ClearML/clearml-server
1
0
Fork 0
mirror of https://github.com/clearml/clearml-server synced 2025-02-08 05:53:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
cd4ce30f7c
clearml-server/server/schema/services/auth.conf
allegroai baba8b5b73 Move to ElasticSearch 7 
Add initial support for project ordering
Add support for sortable task duration (used by the UI in the experiment's table)
Add support for project name in worker's current task info
Add support for results and artifacts in pre-populates examples
Add demo server features
2020-08-10 08:30:40 +03:00

337 lines
8.8 KiB
Plaintext
Raw Blame History

_description: """This service provides authentication management and authorization
validation for the entire system."""
_default {
internal: true
allow_roles: ["system", "root"]
}
_definitions {
include "_common.conf"
credential_key {
type: object
properties {
access_key {
type: string
description: ""
}
last_used {
type: string
description: ""
format: "date-time"
}
}
}
role {
type: string
enum: [ admin, superuser, user, annotator ]
}
}
login {
internal: false
allow_roles = [ "*" ]
"2.1" {
description: """Get a token based on supplied credentials (key/secret).
Intended for use by users with key/secret credentials that wish to obtain a token
for use with other services."""
request {
type: object
properties {
expiration_sec {
type: integer
description: """Requested token expiration time in seconds.
Not guaranteed, might be overridden by the service"""
}
}
}
response {
type: object
properties {
token {
type: string
description: Token string
}
}
}
}
}
logout {
internal: false
allow_roles = [ "*" ]
"2.2" {
description: """Removes the authentication cookie from the current session"""
request {
type: object
additionalProperties: false
}
response {
type: object
additionalProperties: false
}
}
}
get_token_for_user {
"2.1" {
description: """Get a token for the specified user. Intended for internal use."""
request {
type: object
required: [
user
]
properties {
user {
type: string
description: User ID
}
company {
type: string
description: Company ID
}
expiration_sec {
type: integer
description: """Requested token expiration time in seconds.
Not guaranteed, might be overridden by the service"""
}
}
}
response {
type: object
properties {
token {
type: string
description: ""
}
}
}
}
}
validate_token {
"2.1" {
description: """Validate a token and return user identity if valid.
Intended for internal use. """
request {
type: object
required: [ token ]
properties {
token {
type: string
description: Token string
}
}
}
response {
type: object
properties {
valid {
type: boolean
description: Boolean indicating if the token is valid
}
user {
type: string
description: Associated user ID
}
company {
type: string
description: Associated company ID
}
}
}
}
}
create_user {
"2.1" {
description: """Creates a new user auth entry. Intended for internal use. """
request {
type: object
required: [
name
company
email
]
properties {
name {
type: string
description: User name (makes the auth entry more readable)
}
company {
type: string
description: Associated company ID
}
email {
type: string
description: Email address uniquely identifying the user
}
role {
description: User role
default: user
"$ref": "#/definitions/role"
}
given_name {
type: string
description: Given name
}
family_name {
type: string
description: Family name
}
avatar {
type: string
description: Avatar URL
}
}
}
response {
type: object
properties {
id {
type: string
description: New user ID
}
}
}
}
}
create_credentials {
allow_roles = [ "*" ]
internal: false
"2.1" {
description: """Creates a new set of credentials for the authenticated user.
New key/secret is returned.
Note: Secret will never be returned in any other API call.
If a secret is lost or compromised, the key should be revoked
and a new set of credentials can be created."""
request {
type: object
properties {}
additionalProperties: false
}
response {
type: object
properties {
credentials {
"$ref": "#/definitions/credentials"
description: Created credentials
}
}
}
}
}
get_credentials {
allow_roles = [ "*" ]
internal: false
"2.1" {
description: """Returns all existing credential keys for the authenticated user.
Note: Only credential keys are returned."""
request {
type: object
properties {}
additionalProperties: false
}
response {
type: object
properties {
credentials {
description: "List of credentials, each with an empty secret field."
type: array
items { "$ref": "#/definitions/credential_key" }
}
}
}
}
}
revoke_credentials {
allow_roles = [ "*" ]
internal: false
"2.1" {
description: """Revokes (and deletes) a set (key, secret) of credentials for
the authenticated user."""
request {
type: object
required: [ key_id ]
properties {
access_key {
type: string
description: Credentials key
}
}
}
response {
type: object
properties {
revoked {
description: "Number of credentials revoked"
type: integer
enum: [0, 1]
}
}
}
}
}
edit_user {
internal: false
allow_roles: ["system", "root", "admin"]
"2.1" {
description: """ Edit a users' auth data properties"""
request {
type: object
properties {
user {
description: "User ID"
type: string
}
role {
description: "The new user's role within the company"
type: string
enum: [admin, superuser, user, annotator]
}
}
}
response {
type: object
properties {
updated {
description: "Number of users updated (0 or 1)"
type: number
enum: [ 0, 1 ]
}
fields {
description: "Updated fields names and values"
type: object
additionalProperties: true
}
}
}
}
}
fixed_users_mode {
authorize: false
"2.1" {
description: """ Return fixed users mode status"""
request {
type: object
additionalProperties: false
}
response {
type: object
properties {
enabled {
description: "Fixed users mode enabled"
type: boolean
}
migration_warning {
type: boolean
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink