Roles

A Role is a grouping of permissions that you can apply to any user or group in the system. Users with no role will not be allowed to access the user interface, nor the underlying API.

Basic Operations

Basic operations of Create, List, Update and Destroy are available for roles

List all Roles

Call to /authorization/role to get all roles.

Request Object

+ URL
  /api/v2/authorization/role

+ Method
  GET

+ Headers
  Content-Type: application/json
  token: ThisIsNotARealTokenGenerateYourOwnToken

+ Body
  {}

Response Object

Sending this should get you back a valid response, an array with each role in the system.

+ Headers
  X-Powered-By: OpenDrives
  Access-Control-Allow-Origin: *
  Content-Type: application/json; charset=utf-8

+ Body
  [
    {
      "id": 1,
      "hostid": "09e3b2bd",
      "role_name": "admin",
      "role_permissions": "authorization:standard,cloud:touch,cron:view,cron:create,cron:manage,cron:destroy,device:view,filesystem:view,filesystem:manage,event:view,event:destroy,usergroup:view,usergroup:create,usergroup:manage,usergroup:destroy,authprovider:view,authprovider:manage,ha:view,ha:destroy,ha:create,ha:manage,ipmi:view,ipmi:manage,lustre:view,lustre:manage,lustre:create,networkconfig:view,networkconfig:manage,interface:view,interface:manage,interface:create,interface:destroy,networkauth:view,networkauth:manage,networkqos:view,networkqos:create,networkqos:manage,networkqos:destroy,nfs:view,nfs:create,nfs:manage,nfs:destroy,notification:view,notification:create,notification:manage,notification:destroy,pod:view,pod:create,pod:manage,pod:destroy,pool:view,pool:manage,pool:create,pool:destroy,probe:view,probe:manage,role:view,role:create,role:manage,role:destroy,service:view,service:manage,service:destroy,smb:view,smb:create,smb:manage,smb:destroy,snapshot:view,snapshot:create,snapshot:destroy,snapshot:manage,statistic:view,status:view,status:create,status:manage,status:destroy,system:view,system:manage,systemhealth:view,systemhealth:create,systemkey:view,systemkey:create,systemkey:destroy,systemkey:manage,system:special,process:view,process:destroy,token:view,token:standard,token:manage,zfs:view,zfs:create,zfs:manage,zfs:destroy,license:create,license:view,routine:view,routine:create,routine:manage,routine:destroy,job:view,job:create,job:manage,job:destroy,trigger:view,trigger:create,trigger:manage,trigger:destroy,be:view,be:create,be:manage,be:destroy,certificate:view,certificate:create,certificate:manage,certificate:destroy,ctdb:view,ctdb:create,ctdb:manage,ctdb:destroy",
      "enabled": true,
      "createdAt": "2020-09-09T03:10:21.227Z",
      "updatedAt": "2020-09-09T03:10:21.227Z"
    },
    {
      "id": 2,
      "hostid": "09e3b2bd",
      "role_name": "sudo",
      "role_permissions": "authorization:standard,cloud:touch,cron:view,cron:create,cron:manage,cron:destroy,device:view,filesystem:view,filesystem:manage,event:view,event:destroy,usergroup:view,usergroup:create,usergroup:manage,usergroup:destroy,authprovider:view,authprovider:manage,ha:view,ha:destroy,ha:create,ha:manage,ipmi:view,ipmi:manage,lustre:view,lustre:manage,lustre:create,networkconfig:view,networkconfig:manage,interface:view,interface:manage,interface:create,interface:destroy,networkauth:view,networkauth:manage,networkqos:view,networkqos:create,networkqos:manage,networkqos:destroy,nfs:view,nfs:manage,nfs:create,notification:view,notification:create,notification:manage,notification:destroy,pod:view,pod:create,pod:manage,pod:destroy,pool:view,pool:manage,pool:create,pool:destroy,probe:view,probe:manage,role:view,role:create,role:manage,role:destroy,service:view,service:manage,service:destroy,smb:view,smb:manage,smb:create,snapshot:view,snapshot:create,snapshot:destroy,snapshot:manage,statistic:view,status:view,status:create,status:manage,status:destroy,system:view,system:manage,systemhealth:view,systemhealth:create,systemkey:view,systemkey:create,systemkey:destroy,systemkey:manage,system:special,process:view,process:destroy,token:view,token:standard,token:manage,zfs:view,zfs:create,zfs:manage,zfs:destroy,license:create,license:view,routine:view,routine:create,routine:manage,routine:destroy,job:view,job:create,job:manage,job:destroy,trigger:view,trigger:create,trigger:manage,trigger:destroy,be:view,be:create,be:manage,be:destroy,certificate:view,certificate:create,certificate:manage,certificate:destroy,ctdb:view,ctdb:create,ctdb:manage,ctdb:destroy",
      "enabled": true,
      "createdAt": "2020-09-09T03:10:21.227Z",
      "updatedAt": "2020-09-09T03:10:21.227Z"
    },
    {
      "id": 3,
      "hostid": "09e3b2bd",
      "role_name": "nolustre",
      "role_permissions": "authorization:standard,cron:view,device:view,filesystem:view,event:view,usergroup:view,ha:view,ipmi:view,job:view,networkconfig:view,interface:view,networkauth:view,networkqos:view,nfs:view,notification:view,pod:view,pool:view,probe:view,role:view,routine:view,service:view,smb:view,snapshot:view,statistic:view,status:view,system:view,systemhealth:view,systemkey:view,process:view,token:view,zfs:view,ctdb:manage,ctdb:view",
      "enabled": true,
      "createdAt": "2020-09-17T23:58:01.107Z",
      "updatedAt": "2020-09-17T23:58:01.107Z"
    }
  ]

Get one Role

Call to /authorization/role/$ROLE_ID to get one specific role.

