Etcd · Capability

etcd HTTP Gateway API — Auth

etcd HTTP Gateway API — Auth. 16 operations. Lead operation: Etcd Authenticate a user. Self-contained Naftiko capability covering one Etcd business surface.

Run with Naftiko EtcdAuth

What You Can Do

POST
Authauthenticate — Etcd Authenticate a user
/v1/auth/authenticate
POST
Authdisable — Etcd Disable authentication
/v1/auth/disable
POST
Authenable — Etcd Enable authentication
/v1/auth/enable
POST
Authroleadd — Etcd Add a role
/v1/auth/role/add
POST
Authroledelete — Etcd Delete a role
/v1/auth/role/delete
POST
Authroleget — Etcd Get role details
/v1/auth/role/get
POST
Authrolegrantpermission — Etcd Grant a permission to a role
/v1/auth/role/grant
POST
Authrolelist — Etcd List all roles
/v1/auth/role/list
POST
Authrolerevokepermission — Etcd Revoke a permission from a role
/v1/auth/role/revoke
POST
Authuseradd — Etcd Add a user
/v1/auth/user/add
POST
Authuserchangepassword — Etcd Change a user's password
/v1/auth/user/changepw
POST
Authuserdelete — Etcd Delete a user
/v1/auth/user/delete
POST
Authuserget — Etcd Get user details
/v1/auth/user/get
POST
Authusergrantrole — Etcd Grant a role to a user
/v1/auth/user/grant
POST
Authuserlist — Etcd List all users
/v1/auth/user/list
POST
Authuserrevokerole — Etcd Revoke a role from a user
/v1/auth/user/revoke

MCP Tools

etcd-authenticate-user

Etcd Authenticate a user

etcd-disable-authentication

Etcd Disable authentication

etcd-enable-authentication

Etcd Enable authentication

etcd-add-role

Etcd Add a role

etcd-delete-role

Etcd Delete a role

etcd-get-role-details

Etcd Get role details

read-only
etcd-grant-permission-role

Etcd Grant a permission to a role

etcd-list-all-roles

Etcd List all roles

read-only
etcd-revoke-permission-role

Etcd Revoke a permission from a role

etcd-add-user

Etcd Add a user

etcd-change-user-s-password

Etcd Change a user's password

etcd-delete-user

Etcd Delete a user

etcd-get-user-details

Etcd Get user details

read-only
etcd-grant-role-user

Etcd Grant a role to a user

etcd-list-all-users

Etcd List all users

read-only
etcd-revoke-role-user

Etcd Revoke a role from a user

Capability Spec

http-gateway-auth.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: etcd HTTP Gateway API — Auth
  description: 'etcd HTTP Gateway API — Auth. 16 operations. Lead operation: Etcd Authenticate a user. Self-contained Naftiko
    capability covering one Etcd business surface.'
  tags:
  - Etcd
  - Auth
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    ETCD_API_KEY: ETCD_API_KEY
capability:
  consumes:
  - type: http
    namespace: http-gateway-auth
    baseUri: http://{host}:{port}/v3
    description: etcd HTTP Gateway API — Auth business capability. Self-contained, no shared references.
    resources:
    - name: auth-authenticate
      path: /auth/authenticate
      operations:
      - name: authauthenticate
        method: POST
        description: Etcd Authenticate a user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: auth-disable
      path: /auth/disable
      operations:
      - name: authdisable
        method: POST
        description: Etcd Disable authentication
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: auth-enable
      path: /auth/enable
      operations:
      - name: authenable
        method: POST
        description: Etcd Enable authentication
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: auth-role-add
      path: /auth/role/add
      operations:
      - name: authroleadd
        method: POST
        description: Etcd Add a role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: auth-role-delete
      path: /auth/role/delete
      operations:
      - name: authroledelete
        method: POST
        description: Etcd Delete a role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: auth-role-get
      path: /auth/role/get
      operations:
      - name: authroleget
        method: POST
        description: Etcd Get role details
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: auth-role-grant
      path: /auth/role/grant
      operations:
      - name: authrolegrantpermission
        method: POST
        description: Etcd Grant a permission to a role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: auth-role-list
      path: /auth/role/list
      operations:
      - name: authrolelist
        method: POST
        description: Etcd List all roles
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: auth-role-revoke
      path: /auth/role/revoke
      operations:
      - name: authrolerevokepermission
        method: POST
        description: Etcd Revoke a permission from a role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: auth-user-add
      path: /auth/user/add
      operations:
      - name: authuseradd
        method: POST
        description: Etcd Add a user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: auth-user-changepw
      path: /auth/user/changepw
      operations:
      - name: authuserchangepassword
        method: POST
        description: Etcd Change a user's password
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: auth-user-delete
      path: /auth/user/delete
      operations:
      - name: authuserdelete
        method: POST
        description: Etcd Delete a user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: auth-user-get
      path: /auth/user/get
      operations:
      - name: authuserget
        method: POST
        description: Etcd Get user details
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: auth-user-grant
      path: /auth/user/grant
      operations:
      - name: authusergrantrole
        method: POST
        description: Etcd Grant a role to a user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: auth-user-list
      path: /auth/user/list
      operations:
      - name: authuserlist
        method: POST
        description: Etcd List all users
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: auth-user-revoke
      path: /auth/user/revoke
      operations:
      - name: authuserrevokerole
        method: POST
        description: Etcd Revoke a role from a user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    authentication:
      type: bearer
      token: '{{env.ETCD_API_KEY}}'
  exposes:
  - type: rest
    namespace: http-gateway-auth-rest
    port: 8080
    description: REST adapter for etcd HTTP Gateway API — Auth. One Spectral-compliant resource per consumed operation, prefixed
      with /v1.
    resources:
    - path: /v1/auth/authenticate
      name: auth-authenticate
      description: REST surface for auth-authenticate.
      operations:
      - method: POST
        name: authauthenticate
        description: Etcd Authenticate a user
        call: http-gateway-auth.authauthenticate
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/disable
      name: auth-disable
      description: REST surface for auth-disable.
      operations:
      - method: POST
        name: authdisable
        description: Etcd Disable authentication
        call: http-gateway-auth.authdisable
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/enable
      name: auth-enable
      description: REST surface for auth-enable.
      operations:
      - method: POST
        name: authenable
        description: Etcd Enable authentication
        call: http-gateway-auth.authenable
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/role/add
      name: auth-role-add
      description: REST surface for auth-role-add.
      operations:
      - method: POST
        name: authroleadd
        description: Etcd Add a role
        call: http-gateway-auth.authroleadd
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/role/delete
      name: auth-role-delete
      description: REST surface for auth-role-delete.
      operations:
      - method: POST
        name: authroledelete
        description: Etcd Delete a role
        call: http-gateway-auth.authroledelete
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/role/get
      name: auth-role-get
      description: REST surface for auth-role-get.
      operations:
      - method: POST
        name: authroleget
        description: Etcd Get role details
        call: http-gateway-auth.authroleget
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/role/grant
      name: auth-role-grant
      description: REST surface for auth-role-grant.
      operations:
      - method: POST
        name: authrolegrantpermission
        description: Etcd Grant a permission to a role
        call: http-gateway-auth.authrolegrantpermission
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/role/list
      name: auth-role-list
      description: REST surface for auth-role-list.
      operations:
      - method: POST
        name: authrolelist
        description: Etcd List all roles
        call: http-gateway-auth.authrolelist
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/role/revoke
      name: auth-role-revoke
      description: REST surface for auth-role-revoke.
      operations:
      - method: POST
        name: authrolerevokepermission
        description: Etcd Revoke a permission from a role
        call: http-gateway-auth.authrolerevokepermission
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/user/add
      name: auth-user-add
      description: REST surface for auth-user-add.
      operations:
      - method: POST
        name: authuseradd
        description: Etcd Add a user
        call: http-gateway-auth.authuseradd
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/user/changepw
      name: auth-user-changepw
      description: REST surface for auth-user-changepw.
      operations:
      - method: POST
        name: authuserchangepassword
        description: Etcd Change a user's password
        call: http-gateway-auth.authuserchangepassword
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/user/delete
      name: auth-user-delete
      description: REST surface for auth-user-delete.
      operations:
      - method: POST
        name: authuserdelete
        description: Etcd Delete a user
        call: http-gateway-auth.authuserdelete
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/user/get
      name: auth-user-get
      description: REST surface for auth-user-get.
      operations:
      - method: POST
        name: authuserget
        description: Etcd Get user details
        call: http-gateway-auth.authuserget
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/user/grant
      name: auth-user-grant
      description: REST surface for auth-user-grant.
      operations:
      - method: POST
        name: authusergrantrole
        description: Etcd Grant a role to a user
        call: http-gateway-auth.authusergrantrole
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/user/list
      name: auth-user-list
      description: REST surface for auth-user-list.
      operations:
      - method: POST
        name: authuserlist
        description: Etcd List all users
        call: http-gateway-auth.authuserlist
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/user/revoke
      name: auth-user-revoke
      description: REST surface for auth-user-revoke.
      operations:
      - method: POST
        name: authuserrevokerole
        description: Etcd Revoke a role from a user
        call: http-gateway-auth.authuserrevokerole
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: http-gateway-auth-mcp
    port: 9090
    transport: http
    description: MCP adapter for etcd HTTP Gateway API — Auth. One tool per consumed operation, routed inline through this
      capability's consumes block.
    tools:
    - name: etcd-authenticate-user
      description: Etcd Authenticate a user
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: http-gateway-auth.authauthenticate
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: etcd-disable-authentication
      description: Etcd Disable authentication
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: http-gateway-auth.authdisable
      outputParameters:
      - type: object
        mapping: $.
    - name: etcd-enable-authentication
      description: Etcd Enable authentication
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: http-gateway-auth.authenable
      outputParameters:
      - type: object
        mapping: $.
    - name: etcd-add-role
      description: Etcd Add a role
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: http-gateway-auth.authroleadd
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: etcd-delete-role
      description: Etcd Delete a role
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: http-gateway-auth.authroledelete
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: etcd-get-role-details
      description: Etcd Get role details
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: http-gateway-auth.authroleget
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: etcd-grant-permission-role
      description: Etcd Grant a permission to a role
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: http-gateway-auth.authrolegrantpermission
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: etcd-list-all-roles
      description: Etcd List all roles
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: http-gateway-auth.authrolelist
      outputParameters:
      - type: object
        mapping: $.
    - name: etcd-revoke-permission-role
      description: Etcd Revoke a permission from a role
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: http-gateway-auth.authrolerevokepermission
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: etcd-add-user
      description: Etcd Add a user
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: http-gateway-auth.authuseradd
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: etcd-change-user-s-password
      description: Etcd Change a user's password
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: http-gateway-auth.authuserchangepassword
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: etcd-delete-user
      description: Etcd Delete a user
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: http-gateway-auth.authuserdelete
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: etcd-get-user-details
      description: Etcd Get user details
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: http-gateway-auth.authuserget
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: etcd-grant-role-user
      description: Etcd Grant a role to a user
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: http-gateway-auth.authusergrantrole
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: etcd-list-all-users
      description: Etcd List all users
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: http-gateway-auth.authuserlist
      outputParameters:
      - type: object
        mapping: $.
    - name: etcd-revoke-role-user
      description: Etcd Revoke a role from a user
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: http-gateway-auth.authuserrevokerole
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.