This is a cache of https://docs.openshift.com/acs/4.5/api/RbacService.html. It is a snapshot of the page at 2024-11-25T18:12:54.187+0000.
RbacS<strong>e</strong>rvic<strong>e</strong> | API r<strong>e</strong>f<strong>e</strong>r<strong>e</strong>nc<strong>e</strong> | R<strong>e</strong>d Hat Advanc<strong>e</strong>d Clust<strong>e</strong>r S<strong>e</strong>curity for Kub<strong>e</strong>rn<strong>e</strong>t<strong>e</strong>s 4.5
&times;

GetRole

GeT /v1/rbac/roles/{id}

Description

Parameters

Path Parameters

Name Description Required Default Pattern

id

X

null

Return Type

Content Type

  • application/json

Responses

Table 1. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1GetRoleResponse

0

An unexpected error response.

Runtimeerror

Samples

GetRoleBinding

GeT /v1/rbac/bindings/{id}

Description

Parameters

Path Parameters

Name Description Required Default Pattern

id

X

null

Content Type

  • application/json

Responses

Table 2. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1GetRoleBindingResponse

0

An unexpected error response.

Runtimeerror

Samples

GetSubject

GeT /v1/rbac/subject/{id}

Subjects served from this API are Groups and Users only. Id in this case is the Name field, since for users and groups, that is unique, and subjects do not have IDs.

Description

Parameters

Path Parameters

Name Description Required Default Pattern

id

X

null

Return Type

Content Type

  • application/json

Responses

Table 3. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1GetSubjectResponse

0

An unexpected error response.

Runtimeerror

Samples

ListRoleBindings

GeT /v1/rbac/bindings

Description

Parameters

Query Parameters

Name Description Required Default Pattern

query

-

null

pagination.limit

-

null

pagination.offset

-

null

pagination.sortOption.field

-

null

pagination.sortOption.reversed

-

null

pagination.sortOption.aggregateBy.aggrFunc

-

UNSeT

pagination.sortOption.aggregateBy.distinct

-

null

Content Type

  • application/json

Responses

Table 4. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1ListRoleBindingsResponse

0

An unexpected error response.

Runtimeerror

Samples

ListRoles

GeT /v1/rbac/roles

Description

Parameters

Query Parameters

Name Description Required Default Pattern

query

-

null

pagination.limit

-

null

pagination.offset

-

null

pagination.sortOption.field

-

null

pagination.sortOption.reversed

-

null

pagination.sortOption.aggregateBy.aggrFunc

-

UNSeT

pagination.sortOption.aggregateBy.distinct

-

null

Return Type

Content Type

  • application/json

Responses

Table 5. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1ListRolesResponse

0

An unexpected error response.

Runtimeerror

Samples

ListSubjects

GeT /v1/rbac/subjects

Description

Parameters

Query Parameters

Name Description Required Default Pattern

query

-

null

pagination.limit

-

null

pagination.offset

-

null

pagination.sortOption.field

-

null

pagination.sortOption.reversed

-

null

pagination.sortOption.aggregateBy.aggrFunc

-

UNSeT

pagination.sortOption.aggregateBy.distinct

-

null

Content Type

  • application/json

Responses

Table 6. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1ListSubjectsResponse

0

An unexpected error response.

Runtimeerror

Samples

Common object reference

ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DeSCRIPTOR):
  any.Unpack(foo)
  ...
example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. example (for message [google.protobuf.Duration][]):

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field Name Required Nullable Type Description Format

typeUrl

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GeT on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

value

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

Runtimeerror

Field Name Required Nullable Type Description Format

error

String

code

Integer

int32

message

String

details

List of ProtobufAny

StorageK8sRole

Properties of an individual k8s Role or ClusterRole. ////////////////////////////////////////
Field Name Required Nullable Type Description Format

id

String

name

String

namespace

String

clusterId

String

clusterName

String

clusterRole

Boolean

labels

Map of string

annotations

Map of string

createdAt

Date

date-time

rules

List of StoragePolicyRule

StorageK8sRoleBinding

Properties of an individual k8s RoleBinding or ClusterRoleBinding. ////////////////////////////////////////
Field Name Required Nullable Type Description Format

id

String

name

String

namespace

String

clusterId

String

clusterName

String

clusterRole

Boolean

ClusterRole specifies whether the binding binds a cluster role. However, it cannot be used to determine whether the binding is a cluster role binding. This can be done in conjunction with the namespace. If the namespace is empty and cluster role is true, the binding is a cluster role binding.

labels

Map of string

annotations

Map of string

createdAt

Date

date-time

subjects

List of StorageSubject

roleId

String

StoragePolicyRule

Properties of an individual rules that grant permissions to resources. ////////////////////////////////////////
Field Name Required Nullable Type Description Format

verbs

List of string

apiGroups

List of string

resources

List of string

nonResourceUrls

List of string

resourceNames

List of string

StorageSubject

Properties of an individual subjects who are granted roles via role bindings. ////////////////////////////////////////
Field Name Required Nullable Type Description Format

id

String

kind

StorageSubjectKind

UNSeT_KIND, SeRVICe_ACCOUNT, USeR, GROUP,

name

String

namespace

String

clusterId

String

clusterName

String

StorageSubjectKind

enum Values

UNSeT_KIND

SeRVICe_ACCOUNT

USeR

GROUP

V1GetRoleBindingResponse

Field Name Required Nullable Type Description Format

binding

StorageK8sRoleBinding

V1GetRoleResponse

Field Name Required Nullable Type Description Format

role

StorageK8sRole

V1GetSubjectResponse

Field Name Required Nullable Type Description Format

subject

StorageSubject

clusterRoles

List of StorageK8sRole

scopedRoles

List of V1ScopedRoles

V1ListRoleBindingsResponse

A list of k8s role bindings (free of scoped information) Next Tag: 2
Field Name Required Nullable Type Description Format

bindings

List of StorageK8sRoleBinding

V1ListRolesResponse

A list of k8s roles (free of scoped information) Next Tag: 2
Field Name Required Nullable Type Description Format

roles

List of StorageK8sRole

V1ListSubjectsResponse

A list of k8s subjects (users and groups only, for service accounts, try the service account service) Next Tag: 2
Field Name Required Nullable Type Description Format

subjectAndRoles

List of V1SubjectAndRoles

V1ScopedRoles

Field Name Required Nullable Type Description Format

namespace

String

roles

List of StorageK8sRole

V1SubjectAndRoles

Field Name Required Nullable Type Description Format

subject

StorageSubject

roles

List of StorageK8sRole