Request Object

+ URL
  /api/v2/authorization/role/$ROLE_ID

+ Method
  GET

+ Parameters
  role id (number, required, URL param) - the identifier number of the role you wish to get

+ Headers
  Content-Type: application/json
  token: ThisIsNotARealTokenGenerateYourOwnToken

+ Body
  {}

Response Object

Sending this should get you back a valid response, an array with the role you requested.

+ Headers
  X-Powered-By: OpenDrives
  Access-Control-Allow-Origin: *
  Content-Type: application/json; charset=utf-8

+ Body
  [
    {
      "id": 3,
      "hostid": "09e3b2bd",
      "role_name": "nolustre",
      "role_permissions": "authorization:standard,cron:view,device:view,filesystem:view,event:view,usergroup:view,ha:view,ipmi:view,job:view,networkconfig:view,interface:view,networkauth:view,networkqos:view,nfs:view,notification:view,pod:view,pool:view,probe:view,role:view,routine:view,service:view,smb:view,snapshot:view,statistic:view,status:view,system:view,systemhealth:view,systemkey:view,process:view,token:view,zfs:view,ctdb:manage,ctdb:view",
      "enabled": true,
      "createdAt": "2020-09-17T23:58:01.107Z",
      "updatedAt": "2020-09-17T23:58:01.107Z"
    }
  ]

Create a Role

Creating a role takes a set of permissions and a name and creates a new role to be assigned in the system.

Request Object

+ URL
  /api/v2/authorization/role/create

+ Method
  POST

+ Parameters
  role_name (string, required, Body) - The name to be assigned to this role
  role_permissions (string, required, Body) - A comma delimited list of permissions. All permissions are of the form ($Noun:$Verb), and can be viewed in the role list above
  enabled (boolean, optional, Body) - You can optionally set a role to be disabled when creating. Disabled roles will not grant permission to a user or group.

+ Headers
  Content-Type: application/json
  token: ThisIsNotARealTokenGenerateYourOwnToken

+ Body
  {
    "role_name": "test",
    "role_permissions": "authorization:standard,filesystem:view,pool:view,service:view,system:view",
    "enabled": false
  }

Response Object

Sending this should get you back a valid response, an array with the role you created.

+ Headers
  X-Powered-By: OpenDrives
  Access-Control-Allow-Origin: *
  Content-Type: application/json; charset=utf-8

+ Body
  [
    {
      "id": 4,
      "hostid": "09e3b2bd",
      "role_name": "test",
      "role_permissions": "authorization:standard,filesystem:view,pool:view,service:view,system:view",
      "enabled": false,
      "createdAt": "2020-09-28T16:33:00.798Z",
      "updatedAt": "2020-09-28T16:33:00.798Z"
    }
  ]

Update a Role

Once a role is created, you may update any of the created fields.

Request Object

+ URL
  /api/v2/authorization/role/update/$ROLE_ID

+ Method
  POST

+ Parameters
  role id (number, required, URL param) - the identifier number of the role you wish to update
  role_name (string, optional, Body) - The name to be assigned to this role
  role_permissions (string, optional, Body) - A comma delimited list of permissions. All permissions are of the form ($Noun:$Verb), and can be viewed in the role list above
  enabled (boolean, optional, Body) - You can optionally set a role to be disabled when creating. Disabled roles will not grant permission to a user or group.

+ Headers
  Content-Type: application/json
  token: ThisIsNotARealTokenGenerateYourOwnToken

+ Body
  {
    "role_name": "test2",
    "role_permissions": "authorization:standard",
    "enabled": true
  }

Response Object

Sending this should get you back a valid response, an array with the role you updated.

+ Headers
  X-Powered-By: OpenDrives
  Access-Control-Allow-Origin: *
  Content-Type: application/json; charset=utf-8

+ Body
  [
    {
      "id": 4,
      "hostid": "09e3b2bd",
      "role_name": "test2",
      "role_permissions": "authorization:standard",
      "enabled": true,
      "createdAt": "2020-09-28T16:33:00.798Z",
      "updatedAt": "2020-09-28T16:33:00.798Z"
    }
  ]

Destroy a Role

Call to /authorization/role/destroy/$ROLE_ID to destroy a role.

Request Object

+ URL
  /api/v2/authorization/role/destroy/$ROLE_ID

+ Method
  GET

+ Parameters
  role id (number, required, URL param) - the identifier number of the role you wish to destroy

+ Headers
  Content-Type: application/json
  token: ThisIsNotARealTokenGenerateYourOwnToken

+ Body
  {}

Response Object

Sending this should get you back a valid response, an array with the id of the role you destroyed.

+ Headers
  X-Powered-By: OpenDrives
  Access-Control-Allow-Origin: *
  Content-Type: application/json; charset=utf-8

+ Body
  [
    4
  ]