Permissions API

The permissions API manages Errthquake workspace permissions and role-based access control.

Permissions

Managing workspace collaborator permissions requires the Manage Collaborators permission.

Managing service account permissions requires the Manage Service Accounts permission.

APIs

Permissions List API

https://api.errthquake.com/permissions/<workspace-uid>/

GET returns

{
  "workspace_uid": <string: workspace uuid>,
  "current_user": service-account-document,
  "customers": [ customer-documents ],
  "service_accounts": [ service-account-documents ],
  "invitations": [ customer-invitation-documents ]
}

PUT submits

{
  "email": <string: email address>,
  "workspace-permissions": workspace-permission-set-document
}

or

{
  "uid": <string: service account uuid>,
  "workspace-permissions": workspace-permission-set-document
}

PUT returns empty response with 200 OK status

Collaborator Invitation API

https://api.errthquake.com/permissions/<workspace-uid>/collaborator

POST submits

  "email": <string: collaborator email>,
  "execute_tests": <boolean: principal can execute tests>,
  "view_test_inputs": <boolean: principal manage csv test inputs and objects>,
  "view_test_configs": <boolean: principal can manage yaml test configurations>,
  "view_test_results": <boolean: principal can view test results>,
  "manage_service_accts": <boolean: principal can manage workspace service accounts>,
  "manage_collaborators": <boolean: principal can manage workspace collaborators>,
  "manage_envvars": <boolean: principal can manage workspace environment variables>,
  "manage_secrets": <boolean: principal can manage workspace secrets>

POST returns empty response with 200 OK status

Collaborator API

https://api.errthquake.com/permissions/<workspace-uid>/<collaborator-email>

DELETE returns empty response with 200 OK status

Service Account API

https://api.errthquake.com/permissions/<workspace-uid>/svcacct

POST submits

{
  "notification_email": <string: email address>,
  "execute_tests": <boolean: principal can execute tests>,
  "view_test_inputs": <boolean: principal manage csv test inputs and objects>,
  "view_test_configs": <boolean: principal can manage yaml test configurations>,
  "view_test_results": <boolean: principal can view test results>,
  "manage_service_accts": <boolean: principal can manage workspace service accounts>,
  "manage_collaborators": <boolean: principal can manage workspace collaborators>,
  "manage_envvars": <boolean: principal can manage workspace environment variables>,
  "manage_secrets": <boolean: principal can manage workspace secrets>
}

POST returns

{
  "uid": <string: service account uuid>,
  "signing-key": <base64 string: signing key for use in authorization headers>,
  "signature": <base64 string: signature for use in authorization headers>,
}

Signing key and signature are to be used as type and value in an Authorization header, in this format:

Authorization: <signing-key>: <signature>

Service Account Permissions API

https://api.errthquake.com/permissions/<workspace-uid>/<service-account-uid>

DELETE returns empty response with 200 OK status

Response Object Documents

Customer Document

{
  "email": <string: email address>,
  "name": <string: customer name>,
  "salutation": <string: customer salutation>,
  "timezone": <string: customer timezone>,
  "utc_created_at": <ISO8601 timestamp: service account creation time>,
  "utc_deactivated_at": <ISO8601 timestamp: service account deactivation time>,
  "organization_uid": <string: customer organization uuid>,
  "organization_name": <string: customer organization name>,
  "workspace_permissions": workspace-permission-set-document
}

Customer Invitation Document

{
  "email": <string: email address>,
  "workspace_uid": <string: workspace uuid>,
  "workspace_permissions": workspace-permission-set-document
}

Service Account Document

{
  "uid": <string: service account uuid>,
  "notification_email": <string: email address>,
  "utc_created_at": <ISO8601 timestamp: service account creation time>,
  "utc_deactivated_at": <ISO8601 timestamp: service account deactivation time>,
  "workspace-uid": <string: workspace uuid>,
  "workspace_permissions": workspace-permission-set-document
}

Workspace Permission Set Document

{
  "execute_tests": <boolean: principal can execute tests>,
  "view_test_inputs": <boolean: principal manage csv test inputs and objects>,
  "view_test_configs": <boolean: principal can manage yaml test configurations>,
  "view_test_results": <boolean: principal can view test results>,
  "manage_service_accts": <boolean: principal can manage workspace service accounts>,
  "manage_collaborators": <boolean: principal can manage workspace collaborators>,
  "manage_envvars": <boolean: principal can manage workspace environment variables>,
  "manage_secrets": <boolean: principal can manage workspace secrets>
}