Skip to content

Instantly share code, notes, and snippets.

@zaletniy
Created January 28, 2019 21:49
Show Gist options
  • Save zaletniy/a54cb365be91b1e36e78755eac217ff2 to your computer and use it in GitHub Desktop.
Save zaletniy/a54cb365be91b1e36e78755eac217ff2 to your computer and use it in GitHub Desktop.
iam_api.yaml
openapi: 3.0.0
# Added by API Auto Mocking Plugin
servers:
- description: SwaggerHub API Auto Mocking
url: https://virtserver.swaggerhub.com/SVilgelm/IAM_API/1.0.0
- description: keyckloak.k8ss
url: https://keycloak.local:8443/auth/realms/k8s
info:
version: "1.0.0"
title: "IAM"
description: "Design of AIM API."
paths:
/users:
get:
summary: List of users from Keycloak
security:
- openId:
- admin
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/Users'
'401':
$ref: '#/components/responses/Unauthorized'
post:
summary: Register user
security:
- openId:
- admin
requestBody:
content:
application/json:
schema:
type: object
required:
- user
properties:
user:
$ref: '#/components/schemas/User'
password:
type: string
scopes:
$ref: '#/components/schemas/Grants'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/UserDetails'
'401':
$ref: '#/components/responses/Unauthorized'
/users/{username}:
get:
summary: User details
security:
- openId:
- read
parameters:
- in: path
name: username
schema:
type: string
required: true
description: username of the user to get
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/UserDetails'
'401':
$ref: '#/components/responses/Unauthorized'
/users/{username}/scopes:
get:
summary: List of pairs scope and role for the user
security:
- openId:
- read
parameters:
- $ref: '#/components/parameters/Username'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/Grants'
'401':
$ref: '#/components/responses/Unauthorized'
post:
summary: Grant access to a scope for the user
security:
- openId:
- write
parameters:
- $ref: '#/components/parameters/Username'
requestBody:
description: List of pairs scope and role to grant
content:
application/json:
schema:
$ref: '#/components/schemas/Grants'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/Grants'
'401':
$ref: '#/components/responses/Unauthorized'
/scopes:
get:
summary: List of available scopes
security:
- openId:
- read
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/Scopes'
'401':
$ref: '#/components/responses/Unauthorized'
/scopes/{scope}/roles:
get:
summary: List of predefined roles for scope
security:
- openId:
- read
parameters:
- $ref: '#/components/parameters/Scope'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/Roles'
'401':
$ref: '#/components/responses/Unauthorized'
/clients:
get:
summary: List of registered clients
security:
- openId:
- admin
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/Clients'
'401':
$ref: '#/components/responses/Unauthorized'
post:
summary: Create client
security:
- openId:
- admin
requestBody:
description: Client
content:
application/json:
schema:
$ref: '#/components/schemas/Client'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/Client'
'401':
$ref: '#/components/responses/Unauthorized'
security:
- openId:
- read # reading available for an user information
- write # update information, giving a scope and etc
- admin # full access
components:
securitySchemes:
openId:
type: openIdConnect
openIdConnectUrl: https://keycloak.local:8443/auth/realms/k8s/.well-known/openid-configuration
schemas:
User:
type: object
required:
- username
properties:
username:
type: string
email:
type: string
UserDetails:
type: object
required:
- user
- scopes
properties:
user:
$ref: '#/components/schemas/User'
scopes:
$ref: '#/components/schemas/Grants'
Users:
type: array
items:
$ref: '#/components/schemas/User'
Scope:
type: string
Scopes:
type: array
items:
$ref: '#/components/schemas/Scope'
Role:
type: string
Roles:
type: array
items:
$ref: '#/components/schemas/Role'
Grant:
type: object
required:
- scope
- role
properties:
scope:
$ref: '#/components/schemas/Scope'
role:
$ref: '#/components/schemas/Role'
Grants:
type: array
items:
$ref: '#/components/schemas/Grant'
Client:
type: string
Clients:
type: array
items:
$ref: '#/components/schemas/Client'
parameters:
Username:
in: path
name: username
schema:
type: string
required: true
description: username of the user to get
Scope:
in: path
name: scope
schema:
type: string
required: true
responses:
Unauthorized:
description: Unauthorized
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment