feat: management separation

openapi/openapi.yaml

@@ -1,6 +1,6 @@
 openapi: 3.0.3
 info:
-  version: 1.0.0
+  version: 2.0.0
   title: Crossid API
   termsOfService: 'https://crossid.io/tos'
   contact:
@@ -17,11 +17,14 @@ externalDocs:
   description: Find out more about CrossID
   url: 'https://www.crossid.io'
 servers:
-  - url: https://{tenant}.crossid.io/api/v1
+  - url: https://{tenant}.{region}.crossid.io/api/v1
     variables:
       tenant:
         default: acme
         description: Tenant Identifier
+      region:
+        defualt: us
+        description: The tenant region
     description: Development
 tags:
   - name: Secrets
@@ -31,39 +34,11 @@ tags:
 x-tagGroups:
   - name: Tenant API
     tags:
-      - Secrets
-      - Tenants
+      - Resources
       - Schemas
       - Resource Types
-  - name: Global
-    tags:
-      - Namespaces
-      - Global Tenants
-      - Health
+      - Jobs
 paths:
-  # tenants
-  #
-  /api/v1/tenants/{id}:
-    get:
-      $ref: resources/tenants/get_tenant.yml
-    put:
-      $ref: resources/tenants/replace_tenant.yml
-    patch:
-      $ref: resources/tenants/patch_tenant.yml
-  /api/global/v1/tenants:
-    post:
-      $ref: resources/tenants/create_tenant.yml
-    get:
-      $ref: resources/tenants/get_tenant_public.yml
-  /api/global/v1/tenants/.register:
-    post:
-      $ref: resources/tenants/register_tenant.yml
-  /api/global/v1/tenants/.activate:
-    post:
-      $ref: resources/tenants/activate_tenant.yml
-  /api/global/v1/tenants/{id}:
-    delete:
-      $ref: resources/tenants/delete_tenant.yml
   # scim schemas
   #
   /api/v1/scim-schemas:
@@ -86,38 +61,24 @@ paths:
       $ref: resources/resource_types/get_resource_type.yml
     put:
       $ref: resources/resource_types/replace_resource_type.yml
-  # secrets
+  # job
   #
-  /api/v1/secrets/{path}:
+  /api/v1/jobs/{id}:
     get:
-      $ref: resources/secrets/get_secret.yml
-    put:
-      $ref: resources/secrets/put_secret.yml
-  # namespace
+      $ref: resources/jobs/get_job.yml
+  # resources
   #
-  /api/global/v1/namespaces:
-    post:
-      $ref: resources/cluster/create_namespace.yml
-  # health
-  #
-  /api/global/v1/health/ready:
-    get:
-      $ref: resources/health/ready.yml
-  /api/global/v1/health/alive:
+  /api/v1/resources/{appID}/{resourceTypes}:
     get:
-      $ref: resources/health/alive.yml
+      $ref: resources/resources/list_resources_for_type.yml
 components:
   securitySchemes:
     oauth2:
       type: oauth2
       flows:
         authorizationCode:
-          authorizationUrl: 'https://{tenant}.crossid.io/oauth2/auth'
-          tokenUrl: 'https://{tenant}.crossid.io/oauth2/token'
+          authorizationUrl: 'https://crossid.us.crossid.io/oauth2/auth'
+          tokenUrl: 'https://crossid.us.crossid.io/oauth2/token'
           scopes:
-            'read:users': read users info
+            'manage:read:users': read users info
             'write:users': modify or remove users
-    namespaceApiKey:
-      type: http
-      scheme: bearer
-      bearerFormat: JWT

openapi/resources/jobs/examples.yml

@@ -0,0 +1,15 @@
+job:
+  value:
+    id: T1e642kLYG3iZYGjo5REVW
+    error: Item already exists.
+    status: fatal
+    statusCode: 500
+    reason: Creating a new user.
+    meta:
+      tenantId: acme
+      appId: '-'
+      resourceType: Job
+      created: '2021-09-13T19:00:14.646Z'
+      lastModified: '2021-09-13T19:00:14.646Z'
+      revision: 1
+      location: '/jobs/T1e642kLYG3iZYGjo5REVW'

openapi/resources/secrets/examples/curl/get_secret.yml → openapi/resources/jobs/examples/curl/get_job.yml

@@ -3,4 +3,4 @@ source: |-
   curl -X GET \
     -H "Content-Type: application/json" \
     -H "Authorization: Bearer $CID_TOKEN" \
-    "https://{tenant}.crossid.io/api/v1/secrets/secret/db_user"
+    "https://acme.us.crossid.io/api/v1/jobs/T1e642kLYG3iZYGjo5REVW"

openapi/resources/jobs/get_job.yml

@@ -0,0 +1,17 @@
+operationId: getJob
+summary: Retrieve a Job.
+description: Retrieve details about an existing Job by its id.
+security:
+  - oauth2:
+      - job.read
+tags:
+  - Jobs
+parameters:
+  - $ref: parameters.yml#/id
+responses:
+  '200':
+    $ref: responses/job.yml
+  default:
+    $ref: ../../shared/responses/default_error.yml
+x-codeSamples:
+  - $ref: 'examples/curl/get_job.yml'

