diff --git a/ui/src/api/openapi.json b/ui/src/api/openapi.json index 9e06c159..1b16c126 100644 --- a/ui/src/api/openapi.json +++ b/ui/src/api/openapi.json @@ -40,6 +40,14 @@ "name": "Authentication", "description": "Login and token refresh endpoints" }, + { + "name": "Role Admin", + "description": "Role management (ADMIN only)" + }, + { + "name": "RBAC Stats", + "description": "RBAC statistics (ADMIN only)" + }, { "name": "OIDC Config Admin", "description": "OIDC provider configuration (ADMIN only)" @@ -60,6 +68,10 @@ "name": "Audit Log", "description": "Audit log viewer (ADMIN only)" }, + { + "name": "Group Admin", + "description": "Group management (ADMIN only)" + }, { "name": "Diagrams", "description": "Diagram rendering endpoints" @@ -74,43 +86,6 @@ } ], "paths": { - "/admin/users/{userId}/roles": { - "put": { - "tags": [ - "User Admin" - ], - "summary": "Update user roles", - "operationId": "updateRoles", - "parameters": [ - { - "name": "userId", - "in": "path", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/RolesRequest" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "Roles updated" - }, - "404": { - "description": "User not found" - } - } - } - }, "/admin/thresholds": { "get": { "tags": [ @@ -161,6 +136,116 @@ } } }, + "/admin/roles/{id}": { + "get": { + "tags": [ + "Role Admin" + ], + "summary": "Get role by ID with effective principals", + "operationId": "getRole", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + } + ], + "responses": { + "200": { + "description": "Role found", + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/RoleDetail" + } + } + } + }, + "404": { + "description": "Role not found", + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/RoleDetail" + } + } + } + } + } + }, + "put": { + "tags": [ + "Role Admin" + ], + "summary": "Update a custom role", + "operationId": "updateRole", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UpdateRoleRequest" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "Role updated" + }, + "403": { + "description": "Cannot modify system role" + }, + "404": { + "description": "Role not found" + } + } + }, + "delete": { + "tags": [ + "Role Admin" + ], + "summary": "Delete a custom role", + "operationId": "deleteRole", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + } + ], + "responses": { + "204": { + "description": "Role deleted" + }, + "403": { + "description": "Cannot delete system role" + }, + "404": { + "description": "Role not found" + } + } + } + }, "/admin/oidc": { "get": { "tags": [ @@ -233,6 +318,113 @@ } } }, + "/admin/groups/{id}": { + "get": { + "tags": [ + "Group Admin" + ], + "summary": "Get group by ID with effective roles", + "operationId": "getGroup", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + } + ], + "responses": { + "200": { + "description": "Group found", + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/GroupDetail" + } + } + } + }, + "404": { + "description": "Group not found", + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/GroupDetail" + } + } + } + } + } + }, + "put": { + "tags": [ + "Group Admin" + ], + "summary": "Update group name or parent", + "operationId": "updateGroup", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UpdateGroupRequest" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "Group updated" + }, + "404": { + "description": "Group not found" + }, + "409": { + "description": "Cycle detected in group hierarchy" + } + } + }, + "delete": { + "tags": [ + "Group Admin" + ], + "summary": "Delete group", + "operationId": "deleteGroup", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + } + ], + "responses": { + "204": { + "description": "Group deleted" + }, + "404": { + "description": "Group not found" + } + } + } + }, "/search/executions": { "get": { "tags": [ @@ -950,6 +1142,194 @@ } } }, + "/admin/users/{userId}/roles/{roleId}": { + "post": { + "tags": [ + "User Admin" + ], + "summary": "Assign a role to a user", + "operationId": "assignRoleToUser", + "parameters": [ + { + "name": "userId", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "roleId", + "in": "path", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + } + ], + "responses": { + "200": { + "description": "Role assigned" + }, + "404": { + "description": "User or role not found" + } + } + }, + "delete": { + "tags": [ + "User Admin" + ], + "summary": "Remove a role from a user", + "operationId": "removeRoleFromUser", + "parameters": [ + { + "name": "userId", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "roleId", + "in": "path", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + } + ], + "responses": { + "204": { + "description": "Role removed" + } + } + } + }, + "/admin/users/{userId}/groups/{groupId}": { + "post": { + "tags": [ + "User Admin" + ], + "summary": "Add a user to a group", + "operationId": "addUserToGroup", + "parameters": [ + { + "name": "userId", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "groupId", + "in": "path", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + } + ], + "responses": { + "200": { + "description": "User added to group" + } + } + }, + "delete": { + "tags": [ + "User Admin" + ], + "summary": "Remove a user from a group", + "operationId": "removeUserFromGroup", + "parameters": [ + { + "name": "userId", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "groupId", + "in": "path", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + } + ], + "responses": { + "204": { + "description": "User removed from group" + } + } + } + }, + "/admin/roles": { + "get": { + "tags": [ + "Role Admin" + ], + "summary": "List all roles (system and custom)", + "operationId": "listRoles", + "responses": { + "200": { + "description": "Role list returned", + "content": { + "*/*": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/RoleDetail" + } + } + } + } + } + } + }, + "post": { + "tags": [ + "Role Admin" + ], + "summary": "Create a custom role", + "operationId": "createRole", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateRoleRequest" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "Role created", + "content": { + "*/*": { + "schema": { + "type": "object", + "additionalProperties": { + "type": "string", + "format": "uuid" + } + } + } + } + } + } + } + }, "/admin/oidc/test": { "post": { "tags": [ @@ -981,6 +1361,135 @@ } } }, + "/admin/groups": { + "get": { + "tags": [ + "Group Admin" + ], + "summary": "List all groups with hierarchy and effective roles", + "operationId": "listGroups", + "responses": { + "200": { + "description": "Group list returned", + "content": { + "*/*": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/GroupDetail" + } + } + } + } + } + } + }, + "post": { + "tags": [ + "Group Admin" + ], + "summary": "Create a new group", + "operationId": "createGroup", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateGroupRequest" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "Group created", + "content": { + "*/*": { + "schema": { + "type": "object", + "additionalProperties": { + "type": "string", + "format": "uuid" + } + } + } + } + } + } + } + }, + "/admin/groups/{id}/roles/{roleId}": { + "post": { + "tags": [ + "Group Admin" + ], + "summary": "Assign a role to a group", + "operationId": "assignRoleToGroup", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + }, + { + "name": "roleId", + "in": "path", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + } + ], + "responses": { + "200": { + "description": "Role assigned to group" + }, + "404": { + "description": "Group not found" + } + } + }, + "delete": { + "tags": [ + "Group Admin" + ], + "summary": "Remove a role from a group", + "operationId": "removeRoleFromGroup", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + }, + { + "name": "roleId", + "in": "path", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + } + ], + "responses": { + "204": { + "description": "Role removed from group" + }, + "404": { + "description": "Group not found" + } + } + } + }, "/admin/database/queries/{pid}/kill": { "post": { "tags": [ @@ -1474,7 +1983,7 @@ "tags": [ "User Admin" ], - "summary": "List all users", + "summary": "List all users with RBAC detail", "operationId": "listUsers", "responses": { "200": { @@ -1484,7 +1993,7 @@ "schema": { "type": "array", "items": { - "$ref": "#/components/schemas/UserInfo" + "$ref": "#/components/schemas/UserDetail" } } } @@ -1498,7 +2007,7 @@ "tags": [ "User Admin" ], - "summary": "Get user by ID", + "summary": "Get user by ID with RBAC detail", "operationId": "getUser", "parameters": [ { @@ -1516,7 +2025,7 @@ "content": { "*/*": { "schema": { - "$ref": "#/components/schemas/UserInfo" + "$ref": "#/components/schemas/UserDetail" } } } @@ -1526,7 +2035,7 @@ "content": { "*/*": { "schema": { - "$ref": "#/components/schemas/UserInfo" + "$ref": "#/components/schemas/UserDetail" } } } @@ -1556,6 +2065,27 @@ } } }, + "/admin/rbac/stats": { + "get": { + "tags": [ + "RBAC Stats" + ], + "summary": "Get RBAC statistics for the dashboard", + "operationId": "getStats", + "responses": { + "200": { + "description": "RBAC