diff --git a/README.md b/README.md index 7f91196..6425d44 100644 --- a/README.md +++ b/README.md @@ -82,8 +82,8 @@ Class | Method | HTTP request | Description *AccessRulesAPI* | [**CreateAccessRule**](docs/AccessRulesAPI.md#createaccessrule) | **Post** /access-rules | *AccessRulesAPI* | [**GetAccessRule**](docs/AccessRulesAPI.md#getaccessrule) | **Get** /access-rules/{access_rule_id} | *AccessRulesAPI* | [**UpdateAccessRule**](docs/AccessRulesAPI.md#updateaccessrule) | **Put** /access-rules/{access_rule_id} | -*AppsAPI* | [**GetApp**](docs/AppsAPI.md#getapp) | **Get** /apps/{app_id} | -*AppsAPI* | [**GetApps**](docs/AppsAPI.md#getapps) | **Get** /apps | +*AppsAPI* | [**GetApp**](docs/AppsAPI.md#getapp) | **Get** /apps/{app_id} | Get app by ID +*AppsAPI* | [**GetApps**](docs/AppsAPI.md#getapps) | **Get** /apps | Get apps *AppsAPI* | [**GetSyncErrors**](docs/AppsAPI.md#getsyncerrors) | **Get** /sync_errors | *BundlesAPI* | [**AddBundleGroup**](docs/BundlesAPI.md#addbundlegroup) | **Post** /bundles/{bundle_id}/groups | *BundlesAPI* | [**AddBundleResource**](docs/BundlesAPI.md#addbundleresource) | **Post** /bundles/{bundle_id}/resources | @@ -104,8 +104,8 @@ Class | Method | HTTP request | Description *ConfigurationTemplatesAPI* | [**UpdateConfigurationTemplate**](docs/ConfigurationTemplatesAPI.md#updateconfigurationtemplate) | **Put** /configuration-templates | *DelegationsAPI* | [**CreateDelegation**](docs/DelegationsAPI.md#createdelegation) | **Post** /delegations | *DelegationsAPI* | [**DeleteDelegation**](docs/DelegationsAPI.md#deletedelegation) | **Delete** /delegations/{delegation_id} | -*DelegationsAPI* | [**GetDelegation**](docs/DelegationsAPI.md#getdelegation) | **Get** /delegations/{delegation_id} | -*DelegationsAPI* | [**GetDelegations**](docs/DelegationsAPI.md#getdelegations) | **Get** /delegations | +*DelegationsAPI* | [**GetDelegation**](docs/DelegationsAPI.md#getdelegation) | **Get** /delegations/{delegation_id} | Get delegation by ID +*DelegationsAPI* | [**GetDelegations**](docs/DelegationsAPI.md#getdelegations) | **Get** /delegations | Get delegations *EventsAPI* | [**Events**](docs/EventsAPI.md#events) | **Get** /events | *GroupBindingsAPI* | [**CreateGroupBinding**](docs/GroupBindingsAPI.md#creategroupbinding) | **Post** /group-bindings | *GroupBindingsAPI* | [**DeleteGroupBinding**](docs/GroupBindingsAPI.md#deletegroupbinding) | **Delete** /group-bindings/{group_binding_id} | diff --git a/api/openapi.yaml b/api/openapi.yaml index edb0f4c..e0abf6a 100644 --- a/api/openapi.yaml +++ b/api/openapi.yaml @@ -4,81 +4,82 @@ info: email: hello@opal.dev name: Opal Team url: https://www.opal.dev/ - description: The Opal API is a RESTful API that allows you to interact with the - Opal Security platform programmatically. + description: The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. title: Opal API version: "1.0" servers: -- description: Production - url: https://api.opal.dev/v1 + - description: Production + url: https://api.opal.dev/v1 +# keep tags alphabetized, also add any new tags to the list below tags: -- description: Operations related to access rules - name: access-rules -- description: Operations related to apps - name: apps -- description: Operations related to bundles - name: bundles -- description: Operations related to configuration templates - name: configuration-templates -- description: Operations related to request reviewer delegations - name: delegations -- description: Operations related to events - name: events -- description: Operations related to groups - name: groups -- description: Operations related to group bindings - name: group-bindings -- description: Operations related to IDP group mappings - name: idp-group-mappings -- description: Operations related to message channels - name: message-channels -- description: Operations related to non-human identities - name: non-human-identities -- description: Operations related to on-call schedules - name: on-call-schedules -- description: Operations related to owners - name: owners -- description: Operations related to requests - name: requests -- description: Operations related to resources - name: resources -- description: Operations related to sessions - name: sessions -- description: Operations related to tags - name: tags -- description: Operations related to UARs - name: uars -- description: Operations related to users - name: users + - name: access-rules + description: Operations related to access rules + - name: apps + description: Operations related to apps + - name: bundles + description: Operations related to bundles + - name: configuration-templates + description: Operations related to configuration templates + - name: delegations + description: Operations related to request reviewer delegations + - name: events + description: Operations related to events + - name: groups + description: Operations related to groups + - name: group-bindings + description: Operations related to group bindings + - name: idp-group-mappings + description: Operations related to IDP group mappings + - name: message-channels + description: Operations related to message channels + - name: non-human-identities + description: Operations related to non-human identities + - name: on-call-schedules + description: Operations related to on-call schedules + - name: owners + description: Operations related to owners + - name: requests + description: Operations related to requests + - name: resources + description: Operations related to resources + - name: sessions + description: Operations related to sessions + - name: tags + description: Operations related to tags + - name: uars + description: Operations related to UARs + - name: users + description: Operations related to users paths: /apps: get: + summary: Get apps description: Returns a list of `App` objects. operationId: getApps parameters: - - description: A list of app types to filter by. - example: - - OKTA_DIRECTORY - - GIT_HUB - explode: false - in: query - name: app_type_filter - required: false - schema: - items: - $ref: "#/components/schemas/AppTypeEnum" - type: array - style: form - - description: An owner ID to filter by. - example: 29827fb8-f2dd-4e80-9576-28e31e9934ac - explode: true - in: query - name: owner_filter - required: false - schema: - format: uuid - type: string - style: form + - description: A list of app types to filter by. + example: + - OKTA_DIRECTORY + - GIT_HUB + explode: false + in: query + name: app_type_filter + required: false + schema: + items: + $ref: "#/components/schemas/AppTypeEnum" + type: array + style: form + - description: An owner ID to filter by. + example: 29827fb8-f2dd-4e80-9576-28e31e9934ac + explode: true + in: query + name: owner_filter + required: false + schema: + format: uuid + type: string + style: form responses: "200": content: @@ -87,24 +88,25 @@ paths: $ref: "#/components/schemas/AppsList" description: A list of apps for your organization. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - apps + - apps /apps/{app_id}: get: + summary: Get app by ID description: Returns an `App` object. operationId: getApp parameters: - - description: The ID of the app. - example: 32acc112-21ff-4669-91c2-21e27683eaa1 - explode: true - in: path - name: app_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the app. + example: 32acc112-21ff-4669-91c2-21e27683eaa1 + explode: true + in: path + name: app_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -113,111 +115,89 @@ paths: $ref: "#/components/schemas/App" description: The requested `App`. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - apps + - apps /bundles: get: + summary: Get bundles description: Returns a list of `Bundle` objects. operationId: getBundles parameters: - - description: "The maximum number of bundles to return from the beginning of\ - \ the list. Default is 200, max is 1000." - example: 200 - explode: true - in: query - name: page_size - required: false - schema: - type: integer - style: form - - description: A cursor indicating where to start fetching items after a specific - point. - example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - explode: true - in: query - name: cursor - required: false - schema: - type: string - style: form - - description: A filter for the bundle name. - example: Engineering - explode: true - in: query - name: contains - required: false - schema: - type: string - style: form + - description: The maximum number of bundles to return from the beginning of the list. Default is 200, max is 1000. + example: 200 + explode: true + in: query + name: page_size + required: false + schema: + type: integer + style: form + - description: A cursor indicating where to start fetching items after a specific point. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: + type: string + style: form + - description: A filter for the bundle name. + example: Engineering + explode: true + in: query + name: contains + required: false + schema: + type: string + style: form responses: "200": + description: A list of bundles for your organization. content: application/json: schema: $ref: "#/components/schemas/PaginatedBundleList" - description: A list of bundles for your organization. security: - - BearerAuth: [] - summary: Get bundles + - BearerAuth: [] tags: - - bundles + - bundles post: description: Creates a bundle. operationId: createBundle requestBody: + required: true content: application/json: schema: $ref: "#/components/schemas/CreateBundleInfo" - required: true responses: "201": + description: The bundle successfully created. content: application/json: schema: $ref: "#/components/schemas/Bundle" - description: The bundle successfully created. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - bundles + - bundles /bundles/{bundle_id}: - delete: - description: Deletes a bundle. - operationId: deleteBundle - parameters: - - description: The ID of the bundle. - example: 32acc112-21ff-4669-91c2-21e27683eaa1 - explode: true - in: path - name: bundle_id - required: true - schema: - format: uuid - type: string - style: simple - responses: - "200": - description: The bundle was successfully deleted. - security: - - BearerAuth: [] - tags: - - bundles get: + summary: Get bundle by ID description: Returns a `Bundle` object. operationId: getBundle parameters: - - description: The ID of the bundle. - example: 32acc112-21ff-4669-91c2-21e27683eaa1 - explode: true - in: path - name: bundle_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the bundle. + example: 32acc112-21ff-4669-91c2-21e27683eaa1 + explode: true + in: path + name: bundle_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -226,78 +206,94 @@ paths: $ref: "#/components/schemas/Bundle" description: The requested `Bundle`. security: - - BearerAuth: [] - summary: Get bundle by ID + - BearerAuth: [] + tags: + - bundles + delete: + description: Deletes a bundle. + operationId: deleteBundle + parameters: + - description: The ID of the bundle. + example: 32acc112-21ff-4669-91c2-21e27683eaa1 + explode: true + in: path + name: bundle_id + required: true + schema: + format: uuid + type: string + style: simple + responses: + "200": + description: The bundle was successfully deleted. + security: + - BearerAuth: [] tags: - - bundles + - bundles put: description: Updates a bundle. operationId: updateBundle parameters: - - description: The ID of the bundle to be updated. - example: 32acc112-21ff-4669-91c2-21e27683eaa1 - explode: false - in: path - name: bundle_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the bundle to be updated. + example: 32acc112-21ff-4669-91c2-21e27683eaa1 + in: path + name: bundle_id + required: true + schema: + format: uuid + type: string + style: simple requestBody: + required: true content: application/json: schema: $ref: "#/components/schemas/Bundle" - required: true responses: "200": + description: The bundle was successfully updated. content: application/json: schema: $ref: "#/components/schemas/Bundle" - description: The bundle was successfully updated. "204": description: No changes detected (no-op) security: - - BearerAuth: [] + - BearerAuth: [] tags: - - bundles + - bundles /bundles/{bundle_id}/resources: get: description: Returns a list of `Resource` objects in a given bundle. operationId: getBundleResources parameters: - - description: The ID of the bundle. - example: 32acc112-21ff-4669-91c2-21e27683eaa1 - explode: false - in: path - name: bundle_id - required: true - schema: - format: uuid - type: string - style: simple - - description: "The maximum number of resources to return from the beginning\ - \ of the list. Default is 200, max is 1000." - example: 200 - explode: true - in: query - name: page_size - required: false - schema: - type: integer - style: form - - description: A cursor indicating where to start fetching items after a specific - point. - example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - explode: true - in: query - name: cursor - required: false - schema: - type: string - style: form + - description: The ID of the bundle. + example: 32acc112-21ff-4669-91c2-21e27683eaa1 + in: path + name: bundle_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The maximum number of resources to return from the beginning of the list. Default is 200, max is 1000. + example: 200 + explode: true + in: query + name: page_size + required: false + schema: + type: integer + style: form + - description: A cursor indicating where to start fetching items after a specific point. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: + type: string + style: form responses: "200": content: @@ -306,29 +302,42 @@ paths: $ref: "#/components/schemas/PaginatedBundleResourceList" description: A list of resources for the bundle. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - bundles + - bundles post: description: Adds a resource to a bundle. operationId: addBundleResource parameters: - - description: The ID of the bundle. - example: 32acc112-21ff-4669-91c2-21e27683eaa1 - explode: false - in: path - name: bundle_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the bundle. + example: 32acc112-21ff-4669-91c2-21e27683eaa1 + in: path + name: bundle_id + required: true + schema: + format: uuid + type: string requestBody: + required: false content: application/json: schema: - $ref: "#/components/schemas/addBundleResource_request" - required: false + properties: + resource_id: + description: The ID of the resource to add. + example: 72e75a6f-7183-48c5-94ff-6013f213314b + format: uuid + type: string + access_level_remote_id: + description: The remote ID of the access level to grant to this user. Required if the resource being added requires an access level. If omitted, the default access level remote ID value (empty string) is used. + example: arn:aws:iam::590304332660:role/AdministratorAccess + type: string + access_level_name: + description: The name of the access level to grant to this user. If omitted, the default access level name value (empty string) is used. + example: AdministratorAccess + type: string + required: + - resource_id responses: "201": content: @@ -337,86 +346,78 @@ paths: $ref: "#/components/schemas/BundleResource" description: Resource was successfully added to the bundle. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - bundles + - bundles /bundles/{bundle_id}/resources/{resource_id}: delete: description: Removes a resource from a bundle. operationId: removeBundleResource parameters: - - description: The ID of the bundle. - example: 32acc112-21ff-4669-91c2-21e27683eaa1 - explode: false - in: path - name: bundle_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The ID of the resource to remove. - example: 72e75a6f-7183-48c5-94ff-6013f213314b - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple - - description: "The remote ID of the access level to grant. If omitted, the\ - \ default access level remote ID value (empty string) is used." - example: arn:aws:iam::590304332660:role/AdministratorAccess - explode: true - in: query - name: access_level_remote_id - required: false - schema: - type: string - style: form + - description: The ID of the bundle. + example: 32acc112-21ff-4669-91c2-21e27683eaa1 + in: path + name: bundle_id + required: true + schema: + format: uuid + type: string + - description: The ID of the resource to remove. + example: 72e75a6f-7183-48c5-94ff-6013f213314b + in: path + name: resource_id + required: true + schema: + format: uuid + type: string + - description: The remote ID of the access level to grant. If omitted, the default access level remote ID value (empty string) is used. + example: arn:aws:iam::590304332660:role/AdministratorAccess + explode: true + in: query + name: access_level_remote_id + required: false + schema: + type: string + style: form responses: "200": description: Resource was successfully removed from the bundle. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - bundles + - bundles /bundles/{bundle_id}/groups: get: description: Returns a list of `Group` objects in a given bundle. operationId: getBundleGroups parameters: - - description: The ID of the bundle. - example: 32acc112-21ff-4669-91c2-21e27683eaa1 - explode: false - in: path - name: bundle_id - required: true - schema: - format: uuid - type: string - style: simple - - description: "The maximum number of groups to return from the beginning of\ - \ the list. Default is 200, max is 1000." - example: 200 - explode: true - in: query - name: page_size - required: false - schema: - type: integer - style: form - - description: A cursor indicating where to start fetching items after a specific - point. - example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - explode: true - in: query - name: cursor - required: false - schema: - type: string - style: form + - description: The ID of the bundle. + example: 32acc112-21ff-4669-91c2-21e27683eaa1 + in: path + name: bundle_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The maximum number of groups to return from the beginning of the list. Default is 200, max is 1000. + example: 200 + explode: true + in: query + name: page_size + required: false + schema: + type: integer + style: form + - description: A cursor indicating where to start fetching items after a specific point. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: + type: string + style: form responses: "200": content: @@ -425,29 +426,42 @@ paths: $ref: "#/components/schemas/PaginatedBundleGroupList" description: A list of groups for the bundle. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - bundles + - bundles post: description: Adds a group to a bundle. operationId: addBundleGroup parameters: - - description: The ID of the bundle. - example: 32acc112-21ff-4669-91c2-21e27683eaa1 - explode: false - in: path - name: bundle_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the bundle. + example: 32acc112-21ff-4669-91c2-21e27683eaa1 + in: path + name: bundle_id + required: true + schema: + format: uuid + type: string requestBody: + required: true content: application/json: schema: - $ref: "#/components/schemas/addBundleGroup_request" - required: true + properties: + group_id: + description: The ID of the group to add. + example: 72e75a6f-7183-48c5-94ff-6013f213314b + format: uuid + type: string + access_level_remote_id: + description: The remote ID of the access level to grant to this user. Required if the group being added requires an access level. If omitted, the default access level remote ID value (empty string) is used. + example: arn:aws:iam::590304332660:role/AdministratorAccess + type: string + access_level_name: + description: The name of the access level to grant to this user. If omitted, the default access level name value (empty string) is used. + example: AdministratorAccess + type: string + required: + - group_id responses: "201": content: @@ -456,65 +470,60 @@ paths: $ref: "#/components/schemas/BundleGroup" description: Group was successfully added to the bundle. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - bundles + - bundles /bundles/{bundle_id}/groups/{group_id}: delete: description: Removes a group from a bundle. operationId: removeBundleGroup parameters: - - description: The ID of the bundle. - example: 32acc112-21ff-4669-91c2-21e27683eaa1 - explode: false - in: path - name: bundle_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The ID of the group to remove. - example: 72e75a6f-7183-48c5-94ff-6013f213314b - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The remote ID of the access level to remove. - example: arn:aws:iam::590304332660:role/AdministratorAccess - explode: true - in: query - name: access_level_remote_id - required: false - schema: - type: string - style: form + - description: The ID of the bundle. + example: 32acc112-21ff-4669-91c2-21e27683eaa1 + in: path + name: bundle_id + required: true + schema: + format: uuid + type: string + - description: The ID of the group to remove. + example: 72e75a6f-7183-48c5-94ff-6013f213314b + in: path + name: group_id + required: true + schema: + format: uuid + type: string + - description: The remote ID of the access level to remove. + example: arn:aws:iam::590304332660:role/AdministratorAccess + explode: true + in: query + name: access_level_remote_id + required: false + schema: + type: string + style: form responses: "200": description: Group was successfully removed from the bundle. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - bundles + - bundles /bundles/{bundle_id}/visibility: get: description: Gets the visibility of the bundle. operationId: getBundleVisibility parameters: - - description: The ID of the bundle. - example: 32acc112-21ff-4669-91c2-21e27683eaa1 - explode: false - in: path - name: bundle_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the bundle. + example: 32acc112-21ff-4669-91c2-21e27683eaa1 + in: path + name: bundle_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -523,36 +532,35 @@ paths: $ref: "#/components/schemas/VisibilityInfo" description: The visibility details of a bundle. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - bundles + - bundles put: description: Sets the visibility of the bundle. operationId: setBundleVisibility parameters: - - description: The ID of the bundle. - example: 32acc112-21ff-4669-91c2-21e27683eaa1 - explode: false - in: path - name: bundle_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the bundle. + example: 32acc112-21ff-4669-91c2-21e27683eaa1 + in: path + name: bundle_id + required: true + schema: + format: uuid + type: string requestBody: + required: true content: application/json: schema: + description: The visibility details of the bundle. Setting to LIMITED visibility with no visibility groups will make bundle only visible to admins and users with access. $ref: "#/components/schemas/VisibilityInfo" - required: true responses: "200": description: The visibility details of the bundle were successfully set. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - bundles + - bundles /configuration-templates: get: description: Returns a list of `ConfigurationTemplate` objects. @@ -565,18 +573,18 @@ paths: $ref: "#/components/schemas/PaginatedConfigurationTemplateList" description: One page worth of configuration templates for your organization. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - configuration-templates + - configuration-templates post: description: Creates a configuration template. operationId: createConfigurationTemplate requestBody: + required: true content: application/json: schema: $ref: "#/components/schemas/CreateConfigurationTemplateInfo" - required: true responses: "200": content: @@ -585,19 +593,12 @@ paths: $ref: "#/components/schemas/ConfigurationTemplate" description: The configuration template just created. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - configuration-templates + - configuration-templates put: description: Update a configuration template. operationId: updateConfigurationTemplate - requestBody: - content: - application/json: - schema: - $ref: "#/components/schemas/UpdateConfigurationTemplateInfo" - description: Configuration template to be updated - required: true responses: "200": content: @@ -605,125 +606,131 @@ paths: schema: $ref: "#/components/schemas/ConfigurationTemplate" description: The configuration template just updated. + requestBody: + description: Configuration template to be updated + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/UpdateConfigurationTemplateInfo" security: - - BearerAuth: [] + - BearerAuth: [] tags: - - configuration-templates + - configuration-templates /configuration-templates/{configuration_template_id}: delete: description: Deletes a configuration template. operationId: deleteConfigurationTemplate parameters: - - description: The ID of the configuration template. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: configuration_template_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the configuration template. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: configuration_template_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": description: The configuration template was successfully deleted. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - configuration-templates + - configuration-templates /events: get: description: Returns a list of `Event` objects. operationId: events parameters: - - description: A start date filter for the events. - examples: - withDate: - summary: Example with date - value: 2021-11-01 - withDatetime: - summary: Example with date and time in ISO 8601 datetime format. - value: 2025-01-01T00:00:00Z - explode: true - in: query - name: start_date_filter - required: false - schema: - type: string - style: form - - description: An end date filter for the events. - examples: - withDate: - summary: Example with date - value: 2021-11-12 - withDatetime: - summary: Example with date and time in ISO 8601 datetime format. - value: 2025-01-01T00:00:00Z - explode: true - in: query - name: end_date_filter - required: false - schema: - type: string - style: form - - description: An actor filter for the events. Supply the ID of the actor. - example: 29827fb8-f2dd-4e80-9576-28e31e9934ac - explode: true - in: query - name: actor_filter - required: false - schema: - format: uuid - type: string - style: form - - description: An object filter for the events. Supply the ID of the object. - example: 29827fb8-f2dd-4e80-9576-28e31e9934ac - explode: true - in: query - name: object_filter - required: false - schema: - format: uuid - type: string - style: form - - description: An event type filter for the events. - example: USER_MFA_RESET - explode: true - in: query - name: event_type_filter - required: false - schema: - type: string - style: form - - description: An API filter for the events. Supply the name and preview of - the API token. - example: fullaccess:**************************M_g== - explode: true - in: query - name: api_token_filter - required: false - schema: - type: string - style: form - - description: The pagination cursor value. - example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - explode: true - in: query - name: cursor - required: false - schema: - type: string - style: form - - description: Number of results to return per page. Default is 200. - example: 200 - explode: true - in: query - name: page_size - required: false - schema: - maximum: 1000 - type: integer - style: form + - description: A start date filter for the events. + examples: + withDate: + summary: Example with date + value: 2021-11-01 + withDatetime: + summary: Example with date and time in ISO 8601 datetime format. + value: 2025-01-01T00:00:00Z + explode: true + in: query + name: start_date_filter + required: false + schema: + type: string + style: form + - description: An end date filter for the events. + examples: + withDate: + summary: Example with date + value: 2021-11-12 + withDatetime: + summary: Example with date and time in ISO 8601 datetime format. + value: 2025-01-01T00:00:00Z + explode: true + in: query + name: end_date_filter + required: false + schema: + type: string + style: form + - description: An actor filter for the events. Supply the ID of the actor. + example: 29827fb8-f2dd-4e80-9576-28e31e9934ac + explode: true + in: query + name: actor_filter + required: false + schema: + format: uuid + type: string + style: form + - description: An object filter for the events. Supply the ID of the object. + example: 29827fb8-f2dd-4e80-9576-28e31e9934ac + explode: true + in: query + name: object_filter + required: false + schema: + format: uuid + type: string + style: form + - description: An event type filter for the events. + example: USER_MFA_RESET + explode: true + in: query + name: event_type_filter + required: false + schema: + type: string + style: form + - description: An API filter for the events. Supply the name and preview of the API token. + example: fullaccess:**************************M_g== + explode: true + in: query + name: api_token_filter + required: false + schema: + type: string + style: form + - description: The pagination cursor value. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: + type: string + style: form + - description: Number of results to return per page. Default is 200. + example: 200 + explode: true + in: query + name: page_size + required: false + schema: + type: integer + maximum: 1000 + style: form responses: "200": content: @@ -732,66 +739,67 @@ paths: $ref: "#/components/schemas/PaginatedEventList" description: One page worth of events with the appropriate filters applied. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - events + - events /groups: get: + summary: Get groups description: Returns a list of groups for your organization. operationId: getGroups parameters: - - description: The pagination cursor value. - example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - explode: true - in: query - name: cursor - required: false - schema: - type: string - style: form - - description: Number of results to return per page. Default is 200. - example: 200 - explode: true - in: query - name: page_size - required: false - schema: - maximum: 1000 - type: integer - style: form - - description: The group type to filter by. - example: OPAL_GROUP - explode: true - in: query - name: group_type_filter - required: false - schema: - $ref: "#/components/schemas/GroupTypeEnum" - style: form - - description: The group ids to filter by. - example: - - 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - - 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: query - name: group_ids - required: false - schema: - items: - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - format: uuid + - description: The pagination cursor value. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: type: string - type: array - style: form - - description: Group name. - example: example-name - explode: true - in: query - name: group_name - required: false - schema: - type: string - style: form + style: form + - description: Number of results to return per page. Default is 200. + example: 200 + explode: true + in: query + name: page_size + required: false + schema: + type: integer + maximum: 1000 + style: form + - description: The group type to filter by. + example: OPAL_GROUP + explode: true + in: query + name: group_type_filter + required: false + schema: + $ref: "#/components/schemas/GroupTypeEnum" + style: form + - description: The group ids to filter by. + example: + - 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + - 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: query + name: group_ids + required: false + schema: + items: + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + format: uuid + type: string + type: array + style: form + - description: Group name. + example: example-name + explode: true + in: query + name: group_name + required: false + schema: + type: string + style: form responses: "200": content: @@ -800,87 +808,66 @@ paths: $ref: "#/components/schemas/PaginatedGroupsList" description: One page worth groups associated with your organization. security: - - BearerAuth: [] - summary: Get groups + - BearerAuth: [] tags: - - groups - post: - description: "Creates an Opal group or [imports a remote group](https://docs.opal.dev/reference/end-system-objects)." - operationId: createGroup + - groups + put: + description: Bulk updates a list of groups. + operationId: updateGroups requestBody: + description: Groups to be updated + required: true content: application/json: schema: - $ref: "#/components/schemas/CreateGroupInfo" - required: true + $ref: "#/components/schemas/UpdateGroupInfoList" responses: "200": content: application/json: schema: - $ref: "#/components/schemas/Group" - description: The group just created. + $ref: "#/components/schemas/UpdateGroupInfoList" + description: The resulting updated group infos. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - groups - put: - description: Bulk updates a list of groups. - operationId: updateGroups + - groups + post: + description: Creates an Opal group or [imports a remote group](https://docs.opal.dev/reference/end-system-objects). + operationId: createGroup requestBody: + required: true content: application/json: schema: - $ref: "#/components/schemas/UpdateGroupInfoList" - description: Groups to be updated - required: true + $ref: "#/components/schemas/CreateGroupInfo" responses: "200": content: application/json: schema: - $ref: "#/components/schemas/UpdateGroupInfoList" - description: The resulting updated group infos. + $ref: "#/components/schemas/Group" + description: The group just created. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - groups + - groups /groups/{group_id}: - delete: - description: Deletes a group. - operationId: delete_group - parameters: - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple - responses: - "200": - description: The group was successfully deleted. - security: - - BearerAuth: [] - tags: - - groups get: + summary: Get group by ID description: Returns a `Group` object. operationId: getGroup parameters: - - description: The ID of the group. - example: 32acc112-21ff-4669-91c2-21e27683eaa1 - explode: true - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the group. + example: 32acc112-21ff-4669-91c2-21e27683eaa1 + explode: true + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -889,26 +876,45 @@ paths: $ref: "#/components/schemas/Group" description: The requested `Group`. security: - - BearerAuth: [] - summary: Get group by ID + - BearerAuth: [] + tags: + - groups + delete: + description: Deletes a group. + operationId: delete_group + parameters: + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple + responses: + "200": + description: The group was successfully deleted. + security: + - BearerAuth: [] tags: - - groups + - groups /groups/{group_id}/message-channels: get: - description: Gets the list of audit and reviewer message channels attached to - a group. + description: Gets the list of audit and reviewer message channels attached to a group. operationId: get_group_message_channels parameters: - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -917,29 +923,29 @@ paths: $ref: "#/components/schemas/MessageChannelList" description: The audit and reviewer message channels attached to the group. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - groups + - groups put: description: Sets the list of audit message channels attached to a group. operationId: set_group_message_channels parameters: - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple requestBody: + required: true content: application/json: schema: $ref: "#/components/schemas/MessageChannelIDList" - required: true responses: "200": content: @@ -952,24 +958,24 @@ paths: type: array description: The updated audit message channel IDs for the group. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - groups + - groups /groups/{group_id}/on-call-schedules: get: description: Gets the list of on call schedules attached to a group. operationId: get_group_on_call_schedules parameters: - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -978,29 +984,29 @@ paths: $ref: "#/components/schemas/OnCallScheduleList" description: The on call schedules attached to the group. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - groups + - groups put: description: Sets the list of on call schedules attached to a group. operationId: set_group_on_call_schedules parameters: - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple requestBody: + required: true content: application/json: schema: $ref: "#/components/schemas/OnCallScheduleIDList" - required: true responses: "200": content: @@ -1013,24 +1019,24 @@ paths: type: array description: The updated on call schedule IDs for the group. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - groups + - groups /groups/{group_id}/resources: get: description: Gets the list of resources that the group gives access to. operationId: get_group_resources parameters: - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -1039,51 +1045,52 @@ paths: $ref: "#/components/schemas/GroupResourceList" description: The resources that the group gives access to. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - groups + - groups put: description: Sets the list of resources that the group gives access to. operationId: set_group_resources parameters: - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple requestBody: + required: true content: application/json: schema: $ref: "#/components/schemas/UpdateGroupResourcesInfo" - required: true responses: "200": description: The group resource were successfully set. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - groups + - groups /groups/{group_id}/containing-groups: get: + summary: Get nested groups description: Gets the list of groups that the group gives access to. operationId: get_group_containing_groups parameters: - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -1092,30 +1099,29 @@ paths: $ref: "#/components/schemas/GroupContainingGroupList" description: The resources that the group gives access to. security: - - BearerAuth: [] - summary: Get nested groups + - BearerAuth: [] tags: - - groups + - groups post: description: Creates a new containing group. operationId: add_group_containing_group parameters: - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple requestBody: + required: true content: application/json: schema: $ref: "#/components/schemas/GroupContainingGroup" - required: true responses: "200": content: @@ -1124,65 +1130,35 @@ paths: $ref: "#/components/schemas/GroupContainingGroup" description: The created `GroupContainingGroup` object. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - groups + - groups /groups/{group_id}/containing-groups/{containing_group_id}: - delete: - description: Removes a containing group from a group. - operationId: remove_group_containing_group - parameters: - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The ID of the containing group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: containing_group_id - required: true - schema: - format: uuid - type: string - style: simple - responses: - "204": - description: The containing group was successfully removed from the group. - security: - - BearerAuth: [] - tags: - - groups get: + summary: Get nested group by ID description: Gets a specific containing group for a group. operationId: get_group_containing_group parameters: - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The ID of the containing group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: containing_group_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The ID of the containing group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: containing_group_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -1191,52 +1167,95 @@ paths: $ref: "#/components/schemas/GroupContainingGroup" description: The created `GroupContainingGroup` object. security: - - BearerAuth: [] - summary: Get nested group by ID + - BearerAuth: [] + tags: + - groups + delete: + description: Removes a containing group from a group. + operationId: remove_group_containing_group + parameters: + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The ID of the containing group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: containing_group_id + required: true + schema: + format: uuid + type: string + style: simple + responses: + "204": + description: The containing group was successfully removed from the group. + security: + - BearerAuth: [] tags: - - groups + - groups /groups/{group_id}/resources/{resource_id}: post: description: Adds a resource to a group. operationId: add_group_resource parameters: - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The ID of the resource. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple - - deprecated: true - description: "The remote ID of the access level to grant to this user. If\ - \ omitted, the default access level remote ID value (empty string) is used." - example: arn:aws:iam::590304332660:role/AdministratorAccess - explode: true - in: query - name: access_level_remote_id - required: false - schema: - type: string - style: form + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The ID of the resource. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: resource_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The remote ID of the access level to grant to this user. If omitted, the default access level remote ID value (empty string) is used. + example: arn:aws:iam::590304332660:role/AdministratorAccess + explode: true + in: query + name: access_level_remote_id + required: false + schema: + type: string + style: form + deprecated: true requestBody: + required: false content: application/json: schema: - $ref: "#/components/schemas/add_group_resource_request" - required: false + example: + access_level_remote_id: arn:aws:iam::590304332660:role/AdministratorAccess + duration_minutes: 60 + properties: + access_level_remote_id: + description: The remote ID of the access level to grant to this user. If omitted, the default access level remote ID value (empty string) is used. + example: arn:aws:iam::590304332660:role/AdministratorAccess + type: string + duration_minutes: + description: The duration for which the resource can be accessed (in minutes). Use 0 to set to indefinite. + example: 60 + type: integer + maximum: 525960 # One year + minimum: 0 + type: object responses: "200": content: @@ -1245,24 +1264,24 @@ paths: $ref: "#/components/schemas/GroupResource" description: The created `GroupResource` object. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - groups + - groups /groups/{group_id}/visibility: get: description: Gets the visibility of this group. operationId: get_group_visibility parameters: - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -1271,29 +1290,29 @@ paths: $ref: "#/components/schemas/VisibilityInfo" description: The visibility info of this group. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - groups + - groups put: description: Sets the visibility of this group. operationId: set_group_visibility parameters: - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple requestBody: + required: true content: application/json: schema: $ref: "#/components/schemas/VisibilityInfo" - required: true responses: "200": content: @@ -1302,25 +1321,25 @@ paths: $ref: "#/components/schemas/VisibilityInfo" description: The visibility info of this group. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - groups + - groups /groups/{group_id}/reviewers: get: deprecated: true description: Gets the list of owner IDs of the reviewers for a group. operationId: get_group_reviewers parameters: - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -1333,30 +1352,30 @@ paths: type: array description: The IDs of owners that are reviewers for this group. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - groups + - groups put: deprecated: true description: Sets the list of reviewers for a group. operationId: set_group_reviewers parameters: - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple requestBody: + required: true content: application/json: schema: $ref: "#/components/schemas/ReviewerIDList" - required: true responses: "200": content: @@ -1369,25 +1388,25 @@ paths: type: array description: The updated IDs of owners that are reviewers for this group security: - - BearerAuth: [] + - BearerAuth: [] tags: - - groups + - groups /groups/{group_id}/reviewer-stages: get: deprecated: true description: Gets the list of reviewer stages for a group. operationId: get_group_reviewer_stages parameters: - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -1399,30 +1418,30 @@ paths: type: array description: The reviewer stages for this group. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - groups + - groups put: deprecated: true description: Sets the list of reviewer stages for a group. operationId: set_group_reviewer_stages parameters: - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple requestBody: + required: true content: application/json: schema: $ref: "#/components/schemas/ReviewerStageList" - required: true responses: "200": content: @@ -1434,24 +1453,24 @@ paths: type: array description: The updated reviewer stages for this group. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - groups + - groups /groups/{group_id}/tags: get: description: Returns all tags applied to the group. operationId: get_group_tags parameters: - - description: The ID of the group whose tags to return. - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the group whose tags to return. + name: group_id + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -1460,43 +1479,43 @@ paths: $ref: "#/components/schemas/TagsList" description: The tags applied to the group. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - groups + - groups /groups/{group_id}/users: get: description: Gets the list of users for this group. operationId: get_group_users parameters: - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The pagination cursor value. - example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - explode: true - in: query - name: cursor - required: false - schema: - type: string - style: form - - description: Number of results to return per page. Default is 200. - example: 200 - explode: true - in: query - name: page_size - required: false - schema: - maximum: 1000 - type: integer - style: form + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The pagination cursor value. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: + type: string + style: form + - description: Number of results to return per page. Default is 200. + example: 200 + explode: true + in: query + name: page_size + required: false + schema: + type: integer + maximum: 1000 + style: form responses: "200": content: @@ -1505,191 +1524,214 @@ paths: $ref: "#/components/schemas/GroupUserList" description: List of users with access to this group. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - groups + - groups /groups/{group_id}/users/{user_id}: - delete: - description: Removes a user's access from this group. - operationId: delete_group_user - parameters: - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The ID of a user to remove from this group. - example: f92aa855-cea9-4814-b9d8-f2a60d3e4a06 - explode: false - in: path - name: user_id - required: true - schema: - format: uuid - type: string - style: simple - - description: "The remote ID of the access level for which this user has direct\ - \ access. If omitted, the default access level remote ID value (empty string)\ - \ is assumed." - example: 30 - explode: true - in: query - name: access_level_remote_id - required: false - schema: - type: string - style: form - responses: - "200": - description: This user's access was successfully removed from this group. - security: - - BearerAuth: [] - tags: - - groups - post: - description: Adds a user to this group. - operationId: add_group_user + put: + description: Updates a user's access level or duration in this group. + operationId: update_group_user parameters: - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The ID of the user to add. - example: f92aa855-cea9-4814-b9d8-f2a60d3e4a06 - explode: false - in: path - name: user_id - required: true - schema: - format: uuid - type: string - style: simple - - deprecated: true - description: The duration for which the group can be accessed (in minutes). - Use 0 to set to indefinite. - example: 60 - explode: true - in: query - name: duration_minutes - required: false - schema: - maximum: 525960 - type: integer - style: form - - deprecated: true - description: "The remote ID of the access level to grant to this user. If\ - \ omitted, the default access level remote ID value (empty string) is used." - example: arn:aws:iam::590304332660:role/AdministratorAccess - explode: true - in: query - name: access_level_remote_id - required: false - schema: - type: string - style: form + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The ID of the user whose access is being updated. + example: f92aa855-cea9-4814-b9d8-f2a60d3e4a06 + in: path + name: user_id + required: true + schema: + format: uuid + type: string + style: simple requestBody: + required: true content: application/json: schema: - $ref: "#/components/schemas/add_group_user_request" - required: false + type: object + example: + duration_minutes: 60 + access_level_remote_id: arn:aws:iam::590304332660:role/AdministratorAccess + properties: + duration_minutes: + description: The updated duration for which the group can be accessed (in minutes). Use 0 for indefinite. + type: integer + maximum: 525960 # One year + example: 120 + access_level_remote_id: + description: The updated remote ID of the access level granted to this user. + type: string + example: arn:aws:iam::590304332660:role/ReadOnlyAccess + required: + - duration_minutes responses: "200": + description: The GroupUser was successfully updated. content: application/json: schema: $ref: "#/components/schemas/GroupUser" - description: The GroupUser that was created. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - groups - put: - description: Updates a user's access level or duration in this group. - operationId: update_group_user + - groups + post: + description: Adds a user to this group. + operationId: add_group_user parameters: - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The ID of the user whose access is being updated. - example: f92aa855-cea9-4814-b9d8-f2a60d3e4a06 - explode: false - in: path - name: user_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The ID of the user to add. + example: f92aa855-cea9-4814-b9d8-f2a60d3e4a06 + explode: false + in: path + name: user_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The duration for which the group can be accessed (in minutes). Use 0 to set to indefinite. + example: 60 + explode: true + in: query + name: duration_minutes + required: false + schema: + type: integer + maximum: 525960 # One year + style: form + deprecated: true + - description: The remote ID of the access level to grant to this user. If omitted, the default access level remote ID value (empty string) is used. + example: arn:aws:iam::590304332660:role/AdministratorAccess + explode: true + in: query + name: access_level_remote_id + required: false + schema: + type: string + style: form + deprecated: true requestBody: + required: false content: application/json: schema: - $ref: "#/components/schemas/update_group_user_request" - required: true + example: + duration_minutes: 60 + access_level_remote_id: arn:aws:iam::590304332660:role/AdministratorAccess + properties: + duration_minutes: + description: The duration for which the group can be accessed (in minutes). Use 0 to set to indefinite. + example: 60 + type: integer + access_level_remote_id: + description: The remote ID of the access level to grant to this user. If omitted, the default access level remote ID value (empty string) is used. + example: arn:aws:iam::590304332660:role/AdministratorAccess + type: string + required: + - duration_minutes + type: object responses: "200": content: application/json: schema: $ref: "#/components/schemas/GroupUser" - description: The GroupUser was successfully updated. + description: The GroupUser that was created. + security: + - BearerAuth: [] + tags: + - groups + delete: + description: Removes a user's access from this group. + operationId: delete_group_user + parameters: + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The ID of a user to remove from this group. + example: f92aa855-cea9-4814-b9d8-f2a60d3e4a06 + explode: false + in: path + name: user_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The remote ID of the access level for which this user has direct access. If omitted, the default access level remote ID value (empty string) is assumed. + example: 30 + explode: true + in: query + name: access_level_remote_id + required: false + schema: + type: string + style: form + responses: + "200": + description: This user's access was successfully removed from this group. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - groups + - groups /groups/users/{user_id}: get: description: Returns all groups that the user is a member of. operationId: get_user_groups parameters: - - description: The ID of the user whose groups to return. - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: user_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The pagination cursor value. - example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - explode: true - in: query - name: cursor - required: false - schema: - type: string - style: form - - description: Number of results to return per page. Default is 200. - example: 200 - explode: true - in: query - name: page_size - required: false - schema: - maximum: 1000 - type: integer - style: form + - description: The ID of the user whose groups to return. + name: user_id + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + required: true + schema: + format: uuid + type: string + style: simple + - description: The pagination cursor value. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: + type: string + style: form + - description: Number of results to return per page. Default is 200. + example: 200 + explode: true + in: query + name: page_size + required: false + schema: + type: integer + maximum: 1000 + style: form responses: "200": content: @@ -1698,33 +1740,33 @@ paths: $ref: "#/components/schemas/GroupUserList" description: The groups that the user is a member of. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - groups + - groups /group-bindings: get: + summary: Get group bindings description: Returns a list of `GroupBinding` objects. operationId: getGroupBindings parameters: - - description: The pagination cursor value. - example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - explode: true - in: query - name: cursor - required: false - schema: - type: string - style: form - - description: Number of results to return per page. Default is 200. - example: 200 - explode: true - in: query - name: page_size - required: false - schema: - maximum: 1000 - type: integer - style: form + - description: The pagination cursor value. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: + type: string + style: form + - description: Number of results to return per page. Default is 200. + example: 200 + explode: true + in: query + name: page_size + schema: + type: integer + maximum: 1000 + style: form responses: "200": content: @@ -1733,19 +1775,18 @@ paths: $ref: "#/components/schemas/PaginatedGroupBindingsList" description: One page worth of group bindings for your organization. security: - - BearerAuth: [] - summary: Get group bindings + - BearerAuth: [] tags: - - group-bindings + - group-bindings post: description: Creates a group binding. operationId: createGroupBinding requestBody: + required: true content: application/json: schema: $ref: "#/components/schemas/CreateGroupBindingInfo" - required: true responses: "200": content: @@ -1754,62 +1795,42 @@ paths: $ref: "#/components/schemas/GroupBinding" description: The group binding just created. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - group-bindings + - group-bindings put: description: Bulk updates a list of group bindings. operationId: updateGroupBindings requestBody: + description: Group bindings to be updated + required: true content: application/json: schema: $ref: "#/components/schemas/UpdateGroupBindingInfoList" - description: Group bindings to be updated - required: true responses: "200": description: The group bindings were successfully updated. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - group-bindings + - group-bindings /group-bindings/{group_binding_id}: - delete: - description: Deletes a group binding. - operationId: deleteGroupBinding - parameters: - - description: The ID of the group binding. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_binding_id - required: true - schema: - format: uuid - type: string - style: simple - responses: - "200": - description: The group binding was successfully deleted. - security: - - BearerAuth: [] - tags: - - group-bindings get: + summary: Get group binding by ID description: Returns a `GroupBinding` object. operationId: getGroupBinding parameters: - - description: The ID of the group binding. - example: 32acc112-21ff-4669-91c2-21e27683eaa1 - explode: true - in: path - name: group_binding_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the group binding. + example: 32acc112-21ff-4669-91c2-21e27683eaa1 + explode: true + in: path + name: group_binding_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -1818,123 +1839,123 @@ paths: $ref: "#/components/schemas/GroupBinding" description: The requested `GroupBinding`. security: - - BearerAuth: [] - summary: Get group binding by ID + - BearerAuth: [] + tags: + - group-bindings + delete: + description: Deletes a group binding. + operationId: deleteGroupBinding + parameters: + - description: The ID of the group binding. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_binding_id + required: true + schema: + format: uuid + type: string + style: simple + responses: + "200": + description: The group binding was successfully deleted. + security: + - BearerAuth: [] tags: - - group-bindings + - group-bindings /idp-group-mappings/{app_resource_id}: get: - description: Returns the configured set of available `IdpGroupMapping` objects - for an Okta app. + description: Returns the configured set of available `IdpGroupMapping` objects for an Okta app. operationId: getIdpGroupMappings parameters: - - description: The ID of the Okta app. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: app_resource_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the Okta app. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: app_resource_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: application/json: schema: $ref: "#/components/schemas/IdpGroupMappingList" - description: The configured set of available `IdpGroupMapping` objects for - an Okta app. + description: The configured set of available `IdpGroupMapping` objects for an Okta app. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - idp-group-mappings + - idp-group-mappings put: - description: Updates the list of available `IdpGroupMapping` objects for an - Okta app. + description: Updates the list of available `IdpGroupMapping` objects for an Okta app. operationId: updateIdpGroupMappings parameters: - - description: The ID of the Okta app. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: app_resource_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the Okta app. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: app_resource_id + required: true + schema: + format: uuid + type: string + style: simple requestBody: + required: true content: application/json: schema: - $ref: "#/components/schemas/updateIdpGroupMappings_request" - required: true + properties: + mappings: + type: array + items: + properties: + group_id: + type: string + format: uuid + alias: + type: string + hidden_from_end_user: + type: boolean + type: object + required: + - mappings + type: object responses: "200": - description: The updated set of available `IdpGroupMapping` objects for - an Okta app. + description: The updated set of available `IdpGroupMapping` objects for an Okta app. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - idp-group-mappings + - idp-group-mappings /idp-group-mappings/{app_resource_id}/groups/{group_id}: - delete: - description: Deletes an `IdpGroupMapping` object. - operationId: delete_idp_group_mappings - parameters: - - description: The ID of the Okta app. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: app_resource_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple - responses: - "200": - description: The IDP group mapping was successfully deleted. - security: - - BearerAuth: [] - tags: - - idp-group-mappings get: description: Gets an `IdpGroupMapping` object for an Okta app and group. operationId: getIdpGroupMapping parameters: - - description: The ID of the Okta app. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: app_resource_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the Okta app. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: app_resource_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -1943,9 +1964,9 @@ paths: $ref: "#/components/schemas/IdpGroupMapping" description: The `IdpGroupMapping` object for the Okta app and group. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - idp-group-mappings + - idp-group-mappings post: description: | Creates or updates an individual `IdpGroupMapping` object (upsert operation). @@ -1955,76 +1976,121 @@ paths: - If the mapping exists, only the fields provided in the request will be updated operationId: createIdpGroupMapping parameters: - - description: The ID of the Okta app. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: app_resource_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The ID of the group. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the Okta app. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: app_resource_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple requestBody: + required: false content: application/json: schema: - $ref: "#/components/schemas/createIdpGroupMapping_request" - required: false + properties: + alias: + description: Optional alias for the group mapping + type: string + nullable: true + hidden_from_end_user: + description: | + Whether this mapping should be hidden from end users. + - **New mappings**: If not provided, defaults to `false` + - **Existing mappings**: If not provided, existing value is preserved (no change) + - **Explicit values**: If provided, value is updated to the specified boolean + type: boolean + nullable: true + type: object responses: "200": + description: The IDP group mapping was successfully created or updated. content: application/json: schema: $ref: "#/components/schemas/IdpGroupMapping" - description: The IDP group mapping was successfully created or updated. security: - - BearerAuth: [] + - BearerAuth: [] + tags: + - idp-group-mappings + delete: + description: Deletes an `IdpGroupMapping` object. + operationId: delete_idp_group_mappings + parameters: + - description: The ID of the Okta app. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: app_resource_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple + responses: + "200": + description: The IDP group mapping was successfully deleted. + security: + - BearerAuth: [] tags: - - idp-group-mappings + - idp-group-mappings /owners: get: + summary: Get owners description: Returns a list of `Owner` objects. operationId: get_owners parameters: - - description: The pagination cursor value. - example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - explode: true - in: query - name: cursor - required: false - schema: - type: string - style: form - - description: Number of results to return per page. Default is 200. - example: 200 - explode: true - in: query - name: page_size - required: false - schema: - maximum: 1000 - type: integer - style: form - - description: Owner name to filter by. - example: 200 - explode: true - in: query - name: name - required: false - schema: - type: string - style: form + - description: The pagination cursor value. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: + type: string + style: form + - description: Number of results to return per page. Default is 200. + example: 200 + explode: true + in: query + name: page_size + required: false + schema: + type: integer + maximum: 1000 + style: form + - description: Owner name to filter by. + example: 200 + explode: true + in: query + name: name + required: false + schema: + type: string + style: form responses: "200": content: @@ -2033,19 +2099,18 @@ paths: $ref: "#/components/schemas/PaginatedOwnersList" description: One page worth of owners in your organization. security: - - BearerAuth: [] - summary: Get owners + - BearerAuth: [] tags: - - owners + - owners post: description: Creates an owner. operationId: createOwner requestBody: + required: true content: application/json: schema: $ref: "#/components/schemas/CreateOwnerInfo" - required: true responses: "200": content: @@ -2054,19 +2119,19 @@ paths: $ref: "#/components/schemas/Owner" description: The owner just created. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - owners + - owners put: description: Bulk updates a list of owners. operationId: updateOwners requestBody: + description: Owners to be updated + required: true content: application/json: schema: $ref: "#/components/schemas/UpdateOwnerInfoList" - description: Owners to be updated - required: true responses: "200": content: @@ -2075,45 +2140,25 @@ paths: $ref: "#/components/schemas/UpdateOwnerInfoList" description: The resulting updated owner infos. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - owners + - owners /owners/{owner_id}: - delete: - description: Deletes an owner. - operationId: delete_owner - parameters: - - description: The ID of the owner. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: owner_id - required: true - schema: - format: uuid - type: string - style: simple - responses: - "200": - description: The owner was successfully deleted. - security: - - BearerAuth: [] - tags: - - owners get: + summary: Get owner by ID description: Returns an `Owner` object. operationId: getOwner parameters: - - description: The ID of the owner. - example: 32acc112-21ff-4669-91c2-21e27683eaa1 - explode: true - in: path - name: owner_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the owner. + example: 32acc112-21ff-4669-91c2-21e27683eaa1 + explode: true + in: path + name: owner_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -2122,25 +2167,44 @@ paths: $ref: "#/components/schemas/Owner" description: The owner object associated with the passed-in ID. security: - - BearerAuth: [] - summary: Get owner by ID + - BearerAuth: [] + tags: + - owners + delete: + description: Deletes an owner. + operationId: delete_owner + parameters: + - description: The ID of the owner. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: owner_id + required: true + schema: + format: uuid + type: string + style: simple + responses: + "200": + description: The owner was successfully deleted. + security: + - BearerAuth: [] tags: - - owners + - owners /owners/name/{owner_name}: get: - description: "Returns an `Owner` object. Does not support owners with `/` in\ - \ their name, use /owners?name=... instead." + description: Returns an `Owner` object. Does not support owners with `/` in their name, use /owners?name=... instead. operationId: getOwnerFromName parameters: - - description: The name of the owner. - example: MyOwner - explode: true - in: path - name: owner_name - required: true - schema: - type: string - style: simple + - description: The name of the owner. + example: MyOwner + explode: true + in: path + name: owner_name + required: true + schema: + type: string + style: simple responses: "200": content: @@ -2149,25 +2213,24 @@ paths: $ref: "#/components/schemas/Owner" description: The owner object associated with the passed-in name. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - owners + - owners /owners/{owner_id}/users: get: - description: "Gets the list of users for this owner, in escalation priority\ - \ order if applicable." + description: Gets the list of users for this owner, in escalation priority order if applicable. operationId: get_owner_users parameters: - - description: The ID of the owner. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: owner_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the owner. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: owner_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -2176,32 +2239,29 @@ paths: $ref: "#/components/schemas/UserList" description: The users for this owner. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - owners + - owners put: - description: "Sets the list of users for this owner. If escalation is enabled,\ - \ the order of this list is the escalation priority order of the users. If\ - \ the owner has a source group, adding or removing users from this list won't\ - \ be possible." + description: Sets the list of users for this owner. If escalation is enabled, the order of this list is the escalation priority order of the users. If the owner has a source group, adding or removing users from this list won't be possible. operationId: set_owner_users parameters: - - description: The ID of the owner. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: owner_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the owner. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: owner_id + required: true + schema: + format: uuid + type: string + style: simple requestBody: + required: true content: application/json: schema: $ref: "#/components/schemas/UserIDList" - required: true responses: "200": content: @@ -2210,92 +2270,90 @@ paths: $ref: "#/components/schemas/UserList" description: The updated users for the owner. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - owners + - owners /requests: get: - description: Returns a list of requests for your organization that is visible - by the admin. + summary: Get requests + description: Returns a list of requests for your organization that is visible by the admin. operationId: getRequests parameters: - - description: A start date filter for the events. - examples: - withDate: - summary: Example with date - value: 2021-11-01 - withDatetime: - summary: Example with date and time in ISO 8601 datetime format. - value: 2025-01-01T00:00:00Z - explode: true - in: query - name: start_date_filter - required: false - schema: - type: string - style: form - - description: An end date filter for the events. - examples: - withDate: - summary: Example with date - value: 2021-11-12 - withDatetime: - summary: Example with date and time in ISO 8601 datetime format. - value: 2025-01-01T00:00:00Z - explode: true - in: query - name: end_date_filter - required: false - schema: - type: string - style: form - - description: Filter requests by their requester ID. - example: 37cb7e41-12ba-46da-92ff-030abe0450b1 - explode: true - in: query - name: requester_id - required: false - schema: - format: uuid - type: string - style: form - - description: Filter requests by their target user ID. - example: 37cb7e41-12ba-46da-92ff-030abe0450b1 - explode: true - in: query - name: target_user_id - required: false - schema: - format: uuid - type: string - style: form - - description: The pagination cursor value. - example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - explode: true - in: query - name: cursor - required: false - schema: - type: string - style: form - - description: Number of results to return per page. Default is 200. - example: 200 - explode: true - in: query - name: page_size - required: false - schema: - maximum: 1000 - type: integer - style: form - - description: Boolean toggle for if it should only show pending requests. - explode: true - in: query - name: show_pending_only - required: false - schema: - type: boolean - style: form + - description: A start date filter for the events. + examples: + withDate: + summary: Example with date + value: 2021-11-01 + withDatetime: + summary: Example with date and time in ISO 8601 datetime format. + value: 2025-01-01T00:00:00Z + explode: true + in: query + name: start_date_filter + required: false + schema: + type: string + style: form + - description: An end date filter for the events. + examples: + withDate: + summary: Example with date + value: 2021-11-12 + withDatetime: + summary: Example with date and time in ISO 8601 datetime format. + value: 2025-01-01T00:00:00Z + explode: true + in: query + name: end_date_filter + required: false + schema: + type: string + style: form + - description: Filter requests by their requester ID. + example: 37cb7e41-12ba-46da-92ff-030abe0450b1 + in: query + name: requester_id + required: false + schema: + format: uuid + type: string + style: form + - description: Filter requests by their target user ID. + example: 37cb7e41-12ba-46da-92ff-030abe0450b1 + in: query + name: target_user_id + required: false + schema: + format: uuid + type: string + style: form + - description: The pagination cursor value. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: + type: string + style: form + - description: Number of results to return per page. Default is 200. + example: 200 + explode: true + in: query + name: page_size + required: false + schema: + type: integer + maximum: 1000 + style: form + - description: Boolean toggle for if it should only show pending requests. + explode: true + in: query + name: show_pending_only + required: false + schema: + type: boolean + style: form responses: "200": content: @@ -2304,110 +2362,96 @@ paths: $ref: "#/components/schemas/RequestList" description: The list of requests. security: - - BearerAuth: [] - summary: Get requests + - BearerAuth: [] tags: - - requests + - requests post: - description: Create an access request - operationId: createRequest + description: "Create an access request" + operationId: "createRequest" requestBody: + description: Resources to be updated + required: true content: application/json: schema: $ref: "#/components/schemas/CreateRequestInfo" - description: Resources to be updated - required: true responses: "200": content: application/json: schema: - $ref: "#/components/schemas/createRequest_200_response" + properties: + id: + format: uuid + type: string + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 description: The resulting request. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - requests + - requests /requests/relay: get: - deprecated: true + summary: Get requests via Relay description: Returns a paginated list of requests using Relay-style cursor pagination. operationId: getRequestsRelay + deprecated: true parameters: - - description: "Number of results to return after the cursor. Use either first/after\ - \ or last/before, not both." - example: 10 - explode: true - in: query - name: first - required: false - schema: - maximum: 100 - minimum: 1 - type: integer - style: form - - description: Cursor to fetch results after. Used with 'first' for forward - pagination. - example: Y3Vyc29yOnYyOpK5MjAyMS0wMS0wN1QwNzo0MToyNy4xMTlaFjYwZmM2YmJlZjk4YzE1N2ZhNjFhYjk4Nw== - explode: true - in: query - name: after - required: false - schema: - type: string - style: form - - description: "Number of results to return before the cursor. Use either first/after\ - \ or last/before, not both." - example: 10 - explode: true - in: query - name: last - required: false - schema: - maximum: 100 - minimum: 1 - type: integer - style: form - - description: Cursor to fetch results before. Used with 'last' for backward - pagination. - example: Y3Vyc29yOnYyOpK5MjAyMS0wMS0wN1QwNzo0MToyNy4xMTlaFjYwZmM2YmJlZjk4YzE1N2ZhNjFhYjk4Nw== - explode: true - in: query - name: before - required: false - schema: - type: string - style: form - - description: Filter requests by their status. - example: PENDING - explode: true - in: query - name: status - required: false - schema: - $ref: "#/components/schemas/RequestStatusEnum" - style: form - - description: Filter requests assigned to a specific user ID. - example: 37cb7e41-12ba-46da-92ff-030abe0450b1 - explode: true - in: query - name: to - required: false - schema: - format: uuid - type: string - style: form - - description: Filter requests made by a specific user ID. - example: 37cb7e41-12ba-46da-92ff-030abe0450b1 - explode: true - in: query - name: from - required: false - schema: - format: uuid - type: string - style: form + - description: Number of results to return after the cursor. Use either first/after or last/before, not both. + example: 10 + in: query + name: first + required: false + schema: + type: integer + minimum: 1 + maximum: 100 + - description: Cursor to fetch results after. Used with 'first' for forward pagination. + example: "Y3Vyc29yOnYyOpK5MjAyMS0wMS0wN1QwNzo0MToyNy4xMTlaFjYwZmM2YmJlZjk4YzE1N2ZhNjFhYjk4Nw==" + in: query + name: after + required: false + schema: + type: string + - description: Number of results to return before the cursor. Use either first/after or last/before, not both. + example: 10 + in: query + name: last + required: false + schema: + type: integer + minimum: 1 + maximum: 100 + - description: Cursor to fetch results before. Used with 'last' for backward pagination. + example: "Y3Vyc29yOnYyOpK5MjAyMS0wMS0wN1QwNzo0MToyNy4xMTlaFjYwZmM2YmJlZjk4YzE1N2ZhNjFhYjk4Nw==" + in: query + name: before + required: false + schema: + type: string + - description: Filter requests by their status. + example: PENDING + in: query + name: status + required: false + schema: + $ref: "#/components/schemas/RequestStatusEnum" + - description: Filter requests assigned to a specific user ID. + example: 37cb7e41-12ba-46da-92ff-030abe0450b1 + in: query + name: to + required: false + schema: + format: uuid + type: string + - description: Filter requests made by a specific user ID. + example: 37cb7e41-12ba-46da-92ff-030abe0450b1 + in: query + name: from + required: false + schema: + format: uuid + type: string responses: "200": content: @@ -2416,247 +2460,267 @@ paths: $ref: "#/components/schemas/RequestConnection" description: A paginated list of requests using Relay-style cursor pagination. security: - - BearerAuth: [] - summary: Get requests via Relay + - BearerAuth: [] tags: - - requests + - requests /requests/{id}: get: + summary: Get request by ID description: Returns a request by ID. operationId: getRequest parameters: - - description: The ID of the request. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the request. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": + description: The requested request object. content: application/json: schema: $ref: "#/components/schemas/Request" - description: The requested request object. security: - - BearerAuth: [] - summary: Get request by ID + - BearerAuth: [] tags: - - requests + - requests /requests/{id}/approve: post: - description: Approve an access request - operationId: approveRequest + description: "Approve an access request" + operationId: "approveRequest" parameters: - - description: The ID of the request to approve - explode: false - in: path - name: id - required: true - schema: - format: uuid - type: string - style: simple + - description: "The ID of the request to approve" + in: path + name: id + required: true + schema: + type: string + format: uuid requestBody: + description: Approval parameters + required: true content: application/json: schema: - $ref: "#/components/schemas/approveRequest_request" - description: Approval parameters - required: true + type: object + properties: + level: + $ref: "#/components/schemas/RequestApprovalEnum" + comment: + type: string + description: "Optional comment for the approval" + example: "Approved after security review" + required: + - level responses: "200": + description: "Request successfully approved" content: application/json: schema: - $ref: "#/components/schemas/approveRequest_200_response" - description: Request successfully approved + type: object + properties: + request: + $ref: "#/components/schemas/Request" security: - - BearerAuth: [] + - BearerAuth: [] tags: - - requests + - requests /requests/{id}/deny: post: - description: Deny an access request - operationId: denyRequest + description: "Deny an access request" + operationId: "denyRequest" parameters: - - description: The ID of the request to deny - explode: false - in: path - name: id - required: true - schema: - format: uuid - type: string - style: simple + - description: "The ID of the request to deny" + in: path + name: id + required: true + schema: + type: string + format: uuid requestBody: + description: Denial parameters + required: true content: application/json: schema: - $ref: "#/components/schemas/denyRequest_request" - description: Denial parameters - required: true + type: object + properties: + comment: + type: string + description: "Comment for the denial" + example: "Denied due to insufficient justification" + required: + - comment responses: "200": + description: "Request successfully denied" content: application/json: schema: - $ref: "#/components/schemas/approveRequest_200_response" - description: Request successfully denied + type: object + properties: + request: + $ref: "#/components/schemas/Request" security: - - BearerAuth: [] + - BearerAuth: [] tags: - - requests + - requests /requests/{id}/comments: get: description: Returns a list of comments for a specific request. operationId: getRequestComments parameters: - - description: The ID of the request to get comments for - explode: false - in: path - name: id - required: true - schema: - format: uuid - type: string - style: simple + - description: "The ID of the request to get comments for" + in: path + name: id + required: true + schema: + type: string + format: uuid responses: "200": + description: A list of comments associated with the specified request. content: application/json: schema: + type: object $ref: "#/components/schemas/RequestCommentList" - description: A list of comments associated with the specified request. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - requests + - requests post: - description: Comment on an access request - operationId: createRequestComment + description: "Comment on an access request" + operationId: "createRequestComment" parameters: - - description: The ID of the request to comment on - explode: false - in: path - name: id - required: true - schema: - format: uuid - type: string - style: simple + - description: "The ID of the request to comment on" + in: path + name: id + required: true + schema: + type: string + format: uuid requestBody: + description: Comment parameters + required: true content: application/json: schema: - $ref: "#/components/schemas/createRequestComment_request" - description: Comment parameters - required: true + type: object + properties: + comment: + type: string + description: "comment" + required: + - comment responses: "200": + description: "Request successfully commented" content: application/json: schema: - $ref: "#/components/schemas/approveRequest_200_response" - description: Request successfully commented + type: object + properties: + request: + $ref: "#/components/schemas/Request" security: - - BearerAuth: [] + - BearerAuth: [] tags: - - requests + - requests /resources: get: + summary: Get resources description: Returns a list of resources for your organization. operationId: getResources parameters: - - description: The pagination cursor value. - example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - explode: true - in: query - name: cursor - required: false - schema: - type: string - style: form - - description: Number of results to return per page. Default is 200. - example: 200 - explode: true - in: query - name: page_size - required: false - schema: - maximum: 1000 - type: integer - style: form - - description: The resource type to filter by. Required when remote_id is provided. - example: AWS_IAM_ROLE - explode: true - in: query - name: resource_type_filter - required: false - schema: - $ref: "#/components/schemas/ResourceTypeEnum" - style: form - - description: The resource ids to filter by. - example: - - 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - - 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: query - name: resource_ids - required: false - schema: - items: - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + - description: The pagination cursor value. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: + type: string + style: form + - description: Number of results to return per page. Default is 200. + example: 200 + explode: true + in: query + name: page_size + required: false + schema: + type: integer + maximum: 1000 + style: form + - description: The resource type to filter by. Required when remote_id is provided. + example: AWS_IAM_ROLE + explode: true + in: query + name: resource_type_filter + required: false + schema: + $ref: "#/components/schemas/ResourceTypeEnum" + style: form + - description: The resource ids to filter by. + example: + - 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + - 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: query + name: resource_ids + required: false + schema: + items: + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + format: uuid + type: string + type: array + style: form + - description: Resource name. + example: example-name + explode: true + in: query + name: resource_name + required: false + schema: + type: string + style: form + - description: The parent resource id to filter by. + example: + - 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: query + name: parent_resource_id + required: false + schema: format: uuid type: string - type: array - style: form - - description: Resource name. - example: example-name - explode: true - in: query - name: resource_name - required: false - schema: - type: string - style: form - - description: The parent resource id to filter by. - example: - - 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: query - name: parent_resource_id - required: false - schema: - format: uuid - type: string - style: form - - description: The ancestor resource id to filter by. Returns all resources - that are descendants of the specified resource. - example: - - 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: query - name: ancestor_resource_id - required: false - schema: - format: uuid - type: string - style: form - - description: Filter resources by their remote id. This will return all resources - that have a remote id that matches the provided remote id. Note that this - requires resource_type_filter to be provided. - explode: true - in: query - name: remote_id - required: false - schema: - type: string - style: form + style: form + - description: The ancestor resource id to filter by. Returns all resources that are descendants of the specified resource. + example: + - 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: query + name: ancestor_resource_id + required: false + schema: + format: uuid + type: string + style: form + - description: Filter resources by their remote id. This will return all resources that have a remote id that matches the provided remote id. Note that this requires resource_type_filter to be provided. + in: query + name: remote_id + required: false + schema: + type: string + style: form responses: "200": content: @@ -2665,115 +2729,113 @@ paths: $ref: "#/components/schemas/PaginatedResourcesList" description: One page worth resources associated with your organization. security: - - BearerAuth: [] - summary: Get resources + - BearerAuth: [] tags: - - resources - post: - description: "Creates a resource. See [here](https://docs.opal.dev/reference/end-system-objects)\ - \ for details about importing resources." - operationId: createResource + - resources + put: + description: Bulk updates a list of resources. + operationId: updateResources requestBody: + description: Resources to be updated + required: true content: application/json: schema: - $ref: "#/components/schemas/CreateResourceInfo" - required: true + $ref: "#/components/schemas/UpdateResourceInfoList" responses: "200": content: application/json: schema: - $ref: "#/components/schemas/Resource" - description: The resource just created. + $ref: "#/components/schemas/UpdateResourceInfoList" + description: The resulting updated resource infos. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - resources - put: - description: Bulk updates a list of resources. - operationId: updateResources + - resources + post: + description: Creates a resource. See [here](https://docs.opal.dev/reference/end-system-objects) for details about importing resources. + operationId: createResource requestBody: + required: true content: application/json: schema: - $ref: "#/components/schemas/UpdateResourceInfoList" - description: Resources to be updated - required: true + $ref: "#/components/schemas/CreateResourceInfo" responses: "200": content: application/json: schema: - $ref: "#/components/schemas/UpdateResourceInfoList" - description: The resulting updated resource infos. + $ref: "#/components/schemas/Resource" + description: The resource just created. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - resources + - resources /resources/{resource_id}: - delete: - description: Deletes a resource. - operationId: delete_resource - parameters: - - description: The ID of the resource. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple - responses: - "200": - description: The resource was successfully deleted. - security: - - BearerAuth: [] - tags: - - resources get: + summary: Get resource by ID description: Retrieves a resource. operationId: get_resource parameters: - - description: The ID of the resource. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the resource. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: resource_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": + description: The requested resource. content: application/json: schema: $ref: "#/components/schemas/Resource" - description: The requested resource. security: - - BearerAuth: [] - summary: Get resource by ID + - BearerAuth: [] tags: - - resources + - resources + delete: + description: Deletes a resource. + operationId: delete_resource + parameters: + - description: The ID of the resource. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: resource_id + required: true + schema: + format: uuid + type: string + style: simple + responses: + "200": + description: The resource was successfully deleted. + security: + - BearerAuth: [] + tags: + - resources /resources/{resource_id}/message-channels: get: description: Gets the list of audit message channels attached to a resource. operationId: get_resource_message_channels parameters: - - description: The ID of the resource. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the resource. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: resource_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -2782,29 +2844,29 @@ paths: $ref: "#/components/schemas/MessageChannelList" description: The audit message channels attached to the resource. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - resources + - resources put: description: Sets the list of audit message channels attached to a resource. operationId: set_resource_message_channels parameters: - - description: The ID of the resource. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the resource. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: resource_id + required: true + schema: + format: uuid + type: string + style: simple requestBody: + required: true content: application/json: schema: $ref: "#/components/schemas/MessageChannelIDList" - required: true responses: "200": content: @@ -2817,24 +2879,24 @@ paths: type: array description: The updated audit message channel IDs for the resource. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - resources + - resources /resources/{resource_id}/visibility: get: description: Gets the visibility of this resource. operationId: get_resource_visibility parameters: - - description: The ID of the resource. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the resource. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: resource_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -2843,29 +2905,29 @@ paths: $ref: "#/components/schemas/VisibilityInfo" description: The visibility info of this resource. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - resources + - resources put: description: Sets the visibility of this resource. operationId: set_resource_visibility parameters: - - description: The ID of the resource. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the resource. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: resource_id + required: true + schema: + format: uuid + type: string + style: simple requestBody: + required: true content: application/json: schema: $ref: "#/components/schemas/VisibilityInfo" - required: true responses: "200": content: @@ -2874,24 +2936,24 @@ paths: $ref: "#/components/schemas/VisibilityInfo" description: The visibility info of this resource. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - resources + - resources /resources/{resource_id}/reviewers: get: description: Gets the list of owner IDs of the reviewers for a resource. operationId: get_resource_reviewers parameters: - - description: The ID of the resource. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the resource. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: resource_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -2904,29 +2966,29 @@ paths: type: array description: The IDs of owners that are reviewers for this resource. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - resources + - resources put: description: Sets the list of reviewers for a resource. operationId: set_resource_reviewers parameters: - - description: The ID of the resource. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the resource. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: resource_id + required: true + schema: + format: uuid + type: string + style: simple requestBody: + required: true content: application/json: schema: $ref: "#/components/schemas/ReviewerIDList" - required: true responses: "200": content: @@ -2939,24 +3001,24 @@ paths: type: array description: The updated IDs of owners that are reviewers for this resource security: - - BearerAuth: [] + - BearerAuth: [] tags: - - resources + - resources /resources/{resource_id}/reviewer-stages: get: description: Gets the list reviewer stages for a resource. operationId: get_resource_reviewer_stages parameters: - - description: The ID of the resource. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the resource. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: resource_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -2968,29 +3030,29 @@ paths: type: array description: The reviewer stages for this resource. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - resources + - resources put: description: Sets the list of reviewer stages for a resource. operationId: set_resource_reviewer_stages parameters: - - description: The ID of the resource. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the resource. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: resource_id + required: true + schema: + format: uuid + type: string + style: simple requestBody: + required: true content: application/json: schema: $ref: "#/components/schemas/ReviewerStageList" - required: true responses: "200": content: @@ -3002,33 +3064,33 @@ paths: type: array description: The updated reviewer stages for this resource. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - resources + - resources /non-human-identities: get: description: Returns a list of non-human identities for your organization. operationId: get_nhis parameters: - - description: The pagination cursor value. - example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - explode: true - in: query - name: cursor - required: false - schema: - type: string - style: form - - description: Number of results to return per page. Default is 200. - example: 200 - explode: true - in: query - name: page_size - required: false - schema: - maximum: 1000 - type: integer - style: form + - description: The pagination cursor value. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: + type: string + style: form + - description: Number of results to return per page. Default is 200. + example: 200 + explode: true + in: query + name: page_size + required: false + schema: + type: integer + maximum: 1000 + style: form responses: "200": content: @@ -3037,34 +3099,34 @@ paths: $ref: "#/components/schemas/PaginatedResourcesList" description: One page worth non-human identities in your organization. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - non-human-identities + - non-human-identities /resources/{resource_id}/non-human-identities: get: description: Gets the list of non-human identities with access to this resource. operationId: get_resource_nhis parameters: - - description: The ID of the resource. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple - - description: Limit the number of results returned. - example: 200 - explode: true - in: query - name: limit - required: false - schema: - type: integer - style: form - responses: + - description: The ID of the resource. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: resource_id + required: true + schema: + format: uuid + type: string + style: simple + - description: Limit the number of results returned. + example: 200 + explode: true + in: query + name: limit + required: false + schema: + type: integer + style: form + responses: "200": content: application/json: @@ -3072,33 +3134,34 @@ paths: $ref: "#/components/schemas/AccessList" description: List of non-human identities with access to this resource. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - resources + - resources /resources/{resource_id}/users: get: + summary: Get resource users description: Gets the list of users for this resource. operationId: get_resource_users parameters: - - description: The ID of the resource. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple - - description: Limit the number of results returned. - example: 200 - explode: true - in: query - name: limit - required: false - schema: - type: integer - style: form + - description: The ID of the resource. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: resource_id + required: true + schema: + format: uuid + type: string + style: simple + - description: Limit the number of results returned. + example: 200 + explode: true + in: query + name: limit + required: false + schema: + type: integer + style: form responses: "200": content: @@ -3107,240 +3170,173 @@ paths: $ref: "#/components/schemas/ResourceAccessUserList" description: List of users with access to this resource. security: - - BearerAuth: [] - summary: Get resource users + - BearerAuth: [] tags: - - resources + - resources /resources/{resource_id}/non-human-identities/{non_human_identity_id}: - delete: - description: Removes a non-human identity's direct access from this resource. - operationId: delete_resource_nhi - parameters: - - description: The ID of the resource. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The resource ID of the non-human identity to remove from this - resource. - example: f92aa855-cea9-4814-b9d8-f2a60d3e4a06 - explode: false - in: path - name: non_human_identity_id - required: true - schema: - format: uuid - type: string - style: simple - - description: "The remote ID of the access level for which this non-human identity\ - \ has direct access. If omitted, the default access level remote ID value\ - \ (empty string) is assumed." - example: roles/cloudsql.instanceUser - explode: true - in: query - name: access_level_remote_id - required: false - schema: - type: string - style: form - responses: - "200": - description: This non-human identity's access was successfully removed from - this resource. - security: - - BearerAuth: [] - tags: - - resources post: description: Gives a non-human identity access to this resource. operationId: add_resource_nhi parameters: - - description: The ID of the resource. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The resource ID of the non-human identity to add. - example: f92aa855-cea9-4814-b9d8-f2a60d3e4a06 - explode: false - in: path - name: non_human_identity_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the resource. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: resource_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The resource ID of the non-human identity to add. + example: f92aa855-cea9-4814-b9d8-f2a60d3e4a06 + explode: false + in: path + name: non_human_identity_id + required: true + schema: + format: uuid + type: string + style: simple requestBody: + required: false content: application/json: schema: - $ref: "#/components/schemas/add_resource_nhi_request" - required: false + example: + duration_minutes: 60 + access_level_remote_id: roles/cloudsql.instanceUser + properties: + duration_minutes: + description: The duration for which the resource can be accessed (in minutes). Use 0 to set to indefinite. + example: 60 + type: integer + maximum: 525960 # One year + access_level_remote_id: + description: The remote ID of the access level to grant. If omitted, the default access level remote ID value (empty string) is used. + example: roles/cloudsql.instanceUser + type: string + required: + - duration_minutes + type: object responses: "200": content: application/json: schema: $ref: "#/components/schemas/ResourceNHI" - description: Details about the access that the non-human identity was granted - to the resource. + description: Details about the access that the non-human identity was granted to the resource. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - resources - /resources/{resource_id}/users/{user_id}: + - resources delete: - description: Removes a user's direct access from this resource. - operationId: delete_resource_user - parameters: - - description: The ID of the resource. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The ID of a user to remove from this resource. - example: f92aa855-cea9-4814-b9d8-f2a60d3e4a06 - explode: false - in: path - name: user_id - required: true - schema: - format: uuid - type: string - style: simple - - description: "The remote ID of the access level for which this user has direct\ - \ access. If omitted, the default access level remote ID value (empty string)\ - \ is assumed." - example: arn:aws:iam::590304332660:role/AdministratorAccess - explode: true - in: query - name: access_level_remote_id - required: false - schema: - type: string - style: form - responses: - "200": - description: This user's access was successfully removed from this resource. - security: - - BearerAuth: [] - tags: - - resources - get: - description: Returns information about a specific user's access to a resource. - operationId: getResourceUser + description: Removes a non-human identity's direct access from this resource. + operationId: delete_resource_nhi parameters: - - description: The ID of the resource. - example: 32acc112-21ff-4669-91c2-21e27683eaa1 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The ID of the user. - example: 29827fb8-f2dd-4e80-9576-28e31e9934ac - explode: false - in: path - name: user_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The pagination cursor value. - example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - explode: true - in: query - name: cursor - required: false - schema: - type: string - style: form + - description: The ID of the resource. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: resource_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The resource ID of the non-human identity to remove from this resource. + example: f92aa855-cea9-4814-b9d8-f2a60d3e4a06 + explode: false + in: path + name: non_human_identity_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The remote ID of the access level for which this non-human identity has direct access. If omitted, the default access level remote ID value (empty string) is assumed. + example: roles/cloudsql.instanceUser + explode: true + in: query + name: access_level_remote_id + required: false + schema: + type: string + style: form responses: "200": - content: - application/json: - schema: - $ref: "#/components/schemas/getResourceUser_200_response" - description: List of ResourceUser records for the user's access to the resource. - "404": - description: Resource or user not found. + description: This non-human identity's access was successfully removed from this resource. security: - - BearerAuth: [] - summary: Get resource user + - BearerAuth: [] tags: - - resources + - resources + /resources/{resource_id}/users/{user_id}: post: description: Adds a user to this resource. operationId: add_resource_user parameters: - - description: The ID of the resource. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The ID of the user to add. - example: f92aa855-cea9-4814-b9d8-f2a60d3e4a06 - explode: false - in: path - name: user_id - required: true - schema: - format: uuid - type: string - style: simple - - deprecated: true - description: The duration for which the resource can be accessed (in minutes). - Use 0 to set to indefinite. - example: 60 - explode: true - in: query - name: duration_minutes - required: false - schema: - maximum: 525960 - type: integer - style: form - - deprecated: true - description: "The remote ID of the access level to grant to this user. If\ - \ omitted, the default access level remote ID value (empty string) is used." - example: arn:aws:iam::590304332660:role/AdministratorAccess - explode: true - in: query - name: access_level_remote_id - required: false - schema: - type: string - style: form + - description: The ID of the resource. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: resource_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The ID of the user to add. + example: f92aa855-cea9-4814-b9d8-f2a60d3e4a06 + explode: false + in: path + name: user_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The duration for which the resource can be accessed (in minutes). Use 0 to set to indefinite. + example: 60 + explode: true + in: query + name: duration_minutes + required: false + schema: + type: integer + maximum: 525960 # One year + style: form + deprecated: true + - description: The remote ID of the access level to grant to this user. If omitted, the default access level remote ID value (empty string) is used. + example: arn:aws:iam::590304332660:role/AdministratorAccess + explode: true + in: query + name: access_level_remote_id + required: false + schema: + type: string + style: form + deprecated: true requestBody: + required: false content: application/json: schema: - $ref: "#/components/schemas/add_resource_user_request" - required: false + example: + duration_minutes: 60 + access_level_remote_id: arn:aws:iam::590304332660:role/AdministratorAccess + properties: + duration_minutes: + description: The duration for which the resource can be accessed (in minutes). Use 0 to set to indefinite. + example: 60 + type: integer + maximum: 525960 # One year + access_level_remote_id: + description: The remote ID of the access level to grant to this user. If omitted, the default access level remote ID value (empty string) is used. + example: arn:aws:iam::590304332660:role/AdministratorAccess + type: string + required: + - duration_minutes + type: object responses: "200": content: @@ -3349,106 +3345,217 @@ paths: $ref: "#/components/schemas/ResourceUser" description: The ResourceUser that was created. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - resources + - resources put: description: Updates a user's access level or duration on this resource. operationId: update_resource_user parameters: - - description: The ID of the resource. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The ID of the user whose access is being updated. - example: f92aa855-cea9-4814-b9d8-f2a60d3e4a06 - explode: false - in: path - name: user_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the resource. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + in: path + name: resource_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The ID of the user whose access is being updated. + example: f92aa855-cea9-4814-b9d8-f2a60d3e4a06 + in: path + name: user_id + required: true + schema: + format: uuid + type: string + style: simple requestBody: + required: true content: application/json: schema: - $ref: "#/components/schemas/update_resource_user_request" - required: true + type: object + example: + duration_minutes: 60 + access_level_remote_id: arn:aws:iam::590304332660:role/AdministratorAccess + properties: + duration_minutes: + description: The updated duration for which the resource can be accessed (in minutes). Use 0 for indefinite. + type: integer + maximum: 525960 # One year + example: 120 + access_level_remote_id: + description: The updated remote ID of the access level granted to this user. + type: string + example: arn:aws:iam::590304332660:role/ReadOnlyAccess + required: + - duration_minutes responses: "200": + description: The ResourceUser was successfully updated. content: application/json: schema: $ref: "#/components/schemas/ResourceUser" - description: The ResourceUser was successfully updated. security: - - BearerAuth: [] + - BearerAuth: [] + tags: + - resources + delete: + description: Removes a user's direct access from this resource. + operationId: delete_resource_user + parameters: + - description: The ID of the resource. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: resource_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The ID of a user to remove from this resource. + example: f92aa855-cea9-4814-b9d8-f2a60d3e4a06 + explode: false + in: path + name: user_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The remote ID of the access level for which this user has direct access. If omitted, the default access level remote ID value (empty string) is assumed. + example: arn:aws:iam::590304332660:role/AdministratorAccess + explode: true + in: query + name: access_level_remote_id + required: false + schema: + type: string + style: form + responses: + "200": + description: This user's access was successfully removed from this resource. + security: + - BearerAuth: [] + tags: + - resources + get: + summary: Get resource user + description: Returns information about a specific user's access to a resource. + operationId: getResourceUser + parameters: + - description: The ID of the resource. + example: 32acc112-21ff-4669-91c2-21e27683eaa1 + in: path + name: resource_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The ID of the user. + example: 29827fb8-f2dd-4e80-9576-28e31e9934ac + in: path + name: user_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The pagination cursor value. