/privileges\n\n{\n \"privileges\": [\n \"cluster_view\",\n \"cluster_update\",\n \"cluster_delete\",\n \"cluster_view_privileges\",\n \"cluster_set_privileges\"\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of effective group's privileges in the cluster.", "schema": { "type": "object", "properties": { "privileges": { "$ref": "#/definitions/ClusterPrivileges" } }, "example": { "privileges": [ "cluster_view", "cluster_update", "cluster_delete", "cluster_view_privileges", "cluster_set_privileges" ] } } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli listEffectiveGroupClusterPrivileges id=b752ceafabb662b4e5728b2ded25cdd1 gid=c44d4ab910245342be5a0a89fdff095e" } ] } }, "/clusters/{id}/effective_groups/{gid}/membership": { "get": { "operationId": "get_effective_group_cluster_membership_intermediaries", "tags": [ "Cluster" ], "x-onedata-gri": { "type": "od_cluster", "id": "?BINDING(id)", "aspect": "{eff_group_membership, ?BINDING(gid)}" }, "x-onedata-permissions": [ "cluster_view", "oz_clusters_view" ], "summary": "Get effective group's cluster membership intermediaries", "x-bash-codegen-description": "Returns the effective group's (`{gid}`) cluster membership intermediaries -\nentities from which the group inherits membership in the cluster (`{id}`).\nSpecial keyword `\"self\"` in entity id indicates that the group (`{gid}`)\nhas a direct membership in the cluster (`{id}`).\n\nThis operation requires any of the following authentication:\n* as user who is an effective member of the group (`{gid}`),\n* as user who has `cluster_view` privilege in the cluster (`{id}`),\n* as user who has `oz_clusters_view` admin privilege.\n", "description": "Returns the effective group's (`{gid}`) cluster membership intermediaries -\nentities from which the group inherits membership in the cluster (`{id}`).\nSpecial keyword `\"self\"` in entity id indicates that the group (`{gid}`)\nhas a direct membership in the cluster (`{id}`).\n\nThis operation requires any of the following authentication:\n* as user who is an effective member of the group (`{gid}`),\n* as user who has `cluster_view` privilege in the cluster (`{id}`),\n* as user who has `oz_clusters_view` admin privilege.\n\n***Example cURL requests***\n\n**Get effective group's cluster membership intermediaries**\n```bash\ncurl -u admin:password -X GET \\\nhttps://$HOST/api/v3/onezone/clusters/$CLUSTER_ID/effective_groups/$GROUP_ID/membership\n\n{\n \"intermediaries\": [\n {\"type\": \"group\", \"id\": \"95527367966a95639e93a88718450b36\"},\n {\"type\": \"group\", \"id\": \"2ef3de15fd49b3d6420f58428a6ad219\"},\n {\"type\": \"cluster\", \"id\": \"self\"}\n ]\n}\n```\n", "produces": [ "application/json" ], "responses": { "200": { "description": "The list of membership intermediaries.", "schema": { "$ref": "#/definitions/MembershipIntermediaries" } }, "400": { "description": "Invalid request.", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Authentication error.", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Authorization error.", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Resource not found.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server Error.", "schema": { "$ref": "#/definitions/Error" } } }, "parameters": [ { "name": "id", "in": "path", "description": "Cluster Id.", "type": "string", "required": true }, { "name": "gid", "in": "path", "description": "Group Id.", "type": "string", "required": true } ], "x-code-samples": [ { "lang": "Shell", "source": "onezone-rest-cli getEffectiveGroupClusterMembershipIntermediaries id=b752ceafabb662b4e5728b2ded25cdd1 gid=a5b469a2b0516b662a49da74d6d7d7bc" } ] } } }, "definitions": { "Configuration": { "description": "Public information about Onezone configuration and version.", "type": "object", "properties": { "name": { "type": "string", "description": "Onezone's name" }, "domain": { "type": "string", "description": "Onezone's cluster domain" }, "version": { "type": "string", "description": "Version of this Onezone service" }, "build": { "type": "string", "description": "Build number of this Onezone service" }, "subdomainDelegationSupported": { "type": "boolean", "description": "If true, registering Oneproviders are allowed to request subdomains of the Onezone domain for use as their domains." }, "compatibleOneproviderVersions": { "type": "array", "description": "List of compatible Oneprovider versions", "items": { "type": "string" } }, "supportedIdPs": { "type": "array", "description": "List of IdPs supported by Onezone", "items": { "type": "object", "description": "IdP details", "properties": { "id": { "type": "string", "description": "The identifier of the IdP" }, "offlineAccess": { "type": "boolean", "description": "Determines whether given IdP can be used in the offline access flow, i.e. Onezone can acquire access tokens in the IdP without the user being logged in." } } } } }, "required": [ "name", "version", "build", "subdomainDelegationSupported", "compatibleOneproviderVersions" ] }, "Error": { "type": "object", "description": "The generic error model for REST requests.", "properties": { "error": { "type": "object", "description": "Object describing an error.", "properties": { "id": { "type": "string", "description": "String identifying the error type. Does not change between error instances." }, "description": { "type": "string", "description": "Human readable error description. May contain information specific to given error instance." }, "details": { "type": "object", "x-onedata-datatype": "#{}", "description": "Details about the error instance. The object schema is specific to each error type." } }, "required": [ "id", "description" ] } }, "required": [ "error" ], "example": { "error": { "id": "badValueString", "details": { "key": "name" }, "description": "Bad value: provided \"name\" must be a string." } } }, "VersionInfo": { "type": "object", "description": "Service version info.", "properties": { "release": { "type": "string", "description": "Release version." }, "build": { "type": "string", "description": "Build number." }, "gui": { "type": "string", "description": "GUI version indicated by a SHA256 hash." } }, "required": [ "release", "build", "gui" ], "example": { "release": "20.02.13", "build": "1-gfabf02d", "gui": "68e7e1472adb719ddf2d88908775091dfb10e5d0b916f06125ea1af4056044e3" } }, "Subject": { "type": "object", "description": "Object representing a subject in the system, can be perceived as client (actor) identity.\n", "properties": { "type": { "type": "string", "description": "Type of the subject", "enum": [ "nobody", "user", "oneprovider" ] }, "id": { "type": "string", "description": "Id of the subject (`null` for nobody)" } } }, "Timestamp": { "type": "integer", "description": "Timestamp in seconds (UNIX epoch), e.g. `1563819329`." }, "User": { "type": "object", "description": "Describes a user account (info available to collaborators).", "properties": { "userId": { "type": "string", "description": "Unique user Id." }, "fullName": { "type": "string", "description": "User's full name (given names + surname)." }, "username": { "type": "string", "description": "User's human-readable identifier, unique across the system. Makes it easier to identify the user and can be used for signing in with password.\n" }, "creationTime": { "$ref": "#/definitions/Timestamp" } }, "required": [ "userId", "fullName", "username", "creationTime" ], "example": { "userId": "f1c8b1a37aa7447b22eb65a742d40524", "fullName": "Rudolf Lingens", "username": "r.lingens", "creationTime": 1576152793 } }, "UserCreateRequest": { "type": "object", "description": "User create request.", "properties": { "fullName": { "type": "string", "description": "User's full name (given names + surname)." }, "username": { "type": "string", "description": "User's human-readable identifier, unique across the system. Makes it easier to identify the user and can be used for signing in with password.\n" }, "password": { "type": "string", "description": "User's password (in plaintext)." } }, "example": { "fullName": "Rudolf Lingens", "username": "r.lingens", "password": "lS1c6FD2mxB2ff" } }, "UserProtectedInfo": { "type": "object", "description": "Describes a user account (protected info).", "properties": { "userId": { "type": "string", "description": "Unique user Id." }, "fullName": { "type": "string", "description": "User's full name (given names + surname)." }, "username": { "type": "string", "description": "User's human-readable identifier, unique across the system. Makes it easier to identify the user and can be used for signing in with password.\n" }, "linkedAccounts": { "type": "array", "description": "The list of accounts linked to this user.", "items": { "$ref": "#/definitions/LinkedAccount" } }, "emails": { "type": "array", "items": { "type": "string" } }, "basicAuthEnabled": { "type": "boolean", "description": "Denotes if this user is allowed to authenticate with username & password." }, "blocked": { "type": "boolean", "description": "Denotes if this user's account has been blocked by the administrators." }, "creationTime": { "$ref": "#/definitions/Timestamp" } }, "required": [ "userId", "fullName", "username", "linkedAccounts", "emails", "basicAuthEnabled", "blocked", "creationTime" ], "example": { "userId": "f1c8b1a37aa7447b22eb65a742d40524", "fullName": "Rudolf Lingens", "username": "r.lingens", "linkedAccounts": [ { "idp": "github", "subjectId": "1978f5775ae2dc16730418bf3fc81764" }, { "idp": "elixir", "subjectId": "38bf3fc2f4c16730481764bd775ae2d1" } ], "emails": [ "rudolf.lingens@example.com", "john.doe@example.com" ], "basicAuthEnabled": false, "blocked": false, "creationTime": 1576152793 } }, "UserUpdateRequest": { "type": "object", "description": "User update request message.", "properties": { "fullName": { "type": "string", "description": "User's full name (given names + surname)." }, "username": { "type": "string", "description": "User's human-readable identifier, unique across the system. Makes it easier to identify the user and can be used for signing in with password.\n" } }, "example": { "fullName": "Rudolf Lingens", "username": "r.lingens" } }, "UserPasswordUpdate": { "type": "object", "description": "User password change request.", "properties": { "oldPassword": { "type": "string", "description": "The old user's password (in plaintext) or null if it was never set." }, "newPassword": { "type": "string", "description": "The new user's password (in plaintext)." } }, "example": { "oldPassword": "7bNN89d453za62", "newPassword": "lS1c6FD2mxB2ff" } }, "UserBasicAuthSettingsUpdate": { "type": "object", "description": "User basic auth settings modification request.", "properties": { "basicAuthEnabled": { "type": "boolean", "description": "Toggles authentication with username & password for given user." }, "newPassword": { "type": "string", "description": "New user's password to overwrite the old one." } }, "example": { "basicAuthEnabled": true, "newPassword": "lS1c6FD2mxB2ff" } }, "UserAccessBlockUpdate": { "type": "object", "description": "User access block modification request.", "properties": { "blocked": { "type": "boolean", "description": "Toggles access block for given user." } }, "example": { "blocked": true } }, "IdPAccessToken": { "type": "object", "description": "IdP Access token.", "properties": { "token": { "type": "string", "description": "The access token." }, "ttl": { "type": "integer", "description": "Time to live of the token (in seconds)." } }, "required": [ "token", "ttl" ], "example": { "token": "5fc7f98122413e93fc9acbc2cd804961a24501b5820ca6cd3e35b844da9e73b1", "ttl": 3597 } }, "Users": { "type": "object", "description": "List of users.", "properties": { "users": { "type": "array", "description": "The list of user Ids.", "items": { "type": "string" } } }, "required": [ "users" ], "example": { "users": [ "1d24c36707d99197c6cd995810a43aca", "6825604b0eb6a47b8b7a04b6369eb24d" ] } }, "Groups": { "type": "object", "description": "List of groups.", "properties": { "groups": { "type": "array", "description": "The list of group Ids.", "items": { "type": "string" } } }, "required": [ "groups" ], "example": { "groups": [ "1d24c36707d99197c6cd995810a43aca", "6825604b0eb6a47b8b7a04b6369eb24d" ] } }, "Shares": { "type": "object", "description": "List of shares.", "properties": { "shares": { "type": "array", "description": "The list of share Ids.", "items": { "type": "string" } } }, "required": [ "shares" ], "example": { "shares": [ "1d24c36707d99197c6cd995810a43aca", "6825604b0eb6a47b8b7a04b6369eb24d" ] } }, "ProviderRegistrationToken": { "type": "object", "description": "Provider registration token.", "properties": { "token": { "type": "string", "description": "The token for registering a new provider." } }, "required": [ "token" ], "example": { "token": "JKAxNWxvY2F0aW9uIG9uZXpvbmUKMDAzYmlkZW50aWZpZXIgOEhmSEFSSGdrbHFCa1pWSTRsNk1CVHZTU3Z0OThwcHA2OTQ4czhRN1NPawowMDFhY2lkIHRpbWUgPCAxNDk2MTQwMTQ0CjAwMmZzaWduYXR1cmUg88OI1d24c36707d99197c6cd995810a43aca" } }, "ProviderRegistrationRequest": { "type": "object", "description": "Oneprovider registration request.", "properties": { "token": { "type": "string", "description": "Token for registering a new Oneprovider.\n" }, "name": { "type": "string", "description": "Oneprovider name." }, "subdomainDelegation": { "type": "boolean", "description": "If enabled, the Oneprovider will be assigned a subdomain in onezone's domain and 'subdomain' property must be provided. If disabled, 'domain' property should be provided.\n" }, "subdomain": { "type": "string", "description": "Unique subdomain in onezone's domain for the Oneprovider. Required if subdomain delegation is enabled.\n" }, "domain": { "type": "string", "description": "The fully qualified domain name of the Oneprovider or its IP address (only for single-node deployments or clusters with a reverse proxy). Required if subdomain delegation is disabled.