core/v2/clusterroles
NOTE: Requests to core/v2/clusterroles
API endpoints require you to authenticate with a Sensu API key or access token.
The code examples in this document use the environment variable $SENSU_API_KEY
to represent a valid API key in API requests.
Get all cluster roles
The /clusterroles
API endpoint provides HTTP GET access to cluster role data.
Example
The following example demonstrates a GET request to the /clusterroles
API endpoint:
curl -X GET \
http://127.0.0.1:8080/api/core/v2/clusterroles \
-H "Authorization: Key $SENSU_API_KEY"
The request results in a successful HTTP/1.1 200 OK
response and a JSON array that contains the cluster role definitions:
[
{
"rules": [
{
"verbs": [
"*"
],
"resources": [
"assets",
"checks",
"entities",
"extensions",
"events",
"filters",
"handlers",
"hooks",
"mutators",
"silenced",
"roles",
"rolebindings"
],
"resource_names": null
},
{
"verbs": [
"get",
"list"
],
"resources": [
"namespaces"
],
"resource_names": null
}
],
"metadata": {
"name": "admin"
}
},
{
"rules": [
{
"verbs": [
"*"
],
"resources": [
"*"
],
"resource_names": null
}
],
"metadata": {
"name": "cluster-admin",
"created_by": "admin"
}
}
]
API Specification
/clusterroles (GET) | |
---|---|
description | Returns the list of cluster roles. |
example url | http://hostname:8080/api/core/v2/clusterroles |
pagination | This endpoint supports pagination using the limit and continue query parameters. |
response filtering | This endpoint supports API response filtering. |
response type | Array |
response codes |
|
output |
|
Create a new cluster role
The /clusterroles
API endpoint provides HTTP POST access to create a cluster role.
Example
In the following example, an HTTP POST request is submitted to the /clusterroles
API endpoint to create a global-event-reader
cluster role.
The request includes the cluster role definition in the request body:
curl -X POST \
-H "Authorization: Key $SENSU_API_KEY" \
-H 'Content-Type: application/json' \
-d '{
"metadata": {
"name": "global-event-reader"
},
"rules": [
{
"verbs": [
"get",
"list"
],
"resources": [
"events"
],
"resource_names": null
}
]
}' \
http://127.0.0.1:8080/api/core/v2/clusterroles
The request will return a successful HTTP/1.1 201 Created
response.
API Specification
/clusterroles (POST) | |
---|---|
description | Creates a Sensu cluster role. |
example URL | http://hostname:8080/api/core/v2/clusterroles |
payload |
|
response codes |
|
Get a specific cluster role
The /clusterroles/:clusterrole
API endpoint provides HTTP GET access to cluster role data for specific :clusterrole
definitions, by cluster role name
.
Example
The following example queries the /clusterroles/:clusterrole
API endpoint for the :clusterrole
named global-event-reader
:
curl -X GET \
http://127.0.0.1:8080/api/core/v2/clusterroles/global-event-reader \
-H "Authorization: Key $SENSU_API_KEY"
The request will return a successful HTTP/1.1 200 OK
response and a JSON map that contains the requested :clusterrole
definition (in this example, global-event-reader
):
{
"metadata": {
"name": "global-event-reader",
"created_by": "admin"
},
"rules": [
{
"verbs": [
"get",
"list"
],
"resources": [
"events"
],
"resource_names": null
}
]
}
API Specification
/clusterroles/:clusterrole (GET) | |
---|---|
description | Returns the specified cluster role. |
example url | http://hostname:8080/api/core/v2/clusterroles/global-event-reader |
response type | Map |
response codes |
|
output |
|
Create or update a cluster role
The /clusterroles/:clusterrole
API endpoint provides HTTP PUT access to create or update a cluster role, by cluster role name.
Example
In the following example, an HTTP PUT request is submitted to the /clusterroles/:clusterrole
API endpoint to update the global-event-reader
cluster role by adding "checks"
to the resources:
curl -X PUT \
-H "Authorization: Key $SENSU_API_KEY" \
-H 'Content-Type: application/json' \
-d '{
"metadata": {
"name": "global-event-reader"
},
"rules": [
{
"verbs": [
"get",
"list"
],
"resources": [
"checks",
"events"
],
"resource_names": null
}
]
}' \
http://127.0.0.1:8080/api/core/v2/clusterroles
The request will return a successful HTTP/1.1 201 Created
response.
