422 lines
13 KiB
YAML
422 lines
13 KiB
YAML
openapi: 3.0.3
|
|
info:
|
|
title: TenantPilot Admin - Workspace Tenancy & Environment Routing Cutover (Conceptual)
|
|
version: 0.1.0
|
|
description: |
|
|
Conceptual GET-route contract for Spec 280.
|
|
|
|
This package removes the temporary `/admin/t/{environment}` public shell,
|
|
makes `Workspace` the only Filament tenant for operator admin routing, and
|
|
moves managed-environment work under workspace-first routes rooted at
|
|
`/admin/workspaces/{workspace}`.
|
|
servers:
|
|
- url: /admin
|
|
paths:
|
|
/:
|
|
get:
|
|
summary: Resolve the operator admin entrypoint
|
|
description: |
|
|
Direct `/admin` requests resolve to workspace selection or the active
|
|
workspace dashboard. `/admin` is not a second canonical managed-
|
|
environment dashboard route after this cutover.
|
|
responses:
|
|
'302':
|
|
description: Redirect to workspace selection or the active workspace dashboard
|
|
headers:
|
|
Location:
|
|
schema:
|
|
type: string
|
|
x-logical-outcomes:
|
|
- route: /admin/choose-workspace
|
|
when: no valid workspace context exists
|
|
- route: /admin/workspaces/{workspace}
|
|
when: a valid workspace context exists
|
|
/workspaces/{workspace}:
|
|
get:
|
|
summary: Open the canonical workspace dashboard
|
|
parameters:
|
|
- $ref: '#/components/parameters/WorkspaceIdentifier'
|
|
responses:
|
|
'200':
|
|
description: Workspace dashboard rendered
|
|
content:
|
|
text/html:
|
|
schema:
|
|
type: string
|
|
x-logical-view-model:
|
|
$ref: '#/components/schemas/WorkspaceDashboardView'
|
|
'403':
|
|
$ref: '#/components/responses/Forbidden'
|
|
'404':
|
|
$ref: '#/components/responses/NotFound'
|
|
x-capability-rules:
|
|
workspace_membership: required
|
|
/workspaces/{workspace}/environments:
|
|
get:
|
|
summary: Open the canonical workspace-scoped environment chooser
|
|
description: |
|
|
Reuses the existing workspace-bound environment-selection surface and
|
|
replaces any need for a second public chooser route.
|
|
parameters:
|
|
- $ref: '#/components/parameters/WorkspaceIdentifier'
|
|
responses:
|
|
'200':
|
|
description: Environment chooser rendered
|
|
content:
|
|
text/html:
|
|
schema:
|
|
type: string
|
|
x-logical-view-model:
|
|
$ref: '#/components/schemas/EnvironmentChooserView'
|
|
'403':
|
|
$ref: '#/components/responses/Forbidden'
|
|
'404':
|
|
$ref: '#/components/responses/NotFound'
|
|
x-capability-rules:
|
|
workspace_membership: required
|
|
/workspaces/{workspace}/environments/{environment}:
|
|
get:
|
|
summary: Open the canonical managed-environment dashboard
|
|
parameters:
|
|
- $ref: '#/components/parameters/WorkspaceIdentifier'
|
|
- $ref: '#/components/parameters/ManagedEnvironmentIdentifier'
|
|
responses:
|
|
'200':
|
|
description: Managed-environment dashboard rendered
|
|
content:
|
|
text/html:
|
|
schema:
|
|
type: string
|
|
x-logical-view-model:
|
|
$ref: '#/components/schemas/ManagedEnvironmentDashboardView'
|
|
'403':
|
|
$ref: '#/components/responses/Forbidden'
|
|
'404':
|
|
$ref: '#/components/responses/NotFound'
|
|
x-capability-rules:
|
|
workspace_membership: required
|
|
managed_environment_membership: required
|
|
/workspaces/{workspace}/environments/{environment}/required-permissions:
|
|
get:
|
|
summary: Open required permissions under workspace-first environment routing
|
|
parameters:
|
|
- $ref: '#/components/parameters/WorkspaceIdentifier'
|
|
- $ref: '#/components/parameters/ManagedEnvironmentIdentifier'
|
|
responses:
|
|
'200':
|
|
description: Required permissions page rendered
|
|
content:
|
|
text/html:
|
|
schema:
|
|
type: string
|
|
x-logical-view-model:
|
|
$ref: '#/components/schemas/ManagedEnvironmentPageView'
|
|
'403':
|
|
$ref: '#/components/responses/Forbidden'
|
|
'404':
|
|
$ref: '#/components/responses/NotFound'
|
|
x-capability-rules:
|
|
workspace_membership: required
|
|
managed_environment_membership: required
|
|
/workspaces/{workspace}/operations:
|
|
get:
|
|
summary: Open the canonical workspace operations hub
|
|
parameters:
|
|
- $ref: '#/components/parameters/WorkspaceIdentifier'
|
|
