core/v2/clusterroles

NOTE: Requests to core/v2/clusterroles API endpoints require you to authenticate with a Sensu API key or access token. The code examples in this document use the environment variable $SENSU_API_KEY to represent a valid API key in API requests.

Get all cluster roles

The /clusterroles API endpoint provides HTTP GET access to cluster role data.

Example

The following example demonstrates a GET request to the /clusterroles API endpoint:

curl -X GET \
http://127.0.0.1:8080/api/core/v2/clusterroles \
-H "Authorization: Key $SENSU_API_KEY"

The request results in a successful HTTP/1.1 200 OK response and a JSON array that contains the cluster role definitions:

[
  {
    "rules": [
      {
        "verbs": [
          "*"
        ],
        "resources": [
          "assets",
          "checks",
          "entities",
          "extensions",
          "events",
          "filters",
          "handlers",
          "hooks",
          "mutators",
          "silenced",
          "roles",
          "rolebindings"
        ],
        "resource_names": null
      },
      {
        "verbs": [
          "get",
          "list"
        ],
        "resources": [
          "namespaces"
        ],
        "resource_names": null
      }
    ],
    "metadata": {
      "name": "admin"
    }
  },
  {
    "rules": [
      {
        "verbs": [
          "*"
        ],
        "resources": [
          "*"
        ],
        "resource_names": null
      }
    ],
    "metadata": {
      "name": "cluster-admin",
      "created_by": "admin"
    }
  }
]

API Specification

/clusterroles (GET)
description Returns the list of cluster roles.
example url http://hostname:8080/api/core/v2/clusterroles
pagination This endpoint supports pagination using the limit and continue query parameters.
response filtering This endpoint supports API response filtering.
response type Array
response codes
  • Success: 200 (OK)
  • Error: 500 (Internal Server Error)
output
[
  {
    "rules": [
      {
        "verbs": [
          "*"
        ],
        "resources": [
          "assets",
          "checks",
          "entities",
          "extensions",
          "events",
          "filters",
          "handlers",
          "hooks",
          "mutators",
          "silenced",
          "roles",
          "rolebindings"
        ],
        "resource_names": null
      },
      {
        "verbs": [
          "get",
          "list"
        ],
        "resources": [
          "namespaces"
        ],
        "resource_names": null
      }
    ],
    "metadata": {
      "name": "admin"
    }
  },
  {
    "rules": [
      {
        "verbs": [
          "*"
        ],
        "resources": [
          "*"
        ],
        "resource_names": null
      }
    ],
    "metadata": {
      "name": "cluster-admin",
      "created_by": "admin"
    }
  }
]

Create a new cluster role

The /clusterroles API endpoint provides HTTP POST access to create a cluster role.

Example

In the following example, an HTTP POST request is submitted to the /clusterroles API endpoint to create a global-event-reader cluster role. The request includes the cluster role definition in the request body:

curl -X POST \
-H "Authorization: Key $SENSU_API_KEY" \
-H 'Content-Type: application/json' \
-d '{
  "metadata": {
    "name": "global-event-reader"
  },
  "rules": [
    {
      "verbs": [
        "get",
        "list"
      ],
      "resources": [
        "events"
      ],
      "resource_names": null
    }
  ]
}' \
http://127.0.0.1:8080/api/core/v2/clusterroles

The request will return a successful HTTP/1.1 201 Created response.

API Specification

/clusterroles (POST)
description Creates a Sensu cluster role.
example URL http://hostname:8080/api/core/v2/clusterroles
payload
{
  "metadata": {
    "name": "global-event-reader"
  },
  "rules": [
    {
      "verbs": [
        "get",
        "list"
      ],
      "resources": [
        "events"
      ],
      "resource_names": null
    }
  ]
}
response codes
  • Success: 201 (Created)
  • Malformed: 400 (Bad Request)
  • Error: 500 (Internal Server Error)

Get a specific cluster role

The /clusterroles/:clusterrole API endpoint provides HTTP GET access to cluster role data for specific :clusterrole definitions, by cluster role name.

