# Memberships ## CreateMembership `groups.memberships.create(MembershipCreateParams**kwargs) -> MembershipCreateResponse` **post** `/gitpod.v1.GroupService/CreateMembership` Creates a membership for a user in a group. Use this method to: - Add users to groups - Grant group-based permissions to users ### Examples - Add a user to a group: Creates a membership for a user in a group. ```yaml groupId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" subject: id: "f53d2330-3795-4c5d-a1f3-453121af9c60" principal: PRINCIPAL_USER ``` ### Authorization Requires `org:admin` permission on the organization or `group:admin` permission on the specific group. ### Parameters - `group_id: Optional[str]` - `subject: Optional[Subject]` Subject to add to the group - `id: Optional[str]` id is the UUID of the subject - `principal: Optional[Principal]` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` ### Returns - `class MembershipCreateResponse: …` - `member: Optional[GroupMembership]` GroupMembership represents a subject's membership in a group - `id: Optional[str]` Unique identifier for the group membership - `avatar_url: Optional[str]` Subject's avatar URL - `group_id: Optional[str]` Group identifier - `name: Optional[str]` Subject's display name - `subject: Optional[Subject]` Subject (user, runner, environment, service account, etc.) - `id: Optional[str]` id is the UUID of the subject - `principal: Optional[Principal]` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` ### Example ```python import os from gitpod import Gitpod client = Gitpod( bearer_token=os.environ.get("GITPOD_API_KEY"), # This is the default and can be omitted ) membership = client.groups.memberships.create( group_id="d2c94c27-3b76-4a42-b88c-95a85e392c68", subject={ "id": "f53d2330-3795-4c5d-a1f3-453121af9c60", "principal": "PRINCIPAL_USER", }, ) print(membership.member) ``` #### Response ```json { "member": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "avatarUrl": "avatarUrl", "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "name", "subject": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "principal": "PRINCIPAL_UNSPECIFIED" } } } ``` ## DeleteMembership `groups.memberships.delete(MembershipDeleteParams**kwargs) -> object` **post** `/gitpod.v1.GroupService/DeleteMembership` Deletes a membership for a user in a group. Use this method to: - Remove users from groups - Revoke group-based permissions ### Examples - Remove a user from a group: Deletes a membership by its ID. ```yaml membershipId: "a1b2c3d4-5678-90ab-cdef-1234567890ab" ``` ### Authorization Requires `org:admin` permission on the organization or `group:admin` permission on the specific group. ### Parameters - `membership_id: Optional[str]` The membership to delete ### Returns - `object` ### Example ```python import os from gitpod import Gitpod client = Gitpod( bearer_token=os.environ.get("GITPOD_API_KEY"), # This is the default and can be omitted ) membership = client.groups.memberships.delete( membership_id="a1b2c3d4-5678-90ab-cdef-1234567890ab", ) print(membership) ``` #### Response ```json {} ``` ## ListMemberships `groups.memberships.list(MembershipListParams**kwargs) -> SyncMembersPage[GroupMembership]` **post** `/gitpod.v1.GroupService/ListMemberships` Lists all memberships of a group. Use this method to: - View all members of a group - Audit group membership ### Examples - List group members: Shows all members of a specific group. ```yaml groupId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" pagination: pageSize: 20 ``` ### Authorization All organization members can view group membership (transparency model). ### Parameters - `token: Optional[str]` - `page_size: Optional[int]` - `filter: Optional[Filter]` filter contains options for filtering the list of memberships. - `search: Optional[str]` search performs case-insensitive search across member name, email, ID, and service account name and description - `group_id: Optional[str]` - `pagination: Optional[Pagination]` pagination contains the pagination options for listing memberships - `token: Optional[str]` Token for the next set of results that was returned as next_token of a PaginationResponse - `page_size: Optional[int]` Page size is the maximum number of results to retrieve per page. Defaults to 25. Maximum 100. ### Returns - `class GroupMembership: …` GroupMembership represents a subject's membership in a group - `id: Optional[str]` Unique identifier for the group membership - `avatar_url: Optional[str]` Subject's avatar URL - `group_id: Optional[str]` Group identifier - `name: Optional[str]` Subject's display name - `subject: Optional[Subject]` Subject (user, runner, environment, service account, etc.) - `id: Optional[str]` id