openapi/resources/jobs/models/job.yml

@@ -0,0 +1,21 @@
+description: Job model.
+type: object
+properties:
+  id:
+    type: string
+    description: Unique identifier of the job.
+  error:
+    type: string
+    description: Error message in case of a failure.
+  status:
+    type: string
+    enum: ['enqueued', 'started', 'failed', 'fatal', 'canceled', 'success']
+    description: The current status of the job.
+  statusCode:
+    type: number
+    description: The current status code of the job, corresponds to http status codes.
+  reason:
+    type: string
+    description: A descriptive reason describing the purpose of the job.
+  meta:
+    $ref: ../../../shared/models/meta.yml

openapi/resources/jobs/parameters.yml

@@ -0,0 +1,8 @@
+id:
+  description: The job ID
+  in: path
+  name: id
+  required: true
+  schema:
+    type: string
+  example: T1e642kLYG3iZYGjo5REVW

openapi/resources/secrets/responses/get_secret.yml → openapi/resources/jobs/responses/job.yml

@@ -1,12 +1,12 @@
-description: A secret, in JSON format.
+description: A Job, in JSON format.
 
 content:
   application/json:
     schema:
-      $ref: ../models/secret.yml
+      $ref: ../models/job.yml
     examples:
-      secret:
-        $ref: examples.yml#/secret
+      schema:
+        $ref: ../examples.yml#/job
 
 headers:
   ratelimit-limit:

openapi/resources/resource_types/examples/curl/create_resource_type.yml

@@ -4,4 +4,4 @@ source: |-
     -H "Content-Type: application/json" \
     -H "Authorization: Bearer $CID_TOKEN" \
     -d '{"name": "User", "appId": "myapp", "schema": "scimUser", "mode": "local"}' \
-    "https://acme.crossid.io/api/v1/resource-types?reason=my-app"
+    "https://acme.us.crossid.io/api/v1/resource-types?reason=my-app"

openapi/resources/resource_types/examples/curl/get_resource_type.yml

@@ -3,4 +3,4 @@ source: |-
   curl -X GET \
     -H "Content-Type: application/json" \
     -H "Authorization: Bearer $CID_TOKEN" \
-    "https://acme.crossid.io/api/v1/resource-types/T9e682kLYG6iYFSjo5RJVW"
+    "https://acme.us.crossid.io/api/v1/resource-types/T9e682kLYG6iYFSjo5RJVW"

openapi/resources/resource_types/examples/curl/list_resource_types.yml

@@ -3,4 +3,4 @@ source: |-
   curl -X GET \
     -H "Content-Type: application/json" \
     -H "Authorization: Bearer $CID_TOKEN" \
-    "https://acme.crossid.io/api/v1/resource-types
+    "https://acme.us.crossid.io/api/v1/resource-types

openapi/resources/resource_types/examples/curl/replace_resource_type.yml

@@ -4,4 +4,4 @@ source: |-
     -H "Content-Type: application/json" \
     -H "Authorization: Bearer $CID_TOKEN" \
     -d '{"name": "User", "appId": "myapp", "schema": "scimUser", "mode": "local"}' \
-    "https://acme.crossid.io/api/v1/resource-types/T9e682kLYG6iYFSjo5RJVW?reason=my-app"
+    "https://acme.us.crossid.io/api/v1/resource-types/T9e682kLYG6iYFSjo5RJVW?reason=my-app"

openapi/resources/tenants/examples/curl/get_tenant.yml → openapi/resources/resources/examples/curl/list_resources_for_type.yml

@@ -3,4 +3,4 @@ source: |-
   curl -X GET \
     -H "Content-Type: application/json" \
     -H "Authorization: Bearer $CID_TOKEN" \
-    "https://{tenant}.crossid.io/api/v1/tenants/acme"
+    "https://acme.us.crossid.io/api/v1/resources/Users

openapi/resources/resources/list_resources_for_type.yml

@@ -0,0 +1,24 @@
+operationId: listResourcesOfType
+summary: List resources of a specific type
+description: Retrieve a list of existing resources of a specific type.
+security:
+  - oauth2:
+      - resource.read
+tags:
+  - Resources
+parameters:
+  - $ref: ../../shared/parameters.yml#/filter
+  - $ref: ../../shared/parameters.yml#/count
+  - $ref: ../../shared/parameters.yml#/startIndex
+  - $ref: ../../shared/parameters.yml#/sortBy
+  - $ref: ../../shared/parameters.yml#/sortOrder
+  - $ref: ../../shared/parameters.yml#/attributes
+  - $ref: ../../shared/parameters.yml#/excludedAttributes
+  - $ref: ../../shared/parameters.yml#/forTime
+responses:
+  '200':
+    $ref: responses/list_resources.yml
+  default:
+    $ref: ../../shared/responses/default_error.yml
+x-codeSamples:
+  - $ref: 'examples/curl/list_resources_for_type.yml'