KesselInventoryService_CheckForUpdate

POST

/api/inventory/v1beta2/checkforupdate

Performs a strongly consistent relationship check to determine whether a subject has a specific relation to an object (representing, for example, a permission).

This API answers the question: “Is subject X currently authorized to update or modify resource Y?” Unlike the basic Check endpoint, this method guarantees a fully up-to-date view of the relationship state (e.g., not relying on cached or eventually consistent data).

It is intended to be used just prior to sensitive operation (e.g., update, delete) which depend on the current state of the relationship.

Request Body ^required

object

object

Required parameters

• resource type and id
• permission (cannot be derived from type as types may have multiple edit permissions Ex: https://github.com/RedHatInsights/rbac-config/blob/master/configs/prod/schemas/src/notifications.ksl#L37)
• user (possibly derived from an identity token)

object

resourceType

string

resourceId

string

reporter

object

type

string

instanceId

string

relation

string

subject

A reference to a Subject or, if a relation is provided, a Subject Set.

object

relation

An optional relation which points to a set of Subjects instead of the single Subject. e.g. “members” or “owners” of a group identified in subject.

string

resource

object

resourceType

string

resourceId

string

reporter

object

type

string

instanceId

string

Responses

200

OK

object

allowed

string format: enum

Allowed values: ALLOWED_UNSPECIFIED ALLOWED_TRUE ALLOWED_FALSE

default

Default error response

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

object

code

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

integer format: int32

message

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

string

details

A list of messages that carry the error details. There is a common set of message types for APIs to use.

Array<object>

Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.

object

@type

The type of the serialized message.

string

key

additional properties

any