API Specification
/clusterroles/:clusterrole (PUT) | |
---|---|
description | Creates or updates the specified Sensu cluster role. |
example URL | http://hostname:8080/api/core/v2/clusterroles/global-event-reader |
payload |
|
response codes |
|
Update a cluster role with PATCH
The /clusterroles/:clusterrole
API endpoint provides HTTP PATCH access to update :clusterrole
definitions, specified by cluster role name.
NOTE: You cannot change a resource’s name
or namespace
with a PATCH request.
Use a PUT request instead.
Also, you cannot add elements to an array with a PATCH request — you must replace the entire array.
Example
In the following example, an HTTP PATCH request is submitted to the /clusterroles/:clusterrole
API endpoint to update the verbs array within the rules array for the global-event-admin
cluster role, resulting in a HTTP/1.1 200 OK
response and the updated check definition.
We support JSON merge patches, so you must set the Content-Type
header to application/merge-patch+json
for PATCH requests.
curl -X PATCH \
-H "Authorization: Key $SENSU_API_KEY" \
-H 'Content-Type: application/merge-patch+json' \
-d '{
"rules": [
{
"verbs": [
"*"
],
"resources": [
"events"
],
"resource_names": null
}
]
}' \
http://127.0.0.1:8080/api/core/v2/clusterroles/global-event-admin
API Specification
/clusterroles/:clusterrole (PATCH) | |
---|---|
description | Updates the specified Sensu cluster role. |
example URL | http://hostname:8080/api/core/v2/clusterroles/global-event-admin |
payload |
|
response codes |
|
Delete a cluster role
The /clusterroles/:clusterrole
API endpoint provides HTTP DELETE access to delete a cluster role from Sensu (specified by the cluster role name).
Example
The following example shows a request to the /clusterroles/:clusterrole
API endpoint to delete the cluster role global-event-reader
, resulting in a successful HTTP/1.1 204 No Content
response:
curl -X DELETE \
-H "Authorization: Key $SENSU_API_KEY" \
http://127.0.0.1:8080/api/core/v2/clusterroles/global-event-reader
API Specification
/clusterroles/:clusterrole (DELETE) | |
---|---|
description | Removes a cluster role from Sensu (specified by the cluster role name). |
example url | http://hostname:8080/api/core/v2/clusterroles/global-event-reader |
response codes |
|
Get a subset of cluster roles with response filtering
The /clusterroles
API endpoint supports response filtering for a subset of cluster role data based on labels and the clusterrole.name
field.
Example
The following example demonstrates a request to the /clusterroles
API endpoint with response filtering for only cluster role definitions whose clusterrole.name
includes admin
:
curl -H "Authorization: Key $SENSU_API_KEY" http://127.0.0.1:8080/api/core/v2/clusterroles -G \
--data-urlencode 'fieldSelector=clusterrole.name matches "admin"'
The example request will result in a successful HTTP/1.1 200 OK
response and a JSON array that contains only cluster role definitions whose clusterrole.name
includes admin
:
[
{
"rules": [
{
"verbs": [
"*"
],
"resources": [
"assets",
"checks",
"entities",
"events",
"filters",
"handlers",
"hooks",
"mutators",
"silenced",
"roles",
"rolebindings"
],
"resource_names": null
},
{
"verbs": [
"get",
"list"
],
"resources": [
"namespaces"
],
"resource_names": null
}
],
"metadata": {
"name": "admin"
}
},
{
"rules": [
{
"verbs": [
"*"
],
"resources": [
"*"
],
"resource_names": null
}
],
"metadata": {
"name": "cluster-admin"
}
}
]
NOTE: Read API response filtering for more filter statement examples that demonstrate how to filter responses using different operators with label and field selectors.
API Specification
/clusterroles (GET) with response filters | |
---|---|
description | Returns the list of cluster roles that match the response filters applied in the API request. |
example url | http://hostname:8080/api/core/v2/clusterroles |
pagination | This endpoint supports pagination using the limit and continue query parameters. |
response type | Array |
response codes |
|
output |
|