Add Roles API (#30)

To drive the UI.
unikorn-cloud · Apr 5, 2024 · 8865825 · 8865825
1 parent 7447b7b
commit 8865825
Show file tree

Hide file tree

Showing 9 changed files with 424 additions and 140 deletions.
diff --git a/charts/identity/Chart.yaml b/charts/identity/Chart.yaml
@@ -4,7 +4,7 @@ description: A Helm chart for deploying Unikorn's IdP
 
 type: application
 
-version: v0.1.23
-appVersion: v0.1.23
+version: v0.1.24
+appVersion: v0.1.24
 
 icon: https://raw.githubusercontent.com/unikorn-cloud/assets/main/images/logos/dark-on-light/icon.png
diff --git a/charts/identity/values.yaml b/charts/identity/values.yaml
@@ -61,7 +61,6 @@ roles:
   default:
     isDefault: true
     scopes:
-      roles: [read]
       organizations: [read]
   reader:
     scopes:

diff --git a/openapi/server.spec.yaml b/openapi/server.spec.yaml
@@ -192,6 +192,26 @@ paths:
           $ref: '#/components/responses/unauthorizedResponse'
         '500':
           $ref: '#/components/responses/internalServerErrorResponse'
+  /api/v1/organizations/{organization}/roles:
+    description: |-
+      Allows management of roles that define access control permissions for
+      users that are linked to them via a group.
+    parameters:
+    - $ref: '#/components/parameters/organizationParameter'
+    get:
+      description: |-
+        Returns roles that can be used by the organization.
+      security:
+      - oauth2Authentication: []
+      responses:
+        '200':
+          $ref: '#/components/responses/rolesResponse'
+        '401':
+          $ref: '#/components/responses/unauthorizedResponse'
+        '403':
+          $ref: '#/components/responses/forbiddenResponse'
+        '500':
+          $ref: '#/components/responses/internalServerErrorResponse'
   /api/v1/organizations/{organization}/oauth2/providers:
     description: |-
       Allows management of oauth2 providers.  The identity service is typically
@@ -927,6 +947,17 @@ components:
             scopes:
               organizations:
               - read
+    rolesResponse:
+      description: |-
+        A set of roles within the organization.
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/roleList'
+          example:
+          - admin
+          - user
+          - reader
     groupResponse:
       description: |-
         A group in the organization.

diff --git a/pkg/generated/client.go b/pkg/generated/client.go
diff --git a/pkg/generated/router.go b/pkg/generated/router.go