\n" }, "latitude": { "type": "number", "x-erlang-type": "float", "description": "The geographical latitude of the Oneprovider's data center location." }, "longitude": { "type": "number", "x-erlang-type": "float", "description": "The geographical longitude of the Oneprovider's data center location." } }, "required": [ "name", "subdomainDelegation", "token" ], "example": { "token": "MDAxNmxvY2F00aW9uIHJlZ2lzdHJ5CjAwM2JpZGVudGlmaW", "name": "Example provider", "subdomainDelegation": false, "domain": "provider2.example.com", "latitude": 50.0647, "longitude": 19.945 } }, "ProviderUpdateRequest": { "type": "object", "description": "Provider settings update request.", "properties": { "name": { "type": "string", "description": "Provider name." }, "latitude": { "type": "number", "x-erlang-type": "float", "description": "The geographical latitude of the provider data center location." }, "longitude": { "type": "number", "x-erlang-type": "float", "description": "The geographical longitude of the provider data center location." } }, "example": { "name": "Example provider" } }, "ProviderRegistrationResponse": { "type": "object", "description": "Response upon successful Oneprovider registration.", "properties": { "providerId": { "description": "The Id of the newly registered provider.", "type": "string" }, "providerRootToken": { "description": "The Oneprovider root token - bearing its identity and full authorization.", "type": "string" }, "adminUserId": { "description": "The Id of the Onezone user that is linked to the Oneprovider panel admin account.", "type": "string" } } }, "ProviderDetails": { "type": "object", "description": "Oneprovider properties.", "properties": { "providerId": { "type": "string", "description": "The Oneprovider Id." }, "name": { "type": "string", "description": "Oneprovider name." }, "domain": { "type": "string", "description": "The fully qualified domain name of the Oneprovider or its IP address (only for single-node deployments or clusters with a reverse proxy).\n" }, "latitude": { "type": "number", "description": "The geographical latitude of the Oneprovider's data center location." }, "longitude": { "type": "number", "description": "The geographical longitude of the Oneprovider's data center location." }, "clusterId": { "type": "string", "description": "The Id of the corresponding Oneprovider cluster." }, "online": { "type": "boolean", "description": "True if this Oneprovider is online - connected to Onezone." }, "creationTime": { "$ref": "#/definitions/Timestamp" } }, "required": [ "providerId", "name", "domain", "latitude", "longitude", "clusterId", "online", "creationTime" ], "example": { "providerId": "6b9bc70630547d925861a27e1f050dfe", "name": "Example provider", "domain": "provider1.example.com", "latitude": 50.0647, "longitude": 19.945, "clusterId": "6b9bc70630547d925861a27e1f050dfe", "online": true, "creationTime": 1576152793 } }, "ProviderDomainConfig": { "type": "object", "description": "Provider's domain config.", "properties": { "subdomainDelegation": { "description": "True if this Oneprovider has been assigned a subdomain in Onezone's domain.\n", "type": "boolean" }, "domain": { "description": "The fully qualified domain name of the Oneprovider or its IP address (only for single-node deployments or clusters with a reverse proxy).\n", "type": "string" }, "subdomain": { "description": "Unique subdomain in Onezone's domain for the Oneprovider. Applicable if subdomain delegation is enabled, null otherwise.\n", "type": "string" }, "ipList": { "description": "The list of IP addresses advertised by Onezone on behalf of the Oneprovider. Applicable if subdomain delegation is enabled, empty list otherwise.\n", "type": "array", "items": { "type": "string" } } }, "example": { "subdomainDelegation": true, "domain": "provider1.onezone.example.com", "subdomain": "provider1", "ipList": [ "172.17.0.1", "172.17.0.2", "172.17.0.3" ] } }, "Space": { "type": "object", "description": "Space parameters.", "properties": { "spaceId": { "type": "string", "description": "Unique Id of the space." }, "name": { "type": "string", "description": "The name of the space." }, "providers": { "type": "object", "description": "A map of provider Ids supporting this space and corresponding size of provisioned storage in bytes.\n", "additionalProperties": { "type": "integer", "description": "Size of storage provisioned for this space by provider.\n" } }, "creator": { "$ref": "#/definitions/Subject" }, "creationTime": { "$ref": "#/definitions/Timestamp" } }, "required": [ "spaceId", "name", "providers", "creator", "creationTime" ], "example": { "spaceId": "2c0160248ba9a66f45da751ca459535a", "name": "My Private space", "providers": { "296ebe3c20e9666dc489b647f8647f12": 5368709120, "dcf12429647c204896eebe3b6f686967": 14400000 }, "creator": { "type": "user", "id": "7434b256e71e1052e0d5e3e9da657ebf" }, "creationTime": 1576152793 } }, "SpaceStats": { "type": "object", "description": "Space statistics.", "properties": { "syncProgressPerProvider": { "type": "object", "description": "The map of provider Ids supporting this space and corresponding sync progress of the provider.\n", "additionalProperties": { "$ref": "#/definitions/ProviderSyncProgress" } } }, "required": [ "syncProgressPerProvider" ], "example": { "syncProgressPerProvider": { "296ebe3c20e9666dc489b647f8647f12": { "296ebe3c20e9666dc489b647f8647f12": { "seq": 1450, "timestamp": 1571147494 }, "dcf12429647c204896eebe3b6f686967": { "seq": 49870, "timestamp": 1563819329 } }, "dcf12429647c204896eebe3b6f686967": { "296ebe3c20e9666dc489b647f8647f12": { "seq": 1390, "timestamp": 1570525418 }, "dcf12429647c204896eebe3b6f686967": { "seq": 50312, "timestamp": 1575049210 } } } } }, "SpaceCreateRequest": { "type": "object", "description": "New space parameters.", "properties": { "name": { "type": "string", "description": "The name of the space." } }, "required": [ "name" ], "example": { "name": "My Private space" } }, "SpaceSupportToken": { "type": "object", "description": "Space support token for provider.", "properties": { "token": { "type": "string", "description": "The token for supporting a space." } }, "required": [ "token" ], "example": { "token": "JKAxNWxvY2F0aW9uIG9uZXpvbmUKMDAzYmlkZW50aWZpZXIgOEhmSEFSSGdrbHFCa1pWSTRsNk1CVHZTU3Z0OThwcHA2OTQ4czhRN1NPawowMDFhY2lkIHRpbWUgPCAxNDk2MTQwMTQ0CjAwMmZzaWduYXR1cmUg88OI1d24c36707d99197c6cd995810a43aca" } }, "Tokens": { "type": "object", "description": "List of token ids.", "properties": { "tokens": { "type": "array", "description": "List of token ids.", "items": { "type": "string" } } }, "required": [ "tokens" ], "example": { "tokens": [ "2b5d0dd5aa6443a69277b5ce0544fec2", "818bf8d4404c2bcee2b47f024f6c0890", "4a5e5dabcd55e03f1e9237eeca2548ff", "81336b59656653a481d1e65168f3f213" ] } }, "NamedToken": { "type": "object", "description": "Named token details.", "properties": { "id": { "$ref": "#/definitions/TokenPropertyId" }, "name": { "$ref": "#/definitions/TokenPropertyName" }, "subject": { "$ref": "#/definitions/TokenPropertySubject" }, "type": { "$ref": "#/definitions/TokenPropertyTokenType" }, "caveats": { "$ref": "#/definitions/TokenPropertyCaveats" }, "metadata": { "$ref": "#/definitions/TokenPropertyMetadata" }, "revoked": { "$ref": "#/definitions/TokenPropertyRevoked" }, "token": { "$ref": "#/definitions/SerializedToken" } }, "example": { "id": "2b5d0dd5aa6443a69277b5ce0544fec2", "name": "my-token-1", "subject": { "type": "user", "id": "1b510f18b3b05611871c0acdffa9aed4" }, "type": { "inviteToken": { "inviteType": "userJoinCluster", "clusterId": "fb73f7ceff5abd995357abbe01c812ce" } }, "caveats": [ { "type": "time", "validUntil": 1571147494 }, { "type": "ip", "whitelist": [ "189.34.15.0/8", "127.0.0.0/24", "167.73.12.17" ] } ], "metadata": { "creationTime": 1564721024, "usageLimit": 15, "usageCount": 3, "privileges": [ "space_view", "space_read_data", "space_view_views", "space_view_statistics" ], "custom": { "jobName": "experiment-15", "vm": "worker156.cloud.local" } }, "revoked": false, "token": "MDAxNWxvY2F0aW9uIG9uZXpvbmUKMDAzYmlkZW50aWZpZXIgOEhmSEFSSGdrbHFCa1pWSTR" } }, "NamedTokenStatus": { "type": "object", "description": "Named token status.", "properties": { "revoked": { "$ref": "#/definitions/TokenPropertyRevoked" } }, "required": [ "revoked" ], "example": { "revoked": false } }, "ExaminedToken": { "type": "object", "description": "Inferred token details.", "properties": { "onezoneDomain": { "$ref": "#/definitions/TokenPropertyOnezoneDomain" }, "id": { "$ref": "#/definitions/TokenPropertyId" }, "persistence": { "$ref": "#/definitions/TokenPropertyPersistence" }, "subject": { "$ref": "#/definitions/TokenPropertySubject" }, "type": { "$ref": "#/definitions/TokenPropertyTokenType" }, "caveats": { "$ref": "#/definitions/TokenPropertyCaveats" } }, "example": { "onezoneDomain": "onezone.example.com", "id": "2b5d0dd5aa6443a69277b5ce0544fec2", "persistence": "named", "subject": { "type": "user", "id": "1b510f18b3b05611871c0acdffa9aed4" }, "type": { "inviteToken": { "inviteType": "userJoinCluster", "clusterId": "fb73f7ceff5abd995357abbe01c812ce" } }, "caveats": [ { "type": "time", "validUntil": 1571147494 }, { "type": "ip", "whitelist": [ "189.34.15.0/8", "127.0.0.0/24", "167.73.12.17" ] } ] } }, "NamedTokenUpdateRequest": { "type": "object", "description": "Named token update request.", "properties": { "name": { "$ref": "#/definitions/TokenPropertyName" }, "customMetadata": { "$ref": "#/definitions/TokenPropertyCustomMetadata" }, "revoked": { "$ref": "#/definitions/TokenPropertyRevoked" } }, "example": { "name": "My secret Token", "customMetadata": { "jobName": "experiment-15", "vm": "worker156.cloud.local" }, "revoked": true } }, "NamedTokenCreateRequest": { "type": "object", "description": "Named token create request.", "properties": { "name": { "$ref": "#/definitions/TokenPropertyName" }, "type": { "$ref": "#/definitions/TokenPropertyTokenType" }, "caveats": { "$ref": "#/definitions/TokenPropertyCaveats" }, "customMetadata": { "$ref": "#/definitions/TokenPropertyCustomMetadata" }, "revoked": { "$ref": "#/definitions/TokenPropertyRevoked" }, "privileges": { "$ref": "#/definitions/InviteTokenPropertyPrivileges" }, "usageLimit": { "$ref": "#/definitions/InviteTokenPropertyUsageLimit" } }, "required": [ "name" ], "example": { "name": "New Token", "type": { "inviteToken": { "inviteType": "userJoinCluster", "clusterId": "fb73f7ceff5abd995357abbe01c812ce" } }, "caveats": [ { "type": "time", "validUntil": 1571147494 }, { "type": "ip", "whitelist": [ "189.34.15.0/8", "127.0.0.0/24", "167.73.12.17" ] } ], "customMetadata": { "jobName": "experiment-15", "vm": "worker156.cloud.local" }, "revoked": false, "privileges": [ "cluster_view", "cluster_update", "cluster_delete", "cluster_view_privileges", "cluster_set_privileges" ], "usageLimit": 15 } }, "NamedTokenCreateResponse": { "type": "object", "description": "Named token id and serialized form.", "properties": { "tokenId": { "$ref": "#/definitions/TokenPropertyId" }, "token": { "$ref": "#/definitions/SerializedToken" } }, "required": [ "tokenId", "token" ], "example": { "tokenId": "2b5d0dd5aa6443a69277b5ce0544fec2", "token": "MDAxNWxvY2F0aW9uIG9uZXpvbmUKMDAzYmlkZW50aWZpZXIgOEhmSEFSSGdrbHFCa1pWSTR" } }, "TemporaryTokenCreateRequest": { "type": "object", "description": "Temporary token create request.", "properties": { "type": { "$ref": "#/definitions/TokenPropertyTokenType" }, "caveats": { "$ref": "#/definitions/TokenPropertyCaveats" } }, "example": { "type": { "inviteToken": { "inviteType": "userJoinCluster", "clusterId": "fb73f7ceff5abd995357abbe01c812ce" } }, "caveats": [ { "type": "time", "validUntil": 1571147494 }, { "type": "ip", "whitelist": [ "189.34.15.0/8", "127.0.0.0/24", "167.73.12.17" ] } ] } }, "TemporaryTokenGeneration": { "type": "object", "description": "Object containing the current temporary token generation.", "properties": { "generation": { "type": "integer", "description": "Current temporary token generation" } }, "required": [ "generation" ], "example": { "generation": 3 } }, "VerifyAccessTokenRequest": { "type": "object", "description": "Verify access token request.", "properties": { "token": { "$ref": "#/definitions/SerializedToken" }, "peerIp": { "type": "string", "description": "The IP address of the token bearer.", "example": "38.190.241.12" }, "serviceToken": { "$ref": "#/definitions/SerializedToken", "description": "Identity token of the service that is processing the token being verified.\n" }, "consumerToken": { "$ref": "#/definitions/SerializedToken", "description": "Identity token of the consumer that wishes to use the token being verified.\n" }, "interface": { "type": "string", "enum": [ "rest", "oneclient", "graphsync" ], "description": "The interface to which the token bearer has connected as seen by the verifying party." }, "allowDataAccessCaveats": { "type": "boolean", "description": "Indication if verifying party allows data access caveats in the token.", "default": false } }, "required": [ "token" ], "example": { "token": "MDAxNmxvY2F00aW9uIHJlZ2lzdHJ5CjAwM2JpZGVudGlmaW", "peerIp": "38.190.241.12", "serviceToken": "JKzmG9uZXpvbmUKMDAzYmlkZW50aWZpZXIgOEhmSEFSSGdr", "consumerToken": "MDAzYmlkZW50aWZpZXIgOEhmSEFSSGdrbHFCa1pWSTRsNk5", "interface": "rest", "allowDataAccessCaveats": false } }, "VerifyIdentityTokenRequest": { "type": "object", "description": "Verify identity token request.", "properties": { "token": { "$ref": "#/definitions/SerializedToken" }, "peerIp": { "type": "string", "description": "The IP address of the token bearer.", "example": "38.190.241.12" }, "consumerToken": { "$ref": "#/definitions/SerializedToken", "description": "Identity token of the consumer that wishes to use the token being verified.\n" }, "interface": { "type": "string", "enum": [ "rest", "oneclient", "graphsync" ], "description": "The interface to which the token bearer has connected as seen by the verifying party." } }, "required": [ "token" ], "example": { "token": "MDAxNmxvY2F00aW9uIHJlZ2lzdHJ5CjAwM2JpZGVudGlmaW", "peerIp": "38.190.241.12", "consumerToken": "MDAzYmlkZW50aWZpZXIgOEhmSEFSSGdrbHFCa1pWSTRsNk5", "interface": "rest" } }, "VerifyInviteTokenRequest": { "type": "object", "description": "Verify token request.", "properties": { "token": { "$ref": "#/definitions/SerializedToken" }, "peerIp": { "type": "string", "description": "The IP address of the token bearer.", "example": "38.190.241.12" }, "consumerToken": { "$ref": "#/definitions/SerializedToken", "description": "Identity token of the consumer that wishes to use the token being verified.\n" }, "expectedInviteType": { "type": "string", "description": "Expected type of the invite token - verification will not succeed if it\ndoes not match the actual invite token type.