API Guide - Role

List roles

Fetches a list of roles in your Banyan organization.

Review the Role Spec Syntax for more information on the Role data structures.

HTTP Request

GET /security_roles

URL Parameters

N/A

Query Parameters

Parameter Format Description
RoleID String The ID of the Role to retrieve

Request Headers

Authorization: Bearer $AUTHTOKEN

Request Body

N/A

Status Codes and Errors

Value Description
200 OK

Response Headers

N/A

HTTP Response Body

[
  {
    "RoleID": "398ccd36-c4f8-4229-af4d-eb2caa12af4f",
    "RoleName": "kclient2",
    "RoleSpec": "{\n\t\"kind\": \"BanyanRole\",\n\t\"apiVersion\": \"rbac.banyanops.com/v1\",\n\t\"type\": \"attribute\",\n\t\"metadata\": {\n\t\t\"name\": \"kclient2\",\n\t\t\"description\": \"kafka client 2\"\n\t},\n\t\"spec\": {\n\t\t\"label_selector\": [\n\t\t\t{\n\t\t\t\t\"com.banyanops.client\": \"kclient2\"\n\t\t\t}\n\t\t]\n\t}\n}",
    "CreatedBy": "tarun+kubedemo@banyanops.com",
    "CreatedAt": 1493950047,
    "LastUpdatedBy": "tarun+kubedemo@banyanops.com",
    "LastUpdatedAt": 1493950047,
    "Description": "kafka client 2",
    "RoleType": "attribute",
    "RoleVersion": 0,
    "DeletedBy": "",
    "DeletedAt": "",
    "Enabled": "TRUE"
  },
  {
    "RoleID": "725912d2-6f8e-4df1-b73f-d8d3a2e99706",
    "RoleName": "NormalClientAttrRole",
    "RoleSpec": "{\n\t\"kind\": \"BanyanRole\",\n\t\"apiVersion\": \"rbac.banyanops.com/v1\",\n\t\"type\": \"attribute\",\n\t\"metadata\": {\n\t\t\"name\": \"NormalClientAttrRole\",\n\t\t\"description\": \"Normal attribute-based client role (without any super privileges)\"\n\t},\n\t\"spec\": {\n\t\t\"container_fqdn\": [\n\t\t\t\"k8s-cluster1.namespace2.apache2\",\n\t\t\t\"k8s-cluster1.namespace2.wordpress\"\n\t\t],\n\t\t\"image\": [\n\t\t\t\"registry.xyz.com/billing/apache:*\",\n\t\t\t\"registry.xyz.com/payment/wordpress:latest\"\n\t\t],\n\t\t\"_comment-label-spec1\": \"AND over selectors: selector1, selector2, ...; OR inside a selector: {'x':'aa*|*b|!c*', 'y':'cd'}\",\n\t\t\"_comment-label-spec2\": \"Wildcard (*) beginning or end of a selector; NOT (!): only at the beginning of selector\",\n\t\t\"label_selector\": [\n\t\t\t{\n\t\t\t\t\"com.banyanops.servicetype\": \"prod\"\n\t\t\t},\n\t\t\t{\n\t\t\t\t\"com.xyz.app\": \"!test-app\"\n\t\t\t},\n\t\t\t{\n\t\t\t\t\"com.banyanops.servicename\": \"clustername.ns1.frontend*|*apiserver\"\n\t\t\t},\n\t\t\t{\n\t\t\t\t\"com.xyz.projectid\": \"4456-6675\",\n\t\t\t\t\"com.xyz.groupid\": \"556675\"\n\t\t\t}\n\t\t],\n\t\t\"ips\": [\n\t\t\t\"10.20.30.0/24\",\n\t\t\t\"10.20.31.41/2\"\n\t\t]\n\t}\n}",
    "CreatedBy": "tarun+marko@banyanops.com",
    "CreatedAt": 1489063881,
    "LastUpdatedBy": "tarun+marko@banyanops.com",
    "LastUpdatedAt": 1495027145,
    "Description": "Normal attribute-based client role (without any super privileges)",
    "RoleType": "attribute",
    "RoleVersion": 1,
    "DeletedBy": "",
    "DeletedAt": "",
    "Enabled": "FALSE"
  }
]

Create a new role or update an existing role

HTTP Request

POST /insert_security_role

URL Parameters

N/A

Query Parameters

N/A

Request Headers

Authorization: Bearer $AUTHTOKEN, ContentType: application/json

Request Body

JSON string with the Role Spec

Sample JSON body:

{
   "kind": "BanyanRole",
   "apiVersion": "rbac.banyanops.com/v1",
   "type": "attribute",
   "metadata": {
      "name": "container-role",
      "description": "Attribute-based client role based on image and labels",
      "tags": {
        "template": "CUSTOM"
      }
   },
   "spec": {
      "repo_tag":[
         "registry.xyz.com/billing/apache:*",
      ],
      "label_selector":[
         {
            "appname":"frontend*"
         },
         {
            "com.banyanops.procname":"helloworld"
         },
      ]
   }
}

Status Codes and Errors

Value Description
200 OK
500 Internal Server Error
400 Bad Request

Response Headers

N/A

Response Body

If a Role with the name doesn’t already exist, a new Role is created and a RoleID is returned.

{
  "RoleID": "74300337-2123-490d-890f-29347777124e"
}

If a Role with the name does exist, it is updated.


Delete a role

HTTP Request

DELETE /delete_security_role

URL Parameters

N/A

Query Parameters

Parameter Format Description
RoleID String The ID of the Role to delete

Request Headers

Authorization: Bearer $AUTHTOKEN

Request Body

N/A

Status Codes and Errors

Value Description
200 OK

Response Headers

N/A

HTTP Response Body

N/A


Enables a security role

This end point enables a security role and then sends the notification to all Shields of its Organization.

HTTP Request

POST /enable_security_role?RoleID=R

URL Parameters

NA

Query Parameters

Parameter Format Description
RoleID String The ID of the role which needs to be enabled.

Request Headers

Authorization: Bearer $AUTHTOKEN

Request Body

NA

Status Codes and Errors

Value Description
200 OK
400 Bad request
401 Unauthorized
500 Internal Server Error

Response Headers

N/A

Response Body

{
    "Message": "Role 354033eb-9b59-4e85-9bde-b56f10201e22 enabled successfully"
}

Disables a security role

This endpoint disables a security role and then sends the notification to all Shields of its Organization.

HTTP Request

POST /disable_security_role?RoleID=R

URL Parameters

NA

Query Parameters

Parameter Format Description
RoleID String The ID of the role which needs to be disabled

Request Headers

Authorization: Bearer $AUTHTOKEN

Request Body

NA

Status Codes and Errors

Value Description
200 OK
400 Bad request
401 Unauthorized
500 Internal Server Error

Response Headers N/A

Response Body

{
    "Message": "Role 354033eb-9b59-4e85-9bde-b56f10201e22 disabled successfully"
}

Last modified: Jan 22, 2021