Example

The following example queries the /clusterroles/:clusterrole API endpoint for the :clusterrole named global-event-reader:

curl -X GET \
http://127.0.0.1:8080/api/core/v2/clusterroles/global-event-reader \
-H "Authorization: Key $SENSU_API_KEY"

The request will return a successful HTTP/1.1 200 OK response and a JSON map that contains the requested :clusterrole definition (in this example, global-event-reader):

{
  "metadata": {
    "name": "global-event-reader",
    "created_by": "admin"
  },
  "rules": [
    {
      "verbs": [
        "get",
        "list"
      ],
      "resources": [
        "events"
      ],
      "resource_names": null
    }
  ]
}

API Specification

/clusterroles/:clusterrole (GET)
description Returns the specified cluster role.
example url http://hostname:8080/api/core/v2/clusterroles/global-event-reader
response type Map
response codes
  • Success: 200 (OK)
  • Missing: 404 (Not Found)
  • Error: 500 (Internal Server Error)
output
{
  "metadata": {
    "name": "global-event-reader",
    "created_by": "admin"
  },
  "rules": [
    {
      "verbs": [
        "get",
        "list"
      ],
      "resources": [
        "events"
      ],
      "resource_names": null
    }
  ]
}

Create or update a cluster role

The /clusterroles/:clusterrole API endpoint provides HTTP PUT access to create or update a cluster role, by cluster role name.

Example

In the following example, an HTTP PUT request is submitted to the /clusterroles/:clusterrole API endpoint to update the global-event-reader cluster role by adding "checks" to the resources:

curl -X PUT \
-H "Authorization: Key $SENSU_API_KEY" \
-H 'Content-Type: application/json' \
-d '{
  "metadata": {
    "name": "global-event-reader"
  },
  "rules": [
    {
      "verbs": [
        "get",
        "list"
      ],
      "resources": [
        "checks",
        "events"
      ],
      "resource_names": null
    }
  ]
}' \
http://127.0.0.1:8080/api/core/v2/clusterroles

The request will return a successful HTTP/1.1 201 Created response.

API Specification

/clusterroles/:clusterrole (PUT)
description Creates or updates the specified Sensu cluster role.
example URL http://hostname:8080/api/core/v2/clusterroles/global-event-reader
payload
{
  "metadata": {
    "name": "global-event-reader"
  },
  "rules": [
    {
      "verbs": [
        "get",
        "list"
      ],
      "resources": [
        "events"
      ],
      "resource_names": null
    }
  ]
}
response codes
  • Success: 201 (Created)
  • Malformed: 400 (Bad Request)
  • Error: 500 (Internal Server Error)

Update a cluster role with PATCH

The /clusterroles/:clusterrole API endpoint provides HTTP PATCH access to update :clusterrole definitions, specified by cluster role name.

NOTE: You cannot change a resource’s name or namespace with a PATCH request. Use a PUT request instead.

Also, you cannot add elements to an array with a PATCH request — you must replace the entire array.

Example

In the following example, an HTTP PATCH request is submitted to the /clusterroles/:clusterrole API endpoint to update the verbs array within the rules array for the global-event-admin cluster role, resulting in a HTTP/1.1 200 OK response and the updated check definition.

