Boundary controller HTTP API

Role Service

List RolesGET/v1/roles

Lists all Roles.

Query Parameters

scope_id string

recursive boolean

filter string

You can specify that the filter should only return items that match. Refer to filter expressions for more information.

list_token string

An opaque token that Boundary uses to continue an existing iteration or request updated items. If you do not specify a token, pagination starts from the beginning. To learn more about list pagination in Boundary, refer to list pagination.

page_size integer

The maximum size of a page in this iteration. If unset, the default page size configured will be used. If the page_size is greater than the default page configured, the page size will be truncated to this number..

Successful Response

items object[]

Role contains all fields related to a Role resource

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_ids string[]

principal_ids string[]

principals object[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

grants object[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set. Deprecated: use "ids" instead.

ids string[]

type string

Output only. The type, if set.

actions string[]

authorized_actions string[]

response_type string

The type of response, either "delta" or "complete". Delta signifies that this is part of a paginated result or an update to a previously completed pagination. Complete signifies that it is the last page.

list_token string

An opaque token used to continue an existing pagination or request updated items. Use this token in the next list request to request the next page.

sort_by string

The name of the field which the items are sorted by.

sort_dir string

The direction of the sort, either "asc" or "desc".

removed_ids string[]

est_item_count integer

An estimate at the total items available. This may change during pagination.

Create RolePOST/v1/roles

Creates a single Role.

Body Parameters

scope_id string

The ID of the Scope containing this Role.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_ids string[]

principal_ids string[]

principals object[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

grants object[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set. Deprecated: use "ids" instead.

ids string[]

type string

Output only. The type, if set.

actions string[]

authorized_actions string[]

Get RoleGET/v1/roles/{id}

Gets a single Role.

Path Parameters

id string

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_ids string[]

principal_ids string[]

principals object[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

grants object[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set. Deprecated: use "ids" instead.

ids string[]

type string

Output only. The type, if set.

actions string[]

authorized_actions string[]

Delete RoleDELETE/v1/roles/{id}

Deletes a Role.

Path Parameters

id string

Update RolePATCH/v1/roles/{id}

Updates a Role.

Path Parameters

id string

Body Parameters

scope_id string

The ID of the Scope containing this Role.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_ids string[]

principal_ids string[]

principals object[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

grants object[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set. Deprecated: use "ids" instead.

ids string[]

type string

Output only. The type, if set.

actions string[]

authorized_actions string[]

Add Role Grant ScopesPOST/v1/roles/{id}:add-grant-scopes

Adds grant scopes to a Role

Path Parameters

id string

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_ids string[]

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_ids string[]

principal_ids string[]

principals object[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

grants object[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set. Deprecated: use "ids" instead.

ids string[]

type string

Output only. The type, if set.

actions string[]

authorized_actions string[]

Add Role GrantsPOST/v1/roles/{id}:add-grants

Adds grants to a Role

Path Parameters

id string

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_strings string[]

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_ids string[]

principal_ids string[]

principals object[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

grants object[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set. Deprecated: use "ids" instead.

ids string[]

type string

Output only. The type, if set.

actions string[]

authorized_actions string[]

Add Role PrincipalsPOST/v1/roles/{id}:add-principals

Adds Users and/or Groups to a Role.

Path Parameters

id string

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

principal_ids string[]

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_ids string[]

principal_ids string[]

principals object[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

grants object[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set. Deprecated: use "ids" instead.

ids string[]

type string

Output only. The type, if set.

actions string[]

authorized_actions string[]

Remove Role Grant ScopesPOST/v1/roles/{id}:remove-grant-scopes

Removes grant scopes from a Role.

Path Parameters

id string

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_ids string[]

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_ids string[]

principal_ids string[]

principals object[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

grants object[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set. Deprecated: use "ids" instead.

ids string[]

type string

Output only. The type, if set.

actions string[]

authorized_actions string[]

Remove Role GrantsPOST/v1/roles/{id}:remove-grants

Removes grants from a Role.

Path Parameters

id string

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_strings string[]

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_ids string[]

principal_ids string[]

principals object[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

grants object[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set. Deprecated: use "ids" instead.

ids string[]

type string

Output only. The type, if set.

actions string[]

authorized_actions string[]

Remove Role PrincipalsPOST/v1/roles/{id}:remove-principals

Removes the specified Users and/or Groups from a Role.

Path Parameters

id string

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

principal_ids string[]

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_ids string[]

principal_ids string[]

principals object[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

grants object[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set. Deprecated: use "ids" instead.

ids string[]

type string

Output only. The type, if set.

actions string[]

authorized_actions string[]

Set Role Grant ScopesPOST/v1/roles/{id}:set-grant-scopes

Set grant scopes for a Role, removing any grant scopes that are not specified in the request.

Path Parameters

id string

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_ids string[]

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_ids string[]

principal_ids string[]

principals object[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

grants object[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set. Deprecated: use "ids" instead.

ids string[]

type string

Output only. The type, if set.

actions string[]

authorized_actions string[]

Set Role GrantsPOST/v1/roles/{id}:set-grants

Set grants for a Role, removing any grants that are not specified in the request.

Path Parameters

id string

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_strings string[]

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_ids string[]

principal_ids string[]

principals object[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

grants object[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set. Deprecated: use "ids" instead.

ids string[]

type string

Output only. The type, if set.

actions string[]

authorized_actions string[]

Set Role PrincipalsPOST/v1/roles/{id}:set-principals

Set Users and/or Groups to a Role, removing any principals that are not specified in the request.

Path Parameters

id string

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

principal_ids string[]

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

The ID of the scope.

type string

The type of the scope.

name string

The name of the scope, if any.

description string

The description of the scope, if any.

parent_scope_id string

The ID of the parent scope, if any. This field is empty if it is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_ids string[]

principal_ids string[]

principals object[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

grants object[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set. Deprecated: use "ids" instead.

ids string[]

type string

Output only. The type, if set.

actions string[]

authorized_actions string[]