is the UUID of the subject - `principal: Optional[Principal]` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` ### Example ```python import os from gitpod import Gitpod client = Gitpod( bearer_token=os.environ.get("GITPOD_API_KEY"), # This is the default and can be omitted ) page = client.groups.memberships.list( group_id="d2c94c27-3b76-4a42-b88c-95a85e392c68", pagination={ "page_size": 20 }, ) page = page.members[0] print(page.id) ``` #### Response ```json { "members": [ { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "avatarUrl": "avatarUrl", "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "name", "subject": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "principal": "PRINCIPAL_UNSPECIFIED" } } ], "pagination": { "nextToken": "nextToken" } } ``` ## GetMembership `groups.memberships.retrieve(MembershipRetrieveParams**kwargs) -> MembershipRetrieveResponse` **post** `/gitpod.v1.GroupService/GetMembership` Gets a specific membership by group ID and subject. Use this method to: - Check if a user or service account is a member of a group - Verify group membership for access control ### Examples - Check user membership: Checks if a user is a member of a specific group. ```yaml groupId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" subject: id: "f53d2330-3795-4c5d-a1f3-453121af9c60" principal: PRINCIPAL_USER ``` ### Authorization All organization members can check group membership (transparency model). ### Parameters - `subject: Subject` Subject to check membership for - `id: Optional[str]` id is the UUID of the subject - `principal: Optional[Principal]` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` - `group_id: Optional[str]` ### Returns - `class MembershipRetrieveResponse: …` - `member: Optional[GroupMembership]` The membership if found, nil if subject is not a member - `id: Optional[str]` Unique identifier for the group membership - `avatar_url: Optional[str]` Subject's avatar URL - `group_id: Optional[str]` Group identifier - `name: Optional[str]` Subject's display name - `subject: Optional[Subject]` Subject (user, runner, environment, service account, etc.) - `id: Optional[str]` id is the UUID of the subject - `principal: Optional[Principal]` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` ### Example ```python import os from gitpod import Gitpod client = Gitpod( bearer_token=os.environ.get("GITPOD_API_KEY"), # This is the default and can be omitted ) membership = client.groups.memberships.retrieve( subject={ "id": "f53d2330-3795-4c5d-a1f3-453121af9c60", "principal": "PRINCIPAL_USER", }, group_id="d2c94c27-3b76-4a42-b88c-95a85e392c68", ) print(membership.member) ``` #### Response ```json { "member": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "avatarUrl": "avatarUrl", "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "name", "subject": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "principal": "PRINCIPAL_UNSPECIFIED" } } } ``` ## Domain Types ### Group Membership - `class GroupMembership: …` GroupMembership represents a subject's membership in a group - `id: Optional[str]` Unique identifier for the group membership - `avatar_url: Optional[str]` Subject's avatar URL - `group_id: Optional[str]` Group identifier - `name: Optional[str]` Subject's display name - `subject: Optional[Subject]` Subject (user, runner, environment, service account, etc.) - `id: Optional[str]` id is the UUID of the subject - `principal: Optional[Principal]` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` ### Membership Create Response - `class MembershipCreateResponse: …` - `member: Optional[GroupMembership]` GroupMembership represents a subject's membership in a group - `id: Optional[str]` Unique identifier for the group membership - `avatar_url: Optional[str]` Subject's avatar URL - `group_id: Optional[str]` Group identifier - `name: Optional[str]` Subject's display name - `subject: Optional[Subject]` Subject (user, runner, environment, service account, etc.) - `id: Optional[str]` id is the UUID of the subject - `principal: Optional[Principal]` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` ### Membership Retrieve Response - `class MembershipRetrieveResponse: …` - `member: Optional[GroupMembership]` The membership if found, nil if subject is not a member - `id: Optional[str]` Unique identifier for the group membership - `avatar_url: Optional[str]` Subject's avatar URL - `group_id: Optional[str]` Group identifier - `name: Optional[str]` Subject's display name - `subject: Optional[Subject]` Subject (user, runner, environment, service account, etc.) - `id: Optional[str]` id is the UUID of the subject - `principal: Optional[Principal]` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"`