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: + type: string + style: form + responses: + "200": + content: + application/json: + schema: + type: object + properties: + data: + type: array + items: + $ref: "#/components/schemas/ResourceUser" + cursor: + type: string + description: Pagination cursor for the next page of results + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + total_count: + type: integer + description: Total number of results + example: 120 + required: + - data + description: List of ResourceUser records for the user's access to the resource. + "404": + description: Resource or user not found. + security: + - BearerAuth: [] tags: - - resources + - resources /resource-user-access-status/{resource_id}/{user_id}: get: deprecated: true description: Get user's access status to a resource. operationId: resource_user_access_status_retrieve parameters: - - description: The ID of the resource. - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The ID of the user. - example: 29827fb8-f2dd-4e80-9576-28e31e9934ac - explode: false - in: path - name: user_id - required: true - schema: - format: uuid - type: string - style: simple - - description: "The remote ID of the access level that you wish to query for\ - \ the resource. If omitted, the default access level remote ID value (empty\ - \ string) is used." - example: arn:aws:iam::590304332660:role/AdministratorAccess - explode: true - in: query - name: access_level_remote_id - required: false - schema: - type: string - style: form - - description: The pagination cursor value. - example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - explode: true - in: query - name: cursor - required: false - schema: - type: string - style: form - - description: Number of results to return per page. Default is 200. - example: 200 - explode: true - in: query - name: page_size - required: false - schema: - maximum: 1000 - type: integer - style: form + - description: The ID of the resource. + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + name: resource_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The ID of the user. + example: 29827fb8-f2dd-4e80-9576-28e31e9934ac + explode: false + in: path + name: user_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The remote ID of the access level that you wish to query for the resource. If omitted, the default access level remote ID value (empty string) is used. + example: arn:aws:iam::590304332660:role/AdministratorAccess + explode: true + in: query + name: access_level_remote_id + required: false + schema: + type: string + style: form + - description: The pagination cursor value. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: + type: string + style: form + - description: Number of results to return per page. Default is 200. + example: 200 + explode: true + in: query + name: page_size + required: false + schema: + type: integer + maximum: 1000 + style: form responses: "200": content: @@ -3457,24 +3564,24 @@ paths: $ref: "#/components/schemas/ResourceUserAccessStatus" description: The access status reflecting the user's access to the resource. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - resources + - resources /resources/{resource_id}/tags: get: description: Returns all tags applied to the resource. operationId: get_resource_tags parameters: - - description: The ID of the resource whose tags to return. - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the resource whose tags to return. + name: resource_id + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -3483,25 +3590,24 @@ paths: $ref: "#/components/schemas/TagsList" description: The tags applied to the resource. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - resources + - resources /resources/{resource_id}/scoped-role-permissions: get: - description: Returns all the scoped role permissions that apply to the given - resource. Only OPAL_SCOPED_ROLE resource type supports this field. + description: Returns all the scoped role permissions that apply to the given resource. Only OPAL_SCOPED_ROLE resource type supports this field. operationId: get_resource_scoped_role_permissions parameters: - - description: The ID of the resource whose scoped role permissions belong to. - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the resource whose scoped role permissions belong to. + name: resource_id + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -3510,30 +3616,29 @@ paths: $ref: "#/components/schemas/ScopedRolePermissionList" description: The role permissions that this Opal Scoped Role has. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - resources + - resources put: description: Sets all the scoped role permissions on an OPAL_SCOPED_ROLE resource. operationId: set_resource_scoped_role_permissions parameters: - - description: The ID of the resource whose scoped role permissions belong to. - Must be of OPAL_SCOPED_ROLE resource type. - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the resource whose scoped role permissions belong to. Must be of OPAL_SCOPED_ROLE resource type. + name: resource_id + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + required: true + schema: + format: uuid + type: string + style: simple requestBody: + required: true content: application/json: schema: $ref: "#/components/schemas/ScopedRolePermissionList" - required: true responses: "200": content: @@ -3542,51 +3647,51 @@ paths: $ref: "#/components/schemas/ScopedRolePermissionList" description: The role permissions that this Opal Scoped Role has. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - resources + - resources /resources/users/{user_id}: get: description: Gets the list of resources for this user. operationId: get_user_resources parameters: - - description: The ID of the user. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: user_id - required: true - schema: - format: uuid - type: string - style: simple - - description: Limit the number of results returned. - example: 200 - explode: true - in: query - name: limit - required: false - schema: - type: integer - style: form - - description: The pagination cursor value. - example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - explode: true - in: query - name: cursor - required: false - schema: - type: string - style: form - - description: Include user's access to unmanaged resources. - example: false - explode: true - in: query - name: include_unmanaged - required: false - schema: - type: boolean - style: form + - description: The ID of the user. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: user_id + required: true + schema: + format: uuid + type: string + style: simple + - description: Limit the number of results returned. + example: 200 + explode: true + in: query + name: limit + required: false + schema: + type: integer + style: form + - description: The pagination cursor value. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: + type: string + style: form + - description: Include user's access to unmanaged resources. + example: false + explode: true + in: query + name: include_unmanaged + required: false + schema: + type: boolean + style: form responses: "200": content: @@ -3595,33 +3700,33 @@ paths: $ref: "#/components/schemas/ResourceAccessUserList" description: List of resources user has access to. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - resources + - resources /sessions: get: description: Returns a list of `Session` objects. operationId: sessions parameters: - - description: The ID of the resource. - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: true - in: query - name: resource_id - required: true - schema: - format: uuid - type: string - style: form - - description: The ID of the user you wish to query sessions for. - example: 32acc112-21ff-4669-91c2-21e27683eaa1 - explode: true - in: query - name: user_id - required: false - schema: - type: string - style: form + - description: The ID of the resource. + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: true + in: query + name: resource_id + required: true + schema: + format: uuid + type: string + style: form + - description: The ID of the user you wish to query sessions for. + example: 32acc112-21ff-4669-91c2-21e27683eaa1 + explode: true + in: query + name: user_id + required: false + schema: + type: string + style: form responses: "200": content: @@ -3630,34 +3735,33 @@ paths: $ref: "#/components/schemas/SessionsList" description: The sessions associated with a resource. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - sessions + - sessions /user: get: description: Returns a `User` object. operationId: user parameters: - - description: The user ID of the user. - example: 32acc112-21ff-4669-91c2-21e27683eaa1 - explode: true - in: query - name: user_id - required: false - schema: - format: uuid - type: string - style: form - - description: "The email of the user. If both user ID and email are provided,\ - \ user ID will take precedence. If neither are provided, an error will occur." - example: johndoe@domain.org - explode: true - in: query - name: email - required: false - schema: - type: string - style: form + - description: The user ID of the user. + example: 32acc112-21ff-4669-91c2-21e27683eaa1 + explode: true + in: query + name: user_id + required: false + schema: + format: uuid + type: string + style: form + - description: The email of the user. If both user ID and email are provided, user ID will take precedence. If neither are provided, an error will occur. + example: johndoe@domain.org + explode: true + in: query + name: email + required: false + schema: + type: string + style: form responses: "200": content: @@ -3666,33 +3770,33 @@ paths: $ref: "#/components/schemas/User" description: The user object associated with the passed-in email or ID. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - users + - users /users: get: description: Returns a list of users for your organization. operationId: getUsers parameters: - - description: The pagination cursor value. - example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - explode: true - in: query - name: cursor - required: false - schema: - type: string - style: form - - description: Number of results to return per page. Default is 200. - example: 200 - explode: true - in: query - name: page_size - required: false - schema: - maximum: 1000 - type: integer - style: form + - description: The pagination cursor value. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: + type: string + style: form + - description: Number of results to return per page. Default is 200. + example: 200 + explode: true + in: query + name: page_size + required: false + schema: + type: integer + maximum: 1000 + style: form responses: "200": content: @@ -3701,70 +3805,64 @@ paths: $ref: "#/components/schemas/PaginatedUsersList" description: One page worth users in your organization. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - users + - users /users/remote_users: get: description: Returns a list of remote users for your organization. operationId: getRemoteUsers parameters: - - description: Filter remote users by their third party provider. - example: - - GIT_HUB - explode: true - in: query - name: third_party_provider - required: false - schema: - items: - $ref: "#/components/schemas/ThirdPartyProviderEnum" - type: array - style: form - - description: Filter remote users by their user ID. - example: - - 32acc112-21ff-4669-91c2-21e27683eaa1 - explode: true - in: query - name: user_id - required: false - schema: - items: - format: uuid - type: string - type: array - style: form - - description: Filter remote users by their remote ID. - example: - - 1234567890 - explode: true - in: query - name: remote_id - required: false - schema: - items: + - description: Filter remote users by their third party provider. + example: [GIT_HUB] + in: query + name: third_party_provider + required: false + schema: + type: array + items: + $ref: "#/components/schemas/ThirdPartyProviderEnum" + style: form + - description: Filter remote users by their user ID. + example: [32acc112-21ff-4669-91c2-21e27683eaa1] + in: query + name: user_id + required: false + schema: + type: array + items: + type: string + format: uuid + style: form + - description: Filter remote users by their remote ID. + example: [1234567890] + in: query + name: remote_id + required: false + schema: + type: array + items: + type: string + style: form + - description: The pagination cursor value. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: type: string - type: array - style: form - - description: The pagination cursor value. - example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - explode: true - in: query - name: cursor - required: false - schema: - type: string - style: form - - description: Number of results to return per page. Default is 200. - example: 200 - explode: true - in: query - name: page_size - required: false - schema: - maximum: 1000 - type: integer - style: form + style: form + - description: Number of results to return per page. Default is 200. + example: 200 + explode: true + in: query + name: page_size + required: false + schema: + type: integer + maximum: 1000 + style: form responses: "200": content: @@ -3773,24 +3871,24 @@ paths: $ref: "#/components/schemas/PaginatedRemoteUsersList" description: One page worth users in your organization. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - users + - users /users/{user_id}/tags: get: description: Returns all tags applied to the user. operationId: get_user_tags parameters: - - description: The ID of the user whose tags to return. - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: user_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the user whose tags to return. + name: user_id + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -3799,19 +3897,19 @@ paths: $ref: "#/components/schemas/TagsList" description: The tags applied to the user. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - users + - users /access-rules: post: description: Creates a new access rule config for the given group_id. operationId: create_access_rule requestBody: + required: true content: application/json: schema: $ref: "#/components/schemas/UpdateAccessRuleInfo" - required: true responses: "201": content: @@ -3820,25 +3918,24 @@ paths: $ref: "#/components/schemas/AccessRule" description: The created access rule config for the group. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - access-rules + - access-rules /access-rules/{access_rule_id}: get: - description: Returns a list of access rule config given the group_id of the - access rule. + description: Returns a list of access rule config given the group_id of the access rule. operationId: get_access_rule parameters: - - description: The access rule ID (group ID) of the access rule. - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: access_rule_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The access rule ID (group ID) of the access rule. + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + name: access_rule_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -3847,29 +3944,29 @@ paths: $ref: "#/components/schemas/AccessRule" description: The access rules for the group. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - access-rules + - access-rules put: description: Updates the access rule config for the given group_id. operationId: update_access_rule parameters: - - description: The access rule ID (group ID) of the access rule. - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: access_rule_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The access rule ID (group ID) of the access rule. + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + name: access_rule_id + required: true + schema: + format: uuid + type: string + style: simple requestBody: + required: true content: application/json: schema: $ref: "#/components/schemas/UpdateAccessRuleInfo" - required: true responses: "200": content: @@ -3878,47 +3975,25 @@ paths: $ref: "#/components/schemas/AccessRule" description: The updated access rule config for the group. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - access-rules + - access-rules /tag/{tag_id}: - delete: - description: UNSTABLE. May be removed at any time. Deletes a tag with the given - id. - operationId: delete_tag_by_ID - parameters: - - description: The tag ID - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: tag_id - required: true - schema: - format: uuid - type: string - style: simple - responses: - "200": - description: Tag was deleted. - security: - - BearerAuth: [] - tags: - - tags get: - description: UNSTABLE. May be removed at any time. Gets a tag with the given - id. + summary: Get tag by ID + description: UNSTABLE. May be removed at any time. Gets a tag with the given id. operationId: get_tag_by_ID parameters: - - description: The tag ID - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: tag_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The tag ID + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + name: tag_id + required: true + schema: + type: string + format: uuid + style: simple responses: "200": content: @@ -3927,33 +4002,53 @@ paths: $ref: "#/components/schemas/Tag" description: The tag requested. security: - - BearerAuth: [] - summary: Get tag by ID + - BearerAuth: [] + tags: + - tags + delete: + description: UNSTABLE. May be removed at any time. Deletes a tag with the given id. + operationId: delete_tag_by_ID + parameters: + - description: The tag ID + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + name: tag_id + required: true + schema: + type: string + format: uuid + style: simple + responses: + "200": + description: Tag was deleted. + security: + - BearerAuth: [] tags: - - tags + - tags /tag: get: description: Gets a tag with the given key and value. operationId: get_tag parameters: - - description: The key of the tag to get. - example: api-scope - explode: false - in: query - name: tag_key - required: true - schema: - type: string - style: form - - description: The value of the tag to get. - example: production - explode: false - in: query - name: tag_value - required: false - schema: - type: string - style: form + - description: The key of the tag to get. + example: api-scope + explode: false + in: query + name: tag_key + required: true + schema: + type: string + style: form + - description: The value of the tag to get. + example: production + explode: false + in: query + name: tag_value + required: false + schema: + type: string + style: form responses: "200": content: @@ -3962,50 +4057,49 @@ paths: $ref: "#/components/schemas/Tag" description: The tag requested. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - tags + - tags post: description: Creates a tag with the given key and value. operationId: create_tag parameters: - - deprecated: true - description: The key of the tag to create. - example: api-scope - explode: false - in: query - name: tag_key - required: false - schema: - type: string - style: form - - deprecated: true - description: The value of the tag to create. - example: production - explode: false - in: query - name: tag_value - required: false - schema: - type: string - style: form - - deprecated: true - description: The ID of the owner that manages the tag. - example: f92aa855-cea9-4814-b9d8-f2a60d3e4a06 - explode: false - in: query - name: admin_owner_id - required: false - schema: - format: uuid - type: string - style: form + - description: The key of the tag to create. + example: api-scope + explode: false + in: query + name: tag_key + required: false + schema: + type: string + style: form + deprecated: true + - description: The value of the tag to create. + example: production + explode: false + in: query + name: tag_value + required: false + schema: + type: string + style: form + deprecated: true + - description: The ID of the owner that manages the tag. + example: f92aa855-cea9-4814-b9d8-f2a60d3e4a06 + explode: false + in: query + name: admin_owner_id + schema: + format: uuid + type: string + style: form + deprecated: true requestBody: + required: false content: application/json: schema: $ref: "#/components/schemas/CreateTagInfo" - required: false responses: "200": content: @@ -4014,33 +4108,34 @@ paths: $ref: "#/components/schemas/Tag" description: The tag that was created. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - tags + - tags /tags: get: + summary: Get tags description: Returns a list of tags created by your organization. operationId: getTags parameters: - - description: The pagination cursor value. - example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - explode: true - in: query - name: cursor - required: false - schema: - type: string - style: form - - description: Number of results to return per page. Default is 200. - example: 200 - explode: true - in: query - name: page_size - required: false - schema: - maximum: 1000 - type: integer - style: form + - description: The pagination cursor value. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: + type: string + style: form + - description: Number of results to return per page. Default is 200. + example: 200 + explode: true + in: query + name: page_size + required: false + schema: + type: integer + maximum: 1000 + style: form responses: "200": content: @@ -4049,207 +4144,207 @@ paths: $ref: "#/components/schemas/PaginatedTagsList" description: A list of tags created by your organization. security: - - BearerAuth: [] - summary: Get tags + - BearerAuth: [] tags: - - tags + - tags /tags/{tag_id}/users/{user_id}: - delete: - description: Removes a tag from a user. - operationId: remove_user_tag - parameters: - - description: The ID of the tag to remove. - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: tag_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The ID of the user to remove the tag from. - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: user_id - required: true - schema: - format: uuid - type: string - style: simple - responses: - "200": - description: Tag removed from user successfully. - security: - - BearerAuth: [] - tags: - - tags post: description: Applies a tag to a user. operationId: add_user_tag parameters: - - description: The ID of the tag to apply. - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: tag_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The ID of the user to apply the tag to. - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: user_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the tag to apply. + name: tag_id + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + required: true + schema: + format: uuid + type: string + style: simple + - description: The ID of the user to apply the tag to. + name: user_id + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + required: true + schema: + format: uuid + type: string + style: simple requestBody: + required: false content: application/json: schema: type: object - required: false responses: "200": description: Tag applied to user successfully. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - tags - /tags/{tag_id}/groups/{group_id}: + - tags delete: - description: Removes a tag from a group. - operationId: remove_group_tag + description: Removes a tag from a user. + operationId: remove_user_tag parameters: - - description: The ID of the tag to remove. - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: tag_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The ID of the group to remove the tag from. - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the tag to remove. + name: tag_id + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + required: true + schema: + format: uuid + type: string + style: simple + - description: The ID of the user to remove the tag from. + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + name: user_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": - description: Tag removed from group successfully. + description: Tag removed from user successfully. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - tags + - tags + /tags/{tag_id}/groups/{group_id}: post: description: Applies a tag to a group. operationId: add_group_tag parameters: - - description: The ID of the tag to apply. - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: tag_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The ID of the group to apply the tag to. - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: group_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the tag to apply. + name: tag_id + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + required: true + schema: + format: uuid + type: string + style: simple + - description: The ID of the group to apply the tag to. + name: group_id + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + required: true + schema: + format: uuid + type: string + style: simple responses: "200": description: Tag applied to group successfully. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - tags - /tags/{tag_id}/resources/{resource_id}: + - tags delete: - description: Removes a tag from a resource. - operationId: remove_resource_tag + description: Removes a tag from a group. + operationId: remove_group_tag parameters: - - description: The ID of the tag to remove. - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: tag_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The ID of the resource to remove the tag from. - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the tag to remove. + name: tag_id + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + required: true + schema: + format: uuid + type: string + style: simple + - description: The ID of the group to remove the tag from. + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": - description: Tag removed from resource successfully. + description: Tag removed from group successfully. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - tags + - tags + /tags/{tag_id}/resources/{resource_id}: post: description: Applies a tag to a resource. operationId: add_resource_tag parameters: - - description: The ID of the tag to apply. - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: tag_id - required: true - schema: - format: uuid - type: string - style: simple - - description: The ID of the resource to apply the tag to. - example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - explode: false - in: path - name: resource_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the tag to apply. + name: tag_id + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + required: true + schema: + format: uuid + type: string + style: simple + - description: The ID of the resource to apply the tag to. + name: resource_id + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + required: true + schema: + format: uuid + type: string + style: simple responses: "200": description: Tag applied to resource successfully. security: - - BearerAuth: [] + - BearerAuth: [] + tags: + - tags + delete: + description: Removes a tag from a resource. + operationId: remove_resource_tag + parameters: + - description: The ID of the tag to remove. + name: tag_id + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + required: true + schema: + format: uuid + type: string + style: simple + - description: The ID of the resource to remove the tag from. + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + name: resource_id + required: true + schema: + format: uuid + type: string + style: simple + responses: + "200": + description: Tag removed from resource successfully. + security: + - BearerAuth: [] tags: - - tags + - tags /message-channels: get: + summary: Get message channels description: Returns a list of `MessageChannel` objects. operationId: get_message_channels responses: @@ -4260,20 +4355,19 @@ paths: $ref: "#/components/schemas/MessageChannelList" description: A list of message channels for your organization. security: - - BearerAuth: [] - summary: Get message channels + - BearerAuth: [] tags: - - message-channels + - message-channels post: description: Creates a `MessageChannel` objects. operationId: create_message_channel requestBody: + description: The `MessageChannel` object to be created. + required: true content: application/json: schema: $ref: "#/components/schemas/CreateMessageChannelInfo" - description: The `MessageChannel` object to be created. - required: true responses: "200": content: @@ -4282,24 +4376,25 @@ paths: $ref: "#/components/schemas/MessageChannel" description: The message channel that was created. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - message-channels + - message-channels /message-channels/{message_channel_id}: get: + summary: Get message channel by ID description: Gets a `MessageChannel` object. operationId: get_message_channel parameters: - - description: The ID of the message_channel. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: message_channel_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the message_channel. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: message_channel_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -4308,12 +4403,12 @@ paths: $ref: "#/components/schemas/MessageChannel" description: The requested message channel. security: - - BearerAuth: [] - summary: Get message channel by ID + - BearerAuth: [] tags: - - message-channels + - message-channels /on-call-schedules: get: + summary: Get on call schedules description: Returns a list of `OnCallSchedule` objects. operationId: get_on_call_schedules responses: @@ -4324,20 +4419,19 @@ paths: $ref: "#/components/schemas/OnCallScheduleList" description: A list of on call schedules for your organization. security: - - BearerAuth: [] - summary: Get on call schedules + - BearerAuth: [] tags: - - on-call-schedules + - on-call-schedules post: description: Creates a `OnCallSchedule` objects. operationId: create_on_call_schedule requestBody: + description: The `OnCallSchedule` object to be created. + required: true content: application/json: schema: $ref: "#/components/schemas/CreateOnCallScheduleInfo" - description: The `OnCallSchedule` object to be created. - required: true responses: "200": content: @@ -4346,24 +4440,25 @@ paths: $ref: "#/components/schemas/OnCallSchedule" description: The on call schedule that was created. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - on-call-schedules + - on-call-schedules /on-call-schedules/{on_call_schedule_id}: get: + summary: Get on call schedule by ID description: Gets a `OnCallSchedule` object. operationId: get_on_call_schedule parameters: - - description: The ID of the on_call_schedule. - example: 9546209c-42c2-4801-96d7-9ec42df0f59c - explode: false - in: path - name: on_call_schedule_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the on_call_schedule. + example: 9546209c-42c2-4801-96d7-9ec42df0f59c + explode: false + in: path + name: on_call_schedule_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -4372,34 +4467,33 @@ paths: $ref: "#/components/schemas/OnCallSchedule" description: The requested on call schedule. security: - - BearerAuth: [] - summary: Get on call schedule by ID + - BearerAuth: [] tags: - - on-call-schedules + - on-call-schedules /uars: get: description: Returns a list of `UAR` objects. operationId: getUARs parameters: - - description: The pagination cursor value. - example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - explode: true - in: query - name: cursor - required: false - schema: - type: string - style: form - - description: Number of results to return per page. Default is 200. - example: 200 - explode: true - in: query - name: page_size - required: false - schema: - maximum: 1000 - type: integer - style: form + - description: The pagination cursor value. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: + type: string + style: form + - description: Number of results to return per page. Default is 200. + example: 200 + explode: true + in: query + name: page_size + required: false + schema: + type: integer + maximum: 1000 + style: form responses: "200": content: @@ -4408,20 +4502,20 @@ paths: $ref: "#/components/schemas/PaginatedUARsList" description: A list of UARs for your organization. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - uars + - uars /uar: post: description: Starts a User Access Review. operationId: create_uar requestBody: + description: The settings of the UAR. + required: true content: application/json: schema: $ref: "#/components/schemas/CreateUARInfo" - description: The settings of the UAR. - required: true responses: "200": content: @@ -4430,24 +4524,24 @@ paths: $ref: "#/components/schemas/UAR" description: The UAR that was started. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - uars + - uars /uar/{uar_id}: get: description: Retrieves a specific UAR. operationId: get_uar parameters: - - description: The ID of the UAR. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: path - name: uar_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the UAR. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: uar_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -4456,46 +4550,45 @@ paths: $ref: "#/components/schemas/UAR" description: The UAR that was requested. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - uars + - uars /sync_errors: get: - description: Returns a list of recent sync errors that have occurred since the - last successful sync. + description: Returns a list of recent sync errors that have occurred since the last successful sync. operationId: getSyncErrors parameters: - - description: The ID of the app to list sync errors for. - example: 29827fb8-f2dd-4e80-9576-28e31e9934ac - explode: false - in: query - name: app_id - required: false - schema: - format: uuid - type: string - style: form - - description: The ID of the resource to list sync errors for. - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - explode: false - in: query - name: resource_id - required: false - schema: - format: uuid - type: string - style: form - - description: The ID of the group to list sync errors for. - example: 9546209c-42c2-4801-96d7-9ec42df0f59c - explode: false - in: query - name: group_id - required: false - schema: - format: uuid - type: string - style: form - responses: + - description: The ID of the app to list sync errors for. + example: 29827fb8-f2dd-4e80-9576-28e31e9934ac + explode: false + in: query + name: app_id + required: false + schema: + format: uuid + type: string + style: form + - description: The ID of the resource to list sync errors for. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: query + name: resource_id + required: false + schema: + format: uuid + type: string + style: form + - description: The ID of the group to list sync errors for. + example: 9546209c-42c2-4801-96d7-9ec42df0f59c + explode: false + in: query + name: group_id + required: false + schema: + format: uuid + type: string + style: form + responses: "200": content: application/json: @@ -4505,57 +4598,54 @@ paths: type: array description: A list of sync errors. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - apps + - apps /delegations: get: - description: Returns a list of request reviewer delegations configured for your - organization. + summary: Get delegations + description: Returns a list of request reviewer delegations configured for your organization. operationId: getDelegations parameters: - - description: The delegator user ID to filter delegations by the user delegating - their access review requests. - example: 29827fb8-f2dd-4e80-9576-28e31e9934ac - explode: true - in: query - name: delegator_user_id - required: false - schema: - format: uuid - type: string - style: form - - description: The delegate user ID to filter delegations by the user being - delegated to. - example: 29827fb8-f2dd-4e80-9576-28e31e9934ac - explode: true - in: query - name: delegate_user_id - required: false - schema: - format: uuid - type: string - style: form - - description: A cursor to indicate where to start fetching results. - example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - explode: true - in: query - name: cursor - required: false - schema: - type: string - style: form - - description: The maximum number of results to return per page. The default - is 200. - example: 200 - explode: true - in: query - name: page_size - required: false - schema: - maximum: 1000 - type: integer - style: form + - description: The delegator user ID to filter delegations by the user delegating their access review requests. + example: 29827fb8-f2dd-4e80-9576-28e31e9934ac + explode: true + in: query + name: delegator_user_id + required: false + schema: + format: uuid + type: string + style: form + - description: The delegate user ID to filter delegations by the user being delegated to. + example: 29827fb8-f2dd-4e80-9576-28e31e9934ac + explode: true + in: query + name: delegate_user_id + required: false + schema: + format: uuid + type: string + style: form + - description: A cursor to indicate where to start fetching results. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: + type: string + style: form + - description: The maximum number of results to return per page. The default is 200. + example: 200 + explode: true + in: query + name: page_size + required: false + schema: + type: integer + maximum: 1000 + style: form responses: "200": content: @@ -4564,19 +4654,18 @@ paths: $ref: "#/components/schemas/PaginatedDelegationsList" description: A list of delegations for your organization. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - delegations + - delegations post: - description: Creates a new request reviewer delegation to delegate access review - requests from one user to another. + description: Creates a new request reviewer delegation to delegate access review requests from one user to another. operationId: createDelegation requestBody: + required: true content: application/json: schema: $ref: "#/components/schemas/CreateDelegationRequest" - required: true responses: "200": content: @@ -4585,45 +4674,25 @@ paths: $ref: "#/components/schemas/Delegation" description: Delegation created successfully. security: - - BearerAuth: [] + - BearerAuth: [] tags: - - delegations + - delegations /delegations/{delegation_id}: - delete: - description: Deletes a delegation by its ID. - operationId: deleteDelegation - parameters: - - description: The ID of the delegation to remove. - example: 32acc112-21ff-4669-91c2-21e27683eaa1 - explode: true - in: path - name: delegation_id - required: true - schema: - format: uuid - type: string - style: simple - responses: - "200": - description: Delegation removed successfully - security: - - BearerAuth: [] - tags: - - delegations get: + summary: Get delegation by ID description: Returns a specific delegation by its ID. operationId: getDelegation parameters: - - description: The ID of the delegation to retrieve. - example: 32acc112-21ff-4669-91c2-21e27683eaa1 - explode: true - in: path - name: delegation_id - required: true - schema: - format: uuid - type: string - style: simple + - description: The ID of the delegation to retrieve. + example: 32acc112-21ff-4669-91c2-21e27683eaa1 + explode: true + in: path + name: delegation_id + required: true + schema: + format: uuid + type: string + style: simple responses: "200": content: @@ -4632,354 +4701,260 @@ paths: $ref: "#/components/schemas/Delegation" description: The requested delegation. security: - - BearerAuth: [] + - BearerAuth: [] + tags: + - delegations + delete: + description: Deletes a delegation by its ID. + operationId: deleteDelegation + parameters: + - description: The ID of the delegation to remove. + example: 32acc112-21ff-4669-91c2-21e27683eaa1 + explode: true + in: path + name: delegation_id + required: true + schema: + format: uuid + type: string + style: simple + responses: + "200": + description: Delegation removed successfully + security: + - BearerAuth: [] tags: - - delegations + - delegations + components: schemas: PaginatedAssignedRequestList: + type: object + required: + - requests + - cursor properties: requests: + type: array items: $ref: "#/components/schemas/Request" - type: array cursor: - description: The cursor to continue pagination type: string - required: - - cursor - - requests + description: The cursor to continue pagination PageInfo: - example: - hasNextPage: true - hasPreviousPage: true - endCursor: endCursor - startCursor: startCursor + type: object + required: + - hasNextPage + - endCursor + - hasPreviousPage + - startCursor properties: hasNextPage: - description: Whether there are more items after the end cursor type: boolean + description: Whether there are more items after the end cursor endCursor: - description: The cursor to continue pagination forwards type: string + description: The cursor to continue pagination forwards hasPreviousPage: - description: Whether there are more items before the start cursor type: boolean + description: Whether there are more items before the start cursor startCursor: - description: The cursor to continue pagination backwards type: string - required: - - endCursor - - hasNextPage - - hasPreviousPage - - startCursor + description: The cursor to continue pagination backwards + RequestEdge: - example: - cursor: cursor - node: - id: 7c86c85d-0651-43e2-a748-d69d658418e8 - created_at: 2021-01-06T20:00:00Z - updated_at: 2021-01-06T20:00:00Z - requester_id: c86c85d-0651-43e2-a748-d69d658418e8 - target_user_id: r86c85d-0651-43e2-a748-d69d658418e8 - target_group_id: r86c85d-0651-43e2-a748-d69d658418e8 - status: pending - reason: I need this resource. - duration_minutes: 1440 - request_comments: - - id: 7c86c85d-0651-43e2-a748-d69d658418e8 - created_at: 2021-01-06T20:00:00Z - updated_at: 2021-01-06T20:00:00Z - request_id: 4c86c85d-0651-43e2-a748-d69d658418e8 - user_id: c86c85d-0651-43e2-a748-d69d658418e8 - comment: This is a comment. - reviewer_stages: - - requestedRoleName: Admin - requestedItemName: AWS Production Account - stages: - - stage: 1 - operator: AND - reviewers: - - id: 7c86c85d-0651-43e2-a748-d69d658418e8 - status: PENDING - - stage: 2 - operator: OR - reviewers: - - id: 8d86c85d-0651-43e2-a748-d69d658418e9 - status: APPROVED + type: object + required: + - node + - cursor properties: node: $ref: "#/components/schemas/Request" cursor: - description: The cursor for this request edge type: string - required: - - cursor - - node + description: The cursor for this request edge + RequestConnection: - example: - edges: - - cursor: cursor - node: - id: 7c86c85d-0651-43e2-a748-d69d658418e8 - created_at: 2021-01-06T20:00:00Z - updated_at: 2021-01-06T20:00:00Z - requester_id: c86c85d-0651-43e2-a748-d69d658418e8 - target_user_id: r86c85d-0651-43e2-a748-d69d658418e8 - target_group_id: r86c85d-0651-43e2-a748-d69d658418e8 - status: pending - reason: I need this resource. - duration_minutes: 1440 - request_comments: - - id: 7c86c85d-0651-43e2-a748-d69d658418e8 - created_at: 2021-01-06T20:00:00Z - updated_at: 2021-01-06T20:00:00Z - request_id: 4c86c85d-0651-43e2-a748-d69d658418e8 - user_id: c86c85d-0651-43e2-a748-d69d658418e8 - comment: This is a comment. - reviewer_stages: - - requestedRoleName: Admin - requestedItemName: AWS Production Account - stages: - - stage: 1 - operator: AND - reviewers: - - id: 7c86c85d-0651-43e2-a748-d69d658418e8 - status: PENDING - - stage: 2 - operator: OR - reviewers: - - id: 8d86c85d-0651-43e2-a748-d69d658418e9 - status: APPROVED - - cursor: cursor - node: - id: 7c86c85d-0651-43e2-a748-d69d658418e8 - created_at: 2021-01-06T20:00:00Z - updated_at: 2021-01-06T20:00:00Z - requester_id: c86c85d-0651-43e2-a748-d69d658418e8 - target_user_id: r86c85d-0651-43e2-a748-d69d658418e8 - target_group_id: r86c85d-0651-43e2-a748-d69d658418e8 - status: pending - reason: I need this resource. - duration_minutes: 1440 - request_comments: - - id: 7c86c85d-0651-43e2-a748-d69d658418e8 - created_at: 2021-01-06T20:00:00Z - updated_at: 2021-01-06T20:00:00Z - request_id: 4c86c85d-0651-43e2-a748-d69d658418e8 - user_id: c86c85d-0651-43e2-a748-d69d658418e8 - comment: This is a comment. - reviewer_stages: - - requestedRoleName: Admin - requestedItemName: AWS Production Account - stages: - - stage: 1 - operator: AND - reviewers: - - id: 7c86c85d-0651-43e2-a748-d69d658418e8 - status: PENDING - - stage: 2 - operator: OR - reviewers: - - id: 8d86c85d-0651-43e2-a748-d69d658418e9 - status: APPROVED - pageInfo: - hasNextPage: true - hasPreviousPage: true - endCursor: endCursor - startCursor: startCursor - totalCount: 0 + type: object + required: + - edges + - pageInfo + - totalCount properties: edges: + type: array items: $ref: "#/components/schemas/RequestEdge" - type: array pageInfo: $ref: "#/components/schemas/PageInfo" totalCount: - description: The total number of items available type: integer - required: - - edges - - pageInfo - - totalCount + description: The total number of items available UARScope: - description: "If set, the access review will only contain resources and groups\ - \ that match at least one of the filters in scope." + description: If set, the access review will only contain resources and groups that match at least one of the filters in scope. example: filter_operator: ANY users: - - userd283-ca87-4a8a-bdbb-df212eca5353 - include_group_bindings: true + - userd283-ca87-4a8a-bdbb-df212eca5353 + include_group_bindings: True tags: - - key: uar_scope - value: high_priority + - key: uar_scope + value: high_priority names: - - demo - - api + - demo + - api admins: - - f454d283-ca87-4a8a-bdbb-df212eca5353 - - 8763d283-ca87-4a8a-bdbb-df212ecab139 + - f454d283-ca87-4a8a-bdbb-df212eca5353 + - 8763d283-ca87-4a8a-bdbb-df212ecab139 resource_types: - - GCP_CLOUD_SQL_POSTGRES_INSTANCE + - GCP_CLOUD_SQL_POSTGRES_INSTANCE group_types: - - AWS_SSO_GROUP + - AWS_SSO_GROUP apps: - - pas2d283-ca87-4a8a-bdbb-df212eca5353 - - apss2d283-ca87-4a8a-bdbb-df212eca5353 + - pas2d283-ca87-4a8a-bdbb-df212eca5353 + - apss2d283-ca87-4a8a-bdbb-df212eca5353 entities: - - f454d283-as87-4a8a-bdbb-df212eca5353 - - f454d283-as87-4a8a-bdbb-df212eca5329 + - f454d283-as87-4a8a-bdbb-df212eca5353 + - f454d283-as87-4a8a-bdbb-df212eca5329 properties: group_visibility: description: Specifies what users can see during an Access Review - enum: - - STRICT - - VIEW_VISIBLE_AND_ASSIGNED - - VIEW_ALL type: string + enum: [STRICT, VIEW_VISIBLE_AND_ASSIGNED, VIEW_ALL] users: - description: "The access review will only include the following users. If\ - \ any users are selected, any entity filters will be applied to only the\ - \ entities that the selected users have access to." + description: The access review will only include the following users. If any users are selected, any entity filters will be applied to only the entities that the selected users have access to. items: example: userd283-ca87-4a8a-bdbb-df212eca5353 - format: uuid type: string + format: uuid type: array filter_operator: - description: Specifies whether entities must match all (AND) or any (OR) - of the filters. - enum: - - ANY - - ALL + description: Specifies whether entities must match all (AND) or any (OR) of the filters. type: string + enum: [ANY, ALL] entities: - description: This access review will include resources and groups with ids - in the given strings. + description: This access review will include resources and groups with ids in the given strings. items: example: f454d283-as87-4a8a-bdbb-df212eca5353 - format: uuid type: string + format: uuid type: array apps: description: This access review will include items in the specified applications items: example: pas2d283-ca87-4a8a-bdbb-df212eca5353 - format: uuid type: string + format: uuid type: array admins: - description: This access review will include resources and groups who are - owned by one of the owners corresponding to the given IDs. + description: This access review will include resources and groups who are owned by one of the owners corresponding to the given IDs. items: example: f454d283-ca87-4a8a-bdbb-df212eca5353 - format: uuid type: string + format: uuid type: array group_types: - description: This access review will include items of the specified group - types + description: This access review will include items of the specified group types + type: array items: $ref: "#/components/schemas/GroupTypeEnum" - type: array resource_types: - description: This access review will include items of the specified resource - types + description: This access review will include items of the specified resource types + type: array items: $ref: "#/components/schemas/ResourceTypeEnum" - type: array include_group_bindings: - example: false type: boolean + example: False tags: - description: This access review will include resources and groups who are - tagged with one of the given tags. + description: This access review will include resources and groups who are tagged with one of the given tags. items: $ref: "#/components/schemas/TagFilter" type: array names: - description: This access review will include resources and groups whose - name contains one of the given strings. + description: This access review will include resources and groups whose name contains one of the given strings. items: example: demo type: string type: array + type: object PaginatedUARsList: description: A list of UARs. example: next: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw previous: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ results: - - uar_id: f454d283-ca87-4a8a-bdbb-df212eca5353 - name: Monthly UAR (July) - send_reviewer_assignment_notification: false - deadline: 2022-07-14T06:59:59Z - time_zone: America/Los_Angeles - self_review_allowed: false - uar_scope: - tags: - - key: uar_scope - value: high_priority - names: - - demo - - api - admins: - - f454d283-ca87-4a8a-bdbb-df212eca5353 - - 8763d283-ca87-4a8a-bdbb-df212ecab139 - - uar_id: 39a4d283-ca87-4a8a-bdbb-df212eca5fdb - name: Monthly UAR (August) - send_reviewer_assignment_notification: true - deadline: 2022-08-14T06:59:59Z - time_zone: America/Los_Angeles - self_review_allowed: false - uar_scope: - tags: - - key: uar_scope - value: high_priority - names: - - demo - - api - admins: - - f454d283-ca87-4a8a-bdbb-df212eca5353 - - 8763d283-ca87-4a8a-bdbb-df212ecab139 + - uar_id: f454d283-ca87-4a8a-bdbb-df212eca5353 + name: Monthly UAR (July) + send_reviewer_assignment_notification: False + deadline: 2022-07-14T06:59:59Z + time_zone: America/Los_Angeles + self_review_allowed: False + uar_scope: + tags: + - key: uar_scope + value: high_priority + names: + - demo + - api + admins: + - f454d283-ca87-4a8a-bdbb-df212eca5353 + - 8763d283-ca87-4a8a-bdbb-df212ecab139 + - uar_id: 39a4d283-ca87-4a8a-bdbb-df212eca5fdb + name: Monthly UAR (August) + send_reviewer_assignment_notification: True + deadline: 2022-08-14T06:59:59Z + time_zone: America/Los_Angeles + self_review_allowed: False + uar_scope: + tags: + - key: uar_scope + value: high_priority + names: + - demo + - api + admins: + - f454d283-ca87-4a8a-bdbb-df212eca5353 + - 8763d283-ca87-4a8a-bdbb-df212ecab139 properties: next: - description: The cursor with which to continue pagination if additional + description: + The cursor with which to continue pagination if additional result pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - type: string nullable: true + type: string previous: description: The cursor used to obtain the current result page. example: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ - type: string nullable: true + type: string results: items: $ref: "#/components/schemas/UAR" type: array required: - - results + - results + type: object UAR: description: A user access review. example: uar_id: f454d283-ca87-4a8a-bdbb-df212eca5353 name: Monthly UAR (July) - send_reviewer_assignment_notification: false + send_reviewer_assignment_notification: False deadline: 2022-07-14T06:59:59Z time_zone: America/Los_Angeles - self_review_allowed: false + self_review_allowed: False uar_scope: tags: - - key: uar_scope - value: high_priority + - key: uar_scope + value: high_priority names: - - demo - - api + - demo + - api admins: - - f454d283-ca87-4a8a-bdbb-df212eca5353 - - 8763d283-ca87-4a8a-bdbb-df212ecab139 + - f454d283-ca87-4a8a-bdbb-df212eca5353 + - 8763d283-ca87-4a8a-bdbb-df212ecab139 properties: uar_id: description: The ID of the UAR. @@ -4993,61 +4968,54 @@ components: reviewer_assignment_policy: $ref: "#/components/schemas/UARReviewerAssignmentPolicyEnum" send_reviewer_assignment_notification: - description: A bool representing whether to send a notification to reviewers - when they're assigned a new review. Default is False. - example: false + description: A bool representing whether to send a notification to reviewers when they're assigned a new review. Default is False. + example: False type: boolean deadline: description: The last day for reviewers to complete their access reviews. example: 2022-07-14T06:59:59Z - format: date-time type: string + format: date-time time_zone: - description: The time zone name (as defined by the IANA Time Zone database) - used in the access review deadline and exported audit report. Default - is America/Los_Angeles. + description: The time zone name (as defined by the IANA Time Zone database) used in the access review deadline and exported audit report. Default is America/Los_Angeles. example: America/Los_Angeles type: string self_review_allowed: - description: A bool representing whether to present a warning when a user - is the only reviewer for themself. Default is False. - example: false + description: A bool representing whether to present a warning when a user is the only reviewer for themself. Default is False. + example: False type: boolean uar_scope: $ref: "#/components/schemas/UARScope" required: - - deadline - - name - - reviewer_assignment_policy - - self_review_allowed - - send_reviewer_assignment_notification - - time_zone - - uar_id + - uar_id + - name + - deadline + - reviewer_assignment_policy + - send_reviewer_assignment_notification + - time_zone + - self_review_allowed + type: object CreateUARInfo: description: Information needed to start a user access review. example: name: Monthly UAR (July) - send_reviewer_assignment_notification: false + send_reviewer_assignment_notification: False deadline: 2022-07-14T06:59:59Z time_zone: America/Los_Angeles - self_review_allowed: false - reminder_schedule: - - 7 - - 3 - - 1 - - 0 - reminder_include_manager: true + self_review_allowed: False + reminder_schedule: [7, 3, 1, 0] + reminder_include_manager: True uar_scope: group_visibility: STRICT tags: - - key: uar_scope - value: high_priority + - key: uar_scope + value: high_priority names: - - demo - - api + - demo + - api admins: - - f454d283-ca87-4a8a-bdbb-df212eca5353 - - 8763d283-ca87-4a8a-bdbb-df212ecab139 + - f454d283-ca87-4a8a-bdbb-df212eca5353 + - 8763d283-ca87-4a8a-bdbb-df212ecab139 properties: name: description: The name of the UAR. @@ -5056,50 +5024,45 @@ components: reviewer_assignment_policy: $ref: "#/components/schemas/UARReviewerAssignmentPolicyEnum" send_reviewer_assignment_notification: - description: A bool representing whether to send a notification to reviewers - when they're assigned a new review. Default is False. - example: false + description: A bool representing whether to send a notification to reviewers when they're assigned a new review. Default is False. + example: False type: boolean deadline: description: The last day for reviewers to complete their access reviews. example: 2022-07-14T06:59:59Z - format: date-time type: string + format: date-time time_zone: - description: The time zone name (as defined by the IANA Time Zone database) - used in the access review deadline and exported audit report. Default - is America/Los_Angeles. + description: The time zone name (as defined by the IANA Time Zone database) used in the access review deadline and exported audit report. Default is America/Los_Angeles. example: America/Los_Angeles type: string self_review_allowed: - description: A bool representing whether to present a warning when a user - is the only reviewer for themself. Default is False. - example: false + description: A bool representing whether to present a warning when a user is the only reviewer for themself. Default is False. + example: False type: boolean reminder_schedule: items: type: integer type: array reminder_include_manager: - example: false type: boolean + example: False uar_scope: $ref: "#/components/schemas/UARScope" required: - - deadline - - name - - reviewer_assignment_policy - - self_review_allowed - - send_reviewer_assignment_notification - - time_zone + - name + - deadline + - reviewer_assignment_policy + - send_reviewer_assignment_notification + - time_zone + - self_review_allowed + type: object UARReviewerAssignmentPolicyEnum: - description: "A policy for auto-assigning reviewers. If auto-assignment is on,\ - \ specific assignments can still be manually adjusted after the access review\ - \ is started. Default is Manually." + description: A policy for auto-assigning reviewers. If auto-assignment is on, specific assignments can still be manually adjusted after the access review is started. Default is Manually. enum: - - MANUALLY - - BY_OWNING_TEAM_ADMIN - - BY_MANAGER + - MANUALLY + - BY_OWNING_TEAM_ADMIN + - BY_MANAGER example: MANUALLY type: string TagFilter: @@ -5117,27 +5080,29 @@ components: example: high_priority type: string required: - - key + - key + type: object AppsList: description: A list of apps. example: - - app_id: f454d283-ca87-4a8a-bdbb-df212eca5353 - name: Okta Org - description: Okta directory for the engineering team. - admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 - app_type: OKTA_DIRECTORY - - app_id: 5247d283-ca87-4a8a-bdbb-df212eca1243 - name: Prod AWS Account - description: Our production engineering account for AWS. - admin_owner_id: aab485d-0651-43e2-a748-d69d6584123af - app_type: AWS + - app_id: f454d283-ca87-4a8a-bdbb-df212eca5353 + name: Okta Org + description: Okta directory for the engineering team. + admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + app_type: OKTA_DIRECTORY + - app_id: 5247d283-ca87-4a8a-bdbb-df212eca1243 + name: Prod AWS Account + description: Our production engineering account for AWS. + admin_owner_id: aab485d-0651-43e2-a748-d69d6584123af + app_type: AWS properties: apps: items: $ref: "#/components/schemas/App" type: array required: - - apps + - apps + type: object App: description: |- # App Object @@ -5179,45 +5144,46 @@ components: $ref: "#/components/schemas/AppValidation" type: array required: - - admin_owner_id - - app_id - - app_type - - description - - name + - app_id + - name + - description + - admin_owner_id + - app_type + type: object AppTypeEnum: description: The type of an app. enum: - - ACTIVE_DIRECTORY - - AZURE_AD - - AWS - - AWS_SSO - - CUSTOM - - DUO - - GCP - - GIT_HUB - - GIT_LAB - - GOOGLE_GROUPS - - GOOGLE_WORKSPACE - - LDAP - - MARIADB - - MONGO - - MONGO_ATLAS - - MYSQL - - OKTA_DIRECTORY - - OPAL - - PAGERDUTY - - SALESFORCE - - TAILSCALE - - TELEPORT - - WORKDAY + - ACTIVE_DIRECTORY + - AZURE_AD + - AWS + - AWS_SSO + - CUSTOM + - DUO + - GCP + - GIT_HUB + - GIT_LAB + - GOOGLE_GROUPS + - GOOGLE_WORKSPACE + - LDAP + - MARIADB + - MONGO + - MONGO_ATLAS + - MYSQL + - OKTA_DIRECTORY + - OPAL + - PAGERDUTY + - SALESFORCE + - TAILSCALE + - TELEPORT + - WORKDAY example: OKTA_DIRECTORY type: string EntityTypeEnum: description: The type of an entity. enum: - - GROUP - - RESOURCE - - USER + - GROUP + - RESOURCE + - USER example: GROUP type: string Event: @@ -5244,7 +5210,10 @@ components: example: 29827fb8-f2dd-4e80-9576-28e31e9934ac format: uuid type: string - actor_name: {} + actor_name: + description: The name of the actor user. + example: John Smith + format: string actor_email: description: The email of the actor user. example: john@acmecorp.com @@ -5268,18 +5237,19 @@ components: type: string api_token_preview: description: The preview of the API token used to create the event. - example: '**************************M_g==' + example: "**************************M_g==" type: string sub_events: items: $ref: "#/components/schemas/SubEvent" type: array required: - - actor_name - - actor_user_id - - created_at - - event_id - - event_type + - event_id + - actor_user_id + - actor_name + - event_type + - created_at + type: object AppValidation: description: |- # App validation object @@ -5289,30 +5259,28 @@ components: ### Usage Example List from the `GET Apps` endpoint. example: - key: iam:GetRole - name: Opal's service account is missing the 'iam:GetRole' permission. - usage_reason: Opal uses the 'iam:GetRole' permissions to view access to resources. - details: 403 Google API Error. Service account is not authorized to access - role assignments. + key: "iam:GetRole" + name: "Opal's service account is missing the 'iam:GetRole' permission." + usage_reason: "Opal uses the 'iam:GetRole' permissions to view access to resources." + details: "403 Google API Error. Service account is not authorized to access role assignments." severity: HIGH status: FAILED updated_at: 2021-01-06T20:00:00Z properties: key: - description: The key of the app validation. These are not unique IDs between - runs. - example: iam:GetUser + description: The key of the app validation. These are not unique IDs between runs. + example: "iam:GetUser" type: string - name: {} + name: + description: The human-readable description of whether the validation has the permissions. + example: "Opal's service account is missing the 'iam:GetUser' description." usage_reason: description: The reason for needing the validation. example: Opal uses the 'iam:GetUser' permission to import users. type: string details: - description: Extra details regarding the validation. Could be an error message - or restrictions on permissions. - example: 403 Google API Error. Service account is not authorized to access - role assignments. + description: Extra details regarding the validation. Could be an error message or restrictions on permissions. + example: 403 Google API Error. Service account is not authorized to access role assignments. type: string severity: $ref: "#/components/schemas/AppValidationSeverityEnum" @@ -5324,29 +5292,28 @@ components: format: date-time type: string required: - - key - - name - - severity - - status - - updated_at + - key + - name + - status + - severity + - updated_at AppValidationSeverityEnum: description: The severity of an app validation. enum: - - CRITICAL - - HIGH - - MEDIUM - - LOW + - CRITICAL + - HIGH + - MEDIUM + - LOW example: CRITICAL type: string AppValidationStatusEnum: description: The status of an app validation. enum: - - SUCCESS - - FAILED + - SUCCESS + - FAILED example: FAILED type: string SubEvent: - additionalProperties: true description: |- # Sub event Object ### Description @@ -5366,69 +5333,75 @@ components: example: USERS_CREATED type: string required: - - sub_event_type + - sub_event_type + type: object + additionalProperties: true PaginatedEventList: example: next: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw previous: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ results: - - event_id: 29827fb8-f2dd-4e80-9576-28e31e9934ac - actor_user_id: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - created_at: 2022-01-23T04:56:07Z - event_type: USERS_CREATED - - event_id: 7646aa9a-e2ee-4eb5-8c62-91f29038a373 - actor_user_id: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - created_at: 2022-02-03T12:33:02Z - event_type: USER_TEAM_UPDATED + - event_id: 29827fb8-f2dd-4e80-9576-28e31e9934ac + actor_user_id: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + created_at: 2022-01-23T04:56:07Z + event_type: USERS_CREATED + - event_id: 7646aa9a-e2ee-4eb5-8c62-91f29038a373 + actor_user_id: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + created_at: 2022-02-03T12:33:02Z + event_type: USER_TEAM_UPDATED properties: next: - description: The cursor with which to continue pagination if additional + description: + The cursor with which to continue pagination if additional result pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - type: string nullable: true + type: string previous: description: The cursor used to obtain the current result page. example: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ - type: string nullable: true + type: string results: items: $ref: "#/components/schemas/Event" type: array + type: object ResourceAccessUserList: example: results: - - full_name: Jake Barnes - user_id: 29827fb8-f2dd-4e80-9576-28e31e9934ac - resource_id: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - expiration_date: 2022-01-23T04:56:07Z - email: jake@company.dev - has_direct_access: true - num_access_paths: 2 - - full_name: Brett Ashley - user_id: 7646aa9a-e2ee-4eb5-8c62-91f29038a373 - resource_id: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - expiration_date: 2022-02-03T12:33:02Z - email: brett@company.dev - has_direct_access: true - num_access_paths: 3 + - full_name: Jake Barnes + user_id: 29827fb8-f2dd-4e80-9576-28e31e9934ac + resource_id: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + expiration_date: 2022-01-23T04:56:07Z + email: jake@company.dev + has_direct_access: true + num_access_paths: 2 + - full_name: Brett Ashley + user_id: 7646aa9a-e2ee-4eb5-8c62-91f29038a373 + resource_id: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + expiration_date: 2022-02-03T12:33:02Z + email: brett@company.dev + has_direct_access: true + num_access_paths: 3 properties: next: - description: The cursor with which to continue pagination if additional + description: + The cursor with which to continue pagination if additional result pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - type: string nullable: true + type: string previous: description: The cursor used to obtain the current result page. example: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ - type: string nullable: true + type: string results: items: $ref: "#/components/schemas/ResourceAccessUser" type: array + type: object ResourceAccessLevel: description: |- # Access Level Object @@ -5451,8 +5424,9 @@ components: example: arn:aws:iam::590304332660:role/AdministratorAccess type: string required: - - access_level_name - - access_level_remote_id + - access_level_name + - access_level_remote_id + type: object ResourceUserAccessStatus: description: |- # AccessStatus Object @@ -5485,18 +5459,19 @@ components: description: The day and time the user's access will expire. example: 2022-01-23T04:56:07Z format: date-time - type: string nullable: true + type: string required: - - resource_id - - status - - user_id + - resource_id + - status + - user_id + type: object ResourceUserAccessStatusEnum: description: The status of the user's access to the resource. enum: - - AUTHORIZED - - REQUESTED - - UNAUTHORIZED + - AUTHORIZED + - REQUESTED + - UNAUTHORIZED example: AUTHORIZED type: string ResourceUser: @@ -5535,14 +5510,15 @@ components: description: The day and time the user's access will expire. example: 2022-01-23T04:56:07Z format: date-time - type: string nullable: true + type: string required: - - access_level - - email - - full_name - - resource_id - - user_id + - email + - full_name + - resource_id + - user_id + - access_level + type: object ResourceAccessUser: description: |- # Resource Access User Object @@ -5582,51 +5558,51 @@ components: description: The day and time the user's access will expire. example: 2022-01-23T04:56:07Z format: date-time - type: string nullable: true + type: string has_direct_access: - description: "The user has direct access to this resources (vs. indirectly,\ - \ like through a group)." + description: The user has direct access to this resources (vs. indirectly, like through a group). example: true type: boolean num_access_paths: - description: The number of ways in which the user has access through this - resource (directly and indirectly). + description: The number of ways in which the user has access through this resource (directly and indirectly). example: 3 format: int32 type: integer propagation_status: $ref: "#/components/schemas/PropagationStatus" required: - - access_level - - email - - full_name - - has_direct_access - - num_access_paths - - resource_id - - user_id + - email + - full_name + - resource_id + - user_id + - access_level + - has_direct_access + - num_access_paths + type: object AccessList: example: results: - - principal_id: 74908af0-9383-4feb-b7ea-8b305d737338 - principal_type: RESOURCE - entity_id: db04925a-635d-4764-870e-500b9b035c8e - entity_type: RESOURCE - expiration_date: 2022-01-23T04:56:07Z - has_direct_access: true - num_access_paths: 3 - - principal_id: d940df34-726a-4403-864e-16cb2a0d6793 - principal_type: RESOURCE - entity_id: c26cd16c-a3fa-4b82-96b1-32177f8b8f59 - entity_type: RESOURCE - expiration_date: 2022-01-23T04:56:07Z - has_direct_access: true - num_access_paths: 3 + - principal_id: 74908af0-9383-4feb-b7ea-8b305d737338 + principal_type: RESOURCE + entity_id: db04925a-635d-4764-870e-500b9b035c8e + entity_type: RESOURCE + expiration_date: 2022-01-23T04:56:07Z + has_direct_access: true + num_access_paths: 3 + - principal_id: d940df34-726a-4403-864e-16cb2a0d6793 + principal_type: RESOURCE + entity_id: c26cd16c-a3fa-4b82-96b1-32177f8b8f59 + entity_type: RESOURCE + expiration_date: 2022-01-23T04:56:07Z + has_direct_access: true + num_access_paths: 3 properties: results: items: $ref: "#/components/schemas/Access" type: array + type: object Access: description: |- # Access Object @@ -5664,26 +5640,25 @@ components: description: The day and time the principal's access will expire. example: 2022-01-23T04:56:07Z format: date-time - type: string nullable: true + type: string has_direct_access: - description: The principal has direct access to this entity (vs. inherited - access). + description: The principal has direct access to this entity (vs. inherited access). example: true type: boolean num_access_paths: - description: The number of ways in which the principal has access to this - entity (directly and inherited). + description: The number of ways in which the principal has access to this entity (directly and inherited). example: 3 format: int32 type: integer required: - - entity_id - - entity_type - - has_direct_access - - num_access_paths - - principal_id - - principal_type + - principal_id + - principal_type + - entity_id + - entity_type + - has_direct_access + - num_access_paths + type: object ResourceNHI: description: |- # Resource Non-Human Identity Direct Access Object @@ -5710,40 +5685,43 @@ components: description: The day and time the non-human identity's access will expire. example: 2022-01-23T04:56:07Z format: date-time - type: string nullable: true + type: string required: - - non_human_identity_id - - resource_id + - resource_id + - non_human_identity_id + type: object SessionsList: example: next: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw previous: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ results: - - connection_id: h0z968412-2451-4bbd-42h4-057l715d917m - user_id: 29827fb8-f2dd-4e80-9576-28e31e9934ac - resource_id: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - expiration_date: 2022-01-23T04:56:07Z - - connection_id: 6e6b5597-bd36-4f4c-a629-01e3fa791932 - user_id: b031c922-b84f-4424-9f4f-c49c05871bfe - resource_id: 77eb1ab7-2c27-4fc4-afdb-137e1265cddd - expiration_date: 2022-03-12T07:22:18Z + - connection_id: h0z968412-2451-4bbd-42h4-057l715d917m + user_id: 29827fb8-f2dd-4e80-9576-28e31e9934ac + resource_id: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + expiration_date: 2022-01-23T04:56:07Z + - connection_id: 6e6b5597-bd36-4f4c-a629-01e3fa791932 + user_id: b031c922-b84f-4424-9f4f-c49c05871bfe + resource_id: 77eb1ab7-2c27-4fc4-afdb-137e1265cddd + expiration_date: 2022-03-12T07:22:18Z properties: next: - description: The cursor with which to continue pagination if additional + description: + The cursor with which to continue pagination if additional result pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - type: string nullable: true + type: string previous: description: The cursor used to obtain the current result page. example: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ - type: string nullable: true + type: string results: items: $ref: "#/components/schemas/Session" type: array + type: object Session: description: |- # Session Object @@ -5779,74 +5757,79 @@ components: description: The day and time the user's access will expire. example: 2022-01-23T04:56:07Z format: date-time - type: string nullable: false + type: string required: - - access_level - - connection_id - - expiration_date - - resource_id - - user_id + - connection_id + - user_id + - resource_id + - access_level + - expiration_date + type: object PaginatedUsersList: example: next: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw previous: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ results: - - user_id: 29827fb8-f2dd-4e80-9576-28e31e9934ac - email: john.doe@company.dev - full_name: John Doe - position: Senior Engineer - - user_id: e8581682-04f7-473a-a419-472f0fb26d46 - email: jane.smith@company.dev - full_name: Jane Smith - position: Product Marketing Lead + - user_id: 29827fb8-f2dd-4e80-9576-28e31e9934ac + email: john.doe@company.dev + full_name: John Doe + position: Senior Engineer + - user_id: e8581682-04f7-473a-a419-472f0fb26d46 + email: jane.smith@company.dev + full_name: Jane Smith + position: Product Marketing Lead properties: next: - description: The cursor with which to continue pagination if additional + description: + The cursor with which to continue pagination if additional result pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - type: string nullable: true + type: string previous: description: The cursor used to obtain the current result page. example: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ - type: string nullable: true + type: string results: items: $ref: "#/components/schemas/User" type: array + type: object required: - - results + - results PaginatedRemoteUsersList: example: next: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw previous: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ results: - - user_id: 29827fb8-f2dd-4e80-9576-28e31e9934ac - remote_id: 1234567890 - third_party_provider: GIT_LAB - - user_id: 29827fb8-f2dd-4e80-9576-238979927392 - remote_id: remoteid123 - third_party_provider: GIT_HUB + - user_id: 29827fb8-f2dd-4e80-9576-28e31e9934ac + remote_id: 1234567890 + third_party_provider: GIT_LAB + - user_id: 29827fb8-f2dd-4e80-9576-238979927392 + remote_id: remoteid123 + third_party_provider: GIT_HUB properties: next: - description: The cursor with which to continue pagination if additional + description: + The cursor with which to continue pagination if additional result pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - type: string nullable: true + type: string previous: description: The cursor used to obtain the current result page. example: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ - type: string nullable: true + type: string results: items: $ref: "#/components/schemas/RemoteUser" type: array + type: object required: - - results + - results RemoteUser: description: |- # RemoteUser Object @@ -5867,11 +5850,15 @@ components: example: 1234567890 type: string third_party_provider: + description: The third party provider of the remote user. + example: GIT_HUB $ref: "#/components/schemas/ThirdPartyProviderEnum" required: - - remote_id - - third_party_provider - - user_id + - user_id + - remote_id + - third_party_provider + type: object + User: description: |- # User Object @@ -5916,74 +5903,63 @@ components: hr_idp_status: $ref: "#/components/schemas/UserHrIdpStatusEnum" required: - - email - - first_name - - full_name - - last_name - - position - - user_id + - user_id + - email + - full_name + - first_name + - last_name + - position + type: object UserList: description: A list of users. - example: - users: - - user_id: 29827fb8-f2dd-4e80-9576-28e31e9934ac - email: john.doe@company.dev - full_name: John Doe - first_name: John - last_name: Doe - position: Engineer - - user_id: 29827fb8-f2dd-4e80-9576-28e31e9934ac - email: john.doe@company.dev - full_name: John Doe - first_name: John - last_name: Doe - position: Engineer properties: users: items: $ref: "#/components/schemas/User" type: array + type: object required: - - users + - users UserIDList: description: A list of user IDs. example: user_ids: - - 7870617d-e72a-47f5-a84c-693817ab4567 - - 1520617d-e72a-47f5-a84c-693817ab48ad2 + - 7870617d-e72a-47f5-a84c-693817ab4567 + - 1520617d-e72a-47f5-a84c-693817ab48ad2 properties: user_ids: items: - format: uuid type: string + format: uuid type: array + type: object required: - - user_ids + - user_ids UserHrIdpStatusEnum: description: User status pulled from an HR/IDP provider. enum: - - ACTIVE - - SUSPENDED - - DEPROVISIONED - - DELETED - - NOT_FOUND + - ACTIVE + - SUSPENDED + - DEPROVISIONED + - DELETED + - NOT_FOUND example: ACTIVE type: string ThirdPartyProviderEnum: description: The third party provider of the remote user. enum: - - AUTH0 - - SLACK - - GOOGLE_CHAT - - JIRA - - LINEAR - - SERVICE_NOW - - PAGER_DUTY - - OPSGENIE - - GIT_HUB - - GIT_LAB - - GIT_LAB_CONNECTION - - TELEPORT + - AUTH0 + - SLACK + - GOOGLE_CHAT + - JIRA + - LINEAR + - SERVICE_NOW + - PAGER_DUTY + - OPSGENIE + - GIT_HUB + - GIT_LAB + - GIT_LAB_CONNECTION + - TELEPORT example: GIT_HUB type: string PaginatedGroupsList: @@ -5991,41 +5967,39 @@ components: next: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw previous: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ results: - - group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 - app_id: b5a5ca27-0ea3-4d86-9199-2126d57d1fbd - description: This group represents Active Directory group "Payments Production - Admin". We use this AD group to facilitate staging deployments and qualifying - new releases. - admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 - max_duration: 120 - require_manager_approval: false - require_support_ticket: false - - group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b - description: Manages the Integrations Team on-call privileged resources. - This group is automatically synced with the on-call rotation defined in - PagerDuty. - admin_owner_id: 4220bc12-ab8a-4b5d-be7b-f6bbcf9159f3 - max_duration: 360 - require_manager_approval: false - require_support_ticket: true + - group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 + app_id: b5a5ca27-0ea3-4d86-9199-2126d57d1fbd + description: This group represents Active Directory group "Payments Production Admin". We use this AD group to facilitate staging deployments and qualifying new releases. + admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + max_duration: 120 + require_manager_approval: False + require_support_ticket: False + - group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b + description: Manages the Integrations Team on-call privileged resources. This group is automatically synced with the on-call rotation defined in PagerDuty. + admin_owner_id: 4220bc12-ab8a-4b5d-be7b-f6bbcf9159f3 + max_duration: 360 + require_manager_approval: False + require_support_ticket: True properties: next: - description: The cursor with which to continue pagination if additional + description: + The cursor with which to continue pagination if additional result pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - type: string nullable: true + type: string previous: description: The cursor used to obtain the current result page. example: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ - type: string nullable: true + type: string results: items: $ref: "#/components/schemas/Group" type: array + type: object required: - - results + - results GroupResource: description: |- # GroupResource Object @@ -6034,7 +6008,7 @@ components: example: group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 resource_id: b5a5ca27-0ea3-4d86-9199-2126d57d1fbd - access_level_remote_id: write + access_level_remote_id: "write" properties: group_id: description: The ID of the group. @@ -6049,9 +6023,10 @@ components: access_level: $ref: "#/components/schemas/ResourceAccessLevel" required: - - access_level - - group_id - - resource_id + - group_id + - resource_id + - access_level + type: object GroupContainingGroup: description: |- # GroupContainingGroup Object @@ -6066,7 +6041,8 @@ components: format: uuid type: string required: - - containing_group_id + - containing_group_id + type: object Group: description: |- # Group Object @@ -6080,13 +6056,11 @@ components: app_id: b5a5ca27-0ea3-4d86-9199-2126d57d1fbd remote_id: 037m2jsg218b2wb remote_name: Finance Team - description: This group represents Active Directory group "Payments Production - Admin". We use this AD group to facilitate staging deployments and qualifying - new releases. + description: This group represents Active Directory group "Payments Production Admin". We use this AD group to facilitate staging deployments and qualifying new releases. admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 max_duration: 120 - require_manager_approval: false - require_support_ticket: false + require_manager_approval: False + require_support_ticket: False properties: group_id: description: The ID of the group. @@ -6104,9 +6078,7 @@ components: type: string description: description: A description of the group. - example: This group represents Active Directory group "Payments Production - Admin". We use this AD group to facilitate staging deployments and qualifying - new releases. + example: This group represents Active Directory group "Payments Production Admin". We use this AD group to facilitate staging deployments and qualifying new releases. type: string admin_owner_id: description: The ID of the owner of the group. @@ -6116,8 +6088,8 @@ components: group_leader_user_ids: description: A list of User IDs for the group leaders of the group items: - format: uuid type: string + format: uuid type: array remote_id: description: The ID of the remote. @@ -6130,46 +6102,37 @@ components: group_type: $ref: "#/components/schemas/GroupTypeEnum" max_duration: - description: The maximum duration for which the group can be requested (in - minutes). - example: 120 + description: The maximum duration for which the group can be requested (in minutes). type: integer - recommended_duration: - description: The recommended duration for which the group should be requested - (in minutes). -1 represents an indefinite duration. example: 120 + recommended_duration: + description: The recommended duration for which the group should be requested (in minutes). -1 represents an indefinite duration. type: integer - extensions_duration_in_minutes: - description: "The duration for which access can be extended (in minutes).