-
Notifications
You must be signed in to change notification settings - Fork 2
/
pdp-openapi.json
1 lines (1 loc) · 35.2 KB
/
pdp-openapi.json
1
{"openapi":"3.1.0","info":{"title":"Permit.io PDP","description":"The PDP (Policy decision point) container wraps Open Policy Agent (OPA) with a higher-level API intended for fine grained application-level authorization. The PDP automatically handles pulling policy updates in real-time from a centrally managed cloud-service (api.permit.io).","version":"0.2.0"},"paths":{"/policy-updater/trigger":{"post":{"tags":["Policy Updater"],"summary":"Trigger Policy Update","operationId":"trigger_policy_update_policy_updater_trigger_post","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}}},"/data-updater/trigger":{"post":{"tags":["Data Updater"],"summary":"Trigger Policy Data Update","operationId":"trigger_policy_data_update_data_updater_trigger_post","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}}},"/policy-store/config":{"get":{"tags":["Policy Store"],"summary":"Get Policy Store Details","operationId":"get_policy_store_details_policy_store_config_get","parameters":[{"required":false,"schema":{"type":"string","title":"Authorization"},"name":"authorization","in":"header"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PolicyStoreDetails"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/callbacks":{"get":{"tags":["Callbacks"],"summary":"List Callbacks","description":"list all the callbacks currently registered by OPAL client.","operationId":"list_callbacks_callbacks_get","parameters":[{"required":false,"schema":{"type":"string","title":"Authorization"},"name":"authorization","in":"header"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"items":{"$ref":"#/components/schemas/CallbackEntry"},"type":"array","title":"Response List Callbacks Callbacks Get"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}},"post":{"tags":["Callbacks"],"summary":"Register Callback","description":"register a new callback by OPAL client, to be called on OPA state\nupdates.","operationId":"register_callback_callbacks_post","parameters":[{"required":false,"schema":{"type":"string","title":"Authorization"},"name":"authorization","in":"header"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/CallbackEntry"}}},"required":true},"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CallbackEntry"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/callbacks/{key}":{"get":{"tags":["Callbacks"],"summary":"Get Callback By Key","description":"get a callback by its key (if such callback is indeed\nregistered).","operationId":"get_callback_by_key_callbacks__key__get","parameters":[{"required":true,"schema":{"type":"string","title":"Key"},"name":"key","in":"path"},{"required":false,"schema":{"type":"string","title":"Authorization"},"name":"authorization","in":"header"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CallbackEntry"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}},"delete":{"tags":["Callbacks"],"summary":"Get Callback By Key","description":"unregisters a callback identified by its key (if such callback is\nindeed registered).","operationId":"get_callback_by_key_callbacks__key__delete","parameters":[{"required":true,"schema":{"type":"string","title":"Key"},"name":"key","in":"path"},{"required":false,"schema":{"type":"string","title":"Authorization"},"name":"authorization","in":"header"}],"responses":{"204":{"description":"Successful Response"},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/authorized_users":{"post":{"tags":["Authorization API"],"summary":"Authorized Users","operationId":"authorized_users_authorized_users_post","parameters":[{"required":false,"schema":{"title":"Authorization"},"name":"authorization","in":"header"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AuthorizedUsersAuthorizationQuery"}}},"required":true},"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AuthorizedUsersResult"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/allowed_url":{"post":{"tags":["Authorization API"],"summary":"Is Allowed Url","operationId":"is_allowed_url_allowed_url_post","parameters":[{"required":false,"schema":{"title":"Authorization"},"name":"authorization","in":"header"},{"required":false,"schema":{"type":"string","title":"X-Permit-Sdk-Language"},"name":"x-permit-sdk-language","in":"header"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/UrlAuthorizationQuery"}}},"required":true},"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AuthorizationResult"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/user-permissions":{"post":{"tags":["Authorization