stats returned", + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/RbacStats" + } + } + } + } + } + } + }, "/admin/opensearch/status": { "get": { "tags": [ @@ -1891,17 +2421,6 @@ }, "components": { "schemas": { - "RolesRequest": { - "type": "object", - "properties": { - "roles": { - "type": "array", - "items": { - "type": "string" - } - } - } - }, "DatabaseThresholdsRequest": { "type": "object", "description": "Database monitoring thresholds", @@ -2069,6 +2588,20 @@ } } }, + "UpdateRoleRequest": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "description": { + "type": "string" + }, + "scope": { + "type": "string" + } + } + }, "OidcAdminConfigRequest": { "type": "object", "description": "OIDC configuration update request", @@ -2150,6 +2683,18 @@ } } }, + "UpdateGroupRequest": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "parentGroupId": { + "type": "string", + "format": "uuid" + } + } + }, "SearchRequest": { "type": "object", "properties": { @@ -2497,6 +3042,20 @@ "commandIds" ] }, + "CreateRoleRequest": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "description": { + "type": "string" + }, + "scope": { + "type": "string" + } + } + }, "OidcTestResult": { "type": "object", "description": "OIDC provider connectivity test result", @@ -2513,6 +3072,18 @@ "status" ] }, + "CreateGroupRequest": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "parentGroupId": { + "type": "string", + "format": "uuid" + } + } + }, "ExecutionStats": { "type": "object", "properties": { @@ -2898,7 +3469,37 @@ } } }, - "UserInfo": { + "GroupSummary": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "uuid" + }, + "name": { + "type": "string" + } + } + }, + "RoleSummary": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "uuid" + }, + "name": { + "type": "string" + }, + "system": { + "type": "boolean" + }, + "source": { + "type": "string" + } + } + }, + "UserDetail": { "type": "object", "properties": { "userId": { @@ -2913,25 +3514,117 @@ "displayName": { "type": "string" }, - "roles": { + "createdAt": { + "type": "string", + "format": "date-time" + }, + "directRoles": { "type": "array", "items": { - "type": "string" + "$ref": "#/components/schemas/RoleSummary" } }, + "directGroups": { + "type": "array", + "items": { + "$ref": "#/components/schemas/GroupSummary" + } + }, + "effectiveRoles": { + "type": "array", + "items": { + "$ref": "#/components/schemas/RoleSummary" + } + }, + "effectiveGroups": { + "type": "array", + "items": { + "$ref": "#/components/schemas/GroupSummary" + } + } + } + }, + "RoleDetail": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "uuid" + }, + "name": { + "type": "string" + }, + "description": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "system": { + "type": "boolean" + }, "createdAt": { "type": "string", "format": "date-time" + }, + "assignedGroups": { + "type": "array", + "items": { + "$ref": "#/components/schemas/GroupSummary" + } + }, + "directUsers": { + "type": "array", + "items": { + "$ref": "#/components/schemas/UserSummary" + } + }, + "effectivePrincipals": { + "type": "array", + "items": { + "$ref": "#/components/schemas/UserSummary" + } } - }, - "required": [ - "createdAt", - "displayName", - "email", - "provider", - "roles", - "userId" - ] + } + }, + "UserSummary": { + "type": "object", + "properties": { + "userId": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "provider": { + "type": "string" + } + } + }, + "RbacStats": { + "type": "object", + "properties": { + "userCount": { + "type": "integer", + "format": "int32" + }, + "activeUserCount": { + "type": "integer", + "format": "int32" + }, + "groupCount": { + "type": "integer", + "format": "int32" + }, + "maxGroupDepth": { + "type": "integer", + "format": "int32" + }, + "roleCount": { + "type": "integer", + "format": "int32" + } + } }, "OpenSearchStatusResponse": { "type": "object", @@ -3117,6 +3810,50 @@ } } }, + "GroupDetail": { + "type": "object", + "properties": { + "id": { + "type": "string", + "format": "uuid" + }, + "name": { + "type": "string" + }, + "parentGroupId": { + "type": "string", + "format": "uuid" + }, + "createdAt": { + "type": "string", + "format": "date-time" + }, + "directRoles": { + "type": "array", + "items": { + "$ref": "#/components/schemas/RoleSummary" + } + }, + "effectiveRoles": { + "type": "array", + "items": { + "$ref": "#/components/schemas/RoleSummary" + } + }, + "members": { + "type": "array", + "items": { + "$ref": "#/components/schemas/UserSummary" + } + }, + "childGroups": { + "type": "array", + "items": { + "$ref": "#/components/schemas/GroupSummary" + } + } + } + }, "TableSizeResponse": { "type": "object", "description": "Table