[Feature External Auth Principals management endpoints (#7539)

treeverse · Mar 17, 2024 · 34b172d · 34b172d
1 parent 348b37b
commit 34b172d
Show file tree

Hide file tree

Showing 107 changed files with 18,957 additions and 134 deletions.
diff --git a/api/authorization.yml b/api/authorization.yml
@@ -340,6 +340,29 @@ components:
           format: int64
           description: Unix Epoch in seconds
 
+    ExternalPrincipal:
+      type: object
+      required:
+        - user_id
+        - id
+      properties:
+        user_id:
+          type: string
+        id:
+          type: string
+    ExternalPrincipalList:
+      type: object
+      required:
+        - pagination
+        - results
+      properties:
+        pagination:
+          $ref: "#/components/schemas/Pagination"
+        results:
+          type: array
+          items:
+            $ref: "#/components/schemas/ExternalPrincipal"
+
 paths:
   /auth/users:
     get:
@@ -1079,7 +1102,101 @@ paths:
           $ref: "#/components/responses/Unauthorized"
         default:
           $ref: "#/components/responses/ServerError"
+  /auth/users/{userId}/external/principals:
+      parameters:
+        - in: path
+          name: userId
+          required: true
+          schema:
+            type: string
+      get:
+        tags:
+          - auth
+          - experimental
+        parameters:
+          - $ref: "#/components/parameters/PaginationPrefix"
+          - $ref: "#/components/parameters/PaginationAfter"
+          - $ref: "#/components/parameters/PaginationAmount"
+        operationId: listUserExternalPrincipals
+        summary: list external principals for user
+        responses:
+          200:
+            description: external principals
+            content:
+              application/json:
+                schema:
+                  $ref: "#/components/schemas/ExternalPrincipalList"
+          401:
+            $ref: "#/components/responses/Unauthorized"
+          404:
+            $ref: "#/components/responses/NotFound"
+          default:
+            $ref: "#/components/responses/ServerError"
 
+  /auth/users/{userId}/external/principals/{principalId}:
+    parameters:
+      - in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+      - in: path
+        name: principalId
+        required: true
+        schema:
+          type: string
+    post:
+      tags:
+        - auth
+        - experimental
+      operationId: createUserExternalPrincipal
+      summary: Create principal as external identity connected to lakeFS user
+      responses:
+        201:
+          description: external principal created successfully
+        401:
+          $ref: "#/components/responses/Unauthorized"
+        409:
+          $ref: "#/components/responses/Conflict"
+        420:
+          description: too many requests
+        default:
+          $ref: "#/components/responses/ServerError"
+    delete:
+        tags:
+            - auth
+            - experimental
+        operationId: deleteUserExternalPrincipal
+        summary: delete external principal from user's external principal list
+        responses:
+            204:
+              description: external principal deleted
+            401:
+              $ref: "#/components/responses/Unauthorized"
+            404:
+              $ref: "#/components/responses/NotFound"
+            default:
+              $ref: "#/components/responses/ServerError"
+    get:
+      tags:
+        - auth
+        - experimental
+      operationId: getUserExternalPrincipal
+      summary: get external principal
+      responses:
+        200:
+          description: external principal
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ExternalPrincipal"
+        401:
+          $ref: "#/components/responses/Unauthorized"
+        404:
+          $ref: "#/components/responses/NotFound"
+        default:
+          $ref: "#/components/responses/ServerError"
+
   /healthcheck:
     get:
       operationId: healthCheck

diff --git a/api/swagger.yml b/api/swagger.yml
@@ -1633,7 +1633,47 @@ components:
         - installation_id
         - reports
 
