Package com.netflix.spinnaker.fiat.shared

Interface FiatService

public interface FiatService

  • Method Details

    • getUserPermission

      @GET("/authorize/{userId}") com.netflix.spinnaker.fiat.model.UserPermission.View getUserPermission(@Path("userId") String userId)
      Parameters:
      userId - The username of the user
      Returns:
      The full UserPermission of the user.

    • hasAuthorization

      @GET("/authorize/{userId}/{resourceType}/{resourceName}/{authorization}") retrofit.client.Response hasAuthorization(@Path("userId") String userId, @Path("resourceType") String resourceType, @Path("resourceName") String resourceName, @Path("authorization") String authorization)
      Parameters:
      userId - The username of the user
      resourceType - The resource type in question (application, account, etc.)
      resourceName - The name of the resource
      authorization - The authorization in question (read, write, etc)
      Returns:
      True if the user has access to the specified resource.

    • canCreate

      @POST("/authorize/{userId}/{resourceType}/create") retrofit.client.Response canCreate(@Path("userId") String userId, @Path("resourceType") String resourceType, @Body Object resource)
      Determine whether the user can create a resource. Returns 200 if the user can, throws 404 otherwise
      Parameters:
      userId - The username of the user
      resourceType - The type of the resource
      resource - The resource to check

    • sync

      @POST("/roles/sync") long sync()
      Use to update all users.
      Returns:
      The number of non-anonymous users synced.

    • sync

      @POST("/roles/sync") long sync(@Body List<String> roles)
      Use to update a subset of users. An empty list will update the anonymous/unrestricted user.
      Parameters:
      roles - Users with any role listed should be updated.
      Returns:
      The number of non-anonymous users synced.

    • syncServiceAccount

      @POST("/roles/sync/serviceAccount/{serviceAccountId}") long syncServiceAccount(@Path("serviceAccountId") String serviceAccountId, @Body List<String> roles)
      Use to update a service account. As opposed to `sync`, this will not trigger a full sync for user role membership.
      Parameters:
      serviceAccountId - Name of the service account.
      roles - The roles allowed for this service account.
      Returns:
      The number of non-anonymous users synced.

    • loginUser

      @POST("/roles/{userId}") retrofit.client.Response loginUser(@Path("userId") String userId, @Body String ignored)
      Parameters:
      userId - The user being logged in
      ignored - ignored.
      Returns:
      ignored.

    • loginWithRoles

      @PUT("/roles/{userId}") retrofit.client.Response loginWithRoles(@Path("userId") String userId, @Body Collection<String> roles)
      Used specifically for logins that contain the users roles/groups.
      Parameters:
      userId - The user being logged in
      roles - Collection of roles from the identity provider
      Returns:
      ignored.

    • logoutUser

      @DELETE("/roles/{userId}") retrofit.client.Response logoutUser(@Path("userId") String userId)
      Parameters:
      userId - The user being logged out
      Returns:
      ignored.