size and row count information", @@ -3287,7 +4024,8 @@ "INFRA", "AUTH", "USER_MGMT", - "CONFIG" + "CONFIG", + "RBAC" ] }, "target": { @@ -3323,4 +4061,4 @@ } } } -} +} \ No newline at end of file diff --git a/ui/src/api/schema.d.ts b/ui/src/api/schema.d.ts index 69715ba9..71be5cc9 100644 --- a/ui/src/api/schema.d.ts +++ b/ui/src/api/schema.d.ts @@ -4,23 +4,6 @@ */ export interface paths { - "/admin/users/{userId}/roles": { - parameters: { - query?: never; - header?: never; - path?: never; - cookie?: never; - }; - get?: never; - /** Update user roles */ - put: operations["updateRoles"]; - post?: never; - delete?: never; - options?: never; - head?: never; - patch?: never; - trace?: never; - }; "/admin/thresholds": { parameters: { query?: never; @@ -39,6 +22,25 @@ export interface paths { patch?: never; trace?: never; }; + "/admin/roles/{id}": { + parameters: { + query?: never; + header?: never; + path?: never; + cookie?: never; + }; + /** Get role by ID with effective principals */ + get: operations["getRole"]; + /** Update a custom role */ + put: operations["updateRole"]; + post?: never; + /** Delete a custom role */ + delete: operations["deleteRole"]; + options?: never; + head?: never; + patch?: never; + trace?: never; + }; "/admin/oidc": { parameters: { query?: never; @@ -58,6 +60,25 @@ export interface paths { patch?: never; trace?: never; }; + "/admin/groups/{id}": { + parameters: { + query?: never; + header?: never; + path?: never; + cookie?: never; + }; + /** Get group by ID with effective roles */ + get: operations["getGroup"]; + /** Update group name or parent */ + put: operations["updateGroup"]; + post?: never; + /** Delete group */ + delete: operations["deleteGroup"]; + options?: never; + head?: never; + patch?: never; + trace?: never; + }; "/search/executions": { parameters: { query?: never; @@ -327,6 +348,60 @@ export interface paths { patch?: never; trace?: never; }; + "/admin/users/{userId}/roles/{roleId}": { + parameters: { + query?: never; + header?: never; + path?: never; + cookie?: never; + }; + get?: never; + put?: never; + /** Assign a role to a user */ + post: operations["assignRoleToUser"]; + /** Remove a role from a user */ + delete: operations["removeRoleFromUser"]; + options?: never; + head?: never; + patch?: never; + trace?: never; + }; + "/admin/users/{userId}/groups/{groupId}": { + parameters: { + query?: never; + header?: never; + path?: never; + cookie?: never; + }; + get?: never; + put?: never; + /** Add a user to a group */ + post: operations["addUserToGroup"]; + /** Remove a user from a group */ + delete: operations["removeUserFromGroup"]; + options?: never; + head?: never; + patch?: never; + trace?: never; + }; + "/admin/roles": { + parameters: { + query?: never; + header?: never; + path?: never; + cookie?: never; + }; + /** List all roles (system and custom) */ + get: operations["listRoles"]; + put?: never; + /** Create a custom role */ + post: operations["createRole"]; + delete?: never; + options?: never; + head?: never; + patch?: never; + trace?: never; + }; "/admin/oidc/test": { parameters: { query?: never; @@ -344,6 +419,42 @@ export interface paths { patch?: never; trace?: never; }; + "/admin/groups": { + parameters: { + query?: never; + header?: never; + path?: never; + cookie?: never; + }; + /** List all groups with hierarchy and effective roles */ + get: operations["listGroups"]; + put?: never; + /** Create a new group */ + post: operations["createGroup"]; + delete?: never; + options?: never; + head?: never; + patch?: never; + trace?: never; + }; + "/admin/groups/{id}/roles/{roleId}": { + parameters: { + query?: never; + header?: never; + path?: never; + cookie?: never; + }; + get?: never; + put?: never; + /** Assign a role to a group */ + post: operations["assignRoleToGroup"]; + /** Remove a role from a group */ + delete: operations["removeRoleFromGroup"]; + options?: never; + head?: never; + patch?: never; + trace?: never; + }; "/admin/database/queries/{pid}/kill": { parameters: { query?: never; @@ -533,7 +644,7 @@ export interface paths { path?: never; cookie?: never; }; - /** List all users */ + /** List all users with RBAC detail */ get: operations["listUsers"]; put?: never; post?: never; @@ -550,7 +661,7 @@ export interface paths { path?: never; cookie?: never; }; - /** Get user by ID */ + /** Get