\n", "enum": [ "userJoinGroup", "groupJoinGroup", "userJoinSpace", "groupJoinSpace", "supportSpace", "harvesterJoinSpace", "registerOneprovider", "userJoinCluster", "groupJoinCluster", "userJoinHarvester", "groupJoinHarvester", "spaceJoinHarvester" ] } }, "required": [ "token" ], "example": { "token": "MDAxNmxvY2F00aW9uIHJlZ2lzdHJ5CjAwM2JpZGVudGlmaW", "peerIp": "38.190.241.12", "consumerToken": "MDAzYmlkZW50aWZpZXIgOEhmSEFSSGdrbHFCa1pWSTRsNk5", "expectedInviteType": "userJoinGroup" } }, "VerifyTokenResponse": { "type": "object", "description": "Verify token response", "properties": { "subject": { "$ref": "#/definitions/TokenPropertySubject" }, "ttl": { "type": "integer", "description": "Token's TTL in seconds (or null if infinite)", "example": 3600 } }, "required": [ "subject", "ttl" ], "example": { "subject": { "type": "user", "id": "1b510f18b3b05611871c0acdffa9aed4" }, "ttl": 3600 } }, "SerializedToken": { "type": "string", "description": "The token in serialized form.", "example": "MDAxNWxvY2F0aW9uIG9uZXpvbmUKMDAzYmlkZW50aWZpZXIgOEhmSEFSSGdrbHFCa1pWSTR" }, "TokenPropertyName": { "type": "string", "description": "Token name (unique for subject user/provider)" }, "TokenPropertyOnezoneDomain": { "type": "string", "description": "Domain of the Onezone service that issued the token." }, "TokenPropertyId": { "type": "string", "description": "Unique identifier of the token" }, "TokenPropertyPersistence": { "type": "string", "description": "Determines if the token is persistent (named) or not (temporary).", "enum": [ "named", "temporary" ] }, "TokenPropertySubject": { "type": "object", "description": "The subject of the token - the user or Oneprovider in whose name the token was issued. The bearer (consumer) of the token adopts the subject's identity when accessing services with that token.\n", "properties": { "type": { "type": "string", "description": "Type of the subject", "enum": [ "user", "oneprovider" ] }, "id": { "type": "string", "description": "Id of the subject" } } }, "TokenPropertyTokenType": { "type": "object", "description": "The type of the token (object)", "enum": [ "{accessToken: {}}", "{identityToken: {}}", "{inviteToken: {\"...\": \"...\"}}" ], "properties": { "accessToken": { "type": "object", "description": "Indicates the access token type - currently has no parameters (empty object)", "properties": {} }, "identityToken": { "type": "object", "description": "Indicates the identity token type - currently has no parameters (empty object)", "properties": {} }, "inviteToken": { "$ref": "#/definitions/InviteToken" } } }, "TokenPropertyCaveats": { "type": "array", "description": "A list of caveats that confine the token.", "items": { "$ref": "#/definitions/Caveat" } }, "TokenPropertyMetadata": { "type": "object", "description": "Metadata describing the token", "properties": { "creationTime": { "$ref": "#/definitions/Timestamp" }, "usageLimit": { "description": "(Invite tokens only) limits how many times the token can be consumed - can be a positive integer or the literal string \"infinity\"\n" }, "usageCount": { "type": "integer", "description": "(Invite tokens only) informs how many times the token has been consumed so far\n" }, "privileges": { "type": "array", "description": "(Invite tokens only) the list of privileges that will be granted to the joining user/group upon token consumption\n", "items": { "type": "string" } }, "custom": { "$ref": "#/definitions/TokenPropertyCustomMetadata" } } }, "TokenPropertyCustomMetadata": { "type": "object", "description": "Arbitrary user metadata (JSON) attached to the token" }, "TokenPropertyRevoked": { "type": "boolean", "description": "Determines if this token is revoked (cannot be used) - can be toggled at will" }, "InviteTokenPropertyPrivileges": { "type": "array", "description": "A list of privileges that will be granted to the user that consumes the invite token. NOTE that this parameter is recognized only if the token type is invite token and the invitation target supports member privileges. The privileges must be valid for given invite token type (for example, group privileges for `userJoinGroup` type).\n", "items": { "type": "string" } }, "InviteTokenPropertyUsageLimit": { "type": "integer", "description": "Usage limit for an invite token (positive integer) or `\"infinity\"`. NOTE that this parameter is recognized only if the token type is invite token." }, "InviteToken": { "type": "object", "description": "Indicates the invite token type.", "discriminator": "inviteType", "x-onedata-oneof": true, "x-onedata-subclasses": [ "userJoinGroup", "groupJoinGroup", "userJoinSpace", "groupJoinSpace", "supportSpace", "harvesterJoinSpace", "registerOneprovider", "userJoinCluster", "groupJoinCluster", "userJoinHarvester", "groupJoinHarvester", "spaceJoinHarvester" ], "properties": { "inviteType": { "type": "string", "description": "Type of invitation" } }, "required": [ "inviteType" ] }, "userJoinGroup": { "allOf": [ { "$ref": "#/definitions/InviteToken" }, { "type": "object", "properties": { "inviteType": { "type": "string", "enum": [ "userJoinGroup" ], "x-discriminator-value": "userJoinGroup", "description": "Invite token type - invitation for a user to join a group." }, "groupId": { "type": "string", "description": "Id of the invitation target group" } } } ], "required": [ "inviteType", "groupId" ], "example": { "inviteType": "userJoinGroup", "groupId": "0921135ee61fe53a3df449365228e9b4" } }, "groupJoinGroup": { "allOf": [ { "$ref": "#/definitions/InviteToken" }, { "type": "object", "properties": { "inviteType": { "type": "string", "enum": [ "groupJoinGroup" ], "x-discriminator-value": "groupJoinGroup", "description": "Invite token type - invitation for a group to join a group." }, "groupId": { "type": "string", "description": "Id of the invitation target group" } } } ], "required": [ "inviteType", "groupId" ], "example": { "inviteType": "groupJoinGroup", "groupId": "0921135ee61fe53a3df449365228e9b4" } }, "userJoinSpace": { "allOf": [ { "$ref": "#/definitions/InviteToken" }, { "type": "object", "properties": { "inviteType": { "type": "string", "enum": [ "userJoinSpace" ], "x-discriminator-value": "userJoinSpace", "description": "Invite token type - invitation for a user to join a space." }, "spaceId": { "type": "string", "description": "Id of the invitation target space" } } } ], "required": [ "inviteType", "spaceId" ], "example": { "inviteType": "userJoinSpace", "spaceId": "1b29cf9ea2f540e7c0874d7d09976b23" } }, "groupJoinSpace": { "allOf": [ { "$ref": "#/definitions/InviteToken" }, { "type": "object", "properties": { "inviteType": { "type": "string", "enum": [ "groupJoinSpace" ], "x-discriminator-value": "groupJoinSpace", "description": "Invite token type - invitation for a group to join a space." }, "spaceId": { "type": "string", "description": "Id of the invitation target space" } } } ], "required": [ "inviteType", "spaceId" ], "example": { "inviteType": "groupJoinSpace", "spaceId": "1b29cf9ea2f540e7c0874d7d09976b23" } }, "supportSpace": { "allOf": [ { "$ref": "#/definitions/InviteToken" }, { "type": "object", "properties": { "inviteType": { "type": "string", "enum": [ "supportSpace" ], "x-discriminator-value": "supportSpace", "description": "Invite token type - invitation for a provider to support a space." }, "spaceId": { "type": "string", "description": "Id of the space to be supported" }, "parameters": { "$ref": "#/definitions/SupportParameters", "description": "Space support parameters - optional, default to `dataWrite = global`\nand `metadataReplication = eager`.\n" } } } ], "required": [ "inviteType", "spaceId" ], "example": { "inviteType": "supportSpace", "spaceId": "d4f5876dbe7f1e7e8a511de6dd31144b", "parameters": { "dataWrite": "global", "metadataReplication": "eager" } } }, "harvesterJoinSpace": { "allOf": [ { "$ref": "#/definitions/InviteToken" }, { "type": "object", "properties": { "inviteType": { "type": "string", "enum": [ "harvesterJoinSpace" ], "x-discriminator-value": "harvesterJoinSpace", "description": "Invite token type - invitation for a harvester to join a space (become a sink for metadata).\n" }, "spaceId": { "type": "string", "description": "Id of the invitation target space" } } } ], "required": [ "inviteType", "spaceId" ], "example": { "inviteType": "harvesterJoinSpace", "spaceId": "d4f5876dbe7f1e7e8a511de6dd31144b" } }, "registerOneprovider": { "allOf": [ { "$ref": "#/definitions/InviteToken" }, { "type": "object", "properties": { "inviteType": { "type": "string", "enum": [ "registerOneprovider" ], "x-discriminator-value": "registerOneprovider", "description": "Invite token type - invitation for a user to register a new Oneprovider." }, "adminUserId": { "type": "string", "description": "Id of the user to become an admin of the newly registered Oneprovider" } } } ], "required": [ "inviteType", "adminUserId" ], "example": { "inviteType": "registerOneprovider", "adminUserId": "d4f5876dbe7f1e7e8a511de6dd31144b" } }, "userJoinCluster": { "allOf": [ { "$ref": "#/definitions/InviteToken" }, { "type": "object", "properties": { "inviteType": { "type": "string", "enum": [ "userJoinCluster" ], "x-discriminator-value": "userJoinCluster", "description": "Invite token type - invitation for a user to join a cluster." }, "clusterId": { "type": "string", "description": "Id of the invitation target cluster" } } } ], "required": [ "inviteType", "clusterId" ], "example": { "inviteType": "userJoinCluster", "clusterId": "d4f5876dbe7f1e7e8a511de6dd31144b" } }, "groupJoinCluster": { "allOf": [ { "$ref": "#/definitions/InviteToken" }, { "type": "object", "properties": { "inviteType": { "type": "string", "enum": [ "groupJoinCluster" ], "x-discriminator-value": "groupJoinCluster", "description": "Invite token type - invitation for a group to join a cluster." }, "clusterId": { "type": "string", "description": "Id of the invitation target cluster" } } } ], "required": [ "inviteType", "clusterId" ], "example": { "inviteType": "groupJoinCluster", "clusterId": "d4f5876dbe7f1e7e8a511de6dd31144b" } }, "userJoinHarvester": { "allOf": [ { "$ref": "#/definitions/InviteToken" }, { "type": "object", "properties": { "inviteType": { "type": "string", "enum": [ "userJoinHarvester" ], "x-discriminator-value": "userJoinHarvester", "description": "Invite token type - invitation for a user to join a harvester." }, "harvesterId": { "type": "string", "description": "Id of the invitation target harvester" } } } ], "required": [ "inviteType", "harvesterId" ], "example": { "inviteType": "userJoinHarvester", "harvesterId": "8c64eec93fac95822e90dd144b5ea0a5" } }, "groupJoinHarvester": { "allOf": [ { "$ref": "#/definitions/InviteToken" }, { "type": "object", "properties": { "inviteType": { "type": "string", "enum": [ "groupJoinHarvester" ], "x-discriminator-value": "groupJoinHarvester", "description": "Invite token type - invitation for a group to join a harvester." }, "harvesterId": { "type": "string", "description": "Id of the invitation target harvester" } } } ], "required": [ "inviteType", "harvesterId" ], "example": { "inviteType": "groupJoinHarvester", "harvesterId": "8c64eec93fac95822e90dd144b5ea0a5" } }, "spaceJoinHarvester": { "allOf": [ { "$ref": "#/definitions/InviteToken" }, { "type": "object", "properties": { "inviteType": { "type": "string", "enum": [ "spaceJoinHarvester" ], "x-discriminator-value": "spaceJoinHarvester", "description": "Invite token type - invitation for a space to join a harvester (become a source of metadata).\n" }, "harvesterId": { "type": "string", "description": "Id of the invitation target harvester" } } } ], "required": [ "inviteType", "harvesterId" ], "example": { "inviteType": "spaceJoinHarvester", "harvesterId": "8c64eec93fac95822e90dd144b5ea0a5" } }, "Caveat": { "type": "object", "description": "Caveat specification.", "discriminator": "type", "x-onedata-oneof": true, "x-onedata-subclasses": [ "time", "ip", "asn", "geo.country", "geo.region", "service", "consumer", "interface", "api", "data.readonly", "data.path", "data.objectid" ], "properties": { "type": { "type": "string" } }, "required": [ "type" ] }, "time": { "allOf": [ { "$ref": "#/definitions/Caveat" }, { "type": "object", "properties": { "type": { "type": "string", "enum": [ "time" ], "x-discriminator-value": "time", "description": "Time caveat - limits the token's validity in time.\n\nYou can learn more about token caveats\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[token-caveats].html).\n" }, "validUntil": { "$ref": "#/definitions/Timestamp", "description": "Timestamp in seconds (UNIX epoch) when the token expires.\n\nExample:\n```json\n {\n \"type\": \"time\",\n \"validUntil\": 1571147494\n }\n```\n" } } } ], "required": [ "type", "validUntil" ], "example": { "type": "time", "validUntil": 1571147494 } }, "ip": { "allOf": [ { "$ref": "#/definitions/Caveat" }, { "type": "object", "properties": { "type": { "type": "string", "enum": [ "ip" ], "x-discriminator-value": "ip", "description": "IP caveat - limits the allowed client IPs to a certain whitelist (masks are supported).\n\nYou can learn more about token caveats\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[token-caveats].html).\n" }, "whitelist": { "type": "array", "items": { "type": "string" }, "description": "List of IPs or masks that are allowed to utilize the token.\n\nExample:\n```json\n {\n \"type\": \"ip\",\n \"whitelist\": [\n \"189.34.15.0/24\",\n \"127.0.0.0/8\",\n \"167.73.12.17\"\n ]\n }\n```\n" } } } ], "required": [ "type", "whitelist" ], "example": { "type": "ip", "whitelist": [ "189.34.15.0/24", "127.0.0.0/8", "167.73.12.17" ] } }, "asn": { "allOf": [ { "$ref": "#/definitions/Caveat" }, { "type": "object", "properties": { "type": { "type": "string", "enum": [ "asn" ], "x-discriminator-value": "asn", "description": "ASN caveat - limits the ASNs (Autonomous System Number) from which the\ntoken can be utilized. The client's ASN is resolved based on\nclient's IP and MaxMind's GeoLite database.\n\nYou can learn more about token caveats\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[token-caveats].html).\n" }, "whitelist": { "type": "array", "items": { "type": "integer" }, "description": "List of ASNs from which the token can be utilized.\n\nExample:\n```json\n {\n \"type\": \"asn\",\n \"whitelist\": [\n 631, 632, 1671\n ]\n }\n```\n" } } } ], "required": [ "type", "whitelist" ], "example": { "type": "asn", "whitelist": [ 631, 632, 1671 ] } }, "geo.country": { "allOf": [ { "$ref": "#/definitions/Caveat" }, { "type": "object", "properties": { "type": { "type": "string", "enum": [ "geo.country" ], "x-discriminator-value": "geo.country", "description": "GEO Country caveat - limits the countries from which the token can be utilized.\nThe client's country is resolved based on client's IP and MaxMind's\nGeoLite database.\n\nYou can learn more about token caveats\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[token-caveats].html).\n" }, "filter": { "type": "string", "enum": [ "whitelist", "blacklist" ], "description": "Filter type to be applied:\n* whitelist limits allowed countries to the ones on the list only\n* blacklist limits allowed countries to any region that is not on the list\n" }, "list": { "type": "array", "items": { "type": "string" }, "description": "List of countries (ISO3166 2 letter codes) from which the token can be utilized.