We support JSON merge patches, so you must set the Content-Type header to application/merge-patch+json for PATCH requests.

curl -X PATCH \
-H "Authorization: Key $SENSU_API_KEY" \
-H 'Content-Type: application/merge-patch+json' \
-d '{
  "rules": [
    {
      "verbs": [
        "*"
      ],
      "resources": [
        "events"
      ],
      "resource_names": null
    }
  ]
}' \
http://127.0.0.1:8080/api/core/v2/clusterroles/global-event-admin

API Specification

/clusterroles/:clusterrole (PATCH)
description Updates the specified Sensu cluster role.
example URL http://hostname:8080/api/core/v2/clusterroles/global-event-admin
payload
{
  "rules": [
    {
      "verbs": [
        "*"
      ],
      "resources": [
        "events"
      ],
      "resource_names": null
    }
  ]
}
response codes
  • Success: 200 (OK)
  • Malformed: 400 (Bad Request)
  • Error: 500 (Internal Server Error)

Delete a cluster role

The /clusterroles/:clusterrole API endpoint provides HTTP DELETE access to delete a cluster role from Sensu (specified by the cluster role name).

Example

The following example shows a request to the /clusterroles/:clusterrole API endpoint to delete the cluster role global-event-reader, resulting in a successful HTTP/1.1 204 No Content response:

curl -X DELETE \
-H "Authorization: Key $SENSU_API_KEY" \
http://127.0.0.1:8080/api/core/v2/clusterroles/global-event-reader

API Specification

/clusterroles/:clusterrole (DELETE)
description Removes a cluster role from Sensu (specified by the cluster role name).
example url http://hostname:8080/api/core/v2/clusterroles/global-event-reader
response codes
  • Success: 204 (No Content)
  • Missing: 404 (Not Found)
  • Error: 500 (Internal Server Error)

Get a subset of cluster roles with response filtering

The /clusterroles API endpoint supports response filtering for a subset of cluster role data based on labels and the clusterrole.name field.

Example

The following example demonstrates a request to the /clusterroles API endpoint with response filtering for only cluster role definitions whose clusterrole.name includes admin:

curl -H "Authorization: Key $SENSU_API_KEY" http://127.0.0.1:8080/api/core/v2/clusterroles -G \
--data-urlencode 'fieldSelector=clusterrole.name matches "admin"'

The example request will result in a successful HTTP/1.1 200 OK response and a JSON array that contains only cluster role definitions whose clusterrole.name includes admin:

[
  {
    "rules": [
      {
        "verbs": [
          "*"
        ],
        "resources": [
          "assets",
          "checks",
          "entities",
          "events",
          "filters",
          "handlers",
          "hooks",
          "mutators",
          "silenced",
          "roles",
          "rolebindings"
        ],
        "resource_names": null
      },
      {
        "verbs": [
          "get",
          "list"
        ],
        "resources": [
          "namespaces"
        ],
        "resource_names": null
      }
    ],
    "metadata": {
      "name": "admin"
    }
  },
  {
    "rules": [
      {
        "verbs": [
          "*"
        ],
        "resources": [
          "*"
        ],
        "resource_names": null
      }
    ],
    "metadata": {
      "name": "cluster-admin"
    }
  }
]

NOTE: Read API response filtering for more filter statement examples that demonstrate how to filter responses using different operators with label and field selectors.

API Specification

/clusterroles (GET) with response filters
description Returns the list of cluster roles that match the response filters applied in the API request.
example url http://hostname:8080/api/core/v2/clusterroles
pagination This endpoint supports pagination using the limit and continue query parameters.
response type Array
response codes
  • Success: 200 (OK)
  • Error: 500 (Internal Server Error)
output
[
  {
    "rules": [
      {
        "verbs": [
          "*"
        ],
        "resources": [
          "assets",
          "checks",
          "entities",
          "events",
          "filters",
          "handlers",
          "hooks",
          "mutators",
          "silenced",
          "roles",
          "rolebindings"
        ],
        "resource_names": null
      },
      {
        "verbs": [
          "get",
          "list"
        ],
        "resources": [
          "namespaces"
        ],
        "resource_names": null
      }
    ],
    "metadata": {
      "name": "admin"
    }
  },
  {
    "rules": [
      {
        "verbs": [
          "*"
        ],
        "resources": [
          "*"
        ],
        "resource_names": null
      }
    ],
    "metadata": {
      "name": "cluster-admin"
    }
  }
]