core/v2/clusterroles
NOTE: Requests to core/v2/clusterroles API endpoints require you to authenticate with a Sensu API key or access token.
The code examples in this document use the environment variable $SENSU_API_KEY to represent a valid API key in API requests.
Get all cluster roles
The /clusterroles API endpoint provides HTTP GET access to cluster role data.
Example
The following example demonstrates a GET request to the /clusterroles API endpoint:
curl -X GET \
http://127.0.0.1:8080/api/core/v2/clusterroles \
-H "Authorization: Key $SENSU_API_KEY"The request results in a successful HTTP/1.1 200 OK response and a JSON array that contains the cluster role definitions:
[
{
"rules": [
{
"verbs": [
"*"
],
"resources": [
"assets",
"checks",
"entities",
"extensions",
"events",
"filters",
"handlers",
"hooks",
"mutators",
"silenced",
"roles",
"rolebindings"
],
"resource_names": null
},
{
"verbs": [
"get",
"list"
],
"resources": [
"namespaces"
],
"resource_names": null
}
],
"metadata": {
"name": "admin"
}
},
{
"rules": [
{
"verbs": [
"*"
],
"resources": [
"*"
],
"resource_names": null
}
],
"metadata": {
"name": "cluster-admin",
"created_by": "admin"
}
}
]API Specification
| /clusterroles (GET) | |
|---|---|
| description | Returns the list of cluster roles. |
| example url | http://hostname:8080/api/core/v2/clusterroles |
| pagination | This endpoint supports pagination using the limit and continue query parameters. |
| response filtering | This endpoint supports API response filtering. |
| response type | Array |
| response codes |
|
| output | |
Create a new cluster role
The /clusterroles API endpoint provides HTTP POST access to create a cluster role.
Example
In the following example, an HTTP POST request is submitted to the /clusterroles API endpoint to create a global-event-reader cluster role.
The request includes the cluster role definition in the request body:
curl -X POST \
-H "Authorization: Key $SENSU_API_KEY" \
-H 'Content-Type: application/json' \
-d '{
"metadata": {
"name": "global-event-reader"
},
"rules": [
{
"verbs": [
"get",
"list"
],
"resources": [
"events"
],
"resource_names": null
}
]
}' \
http://127.0.0.1:8080/api/core/v2/clusterrolesThe request will return a successful HTTP/1.1 201 Created response.
API Specification
| /clusterroles (POST) | |
|---|---|
| description | Creates a Sensu cluster role. |
| example URL | http://hostname:8080/api/core/v2/clusterroles |
| payload | |
| response codes |
|
Get a specific cluster role
The /clusterroles/:clusterrole API endpoint provides HTTP GET access to cluster role data for specific :clusterrole definitions, by cluster role name.
Example
The following example queries the /clusterroles/:clusterrole API endpoint for the :clusterrole named global-event-reader:
curl -X GET \
http://127.0.0.1:8080/api/core/v2/clusterroles/global-event-reader \
-H "Authorization: Key $SENSU_API_KEY"The request will return a successful HTTP/1.1 200 OK response and a JSON map that contains the requested :clusterrole definition (in this example, global-event-reader):
{
"metadata": {
"name": "global-event-reader",
"created_by": "admin"
},
"rules": [
{
"verbs": [
"get",
"list"
],
"resources": [
"events"
],
"resource_names": null
}
]
}API Specification
| /clusterroles/:clusterrole (GET) | |
|---|---|
| description | Returns the specified cluster role. |
| example url | http://hostname:8080/api/core/v2/clusterroles/global-event-reader |
| response type | Map |
| response codes |
|
| output | |
Create or update a cluster role
The /clusterroles/:clusterrole API endpoint provides HTTP PUT access to create or update a cluster role, by cluster role name.
Example
In the following example, an HTTP PUT request is submitted to the /clusterroles/:clusterrole API endpoint to update the global-event-reader cluster role by adding "checks" to the resources:
curl -X PUT \
-H "Authorization: Key $SENSU_API_KEY" \
-H 'Content-Type: application/json' \
-d '{
"metadata": {
"name": "global-event-reader"
},
"rules": [
{
"verbs": [
"get",
"list"
],
"resources": [
"checks",
"events"
],
"resource_names": null
}
]
}' \
http://127.0.0.1:8080/api/core/v2/clusterrolesThe request will return a successful HTTP/1.1 201 Created response.
API Specification
| /clusterroles/:clusterrole (PUT) | |
|---|---|
| description | Creates or updates the specified Sensu cluster role. |
| example URL | http://hostname:8080/api/core/v2/clusterroles/global-event-reader |
| payload | |
| response codes |
|
Update a cluster role with PATCH
The /clusterroles/:clusterrole API endpoint provides HTTP PATCH access to update :clusterrole definitions, specified by cluster role name.
NOTE: You cannot change a resource’s name or namespace with a PATCH request.
Use a PUT request instead.
Also, you cannot add elements to an array with a PATCH request — you must replace the entire array.
Example
In the following example, an HTTP PATCH request is submitted to the /clusterroles/:clusterrole API endpoint to update the verbs array within the rules array for the global-event-admin cluster role, resulting in a HTTP/1.1 200 OK response and the updated check definition.
We support JSON merge patches, so you must set the Content-Type header to application/merge-patch+json for PATCH requests.
curl -X PATCH \
-H "Authorization: Key $SENSU_API_KEY" \
-H 'Content-Type: application/merge-patch+json' \
-d '{
"rules": [
{
"verbs": [
"*"
],
"resources": [
"events"
],
"resource_names": null
}
]
}' \
http://127.0.0.1:8080/api/core/v2/clusterroles/global-event-adminAPI Specification
| /clusterroles/:clusterrole (PATCH) | |
|---|---|
| description | Updates the specified Sensu cluster role. |
| example URL | http://hostname:8080/api/core/v2/clusterroles/global-event-admin |
| payload | |
| response codes |
|
Delete a cluster role
The /clusterroles/:clusterrole API endpoint provides HTTP DELETE access to delete a cluster role from Sensu (specified by the cluster role name).
Example
The following example shows a request to the /clusterroles/:clusterrole API endpoint to delete the cluster role global-event-reader, resulting in a successful HTTP/1.1 204 No Content response:
curl -X DELETE \
-H "Authorization: Key $SENSU_API_KEY" \
http://127.0.0.1:8080/api/core/v2/clusterroles/global-event-readerAPI Specification
| /clusterroles/:clusterrole (DELETE) | |
|---|---|
| description | Removes a cluster role from Sensu (specified by the cluster role name). |
| example url | http://hostname:8080/api/core/v2/clusterroles/global-event-reader |
| response codes |
|
Get a subset of cluster roles with response filtering
The /clusterroles API endpoint supports response filtering for a subset of cluster role data based on labels and the clusterrole.name field.
Example
The following example demonstrates a request to the /clusterroles API endpoint with response filtering for only cluster role definitions whose clusterrole.name includes admin:
curl -H "Authorization: Key $SENSU_API_KEY" http://127.0.0.1:8080/api/core/v2/clusterroles -G \
--data-urlencode 'fieldSelector=clusterrole.name matches "admin"'The example request will result in a successful HTTP/1.1 200 OK response and a JSON array that contains only cluster role definitions whose clusterrole.name includes admin:
[
{
"rules": [
{
"verbs": [
"*"
],
"resources": [
"assets",
"checks",
"entities",
"events",
"filters",
"handlers",
"hooks",
"mutators",
"silenced",
"roles",
"rolebindings"
],
"resource_names": null
},
{
"verbs": [
"get",
"list"
],
"resources": [
"namespaces"
],
"resource_names": null
}
],
"metadata": {
"name": "admin"
}
},
{
"rules": [
{
"verbs": [
"*"
],
"resources": [
"*"
],
"resource_names": null
}
],
"metadata": {
"name": "cluster-admin"
}
}
]NOTE: Read API response filtering for more filter statement examples that demonstrate how to filter responses using different operators with label and field selectors.
API Specification
| /clusterroles (GET) with response filters | |
|---|---|
| description | Returns the list of cluster roles that match the response filters applied in the API request. |
| example url | http://hostname:8080/api/core/v2/clusterroles |
| pagination | This endpoint supports pagination using the limit and continue query parameters. |
| response type | Array |
| response codes |
|
| output | |
