Security#

REST API
API Version: 7.1

Prerequisites#

Examples#

Now that we have the connection object webApi, we can get the instance of SecurityApi.

var security = webApi.getSecurityApi();

We have access to the functionalities that Security Api has.

Note

SecurityApi incorporates IdenitiesApi functionality as well.

Available functions#

List namespaces#

Get all available namespaces.

security.getNamespaces();

Get a namespace#

Get a specific security namespace.

var ns = security.getNamespace(SecurityToken.Scope.ReleaseManagement.getNamespace());

List the identites from descriptor#

Get the identity descriptor by passing user descriptor.

// Get the descriptor for a user from GraphApi.
var identities = security.getIdentitiesFromSubjectDescriptors(user.getDescriptor());
var securityDescriptor = identities.getIdentities().get(0).getDescriptor();

Generate a resource security identifier token#

Generate a resource security identifier token.

var resourceToken = SecurityToken.generate(SecurityToken.Scope.GIT,
Map.of("PROJECT_ID", "05d37331-f4e4-4c55-9830-37c64e50346d",
        "REPO_ID", "da9108b8-4ed4-41db-a44f-8a428a355772"
));

Get access control lists for user and resource#

Get access control lists for user and resource

var identities = security.getIdentitiesFromSubjectDescriptors(user.getDescriptor());
var securityDescriptor = identities.getIdentities().get(0).getDescriptor();

// boolean fields are 'includeExtendedInfo' and 'recurse'
security.getAccessControlLists(SecurityToken.Scope.GIT.getNamespace(),
        new String[]{securityDescriptor},
        resourceToken,
        false,
        false
);

Remove access control entries#

Remove access control entries.

security.removeAccessControlEntries(SecurityToken.Scope.GIT.getNamespace(),
        new String[]{securityDescriptor},
        new String[]{resourceToken}
);

Set access control entries#

Set access control entries

// create access control entry objects with bitmask allow/deny permission (not included implies inherited)
var entries = new ACEs();
entries.setToken(resourceToken);
entries.setMerge(false); // replace or merge with existing in scope entries

var entry = new ACE();
entry.setDescriptor(securityDescriptor);
entry.setAllow(133); // bitmask corresponding to namespace actions identified above. i.e. 133=128+4+1
entry.setDeny(10);

entries.setAccessControlEntries(List.of(entry));

// apply ACEs
security.setAccessControlEntries(SecurityToken.Scope.Build.getNamespace(), entries);