API"],"summary":"Get User Permissions","operationId":"Get_User_Permissions_user_permissions_post","parameters":[{"required":false,"schema":{"title":"Authorization"},"name":"authorization","in":"header"},{"required":false,"schema":{"type":"string","title":"X-Permit-Sdk-Language"},"name":"x-permit-sdk-language","in":"header"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserPermissionsQuery"}}},"required":true},"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"additionalProperties":{"$ref":"#/components/schemas/_UserPermissionsResult"},"type":"object","title":"Response Get User Permissions User Permissions Post"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/user-tenants":{"post":{"tags":["Authorization API"],"summary":"Get User Tenants","operationId":"Get_User_Tenants_user_tenants_post","parameters":[{"required":false,"schema":{"title":"Authorization"},"name":"authorization","in":"header"},{"required":false,"schema":{"type":"string","title":"X-Permit-Sdk-Language"},"name":"x-permit-sdk-language","in":"header"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserTenantsQuery"}}},"required":true},"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"items":{"$ref":"#/components/schemas/_TenantDetails"},"type":"array","title":"Response Get User Tenants User Tenants Post"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/allowed/all-tenants":{"post":{"tags":["Authorization API"],"summary":"Is Allowed All Tenants","operationId":"is_allowed_all_tenants_allowed_all_tenants_post","parameters":[{"required":false,"schema":{"title":"Authorization"},"name":"authorization","in":"header"},{"required":false,"schema":{"type":"string","title":"X-Permit-Sdk-Language"},"name":"x-permit-sdk-language","in":"header"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AuthorizationQuery"}}},"required":true},"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AllTenantsAuthorizationResult"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/allowed/bulk":{"post":{"tags":["Authorization API"],"summary":"Is Allowed Bulk","operationId":"is_allowed_bulk_allowed_bulk_post","parameters":[{"required":false,"schema":{"title":"Authorization"},"name":"authorization","in":"header"},{"required":false,"schema":{"type":"string","title":"X-Permit-Sdk-Language"},"name":"x-permit-sdk-language","in":"header"}],"requestBody":{"content":{"application/json":{"schema":{"items":{"$ref":"#/components/schemas/AuthorizationQuery"},"type":"array","title":"Queries"}}},"required":true},"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/BulkAuthorizationResult"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/allowed":{"post":{"tags":["Authorization API"],"summary":"Is Allowed","operationId":"is_allowed_allowed_post","parameters":[{"required":false,"schema":{"title":"Authorization"},"name":"authorization","in":"header"},{"required":false,"schema":{"type":"string","title":"X-Permit-Sdk-Language"},"name":"x-permit-sdk-language","in":"header"}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"$ref":"#/components/schemas/AuthorizationQuery"},{"$ref":"#/components/schemas/AuthorizationQueryV1"}],"title":"Query"}}},"required":true},"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AuthorizationResult"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/kong":{"post":{"tags":["Authorization API"],"summary":"Is Allowed Kong","operationId":"is_allowed_kong_kong_post","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/KongAuthorizationQuery"}}},"required":true},"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/KongAuthorizationResult"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/local/role_assignments":{"get":{"tags":["Local Queries"],"summary":"List Role Assignments","description":"Get all role assignments stored in the PDP.\n\nYou can filter the results by providing optional filters.","operationId":"list_role_assignments_local_role_assignments_get","parameters":[{"description":"optional user filter, will only return role assignments granted to this user.","required":false,"schema":{"type":"string","title":"User","description":"optional user filter, will only return role assignments granted to this user."},"name":"user","in":"query"},{"description":"optional role filter, will only return role assignments granting this role.","required":false,"schema":{"type":"string","title":"Role","description":"optional role filter, will only return role assignments granting this role."},"name":"role","in":"query"},{"description":"optional tenant filter, will only return role assignments granted in that tenant.","required":false,"schema":{"type":"string","title":"Tenant","description":"optional tenant filter, will only return role assignments granted in that tenant."},"name":"tenant","in":"query"},{"description":"optional resource **type** filter, will only return role assignments granted on that resource type.","required":false,"schema":{"type":"string","title":"Resource","description":"optional resource **type** filter, will only return role assignments granted on that resource type."},"name":"resource","in":"query"},{"description":"optional resource instance filter, will only return role assignments granted on that resource instance.","required":false,"schema":{"type":"string","title":"Resource Instance","description":"optional resource instance filter, will only return role assignments granted on that resource instance."},"name":"resource_instance","in":"query"},{"description":"Page number of the results to fetch, starting at 1.","required":false,"schema":{"type":"integer","minimum":1.0,"title":"Page","description":"Page number of the results to fetch, starting at 1.","default":1},"name":"page","in":"query"},{"description":"The number of results per page (max 100).","required":false,"schema":{"type":"integer","maximum":100.0,"minimum":1.0,"title":"Per Page","description":"The number of results per page (max 100).","default":30},"name":"per_page","in":"query"},{"required":false,"schema":{"title":"Authorization"},"name":"authorization","in":"header"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"items":{"$ref":"#/components/schemas/RoleAssignment"},"type":"array","title":"Response List Role Assignments Local Role Assignments Get"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/healthchecks/opa/ready":{"get":{"tags":["Cloud API Proxy"],"summary":"Proxy ready healthcheck - OPAL_OPA_HEALTH_CHECK_POLICY_ENABLED must be set to True","operationId":"ready_opa_healthcheck_healthchecks_opa_ready_get","parameters":[{"required":false,"schema":{"title":"Authorization"},"name":"authorization","in":"header"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/healthchecks/opa/healthy":{"get":{"tags":["Cloud API Proxy"],"summary":"Proxy healthy healthcheck - OPAL_OPA_HEALTH_CHECK_POLICY_ENABLED must be set to True","operationId":"health_opa_healthcheck_healthchecks_opa_healthy_get","parameters":[{"required":false,"schema":{"title":"Authorization"},"name":"authorization","in":"header"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/healthchecks/opa/system":{"get":{"tags":["Cloud API Proxy"],"summary":"Proxy system data - OPAL_OPA_HEALTH_CHECK_POLICY_ENABLED must be set to True","operationId":"system_opa_healthcheck_healthchecks_opa_system_get","parameters":[{"required":false,"schema":{"title":"Authorization"},"name":"authorization","in":"header"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/facts/users":{"post":{"tags":["Local Facts API"],"summary":"Create User","operationId":"create_user_facts_users_post","parameters":[{"required":false,"schema":{"title":"Authorization"},"name":"authorization","in":"header"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/facts/tenants":{"post":{"tags":["Local Facts API"],"summary":"Create Tenant","operationId":"create_tenant_facts_tenants_post","parameters":[{"required":false,"schema":{"title":"Authorization"},"name":"authorization","in":"header"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/facts/users/{user_id}":{"put":{"tags":["Local Facts API"],"summary":"Sync User","operationId":"sync_user_facts_users__user_id__put","parameters":[{"required":true,"schema":{"type":"string","title":"User Id"},"name":"user_id","in":"path"},{"required":false,"schema":{"title":"Authorization"},"name":"authorization","in":"header"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}},"patch":{"tags":["Local Facts API"],"summary":"Update User","operationId":"update_user_facts_users__user_id__patch","parameters":[{"required":true,"schema":{"type":"string","title":"User Id"},"name":"user_id","in":"path"},{"required":false,"schema":{"title":"Authorization"},"name":"authorization","in":"header"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/facts/users/{user_id}/roles":{"post":{"tags":["Local Facts API"],"summary":"Assign User