# Memberships ## CreateMembership `client.groups.memberships.create(MembershipCreateParamsbody, RequestOptionsoptions?): MembershipCreateResponse` **post** `/gitpod.v1.GroupService/CreateMembership` Creates a membership for a user in a group. Use this method to: - Add users to groups - Grant group-based permissions to users ### Examples - Add a user to a group: Creates a membership for a user in a group. ```yaml groupId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" subject: id: "f53d2330-3795-4c5d-a1f3-453121af9c60" principal: PRINCIPAL_USER ``` ### Authorization Requires `org:admin` permission on the organization or `group:admin` permission on the specific group. ### Parameters - `body: MembershipCreateParams` - `groupId?: string` - `subject?: Subject` Subject to add to the group - `id?: string` id is the UUID of the subject - `principal?: Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` ### Returns - `MembershipCreateResponse` - `member?: GroupMembership` GroupMembership represents a subject's membership in a group - `id?: string` Unique identifier for the group membership - `avatarUrl?: string` Subject's avatar URL - `groupId?: string` Group identifier - `name?: string` Subject's display name - `subject?: Subject` Subject (user, runner, environment, service account, etc.) - `id?: string` id is the UUID of the subject - `principal?: Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` ### Example ```typescript import Gitpod from '@gitpod/sdk'; const client = new Gitpod({ bearerToken: process.env['GITPOD_API_KEY'], // This is the default and can be omitted }); const membership = await client.groups.memberships.create({ groupId: 'd2c94c27-3b76-4a42-b88c-95a85e392c68', subject: { id: 'f53d2330-3795-4c5d-a1f3-453121af9c60', principal: 'PRINCIPAL_USER' }, }); console.log(membership.member); ``` #### Response ```json { "member": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "avatarUrl": "avatarUrl", "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "name", "subject": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "principal": "PRINCIPAL_UNSPECIFIED" } } } ``` ## DeleteMembership `client.groups.memberships.delete(MembershipDeleteParamsbody, RequestOptionsoptions?): MembershipDeleteResponse` **post** `/gitpod.v1.GroupService/DeleteMembership` Deletes a membership for a user in a group. Use this method to: - Remove users from groups - Revoke group-based permissions ### Examples - Remove a user from a group: Deletes a membership by its ID. ```yaml membershipId: "a1b2c3d4-5678-90ab-cdef-1234567890ab" ``` ### Authorization Requires `org:admin` permission on the organization or `group:admin` permission on the specific group. ### Parameters - `body: MembershipDeleteParams` - `membershipId?: string` The membership to delete ### Returns - `MembershipDeleteResponse = unknown` Empty response ### Example ```typescript import Gitpod from '@gitpod/sdk'; const client = new Gitpod({ bearerToken: process.env['GITPOD_API_KEY'], // This is the default and can be omitted }); const membership = await client.groups.memberships.delete({ membershipId: 'a1b2c3d4-5678-90ab-cdef-1234567890ab', }); console.log(membership); ``` #### Response ```json {} ``` ## ListMemberships `client.groups.memberships.list(MembershipListParamsparams, RequestOptionsoptions?): MembersPage` **post** `/gitpod.v1.GroupService/ListMemberships` Lists all memberships of a group. Use this method to: - View all members of a group - Audit group membership ### Examples - List group members: Shows all members of a specific group. ```yaml groupId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" pagination: pageSize: 20 ``` ### Authorization All organization members can view group membership (transparency model). ### Parameters - `params: MembershipListParams` - `token?: string` Query param - `pageSize?: number` Query param - `filter?: Filter` Body param: filter contains options for filtering the list of memberships. - `search?: string` search performs case-insensitive search across member name, email, ID, and service account name and description - `groupId?: string` Body param - `pagination?: Pagination` Body param: pagination contains the pagination options for listing memberships - `token?: string` Token for the next set of results that was returned as next_token of a PaginationResponse - `pageSize?: number` Page size is the maximum number of results to retrieve per page. Defaults to 25. Maximum 100. ### Returns - `GroupMembership` GroupMembership represents a subject's membership in a group - `id?: string` Unique identifier for the group membership - `avatarUrl?: string` Subject's avatar URL - `groupId?: string` Group identifier - `name?: