vapi metadata privilege: component data

The component_data structure contains the privilege information of the component along with its fingerprint.

Representation:

{
    "fingerprint""string",
    "info"{
        "packages"{
            "obj-103"{
                "privileges"[
                    "string",
                    "string"
                ],
                "services"{
                    "obj-103"{
                        "operations"{
                            "obj-103"{
                                "privileges"[
                                    "string",
                                    "string"
                                ],
                                "privilege_info"[
                                    {
                                        "privileges"[
                                            "string",
                                            "string"
                                        ],
                                        "property_path""string"
                                    },
                                    {
                                        "privileges"[
                                            "string",
                                            "string"
                                        ],
                                        "property_path""string"
                                    }
                                ]
                            }
                        }
                    }
                }
            }
        }
    }
}
{
    "fingerprint""string",
    "info"{
        "packages"[
            {
                "value"{
                    "privileges"[
                        "string",
                        "string"
                    ],
                    "services"[
                        {
                            "value"{
                                "operations"[
                                    {
                                        "value"{
                                            "privileges"[
                                                "string",
                                                "string"
                                            ],
                                            "privilege_info"[
                                                {
                                                    "privileges"[
                                                        "string",
                                                        "string"
                                                    ],
                                                    "property_path""string"
                                                },
                                                {
                                                    "privileges"[
                                                        "string",
                                                        "string"
                                                    ],
                                                    "property_path""string"
                                                }
                                            ]
                                        },
                                        "key""obj-103"
                                    }
                                ]
                            },
                            "key""obj-103"
                        }
                    ]
                },
                "key""obj-103"
            }
        ]
    }
}

Attributes:

Name Type Description
Required
-.info component_info Privilege information of the component. This includes information about all the API in the component.

-.info.packages object Privilege information of all the package elements. The key in the key/value pairs is the identifier of the package element and the value in the key/value pairs is the privilege information for the package element.

For an explanation of privilege information containment within package elements, see vapi.metadata.privilege.package.

When clients pass a value of this structure as a parameter, the key in the field key/value pairs must be an identifier for the resource type: com.vmware.vapi.package. When operations return a value of this structure as a result, the key in the field key/value pairs will be an identifier for the resource type: com.vmware.vapi.package.Object with element values of type package_info.

-.info.packages.* package_info
-.info.packages.*.privileges string[] List of default privileges to be used for all the operations present in this package. If a particular operation element has no explicit privileges defined in the privilege definition file, these privileges are used for enforcing authorization.

-.info.packages.*.services object Information about all service elements contained in this package element that contain privilege information. The key in the key/value pairs is the identifier of the service element and the value in the key/value pairs is the privilege information for the service element. For an explanation of privilege information containment within service elements, see vapi.metadata.privilege.service.

When clients pass a value of this structure as a parameter, the key in the field key/value pairs must be an identifier for the resource type: com.vmware.vapi.service. When operations return a value of this structure as a result, the key in the field key/value pairs will be an identifier for the resource type: com.vmware.vapi.service.Object with element values of type service_info.

-.info.packages.*.services.* service_info
-.info.packages.*.services.*.operations object Information about all operation elements contained in this service element that contain privilege information. The key in the key/value pairs is the identifier of the operation element and the value in the key/value pairs is the privilege information for the operation element.

For an explanation of containment of privilege information within operation elements, see vapi.metadata.privilege.service.operation.

When clients pass a value of this structure as a parameter, the key in the field key/value pairs must be an identifier for the resource type: com.vmware.vapi.operation. When operations return a value of this structure as a result, the key in the field key/value pairs will be an identifier for the resource type: com.vmware.vapi.operation.Object with element values of type operation_info.

-.info.packages.*.services.*.operations.* operation_info
-.info.packages.*.services.*.operations.*.privileges string[] List of all privileges assigned to the operation element.

-.info.packages.*.services.*.operations.*.privilege_info privilege_info[] Privilege information of all the parameter elements of the operation element. For an explanation of containment of privilege information within parameter elements, see vapi.metadata.privilege.privilege_info.

-.info.packages.*.services.*.operations.*.privilege_info[].property_path string The property_path points to an entity that is used in the operation element. An entity can either be present in one of the parameter elements or if a parameter is a structure element, it could also be present in one of the field elements.

If the privilege is assigned to an entity used in the parameter, property_path will just contain the name of the parameter field. If the privilege is assigned to an entity in one of the field elements of a parameter element that is a structure element, then property_path will contain a path to the field element starting from the parameter name.

-.info.packages.*.services.*.operations.*.privilege_info[].privileges string[] List of privileges assigned to the entity that is being referred by vapi.metadata.privilege.privilege_info.property_path.

-.fingerprint string Fingerprint of the metadata of the component.

Privilege information could change when there is an infrastructure update. Since the data present in vapi.metadata.privilege.component_data.info could be quite large, fingerprint provides a convenient way to check if the data for a particular component is updated.

You should store the fingerprint associated with a component. After an update, by invoking the fingerprint operation, you can retrieve the new fingerprint for the component. If the new fingerprint and the previously stored fingerprint do not match, clients can then use the get to retrieve the new privilege information for the component.