\n\nExample:\n```json\n {\n \"type\": \"geo.country\",\n \"filter\": \"whitelist\",\n \"list\": [\n \"PL\", \"UK\", \"DE\", \"NL\"\n ]\n }\n```\n" } } } ], "required": [ "type", "filter", "list" ], "example": { "type": "geo.country", "filter": "whitelist", "list": [ "PL", "UK", "DE", "NL" ] } }, "geo.region": { "allOf": [ { "$ref": "#/definitions/Caveat" }, { "type": "object", "properties": { "type": { "type": "string", "enum": [ "geo.region" ], "x-discriminator-value": "geo.region", "description": "GEO Region caveat - limits the geographical regions from which the token\ncan be utilized. The available values are the 7 continents (Oceania\ncovers Australia and the pacific islands) or the EU meta region, which\nmatches member countries of the European Union. The client's region is\nresolved based on client's IP and MaxMind's GeoLite database.\n\nYou can learn more about token caveats\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[token-caveats].html).\n" }, "filter": { "type": "string", "enum": [ "whitelist", "blacklist" ], "description": "Filter type to be applied:\n* whitelist limits allowed regions to the ones on the list only\n* blacklist limits allowed regions to any region that is not on the list\n" }, "list": { "type": "array", "items": { "type": "string", "enum": [ "Africa", "Antarctica", "Asia", "Europe", "EU", "NorthAmerica", "Oceania", "SouthAmerica" ] }, "description": "List of regions from which the token can be utilized.\n\nExample:\n```json\n {\n \"type\": \"geo.region\",\n \"filter\": \"blacklist\",\n \"list\": [\n \"Asia\",\n \"NorthAmerica\",\n \"Oceania\"\n ]\n }\n```\n" } } } ], "required": [ "type", "filter", "list" ], "example": { "type": "geo.region", "filter": "blacklist", "list": [ "Asia", "NorthAmerica", "Oceania" ] } }, "service": { "allOf": [ { "$ref": "#/definitions/Caveat" }, { "type": "object", "properties": { "type": { "type": "string", "enum": [ "service" ], "x-discriminator-value": "service", "description": "Service caveat - limits the services that can process the token.\n[Service](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[service].html)\nis the Onedata service that received the client's request - e.g. the\nOneprovider service chosen by a user to mount a Oneclient or make a CDMI\nrequest. If the caveat is present, the service must prove its identity\nby sending their\n[identity token](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[identity-tokens].html)\nin the `x-onedata-service-token header` along with the request.\nThe services must be encoded using proper\n[service format](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[service].html).\n\nYou can learn more about token caveats\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[token-caveats].html).\n" }, "whitelist": { "type": "array", "items": { "type": "string" }, "description": "List of services that are allowed to utilize the token.\n\nExample:\n```json\n {\n \"type\": \"service\",\n \"whitelist\": [\n \"ozw-onezone\",\n \"ozp-onezone\",\n \"opp-*\",\n \"opw-01c4455bef059353c9dfb35ba93a24f3\"\n ]\n }\n```\n" } } } ], "required": [ "type", "whitelist" ], "example": { "type": "service", "whitelist": [ "ozw-onezone", "ozp-onezone", "opp-*", "opw-01c4455bef059353c9dfb35ba93a24f3" ] } }, "consumer": { "allOf": [ { "$ref": "#/definitions/Caveat" }, { "type": "object", "properties": { "type": { "type": "string", "enum": [ "consumer" ], "x-discriminator-value": "consumer", "description": "Consumer caveat - limits the consumers that can use the token.\n[Consumer](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[consumer].html)\nis the token bearer that utilizes the token - performs a\nrequest with an access token or attempts to consume an invite token.\nIf the caveat is present, the consumer must prove their identity by\nsending their\n[identity token](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[identity-tokens].html)\nin the `x-onedata-consumer-token header` along with the request.\nThe consumers must be encoded using proper\n[consumer format](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[consumer].html).\n\nYou can learn more about token caveats\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[token-caveats].html).\n" }, "whitelist": { "type": "array", "items": { "type": "string" }, "description": "List of consumers that are allowed to utilize the token.\n\nExample:\n```json\n {\n \"type\": \"consumer\",\n \"whitelist\": [\n \"usr-d4f5876dbe7f1e7e8a511de6dd31144c\",\n \"grp-0921135ee61fe53a3df449365228e9b4\",\n \"prv-*\"\n ]\n }\n```\n" } } } ], "required": [ "type", "whitelist" ], "example": { "type": "consumer", "whitelist": [ "usr-d4f5876dbe7f1e7e8a511de6dd31144c", "grp-0921135ee61fe53a3df449365228e9b4", "prv-*" ] } }, "interface": { "allOf": [ { "$ref": "#/definitions/Caveat" }, { "type": "object", "properties": { "type": { "type": "string", "description": "Interface caveat - limits the available interfaces on which\nthe token can be used to a certain one.\n\nIf the *oneclient* interface is specified, this caveat is treated as a\n**data access caveat** - if added to a token, it greatly limits\nits power in the system APIs, to the minimum required for data access -\n[see more](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[data-access-caveats].html).\n\nYou can learn more about token caveats\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[token-caveats].html).\n", "enum": [ "interface" ], "x-discriminator-value": "interface" }, "interface": { "type": "string", "enum": [ "rest", "oneclient", "graphsync" ], "description": "The interface on which this token will be exclusively accepted.\n\nExample:\n```json\n {\n \"type\": \"interface\",\n \"interface\": \"rest\"\n }\n```\n" } } } ], "required": [ "type", "interface" ], "example": { "type": "interface", "interface": "rest" } }, "api": { "allOf": [ { "$ref": "#/definitions/Caveat" }, { "type": "object", "properties": { "type": { "type": "string", "enum": [ "api" ], "x-discriminator-value": "api", "description": "API caveat - limits the API operations that can be performed with the token.\nThe operations are whitelisted using the Onedata API matchspec format, which\nincludes the service identifier, operation type (CRUD) and resource identifier.\n\nYou can learn more about token caveats\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[token-caveats].html).\n" }, "whitelist": { "type": "array", "items": { "type": "string" }, "description": "List of API matchspecs that narrow down allowed API calls.\n\nExample:\n```json\n {\n \"type\": \"api\",\n \"whitelist\": [\n \"ozw/all/user.*.*:*\",\n \"all/get/space.*.*:*\"\n ]\n }\n```\n" } } } ], "required": [ "type", "whitelist" ], "example": { "type": "api", "whitelist": [ "ozw/all/user.*.*:*", "all/get/space.*.*:*" ] } }, "data.readonly": { "allOf": [ { "$ref": "#/definitions/Caveat" }, { "type": "object", "properties": { "type": { "type": "string", "enum": [ "data.readonly" ], "x-discriminator-value": "data.readonly", "description": "Data readonly caveat - allows only read access to user files.\n\nThis is a **data access caveat** - if added to a token, it greatly limits\nits power in the system APIs, to the minimum required for data access -\n[see more](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[data-access-caveats].html).\n\nYou can learn more about token caveats\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[token-caveats].html).\n\nExample:\n```json\n {\n \"type\": \"data.readonly\"\n }\n```\n" } } } ], "required": [ "type" ], "example": { "type": "data.readonly" } }, "data.path": { "allOf": [ { "$ref": "#/definitions/Caveat" }, { "type": "object", "properties": { "type": { "type": "string", "enum": [ "data.path" ], "x-discriminator-value": "data.path", "description": "Data path caveat - limits the paths in which data can be accessed with the token.\nThe paths must be canonical - starting with a slash + space id and without\na trailing slash - and must be base64 encoded.\nIf a directory path is given, the token allows to access all nested\nfiles and directories starting from the specified directory.\n\nThis is a **data access caveat** - if added to a token, it greatly limits\nits power in the system APIs, to the minimum required for data access -\n[see more](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[data-access-caveats].html).\n\nYou can learn more about token caveats\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[token-caveats].html).\n" }, "whitelist": { "type": "array", "items": { "type": "string" }, "description": "List of base64 encoded file paths in which data can be accessed using the token.\n\nExample:\n```json\n {\n \"type\": \"data.path\",\n \"whitelist\": [\n \"L2QxYjM4OGY3Yzc=\", # /d1b388f7c7\n \"L2QxYjM4OGY3YzcvZGlyL2ZpbGUudHh0\" # /d1b388f7c7/dir/file.txt\n ]\n }\n```\n" } } } ], "required": [ "type", "whitelist" ], "example": { "type": "data.path", "whitelist": [ "L2RpcjEvZmlsZTEudHh0", "L2ZvbGRlcjIvdmlkZW8zLm1wNA==" ] } }, "data.objectid": { "allOf": [ { "$ref": "#/definitions/Caveat" }, { "type": "object", "properties": { "type": { "type": "string", "enum": [ "data.objectid" ], "x-discriminator-value": "data.objectid", "description": "Data objectid caveat - limits the object ids in which data can be accessed with the token.\nThe object ids comply with the CDMI format and can be used in the\nOneprovider's REST and CDMI APIs.\nIf a directory object id is given, the token allows to access all nested\nfiles and directories starting from the specified directory.\n\nThis is a **data access caveat** - if added to a token, it greatly limits\nits power in the system APIs, to the minimum required for data access -\n[see more](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[data-access-caveats].html).\n\nYou can learn more about token caveats\n[here](https://onedata.org/#/home/documentation/doc/using_onedata/tokens[token-caveats].html).\n" }, "whitelist": { "type": "array", "items": { "type": "string" }, "description": "List of CDMI ObjectIds in which data can be accessed using the token.\n\nExample:\n```json\n {\n \"type\": \"data.objectid\",\n \"whitelist\": [\n \"000000000055D4E4836803640004677569646D000000167\",\n \"39592D594E736C676D0000002B43592D347247454C535F6\"\n ]\n }\n```\n" } } } ], "required": [ "type", "whitelist" ], "example": { "type": "data.objectid", "whitelist": [ "000000000055D4E4836803640004677569646D000000167", "39592D594E736C676D0000002B43592D347247454C535F6" ] } }, "ClientToken": { "type": "object", "description": "Client token for authorization from command line or via REST.", "properties": { "token": { "type": "string", "description": "The access token.", "items": { "type": "string" } } }, "required": [ "token" ], "example": { "token": "JKAxNWxvY2F0aW9uIG9uZXpvbmUKMDAzYmlkZW50aWZpZXIgOEhmSEFSSGdrbHFCa1pWSTRsNk1CVHZTU3Z0OThwcHA2OTQ4czhRN1NPawowMDFhY2lkIHRpbWUgPCAxNDk2MTQwMTQ0CjAwMmZzaWduYXR1cmUg88OI1d24c36707d99197c6cd995810a43aca" } }, "ClientTokens": { "type": "object", "description": "Client tokens for authorization from command line or via REST.", "properties": { "tokens": { "type": "array", "description": "The list of client tokens.", "items": { "type": "string" } } }, "required": [ "tokens" ], "example": { "tokens": [ "JKAxNWxvY2F0aW9uIG9uZXpvbmUKMDAzYmlkZW50aWZpZXIgOEhmSEFSSGdrbHFCa1pWSTRsNk1CVHZTU3Z0OThwcHA2OTQ4czhRN1NPawowMDFhY2lkIHRpbWUgPCAxNDk2MTQwMTQ0CjAwMmZzaWduYXR1cmUg88OI1d24c36707d99197c6cd995810a43aca", "sNk1CVHZTU3Z0OThwcHA2OTQ4czhRN1NPawowMDFhY2lkIHRpbWUgPCAxNDk2MTQwMTQ0CjAwMmZzaWduYXR1cmUg88OI1d24c36707d99197c6cd995810a43acaJKAxNWxvY2F0aW9uIG9uZXpvbmUKMDAzYmlkZW50aWZpZXIgOEhmSEFSSGdrbHFCa1pWSTR" ] } }, "SpaceInviteToken": { "type": "object", "description": "Space invitation token.", "properties": { "token": { "type": "string", "description": "The token for joining a space." } }, "required": [ "token" ], "example": { "token": "JKAxNWxvY2F0aW9uIG9uZXpvbmUKMDAzYmlkZW50aWZpZXIgOEhmSEFSSGdrbHFCa1pWSTRsNk1CVHZTU3Z0OThwcHA2OTQ4czhRN1NPawowMDFhY2lkIHRpbWUgPCAxNDk2MTQwMTQ0CjAwMmZzaWduYXR1cmUg88OI1d24c36707d99197c6cd995810a43aca" } }, "Group": { "type": "object", "description": "Group details.", "properties": { "groupId": { "type": "string", "description": "Unique group Id." }, "name": { "type": "string", "description": "The name of the group." }, "type": { "type": "string", "description": "The type of the group.", "enum": [ "organization", "unit", "team", "role_holders" ] }, "creator": { "$ref": "#/definitions/Subject" }, "creationTime": { "$ref": "#/definitions/Timestamp" } }, "required": [ "groupId", "name", "type", "creationTime" ], "example": { "groupId": "a4d3bc73aada63052310652d421609f1", "name": "Test group", "type": "team", "creator": { "type": "user", "id": "7434b256e71e1052e0d5e3e9da657ebf" }, "creationTime": 1576152793 } }, "GroupCreateRequest": { "type": "object", "description": "Group create request.", "properties": { "name": { "type": "string", "description": "The name of the group." }, "type": { "type": "string", "description": "The type of the group. If not specified, `team` is assumed.", "enum": [ "organization", "unit", "team", "role_holders" ] } }, "required": [ "name" ], "example": { "name": "Test group", "type": "team" } }, "GroupUpdateRequest": { "type": "object", "description": "Group update request.", "properties": { "name": { "type": "string", "description": "The name of the group." }, "type": { "type": "string", "description": "The type of the group.", "enum": [ "organization", "unit", "team", "role_holders" ] } }, "example": { "type": "unit" } }, "GroupInviteToken": { "type": "object", "description": "Group invitation token.", "properties": { "token": { "type": "string", "description": "The token for joining a group." } }, "required": [ "token" ], "example": { "token": "JKAxNWxvY2F0aW9uIG9uZXpvbmUKMDAzYmlkZW50aWZpZXIgOEhmSEFSSGdrbHFCa1pWSTRsNk1CVHZTU3Z0OThwcHA2OTQ4czhRN1NPawowMDFhY2lkIHRpbWUgPCAxNDk2MTQwMTQ0CjAwMmZzaWduYXR1cmUg88OI1d24c36707d99197c6cd995810a43aca" } }, "LinkedAccount": { "type": "object", "description": "User's linked account, expressing identity from an IdP (federated, social etc.).", "properties": { "idp": { "type": "string", "description": "Id of the Identity Provider, as specified in Onezone's auth.config." }, "subjectId": { "type": "string", "description": "Unique user Id assigned by the Identity Provider." }, "fullName": { "type": "string", "description": "User's full name (given names + surname)." }, "username": { "type": "string", "description": "User's human-readable identifier, unique across the system. Makes it easier to identify the user and can be used for signing in with password.