Created
November 11, 2024 13:19
-
-
Save AndrienkoAleksandr/4dc82584bdc6f69abb6312c40ed6af4e to your computer and use it in GitHub Desktop.
newer?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http cli - is python application httpie, nicely prints good formatted response. | |
| # Role operations | |
| curl -X GET "http://localhost:7007/api/permission/roles" -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v | |
| http GET http://localhost:7007/api/permission/roles Authorization:"Bearer $token" | |
| curl -X GET "http://localhost:7007/api/permission/roles/role/default/test" -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v | |
| http GET http://localhost:7007/api/permission/roles/role/default/test Authorization:"Bearer $token" | |
| curl -X POST "http://localhost:7007/api/permission/roles" -d '{ "memberReferences": [ "user:default/andrienkoaleksandr" ], "name": "role:default/test" }' -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v | |
| curl -X PUT "http://localhost:7007/api/permission/roles/role/default/test" -d '{ "oldRole": { "memberReferences": [ "user:default/andrienkoaleksandr" ], "name": "role:default/test" }, "newRole": { "memberReferences": [ "user:default/test", "user:default/test2" ], "name": "role:default/test" } }' -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v | |
| curl -X DELETE "http://localhost:7007/api/permission/roles/role/default/test?memberReferences=user:default/test" -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v | |
| ### Delete completely role with all members: | |
| curl -X DELETE "http://localhost:7007/api/permission/roles/role/default/test" -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v | |
| # Permission policy operations | |
| curl http://localhost:7007/api/permission/policies -H "Authorization: Bearer $token" -v | |
| http GET http://localhost:7007/api/permission/policies Authorization:"Bearer $token" | |
| curl http://localhost:7007/api/permission/policies/role/default/rbac_admin -H "Authorization: Bearer $token" -v | |
| http GET http://localhost:7007/api/permission/policies/role/default/rbac_admin Authorization:"Bearer $token" | |
| ### Get filtered policies | |
| curl "http://localhost:7007/api/permission/policies?etityRef=user:default/andrienkoaleksandr&policy=read&effect=allow" -H "Authorization: Bearer $token" -v | |
| http GET "http://localhost:7007/api/permission/policies?etityRef=user:default/andrienkoaleksandr&policy=read&effect=allow" Authorization:"Bearer $token" | |
| curl -X POST "http://localhost:7007/api/permission/policies" -d '[{"entityReference": "role:default/test", "permission": "catalog-entity", "policy": "read", "effect":"allow"}]' -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v | |
| curl -X PUT "http://localhost:7007/api/permission/policies/role/default/test" -d '{ "oldPolicy": [{ "permission": "catalog-entity", "policy": "read", "effect": "allow" }], "newPolicy": [{ "permission": "policy-entity", "policy": "read", "effect": "allow" }] }' -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v | |
| curl "http://localhost:7007/api/permission/policies/role/default/test" -H "Authorization: Bearer $token" -v | |
| http GET "http://localhost:7007/api/permission/policies/role/default/test" Authorization:"Bearer $token" | |
| curl -X DELETE "http://localhost:7007/api/permission/policies/role/default/test" -d '[{"entityReference": "role:default/test", "permission": "policy-entity", "policy": "read", "effect":"allow"}]' -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v | |
| # Let's check list policies | |
| curl http://localhost:7007/api/permission/plugins/policies -H "Authorization: Bearer $token" -v | |
| http GET http://localhost:7007/api/permission/plugins/policies Authorization:"Bearer $token" | |
| # Get list condition rules | |
| curl http://localhost:7007/api/permission/plugins/condition-rules -H "Authorization: Bearer $token" -v | |
| http GET http://localhost:7007/api/permission/plugins/condition-rules Authorization:"Bearer $token" | |
| # Conditions | |
| You need to have two users: admin and test user. "user:default/logarifm" is my test user and member of group:defalt/team-a. Token should be retrieved for admin user. | |
| #### Let's create test role: | |
| curl -X POST "http://localhost:7007/api/permission/roles" -d '{ "memberReferences": [ "user:default/logarifm" ], "name": "role:default/test" }' -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v | |
| #### Let's create condition to display for user logarifm only his own catalogs: | |
| curl -X POST "http://localhost:7007/api/permission/roles/conditions" -d '{"result":"CONDITIONAL","roleEntityRef": "role:default/test","pluginId":"catalog","resourceType":"catalog-entity", "permissionMapping": ["read"], "conditions":{"rule":"IS_ENTITY_OWNER","resourceType":"catalog-entity","params":{"claims":["group:default/team-a"]}}}' -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v | |
| OR you can use criteria "not" and hide API catalogs for user logarifm: | |
| curl -X POST "http://localhost:7007/api/permission/roles/conditions" -d '{"result":"CONDITIONAL","roleEntityRef": "role:default/test","pluginId":"catalog","resourceType":"catalog-entity","permissionMapping": ["read"],"conditions":{"not":{"rule":"IS_ENTITY_KIND","resourceType":"catalog-entity","params":{"kinds":["Api"]}}}}' -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v | |
| Login like user logarifm and check catalog UI. | |
| Retrieve list of all conditions: | |
| curl -X GET "http://localhost:7007/api/permission/roles/conditions" -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v | |
| Filter conditions with the query params: | |
| curl -X GET "http://localhost:7007/api/permission/roles/conditions?roleEntityRef=role:default/test&&pluginId=catalog&&resourceType=catalog-entity&&actions=read" -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v | |
| #### Get condition by id: | |
| curl -X GET "http://localhost:7007/api/permission/roles/conditions/1" -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v | |
| #### Update condition policy to display for logarifm user his own catalogs and list user groups: | |
| curl -X PUT "http://localhost:7007/api/permission/roles/conditions/1" -d '{"result":"CONDITIONAL","roleEntityRef":"role:default/test", "pluginId":"catalog","resourceType":"catalog-entity","permissionMapping": ["read"],"conditions":{"anyOf":[{"rule":"IS_ENTITY_OWNER","resourceType":"catalog-entity","permissions": [{"name": "catalog.entity.read", "action": "read"}],"params":{"claims":["group:default/team-a"]}},{"rule":"IS_ENTITY_KIND","resourceType":"catalog-entity","params":{"kinds":["Group"]}}]}}' -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v | |
| #### Delete condition by id: | |
| curl -X DELETE "http://localhost:7007/api/permission/roles/conditions/1" -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment