github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/website/content/api-docs/acl/roles.mdx (about) 1 --- 2 layout: api 3 page_title: ACL Roles - HTTP API 4 description: The /acl/roles endpoints are used to configure and manage ACL roles. 5 --- 6 7 # ACL Roles HTTP API 8 9 The `/acl/roles` and `/acl/role/` endpoints are used to manage ACL Roles. 10 11 ## Create Role 12 13 This endpoint creates an ACL Role. The request is always forwarded to the 14 authoritative region. 15 16 | Method | Path | Produces | 17 | ------ | ----------- | ------------------ | 18 | `POST` | `/acl/role` | `application/json` | 19 20 The table below shows this endpoint's support for 21 [blocking queries](/api-docs#blocking-queries) and 22 [required ACLs](/api-docs#acls). 23 24 | Blocking Queries | ACL Required | 25 | ---------------- | ------------ | 26 | `NO` | `management` | 27 28 ### Parameters 29 30 - `Name` `(string: <required>)` - Specifies the human-readable name of the ACL 31 Role. The name can contain alphanumeric characters, dashes, and underscores. 32 This name must be unique and must not exceed 128 characters. 33 34 - `Description` `(string: <optional>)` - A free form human-readable description 35 of the ACL Role. It must not exceed 256 characters. 36 37 - `Policies` `(array<ACLRolePolicyLink>)` The list of policies that should be 38 applied to the role. An `ACLRolePolicyLink` is an object with a `"Name"` field 39 to specify a policy. 40 41 ### Sample Payload 42 43 ```json 44 { 45 "Name": "example-acl-role", 46 "Description": "my example ACL Role", 47 "Policies": [ 48 { 49 "Name": "example-acl-policy" 50 } 51 ] 52 } 53 ``` 54 55 ### Sample Request 56 57 ```shell-session 58 $ curl \ 59 --request POST \ 60 --header "X-Nomad-Token: <NOMAD_TOKEN_SECRET_ID>" \ 61 --data @payload.json \ 62 https://localhost:4646/v1/acl/role 63 ``` 64 65 ### Sample Response 66 67 ```json 68 { 69 "CreateIndex": 26, 70 "Description": "my example ACL Role", 71 "ID": "77c50812-fcdd-701b-9f1a-6cf55387b09d", 72 "ModifyIndex": 26, 73 "Name": "example-acl-role", 74 "Policies": [ 75 { 76 "Name": "example-acl-policy" 77 } 78 ] 79 } 80 ``` 81 82 ## Update Token 83 84 This endpoint updates an existing ACL Role. The request is always forwarded to the 85 authoritative region. 86 87 | Method | Path | Produces | 88 | ------ | -------------------- | ------------------ | 89 | `POST` | `/acl/role/:role_id` | `application/json` | 90 91 The table below shows this endpoint's support for 92 [blocking queries](/api-docs#blocking-queries) and 93 [required ACLs](/api-docs#acls). 94 95 | Blocking Queries | ACL Required | 96 | ---------------- | ------------ | 97 | `NO` | `management` | 98 99 ### Parameters 100 101 - `ID` `(string: <required>)` - Specifies the ACL Role, by ID, that is being 102 updated. Must match payload body and request path. 103 104 - `Name` `(string: <required>)` - Specifies the human-readable name of the ACL 105 Role. The name can contain alphanumeric characters, dashes, and underscores. 106 This name must be unique a must not exceed 128 characters. 107 108 - `Description` `(string: <optional>)` - A free form human-readable description 109 of the ACL Role. It must not exceed 256 characters. 110 111 - `Policies` `(array<ACLRolePolicyLink>)` The list of policies that should be 112 applied to the role. An `ACLRolePolicyLink` is an object with a `"Name"` field 113 to specify a policy. 114 115 ### Sample Payload 116 117 ```json 118 { 119 "ID": "77c50812-fcdd-701b-9f1a-6cf55387b09d", 120 "Name": "example-acl-role", 121 "Description": "my example ACL Role", 122 "Policies": [ 123 { 124 "Name": "example-acl-policy" 125 } 126 ] 127 } 128 ``` 129 130 ### Sample Request 131 132 ```shell-session 133 $ curl \ 134 --request POST \ 135 --header "X-Nomad-Token: <NOMAD_TOKEN_SECRET_ID>" \ 136 --data @payload.json \ 137 https://localhost:4646/v1/acl/role/77c50812-fcdd-701b-9f1a-6cf55387b09d 138 ``` 139 140 ### Sample Response 141 142 ```json 143 { 144 "CreateIndex": 26, 145 "Description": "my example ACL Role", 146 "ID": "77c50812-fcdd-701b-9f1a-6cf55387b09d", 147 "ModifyIndex": 26, 148 "Name": "example-acl-role", 149 "Policies": [ 150 { 151 "Name": "example-acl-policy" 152 } 153 ] 154 } 155 ``` 156 157 ## List Roles 158 159 This endpoint lists all ACL Roles. This lists the roles that have been replicated 160 to the region, and may lag behind the authoritative region. 161 162 | Method | Path | Produces | 163 | ------ | ------------ | ------------------ | 164 | `GET` | `/acl/roles` | `application/json` | 165 166 The table below shows this endpoint's support for 167 [blocking queries](/api-docs#blocking-queries), 168 [consistency modes](/api-docs#consistency-modes) and 169 [required ACLs](/api-docs#acls). 170 171 | Blocking Queries | Consistency Modes | ACL Required | 172 | ---------------- | ----------------- | -------------------------------------------------------------------------------------------------------------------------- | 173 | `YES` | `all` | `management` for all roles.<br />Output when given a non-management token will be limited to the roles on the token itself | 174 175 ### Parameters 176 177 - `prefix` `(string: "")` - Specifies a string to filter ACL Roles based on an 178 ID prefix. This is specified as a query string parameter. Because the value 179 is decoded to bytes, the prefix must have an even number of hexadecimal 180 characters (`0-9a-f`). 181 182 ### Sample Request 183 184 ```shell-session 185 $ curl \ 186 --header "X-Nomad-Token: <NOMAD_TOKEN_SECRET_ID>" \ 187 https://localhost:4646/v1/acl/roles 188 ``` 189 190 ```shell-session 191 $ curl \ 192 --header "X-Nomad-Token: <NOMAD_TOKEN_SECRET_ID>" \ 193 https://localhost:4646/v1/acl/roles?prefix=25ba81 194 ``` 195 196 ### Sample Response 197 198 ```json 199 [ 200 { 201 "CreateIndex": 26, 202 "Description": "my example ACL Role", 203 "ID": "77c50812-fcdd-701b-9f1a-6cf55387b09d", 204 "ModifyIndex": 26, 205 "Name": "example-acl-role", 206 "Policies": [ 207 { 208 "Name": "example-acl-policy" 209 } 210 ] 211 } 212 ] 213 ``` 214 215 ## Read Role by ID 216 217 This endpoint reads an ACL Role with the given ID. This queries the role that 218 has been replicated to the region, and may lag behind the authoritative region. 219 220 | Method | Path | Produces | 221 | ------ | -------------------- | ------------------ | 222 | `GET` | `/acl/role/:role_id` | `application/json` | 223 224 The table below shows this endpoint's support for 225 [blocking queries](/api-docs#blocking-queries), 226 [consistency modes](/api-docs#consistency-modes) and 227 [required ACLs](/api-docs#acls). 228 229 | Blocking Queries | Consistency Modes | ACL Required | 230 | ---------------- | ----------------- | ----------------------------------------- | 231 | `YES` | `all` | `management` or token with access to role | 232 233 ### Parameters 234 235 - `:role_id` `(string: <required>)` - Specifies the ID of the ACL Role. This is 236 specified as part of the path. 237 238 ### Sample Request 239 240 ```shell-session 241 $ curl \ 242 --header "X-Nomad-Token: <NOMAD_TOKEN_SECRET_ID>" \ 243 https://localhost:4646/v1/acl/role/77c50812-fcdd-701b-9f1a-6cf55387b09d 244 ``` 245 246 ### Sample Response 247 248 ```json 249 { 250 "CreateIndex": 26, 251 "Description": "my example ACL Role", 252 "ID": "77c50812-fcdd-701b-9f1a-6cf55387b09d", 253 "ModifyIndex": 26, 254 "Name": "example-acl-role", 255 "Policies": [ 256 { 257 "Name": "example-acl-policy" 258 } 259 ] 260 } 261 ``` 262 263 ## Read Role by Name 264 265 This endpoint reads an ACL Role with the given name. This queries the role that 266 has been replicated to the region, and may lag behind the authoritative region. 267 268 | Method | Path | Produces | 269 | ------ | --------------------------- | ------------------ | 270 | `GET` | `/acl/role/name/:role_name` | `application/json` | 271 272 The table below shows this endpoint's support for 273 [blocking queries](/api-docs#blocking-queries), 274 [consistency modes](/api-docs#consistency-modes) and 275 [required ACLs](/api-docs#acls). 276 277 | Blocking Queries | Consistency Modes | ACL Required | 278 | ---------------- | ----------------- | ----------------------------------------- | 279 | `YES` | `all` | `management` or token with access to role | 280 281 ### Parameters 282 283 - `:role_name` `(string: <required>)` - Specifies the Name of the ACL Role. This is 284 specified as part of the path. 285 286 ### Sample Request 287 288 ```shell-session 289 $ curl \ 290 --header "X-Nomad-Token: <NOMAD_TOKEN_SECRET_ID>" \ 291 https://localhost:4646/v1/acl/role/name/example-acl-role 292 ``` 293 294 ### Sample Response 295 296 ```json 297 { 298 "CreateIndex": 26, 299 "Description": "my example ACL Role", 300 "ID": "77c50812-fcdd-701b-9f1a-6cf55387b09d", 301 "ModifyIndex": 26, 302 "Name": "example-acl-role", 303 "Policies": [ 304 { 305 "Name": "example-acl-policy" 306 } 307 ] 308 } 309 ``` 310 311 ## Delete Role 312 313 This endpoint deletes the ACL role as identified by the ID. This request is 314 always forwarded to the authoritative region. 315 316 | Method | Path | Produces | 317 | -------- | -------------------- | -------------- | 318 | `DELETE` | `/acl/role/:role_id` | `(empty body)` | 319 320 The table below shows this endpoint's support for 321 [blocking queries](/api-docs#blocking-queries) and 322 [required ACLs](/api-docs#acls). 323 324 | Blocking Queries | ACL Required | 325 | ---------------- | ------------ | 326 | `NO` | `management` | 327 328 ### Parameters 329 330 - `role_id` `(string: <required>)` - Specifies the ID of role to delete and is 331 specified as part of the path. 332 333 ### Sample Request 334 335 ```shell-session 336 $ curl \ 337 --request DELETE \ 338 --header "X-Nomad-Token: <NOMAD_TOKEN_SECRET_ID>" \ 339 https://localhost:4646/v1/acl/role/77c50812-fcdd-701b-9f1a-6cf55387b09d 340 ```