string` Subject's display name - `subject?: Subject` Subject (user, runner, environment, service account, etc.) - `id?: string` id is the UUID of the subject - `principal?: Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` ### Example ```typescript import Gitpod from '@gitpod/sdk'; const client = new Gitpod({ bearerToken: process.env['GITPOD_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const groupMembership of client.groups.memberships.list({ groupId: 'd2c94c27-3b76-4a42-b88c-95a85e392c68', pagination: { pageSize: 20 }, })) { console.log(groupMembership.id); } ``` #### Response ```json { "members": [ { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "avatarUrl": "avatarUrl", "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "name", "subject": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "principal": "PRINCIPAL_UNSPECIFIED" } } ], "pagination": { "nextToken": "nextToken" } } ``` ## GetMembership `client.groups.memberships.retrieve(MembershipRetrieveParamsbody, RequestOptionsoptions?): MembershipRetrieveResponse` **post** `/gitpod.v1.GroupService/GetMembership` Gets a specific membership by group ID and subject. Use this method to: - Check if a user or service account is a member of a group - Verify group membership for access control ### Examples - Check user membership: Checks if a user is a member of a specific group. ```yaml groupId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" subject: id: "f53d2330-3795-4c5d-a1f3-453121af9c60" principal: PRINCIPAL_USER ``` ### Authorization All organization members can check group membership (transparency model). ### Parameters - `body: MembershipRetrieveParams` - `subject: Subject` Subject to check membership for - `id?: string` id is the UUID of the subject - `principal?: Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` - `groupId?: string` ### Returns - `MembershipRetrieveResponse` - `member?: GroupMembership` The membership if found, nil if subject is not a member - `id?: string` Unique identifier for the group membership - `avatarUrl?: string` Subject's avatar URL - `groupId?: string` Group identifier - `name?: string` Subject's display name - `subject?: Subject` Subject (user, runner, environment, service account, etc.) - `id?: string` id is the UUID of the subject - `principal?: Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` ### Example ```typescript import Gitpod from '@gitpod/sdk'; const client = new Gitpod({ bearerToken: process.env['GITPOD_API_KEY'], // This is the default and can be omitted }); const membership = await client.groups.memberships.retrieve({ subject: { id: 'f53d2330-3795-4c5d-a1f3-453121af9c60', principal: 'PRINCIPAL_USER' }, groupId: 'd2c94c27-3b76-4a42-b88c-95a85e392c68', }); console.log(membership.member); ``` #### Response ```json { "member": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "avatarUrl": "avatarUrl", "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "name", "subject": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "principal": "PRINCIPAL_UNSPECIFIED" } } } ``` ## Domain Types ### Group Membership - `GroupMembership` GroupMembership represents a subject's membership in a group - `id?: string` Unique identifier for the group membership - `avatarUrl?: string` Subject's avatar URL - `groupId?: string` Group identifier - `name?: string` Subject's display name - `subject?: Subject` Subject (user, runner, environment, service account, etc.) - `id?: string` id is the UUID of the subject - `principal?: Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` ### Membership Create Response - `MembershipCreateResponse` - `member?: GroupMembership` GroupMembership represents a subject's membership in a group - `id?: string` Unique identifier for the group membership - `avatarUrl?: string` Subject's avatar URL - `groupId?: string` Group identifier - `name?: string` Subject's display name - `subject?: Subject` Subject (user, runner, environment, service account, etc.) - `id?: string` id is the UUID of the subject - `principal?: Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` ### Membership Delete Response - `MembershipDeleteResponse = unknown` Empty response ### Membership Retrieve Response - `MembershipRetrieveResponse` - `member?: GroupMembership` The membership if found, nil if subject is not a member - `id?: string` Unique identifier for the group membership - `avatarUrl?: string` Subject's avatar URL - `groupId?: string` Group identifier - `name?: string` Subject's display name - `subject?: Subject` Subject (user, runner, environment, service account, etc.) - `id?: string` id is the UUID of the subject - `principal?: Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"`