Role","operationId":"assign_user_role_facts_users__user_id__roles_post","parameters":[{"required":true,"schema":{"type":"string","title":"User Id"},"name":"user_id","in":"path"},{"required":false,"schema":{"title":"Authorization"},"name":"authorization","in":"header"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/facts/role_assignments":{"post":{"tags":["Local Facts API"],"summary":"Create Role Assignment","operationId":"create_role_assignment_facts_role_assignments_post","parameters":[{"required":false,"schema":{"title":"Authorization"},"name":"authorization","in":"header"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/facts/resource_instances":{"post":{"tags":["Local Facts API"],"summary":"Create Resource Instance","operationId":"create_resource_instance_facts_resource_instances_post","parameters":[{"required":false,"schema":{"title":"Authorization"},"name":"authorization","in":"header"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/facts/resource_instances/{instance_id}":{"patch":{"tags":["Local Facts API"],"summary":"Update Resource Instance","operationId":"update_resource_instance_facts_resource_instances__instance_id__patch","parameters":[{"required":true,"schema":{"type":"string","title":"Instance Id"},"name":"instance_id","in":"path"},{"required":false,"schema":{"title":"Authorization"},"name":"authorization","in":"header"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/facts/relationship_tuples":{"post":{"tags":["Local Facts API"],"summary":"Create Relationship Tuple","operationId":"create_relationship_tuple_facts_relationship_tuples_post","parameters":[{"required":false,"schema":{"title":"Authorization"},"name":"authorization","in":"header"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}}},"components":{"schemas":{"AllTenantsAuthorizationResult":{"properties":{"allowed_tenants":{"items":{"$ref":"#/components/schemas/_AllTenantsAuthorizationResult"},"type":"array","title":"Allowed Tenants","default":[]}},"type":"object","title":"AllTenantsAuthorizationResult"},"AuthorizationQuery":{"properties":{"user":{"$ref":"#/components/schemas/User"},"action":{"type":"string","title":"Action"},"resource":{"$ref":"#/components/schemas/Resource"},"context":{"type":"object","title":"Context","default":{}},"sdk":{"type":"string","title":"Sdk"}},"type":"object","required":["user","action","resource"],"title":"AuthorizationQuery","description":"the format of is_allowed() input"},"AuthorizationQueryV1":{"properties":{"user":{"type":"string","title":"User"},"action":{"type":"string","title":"Action"},"resource":{"$ref":"#/components/schemas/ResourceV1"},"context":{"type":"object","title":"Context","default":{}}},"type":"object","required":["user","action","resource"],"title":"AuthorizationQueryV1","description":"the format of is_allowed() input"},"AuthorizationResult":{"properties":{"allow":{"type":"boolean","title":"Allow","default":false},"query":{"type":"object","title":"Query"},"debug":{"type":"object","title":"Debug"},"result":{"type":"boolean","title":"Result","default":false}},"type":"object","title":"AuthorizationResult"},"AuthorizedUserAssignment":{"properties":{"user":{"type":"string","title":"User","description":"The user that is authorized"},"tenant":{"type":"string","title":"Tenant","description":"The tenant that the user is authorized for"},"resource":{"type":"string","title":"Resource","description":"The resource that the user is authorized for"},"role":{"type":"string","title":"Role","description":"The role that the user is assigned to"}},"type":"object","required":["user","tenant","resource","role"],"title":"AuthorizedUserAssignment"},"AuthorizedUsersAuthorizationQuery":{"properties":{"action":{"type":"string","title":"Action"},"resource":{"$ref":"#/components/schemas/Resource"},"context":{"type":"object","title":"Context","default":{}},"sdk":{"type":"string","title":"Sdk"}},"type":"object","required":["action","resource"],"title":"AuthorizedUsersAuthorizationQuery","description":"the format of authorized_users input"},"AuthorizedUsersResult":{"properties":{"resource":{"type":"string","title":"Resource","description":"The resource that the result is about.Can be either 'resource:*' or 'resource:resource_instance'"},"tenant":{"type":"string","title":"Tenant","description":"The tenant that the result is about"},"users":{"additionalProperties":{"items":{"$ref":"#/components/schemas/AuthorizedUserAssignment"},"type":"array"},"type":"object","title":"Users","description":"A key value mapping of the users that are authorized for the resource.The