RBAC configuration

Type: object

Complete RBAC configuration

root auth

Authentication configuration

Type: object Default: "none"

The authentication configuration

root auth oneOf item 0
Type: enum (of string)

No authentication

Must be one of:

  • "none"
root auth oneOf item 1
Type: enum (of string)

Basic authentication

Must be one of:

  • "basic"
root auth oneOf item 2
Type: object

LDAP authentication

 No Additional Properties

root auth oneOf item 2 ldap
Type: object

root auth oneOf item 2 ldap base_search_dn
Type: string or null Default: null

Base search DN If not set, it will be derived from the server FQDN. This means that for a server ldap.test.example.com, the base search DN will be set to dc=example,dc=com.

root auth oneOf item 2 ldap server_fqdn
Type: string

LDAP server FQDN

root auth oneOf item 2 ldap tls_no_verify
Type: boolean Default: false

Skip TLS certificate verification

root auth oneOf item 2 ldap use_ssl
Type: boolean Default: false

Use SSL/TLS for LDAP connection

root policies
Type: array Default: []

Policies available in the system

All items must be unique

No Additional Items

Each item of this array must be:

root policies Policy

Policy

Type: object

Policy definition

root policies Policy description
Type: string Default: ""

Description of the policy

root policies Policy name
Type: string

Policy name

root policies Policy resources
Type: array

List of resources and their access types

All items must be unique

No Additional Items

Each item of this array must be:

root policies Policy resources Policy resource

Policy resource

Type: object

Resource definition for a policy

root policies Policy resources Policy resource access
Type: array

Allowed access types

All items must be unique

No Additional Items

Each item of this array must be:

root policies Policy resources Policy resource access Access type

Access type

Type: object

Access types for resources in a policy

root policies Policy resources Policy resource access Access type oneOf item 0
Type: enum (of string)

Read access, this also maps to GET requests

Must be one of:

  • "READ"
root policies Policy resources Policy resource access Access type oneOf item 1
Type: enum (of string)

Write access, this also maps to PUT and PATCH requests

Must be one of:

  • "WRITE"
root policies Policy resources Policy resource access Access type oneOf item 2
Type: enum (of string)

Execute access, this also maps to POST requests

Must be one of:

  • "EXECUTE"

root policies Policy resources Policy resource description
Type: string Default: ""

Description of the resource

root policies Policy resources Policy resource resource
Type: object

Resource path (e.g., /plugins/instances/**)

This fields support the following wildcards: - * matches any single path segment (e.g., /plugins/*/instances matches /plugins/abc/instances) - ** matches any number of path segments, including none (e.g., /plugins/** matches /plugins/, /plugins/abc, /plugins/abc/def, etc.)

root roles
Type: array Default: []

Roles available in the system

All items must be unique

No Additional Items

Each item of this array must be:

root roles Role

Role

Type: object

Role definition

root roles Role name
Type: string

Role name

root roles Role policies
Type: array of string

List of policy names assigned to this role

All items must be unique

No Additional Items

Each item of this array must be:

root roles Role policies policies items
Type: string