zaletniy/gist:a54cb365be91b1e36e78755eac217ff2

## gistfile1.txt
openapi: 3.0.0
# Added by API Auto Mocking Plugin
servers:
  - description: SwaggerHub API Auto Mocking
    url: https://virtserver.swaggerhub.com/SVilgelm/IAM_API/1.0.0
  - description: keyckloak.k8ss
    url: https://keycloak.local:8443/auth/realms/k8s


info:
  version: "1.0.0"
  title: "IAM"
  description: "Design of AIM API."


paths:
  /users:
    get:
      summary: List of users from Keycloak
      security:
        - openId:
          - admin
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Users'
        '401':
          $ref: '#/components/responses/Unauthorized'
    post:
      summary: Register user
      security:
        - openId:
          - admin
      requestBody:
        content:
          application/json:
            schema:
              type: object
              required:
                - user
              properties:
                user:
                  $ref: '#/components/schemas/User'
                password:
                  type: string
                scopes:
                  $ref: '#/components/schemas/Grants'
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UserDetails'
        '401':
          $ref: '#/components/responses/Unauthorized'

  /users/{username}:
    get:
      summary: User details
      security:
        - openId:
          - read
      parameters:
        - in: path
          name: username
          schema:
            type: string
          required: true
          description: username of the user to get
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UserDetails'
        '401':
          $ref: '#/components/responses/Unauthorized'

  /users/{username}/scopes:
    get:
      summary: List of pairs scope and role for the user
      security:
        - openId:
          - read
      parameters:
        - $ref: '#/components/parameters/Username'
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Grants'
        '401':
          $ref: '#/components/responses/Unauthorized'
    post:
      summary: Grant access to a scope for the user
      security:
        - openId:
          - write
      parameters:
        - $ref: '#/components/parameters/Username'
      requestBody:
        description: List of pairs scope and role to grant
        content:
          application/json:
            schema:
                $ref: '#/components/schemas/Grants'
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Grants'
        '401':
          $ref: '#/components/responses/Unauthorized'

  /scopes:
    get:
      summary: List of available scopes
      security:
        - openId:
          - read
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Scopes'
        '401':
          $ref: '#/components/responses/Unauthorized'

  /scopes/{scope}/roles:
    get:
      summary: List of predefined roles for scope
      security:
        - openId:
          - read
      parameters:
        - $ref: '#/components/parameters/Scope'
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Roles'
        '401':
          $ref: '#/components/responses/Unauthorized'

  /clients:
    get:
      summary: List of registered clients
      security:
        - openId:
          - admin
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Clients'
        '401':
          $ref: '#/components/responses/Unauthorized'
    post:
      summary: Create client
      security:
        - openId:
          - admin
      requestBody:
        description: Client
        content:
          application/json:
            schema:
                $ref: '#/components/schemas/Client'
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Client'
        '401':
          $ref: '#/components/responses/Unauthorized'


security:
  - openId:
      - read   # reading available for an user information
      - write  # update information, giving a scope and etc
      - admin  # full access


components:
  securitySchemes:
    openId:
      type: openIdConnect
      openIdConnectUrl: https://keycloak.local:8443/auth/realms/k8s/.well-known/openid-configuration

  schemas:
    User:
      type: object
      required:
        - username
      properties:
        username:
          type: string
        email:
          type: string
    UserDetails:
      type: object
      required:
        - user
        - scopes
      properties:
        user:
          $ref: '#/components/schemas/User'
        scopes:
          $ref: '#/components/schemas/Grants'
    Users:
      type: array
      items:
        $ref: '#/components/schemas/User'
    Scope:
      type: string
    Scopes:
      type: array
      items:
        $ref: '#/components/schemas/Scope'
    Role:
      type: string
    Roles:
      type: array
      items:
        $ref: '#/components/schemas/Role'
    Grant:
      type: object
      required:
        - scope
        - role
      properties:
        scope:
          $ref: '#/components/schemas/Scope'
        role:
          $ref: '#/components/schemas/Role'
    Grants:
      type: array
      items:
        $ref: '#/components/schemas/Grant'
    Client:
      type: string
    Clients:
      type: array
      items:
        $ref: '#/components/schemas/Client'

  parameters:
    Username:
      in: path
      name: username
      schema:
        type: string
      required: true
      description: username of the user to get
    Scope:
      in: path
      name: scope
      schema:
        type: string
      required: true

  responses:
    Unauthorized:
      description: Unauthorized
	openapi: 3.0.0
	# Added by API Auto Mocking Plugin
	servers:
	- description: SwaggerHub API Auto Mocking
	url: https://virtserver.swaggerhub.com/SVilgelm/IAM_API/1.0.0
	- description: keyckloak.k8ss
	url: https://keycloak.local:8443/auth/realms/k8s


	info:
	version: "1.0.0"
	title: "IAM"
	description: "Design of AIM API."