user by ID with RBAC detail */ get: operations["getUser"]; put?: never; post?: never; @@ -561,6 +672,23 @@ export interface paths { patch?: never; trace?: never; }; + "/admin/rbac/stats": { + parameters: { + query?: never; + header?: never; + path?: never; + cookie?: never; + }; + /** Get RBAC statistics for the dashboard */ + get: operations["getStats"]; + put?: never; + post?: never; + delete?: never; + options?: never; + head?: never; + patch?: never; + trace?: never; + }; "/admin/opensearch/status": { parameters: { query?: never; @@ -735,9 +863,6 @@ export interface paths { export type webhooks = Record; export interface components { schemas: { - RolesRequest: { - roles?: string[]; - }; /** @description Database monitoring thresholds */ DatabaseThresholdsRequest: { /** @@ -833,6 +958,11 @@ export interface components { database?: components["schemas"]["DatabaseThresholds"]; opensearch?: components["schemas"]["OpenSearchThresholds"]; }; + UpdateRoleRequest: { + name?: string; + description?: string; + scope?: string; + }; /** @description OIDC configuration update request */ OidcAdminConfigRequest: { enabled?: boolean; @@ -860,6 +990,11 @@ export interface components { autoSignup?: boolean; displayNameClaim?: string; }; + UpdateGroupRequest: { + name?: string; + /** Format: uuid */ + parentGroupId?: string; + }; SearchRequest: { status?: string; /** Format: date-time */ @@ -978,11 +1113,21 @@ export interface components { /** Format: int32 */ targetCount?: number; }; + CreateRoleRequest: { + name?: string; + description?: string; + scope?: string; + }; /** @description OIDC provider connectivity test result */ OidcTestResult: { status: string; authorizationEndpoint: string; }; + CreateGroupRequest: { + name?: string; + /** Format: uuid */ + parentGroupId?: string; + }; ExecutionStats: { /** Format: int64 */ totalCount: number; @@ -1107,14 +1252,59 @@ export interface components { /** Format: int64 */ timeout?: number; }; - UserInfo: { - userId: string; - provider: string; - email: string; - displayName: string; - roles: string[]; + GroupSummary: { + /** Format: uuid */ + id?: string; + name?: string; + }; + RoleSummary: { + /** Format: uuid */ + id?: string; + name?: string; + system?: boolean; + source?: string; + }; + UserDetail: { + userId?: string; + provider?: string; + email?: string; + displayName?: string; /** Format: date-time */ - createdAt: string; + createdAt?: string; + directRoles?: components["schemas"]["RoleSummary"][]; + directGroups?: components["schemas"]["GroupSummary"][]; + effectiveRoles?: components["schemas"]["RoleSummary"][]; + effectiveGroups?: components["schemas"]["GroupSummary"][]; + }; + RoleDetail: { + /** Format: uuid */ + id?: string; + name?: string; + description?: string; + scope?: string; + system?: boolean; + /** Format: date-time */ + createdAt?: string; + assignedGroups?: components["schemas"]["GroupSummary"][]; + directUsers?: components["schemas"]["UserSummary"][]; + effectivePrincipals?: components["schemas"]["UserSummary"][]; + }; + UserSummary: { + userId?: string; + displayName?: string; + provider?: string; + }; + RbacStats: { + /** Format: int32 */ + userCount?: number; + /** Format: int32 */ + activeUserCount?: number; + /** Format: int32 */ + groupCount?: number; + /** Format: int32 */ + maxGroupDepth?: number; + /** Format: int32 */ + roleCount?: number; }; /** @description OpenSearch cluster status */ OpenSearchStatusResponse: { @@ -1264,6 +1454,19 @@ export interface components { */ totalPages?: number; }; + GroupDetail: { + /** Format: uuid */ + id?: string; + name?: string; + /** Format: uuid */ + parentGroupId?: string; + /** Format: date-time */ + createdAt?: string; + directRoles?: components["schemas"]["RoleSummary"][]; + effectiveRoles?: components["schemas"]["RoleSummary"][]; + members?: components["schemas"]["UserSummary"][]; + childGroups?: components["schemas"]["GroupSummary"][]; + }; /** @description Table size and row count information */ TableSizeResponse: { /** @description Table name */ @@ -1379,7 +1582,7 @@ export interface components { username?: string; action?: string; /** @enum {string} */ - category?: "INFRA" | "AUTH" | "USER_MGMT" | "CONFIG"; + category?: "INFRA" | "AUTH" | "USER_MGMT" | "CONFIG" | "RBAC"; target?: string; detail?: { [key: string]: Record; @@ -1398,37 +1601,6 @@ export interface components { } export type $defs = Record; export interface operations { - updateRoles: { - parameters: { - query?: never; - header?: never; - path: { - userId: string; - }; - cookie?: never; - }; - requestBody: { - content: { - "application/json": components["schemas"]["RolesRequest"]; - }; - }; - responses: { - /** @description Roles updated */ - 200: { - headers: { - [name: string]: unknown; - }; - content?: never; - }; - /** @description User not found */ - 404: { - headers: { - [name: string]: unknown; - }; - content?: never; - }; - }; - }; getThresholds: { parameters: { query?: never; @@ -1473,6 +1645,109 @@ export interface operations { }; }; }; + getRole: { + parameters: { + query?: never; + header?: never; + path: { + id: string; + }; + cookie?: never; + }; + requestBody?: never; + responses: { + /** @description Role found */ + 200: { + headers: { + [name: string]: unknown; + }; + content: { + "*/*": components["schemas"]["RoleDetail"]; + }; + }; + /** @description Role not found */ + 404: { + headers: { + [name: string]: unknown; + }; + content: { + "*/*": components["schemas"]["RoleDetail"]; + }; + }; + }; + }; + updateRole: { + parameters: { + query?: never; + header?: never; + path: { + id: string; + }; + cookie?: never; + }; + requestBody: { + content: { + "application/json": components["schemas"]["UpdateRoleRequest"]; + }; + }; + responses: { + /** @description Role updated */ + 200: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + /** @description Cannot modify system role */ + 403: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + /** @description Role not found */ + 404: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + }; + }; + deleteRole: { + parameters: { + query?: never; + header?: never; + path: { + id: string; + }; + cookie?: never; + }; + requestBody?: never; + responses: { + /** @description Role deleted */ + 204: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + /** @description Cannot delete system role */ + 403: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + /** @description Role not found */ + 404: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + }; + }; getConfig: { parameters: { query?: never; @@ -1544,6 +1819,102 @@ export interface operations { }; }; }; + getGroup: { + parameters: { + query?: never; + header?: never; + path: { + id: string; + }; + cookie?: never; + }; + requestBody?: never; + responses: { + /** @description Group found */ + 200: { + headers: { + [name: string]: unknown; + }; + content: { + "*/*": components["schemas"]["GroupDetail"]; + }; + }; + /** @description Group not found */ + 404: { + headers: { + [name: string]: unknown; + }; + content: { + "*/*": components["schemas"]["GroupDetail"]; + }; + }; + }; + }; + updateGroup: { + parameters: { + query?: never; + header?: never; + path: { + id: string; + }; + cookie?: never; + }; + requestBody: { + content: { + "application/json": components["schemas"]["UpdateGroupRequest"]; + }; + }; + responses: { + /** @description Group updated */ + 200: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + /** @description Group not found */ + 404: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + /** @description Cycle detected in group hierarchy */ + 409: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + }; + }; + deleteGroup: { + parameters: { + query?: never; + header?: never; + path: { + id: string; + }; + cookie?: never; + }; + requestBody?: never; + responses: { + /** @description Group deleted */ + 204: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + /** @description Group not found */ + 404: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + }; + }; searchGet: { parameters: { query?: { @@ -2045,6 +2416,143 @@ export interface operations { }; }; }; + assignRoleToUser: { + parameters: { + query?: never; + header?: never; + path: { + userId: string; + roleId: string; + }; + cookie?: never; + }; + requestBody?: never; + responses: { + /** @description Role assigned */ + 200: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + /** @description User or role not found */ + 404: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + }; + }; + removeRoleFromUser: { + parameters: { + query?: never; + header?: never; + path: { + userId: string; + roleId: string; + }; + cookie?: never; + }; + requestBody?: never; + responses: { + /** @description Role removed */ + 204: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + }; + }; + addUserToGroup: { + parameters: { + query?: never; + header?: never; + path: { + userId: string; + groupId: string; + }; + cookie?: never; + }; + requestBody?: never; + responses: { + /** @description User added to