core/v2/roles
NOTE: Requests to core/v2/roles
API endpoints require you to authenticate with a Sensu API key or access token.
The code examples in this document use the environment variable $SENSU_API_KEY
to represent a valid API key in API requests.
Get all roles
The /roles
API endpoint provides HTTP GET access to role data.
Example
The following example demonstrates a GET request to the /roles
API endpoint:
curl -X GET \
http://127.0.0.1:8080/api/core/v2/namespaces/default/roles \
-H "Authorization: Key $SENSU_API_KEY"
The request results in a successful HTTP/1.1 200 OK
response and a JSON array that contains the role definitions in the default
namespace:
[
{
"rules": [
{
"verbs": [
"get",
"list"
],
"resources": [
"events"
],
"resource_names": null
}
],
"metadata": {
"name": "event-reader",
"namespace": "default",
:created_by": "admin"
}
},
{
"rules": [
{
"verbs": [
"get"
],
"resources": [
"*"
],
"resource_names": null
}
],
"metadata": {
"name": "read-only",
"namespace": "default",
"created_by": "admin"
}
}
]
API Specification
/roles (GET) | |
---|---|
description | Returns the list of roles. |
example url | http://hostname:8080/api/core/v2/namespaces/default/roles |
pagination | This endpoint supports pagination using the limit and continue query parameters. |
response filtering | This endpoint supports API response filtering. |
response type | Array |
response codes |
|
output |
|
Create a new role
The /roles
API endpoint provides HTTP POST access to create Sensu roles.
Example
In the following example, an HTTP POST request is submitted to the /roles
API endpoint to create a role named event-reader
:
curl -X POST \
-H "Authorization: Key $SENSU_API_KEY" \
-H 'Content-Type: application/json' \
-d '{
"rules": [
{
"verbs": [
"get",
"list"
],
"resources": [
"events"
],
"resource_names": []
}
],
"metadata": {
"name": "event-reader",
"namespace": "default"
}
}' \
http://127.0.0.1:8080/api/core/v2/namespaces/default/roles
The request will return a successful HTTP/1.1 201 Created
response.
API Specification
/roles (POST) | |
---|---|
description | Creates a Sensu role. |
example URL | http://hostname:8080/api/core/v2/namespaces/default/roles |
payload |
|
response codes |
|
Get a specific role
The /roles/:role
API endpoint provides HTTP GET access to role data for specific :role
definitions, by role name.
Example
The following example queries the /roles/:role
API endpoint for the :role
named read-only
:
curl -X GET \
http://127.0.0.1:8080/api/core/v2/namespaces/default/roles/read-only \
-H "Authorization: Key $SENSU_API_KEY"
The request will return a successful HTTP/1.1 200 OK
response and a JSON map that contains the requested :role
definition (in this example, read-only
):
{
"rules": [
{
"verbs": [
"read"
],
"resources": [
"*"
],
"resource_names": null
}
],
"metadata": {
"name": "read-only",
"namespace": "default",
"created_by": "admin"
}
}
API Specification
/roles/:role (GET) | |
---|---|
description | Returns the specified Sensu role. |
example url | http://hostname:8080/api/core/v2/namespaces/default/roles/read-only |
response type | Map |
response codes |
|
output |
|
Create or update a role
The /roles/:role
API endpoint provides HTTP PUT access to create or update specific :role
definitions, by role name.
Example
In the following example, an HTTP PUT request is submitted to the /roles/:role
API endpoint to create the role read-only
:
curl -X PUT \
-H "Authorization: Key $SENSU_API_KEY" \
-H 'Content-Type: application/json' \
-d '{
"rules": [
{
"verbs": [
"read"
],
"resources": [
"*"
],
"resource_names": null
}
],
"metadata": {
"name": "read-only",
"namespace": "default"
}
}' \
http://127.0.0.1:8080/api/core/v2/namespaces/default/roles/read-only
The request will return a successful HTTP/1.1 201 Created
response.
