core/v2/rolebindings

NOTE: Requests to core/v2/rolebindings API endpoints require you to authenticate with a Sensu API key or access token. The code examples in this document use the environment variable $SENSU_API_KEY to represent a valid API key in API requests.

Get all role bindings

The /rolebindings API endpoint provides HTTP GET access to role binding data.

Example

The following example demonstrates a GET request to the /rolebindings API endpoint:

curl -X GET \
http://127.0.0.1:8080/api/core/v2/namespaces/default/rolebindings \
-H "Authorization: Key $SENSU_API_KEY"

The request results in a successful HTTP/1.1 200 OK response and a JSON array that contains the role binding definitions in the default namespace:

[
  {
    "subjects": [
      {
        "type": "Group",
        "name": "readers"
      }
    ],
    "role_ref": {
      "type": "Role",
      "name": "read-only"
    },
    "metadata": {
      "name": "readers-group-binding",
      "namespace": "default",
      "created_by": "admin"
    }
  }
]

API Specification

/rolebindings (GET)
description Returns the list of role bindings.
example url http://hostname:8080/api/core/v2/namespaces/default/rolebindings
pagination This endpoint supports pagination using the limit and continue query parameters.
response filtering This endpoint supports API response filtering.
response type Array
response codes
  • Success: 200 (OK)
  • Error: 500 (Internal Server Error)
output
[
  {
    "subjects": [
      {
        "type": "Group",
        "name": "readers"
      }
    ],
    "role_ref": {
      "type": "Role",
      "name": "read-only"
    },
    "metadata": {
      "name": "readers-group-binding",
      "namespace": "default",
      "created_by": "admin"
    }
  }
]

Create a new role binding

The /rolebindings API endpoint provides HTTP POST access to create Sensu role bindings.

Example

In the following example, an HTTP POST request is submitted to the /rolebindings API endpoint to create a role binding named readers-group-binding:

curl -X POST \
-H "Authorization: Key $SENSU_API_KEY" \
-H 'Content-Type: application/json' \
-d '{
  "subjects": [
    {
      "type": "Group",
      "name": "readers"
    }
  ],
  "role_ref": {
    "type": "Role",
    "name": "read-only"
  },
  "metadata": {
    "name": "readers-group-binding",
    "namespace": "default"
  }
}' \
http://127.0.0.1:8080/api/core/v2/namespaces/default/rolebindings

The request will return a successful HTTP/1.1 201 Created response.

API Specification

/rolebindings (POST)
description Creates a Sensu role binding.
example URL http://hostname:8080/api/core/v2/namespaces/default/rolebindings
payload
{
  "subjects": [
    {
      "type": "Group",
      "name": "readers"
    }
  ],
  "role_ref": {
    "type": "Role",
    "name": "read-only"
  },
  "metadata": {
    "name": "readers-group-binding",
    "namespace": "default"
  }
}
response codes
  • Success: 201 (Created)
  • Malformed: 400 (Bad Request)
  • Error: 500 (Internal Server Error)

Get a specific role binding

The /rolebindings/:rolebinding API endpoint provides HTTP GET access to role binding data for specific :rolebinding definitions, by role binding name.

Example

The following example queries the /rolebindings/:rolebinding API endpoint for the :rolebinding named readers-group-binding).

curl -X GET \
http://127.0.0.1:8080/api/core/v2/namespaces/default/rolebindings/readers-group-binding \
-H "Authorization: Key $SENSU_API_KEY"

The request will return a successful HTTP/1.1 200 OK response and a JSON map that contains the requested :rolebinding definition (in this example, readers-group-binding):

{
  "subjects": [
    {
      "type": "Group",
      "name": "readers"
    }
  ],
  "role_ref": {
    "type": "Role",
    "name": "read-only"
  },
  "metadata": {
    "name": "readers-group-binding",
    "namespace": "default",
    "created_by": "admin"
  }
}

API Specification

/rolebindings/:rolebinding (GET)
description Returns the specified role binding.
example url http://hostname:8080/api/core/v2/namespaces/default/rolebindings/readers-group-binding
response type Map
response codes
  • Success: 200 (OK)
  • Missing: 404 (Not Found)
  • Error: 500 (Internal Server Error)
output
{
  "subjects": [
    {
      "type": "Group",
      "name": "readers"
    }
  ],
  "role_ref": {
    "type": "Role",
    "name": "read-only"
  },
  "metadata": {
    "name": "readers-group-binding",
    "namespace": "default",
    "created_by": "admin"
  }
}

Create or update a role binding

The /rolebindings/:rolebinding API endpoint provides HTTP PUT access to create or update role binding data for specific :rolebinding definitions, by role binding name.

Example

In the following example, an HTTP PUT request is submitted to the /rolebindings/:rolebinding API endpoint to create the role binding dev-binding:

curl -X PUT \
-H "Authorization: Key $SENSU_API_KEY" \
-H 'Content-Type: application/json' \
-d '{
  "subjects": [
    {
      "type": "Group",
      "name": "devs"
    }
  ],
  "role_ref": {
    "type": "Role",
    "name": "workflow-creator"
  },
  "metadata": {
    "name": "dev-binding",
    "namespace": "default"
  }
}' \
http://127.0.0.1:8080/api/core/v2/namespaces/default/rolebindings/dev-binding

The request will return a successful HTTP/1.1 201 Created response.