\n" }, "emails": { "type": "array", "description": "The list of user email accounts.", "items": { "type": "string" } }, "entitlements": { "type": "array", "description": "A list of strings denoting user group memberships as acquired from the\nidentity provider. Memberships are in Onedata normalized form.\n", "items": { "type": "string" } }, "custom": { "type": "object", "description": "Custom user data collected upon login, depending on Onezone auth.config." } }, "required": [ "idp", "subjectId" ], "example": { "idp": "elixir", "subjectId": "1978f5775ae2dc16730418bf3fc81764", "fullName": "John Doe", "username": "joe-doe", "emails": [ "john.doe@example.com", "john.d@example.com", "doe.john@example.com" ], "entitlements": [ "elixir_test:members", "elixir_test:administration" ], "custom": { "gender": "M", "role": "developer" } } }, "Spaces": { "type": "object", "description": "List of spaces.", "properties": { "spaces": { "type": "array", "description": "The list of space Ids.", "items": { "type": "string" } } }, "required": [ "spaces" ], "example": { "spaces": [ "1d24c36707d99197c6cd995810a43aca", "6825604b0eb6a47b8b7a04b6369eb24d" ] } }, "SpacePrivileges": { "type": "array", "description": "A list of privileges in the space.", "items": { "type": "string", "enum": [ "space_view", "space_update", "space_delete", "space_view_privileges", "space_set_privileges", "space_read_data", "space_write_data", "space_register_files", "space_manage_shares", "space_view_views", "space_manage_views", "space_query_views", "space_view_statistics", "space_view_changes_stream", "space_view_transfers", "space_schedule_replication", "space_cancel_replication", "space_schedule_eviction", "space_cancel_eviction", "space_view_qos", "space_manage_qos", "space_add_user", "space_remove_user", "space_add_group", "space_remove_group", "space_add_support", "space_remove_support", "space_add_harvester", "space_remove_harvester" ] }, "example": [ "space_view", "space_update", "space_delete", "space_view_privileges", "space_set_privileges", "space_read_data", "space_write_data", "space_register_files", "space_manage_shares", "space_view_views", "space_manage_views", "space_query_views", "space_view_statistics", "space_view_changes_stream", "space_view_transfers", "space_schedule_replication", "space_cancel_replication", "space_schedule_eviction", "space_cancel_eviction", "space_view_qos", "space_manage_qos", "space_add_user", "space_remove_user", "space_add_group", "space_remove_group", "space_add_support", "space_remove_support", "space_add_harvester", "space_remove_harvester" ] }, "SpaceManagerPrivileges": { "type": "array", "description": "A subset of space privileges suggested for space managers.", "items": { "type": "string", "enum": [ "space_view", "space_view_privileges", "space_read_data", "space_write_data", "space_manage_shares", "space_view_views", "space_query_views", "space_view_statistics", "space_view_changes_stream", "space_view_transfers", "space_schedule_replication", "space_view_qos", "space_add_user", "space_remove_user", "space_add_group", "space_remove_group", "space_add_harvester", "space_remove_harvester" ] }, "example": [ "space_view", "space_view_privileges", "space_read_data", "space_write_data", "space_manage_shares", "space_view_views", "space_query_views", "space_view_statistics", "space_view_changes_stream", "space_view_transfers", "space_schedule_replication", "space_view_qos", "space_add_user", "space_remove_user", "space_add_group", "space_remove_group", "space_add_harvester", "space_remove_harvester" ] }, "SpaceMemberPrivileges": { "type": "array", "description": "A subset of space privileges suggested for space members.", "items": { "type": "string", "enum": [ "space_view", "space_read_data", "space_write_data", "space_view_transfers" ] }, "example": [ "space_view", "space_read_data", "space_write_data", "space_view_transfers" ] }, "SpacePrivilegesUpdate": { "type": "object", "description": "Space privileges update request.", "properties": { "grant": { "$ref": "#/definitions/SpacePrivileges" }, "revoke": { "$ref": "#/definitions/SpacePrivileges" } }, "example": { "grant": [ "space_view", "space_update", "space_delete", "space_view_privileges", "space_set_privileges" ], "revoke": [ "space_read_data", "space_write_data", "space_manage_shares", "space_manage_views", "space_query_views", "space_view_statistics" ] } }, "SpaceAlias": { "type": "object", "description": "Space alias.", "properties": { "alias": { "type": "string", "description": "User defined name for the space." } }, "required": [ "alias" ], "example": { "alias": "My space name" } }, "SupportParameters": { "type": "object", "description": "Space support parameters.", "properties": { "dataWrite": { "type": "string", "enum": [ "global", "none" ], "description": "[NOT YET IMPLEMENTED - always `global`] indicates if the Oneprovider\nthat supports the space by consuming this token will be able to modify\nfiles in the space (`global`) or not (`none`).\n" }, "metadataReplication": { "type": "string", "enum": [ "eager", "lazy", "none" ], "description": "[NOT YET IMPLEMENTED - always `eager`] indicates the level of metadata\nreplication on the Oneprovider that supports the space by consuming this\ntoken. `eager` - all metadata is replicated, might take days to become\nin sync if the space is already populated with large amount of data.\n`lazy` - only required metadata is replicated when specific file is\naccessed. `none` - all metadata is fetched from remote Oneproviders\nevery time a request is performed, which is the slowest option but\nrequires minimal resources on the Oneprovider.\n" } }, "required": [ "dataWrite", "metadataReplication" ], "example": { "dataWrite": "global", "metadataReplication": "lazy" } }, "SupportStageDetails": { "type": "object", "description": "Summary of provider's support stage and stages of its storages.", "properties": { "providerStage": { "type": "string", "description": "Current support stage of the provider - depends on the stages of its storages:\n* `joining` - the provider has freshly supported the space and is catching up\n with dbsync changes from other providers\n\n* `active` - the provider is operational and up-to-date with other providers,\n all storages are in 'active' stage\n\n* `remodelling` - the provider is undergoing changes concerning its storage(s)\n that support the space, e.g. a storage has been added or removed\n and is not yet in active stage (such modifications may require\n long-lasting data transfers between storages).\n\n* `evicting_replicas` (unsupporting) - the provider has chosen to cease support\n for the space with all of its storages and is now safely migrating\n data to other providers\n\n* `purging_storages` (unsupporting) - the provider has evicted all replicas and\n is now purging its storages from support remnants\n\n* `purging_database` (unsupporting) - the provider purged its storages and is\n now purging the database (including file metadata, locations etc)\n\n* `retired` - the provider has supported the space in the past, but not anymore\n", "enum": [ "joining", "active", "remodelling", "evicting_replicas", "purging_storages", "purging_database", "retired" ] }, "perStorage": { "type": "object", "description": "The map of storage Ids of the provider that support this space and their corresponding support stages.\n", "additionalProperties": { "type": "string", "description": "Current support stage of the storage:\n* `joining` - phase of initial setup after a space is supported and when the\n storage cannot be used yet, transitions to active when the\n provider has caught up with dbsync changes from other providers.\n\n* `active` - the storage is operational\n* `resizing:` - the granted storage quota by this storage is being\n changed, which may be a long process if replicas need to be\n evicted to free up space. If support is being completely revoked,\n the stage yields `resizing:0`. During resizing, the target size\n may be changed.\n\n* `purging` (unsupporting) - the file data on the storage is being purged\n* `retiring` (unsupporting) - the owning provider is finalizing the storage's\n retirement process - if this was the last supporting storage, it\n is purging the database by deleting docs related to space support.\n\n* `retired` - the storage has supported the space in the past, but not anymore\n" } } }, "example": { "providerStage": "remodelling", "perStorage": { "0b1db3c83e9d59fe9d09e5b2cba3c4045cfa0f62": "resizing:157382223842", "3e35742f8e800bd18d62aa749bf7ef418bd159ef": "active", "e3137a5d63d7ddda3fd9663347e9e54f622b70e5": "joining" } } }, "ProviderSyncProgress": { "type": "object", "description": "Sync progress of a specific provider - referred to as *this* provider in below\ndescriptions. Holds the knowledge of *this* provider about latest dbsync\nsequence numbers generated by other providers.\n\nSync progress stats are represented by a map of provider Ids supporting this\nspace and corresponding information about last seen sequence and its timestamp.\n\nIncludes entry for *this* provider (self), which denotes the current newest\nsequence number emmitted by *this* provider and its timestamp.\n", "properties": { "additionalProperties": { "type": "object", "properties": { "seq": { "type": "integer", "description": "Last sequence number of the corresponding provider that has been seen\nand processed by *this* provider.\n" }, "timestamp": { "$ref": "#/definitions/Timestamp", "description": "Timestamp in seconds (UNIX epoch) when the sequence number has been\nemitted by the corresponding provider.\n" } } } }, "example": { "296ebe3c20e9666dc489b647f8647f12": { "seq": 1450, "timestamp": 1571147494 }, "dcf12429647c204896eebe3b6f686967": { "seq": 49870, "timestamp": 1563819329 } } }, "GroupPrivileges": { "type": "array", "description": "A list of privileges in the group.", "items": { "type": "string", "enum": [ "group_view", "group_update", "group_delete", "group_view_privileges", "group_set_privileges", "group_add_parent", "group_leave_parent", "group_add_child", "group_remove_child", "group_add_user", "group_remove_user", "group_add_space", "group_leave_space", "group_create_handle_service", "group_leave_handle_service", "group_create_handle", "group_leave_handle", "group_add_harvester", "group_remove_harvester" ] }, "example": [ "group_view", "group_update", "group_delete", "group_view_privileges", "group_set_privileges", "group_add_parent", "group_leave_parent", "group_add_child", "group_remove_child", "group_add_user", "group_remove_user", "group_add_space", "group_leave_space", "group_create_handle_service", "group_leave_handle_service", "group_create_handle", "group_leave_handle", "group_add_harvester", "group_remove_harvester" ] }, "GroupManagerPrivileges": { "type": "array", "description": "A subset of group privileges suggested for group managers.", "items": { "type": "string", "enum": [ "group_view", "group_view_privileges", "group_add_parent", "group_leave_parent", "group_add_child", "group_remove_child", "group_add_user", "group_remove_user", "group_add_harvester", "group_remove_harvester" ] }, "example": [ "group_view", "group_view_privileges", "group_add_parent", "group_leave_parent", "group_add_child", "group_remove_child", "group_add_user", "group_remove_user", "group_add_harvester", "group_remove_harvester" ] }, "GroupMemberPrivileges": { "type": "array", "description": "A subset of group privileges suggested for group members.", "items": { "type": "string", "enum": [ "group_view" ] } }, "GroupPrivilegesUpdate": { "type": "object", "description": "Group privileges update request.", "properties": { "grant": { "$ref": "#/definitions/GroupPrivileges" }, "revoke": { "$ref": "#/definitions/GroupPrivileges" } }, "example": { "grant": [ "group_view", "group_update", "group_delete", "group_view_privileges", "group_set_privileges" ], "revoke": [ "group_add_parent", "group_leave_parent", "group_add_child", "group_remove_child" ] } }, "AdminPrivileges": { "type": "array", "description": "A list of admin privileges in Onezone.", "items": { "type": "string", "enum": [ "oz_view_privileges", "oz_set_privileges", "oz_users_list", "oz_users_view", "oz_users_create", "oz_users_manage_passwords", "oz_users_update", "oz_users_delete", "oz_users_list_relationships", "oz_users_add_relationships", "oz_users_remove_relationships", "oz_groups_list", "oz_groups_view", "oz_groups_create", "oz_groups_update", "oz_groups_delete", "oz_groups_view_privileges", "oz_groups_set_privileges", "oz_groups_list_relationships", "oz_groups_add_relationships", "oz_groups_remove_relationships", "oz_spaces_list", "oz_spaces_view", "oz_spaces_create", "oz_spaces_update", "oz_spaces_delete", "oz_spaces_view_privileges", "oz_spaces_set_privileges", "oz_spaces_list_relationships", "oz_spaces_add_relationships", "oz_spaces_remove_relationships", "oz_shares_list", "oz_shares_view", "oz_shares_create", "oz_shares_update", "oz_shares_delete", "oz_providers_list", "oz_providers_view", "oz_providers_update", "oz_providers_delete", "oz_providers_list_relationships", "oz_providers_invite", "oz_handle_services_list", "oz_handle_services_view", "oz_handle_services_create", "oz_handle_services_update", "oz_handle_services_delete", "oz_handle_services_view_privileges", "oz_handle_services_set_privileges", "oz_handle_services_list_relationships", "oz_handle_services_add_relationships", "oz_handle_services_remove_relationships", "oz_handles_list", "oz_handles_view", "oz_handles_create", "oz_handles_update", "oz_handles_delete", "oz_handles_view_privileges", "oz_handles_set_privileges", "oz_handles_list_relationships", "oz_handles_add_relationships", "oz_handles_remove_relationships", "oz_harvesters_list", "oz_harvesters_view", "oz_harvesters_create", "oz_harvesters_update", "oz_harvesters_delete", "oz_harvesters_view_privileges", "oz_harvesters_set_privileges", "oz_harvesters_list_relationships", "oz_harvesters_add_relationships", "oz_harvesters_remove_relationships", "oz_clusters_list", "oz_clusters_view", "oz_clusters_update", "oz_clusters_view_privileges", "oz_clusters_set_privileges", "oz_clusters_list_relationships", "oz_clusters_add_relationships", "oz_clusters_remove_relationships" ] }, "example": [ "oz_view_privileges", "oz_set_privileges", "oz_users_list", "oz_users_view", "oz_users_create", "oz_users_manage_passwords", "oz_users_update", "oz_users_delete", "oz_users_list_relationships", "oz_users_add_relationships", "oz_users_remove_relationships", "oz_groups_list", "oz_groups_view", "oz_groups_create", "oz_groups_update", "oz_groups_delete", "oz_groups_view_privileges", "oz_groups_set_privileges", "oz_groups_list_relationships", "oz_groups_add_relationships", "oz_groups_remove_relationships", "oz_spaces_list", "oz_spaces_view", "oz_spaces_create", "oz_spaces_update", "oz_spaces_delete", "oz_spaces_view_privileges", "oz_spaces_set_privileges", "oz_spaces_list_relationships", "oz_spaces_add_relationships", "oz_spaces_remove_relationships", "oz_shares_list", "oz_shares_view", "oz_shares_create", "oz_shares_update", "oz_shares_delete", "oz_providers_list", "oz_providers_view", "oz_providers_update", "oz_providers_delete", "oz_providers_list_relationships", "oz_providers_invite", "oz_handle_services_list", "oz_handle_services_view", "oz_handle_services_create", "oz_handle_services_update", "oz_handle_services_delete", "oz_handle_services_view_privileges", "oz_handle_services_set_privileges", "oz_handle_services_list_relationships", "oz_handle_services_add_relationships", "oz_handle_services_remove_relationships", "oz_handles_list", "oz_handles_view", "oz_handles_create", "oz_handles_update", "oz_handles_delete", "oz_handles_view_privileges", "oz_handles_set_privileges", "oz_handles_list_relationships", "oz_handles_add_relationships", "oz_handles_remove_relationships", "oz_harvesters_list", "oz_harvesters_view", "oz_harvesters_create", "oz_harvesters_update", "oz_harvesters_delete", "oz_harvesters_view_privileges", "oz_harvesters_set_privileges", "oz_harvesters_list_relationships", "oz_harvesters_add_relationships", "oz_harvesters_remove_relationships", "oz_clusters_list", "oz_clusters_view", "oz_clusters_update", "oz_clusters_view_privileges", "oz_clusters_set_privileges", "oz_clusters_list_relationships", "oz_clusters_add_relationships", "oz_clusters_remove_relationships" ] }, "ViewerPrivileges": { "type": "array", "description": "A subset of zone admin privileges suggested for zone viewers.", "items": { "type": "string", "enum": [ "oz_users_list", "oz_users_view", "oz_users_list_relationships", "oz_groups_list", "oz_groups_view", "oz_groups_list_relationships", "oz_spaces_list", "oz_spaces_view", "oz_spaces_list_relationships", "oz_shares_list", "oz_shares_view", "oz_providers_list", "oz_providers_view", "oz_providers_list_relationships", "oz_handle_services_list", "oz_handle_services_view", "oz_handle_services_list_relationships", "oz_handles_list", "oz_handles_view", "oz_handles_list_relationships", "oz_harvesters_list", "oz_harvesters_view", "oz_harvesters_list_relationships", "oz_clusters_list", "oz_clusters_view", "oz_clusters_list_relationships" ] }, "example": [ "oz_users_list", "oz_users_view", "oz_users_list_relationships", "oz_groups_list", "oz_groups_view", "oz_groups_list_relationships", "oz_spaces_list", "oz_spaces_view", "oz_spaces_list_relationships", "oz_shares_list", "oz_shares_view", "oz_providers_list", "oz_providers_view", "oz_providers_list_relationships", "oz_handle_services_list", "oz_handle_services_view", "oz_handle_services_list_relationships", "oz_handles_list", "oz_handles_view", "oz_handles_list_relationships", "oz_harvesters_list", "oz_harvesters_view", "oz_harvesters_list_relationships", "oz_clusters_list", "oz_clusters_view", "oz_clusters_list_relationships" ] }, "AdminPrivilegesUpdate": { "type": "object", "description": "Admin privileges update request.", "properties": { "grant": { "$ref": "#/definitions/AdminPrivileges" }, "revoke": { "$ref": "#/definitions/AdminPrivileges" } }, "example": { "grant": [ "oz_groups_add_relationships", "oz_groups_remove_relationships", "oz_groups_view_privileges", "oz_groups_set_privileges", "oz_groups_list", "oz_groups_view", "oz_groups_list_relationships", "oz_spaces_create", "oz_spaces_update" ], "revoke": [ "oz_providers_list", "oz_providers_view", "oz_providers_update", "oz_providers_delete", "oz_providers_invite", "oz_providers_list_relationships", "oz_handle_services_create" ] } }, "HandleService": { "type": "object", "description": "Handle service instance.\n", "properties": { "handleServiceId": { "type": "string", "description": "Handle service Id." }, "name": { "type": "string", "description": "The user defined name of the service.\n" }, "proxyEndpoint": { "type": "string", "description": "The endpoint of the Handle service proxy, i.e. a service which implements logic specific for particular Handle service.\n" }, "serviceProperties": { "$ref": "#/definitions/HandleServiceProperties" }, "creator": { "$ref": "#/definitions/Subject" }, "creationTime": { "$ref": "#/definitions/Timestamp" } }, "required": [ "handleServiceId", "name", "proxyEndpoint", "serviceProperties", "creator", "creationTime" ], "example": { "handleServiceId": "cdca849d2b71bc7205f3eab686cf62fb", "name": "MyCommunity Handle service", "proxyEndpoint": "https://localhost:17000/handle_proxy", "serviceProperties": { "type": "DOI", "host": "https://mds.test.datacite.org", "doiEndpoint": "/doi", "metadataEndpoint": "/metadata", "mediaEndpoint": "/media", "prefix": 10.5072, "username": "alice", "password": "pa$$word", "identifierTemplate": "{{space.name}}-{{space.guid}}", "allowTemplateOverride": false }, "creator": { "type": "user", "id": "7434b256e71e1052e0d5e3e9da657ebf" }, "creationTime": 1576152793 } }, "HandleServiceCreateRequest": { "type": "object", "description": "Handle service create request.\n", "properties": { "name": { "type": "string", "description": "The user defined name of the service.\n" }, "proxyEndpoint": { "type": "string", "description": "The endpoint of the Handle service proxy, i.e. a service which implements logic specific for particular Handle service.\n" }, "serviceProperties": { "$ref": "#/definitions/HandleServiceProperties" } }, "required": [ "name", "proxyEndpoint", "serviceProperties" ], "example": { "name": "MyCommunity Handle service", "proxyEndpoint": "https://localhost:17000/handle_proxy", "serviceProperties": { "type": "DOI", "host": "https://mds.test.datacite.org", "doiEndpoint": "/doi", "metadataEndpoint": "/metadata", "mediaEndpoint": "/media", "prefix": 10.5072, "username": "alice", "password": "pa$$word", "identifierTemplate": "{{space.name}}-{{space.guid}}", "allowTemplateOverride": false } } }, "HandleServiceProperties": { "type": "object", "description": "An abstract type for [Handle](http://handle.net) identifier services properties.\n", "discriminator": "type", "x-onedata-oneof": true, "x-onedata-subclasses": [ "doi", "pid" ], "properties": { "type": { "type": "string", "description": "The type of handle service.", "x-discriminator": true, "enum": [ "DOI", "PID" ] } }, "required": [ "type" ] }, "HandleServicePropertiesUpdate": { "type": "object", "description": "An abstract type for [Handle](http://handle.net) identifier services properties.\n", "discriminator": "type", "x-onedata-oneof": true, "x-onedata-subclasses": [ "doi", "pid" ], "properties": { "type": { "type": "string", "description": "The type of handle service.", "x-discriminator": true, "enum": [ "DOI", "PID" ] } }, "required": [ "type" ] }, "DOIServiceProperties": { "description": "The properties of a [DOI](http://doi.org) registration service.\n", "allOf": [ { "$ref": "#/definitions/HandleServiceProperties" }, { "type": "object", "x-discriminator-value": "DOI", "properties": { "host": { "type": "string", "description": "The service host, including the protocol.\n" }, "doiEndpoint": { "type": "string", "description": "DOI registration API endpoint relative to the host.\n" }, "metadataEndpoint": { "type": "string", "description": "Metadata registration API endpoint relative to the host.\n" }, "mediaEndpoint": { "type": "string", "description": "Media registration API endpoint relative to the host.\n" }, "prefix": { "type": "string", "description": "The DOI prefix under which new DOI's can be minted using this account.\n" }, "username": { "type": "string", "description": "The username for login to the DOI service.\n" }, "password": { "type": "string", "description": "The password for login to the DOI service.\n" }, "identifierTemplate": { "type": "string", "description": "The template for generation of new DOI's using this account.\n" }, "allowTemplateOverride": { "type": "boolean", "description": "Specifies whether users can override the DOI suffix template for this account during registration of new DOI's.\n" } }, "required": [ "host", "doiEndpoint", "metadataEndpoint", "mediaEndpoint", "prefix", "username", "password" ] } ], "example": { "type": "DOI", "host": "https://mds.test.datacite.org", "doiEndpoint": "/doi", "metadataEndpoint": "/metadata", "mediaEndpoint": "/media", "prefix": 10.572, "username": "alice", "password": "pa$$word", "identifierTemplate": "{{space.name}}-{{space.guid}}", "allowTemplateOverride": false } }, "PIDServiceProperties": { "description": "The properties of a [PID](http://www.pidconsortium.eu/) registration service.\n", "allOf": [ { "$ref": "#/definitions/HandleServiceProperties" }, { "type": "object", "x-discriminator-value": "PID", "properties": { "endpoint": { "type": "string", "description": "The HTTP endpoint for handle registration.\n" }, "prefix": { "type": "string", "description": "The PID prefix under which new PIDs can be minted using this account.\n" }, "username": { "type": "string", "description": "The username for login to the PID service.\n" }, "password": { "type": "string", "description": "The password for login to the PID service.\n" }, "autoSuffixGeneration": { "type": "boolean", "description": "When set to true, the suffixes will be generated automatically by the registration service.\n" }, "suffixPrefix": { "type": "string", "description": "Auto generated PID suffixes have a format PREFIX-UUID-SUFFIX, UUID is generated by the registration service.\n" }, "suffixSuffix": { "type": "string", "description": "Auto generated PID suffixes have a format PREFIX-UUID-SUFFIX, UUID is generated by the registration service.\n" }, "identifierTemplate": { "type": "string", "description": "Template for generating PIDs based Onedata properties (e.g. space UUID). If set to `true` the `autoSuffixGeneration` must be `false`.\n" }, "allowTemplateOverride": { "type": "string", "description": "Allow users to create custom identifiers regardless of the specified template.\n" } }, "required": [ "endpoint", "prefix", "username", "password", "autoSuffixGeneration", "suffixPrefix", "suffixSuffix" ] } ], "example": { "type": "PID", "name": "iMarine EPIC", "endpoint": "https://epic.grnet.gr/api/v2/handles", "prefix": 11789, "autoSuffixGeneration": false, "suffixPrefix": "{{space.name}}", "suffixSuffix": "{{space.uuid}}", "username": "alice", "password": "pa$$word", "identifierTemplate": "{{space.name}}-{{space.guid}}", "allowTemplateOverride": false } }, "HandleServiceUpdate": { "type": "object", "description": "Handle service instance.\n", "properties": { "name": { "type": "string", "description": "The user defined name of the service. \n" }, "proxyEndpoint": { "type": "string", "description": "The endpoint of the Handle service proxy, i.e. a service which implements logic specific for particular Handle service.\n" }, "serviceProperties": { "$ref": "#/definitions/HandleServicePropertiesUpdate" } }, "example": { "proxyEndpoint": "https://newendpointdomain.com:17000/handle_proxy" } }, "DOIServicePropertiesUpdate": { "description": "The properties of a [DOI](http://doi.org) registration service.\n", "allOf": [ { "$ref": "#/definitions/HandleServicePropertiesUpdate" }, { "type": "object", "x-discriminator-value": "DOI", "properties": { "host": { "type": "string", "description": "The service host, including the protocol.\n" }, "doiEndpoint": { "type": "string", "description": "DOI registration API endpoint relative to the host.\n" }, "metadataEndpoint": { "type": "string", "description": "Metadata registration API endpoint relative to the host.\n" }, "mediaEndpoint": { "type": "string", "description": "Media registration API endpoint relative to the host.\n" }, "prefix": { "type": "string", "description": "The DOI prefix under which new DOI's can be minted using this account.\n" }, "username": { "type": "string", "description": "The username for login to the DOI service.\n" }, "password": { "type": "string", "description": "The password for login to the DOI service.\n" }, "identifierTemplate": { "type": "string", "description": "The template for generation of new DOI's using this account.\n" }, "allowTemplateOverride": { "type": "boolean", "description": "Specifies whether users can override the DOI suffix template for this account during registration of new DOI's.\n" } } } ], "example": { "type": "DOI", "host": "https://mds.test.datacite.org", "username": "alice", "password": "pa$$word" } }, "PIDServicePropertiesUpdate": { "description": "The properties of a [PID](http://www.pidconsortium.eu/) registration service update.\n", "allOf": [ { "$ref": "#/definitions/HandleServicePropertiesUpdate" }, { "type": "object", "x-discriminator-value": "PID", "properties": { "endpoint": { "type": "string", "description": "The HTTP endpoint for handle registration.\n" }, "prefix": { "type": "string", "description": "The PID prefix under which new PIDs can be minted using this account.\n" }, "username": { "type": "string", "description": "The username for login to the PID service.\n" }, "password": { "type": "string", "description": "The password for login to the PID service.\n" }, "autoSuffixGeneration": { "type": "boolean", "description": "When set to true, the suffixes will be generated automatically by the registration service.\n" }, "suffixPrefix": { "type": "string", "description": "Auto generated PID suffixes have a format PREFIX-UUID-SUFFIX, UUID is generated by the registration service.\n" }, "suffixSuffix": { "type": "string", "description": "Auto generated PID suffixes have a format PREFIX-UUID-SUFFIX, UUID is generated by the registration service.\n" }, "identifierTemplate": { "type": "string", "description": "Template for generating PIDs based Onedata properties (e.g. space UUID). If set to `true` the `autoSuffixGeneration` must be `false`.\n" }, "allowTemplateOverride": { "type": "string", "description": "Allow users to create custom identifiers regardless of the specified template.