	paths:
	/users:
	get:
	summary: List of users from Keycloak
	security:
	- openId:
	- admin
	responses:
	'200':
	description: OK
	content:
	application/json:
	schema:
	$ref: '#/components/schemas/Users'
	'401':
	$ref: '#/components/responses/Unauthorized'
	post:
	summary: Register user
	security:
	- openId:
	- admin
	requestBody:
	content:
	application/json:
	schema:
	type: object
	required:
	- user
	properties:
	user:
	$ref: '#/components/schemas/User'
	password:
	type: string
	scopes:
	$ref: '#/components/schemas/Grants'
	responses:
	'200':
	description: OK
	content:
	application/json:
	schema:
	$ref: '#/components/schemas/UserDetails'
	'401':
	$ref: '#/components/responses/Unauthorized'

	/users/{username}:
	get:
	summary: User details
	security:
	- openId:
	- read
	parameters:
	- in: path
	name: username
	schema:
	type: string
	required: true
	description: username of the user to get
	responses:
	'200':
	description: OK
	content:
	application/json:
	schema:
	$ref: '#/components/schemas/UserDetails'
	'401':
	$ref: '#/components/responses/Unauthorized'

	/users/{username}/scopes:
	get:
	summary: List of pairs scope and role for the user
	security:
	- openId:
	- read
	parameters:
	- $ref: '#/components/parameters/Username'
	responses:
	'200':
	description: OK
	content:
	application/json:
	schema:
	$ref: '#/components/schemas/Grants'
	'401':
	$ref: '#/components/responses/Unauthorized'
	post:
	summary: Grant access to a scope for the user
	security:
	- openId:
	- write
	parameters:
	- $ref: '#/components/parameters/Username'
	requestBody:
	description: List of pairs scope and role to grant
	content:
	application/json:
	schema:
	$ref: '#/components/schemas/Grants'
	responses:
	'200':
	description: OK
	content:
	application/json:
	schema:
	$ref: '#/components/schemas/Grants'
	'401':
	$ref: '#/components/responses/Unauthorized'

	/scopes:
	get:
	summary: List of available scopes
	security:
	- openId:
	- read
	responses:
	'200':
	description: OK
	content:
	application/json:
	schema:
	$ref: '#/components/schemas/Scopes'
	'401':
	$ref: '#/components/responses/Unauthorized'

	/scopes/{scope}/roles:
	get:
	summary: List of predefined roles for scope
	security:
	- openId:
	- read
	parameters:
	- $ref: '#/components/parameters/Scope'
	responses:
	'200':
	description: OK
	content:
	application/json:
	schema:
	$ref: '#/components/schemas/Roles'
	'401':
	$ref: '#/components/responses/Unauthorized'

	/clients:
	get:
	summary: List of registered clients
	security:
	- openId:
	- admin
	responses:
	'200':
	description: OK
	content:
	application/json:
	schema:
	$ref: '#/components/schemas/Clients'
	'401':
	$ref: '#/components/responses/Unauthorized'
	post:
	summary: Create client
	security:
	- openId:
	- admin
	requestBody:
	description: Client
	content:
	application/json:
	schema:
	$ref: '#/components/schemas/Client'
	responses:
	'200':
	description: OK
	content:
	application/json:
	schema:
	$ref: '#/components/schemas/Client'
	'401':
	$ref: '#/components/responses/Unauthorized'


	security:
	- openId:
	- read # reading available for an user information
	- write # update information, giving a scope and etc
	- admin # full access


	components:
	securitySchemes:
	openId:
	type: openIdConnect
	openIdConnectUrl: https://keycloak.local:8443/auth/realms/k8s/.well-known/openid-configuration

	schemas:
	User:
	type: object
	required:
	- username
	properties:
	username:
	type: string
	email:
	type: string
	UserDetails:
	type: object
	required:
	- user
	- scopes
	properties:
	user:
	$ref: '#/components/schemas/User'
	scopes:
	$ref: '#/components/schemas/Grants'
	Users:
	type: array
	items:
	$ref: '#/components/schemas/User'
	Scope:
	type: string
	Scopes:
	type: array
	items:
	$ref: '#/components/schemas/Scope'
	Role:
	type: string
	Roles:
	type: array
	items:
	$ref: '#/components/schemas/Role'
	Grant:
	type: object
	required:
	- scope
	- role
	properties:
	scope:
	$ref: '#/components/schemas/Scope'
	role:
	$ref: '#/components/schemas/Role'
	Grants:
	type: array
	items:
	$ref: '#/components/schemas/Grant'
	Client:
	type: string
	Clients:
	type: array
	items:
	$ref: '#/components/schemas/Client'

	parameters:
	Username:
	in: path
	name: username
	schema:
	type: string
	required: true
	description: username of the user to get
	Scope:
	in: path
	name: scope
	schema:
	type: string
	required: true

	responses:
	Unauthorized:
	description: Unauthorized