API Specification

/rolebindings/:rolebinding (PUT)
description Creates or updates a Sensu role binding.
example URL http://hostname:8080/api/core/v2/namespaces/default/rolebindings/dev-binding
payload
{
  "subjects": [
    {
      "type": "Group",
      "name": "devs"
    }
  ],
  "role_ref": {
    "type": "Role",
    "name": "workflow-creator"
  },
  "metadata": {
    "name": "dev-binding",
    "namespace": "default"
  }
}
response codes
  • Success: 201 (Created)
  • Malformed: 400 (Bad Request)
  • Error: 500 (Internal Server Error)

Update a role binding with PATCH

The /rolebindings/:rolebinding API endpoint provides HTTP PATCH access to update :rolebinding definitions, specified by role binding name.

NOTE: You cannot change a resource’s name or namespace with a PATCH request. Use a PUT request instead.

Also, you cannot add elements to an array with a PATCH request — you must replace the entire array.

Example

In the following example, an HTTP PATCH request is submitted to the /rolebindings/:rolebinding API endpoint to add a group to the subjects array for the dev-binding role binding, resulting in an HTTP/1.1 200 OK response and the updated role binding definition.

We support JSON merge patches, so you must set the Content-Type header to application/merge-patch+json for PATCH requests.

curl -X PATCH \
-H "Authorization: Key $SENSU_API_KEY" \
-H 'Content-Type: application/merge-patch+json' \
-d '{
  "subjects": [
    {
      "type": "Group",
      "name": "dev_team_1"
    },
    {
      "type": "Group",
      "name": "dev_team_2"
    }
  ]
}' \
http://127.0.0.1:8080/api/core/v2/namespaces/default/rolebindings/dev-binding

The request will return a successful HTTP/1.1 201 Created response.

API Specification

/rolebindings/:rolebinding (PATCH)
description Updates the specified Sensu role binding.
example URL http://hostname:8080/api/core/v2/namespaces/default/rolebindings/dev-binding
payload
{
  "subjects": [
    {
      "type": "Group",
      "name": "dev_team_1"
    },
    {
      "type": "Group",
      "name": "dev_team_2"
    }
  ]
}
response codes
  • Success: 200 (OK)
  • Malformed: 400 (Bad Request)
  • Error: 500 (Internal Server Error)

Delete a role binding

The /rolebindings/:rolebinding API endpoint provides HTTP DELETE access to delete a role binding from Sensu (specified by the role binding name).

Example

The following example shows a request to the /rolebindings/:rolebinding API endpoint to delete the role binding dev-binding, resulting in a successful HTTP/1.1 204 No Content response.

curl -X DELETE \
http://127.0.0.1:8080/api/core/v2/namespaces/default/rolebindings/dev-binding \
-H "Authorization: Key $SENSU_API_KEY"

API Specification

/rolebindings/:rolebinding (DELETE)
description Removes the specified role binding from Sensu.
example url http://hostname:8080/api/core/v2/namespaces/default/rolebindings/dev-binding
response codes
  • Success: 204 (No Content)
  • Missing: 404 (Not Found)
  • Error: 500 (Internal Server Error)

Get a subset of role bindings with response filtering

The /rolebindings API endpoint supports response filtering for a subset of role binding data based on labels and the following fields:

  • rolebinding.name
  • rolebinding.namespace
  • rolebinding.role_ref.name
  • rolebinding.role_ref.type

Example

The following example demonstrates a request to the /rolebindings API endpoint with response filtering for only role binding definitions with event-reader as the rolebinding.role_ref.name:

curl -H "Authorization: Key $SENSU_API_KEY" http://127.0.0.1:8080/api/core/v2/rolebindings -G \
--data-urlencode 'fieldSelector="event-reader" in rolebinding.role_ref.name'

The example request will result in a successful HTTP/1.1 200 OK response and a JSON array that contains only role binding definitions with event-reader as the rolebinding.role_ref.name:

[
  {
    "subjects": [
      {
        "type": "User",
        "name": "ann"
      },
      {
        "type": "User",
        "name": "bonita"
      },
      {
        "type": "Group",
        "name": "admins"
      },
      {
        "type": "Group",
        "name": "read-events"
      }
    ],
    "role_ref": {
      "type": "Role",
      "name": "event-reader"
    },
    "metadata": {
      "name": "event-reader-binding",
      "namespace": "default",
      "labels": {
        "sensu.io/managed_by": "sensuctl"
      },
      "created_by": "admin"
    }
  }
]

NOTE: Read API response filtering for more filter statement examples that demonstrate how to filter responses using different operators with label and field selectors.

API Specification

/rolebindings (GET) with response filters
description Returns the list of role bindings that match the response filters applied in the API request.
example url http://hostname:8080/api/core/v2/rolebindings
pagination This endpoint supports pagination using the limit and continue query parameters.
response type Array
response codes
  • Success: 200 (OK)
  • Error: 500 (Internal Server Error)
output
[
  {
    "subjects": [
      {
        "type": "User",
        "name": "ann"
      },
      {
        "type": "User",
        "name": "bonita"
      },
      {
        "type": "Group",
        "name": "admins"
      },
      {
        "type": "Group",
        "name": "read-events"
      }
    ],
    "role_ref": {
      "type": "Role",
      "name": "event-reader"
    },
    "metadata": {
      "name": "event-reader-binding",
      "namespace": "default",
      "labels": {
        "sensu.io/managed_by": "sensuctl"
      },
      "created_by": "admin"
    }
  }
]