group */ + 200: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + }; + }; + removeUserFromGroup: { + parameters: { + query?: never; + header?: never; + path: { + userId: string; + groupId: string; + }; + cookie?: never; + }; + requestBody?: never; + responses: { + /** @description User removed from group */ + 204: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + }; + }; + listRoles: { + parameters: { + query?: never; + header?: never; + path?: never; + cookie?: never; + }; + requestBody?: never; + responses: { + /** @description Role list returned */ + 200: { + headers: { + [name: string]: unknown; + }; + content: { + "*/*": components["schemas"]["RoleDetail"][]; + }; + }; + }; + }; + createRole: { + parameters: { + query?: never; + header?: never; + path?: never; + cookie?: never; + }; + requestBody: { + content: { + "application/json": components["schemas"]["CreateRoleRequest"]; + }; + }; + responses: { + /** @description Role created */ + 200: { + headers: { + [name: string]: unknown; + }; + content: { + "*/*": { + [key: string]: string; + }; + }; + }; + }; + }; testConnection: { parameters: { query?: never; @@ -2074,6 +2582,108 @@ export interface operations { }; }; }; + listGroups: { + parameters: { + query?: never; + header?: never; + path?: never; + cookie?: never; + }; + requestBody?: never; + responses: { + /** @description Group list returned */ + 200: { + headers: { + [name: string]: unknown; + }; + content: { + "*/*": components["schemas"]["GroupDetail"][]; + }; + }; + }; + }; + createGroup: { + parameters: { + query?: never; + header?: never; + path?: never; + cookie?: never; + }; + requestBody: { + content: { + "application/json": components["schemas"]["CreateGroupRequest"]; + }; + }; + responses: { + /** @description Group created */ + 200: { + headers: { + [name: string]: unknown; + }; + content: { + "*/*": { + [key: string]: string; + }; + }; + }; + }; + }; + assignRoleToGroup: { + parameters: { + query?: never; + header?: never; + path: { + id: string; + roleId: string; + }; + cookie?: never; + }; + requestBody?: never; + responses: { + /** @description Role assigned to group */ + 200: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + /** @description Group not found */ + 404: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + }; + }; + removeRoleFromGroup: { + parameters: { + query?: never; + header?: never; + path: { + id: string; + roleId: string; + }; + cookie?: never; + }; + requestBody?: never; + responses: { + /** @description Role removed from group */ + 204: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + /** @description Group not found */ + 404: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + }; + }; killQuery: { parameters: { query?: never; @@ -2395,7 +3005,7 @@ export interface operations { [name: string]: unknown; }; content: { - "*/*": components["schemas"]["UserInfo"][]; + "*/*": components["schemas"]["UserDetail"][]; }; }; }; @@ -2417,7 +3027,7 @@ export interface operations { [name: string]: unknown; }; content: { - "*/*": components["schemas"]["UserInfo"]; + "*/*": components["schemas"]["UserDetail"]; }; }; /** @description User not found */ @@ -2426,7 +3036,7 @@ export interface operations { [name: string]: unknown; }; content: { - "*/*": components["schemas"]["UserInfo"]; + "*/*": components["schemas"]["UserDetail"]; }; }; }; @@ -2451,6 +3061,26 @@ export interface operations { }; }; }; + getStats: { + parameters: { + query?: never; + header?: never; + path?: never; + cookie?: never; + }; + requestBody?: never; + responses: { + /** @description RBAC stats returned */ + 200: { + headers: { + [name: string]: unknown; + }; + content: { + "*/*": components["schemas"]["RbacStats"]; + }; + }; + }; + }; getStatus: { parameters: { query?: never; diff --git a/ui/src/api/types.ts b/ui/src/api/types.ts index 64916171..54a1689d 100644 --- a/ui/src/api/types.ts +++ b/ui/src/api/types.ts @@ -6,7 +6,6 @@ export type ExecutionDetail = components['schemas']['ExecutionDetail']; export type ExecutionStats = components['schemas']['ExecutionStats']; export type StatsTimeseries = components['schemas']['StatsTimeseries']; export type TimeseriesBucket = components['schemas']['TimeseriesBucket']; -export type UserInfo = components['schemas']['UserInfo']; export type ProcessorNode = components['schemas']['ProcessorNode']; export type AgentInstance = components['schemas']['AgentInstanceResponse']; export type OidcAdminConfigResponse = components['schemas']['OidcAdminConfigResponse'];