API Specification
/roles/:role (PUT) | |
---|---|
description | Creates or updates the specified Sensu role. |
example URL | http://hostname:8080/api/core/v2/namespaces/default/roles/event-reader |
payload |
|
response codes |
|
Update a role with PATCH
The /roles/:role
API endpoint provides HTTP PATCH access to update :role
definitions, specified by role name.
NOTE: You cannot change a resource’s name
or namespace
with a PATCH request.
Use a PUT request instead.
Also, you cannot add elements to an array with a PATCH request — you must replace the entire array.
Example
In the following example, an HTTP PATCH request is submitted to the /roles/:role
API endpoint to update the verbs array within the rules array for the global-event-admin
role, resulting in an HTTP/1.1 200 OK
response and the updated role definition.
We support JSON merge patches, so you must set the Content-Type
header to application/merge-patch+json
for PATCH requests.
curl -X PATCH \
-H "Authorization: Key $SENSU_API_KEY" \
-H 'Content-Type: application/merge-patch+json' \
-d '{
"rules": [
{
"verbs": [
"get",
"list"
],
"resources": [
"events"
],
"resource_names": null
}
]
}' \
http://127.0.0.1:8080/api/core/v2/namespaces/default/roles/event-reader
API Specification
/roles/:role (PATCH) | |
---|---|
description | Updates the specified Sensu role. |
example URL | http://hostname:8080/api/core/v2/namespaces/default/roles/event-reader |
payload |
|
response codes |
|
Delete a role
The /roles/:role
API endpoint provides HTTP DELETE access to delete a role from Sensu (specified by the role name).
Example
The following example shows a request to the /roles/:role
API endpoint to delete the role read-only
, resulting in a successful HTTP/1.1 204 No Content
response:
curl -X DELETE \
http://127.0.0.1:8080/api/core/v2/namespaces/default/roles/read-only \
-H "Authorization: Key $SENSU_API_KEY"
API Specification
/roles/:role (DELETE) | |
---|---|
description | Removes the specified role from Sensu. |
example url | http://hostname:8080/api/core/v2/namespaces/default/roles/read-only |
response codes |
|
Get a subset of roles with response filtering
The /roles
API endpoint supports response filtering for a subset of role data based on labels and the following fields:
role.name
role.namespace
Example
The following example demonstrates a request to the /roles
API endpoint with response filtering for only role definitions that are in the development
namespace:
curl -H "Authorization: Key $SENSU_API_KEY" http://127.0.0.1:8080/api/core/v2/roles -G \
--data-urlencode 'fieldSelector=role.namespace == development'
The example request will result in a successful HTTP/1.1 200 OK
response and a JSON array that contains only role definitions in the development
namespace:
[
{
"rules": [
{
"verbs": [
"get",
"list",
"create",
"update",
"delete"
],
"resources": [
"*"
],
"resource_names": null
}
],
"metadata": {
"name": "admin_role",
"namespace": "development",
"created_by": "admin"
}
},
{
"rules": [
{
"verbs": [
"get",
"list",
"create",
"update",
"delete"
],
"resources": [
"assets",
"checks",
"entities",
"events",
"filters",
"handlers",
"hooks",
"mutators",
"pipelines",
"rolebindings",
"roles",
"silenced"
],
"resource_names": null
}
],
"metadata": {
"name": "namespaced-resources-all-verbs",
"namespace": "development",
"created_by": "admin"
}
},
{
"rules": [
{
"verbs": [
"get",
"list"
],
"resources": [
"events"
],
"resource_names": null
}
],
"metadata": {
"name": "system:pipeline",
"namespace": "development"
}
}
]
NOTE: Read API response filtering for more filter statement examples that demonstrate how to filter responses using different operators with label and field selectors.
API Specification
/roles (GET) with response filters | |
---|---|
description | Returns the list of roles that match the response filters applied in the API request. |
example url | http://hostname:8080/api/core/v2/roles |
pagination | This endpoint supports pagination using the limit and continue query parameters. |
response type | Array |
response codes |
|
output |
|