key is the user key and the value is a list of assignments allowing the user to performthe requested action"}},"type":"object","required":["resource","tenant","users"],"title":"AuthorizedUsersResult","examples":[{"resource":"repo:*","tenant":"default","users":{"user1":[{"user":"user1","tenant":"default","resource":"__tenant:default","role":"admin"}]}},{"resource":"repo:OPAL","tenant":"default","users":{"user1":[{"user":"user1","tenant":"default","resource":"repo:OPAL","role":"admin"},{"user":"user1","tenant":"default","resource":"__tenant:default","role":"admin"}]}}]},"BulkAuthorizationResult":{"properties":{"allow":{"items":{"$ref":"#/components/schemas/AuthorizationResult"},"type":"array","title":"Allow","default":[]}},"type":"object","title":"BulkAuthorizationResult"},"CallbackEntry":{"properties":{"key":{"type":"string","title":"Key","description":"unique id to identify this callback (optional)"},"url":{"type":"string","title":"Url","description":"http/https url to call back on update"},"config":{"allOf":[{"$ref":"#/components/schemas/HttpFetcherConfig"}],"title":"Config","description":"optional http config for the target url (i.e: http method, headers, etc)"}},"type":"object","required":["url"],"title":"CallbackEntry","description":"an entry in the callbacks register.\n\nthis schema is used by the callbacks api"},"HTTPValidationError":{"properties":{"detail":{"items":{"$ref":"#/components/schemas/ValidationError"},"type":"array","title":"Detail"}},"type":"object","title":"HTTPValidationError"},"HttpFetcherConfig":{"properties":{"fetcher":{"type":"string","title":"Fetcher","description":"indicates to OPAL client that it should use a custom FetcherProvider to fetch the data"},"headers":{"type":"object","title":"Headers"},"is_json":{"type":"boolean","title":"Is Json","default":true},"process_data":{"type":"boolean","title":"Process Data","default":true},"method":{"allOf":[{"$ref":"#/components/schemas/HttpMethods"}],"default":"get"},"data":{"title":"Data"}},"type":"object","title":"HttpFetcherConfig","description":"Config for HttpFetchProvider's Adding HTTP headers."},"HttpMethods":{"enum":["get","post","put","patch","head","delete"],"title":"HttpMethods","description":"An enumeration."},"KongAuthorizationInput":{"properties":{"request":{"$ref":"#/components/schemas/KongAuthorizationInputRequest"},"client_ip":{"type":"string","title":"Client Ip"},"service":{"$ref":"#/components/schemas/KongAuthorizationInputService"},"route":{"$ref":"#/components/schemas/KongAuthorizationInputRoute"},"consumer":{"$ref":"#/components/schemas/KongAuthorizationInputConsumer"}},"type":"object","required":["request"],"title":"KongAuthorizationInput"},"KongAuthorizationInputConsumer":{"properties":{"id":{"type":"string","format":"uuid","title":"Id"},"username":{"type":"string","title":"Username"}},"type":"object","required":["id","username"],"title":"KongAuthorizationInputConsumer"},"KongAuthorizationInputRequest":{"properties":{"http":{"$ref":"#/components/schemas/KongAuthorizationInputRequestHttp"}},"type":"object","required":["http"],"title":"KongAuthorizationInputRequest"},"KongAuthorizationInputRequestHttp":{"properties":{"host":{"type":"string","title":"Host"},"port":{"type":"integer","title":"Port"},"tls":{"type":"object","title":"Tls"},"method":{"type":"string","title":"Method"},"scheme":{"type":"string","title":"Scheme"},"path":{"type":"string","title":"Path"},"querystring":{"additionalProperties":{"type":"string"},"type":"object","title":"Querystring"},"headers":{"additionalProperties":{"type":"string"},"type":"object","title":"Headers"}},"type":"object","required":["host","port","tls","method","scheme","path","querystring","headers"],"title":"KongAuthorizationInputRequestHttp"},"KongAuthorizationInputRoute":{"properties":{"id":{"type":"string","format":"uuid","title":"Id"},"paths":{"items":{"type":"string"},"type":"array","title":"Paths"},"protocols":{"items":{"type":"string"},"type":"array","title":"Protocols"},"strip_path":{"type":"boolean","title":"Strip Path"},"created_at":{"type":"integer","title":"Created At"},"ws_id":{"type":"string","format":"uuid","title":"Ws Id"},"request_buffering":{"type":"boolean","title":"Request Buffering"},"updated_at":{"type":"integer","title":"Updated At"},"preserve_host":{"type":"boolean","title":"Preserve Host"},"regex_priority":{"type":"integer","title":"Regex Priority"},"response_buffering":{"type":"boolean","title":"Response Buffering"},"https_redirect_status_code":{"type":"integer","title":"Https