diff --git a/server/api/v1/openapi.json b/server/api/v1/openapi.json index c813c933..7eedc0ee 100644 --- a/server/api/v1/openapi.json +++ b/server/api/v1/openapi.json @@ -68,19 +68,19 @@ "SmartProxy": { "type": "object", "additionalProperties": { - "type": "string" + "type": "string" } }, "Aggregator": { "type": "object", "additionalProperties": { - "type": "string" + "type": "string" } }, "ContentService": { "type": "object", "additionalProperties": { - "type": "string" + "type": "string" } } } @@ -154,6 +154,9 @@ }, "description": "A JSON array of groups." }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "503": { "content": { "text/plain": {} @@ -206,6 +209,9 @@ } }, "description": "A JSON array of clusters that belong to the specified organization." + }, + "403": { + "$ref": "#/components/responses/unauthorized" } }, "operationId": "getClustersForOrganization", @@ -246,6 +252,9 @@ }, "400": { "description": "Invalid request, usually caused when some cluster belongs to different organization." + }, + "403": { + "$ref": "#/components/responses/unauthorized" } }, "operationId": "getReportsForClusters", @@ -277,6 +286,9 @@ "400": { "description": "Invalid request, usually caused when some cluster belongs to different organization." }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "description": "Resource not found, usually caused when the rule ID and error key combination doesn't exist in the content service" } @@ -310,6 +322,9 @@ "400": { "description": "Invalid request, usually caused when some cluster belongs to different organization." }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "description": "Resource not found, usually caused when the rule ID and error key combination doesn't exist in the content service" } @@ -343,6 +358,9 @@ "400": { "description": "Invalid request, usually caused when some cluster belongs to different organization." }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "description": "Resource not found, usually caused when the rule ID and error key combination doesn't exist in the content service" } @@ -379,6 +397,9 @@ } }, "description": "A JSON array of all the rule IDs." + }, + "403": { + "$ref": "#/components/responses/unauthorized" } }, "operationId": "getRuleIDs", @@ -416,6 +437,9 @@ }, "description": "A JSON object with the content." }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "content": { "application/json": { @@ -468,6 +492,9 @@ } }, "description": "A JSON object with the content." + }, + "403": { + "$ref": "#/components/responses/unauthorized" } }, "operationId": "getContent", @@ -499,6 +526,9 @@ "400": { "description": "Invalid request, usually caused when some cluster belongs to different organization." }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "description": "Resource not found, usually caused when the rule ID and error key combination doesn't exist in the content service" } @@ -564,6 +594,9 @@ "400": { "description": "Invalid request, usually caused when some cluster belongs to different organization." }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "description": "Resource not found, usually caused when the rule ID and error key combination doesn't exist in the content service" } @@ -584,7 +617,7 @@ "$ref": "#/components/parameters/clusterId" }, { - "$ref": "#/components/parameters/ruleId" + "$ref": "#/components/parameters/ruleId" }, { "$ref": "#/components/parameters/errorKey" @@ -592,11 +625,14 @@ ], "responses": { "200": { - "$ref": "#/components/responses/status" + "$ref": "#/components/responses/status" }, "400": { "description": "Invalid request, usually caused when some cluster belongs to different organization." }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "description": "Resource not found, usually caused when the rule ID and error key combination doesn't exist in the content service" } @@ -621,6 +657,9 @@ } } } + }, + "403": { + "$ref": "#/components/responses/unauthorized" } }, "operationId": "getOverviewForOrganization", @@ -664,6 +703,9 @@ } }, "description": "Status ok" + }, + "403": { + "$ref": "#/components/responses/unauthorized" } } } @@ -726,7 +768,7 @@ } }, "example": { - "count": 9, + "count": 9, "last_checked_at": "2020-12-08T09:45:23Z" } } @@ -741,6 +783,9 @@ } } }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "description": "Resource not found, usually caused when the cluster ID is not registered and request come from Insights Operator." } @@ -800,6 +845,9 @@ } } } + }, + "403": { + "$ref": "#/components/responses/unauthorized" } }, "tags": [ @@ -829,8 +877,6 @@ "$ref": "#/components/parameters/osdEligible" } ], - - "responses": { "200": { "description": "Latest available rule report for the given organization, cluster combination and rule ID. Returns rule and it description that were hit by the cluster.", @@ -851,6 +897,9 @@ } } } + }, + "403": { + "$ref": "#/components/responses/unauthorized" } }, "operationId": "getSingleReportForCluster", @@ -858,9 +907,6 @@ "description": "The rule is specified by the cluster ID and rule ID from params and information about the org_id and user_id is taken from the token. The latest rule report available for the given combination will be returned." } }, - - - "/clusters/reports": { "post": { "tags": [ @@ -902,6 +948,9 @@ }, "400": { "description": "Invalid request, usually caused when some cluster belongs to different organization." + }, + "403": { + "$ref": "#/components/responses/unauthorized" } } } @@ -1298,8 +1347,8 @@ "additionalProperties": { "type": "array", "items": { - "type": "string" - } + "type": "string" + } } } } @@ -1354,6 +1403,22 @@ "text/plain": {} } }, + "unauthorized": { + "description": "The requester is unauthorized. If using a service account, you may not belong to the right group with the right role. Please make sure you configured your user access on the console.