core/v2/rolebindings
NOTE: Requests to core/v2/rolebindings API endpoints require you to authenticate with a Sensu API key or access token.
The code examples in this document use the environment variable $SENSU_API_KEY to represent a valid API key in API requests.
Get all role bindings
The /rolebindings API endpoint provides HTTP GET access to role binding data.
Example
The following example demonstrates a GET request to the /rolebindings API endpoint:
curl -X GET \
http://127.0.0.1:8080/api/core/v2/namespaces/default/rolebindings \
-H "Authorization: Key $SENSU_API_KEY"The request results in a successful HTTP/1.1 200 OK response and a JSON array that contains the role binding definitions in the default namespace:
[
{
"subjects": [
{
"type": "Group",
"name": "readers"
}
],
"role_ref": {
"type": "Role",
"name": "read-only"
},
"metadata": {
"name": "readers-group-binding",
"namespace": "default",
"created_by": "admin"
}
}
]API Specification
| /rolebindings (GET) | |
|---|---|
| description | Returns the list of role bindings. |
| example url | http://hostname:8080/api/core/v2/namespaces/default/rolebindings |
| pagination | This endpoint supports pagination using the limit and continue query parameters. |
| response filtering | This endpoint supports API response filtering. |
| response type | Array |
| response codes |
|
| output | |
Create a new role binding
The /rolebindings API endpoint provides HTTP POST access to create Sensu role bindings.
Example
In the following example, an HTTP POST request is submitted to the /rolebindings API endpoint to create a role binding named readers-group-binding:
curl -X POST \
-H "Authorization: Key $SENSU_API_KEY" \
-H 'Content-Type: application/json' \
-d '{
"subjects": [
{
"type": "Group",
"name": "readers"
}
],
"role_ref": {
"type": "Role",
"name": "read-only"
},
"metadata": {
"name": "readers-group-binding",
"namespace": "default"
}
}' \
http://127.0.0.1:8080/api/core/v2/namespaces/default/rolebindingsThe request will return a successful HTTP/1.1 201 Created response.
API Specification
| /rolebindings (POST) | |
|---|---|
| description | Creates a Sensu role binding. |
| example URL | http://hostname:8080/api/core/v2/namespaces/default/rolebindings |
| payload | |
| response codes |
|
Get a specific role binding
The /rolebindings/:rolebinding API endpoint provides HTTP GET access to role binding data for specific :rolebinding definitions, by role binding name.
Example
The following example queries the /rolebindings/:rolebinding API endpoint for the :rolebinding named readers-group-binding).
curl -X GET \
http://127.0.0.1:8080/api/core/v2/namespaces/default/rolebindings/readers-group-binding \
-H "Authorization: Key $SENSU_API_KEY"The request will return a successful HTTP/1.1 200 OK response and a JSON map that contains the requested :rolebinding definition (in this example, readers-group-binding):
{
"subjects": [
{
"type": "Group",
"name": "readers"
}
],
"role_ref": {
"type": "Role",
"name": "read-only"
},
"metadata": {
"name": "readers-group-binding",
"namespace": "default",
"created_by": "admin"
}
}API Specification
| /rolebindings/:rolebinding (GET) | |
|---|---|
| description | Returns the specified role binding. |
| example url | http://hostname:8080/api/core/v2/namespaces/default/rolebindings/readers-group-binding |
| response type | Map |
| response codes |
|
| output | |
Create or update a role binding
The /rolebindings/:rolebinding API endpoint provides HTTP PUT access to create or update role binding data for specific :rolebinding definitions, by role binding name.
Example
In the following example, an HTTP PUT request is submitted to the /rolebindings/:rolebinding API endpoint to create the role binding dev-binding:
curl -X PUT \
-H "Authorization: Key $SENSU_API_KEY" \
-H 'Content-Type: application/json' \
-d '{
"subjects": [
{
"type": "Group",
"name": "devs"
}
],
"role_ref": {
"type": "Role",
"name": "workflow-creator"
},
"metadata": {
"name": "dev-binding",
"namespace": "default"
}
}' \
http://127.0.0.1:8080/api/core/v2/namespaces/default/rolebindings/dev-bindingThe request will return a successful HTTP/1.1 201 Created response.