Redirect Status Code"},"path_handling":{"type":"string","title":"Path Handling"},"service":{"$ref":"#/components/schemas/KongAuthorizationInputRouteService"}},"type":"object","required":["id","paths","protocols","strip_path","created_at","ws_id","request_buffering","updated_at","preserve_host","regex_priority","response_buffering","https_redirect_status_code","path_handling","service"],"title":"KongAuthorizationInputRoute"},"KongAuthorizationInputRouteService":{"properties":{"id":{"type":"string","format":"uuid","title":"Id"}},"type":"object","required":["id"],"title":"KongAuthorizationInputRouteService"},"KongAuthorizationInputService":{"properties":{"host":{"type":"string","title":"Host"},"created_at":{"type":"integer","title":"Created At"},"connect_timeout":{"type":"integer","title":"Connect Timeout"},"id":{"type":"string","format":"uuid","title":"Id"},"procotol":{"type":"string","title":"Procotol"},"name":{"type":"string","title":"Name"},"read_timeout":{"type":"integer","title":"Read Timeout"},"port":{"type":"integer","title":"Port"},"updated_at":{"type":"integer","title":"Updated At"},"ws_id":{"type":"string","format":"uuid","title":"Ws Id"},"retries":{"type":"integer","title":"Retries"},"write_timeout":{"type":"integer","title":"Write Timeout"}},"type":"object","required":["host","created_at","connect_timeout","id","procotol","name","read_timeout","port","updated_at","ws_id","retries","write_timeout"],"title":"KongAuthorizationInputService"},"KongAuthorizationQuery":{"properties":{"input":{"$ref":"#/components/schemas/KongAuthorizationInput"}},"type":"object","required":["input"],"title":"KongAuthorizationQuery","description":"the format of is_allowed_kong() input"},"KongAuthorizationResult":{"properties":{"result":{"type":"boolean","title":"Result","default":false}},"type":"object","title":"KongAuthorizationResult"},"PolicyStoreAuth":{"enum":["none","token","oauth","tls"],"title":"PolicyStoreAuth","description":"An enumeration."},"PolicyStoreDetails":{"properties":{"type":{"allOf":[{"$ref":"#/components/schemas/PolicyStoreTypes"}],"description":"the type of policy store, currently only OPA is officially supported","default":"OPA"},"url":{"type":"string","title":"Url","description":"the url that OPA can be found in. if localhost is the host - it means OPA is on the same hostname as OPAL client."},"token":{"type":"string","title":"Token","description":"optional access token required by the policy store"},"auth_type":{"allOf":[{"$ref":"#/components/schemas/PolicyStoreAuth"}],"description":"the type of authentication is supported for the policy store.","default":"none"},"oauth_client_id":{"type":"string","title":"Oauth Client Id","description":"optional OAuth client id required by the policy store"},"oauth_client_secret":{"type":"string","title":"Oauth Client Secret","description":"optional OAuth client secret required by the policy store"},"oauth_server":{"type":"string","title":"Oauth Server","description":"optional OAuth server required by the policy store"}},"type":"object","required":["url"],"title":"PolicyStoreDetails","description":"represents a policy store endpoint - contains the policy store's:\n- location (url)\n- type\n- credentials"},"PolicyStoreTypes":{"enum":["OPA","CEDAR","MOCK"],"title":"PolicyStoreTypes","description":"An enumeration."},"Resource":{"properties":{"type":{"type":"string","title":"Type"},"key":{"type":"string","title":"Key"},"tenant":{"type":"string","title":"Tenant"},"attributes":{"type":"object","title":"Attributes","default":{}},"context":{"type":"object","title":"Context","default":{}}},"type":"object","required":["type"],"title":"Resource"},"ResourceV1":{"properties":{"type":{"type":"string","title":"Type"},"id":{"type":"string","title":"Id"},"tenant":{"type":"string","title":"Tenant"},"attributes":{"type":"object","title":"Attributes"},"context":{"type":"object","title":"Context","default":{}}},"type":"object","required":["type"],"title":"ResourceV1","deprecated":true},"RoleAssignment":{"properties":{"user":{"type":"string","title":"User","description":"the user the role is assigned to"},"role":{"type":"string","title":"Role","description":"the role that is assigned"},"tenant":{"type":"string","title":"Tenant","description":"the tenant the role is associated with"},"resource_instance":{"type":"string","title":"Resource Instance","description":"the resource instance the role is associated with"}},"type":"object","required":["user","role","tenant"],"title":"RoleAssignment","description":"The