core/v2/roles
NOTE: Requests to core/v2/roles API endpoints require you to authenticate with a Sensu API key or access token.
The code examples in this document use the environment variable $SENSU_API_KEY to represent a valid API key in API requests.
Get all roles
The /roles API endpoint provides HTTP GET access to role data.
Example
The following example demonstrates a GET request to the /roles API endpoint:
curl -X GET \
http://127.0.0.1:8080/api/core/v2/namespaces/default/roles \
-H "Authorization: Key $SENSU_API_KEY"The request results in a successful HTTP/1.1 200 OK response and a JSON array that contains the role definitions in the default namespace:
[
{
"rules": [
{
"verbs": [
"get",
"list"
],
"resources": [
"events"
],
"resource_names": null
}
],
"metadata": {
"name": "event-reader",
"namespace": "default",
:created_by": "admin"
}
},
{
"rules": [
{
"verbs": [
"get"
],
"resources": [
"*"
],
"resource_names": null
}
],
"metadata": {
"name": "read-only",
"namespace": "default",
"created_by": "admin"
}
}
]API Specification
| /roles (GET) | |
|---|---|
| description | Returns the list of roles. |
| example url | http://hostname:8080/api/core/v2/namespaces/default/roles |
| pagination | This endpoint supports pagination using the limit and continue query parameters. |
| response filtering | This endpoint supports API response filtering. |
| response type | Array |
| response codes |
|
| output | |
Create a new role
The /roles API endpoint provides HTTP POST access to create Sensu roles.
Example
In the following example, an HTTP POST request is submitted to the /roles API endpoint to create a role named event-reader:
curl -X POST \
-H "Authorization: Key $SENSU_API_KEY" \
-H 'Content-Type: application/json' \
-d '{
"rules": [
{
"verbs": [
"get",
"list"
],
"resources": [
"events"
],
"resource_names": []
}
],
"metadata": {
"name": "event-reader",
"namespace": "default"
}
}' \
http://127.0.0.1:8080/api/core/v2/namespaces/default/rolesThe request will return a successful HTTP/1.1 201 Created response.
API Specification
| /roles (POST) | |
|---|---|
| description | Creates a Sensu role. |
| example URL | http://hostname:8080/api/core/v2/namespaces/default/roles |
| payload | |
| response codes |
|
Get a specific role
The /roles/:role API endpoint provides HTTP GET access to role data for specific :role definitions, by role name.
Example
The following example queries the /roles/:role API endpoint for the :role named read-only:
curl -X GET \
http://127.0.0.1:8080/api/core/v2/namespaces/default/roles/read-only \
-H "Authorization: Key $SENSU_API_KEY"The request will return a successful HTTP/1.1 200 OK response and a JSON map that contains the requested :role definition (in this example, read-only):
{
"rules": [
{
"verbs": [
"read"
],
"resources": [
"*"
],
"resource_names": null
}
],
"metadata": {
"name": "read-only",
"namespace": "default",
"created_by": "admin"
}
}API Specification
| /roles/:role (GET) | |
|---|---|
| description | Returns the specified Sensu role. |
| example url | http://hostname:8080/api/core/v2/namespaces/default/roles/read-only |
| response type | Map |
| response codes |
|
| output | |
Create or update a role
The /roles/:role API endpoint provides HTTP PUT access to create or update specific :role definitions, by role name.
Example
In the following example, an HTTP PUT request is submitted to the /roles/:role API endpoint to create the role read-only:
curl -X PUT \
-H "Authorization: Key $SENSU_API_KEY" \
-H 'Content-Type: application/json' \
-d '{
"rules": [
{
"verbs": [
"read"
],
"resources": [
"*"
],
"resource_names": null
}
],
"metadata": {
"name": "read-only",
"namespace": "default"
}
}' \
http://127.0.0.1:8080/api/core/v2/namespaces/default/roles/read-onlyThe request will return a successful HTTP/1.1 201 Created response.