- $ref: '#/components/parameters/ManagedEnvironmentFilter'
|
|
- $ref: '#/components/parameters/TenantScope'
|
|
- $ref: '#/components/parameters/ActiveTab'
|
|
- $ref: '#/components/parameters/ProblemClass'
|
|
responses:
|
|
'200':
|
|
description: Workspace operations hub rendered
|
|
content:
|
|
text/html:
|
|
schema:
|
|
type: string
|
|
x-logical-view-model:
|
|
$ref: '#/components/schemas/WorkspaceOperationsView'
|
|
'403':
|
|
$ref: '#/components/responses/Forbidden'
|
|
'404':
|
|
$ref: '#/components/responses/NotFound'
|
|
x-capability-rules:
|
|
workspace_membership: required
|
|
managed_environment_membership: conditional-when-filtered
|
|
/workspaces/{workspace}/operations/{run}:
|
|
get:
|
|
summary: Open the canonical operation run detail viewer
|
|
parameters:
|
|
- $ref: '#/components/parameters/WorkspaceIdentifier'
|
|
- $ref: '#/components/parameters/OperationRunIdentifier'
|
|
responses:
|
|
'200':
|
|
description: Operation run detail rendered
|
|
content:
|
|
text/html:
|
|
schema:
|
|
type: string
|
|
x-logical-view-model:
|
|
$ref: '#/components/schemas/OperationRunDetailView'
|
|
'403':
|
|
$ref: '#/components/responses/Forbidden'
|
|
'404':
|
|
$ref: '#/components/responses/NotFound'
|
|
x-capability-rules:
|
|
workspace_membership: required
|
|
run_visibility: tenant-safe-within-workspace
|
|
/w/{workspace}/managed-tenants:
|
|
get:
|
|
summary: Legacy workspace-scoped managed-tenants chooser route removed
|
|
description: |
|
|
Spec 280 removes `/admin/w/{workspace}/managed-tenants` and replaces it
|
|
with the canonical workspace-first environment chooser at
|
|
`/admin/workspaces/{workspace}/environments`. No redirect or
|
|
compatibility alias survives.
|
|
parameters:
|
|
- $ref: '#/components/parameters/WorkspaceIdentifier'
|
|
responses:
|
|
'404':
|
|
$ref: '#/components/responses/NotFound'
|
|
x-removed-by-spec: 280
|
|
/operations:
|
|
get:
|
|
summary: Legacy workspace operations collection route removed
|
|
description: |
|
|
Spec 280 removes `/admin/operations` in favor of
|
|
`/admin/workspaces/{workspace}/operations`. No redirect or compatibility
|
|
alias survives.
|
|
responses:
|
|
'404':
|
|
$ref: '#/components/responses/NotFound'
|
|
x-removed-by-spec: 280
|
|
/operations/{run}:
|
|
get:
|
|
summary: Legacy workspace operations detail route removed
|
|
description: |
|
|
Spec 280 removes `/admin/operations/{run}` in favor of
|
|
`/admin/workspaces/{workspace}/operations/{run}`. No redirect or
|
|
compatibility alias survives.
|
|
parameters:
|
|
- $ref: '#/components/parameters/OperationRunIdentifier'
|
|
responses:
|
|
'404':
|
|
$ref: '#/components/responses/NotFound'
|
|
x-removed-by-spec: 280
|
|
/t/{environment}:
|
|
get:
|
|
summary: Legacy environment panel route removed
|
|
description: |
|
|
Spec 280 removes the public `/admin/t/{environment}` route family. No
|
|
redirect or compatibility alias survives.
|
|
parameters:
|
|
- $ref: '#/components/parameters/ManagedEnvironmentIdentifier'
|
|
responses:
|
|
'404':
|
|
$ref: '#/components/responses/NotFound'
|
|
x-removed-by-spec: 280
|
|
/tenants/{environment}/required-permissions:
|
|
get:
|
|
summary: Legacy required-permissions route removed
|
|
description: |
|
|
Spec 280 removes `/admin/tenants/{environment}/required-permissions`
|
|
and replaces it with the workspace-first environment route family.
|
|
parameters:
|
|
- $ref: '#/components/parameters/ManagedEnvironmentIdentifier'
|
|
responses:
|
|
'404':
|
|
$ref: '#/components/responses/NotFound'
|
|
x-removed-by-spec: 280
|
|
components:
|
|
parameters:
|
|
WorkspaceIdentifier:
|
|
name: workspace
|
|
in: path
|
|
required: true
|
|
schema:
|
|
type: string
|
|
ManagedEnvironmentIdentifier:
|
|
name: environment
|
|
in: path
|
|
required: true
|
|
schema:
|
|
type: string
|
|
OperationRunIdentifier:
|
|
name: run
|
|
in: path
|
|
required: true
|
|
schema:
|
|
type: integer
|
|
ManagedEnvironmentFilter:
|
|
name: managed_environment_id
|
|
in: query
|
|
required: false
|
|
schema:
|
|
type: integer
|
|
description: Optional explicit environment prefilter inside the active workspace.