format of a role assignment","example":[{"user":"[email protected]","role":"admin","tenant":"stripe-inc"},{"user":"[email protected]","role":"admin","tenant":"stripe-inc","resource_instance":"document:doc-1234"}]},"UrlAuthorizationQuery":{"properties":{"user":{"$ref":"#/components/schemas/User"},"http_method":{"type":"string","title":"Http Method"},"url":{"type":"string","maxLength":65536,"minLength":1,"format":"uri","title":"Url"},"tenant":{"type":"string","title":"Tenant"},"context":{"type":"object","title":"Context","default":{}},"sdk":{"type":"string","title":"Sdk"}},"type":"object","required":["user","http_method","url","tenant"],"title":"UrlAuthorizationQuery","description":"the format of is_allowed_url() input"},"User":{"properties":{"key":{"type":"string","title":"Key"},"firstName":{"type":"string","title":"Firstname"},"lastName":{"type":"string","title":"Lastname"},"email":{"type":"string","title":"Email"},"attributes":{"type":"object","title":"Attributes","default":{}}},"type":"object","required":["key"],"title":"User"},"UserPermissionsQuery":{"properties":{"user":{"$ref":"#/components/schemas/User"},"tenants":{"items":{"type":"string"},"type":"array","title":"Tenants"},"resources":{"items":{"type":"string"},"type":"array","title":"Resources"},"resource_types":{"items":{"type":"string"},"type":"array","title":"Resource Types"},"context":{"type":"object","title":"Context","default":{}}},"type":"object","required":["user"],"title":"UserPermissionsQuery"},"UserTenantsQuery":{"properties":{"user":{"$ref":"#/components/schemas/User"},"context":{"type":"object","title":"Context","default":{}}},"type":"object","required":["user"],"title":"UserTenantsQuery"},"ValidationError":{"properties":{"loc":{"items":{"anyOf":[{"type":"string"},{"type":"integer"}]},"type":"array","title":"Location"},"msg":{"type":"string","title":"Message"},"type":{"type":"string","title":"Error Type"}},"type":"object","required":["loc","msg","type"],"title":"ValidationError"},"_AllTenantsAuthorizationResult":{"properties":{"allow":{"type":"boolean","title":"Allow","default":false},"query":{"type":"object","title":"Query"},"debug":{"type":"object","title":"Debug"},"result":{"type":"boolean","title":"Result","default":false},"tenant":{"$ref":"#/components/schemas/_TenantDetails"}},"type":"object","required":["tenant"],"title":"_AllTenantsAuthorizationResult"},"_ResourceDetails":{"properties":{"key":{"type":"string","title":"Key"},"attributes":{"type":"object","title":"Attributes","default":{}},"type":{"type":"string","title":"Type"}},"type":"object","required":["key","type"],"title":"_ResourceDetails"},"_TenantDetails":{"properties":{"key":{"type":"string","title":"Key"},"attributes":{"type":"object","title":"Attributes","default":{}}},"type":"object","required":["key"],"title":"_TenantDetails"},"_UserPermissionsResult":{"properties":{"tenant":{"$ref":"#/components/schemas/_TenantDetails"},"resource":{"$ref":"#/components/schemas/_ResourceDetails"},"permissions":{"items":{"type":"string","pattern":"^.+:.+$"},"type":"array","pattern":"^.+:.+$","title":"Permissions"},"roles":{"items":{"type":"string"},"type":"array","title":"Roles"}},"type":"object","required":["permissions"],"title":"_UserPermissionsResult"}}},"tags":[{"name":"Authorization API","description":"Authorization queries to OPA. These queries are answered locally by OPA and do not require the cloud service. Latency should be very low (< 20ms per query)"},{"name":"Local Queries","description":"These queries are done locally against the sidecar and do not involve a network round-trip to Permit.io cloud API. Therefore they are safe to use with reasonable performance (i.e: with negligible latency) in the context of a user request."},{"name":"Policy Updater","description":"API to manually trigger and control the local policy caching and refetching."},{"name":"Cloud API Proxy","description":"These endpoints proxy the Permit.io cloud api, and therefore **incur high-latency**. You should not use the cloud API in the standard request flow of users, i.e in places where the incurred added latency will affect your entire api. A good place to call the cloud API will be in one-time user events such as user registration (i.e: calling sync user, assigning initial user roles, etc.). The sidecar will proxy to the cloud every request prefixed with '/sdk'.","externalDocs":{"description":"The cloud api complete docs are located here:","url":"https://api.permit.io/redoc"}}]}