\n" } } } ], "example": { "type": "PID", "endpoint": "https://epic.grnet.gr/api/v2/handles", "username": "alice", "password": "pa$$word" } }, "Handle": { "type": "object", "description": "Handle properties.", "properties": { "handleId": { "type": "string", "description": "Unique Id of the handle in Onedata." }, "publicHandle": { "type": "string", "description": "Unique Id of the handle as registered in the handle service. Depending on the handle service, can be an Id (DOI: 10.5072/w95Zlng) or an URL (PID: http://hdl.handle.net/21.T15999/TgAl7s0).\n" }, "handleServiceId": { "type": "string", "description": "Id of the service where the handle was registered.\n*Not included in public handle details.*\n" }, "resourceType": { "type": "string", "description": "The type of resource to be registered.", "enum": [ "Share" ] }, "resourceId": { "type": "string", "description": "The Id of the resource, corresponding to resourceType (currently, always a share Id)." }, "metadata": { "type": "string", "description": "Dublin Core metadata for the resource encoded in XML." }, "timestamp": { "type": "string", "description": "Timestamp of the last Handle modification." }, "creator": { "description": "The creator of the handle.\n*Not included in public handle details.*\n", "$ref": "#/definitions/Subject" }, "creationTime": { "$ref": "#/definitions/Timestamp" } }, "required": [ "handleId", "publicHandle", "resourceType", "resourceId", "metadata", "timestamp", "creationTime" ], "example": { "handleId": "14208c48fe063d26fd45144b90977a56", "publicHandle": "10.5072/w95Zlng", "handleServiceId": "f480c4889db90d93996ee89d0ee5f8f0", "resourceType": "Share", "resourceId": "3d8cd457cef92ba08261bf1bb8d40438", "metadata": " \n \n Example Resource\n John Doe\n MIT\n 2000-06-06\n \n\n", "timestamp": "2016-07-16T18:20:30.450Z", "creator": { "type": "user", "id": "7434b256e71e1052e0d5e3e9da657ebf" }, "creationTime": 1576152793 } }, "Handles": { "type": "object", "description": "List of handles.", "properties": { "handles": { "type": "array", "description": "The list of handle Ids.", "items": { "type": "string" } } }, "required": [ "handles" ], "example": { "handles": [ "1d24c36707d99197c6cd995810a43aca", "6825604b0eb6a47b8b7a04b6369eb24d" ] } }, "HandleRegistrationRequest": { "type": "object", "description": "This type contains attributes necessary to register a handle identifier\nfor some Onedata resource (e.g. share).\n", "properties": { "handleServiceId": { "type": "string", "description": "The Onedata GUID of the handle service registered." }, "resourceType": { "type": "string", "description": "The type of resource to be registered." }, "resourceId": { "type": "string", "description": "The Id of the resource to be assigned a handle identifier." }, "metadata": { "type": "string", "description": "Dublin Core metadata for the resource encoded in XML." } }, "required": [ "handleServiceId", "resourceType", "resourceId", "metadata" ], "example": { "handleServiceId": "f1c8b1a37aa7447b22eb65a742d40524", "resourceType": "Share", "resourceId": "f7a6d2ea511e728c9b3f3972cecb7af4", "metadata": " \n \n Example Resource\n John Doe\n MIT\n 2000-06-06\n \n" } }, "HandlePrivileges": { "type": "array", "description": "A list of privileges in the handle.", "items": { "type": "string", "enum": [ "handle_view", "handle_update", "handle_delete" ] }, "example": [ "handle_view", "handle_update", "handle_delete" ] }, "HandleMemberPrivileges": { "type": "array", "description": "A subset of handle privileges suggested for handle managers.", "items": { "type": "string", "enum": [ "handle_view" ] } }, "HandlePrivilegesUpdate": { "type": "object", "description": "Handle privileges update request.", "properties": { "grant": { "$ref": "#/definitions/HandlePrivileges" }, "revoke": { "$ref": "#/definitions/HandlePrivileges" } }, "example": { "grant": [ "handle_view", "handle_update" ], "revoke": [ "handle_delete" ] } }, "HandleServices": { "type": "object", "description": "List of handle services.", "properties": { "handle_services": { "type": "array", "description": "The list of handle services Ids.", "items": { "type": "string" } } }, "required": [ "handle_services" ], "example": { "handle_services": [ "1d24c36707d99197c6cd995810a43aca", "6825604b0eb6a47b8b7a04b6369eb24d" ] } }, "HandleServicePrivileges": { "type": "array", "description": "A list of privileges in the handle service.", "items": { "type": "string", "enum": [ "handle_service_view", "handle_service_update", "handle_service_delete", "handle_service_register_handle", "handle_service_list_handles" ] }, "example": [ "handle_service_view", "handle_service_update", "handle_service_delete", "handle_service_register_handle", "handle_service_list_handles" ] }, "HandleServiceMemberPrivileges": { "type": "array", "description": "A subset of handle service privileges suggested for handle service managers.", "items": { "type": "string", "enum": [ "handle_service_view", "handle_service_register_handle" ] }, "example": [ "handle_service_view", "handle_service_register_handle" ] }, "HandleServicePrivilegesUpdate": { "type": "object", "description": "Handle service privileges update request.", "properties": { "grant": { "$ref": "#/definitions/HandleServicePrivileges" }, "revoke": { "$ref": "#/definitions/HandleServicePrivileges" } }, "example": { "grant": [ "handle_service_update", "handle_service_view" ], "revoke": [ "handle_service_delete", "handle_service_list_handles", "handle_service_register_handle" ] } }, "Share": { "type": "object", "description": "Share parameters.", "properties": { "shareId": { "type": "string", "description": "Share Id." }, "name": { "type": "string", "description": "The name of the share." }, "description": { "type": "string", "description": "Description of the share contents, interpreted as markdown format when displayed in GUI." }, "publicUrl": { "type": "string", "description": "Publicly accessible link that can be used to view the contents of the\nshare in a web browser. Anyone with the link will be able to access the\nshare browser, without any authentication.\n" }, "publicRestUrl": { "type": "string", "description": "URL to the publicly accessible REST endpoint, which can be used to\nprogrammatically access the share information and data. The endpoint\ndoes not require any authentication.\n" }, "spaceId": { "type": "string", "description": "The Id of the space in which the share was created.\n*Not included in public share details.*\n" }, "rootFileId": { "type": "string", "description": "Public Id of shared file or directory, allowing read access to its contents without authentication." }, "fileType": { "type": "string", "description": "Denotes the type of the shared element (file or directory)", "enum": [ "file", "dir" ] }, "handleId": { "type": "string", "description": "The Id of open data Handle (e.g. DOI or PID) assigned to this share or null." }, "creator": { "description": "The creator of the share.\n*Not included in public share details.*\n", "$ref": "#/definitions/Subject" }, "creationTime": { "$ref": "#/definitions/Timestamp" } }, "required": [ "shareId", "name", "description", "publicUrl", "publicRestUrl", "rootFileId", "fileType", "handleId", "creationTime" ], "example": { "shareId": "1f4b762b1380946e73aeca574c77f14c", "name": "Experiment XYZ", "description": "# Experiment XYZ\\nThis collection contains results from Experiment XYZ.", "publicUrl": "https://example.com/shares/1f4b762b1380946e73aeca574c77f14c", "publicRestUrl": "https://example.com/api/v3/onezone/shares/1f4b762b1380946e73aeca574c77f14c/public", "spaceId": "6ec1a5413b6f4e2b01a5c85a8fd797e2", "fileType": "dir", "rootFileId": "00000000006CB663736861726547756964233339643236366165646365\\ 6266666164353939663761373734313235363166342336656331613534313362366634653\\ 2623031613563383561386664373937653223316634623736326231333830393436653733\\ 6165636135373463373766313463", "handleId": "70570c0ebcd081835ca29560708fd98f260fb4da", "creator": { "type": "user", "id": "7434b256e71e1052e0d5e3e9da657ebf" }, "creationTime": 1576152793 } }, "Providers": { "type": "object", "description": "List of providers.", "properties": { "providers": { "type": "array", "description": "The list of provider Ids.", "items": { "type": "string" } } }, "required": [ "providers" ], "example": { "providers": [ "1d24c36707d99197c6cd995810a43aca", "6825604b0eb6a47b8b7a04b6369eb24d" ] } }, "Harvester": { "type": "object", "description": "Harvester details.", "properties": { "harvesterId": { "type": "string", "description": "Unique harvester Id." }, "name": { "type": "string", "description": "The name of the harvester." }, "public": { "type": "boolean", "description": "Whether given harvester is public. \nMore on public harvesters: [Query harvester index](#operation/query_harvester_index) \n" }, "harvestingBackendType": { "type": "string", "description": "Type of external harvesting backend that will provide persistence and analytics for harvested metadata. Can be chosen from predefined backends and optionally custom ones configured by Onezone admins. Can be omitted if default harvester backend is set up in Onezone." }, "harvestingBackendEndpoint": { "type": "string", "description": "Endpoint where the specified harvesting backend can be reached by Onezone to feed incoming metadata and perform queries. Can be omitted if default harvester backend is set up in Onezone." }, "creator": { "$ref": "#/definitions/Subject" }, "creationTime": { "$ref": "#/definitions/Timestamp" } }, "required": [ "harvesterId", "name", "public", "harvestingBackendType", "harvestingBackendEndpoint", "creator", "creationTime" ], "example": { "harvesterId": "5989b9476b7d1b2f955c65efb24c0917", "name": "Test harvester", "public": true, "harvestingBackendType": "elasticsearch_harvesting_backend", "harvestingBackendEndpoint": "example.elastic.com:9200", "creator": { "type": "user", "id": "7434b256e71e1052e0d5e3e9da657ebf" }, "creationTime": 1576152793 } }, "Harvesters": { "type": "object", "description": "List of harvesters.", "properties": { "harvesters": { "type": "array", "description": "The list of harvester Ids.", "items": { "type": "string" } } }, "required": [ "harvesters" ], "example": { "harvesters": [ "1d24c36707d99197c6cd995810a43aca", "6825604b0eb6a47b8b7a04b6369eb24d" ] } }, "HarvesterInviteToken": { "type": "object", "description": "Harvester invitation token.", "properties": { "token": { "type": "string", "description": "The token for joining a harvester." } }, "required": [ "token" ], "example": { "token": "JKAxNWxvY2F0aW9uIG9uZXpvbmUKMDAzYmlkZW50aWZpZXIgOEhmSEFSSGdrbHFCa1pWSTRsNk1CVHZTU3Z0OThwcHA2OTQ4czhRN1NPawowMDFhY2lkIHRpbWUgPCAxNDk2MTQwMTQ0CjAwMmZzaWduYXR1cmUg88OI1d24c36707d99197c6cd995810a43aca" } }, "HarvesterPrivileges": { "type": "array", "description": "A list of privileges in the harvester.", "items": { "type": "string", "enum": [ "harvester_view", "harvester_update", "harvester_delete", "harvester_view_privileges", "harvester_set_privileges", "harvester_add_user", "harvester_remove_user", "harvester_add_group", "harvester_remove_group", "harvester_add_space", "harvester_remove_space" ] }, "example": [ "harvester_view", "harvester_update", "harvester_delete", "harvester_view_privileges", "harvester_set_privileges", "harvester_add_user", "harvester_remove_user", "harvester_add_group", "harvester_remove_group", "harvester_add_space", "harvester_remove_space" ] }, "HarvesterManagerPrivileges": { "type": "array", "description": "A subset of harvester privileges suggested for harvester managers.", "items": { "type": "string", "enum": [ "harvester_view", "harvester_add_user", "harvester_remove_user", "harvester_add_group", "harvester_remove_group", "harvester_add_space", "harvester_remove_space" ] }, "example": [ "harvester_view", "harvester_add_user", "harvester_remove_user", "harvester_add_group", "harvester_remove_group", "harvester_add_space", "harvester_remove_space" ] }, "HarvesterMemberPrivileges": { "type": "array", "description": "A subset of harvester privileges suggested for harvester members.", "items": { "type": "string", "enum": [ "harvester_view" ] } }, "HarvesterPrivilegesUpdate": { "type": "object", "description": "Harvester privileges update request.", "properties": { "grant": { "$ref": "#/definitions/HarvesterPrivileges" }, "revoke": { "$ref": "#/definitions/HarvesterPrivileges" } }, "example": { "grant": [ "harvester_view", "harvester_update", "harvester_delete", "harvester_view_privileges", "harvester_set_privileges" ], "revoke": [ "harvester_invite_user", "harvester_remove_user", "harvester_add_group", "harvester_remove_group" ] } }, "HarvesterCreateRequest": { "type": "object", "description": "New harvester parameters.", "properties": { "name": { "type": "string", "description": "The name of the harvester." }, "harvestingBackendType": { "type": "string", "description": "Type of external harvesting backend that will provide persistence and analytics for harvested metadata. Can be chosen from predefined backends and optionally custom ones configured by Onezone admins. Can be omitted if default harvester backend is set up in Onezone." }, "harvestingBackendEndpoint": { "type": "string", "description": "Endpoint where the specified harvesting backend can be reached by Onezone to feed incoming metadata and perform queries. Can be omitted if default harvester backend is set up in Onezone." }, "guiPluginConfig": { "$ref": "#/definitions/HarvesterGuiPluginConfig" } }, "required": [ "name", "harvestingBackendType", "harvestingBackendEndpoint" ], "example": { "name": "My private harvester", "harvestingBackendType": "elasticsearch_harvesting_backend", "harvestingBackendEndpoint": "example.elastic.com:9200", "guiPluginConfig": { "typeMapping": [ { "id": 0, "name": "Type 1" }, { "id": 1, "name": "Type 1" } ], "externalHelpLink": "http://example.com/some_help_page", "refreshDataTimeout": 1000 } } }, "HarvesterUpdateRequest": { "type": "object", "description": "Harvester settings update request.", "properties": { "name": { "type": "string", "description": "The name of the harvester." }, "harvestingBackendType": { "type": "string", "description": "Type of external harvesting backend that will provide persistence and analytics for harvested metadata. Can be chosen from predefined backends and optionally custom ones configured by Onezone admins." }, "harvestingBackendEndpoint": { "type": "string", "description": "Endpoint where the specified harvesting backend can be reached by Onezone to feed incoming metadata and perform queries. Note that this option should be used only when changing to a new location of the same harvester backend. Otherwise [create a new harvester](#operation/create_harvester)." }, "public": { "type": "boolean", "description": "Public harvester allows any user to query its indices." } }, "example": { "name": "My public harvester", "harvestingBackendType": "elasticsearch_harvesting_backend", "harvestingBackendEndpoint": "example.elastic.com:9200", "public": true } }, "HarvesterGuiPluginConfig": { "type": "object", "description": "Custom JSON configuration passed to harvester GUI plugin.", "properties": { "guiPluginConfig": { "type": "object" } }, "required": [ "guiPluginConfig" ], "example": { "config": { "typeMapping": [ { "id": 0, "name": "Type 1" }, { "id": 1, "name": "Type 1" } ], "externalHelpLink": "http://example.com/some_help_page", "refreshDataTimeout": 1000 } } }, "HarvesterIndex": { "type": "object", "description": "Harvester index details.", "properties": { "indexId": { "type": "string", "description": "Unique Id of the index." }, "name": { "type": "string", "description": "The name of the index." }, "schema": { "type": "string", "description": "Schema of the index provided as string (e.g. encoded JSON)." }, "guiPluginName": { "type": "string", "description": "Mapping of index name to one recognized by gui plugin. Allows to specify this index to be used by GUI plugin to produce search results. Recognized gui index names are listed in gui plugin manifest." }, "includeMetadata": { "type": "array", "items": { "type": "string", "enum": [ "json", "xattrs", "rdf" ] }, "minItems": 1, "description": "Specifies what types of file metadata should be harvested in this index. At least one type must be given." }, "includeFileDetails": { "type": "array", "items": { "type": "string", "enum": [ "fileName", "spaceId", "metadataExistenceFlags" ] }, "description": "Specifies what file details should be harvested alongside the metadata. Enabling `metadataExistenceFlags` will add boolean flags saying whether the file has any metadata of certain type. The `fileName` field may be utilized by the GUI plugin to improve the browsing experience." }, "includeRejectionReason": { "type": "boolean", "description": "If enabled, all harvesting errors (e.g. when the index rejects a payload due to non-matching schema) are stored as text in the index, which may be useful for later analysis." }, "retryOnRejection": { "type": "boolean", "description": "If enabled, all payloads rejected by the harvesting backend will be automatically analysed for offending data (e.g. fields that do not match the schema), pruned and submitted again. This might slow down the harvesting process and cause nonconformant metadata to be lost." } }, "required": [ "indexId", "name", "schema", "guiPluginName", "includeMetadata", "includeFileDetails", "includeRejectionReason", "retryOnRejection" ], "example": { "indexId": "2c0160248ba9a66f45da751ca459535a", "name": "My study index", "guiPluginName": "study", "schema": "{ \"mappings\": { \"properties\": { \"foo\": { \"type\": \"keyword\" } } } }", "includeMetadata": [ "json", "xattrs" ], "includeFileDetails": [ "fileName", "metadataExistenceFlags" ], "includeRejectionReason": false, "retryOnRejection": true } }, "HarvesterIndices": { "type": "object", "description": "List of harvester indices.", "properties": { "harvesters": { "type": "array", "description": "The list of harvester indices Ids.", "items": { "type": "string" } } }, "required": [ "indices" ], "example": { "indices": [ "1d24c36707d99197c6cd995810a43aca", "6825604b0eb6a47b8b7a04b6369eb24d" ] } }, "HarvesterIndexCreateRequest": { "type": "object", "description": "Harvester index parameters.", "properties": { "name": { "type": "string", "description": "The name of the index." }, "guiPluginName": { "type": "string", "description": "Mapping of index name to one recognized by gui plugin. Allows to specify this index to be used by GUI plugin to produce search results. Recognized gui index names are listed in gui plugin manifest." }, "schema": { "type": "string", "description": "Schema of the index provided as string (e.g. encoded JSON)." }, "includeMetadata": { "type": "array", "items": { "type": "string", "enum": [ "json", "xattrs", "rdf" ] }, "minItems": 1, "description": "Specifies what types of file metadata should be harvested in this index. At least one type must be given." }, "includeFileDetails": { "type": "array", "items": { "type": "string", "enum": [ "fileName", "spaceId", "metadataExistenceFlags" ] }, "description": "Specifies what file details should be harvested alongside the metadata. Enabling `metadataExistenceFlags` will add boolean flags saying whether the file has any metadata of certain type. The `fileName` field may be utilized by the GUI plugin to improve the browsing experience." }, "includeRejectionReason": { "type": "boolean", "description": "If enabled, all harvesting errors (e.g. when the index rejects a payload due to non-matching schema) are stored as text in the index, which may be useful for later analysis." }, "retryOnRejection": { "type": "boolean", "description": "If enabled, all payloads rejected by the harvesting backend will be automatically analysed for offending data (e.g. fields that do not match the schema), pruned and submitted again. This might slow down the harvesting process and cause nonconformant metadata to be lost." } }, "required": [ "name" ], "example": { "name": "My study index", "guiPluginName": "study", "schema": "{ \"mappings\": { \"properties\": { \"foo\": { \"type\": \"keyword\" } } } }", "includeMetadata": [ "json", "xattrs" ], "includeFileDetails": [ "fileName", "metadataExistenceFlags" ], "includeRejectionReason": false, "retryOnRejection": true } }, "HarvesterQuery": { "type": "object", "description": "Harvester query parameters for Elasticsearch.", "properties": { "method": { "type": "string", "enum": [ "post", "get" ], "description": "Method of request to Elasticsearch." }, "path": { "type": "string", "description": "Resource path relative to index" }, "body": { "description": "Body of request to Elasticsearch." } }, "required": [ "method", "path" ], "example": { "method": "get", "path": "entry_id?stored_fields=tags,counter" } }, "HarvesterQueryResponse": { "type": "object", "description": "Results of the Elasticsearch query on given index.", "properties": { "headers": { "type": "object", "description": "Headers of the Elasticseach response." }, "code": { "type": "integer", "description": "Status code of the Elasticsearch response." }, "body": { "type": "string", "description": "Body of the Elasticsearch response." } }, "required": [ "headers", "code", "body" ], "example": { "headers": { "content-type": "application/json; charset=UTF-8", "content-length": "142" }, "code": 404, "body": "{\"_index\":\"ngi1mdnly2i5od\",\"_type\":\"_doc\",\"_id\":\"awda\",\"found\":false}" } }, "HarvesterIndexStatsDetails": { "type": "object", "description": "Index harvesting stats.", "properties": { "space_id": { "type": "object", "properties": { "provider_id": { "type": "object", "properties": { "currentSeq": { "type": "integer", "description": "Highest sequence number in given space in given provider already harvested in this index" }, "maxSeq": { "type": "integer", "description": "Highest known sequence in given space in given provider" }, "error": { "type": "string", "description": "Short description of encountered error if last harvesting failed" }, "lastUpdate": { "$ref": "#/definitions/Timestamp", "description": "Timestamp in seconds (UNIX epoch) of the last harvesting in this index" }, "archival": { "type": "boolean", "description": "Stats are marked archival when it is no longer possible to harvest metadata in given space in given provider (e.g space was removed from harvester)" } }, "required": [ "currentSeq", "maxSeq", "error", "lastUpdate", "archival" ] } } } }, "example": { "$SPACE_ID1": { "$PROVIDER_ID1": { "currentSeq": 5, "maxSeq": 8, "error": null, "lastUpdate": 1557928576, "archival": false }, "$PROVIDER_ID2": { "currentSeq": 8, "maxSeq": 13, "error": "Service unavailable: temporary failure", "lastUpdate": 1557928576, "archival": false } }, "$SPACE_ID2": { "$PROVIDER_ID1": { "currentSeq": 13, "maxSeq": 21, "error": null, "lastUpdate": 1557928576, "archival": false }, "$PROVIDER_ID3": { "currentSeq": 21, "maxSeq": 34, "error": null, "lastUpdate": 1557928576, "archival": true } } } }, "Cluster": { "type": "object", "description": "Cluster details.", "properties": { "clusterId": { "type": "string", "description": "The id of the cluster - depending on the type equal to the Oneprovider Id or \"onezone\" in case of Onezone cluster\n" }, "type": { "type": "string", "description": "Type of the cluster", "enum": [ "oneprovider", "onezone" ] }, "workerVersion": { "$ref": "#/definitions/VersionInfo" }, "onepanelVersion": { "$ref": "#/definitions/VersionInfo" }, "onepanelProxy": { "type": "boolean", "description": "Is onepanel proxy enabled - if so, onepanel GUI is served on cluster's domain at port 443 (rather than 9443).\n" }, "creator": { "$ref": "#/definitions/Subject" }, "creationTime": { "$ref": "#/definitions/Timestamp" } }, "required": [ "clusterId", "type", "workerVersion", "onepanelVersion", "onepanelProxy", "creator", "creationTime" ], "example": { "clusterId": "2c0160248ba9a66f45da751ca459535a", "type": "oneprovider", "workerVersion": { "release": "20.02.13", "build": "1-gfabf02d", "gui": "68e7e1472adb719ddf2d88908775091dfb10e5d0b916f06125ea1af4056044e3" }, "onepanelVersion": { "release": "20.02.13", "build": "1-gd76fac2", "gui": "5d9dd608775091dfb10ef2d888e7e14720b916f06125ea1af4056044eadb7193" }, "onepanelProxy": true, "creator": { "type": "user", "id": "7434b256e71e1052e0d5e3e9da657ebf" }, "creationTime": 1576152793 } }, "Clusters": { "type": "object", "description": "The list of clusters.", "properties": { "clusters": { "type": "array", "description": "The list of cluster Ids.", "items": { "type": "string" } } }, "required": [ "clusters" ], "example": { "clusters": [ "1d24c36707d99197c6cd995810a43aca", "6825604b0eb6a47b8b7a04b6369eb24d" ] } }, "ClusterUpdateRequest": { "type": "object", "description": "Cluster update request.", "properties": { "proxy": { "type": "boolean", "description": "Is onepanel proxy enabled - if so, onepanel GUI is served on cluster's domain at port 443 (rather than 9443).\n" } }, "example": { "proxy": true } }, "ClusterInviteToken": { "type": "object", "description": "Cluster invitation token.", "properties": { "token": { "type": "string", "description": "The token for joining a cluster." } }, "required": [ "token" ], "example": { "token": "JKAxNWxvY2F0aW9uIG9uZXpvbmUKMDAzYmlkZW50aWZpZXIgOEhmSEFSSGdrbHFCa1pWSTRsNk1CVHZTU3Z0OThwcHA2OTQ4czhRN1NPawowMDFhY2lkIHRpbWUgPCAxNDk2MTQwMTQ0CjAwMmZzaWduYXR1cmUg88OI1d24c36707d99197c6cd995810a43aca" } }, "ClusterPrivileges": { "type": "array", "description": "A list of privileges in the cluster.", "items": { "type": "string", "enum": [ "cluster_view", "cluster_update", "cluster_delete", "cluster_view_privileges", "cluster_set_privileges", "cluster_add_user", "cluster_remove_user", "cluster_add_group", "cluster_remove_group" ] }, "example": [ "cluster_view", "cluster_update", "cluster_delete", "cluster_view_privileges", "cluster_set_privileges", "cluster_add_user", "cluster_remove_user", "cluster_add_group", "cluster_remove_group" ] }, "ClusterManagerPrivileges": { "type": "array", "description": "A subset of cluster privileges suggested for cluster managers.", "items": { "type": "string", "enum": [ "cluster_view", "cluster_add_user", "cluster_remove_user", "cluster_add_group", "cluster_remove_group" ] }, "example": [ "cluster_view", "cluster_add_user", "cluster_remove_user", "cluster_add_group", "cluster_remove_group" ] }, "ClusterMemberPrivileges": { "type": "array", "description": "A subset of cluster privileges suggested for cluster members.", "items": { "type": "string", "enum": [ "cluster_view" ] } }, "ClusterPrivilegesUpdate": { "type": "object", "description": "Cluster privileges update request.", "properties": { "grant": { "$ref": "#/definitions/ClusterPrivileges" }, "revoke": { "$ref": "#/definitions/ClusterPrivileges" } }, "example": { "grant": [ "cluster_view", "cluster_view_privileges", "cluster_add_user", "cluster_add_group" ], "revoke": [ "cluster_update", "cluster_delete", "cluster_set_privileges", "cluster_remove_user", "cluster_remove_group" ] } }, "MembershipIntermediaries": { "type": "object", "description": "The list of membership intermediaries - entities from which the user inherits membership.", "properties": { "intermediaries": { "type": "array", "items": { "type": "object", "properties": { "type": { "type": "string", "description": "The type of the intermediary.", "enum": [ "group", "space", "provider", "handle_service", "handle", "cluster" ] }, "id": { "type": "string", "description": "The id of the intermediary." } } } } }, "example": { "intermediaries": [ { "type": "group", "id": "ef228f31345699bbfa74b030517965a2" }, { "type": "group", "id": "b55b907444dd00aab8cbe8dcb82681fd" }, { "type": "space", "id": "self" } ] } } }, "tags": [ { "name": "Zone", "description": "Information about the Onezone service" }, { "name": "User", "description": "User management" }, { "name": "Group", "description": "Group management" }, { "name": "Space", "description": "Space management" }, { "name": "Share", "description": "Share management" }, { "name": "Provider", "description": "Provider management" }, { "name": "Token", "description": "Token (access/invite) management" }, { "name": "Handle", "description": "Operations for managing Handle system service and identifier generation." }, { "name": "Handle Service", "description": "Handle service management" }, { "name": "Harvester", "description": "Harvester management" }, { "name": "Cluster", "description": "Cluster management" } ], "x-tagGroups": [ { "name": "Service information", "tags": [ "Zone" ] }, { "name": "User management", "tags": [ "User" ] }, { "name": "Group management", "tags": [ "Group" ] }, { "name": "Space management", "tags": [ "Space" ] }, { "name": "Share management", "tags": [ "Share" ] }, { "name": "Provider management", "tags": [ "Provider" ] }, { "name": "Token management", "tags": [ "Token" ] }, { "name": "Handle (DOI, PID) management", "tags": [ "Handle" ] }, { "name": "Handle service management", "tags": [ "Handle Service" ] }, { "name": "Harvester management", "tags": [ "Harvester" ] }, { "name": "Cluster management", "tags": [ "Cluster" ] } ], "securityDefinitions": { "basic": { "type": "basic" }, "api_key1": { "type": "apiKey", "name": "X-Auth-Token", "in": "header" }, "api_key2": { "type": "apiKey", "name": "Authorization", "in": "header" } }, "security": [ { "basic": [] }, { "api_key1": [] }, { "api_key2": [] } ] }