RBAC Service (3.1.0)

Download OpenAPI specification:Download

This is the spec that defines the API provided by the application to validate authorization for the passed role

Authentication

bearerAuth

Security Scheme Type HTTP
HTTP Authorization Scheme bearer
Bearer format "JWT"

RBAC

Validate authorization

Validates authorization for the role

Authorizations:
query Parameters
roles
required
Array of strings non-empty unique

One or more role names passed from the northbound API

method
required
string

Method passed from the northbound API

path
required
string

Path passed from the northbound API

Responses

Response samples

Content type
application/json
{
  • "code": 0,
  • "message": "message"
}

Get Role

Get specific role defined in EFA

Authorizations:
query Parameters
role_name
required
string

Name of the role to be queried

Responses

Response samples

Content type
application/json
{
  • "role-name": "SecurityAdmin",
  • "description": "Performs user management, PKI and key management operations in the system"
}

Get Roles

Get all roles defined in EFA

Authorizations:
query Parameters
include_internal
boolean

To include the internal roles in the response

Responses

Response samples

Content type
application/json
{
  • "role-list": "{role-list:[{role-name:FabricAdmin,description:Registers devices to fabric...},{role-name:SecurityAdmin,description:Performs user management, PKI and key management operations in the system.}...}]}"
}

RBAC-Tenant

Validate authorization for tenant

Validates tenant authorization for the role

Authorizations:
query Parameters
roles
required
Array of strings non-empty unique

One or more role names passed from the northbound API

tenant-name
string

Tenant name passed from the northbound API

method
required
string

Method passed from the northbound API

path
required
string

Path passed from the northbound API

Responses

Response samples

Content type
application/json
{
  • "code": 0,
  • "message": "message"
}

Get tenants authorized for a dynamic role

Get list of all tenants authorized for the given dynamic role. For static roles, the list will be empty.

Authorizations:
query Parameters
roles
required
Array of strings non-empty unique

One or more role names passed from the northbound API

Responses

Response samples

Content type
application/json
"{accessible: specific, tenants:[{tenant-one, tenant-two}]}"

Trouble Shooting

getExecutionDetail

Get the detailed output of the given execution ID

Authorizations:
query Parameters
id
required
string

Detailed output of the given execution ID

Responses

Response samples

Content type
application/json
{
  • "start_time": "2000-01-23T04:56:07.000Z",
  • "end_time": "2000-01-23T04:56:07.000Z",
  • "id": "id",
  • "parameters": "configure add",
  • "logs": "logs",
  • "command": "configure add",
  • "status": "Failed, Succeeded"
}

deleteExecutions

This API will delete the execution entries older than specific number of days

Authorizations:
query Parameters
days_older_by
required
integer
Default: 30

Deletes execution entries older than specified number of days

Responses

Response samples

Content type
application/json
{
  • "code": 0,
  • "message": "message"
}

getExecutionList

Get the list of all the previous executions

Authorizations:
query Parameters
limit
required
integer
Default: 10

Limit the number of executions that will be sent in the response. Default is 10

status
string
Default: "all"

Filter the executions based on the status(failed/succeeded/all)

Responses

Response samples

Content type
application/json
{
  • "items": [
    ]
}