-
+    ExternalPrincipalList: 
+      type: object
+      required:
+        - pagination
+        - results
+      properties:
+        pagination:
+          $ref: "#/components/schemas/Pagination"
+        results:
+          type: array
+          items:
+            $ref: "#/components/schemas/ExternalPrincipal"
+    ExternalPrincipalSettings:
+      type: object
+      additionalProperties:
+        type: string
+      description: Additional settings to be consumed by the remote authenticator
+    ExternalPrincipalCreation:
+      type: object
+      properties:
+        settings:
+          type: object
+          items:
+            $ref: "#/components/schemas/ExternalPrincipalSettings"
+    ExternalPrincipal:
+      type: object
+      required:
+        - user_id
+        - id
+      properties:
+        id:
+          type: string
+          description: A unique identifier for the external principal i.e aws:sts::123:assumed-role/role-name
+        user_id:
+          type: string
+          description: |
+            lakeFS user ID to associate with an external principal.
+        settings:
+          type: object
+          items:
+            $ref: "#/components/schemas/ExternalPrincipalSettings"
 paths:
   /setup_comm_prefs:
     post:
@@ -2394,6 +2434,118 @@ paths:
         default:
           $ref: "#/components/responses/ServerError"
 
+  /auth/users/{userId}/external/principal/{principalId}:
+    parameters:
+      - in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+      - in: path
+        name: principalId
+        required: true
+        schema:
+          type: string
+    post:
+      tags:
+        - auth
+        - external
+        - experimental
+      operationId: createUserExternalPrincipal
+      summary: attach external principal to user
+      requestBody: 
+        required: true
+        content: 
+          application/json: 
+            schema: 
+              $ref: "#/components/schemas/ExternalPrincipalCreation"
+      responses:
+        201:
+          description: external principal attached successfully
+        401:
+          $ref: "#/components/responses/Unauthorized"
+        404:
+          $ref: "#/components/responses/NotFound"
+        409:
+          $ref: "#/components/responses/Conflict"
+        420:
+          description: too many requests
+        default:
+          $ref: "#/components/responses/ServerError"
+    delete:
+      tags:
+        - auth
+        - external
+        - experimental
+      operationId: deleteUserExternalPrincipal
+      summary: delete external principal from user
+      responses:
+        204:
+          description: external principal detached successfully
+        401:
+          $ref: "#/components/responses/Unauthorized"
+        404:
+          $ref: "#/components/responses/NotFound"
+        420:
+          description: too many requests
+        default:
+          $ref: "#/components/responses/ServerError"
+    get:
+      tags:
+        - auth
+        - external
+        - experimental
+      operationId: getUserExternalPrincipal
+      summary: get external principal of a user
+      responses:
+        200:
+          description: external principal
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ExternalPrincipal"
+        401:
+          $ref: "#/components/responses/Unauthorized"
+        404:
+          $ref: "#/components/responses/NotFound"
+        420:
+          description: too many requests
+        default:
+          $ref: "#/components/responses/ServerError"
+
+  /auth/users/{userId}/external/principals:
+    parameters:
+      - in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+    get:
+      tags:
+        - auth
+        - external
+        - experimental
+      parameters:
+        - $ref: "#/components/parameters/PaginationPrefix"
+        - $ref: "#/components/parameters/PaginationAfter"
+        - $ref: "#/components/parameters/PaginationAmount"
+      operationId: listUserExternalPrincipals
+      summary: list user external policies attached to a user
+      responses:
+        200:
+          description: external principals list
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ExternalPrincipalList"
+        401:
+          $ref: "#/components/responses/Unauthorized"
+        404:
+          $ref: "#/components/responses/NotFound"
+        420:
+          description: too many requests
+        default:
+          $ref: "#/components/responses/ServerError"
   /auth/groups/{groupId}/policies:
     parameters:
       - in: path
@@ -2523,7 +2675,7 @@ paths:
           description: too many requests
         default:
           $ref: "#/components/responses/ServerError"
-
+        
   /repositories:
     get:
       tags:

diff --git a/clients/java-legacy/.openapi-generator/FILES b/clients/java-legacy/.openapi-generator/FILES