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "status": { + "type": "string", + "example": "Account does not have the required permissions" + } + } + } + } + } + }, "status": { "description": "Status ok", "content": { diff --git a/server/api/v2/openapi.json b/server/api/v2/openapi.json index 3a1b4d3d..3c5398bc 100644 --- a/server/api/v2/openapi.json +++ b/server/api/v2/openapi.json @@ -156,6 +156,9 @@ }, "description": "A JSON array of groups." }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "503": { "content": { "text/plain": {} @@ -211,6 +214,9 @@ "400": { "description": "Invalid request, usually caused when some cluster belongs to different organization." }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "description": "Cluster report is not available, probably not connected cluster." } @@ -279,6 +285,9 @@ "400": { "description": "Invalid request, usually caused when some cluster belongs to different organization." }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "description": "Cluster info was not returned from AMS API for given organization." } @@ -344,6 +353,9 @@ "204": { "description": "Status NoContent: happens when the cluster is managed. The upgrade risks prediction is not available for this kind of clusters." }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "description": "Status NotFound: happens when the cluster cannot be found in the Observatorium data" }, @@ -399,6 +411,9 @@ "400": { "description": "Invalid request (e.g cluster ID with unexpected format)" }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "description": "Cluster not found" } @@ -462,6 +477,9 @@ "400": { "description": "Invalid request (e.g cluster ID with unexpected format) or payload (empty body or not a list of strings)" }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "description": "Cluster ID not found or no requests found in storage for provided IDs" } @@ -522,6 +540,9 @@ "400": { "description": "Invalid request or invalid cluster ID" }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "description": "Request ID or cluster ID not found" } @@ -585,6 +606,9 @@ "400": { "description": "Invalid request or invalid cluster ID" }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "description": "Cluster or request ID not found" } @@ -743,6 +767,9 @@ } }, "description": "A JSON object with the content." + }, + "403": { + "$ref": "#/components/responses/unauthorized" } }, "operationId": "getContent", @@ -814,7 +841,7 @@ } }, "metadata": { - "$ref": "#/components/schemas/dvoReportMeta" + "$ref": "#/components/schemas/dvoReportMeta" }, "recommendations": { "type": "array", @@ -901,6 +928,9 @@ "400": { "description": "Invalid request or invalid cluster ID" }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "description": "Data for cluster and namespace were not found in the storage." } @@ -979,6 +1009,9 @@ "400": { "description": "Invalid request or invalid cluster ID" }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "description": "Cluster was not found in the AMS API." } @@ -1003,6 +1036,9 @@ } }, "description": "List of acked rules" + }, + "403": { + "$ref": "#/components/responses/unauthorized" } } }, @@ -1055,6 +1091,9 @@ } }, "description": "Rule has been acked (disabled)" + }, + "403": { + "$ref": "#/components/responses/unauthorized" } } } @@ -1090,6 +1129,9 @@ }, "description": "Rule ack has been found, the metadata is returned in response body" }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "description": "Rule has not been acked (disabled) previously" } @@ -1141,6 +1183,9 @@ }, "description": "Rule ack has been found and updated, the metadata is returned in response body" }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "description": "Rule has not been acked (disabled) previously" } @@ -1169,6 +1214,9 @@ "204": { "description": "Rule ack has been deleted" }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "description": "Rule has not been acked (disabled) previously" } @@ -1194,6 +1242,9 @@ }, "description": "If a cluster has 0 total_hit_count and empty last_checked_at timestamp, we have no Insights data for that archive. If total_hit_count = 0 and the timestamp is valid, there are no rule hits for the cluster." }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "503": { "content": { "application/json": { @@ -1333,6 +1384,9 @@ } } }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "description": "Rule ID is not available", "content": { @@ -1514,6 +1568,9 @@ }, "description": "A JSON object with the content." }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "content": { "application/json": { @@ -1662,6 +1719,9 @@ "400": { "description": "Request body could not be parsed, so the query is not processed" }, + "403": { + "$ref": "#/components/responses/unauthorized" + }, "404": { "description": "Resource not found, usually caused when some rule selector, organization or user doesn't exist" }, @@ -1704,6 +1764,9 @@ } }, "description": "Returns a list recommendations and the number of clusters they're currently impacting. Default behaviour is to return only the rules that affect atleast one cluster. This can be changed by passing impacting parameter" + }, + "403": { + "$ref": "#/components/responses/unauthorized" } } } @@ -1747,6 +1810,9 @@ }, "400": { "description": "Invalid request, usually caused when some rule identifier doesn't exist" + }, + "403": { + "$ref": "#/components/responses/unauthorized" } }, "deprecated": false, @@ -1807,6 +1873,9 @@ }, "400": { "description": "Invalid request, usually caused when some cluster belongs to different organization." + }, + "403": { + "$ref": "#/components/responses/unauthorized" } } } @@ -2359,13 +2428,13 @@ "type": "string", "example": "ok" }, - "requestId" : { + "requestId": { "description": "request ID", "type": "string", "format": "x-rh-insights-request-id", "example": "6d2eede257644308a8949c4ec251c5c4" }, - "namespaceId" : { + "namespaceId": { "description": "ID of the namespace in a valid UUID format", "type": "string", "minLength": 36, @@ -2507,6 +2576,24 @@ } } }, + "responses": { + "unauthorized": { + "description": "The requester is unauthorized. If using a service account, you may not belong to the right group with the right role. Please make sure you configured your user access on the console.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "status": { + "type": "string", + "example": "Account does not have the required permissions" + } + } + } + } + } + } + }, "parameters": { "ruleId": { "name": "ruleId",