API Specification
| /rolebindings/:rolebinding (PUT) | |
|---|---|
| description | Creates or updates a Sensu role binding. |
| example URL | http://hostname:8080/api/core/v2/namespaces/default/rolebindings/dev-binding |
| payload | |
| response codes |
|
Update a role binding with PATCH
The /rolebindings/:rolebinding API endpoint provides HTTP PATCH access to update :rolebinding definitions, specified by role binding name.
NOTE: You cannot change a resource’s name or namespace with a PATCH request.
Use a PUT request instead.
Also, you cannot add elements to an array with a PATCH request — you must replace the entire array.
Example
In the following example, an HTTP PATCH request is submitted to the /rolebindings/:rolebinding API endpoint to add a group to the subjects array for the dev-binding role binding, resulting in an HTTP/1.1 200 OK response and the updated role binding definition.
We support JSON merge patches, so you must set the Content-Type header to application/merge-patch+json for PATCH requests.
curl -X PATCH \
-H "Authorization: Key $SENSU_API_KEY" \
-H 'Content-Type: application/merge-patch+json' \
-d '{
"subjects": [
{
"type": "Group",
"name": "dev_team_1"
},
{
"type": "Group",
"name": "dev_team_2"
}
]
}' \
http://127.0.0.1:8080/api/core/v2/namespaces/default/rolebindings/dev-bindingThe request will return a successful HTTP/1.1 201 Created response.
API Specification
| /rolebindings/:rolebinding (PATCH) | |
|---|---|
| description | Updates the specified Sensu role binding. |
| example URL | http://hostname:8080/api/core/v2/namespaces/default/rolebindings/dev-binding |
| payload | |
| response codes |
|
Delete a role binding
The /rolebindings/:rolebinding API endpoint provides HTTP DELETE access to delete a role binding from Sensu (specified by the role binding name).
Example
The following example shows a request to the /rolebindings/:rolebinding API endpoint to delete the role binding dev-binding, resulting in a successful HTTP/1.1 204 No Content response.
curl -X DELETE \
http://127.0.0.1:8080/api/core/v2/namespaces/default/rolebindings/dev-binding \
-H "Authorization: Key $SENSU_API_KEY"API Specification
| /rolebindings/:rolebinding (DELETE) | |
|---|---|
| description | Removes the specified role binding from Sensu. |
| example url | http://hostname:8080/api/core/v2/namespaces/default/rolebindings/dev-binding |
| response codes |
|
Get a subset of role bindings with response filtering
The /rolebindings API endpoint supports response filtering for a subset of role binding data based on labels and the following fields:
rolebinding.namerolebinding.namespacerolebinding.role_ref.namerolebinding.role_ref.type
Example
The following example demonstrates a request to the /rolebindings API endpoint with response filtering for only role binding definitions with event-reader as the rolebinding.role_ref.name:
curl -H "Authorization: Key $SENSU_API_KEY" http://127.0.0.1:8080/api/core/v2/rolebindings -G \
--data-urlencode 'fieldSelector="event-reader" in rolebinding.role_ref.name'The example request will result in a successful HTTP/1.1 200 OK response and a JSON array that contains only role binding definitions with event-reader as the rolebinding.role_ref.name:
[
{
"subjects": [
{
"type": "User",
"name": "ann"
},
{
"type": "User",
"name": "bonita"
},
{
"type": "Group",
"name": "admins"
},
{
"type": "Group",
"name": "read-events"
}
],
"role_ref": {
"type": "Role",
"name": "event-reader"
},
"metadata": {
"name": "event-reader-binding",
"namespace": "default",
"labels": {
"sensu.io/managed_by": "sensuctl"
},
"created_by": "admin"
}
}
]NOTE: Read API response filtering for more filter statement examples that demonstrate how to filter responses using different operators with label and field selectors.
API Specification
| /rolebindings (GET) with response filters | |
|---|---|
| description | Returns the list of role bindings that match the response filters applied in the API request. |
| example url | http://hostname:8080/api/core/v2/rolebindings |
| pagination | This endpoint supports pagination using the limit and continue query parameters. |
| response type | Array |
| response codes |
|
| output | |
