openapi: 3.0.0
info:
  title: Rbac Authorization Roles APIs.
  description: Rbac Authorization Roles APIs.
  termsOfService: https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/product/vmware-product-guide.pdf
  contact:
    name: VMware
  license:
    name: Copyright (c) 2020-2021 VMware, Inc. All rights reserved.
  version: "1.0"
servers:
- url: /admin/hybridity/api/authz/rbac
tags:
- name: RbacRoles
  description: Rbac Authorization Roles Apis
paths:
  /roles/query:
    post:
      tags:
      - RbacRoles
      summary: Query Rbac authorization roles
      description: Query Rbac authorization roles
      operationId: getRolesByFilter
      requestBody:
        description: Filter object.
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/filter'
        required: true
      responses:
        "200":
          description: Successfully retrived requested roles.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/roleList'
        "401":
          description: Unauthorized
        "403":
          description: Forbidden
        "404":
          description: Role not found
        "400":
          description: Bad Request
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/errorResponse'
        "500":
          description: Internal Server Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/errorResponse'
  /roles:
    post:
      tags:
      - RbacRoles
      summary: Create Rbac authorization role.
      description: Create Rbac authorization role.
      operationId: createAuthorizationRole
      requestBody:
        description: request payload.
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/role'
        required: true
      responses:
        "200":
          description: Successfully retrived requested roles.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/role'
        "401":
          description: Unauthorized
        "403":
          description: Forbidden
        "404":
          description: Role not found
        "400":
          description: Bad Request
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/errorResponse'
        "500":
          description: Internal Server Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/errorResponse'
  /roles/{roleId}:
    put:
      tags:
      - RbacRoles
      summary: Update Rbac authorization role.
      description: Update Rbac authorization role.
      operationId: updateAuthorizationRole
      parameters:
      - name: roleId
        in: path
        description: role ID
        required: true
        style: simple
        explode: false
        schema:
          type: string
      requestBody:
        description: request payload.
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/role'
        required: true
      responses:
        "200":
          description: Successfully retrived requested roles.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/role'
        "401":
          description: Unauthorized
        "403":
          description: Forbidden
        "404":
          description: Role not found
        "400":
          description: Bad Request
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/errorResponse'
        "500":
          description: Internal Server Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/errorResponse'
    delete:
      tags:
      - RbacRoles
      summary: Delete Rbac authorization role.
      description: Delete Rbac authorization role.
      operationId: deleteAuthorizationRole
      parameters:
      - name: roleId
        in: path
        description: role ID
        required: true
        style: simple
        explode: false
        schema:
          type: string
      responses:
        "200":
          $ref: '#/components/schemas/role'
        "400":
          $ref: '#/components/schemas/errorResponse'
        "401":
          description: Unauthorized
        "403":
          description: Forbidden
        "404":
          description: Not Found
        "500":
          $ref: '#/components/schemas/errorResponse'
components:
  schemas:
    role:
      type: object
      properties:
        id:
          type: string
        name:
          type: string
        creationDate:
          type: string
        description:
          type: string
        isDefault:
          type: boolean
          default: false
        privileges:
          type: array
          items:
            type: string
            enum:
            - SYSTEM ADMIN
            - ROLE ADMIN
            - SYSTEM AUDIT
            - VIRTUAL INFRASTRUCTURE ADMIN
            - VIRTUAL INFRASTRUCTURE AUDIT
            - VIRTUAL INFRASTRUCTURE CONSUME
            - NETWORK FUNCTION CATALOG DESIGN
            - NETWORK FUNCTION CATALOG READ
            - NETWORK FUNCTION CATALOG INSTANTIATE
            - NETWORK FUNCTION INSTANCE READ
            - NETWORK FUNCTION INSTANCE LIFECYCLE MANAGEMENT
            - NETWORK SERVICE CATALOG DESIGN
            - NETWORK SERVICE CATALOG READ
            - NETWORK SERVICE CATALOG INSTANTIATE
            - NETWORK SERVICE INSTANCE READ
            - NETWORK SERVICE INSTANCE LIFECYCLE MANAGEMENT
            - PARTNER SYSTEM READ
            - PARTNER SYSTEM ADMIN
            - ROLE AUDIT
            - INFRASTRUCTURE DESIGN
            - INFRASTRUCTURE LIFECYCLE MANAGEMENT
    roleList:
      type: object
      properties:
        items:
          type: array
          items:
            $ref: ./components/schemas/role.yaml
    filter:
      type: object
      properties:
        filter:
          $ref: '#/components/schemas/filter_filter'
    errorResponse:
      type: object
      properties:
        errors:
          type: array
          items:
            $ref: ../../../api-common/swagger/1.0/components/schemas/error.yaml
    filter_filter:
      type: object
      properties:
        id:
          type: array
          items:
            type: string
        roleId:
          type: array
          items:
            type: string
  parameters:
    roleIdParam:
      name: roleId
      in: path
      description: role ID
      required: true
      style: simple
      explode: false
      schema:
        type: string
  securitySchemes:
    x-hm-authorization:
      type: apiKey
      description: Obtained from /hybridity/api/session
      name: x-hm-authorization
      in: header