|
|
TenantScope:
|
|
name: tenant_scope
|
|
in: query
|
|
required: false
|
|
schema:
|
|
type: string
|
|
enum: [all]
|
|
ActiveTab:
|
|
name: activeTab
|
|
in: query
|
|
required: false
|
|
schema:
|
|
type: string
|
|
ProblemClass:
|
|
name: problemClass
|
|
in: query
|
|
required: false
|
|
schema:
|
|
type: string
|
|
responses:
|
|
Forbidden:
|
|
description: Actor is in scope but lacks the required capability on the workspace or managed environment.
|
|
NotFound:
|
|
description: Wrong workspace, wrong managed environment, removed legacy route, or non-member access is hidden as not found.
|
|
schemas:
|
|
WorkspaceSummary:
|
|
type: object
|
|
required: [id, name, slug]
|
|
properties:
|
|
id:
|
|
type: integer
|
|
name:
|
|
type: string
|
|
slug:
|
|
type: string
|
|
ManagedEnvironmentSummary:
|
|
type: object
|
|
required: [id, workspace_id, slug, name, lifecycle_status]
|
|
properties:
|
|
id:
|
|
type: integer
|
|
workspace_id:
|
|
type: integer
|
|
slug:
|
|
type: string
|
|
name:
|
|
type: string
|
|
lifecycle_status:
|
|
type: string
|
|
BreadcrumbSegment:
|
|
type: object
|
|
required: [label, url]
|
|
properties:
|
|
label:
|
|
type: string
|
|
url:
|
|
type: string
|
|
WorkspaceDashboardView:
|
|
type: object
|
|
required: [workspace, overview_payload, environment_chooser_url, operations_url]
|
|
properties:
|
|
workspace:
|
|
$ref: '#/components/schemas/WorkspaceSummary'
|
|
overview_payload:
|
|
type: object
|
|
additionalProperties: true
|
|
environment_chooser_url:
|
|
type: string
|
|
operations_url:
|
|
type: string
|
|
EnvironmentChooserItem:
|
|
type: object
|
|
required: [id, slug, name, lifecycle_status, open_url]
|
|
properties:
|
|
id:
|
|
type: integer
|
|
slug:
|
|
type: string
|
|
name:
|
|
type: string
|
|
lifecycle_status:
|
|
type: string
|
|
posture_hint:
|
|
type: string
|
|
nullable: true
|
|
open_url:
|
|
type: string
|
|
EnvironmentChooserView:
|
|
type: object
|
|
required: [workspace, environments]
|
|
properties:
|
|
workspace:
|
|
$ref: '#/components/schemas/WorkspaceSummary'
|
|
environments:
|
|
type: array
|
|
items:
|
|
$ref: '#/components/schemas/EnvironmentChooserItem'
|
|
switch_workspace_url:
|
|
type: string
|
|
nullable: true
|
|
ManagedEnvironmentDashboardView:
|
|
type: object
|
|
required: [workspace, managed_environment, breadcrumbs, operations_url]
|
|
properties:
|
|
workspace:
|
|
$ref: '#/components/schemas/WorkspaceSummary'
|
|
managed_environment:
|
|
$ref: '#/components/schemas/ManagedEnvironmentSummary'
|
|
breadcrumbs:
|
|
type: array
|
|
items:
|
|
$ref: '#/components/schemas/BreadcrumbSegment'
|
|
dashboard_summary:
|
|
type: object
|
|
additionalProperties: true
|
|
operations_url:
|
|
type: string
|
|
ManagedEnvironmentPageView:
|
|
type: object
|
|
required: [workspace, managed_environment, breadcrumbs, page_label, operations_url]
|
|
properties:
|
|
workspace:
|
|
$ref: '#/components/schemas/WorkspaceSummary'
|
|
managed_environment:
|
|
$ref: '#/components/schemas/ManagedEnvironmentSummary'
|
|
breadcrumbs:
|
|
type: array
|
|
items:
|
|
$ref: '#/components/schemas/BreadcrumbSegment'
|
|
page_label:
|
|
type: string
|
|
operations_url:
|
|
type: string
|
|
WorkspaceOperationsView:
|
|
type: object
|
|
required: [workspace]
|
|
properties:
|
|
workspace:
|
|
$ref: '#/components/schemas/WorkspaceSummary'
|
|
managed_environment_id:
|
|
type: integer
|
|
nullable: true
|
|
active_tab:
|
|
type: string
|
|
nullable: true
|
|
problem_class:
|
|
type: string
|
|
nullable: true
|
|
nav_context:
|
|
type: object
|
|
nullable: true
|
|
additionalProperties: true
|
|
OperationRunDetailView:
|
|
type: object
|
|
required: [workspace, run_id]
|
|
properties:
|
|
workspace:
|
|
$ref: '#/components/schemas/WorkspaceSummary'
|
|
managed_environment:
|
|
$ref: '#/components/schemas/ManagedEnvironmentSummary'
|
|
nullable: true
|
|
run_id:
|
|
type: integer
|
|
back_link_url:
|
|
type: string
|
|
nullable: true |