API Specification
| /roles/:role (PUT) | |
|---|---|
| description | Creates or updates the specified Sensu role. |
| example URL | http://hostname:8080/api/core/v2/namespaces/default/roles/event-reader |
| payload | |
| response codes |
|
Update a role with PATCH
The /roles/:role API endpoint provides HTTP PATCH access to update :role definitions, specified by role name.
NOTE: You cannot change a resource’s name or namespace with a PATCH request.
Use a PUT request instead.
Also, you cannot add elements to an array with a PATCH request — you must replace the entire array.
Example
In the following example, an HTTP PATCH request is submitted to the /roles/:role API endpoint to update the verbs array within the rules array for the global-event-admin role, resulting in an HTTP/1.1 200 OK response and the updated role definition.
We support JSON merge patches, so you must set the Content-Type header to application/merge-patch+json for PATCH requests.
curl -X PATCH \
-H "Authorization: Key $SENSU_API_KEY" \
-H 'Content-Type: application/merge-patch+json' \
-d '{
"rules": [
{
"verbs": [
"get",
"list"
],
"resources": [
"events"
],
"resource_names": null
}
]
}' \
http://127.0.0.1:8080/api/core/v2/namespaces/default/roles/event-readerAPI Specification
| /roles/:role (PATCH) | |
|---|---|
| description | Updates the specified Sensu role. |
| example URL | http://hostname:8080/api/core/v2/namespaces/default/roles/event-reader |
| payload | |
| response codes |
|
Delete a role
The /roles/:role API endpoint provides HTTP DELETE access to delete a role from Sensu (specified by the role name).
Example
The following example shows a request to the /roles/:role API endpoint to delete the role read-only, resulting in a successful HTTP/1.1 204 No Content response:
curl -X DELETE \
http://127.0.0.1:8080/api/core/v2/namespaces/default/roles/read-only \
-H "Authorization: Key $SENSU_API_KEY"API Specification
| /roles/:role (DELETE) | |
|---|---|
| description | Removes the specified role from Sensu. |
| example url | http://hostname:8080/api/core/v2/namespaces/default/roles/read-only |
| response codes |
|
Get a subset of roles with response filtering
The /roles API endpoint supports response filtering for a subset of role data based on labels and the following fields:
role.namerole.namespace
Example
The following example demonstrates a request to the /roles API endpoint with response filtering for only role definitions that are in the development namespace:
curl -H "Authorization: Key $SENSU_API_KEY" http://127.0.0.1:8080/api/core/v2/roles -G \
--data-urlencode 'fieldSelector=role.namespace == development'The example request will result in a successful HTTP/1.1 200 OK response and a JSON array that contains only role definitions in the development namespace:
[
{
"rules": [
{
"verbs": [
"get",
"list",
"create",
"update",
"delete"
],
"resources": [
"*"
],
"resource_names": null
}
],
"metadata": {
"name": "admin_role",
"namespace": "development",
"created_by": "admin"
}
},
{
"rules": [
{
"verbs": [
"get",
"list",
"create",
"update",
"delete"
],
"resources": [
"assets",
"checks",
"entities",
"events",
"filters",
"handlers",
"hooks",
"mutators",
"pipelines",
"rolebindings",
"roles",
"silenced"
],
"resource_names": null
}
],
"metadata": {
"name": "namespaced-resources-all-verbs",
"namespace": "development",
"created_by": "admin"
}
},
{
"rules": [
{
"verbs": [
"get",
"list"
],
"resources": [
"events"
],
"resource_names": null
}
],
"metadata": {
"name": "system:pipeline",
"namespace": "development"
}
}
]NOTE: Read API response filtering for more filter statement examples that demonstrate how to filter responses using different operators with label and field selectors.
API Specification
| /roles (GET) with response filters | |
|---|---|
| description | Returns the list of roles that match the response filters applied in the API request. |
| example url | http://hostname:8080/api/core/v2/roles |
| pagination | This endpoint supports pagination using the limit and continue query parameters. |
| response type | Array |
| response codes |
|
| output | |
