Skip to main content
A newer release of this product is available.

Retrieve a role binding for a group associated with a user

Contributors
PDFs

GET /accounts/{account_id}/core/v1/users/{user_id}/groups/{group_id}/roleBindings/{roleBinding_id}

Returns the stored Role Binding API resource in the JSON response body. If the request is against /accounts/{account_id}/core/v1/users/{user_id}/roleBindings endpoint, only roleBinding resources where the user ID matches the user ID in the request URL will be permitted to be read. If the request is against /accounts/{account_id}/core/v1/groups/{group_id}/roleBindings, only roleBinding resources where the group ID matches the group ID in the request URL will be permitted to be read.

Parameters

Name Type In Required Description

account_id

string

path

True

ID of the containing account resource

  • example: {{.Account}}

user_id

string

path

True

ID of the containing user resource

group_id

string

path

True

ID of the containing group resource

roleBinding_id

string

path

True

ID of the roleBinding collection to list

Response

Status: 200

Returns the stored Role Binding API resource in the JSON response body. If the request is against /accounts/{account_id}/core/v1/users/{user_id}/roleBindings endpoint, only roleBinding resources where the user ID matches the user ID in the request URL will be permitted to be read. If the request is against /accounts/{account_id}/core/v1/groups/{group_id}/roleBindings, only roleBinding resources where the group ID matches the group ID in the request URL will be permitted to be read.

Name Type Required Description

type

string

True

Media type of the resource. Defined values are:

  • "application/astra-roleBinding"

version

string

True

Version of the resource. Defined values are:

  • "1.0"

  • "1.1"

id

string

True

Globally unique identifier of the resource. Defined values are:

  • Conforms to the UUIDv4 Schema

principalType

string

True

JSON string representing the type of the principal this binding is associated with. Defined values are:

  • "user"

  • "group" For principalType "user", a non-nil user ID is required. For principalType "group", a non-nil group ID is required.

userID

string

True

JSON string containing a user resource ID. Defined values are:

  • Conforms to the Astra Identifier Schema If not specified on create, a nil UUID will be used. Only userID or groupID can be specified on create.

groupID

string

True

JSON string containing a group resource ID. Defined values are:

  • Conforms to the Astra Identifier Schema If not specified on create, a nil UUID will be used. Only userID or groupID can be specified on create.

accountID

string

True

JSON string containing the ID of an account resource. For create, this must match the account ID in the request URI. Defined values are:

  • Conforms to the Astra Identifier Schema

role

string

True

JSON string containing one of the four defined roles. Defined values are:

  • "viewer"

  • "member"

  • "admin"

  • "owner"

roleConstraints

array[string]

False

JSON array of JSON strings specifying the scope of the role assignment. Defined values are:

  • Conforms to Astra Role Constraints Schema If not specified on create, the value will be set to an array of size 1 containing string "*" representing "full scope". If not specified on update, the value will be preserved without modification. An empty array represents "no scope". Examples:

  • = Allow access to any resource: "roleConstraints": ["*"]

  • = deny access to all resources: "roleConstraints": []

  • = Allow access to a specific namespace resource only: "roleConstraints": [ "namespaces:id='6fa2f917-f730-41b8-9c15-17f531843b31'" ]

  • = Allow access to a specific namespace and everything under it: "roleConstraints": [ "namespaces:id='6fa2f917-f730-41b8-9c15-17f531843b31'.*" ]

  • = Allow access to all namespaces labelled "dev" in any cluster in any cloud, and everything under them: "roleConstraints": [ "namespaces:kubernetesLabels='dev.example.com/appname=dev'.*" ]

  • = Allow access to all namespace resources only: "roleConstraints": [ "namespaces:*" ]

  • = Allow access to all namespace resources and everything under them: "roleConstraints": [ "namespaces:." ]

metadata

type_astra_metadata_update

True

Client and service-specified metadata associated with the resource. Defined values are:

  • Conforms to the Astra Metadata Schema If not specified on create, a metadata object will be created with no labels. If not specified on update, the metadata object's labels, creationTimestamp and createdBy, will be preserved without modification.
Example response 
{
  "type": "application/astra-roleBinding",
  "version": "1.1",
  "id": "a198f052-5cd7-59d3-9f27-9ea32a21fbca",
  "principalType": "user",
  "userID": "4c27d25a-9edb-4e85-9438-48dc8e917231",
  "groupID": "00000000-0000-0000-0000-000000000000",
  "accountID": "9fd87309-067f-48c9-a331-527796c14cf3",
  "role": "viewer",
  "roleConstraints": [
    "*"
  ],
  "metadata": {
    "labels": [],
    "creationTimestamp": "2022-10-06T20:58:16.305662Z",
    "modificationTimestamp": "2022-10-06T20:58:16.305662Z",
    "createdBy": "8f84cf09-8036-51e4-b579-bd30cb07b269"
  }
}

Response

Status: 401, Unauthorized
Name Type Required Description

type

string

True

title

string

True

detail

string

True

status

string

True

correlationID

string

False
Example response 
{
  "type": "https://astra.netapp.io/problems/3",
  "title": "Missing bearer token",
  "detail": "The request is missing the required bearer token.",
  "status": "401"
}

Response

Status: 400, Bad request
Name Type Required Description

type

string

True

title

string

True

detail

string

True

status

string

True

correlationID

string

False

invalidParams

array[invalidParams]

False

List of invalid query parameters
Example response 
{
  "type": "https://astra.netapp.io/problems/5",
  "title": "Invalid query parameters",
  "detail": "The supplied query parameters are invalid.",
  "status": "400"
}

Response

Status: 403, Forbidden
Name Type Required Description

type

string

True

title

string

True

detail

string

True

status

string

True

correlationID

string

False
Example response 
{
  "type": "https://astra.netapp.io/problems/11",
  "title": "Operation not permitted",
  "detail": "The requested operation isn't permitted.",
  "status": "403"
}

Error

Status: 404, Not found
Name Type Required Description

type

string

True

title

string

True

detail

string

True

status

string

True

correlationID

string

False
Example error response 
{
  "type": "https://astra.netapp.io/problems/2",
  "title": "Collection not found",
  "detail": "The collection specified in the request URI wasn't found.",
  "status": "404"
}

Definitions

See Definitions

type_astra_label

Name Type Required Description

name

string

True

value

string

True

type_astra_metadata_update

Client and service-specified metadata associated with the resource. Defined values are:

  • Conforms to the Astra Metadata Schema If not specified on create, a metadata object will be created with no labels. If not specified on update, the metadata object's labels, creationTimestamp and createdBy, will be preserved without modification.

Name Type Required Description

labels

array[type_astra_label]

False

creationTimestamp

string

False

modificationTimestamp

string

False

createdBy

string

False

modifiedBy

string

False

invalidParams

Name Type Required Description

name

string

True

Name of the invalid query parameter

reason

string

True

Reason why the query parameter is invalid
Close
Try it out

Sign in with your NetApp Cloud Central credentials.

Try this API

Parameters

Headers

Body

Code

Response