\ - \ Set to 0 to disable extensions. When > 0, extensions are enabled for\ - \ the specified duration." example: 120 + extensions_duration_in_minutes: + description: The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration. type: integer + example: 120 require_manager_approval: - deprecated: true - description: A bool representing whether or not access requests to the group - require manager approval. - example: false + description: A bool representing whether or not access requests to the group require manager approval. + example: False type: boolean + deprecated: true require_support_ticket: - description: A bool representing whether or not access requests to the group - require an access ticket. - example: false + description: A bool representing whether or not access requests to the group require an access ticket. + example: False type: boolean require_mfa_to_approve: - description: A bool representing whether or not to require MFA for reviewers - to approve requests for this group. - example: false + description: A bool representing whether or not to require MFA for reviewers to approve requests for this group. + example: False type: boolean require_mfa_to_request: - description: A bool representing whether or not to require MFA for requesting - access to this group. - example: false + description: A bool representing whether or not to require MFA for requesting access to this group. + example: False type: boolean auto_approval: - description: A bool representing whether or not to automatically approve - requests to this group. - example: false + description: A bool representing whether or not to automatically approve requests to this group. + example: False type: boolean request_template_id: description: The ID of the associated request template. @@ -6187,84 +6150,84 @@ components: format: uuid type: string is_requestable: - description: A bool representing whether or not to allow access requests - to this group. - example: false + description: A bool representing whether or not to allow access requests to this group. + example: False type: boolean request_configurations: description: A list of request configurations for this group. example: [] + type: array items: $ref: "#/components/schemas/RequestConfiguration" - type: array request_configuration_list: - description: A list of request configurations for this group. Deprecated - in favor of `request_configurations`. + description: A list of request configurations for this group. Deprecated in favor of `request_configurations`. + deprecated: true example: [] + type: array items: $ref: "#/components/schemas/RequestConfiguration" - type: array metadata: + description: JSON metadata about the remote group. Only set for items linked to remote systems. See [this guide](https://docs.opal.dev/reference/end-system-objects) for details. deprecated: true - description: "JSON metadata about the remote group. Only set for items linked\ - \ to remote systems. See [this guide](https://docs.opal.dev/reference/end-system-objects)\ - \ for details." - example: "{ \"okta_directory_group\": { \"group_id\": \"00g4bs66kwtpe1g12345\"\ - \ } }" + example: |- + { "okta_directory_group": { "group_id": "00g4bs66kwtpe1g12345" } } type: string remote_info: $ref: "#/components/schemas/GroupRemoteInfo" custom_request_notification: - description: Custom request notification sent to the requester when the - request is approved. - example: Check your email to register your account. - maxLength: 800 + description: Custom request notification sent to the requester when the request is approved. type: string + maxLength: 800 nullable: true + example: "Check your email to register your account." risk_sensitivity: - allOf: - - $ref: "#/components/schemas/RiskSensitivityEnum" - description: "The risk sensitivity level for the group. When an override\ - \ is set, this field will match that." + description: The risk sensitivity level for the group. When an override is set, this field will match that. readOnly: true + allOf: + - $ref: "#/components/schemas/RiskSensitivityEnum" risk_sensitivity_override: allOf: - - $ref: "#/components/schemas/RiskSensitivityEnum" + - $ref: "#/components/schemas/RiskSensitivityEnum" last_successful_sync: + readOnly: true + description: Information about the last successful sync of this group. $ref: "#/components/schemas/SyncTask" required: - - group_id + - group_id + type: object GroupUserList: example: next: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw previous: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ results: - - full_name: Jake Barnes - user_id: 29827fb8-f2dd-4e80-9576-28e31e9934ac - group_id: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - expiration_date: 2022-01-23T04:56:07Z - email: jake@company.dev - - full_name: Brett Ashley - user_id: 7646aa9a-e2ee-4eb5-8c62-91f29038a373 - group_id: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - expiration_date: 2022-02-03T12:33:02Z - email: brett@company.dev + - full_name: Jake Barnes + user_id: 29827fb8-f2dd-4e80-9576-28e31e9934ac + group_id: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + expiration_date: 2022-01-23T04:56:07Z + email: jake@company.dev + - full_name: Brett Ashley + user_id: 7646aa9a-e2ee-4eb5-8c62-91f29038a373 + group_id: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + expiration_date: 2022-02-03T12:33:02Z + email: brett@company.dev properties: results: items: $ref: "#/components/schemas/GroupUser" type: array next: - description: The cursor with which to continue pagination if additional + description: + The cursor with which to continue pagination if additional result pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - type: string nullable: true + type: string previous: description: The cursor used to obtain the current result page. example: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ - type: string nullable: true + type: string + type: object GroupAccessLevel: description: |- # Access Level Object @@ -6287,8 +6250,9 @@ components: example: 20 type: string required: - - access_level_name - - access_level_remote_id + - access_level_name + - access_level_remote_id + type: object GroupUser: description: |- # Group Access User Object @@ -6316,6 +6280,7 @@ components: type: string access_level: $ref: "#/components/schemas/GroupAccessLevel" + nullable: true full_name: description: The user's full name. example: Jake Barnes @@ -6328,80 +6293,76 @@ components: description: The day and time the user's access will expire. example: 2022-01-23T04:56:07Z format: date-time - type: string nullable: true + type: string propagation_status: $ref: "#/components/schemas/PropagationStatus" required: - - email - - full_name - - group_id - - user_id + - email + - full_name + - group_id + - user_id + type: object PropagationStatus: - description: "The state of whether the push action was propagated to the remote\ - \ system. If this is null, the access was synced from the remote system." + description: The state of whether the push action was propagated to the remote system. If this is null, the access was synced from the remote system. properties: status: $ref: "#/components/schemas/PropagationStatusEnum" required: - - status + - status PropagationStatusEnum: - description: The status of whether the user has been synced to the group or - resource in the remote system. + description: The status of whether the user has been synced to the group or resource in the remote system. enum: - - SUCCESS - - ERR_REMOTE_INTERNAL_ERROR - - ERR_REMOTE_USER_NOT_FOUND - - ERR_REMOTE_USER_NOT_LINKED - - ERR_REMOTE_RESOURCE_NOT_FOUND - - ERR_REMOTE_THROTTLE - - ERR_NOT_AUTHORIZED_TO_QUERY_RESOURCE - - ERR_REMOTE_PROVISIONING_VIA_IDP_FAILED - - ERR_IDP_EMAIL_UPDATE_CONFLICT - - ERR_TIMEOUT - - ERR_UNKNOWN - - ERR_OPAL_INTERNAL_ERROR - - ERR_ORG_READ_ONLY - - ERR_OPERATION_UNSUPPORTED - - PENDING - - PENDING_MANUAL_PROPAGATION - - PENDING_TICKET_CREATION - - ERR_TICKET_CREATION_SKIPPED - - ERR_DRY_RUN_MODE_ENABLED - - ERR_HR_IDP_PROVIDER_NOT_LINKED - - ERR_REMOTE_UNRECOVERABLE_ERROR + - SUCCESS + - ERR_REMOTE_INTERNAL_ERROR + - ERR_REMOTE_USER_NOT_FOUND + - ERR_REMOTE_USER_NOT_LINKED + - ERR_REMOTE_RESOURCE_NOT_FOUND + - ERR_REMOTE_THROTTLE + - ERR_NOT_AUTHORIZED_TO_QUERY_RESOURCE + - ERR_REMOTE_PROVISIONING_VIA_IDP_FAILED + - ERR_IDP_EMAIL_UPDATE_CONFLICT + - ERR_TIMEOUT + - ERR_UNKNOWN + - ERR_OPAL_INTERNAL_ERROR + - ERR_ORG_READ_ONLY + - ERR_OPERATION_UNSUPPORTED + - PENDING + - PENDING_MANUAL_PROPAGATION + - PENDING_TICKET_CREATION + - ERR_TICKET_CREATION_SKIPPED + - ERR_DRY_RUN_MODE_ENABLED + - ERR_HR_IDP_PROVIDER_NOT_LINKED + - ERR_REMOTE_UNRECOVERABLE_ERROR example: - - SUCCESS + - SUCCESS type: string UpdateGroupInfoList: example: groups: - - group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 - description: This group represents Active Directory group "Payments Production - Admin". We use this AD group to facilitate staging deployments and qualifying - new releases. - name: api-group - admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 - max_duration: 120 - require_manager_approval: false - require_support_ticket: false - - group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b - description: Manages the Integrations Team on-call privileged resources. - This group is automatically synced with the on-call rotation defined in - PagerDuty. - name: on-call-integrations - admin_owner_id: 4220bc12-ab8a-4b5d-be7b-f6bbcf9159f3 - max_duration: 360 - require_manager_approval: false - require_support_ticket: true + - group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 + description: This group represents Active Directory group "Payments Production Admin". We use this AD group to facilitate staging deployments and qualifying new releases. + name: api-group + admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + max_duration: 120 + require_manager_approval: False + require_support_ticket: False + - group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b + description: Manages the Integrations Team on-call privileged resources. This group is automatically synced with the on-call rotation defined in PagerDuty. + name: on-call-integrations + admin_owner_id: 4220bc12-ab8a-4b5d-be7b-f6bbcf9159f3 + max_duration: 360 + require_manager_approval: False + require_support_ticket: True properties: groups: description: A list of groups with information to update. items: $ref: "#/components/schemas/UpdateGroupInfo" type: array + type: object required: - - groups + - groups UpdateGroupInfo: description: |- # UpdateGroupInfo Object @@ -6409,14 +6370,12 @@ components: The `UpdateGroupInfo` object is used as an input to the UpdateGroup API. example: group_id: f454d283-ca87-4a87-bdbb-df212eca5353 - description: This group represents Active Directory group "Payments Production - Admin". We use this AD group to facilitate staging deployments and qualifying - new releases. + description: This group represents Active Directory group "Payments Production Admin". We use this AD group to facilitate staging deployments and qualifying new releases. name: api-group admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 max_duration: 120 - require_manager_approval: false - require_support_ticket: false + require_manager_approval: False + require_support_ticket: False properties: group_id: description: The ID of the group. @@ -6429,9 +6388,7 @@ components: type: string description: description: A description of the group. - example: This group represents Active Directory group "Payments Production - Admin". We use this AD group to facilitate staging deployments and qualifying - new releases. + example: This group represents Active Directory group "Payments Production Admin". We use this AD group to facilitate staging deployments and qualifying new releases. type: string admin_owner_id: description: The ID of the owner of the group. @@ -6439,259 +6396,284 @@ components: format: uuid type: string max_duration: - deprecated: true - description: The maximum duration for which the group can be requested (in - minutes). Use -1 to set to indefinite. Deprecated in favor of `request_configurations`. - example: 120 + description: The maximum duration for which the group can be requested (in minutes). Use -1 to set to indefinite. Deprecated in favor of `request_configurations`. type: integer - recommended_duration: - deprecated: true - description: The recommended duration for which the group should be requested - (in minutes). Will be the default value in a request. Use -1 to set to - indefinite and 0 to unset. Deprecated in favor of `request_configurations`. example: 120 + deprecated: true + recommended_duration: + description: The recommended duration for which the group should be requested (in minutes). Will be the default value in a request. Use -1 to set to indefinite and 0 to unset. Deprecated in favor of `request_configurations`. type: integer - require_manager_approval: + example: 120 deprecated: true - description: A bool representing whether or not access requests to the group - require manager approval. Deprecated in favor of `request_configurations`. - example: false + require_manager_approval: + description: A bool representing whether or not access requests to the group require manager approval. Deprecated in favor of `request_configurations`. + example: False type: boolean - require_support_ticket: deprecated: true - description: A bool representing whether or not access requests to the group - require an access ticket. Deprecated in favor of `request_configurations`. - example: false + require_support_ticket: + description: A bool representing whether or not access requests to the group require an access ticket. Deprecated in favor of `request_configurations`. + example: False type: boolean - folder_id: deprecated: true + folder_id: description: The ID of the folder that the group is located in. example: e27cb7b0-98e2-4555-9916-9e6d8ca6b079 format: uuid type: string + deprecated: true require_mfa_to_approve: - description: A bool representing whether or not to require MFA for reviewers - to approve requests for this group. - example: false + description: A bool representing whether or not to require MFA for reviewers to approve requests for this group. + example: False type: boolean require_mfa_to_request: - deprecated: true - description: A bool representing whether or not to require MFA for requesting - access to this group. Deprecated in favor of `request_configurations`. - example: false + description: A bool representing whether or not to require MFA for requesting access to this group. Deprecated in favor of `request_configurations`. + example: False type: boolean - auto_approval: deprecated: true - description: A bool representing whether or not to automatically approve - requests to this group. Deprecated in favor of `request_configurations`. - example: false + auto_approval: + description: A bool representing whether or not to automatically approve requests to this group. Deprecated in favor of `request_configurations`. + example: False type: boolean + deprecated: true configuration_template_id: description: The ID of the associated configuration template. example: 06851574-e50d-40ca-8c78-f72ae6ab4304 format: uuid type: string request_template_id: - deprecated: true - description: The ID of the associated request template. Deprecated in favor - of `request_configurations`. + description: The ID of the associated request template. Deprecated in favor of `request_configurations`. example: 06851574-e50d-40ca-8c78-f72ae6ab4304 format: uuid type: string - is_requestable: deprecated: true - description: A bool representing whether or not to allow access requests - to this group. Deprecated in favor of `request_configurations`. - example: false + is_requestable: + description: A bool representing whether or not to allow access requests to this group. Deprecated in favor of `request_configurations`. + example: False type: boolean + deprecated: true group_leader_user_ids: description: A list of User IDs for the group leaders of the group items: - format: uuid type: string + format: uuid type: array extensions_duration_in_minutes: - deprecated: true - description: "The duration for which access can be extended (in minutes).\ - \ Deprecated, set the extension duration in the request_configuration\ - \ you want it to apply to." - example: 120 + description: The duration for which access can be extended (in minutes). Deprecated, set the extension duration in the request_configuration you want it to apply to. type: integer + example: 120 + deprecated: true request_configurations: - description: "The request configuration list of the configuration template.\ - \ If not provided, the default request configuration will be used." + type: array items: $ref: "#/components/schemas/RequestConfiguration" - type: array + description: The request configuration list of the configuration template. If not provided, the default request configuration will be used. request_configuration_list: + description: The request configuration list of the configuration template. If not provided, the default request configuration will be used. Deprecated in favor of `request_configurations`. $ref: "#/components/schemas/CreateRequestConfigurationInfoList" + deprecated: true + example: + request_configurations: + - request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + organization_id: w86c85d-0651-43e2-a748-d69d658418e8 + condition: null + allow_requests: True + auto_approval: False + require_mfa_to_request: False + max_duration_minutes: 120 + recommended_duration_minutes: 120 + require_support_ticket: False + reviewer_stages: + - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + owner_ids: + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 + stage: 1 + priority: 0 + - request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e9 + organization_id: w86c85d-0651-43e2-a748-d69d658418e8 + condition: + group_id: 1b978423-db0a-4037-a4cf-f79c60cb67b4 + allow_requests: True + auto_approval: False + require_mfa_to_request: False + max_duration_minutes: 120 + recommended_duration_minutes: 120 + require_support_ticket: False + reviewer_stages: + - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + owner_ids: + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 + stage: 1 + priority: 1 custom_request_notification: - description: Custom request notification sent to the requester when the - request is approved. - example: Check your email to register your account. - maxLength: 800 + description: Custom request notification sent to the requester when the request is approved. type: string + maxLength: 800 nullable: true + example: "Check your email to register your account." risk_sensitivity_override: allOf: - - $ref: "#/components/schemas/RiskSensitivityEnum" + - $ref: "#/components/schemas/RiskSensitivityEnum" required: - - group_id + - group_id + type: object GroupTypeEnum: description: The type of the group. enum: - - ACTIVE_DIRECTORY_GROUP - - AWS_SSO_GROUP - - DATABRICKS_ACCOUNT_GROUP - - DUO_GROUP - - GIT_HUB_TEAM - - GIT_LAB_GROUP - - GOOGLE_GROUPS_GROUP - - GOOGLE_GROUPS_GKE_GROUP - - LDAP_GROUP - - OKTA_GROUP - - OKTA_GROUP_RULE - - TAILSCALE_GROUP - - OPAL_GROUP - - OPAL_ACCESS_RULE - - AZURE_AD_SECURITY_GROUP - - AZURE_AD_MICROSOFT_365_GROUP - - CONNECTOR_GROUP - - SNOWFLAKE_ROLE - - WORKDAY_USER_SECURITY_GROUP + - ACTIVE_DIRECTORY_GROUP + - AWS_SSO_GROUP + - DATABRICKS_ACCOUNT_GROUP + - DUO_GROUP + - GIT_HUB_TEAM + - GIT_LAB_GROUP + - GOOGLE_GROUPS_GROUP + - GOOGLE_GROUPS_GKE_GROUP + - LDAP_GROUP + - OKTA_GROUP + - OKTA_GROUP_RULE + - TAILSCALE_GROUP + - OPAL_GROUP + - OPAL_ACCESS_RULE + - AZURE_AD_SECURITY_GROUP + - AZURE_AD_MICROSOFT_365_GROUP + - CONNECTOR_GROUP + - SNOWFLAKE_ROLE + - WORKDAY_USER_SECURITY_GROUP example: OPAL_GROUP type: string ResourceTypeEnum: description: The type of the resource. enum: - - AWS_IAM_ROLE - - AWS_EC2_INSTANCE - - AWS_EKS_CLUSTER - - AWS_RDS_POSTGRES_CLUSTER - - AWS_RDS_POSTGRES_INSTANCE - - AWS_RDS_MYSQL_CLUSTER - - AWS_RDS_MYSQL_INSTANCE - - AWS_ACCOUNT - - AWS_SSO_PERMISSION_SET - - AWS_ORGANIZATIONAL_UNIT - - AZURE_MANAGEMENT_GROUP - - AZURE_RESOURCE_GROUP - - AZURE_SUBSCRIPTION - - AZURE_VIRTUAL_MACHINE - - AZURE_STORAGE_ACCOUNT - - AZURE_STORAGE_CONTAINER - - AZURE_SQL_SERVER - - AZURE_SQL_MANAGED_INSTANCE - - AZURE_SQL_DATABASE - - AZURE_SQL_MANAGED_DATABASE - - AZURE_USER_ASSIGNED_MANAGED_Identity - - AZURE_ENTRA_ID_ROLE - - AZURE_ENTERPRISE_APP - - CUSTOM - - CUSTOM_CONNECTOR - - DATABRICKS_ACCOUNT_SERVICE_PRINCIPAL - - GCP_ORGANIZATION - - GCP_BUCKET - - GCP_COMPUTE_INSTANCE - - GCP_FOLDER - - GCP_GKE_CLUSTER - - GCP_PROJECT - - GCP_CLOUD_SQL_POSTGRES_INSTANCE - - GCP_CLOUD_SQL_MYSQL_INSTANCE - - GCP_BIG_QUERY_DATASET - - GCP_BIG_QUERY_TABLE - - GCP_SERVICE_ACCOUNT - - GIT_HUB_REPO - - GIT_HUB_ORG_ROLE - - GIT_LAB_PROJECT - - GOOGLE_WORKSPACE_ROLE - - MONGO_INSTANCE - - MONGO_ATLAS_INSTANCE - - OKTA_APP - - OKTA_ROLE - - OPAL_ROLE - - OPAL_SCOPED_ROLE - - PAGERDUTY_ROLE - - TAILSCALE_SSH - - SALESFORCE_PERMISSION_SET - - SALESFORCE_PROFILE - - SALESFORCE_ROLE - - SNOWFLAKE_DATABASE - - SNOWFLAKE_SCHEMA - - SNOWFLAKE_TABLE - - WORKDAY_ROLE - - MYSQL_INSTANCE - - MARIADB_INSTANCE - - POSTGRES_INSTANCE - - TELEPORT_ROLE - - ILEVEL_ADVANCED_ROLE - - DATASTAX_ASTRA_ROLE - - COUPA_ROLE + - AWS_IAM_ROLE + - AWS_EC2_INSTANCE + - AWS_EKS_CLUSTER + - AWS_RDS_POSTGRES_CLUSTER + - AWS_RDS_POSTGRES_INSTANCE + - AWS_RDS_MYSQL_CLUSTER + - AWS_RDS_MYSQL_INSTANCE + - AWS_ACCOUNT + - AWS_SSO_PERMISSION_SET + - AWS_ORGANIZATIONAL_UNIT + - AZURE_MANAGEMENT_GROUP + - AZURE_RESOURCE_GROUP + - AZURE_SUBSCRIPTION + - AZURE_VIRTUAL_MACHINE + - AZURE_STORAGE_ACCOUNT + - AZURE_STORAGE_CONTAINER + - AZURE_SQL_SERVER + - AZURE_SQL_MANAGED_INSTANCE + - AZURE_SQL_DATABASE + - AZURE_SQL_MANAGED_DATABASE + - AZURE_USER_ASSIGNED_MANAGED_Identity + - AZURE_ENTRA_ID_ROLE + - AZURE_ENTERPRISE_APP + - CUSTOM + - CUSTOM_CONNECTOR + - DATABRICKS_ACCOUNT_SERVICE_PRINCIPAL + - GCP_ORGANIZATION + - GCP_BUCKET + - GCP_COMPUTE_INSTANCE + - GCP_FOLDER + - GCP_GKE_CLUSTER + - GCP_PROJECT + - GCP_CLOUD_SQL_POSTGRES_INSTANCE + - GCP_CLOUD_SQL_MYSQL_INSTANCE + - GCP_BIG_QUERY_DATASET + - GCP_BIG_QUERY_TABLE + - GCP_SERVICE_ACCOUNT + - GIT_HUB_REPO + - GIT_HUB_ORG_ROLE + - GIT_LAB_PROJECT + - GOOGLE_WORKSPACE_ROLE + - MONGO_INSTANCE + - MONGO_ATLAS_INSTANCE + - OKTA_APP + - OKTA_ROLE + - OPAL_ROLE + - OPAL_SCOPED_ROLE + - PAGERDUTY_ROLE + - TAILSCALE_SSH + - SALESFORCE_PERMISSION_SET + - SALESFORCE_PROFILE + - SALESFORCE_ROLE + - SNOWFLAKE_DATABASE + - SNOWFLAKE_SCHEMA + - SNOWFLAKE_TABLE + - WORKDAY_ROLE + - MYSQL_INSTANCE + - MARIADB_INSTANCE + - POSTGRES_INSTANCE + - TELEPORT_ROLE + - ILEVEL_ADVANCED_ROLE + - DATASTAX_ASTRA_ROLE + - COUPA_ROLE example: AWS_IAM_ROLE type: string VisibilityTypeEnum: description: The visibility level of the entity. enum: - - GLOBAL - - LIMITED + - GLOBAL + - LIMITED example: GLOBAL type: string RolePermissionNameEnum: description: The name of the role permission. enum: - - READ - - READ_ASSIGNMENTS - - CREATE - - IMPORT - - EXPORT - - SYNC - - DELETE - - READ_SETTINGS - - EDIT_TAGS - - EDIT_SETTINGS - - EDIT_SYNC_SETTINGS - - EDIT_ASSIGNMENTS - - EDIT_REQUEST_CONFIGURATIONS - - EDIT_EVENT_STREAM - - ASSIGN_UAR_REVIEWERS - - SEND_REMINDERS - - STOP - - REQUEST_ON_BEHALF - - RESET_MFA + - READ + - READ_ASSIGNMENTS + - CREATE + - IMPORT + - EXPORT + - SYNC + - DELETE + - READ_SETTINGS + - EDIT_TAGS + - EDIT_SETTINGS + - EDIT_SYNC_SETTINGS + - EDIT_ASSIGNMENTS + - EDIT_REQUEST_CONFIGURATIONS + - EDIT_EVENT_STREAM + - ASSIGN_UAR_REVIEWERS + - SEND_REMINDERS + - STOP + - REQUEST_ON_BEHALF + - RESET_MFA example: READ type: string RolePermissionTargetTypeEnum: description: The type of the target for the role permission. enum: - - RESOURCE - - CONNECTION - - GROUP - - BUNDLE - - USER - - ACCESS_REVIEW + - RESOURCE + - CONNECTION + - GROUP + - BUNDLE + - USER + - ACCESS_REVIEW example: RESOURCE type: string UpdateGroupResourcesInfo: example: group_resources: - - resource_id: 1520617d-e72a-47f5-a84c-693817ab48ad2 - access_level_remote_id: "" - - resource_id: 6f99639b-7928-4043-8184-47cbc6766145 - access_level_remote_id: write + - resource_id: 1520617d-e72a-47f5-a84c-693817ab48ad2 + access_level_remote_id: "" + - resource_id: 6f99639b-7928-4043-8184-47cbc6766145 + access_level_remote_id: "write" properties: resources: items: $ref: "#/components/schemas/ResourceWithAccessLevel" type: array + type: object required: - - resources + - resources IdpGroupMapping: description: Information about a group mapping. example: app_resource_id: 1520617d-e72a-47f5-a84c-693817ab48ad2 group_id: 6f99639b-7928-4043-8184-47cbc6766145 - alias: finance-team - hidden_from_end_user: false + alias: "finance-team" + hidden_from_end_user: False properties: app_resource_id: description: The ID of the app resource. @@ -6708,34 +6690,35 @@ components: example: finance-team type: string hidden_from_end_user: - description: A bool representing whether or not the group is hidden from - the end user. - example: false + description: A bool representing whether or not the group is hidden from the end user. + example: False type: boolean required: - - group_id - - hidden_from_end_user + - group_id + - hidden_from_end_user + type: object IdpGroupMappingList: example: mappings: - - group_id: 6f99639b-7928-4043-8184-47cbc6766145 - alias: finance-team - hidden_from_end_user: false - - group_id: 7870617d-e72a-47f5-a84c-693817ab4567 - alias: engineering-team - hidden_from_end_user: false + - group_id: 6f99639b-7928-4043-8184-47cbc6766145 + alias: "finance-team" + hidden_from_end_user: False + - group_id: 7870617d-e72a-47f5-a84c-693817ab4567 + alias: "engineering-team" + hidden_from_end_user: False properties: mappings: items: $ref: "#/components/schemas/IdpGroupMapping" type: array + type: object required: - - mappings + - mappings ResourceWithAccessLevel: description: Information about a resource and corresponding access level example: resource_id: b5a5ca27-0ea3-4d86-9199-2126d57d1fbd - access_level_remote_id: write + access_level_remote_id: "write" properties: resource_id: description: The ID of the resource. @@ -6747,12 +6730,13 @@ components: example: write type: string required: - - resource_id + - resource_id + type: object GroupWithAccessLevel: description: Information about a group and corresponding access level example: group_id: 7870617d-e72a-47f5-a84c-693817ab4567 - access_level_remote_id: write + access_level_remote_id: "write" properties: group_id: description: The ID of the group. @@ -6764,182 +6748,184 @@ components: example: write type: string required: - - group_id + - group_id + type: object GroupResourceList: example: group_resources: - - group_id: 7870617d-e72a-47f5-a84c-693817ab4567 - resource_id: 1520617d-e72a-47f5-a84c-693817ab48ad2 - access_level_remote_id: "" - - group_id: 50333e67-73ce-47ab-b049-d8abcd45f7a1 - resource_id: 6f99639b-7928-4043-8184-47cbc6766145 - access_level_remote_id: write + - group_id: 7870617d-e72a-47f5-a84c-693817ab4567 + resource_id: 1520617d-e72a-47f5-a84c-693817ab48ad2 + access_level_remote_id: "" + - group_id: 50333e67-73ce-47ab-b049-d8abcd45f7a1 + resource_id: 6f99639b-7928-4043-8184-47cbc6766145 + access_level_remote_id: "write" properties: group_resources: items: $ref: "#/components/schemas/GroupResource" type: array + type: object required: - - group_resources + - group_resources GroupContainingGroupList: example: containing_groups: - - containing_group_id: 7870617d-e72a-47f5-a84c-693817ab4567 - - containing_group_id: 50333e67-73ce-47ab-b049-d8abcd45f7a1 + - containing_group_id: 7870617d-e72a-47f5-a84c-693817ab4567 + - containing_group_id: 50333e67-73ce-47ab-b049-d8abcd45f7a1 properties: containing_groups: items: $ref: "#/components/schemas/GroupContainingGroup" type: array + type: object required: - - containing_groups + - containing_groups MessageChannelList: example: channels: - - message_channel_id: 7870617d-e72a-47f5-a84c-693817ab4567 - third_party_provider: SLACK - remote_id: C03FJR97276 - name: api-team-audit-channel - is_private: false - - message_channel_id: 1520617d-e72a-47f5-a84c-693817ab48ad2 - third_party_provider: SLACK - remote_id: A4FJR97365D - name: api-team-monitor-channel - is_private: false + - message_channel_id: 7870617d-e72a-47f5-a84c-693817ab4567 + third_party_provider: SLACK + remote_id: C03FJR97276 + name: api-team-audit-channel + is_private: False + - message_channel_id: 1520617d-e72a-47f5-a84c-693817ab48ad2 + third_party_provider: SLACK + remote_id: A4FJR97365D + name: api-team-monitor-channel + is_private: False properties: channels: items: $ref: "#/components/schemas/MessageChannel" type: array + type: object required: - - channels + - channels OnCallScheduleList: example: on_call_schedules: - - on_call_schedule_id: 50d5e9f6-f23f-4d5a-ae91-b2640cf3975e - third_party_provider: PAGER_DUTY - remote_id: P7OWH2R - name: Customer Support On-Call - - on_call_schedule_id: 4d61592c-ed61-4b13-8f22-2fac1c49f574 - third_party_provider: OPSGENIE - remote_id: 72a8cb04-9e25-465d-a932-992f72077c61 - name: Opal Backend On-Call + - on_call_schedule_id: 50d5e9f6-f23f-4d5a-ae91-b2640cf3975e + third_party_provider: PAGER_DUTY + remote_id: P7OWH2R + name: Customer Support On-Call + - on_call_schedule_id: 4d61592c-ed61-4b13-8f22-2fac1c49f574 + third_party_provider: OPSGENIE + remote_id: 72a8cb04-9e25-465d-a932-992f72077c61 + name: Opal Backend On-Call properties: on_call_schedules: items: $ref: "#/components/schemas/OnCallSchedule" type: array + type: object required: - - on_call_schedules + - on_call_schedules VisibilityInfo: description: Visibility infomation of an entity. example: visibility: LIMITED visibility_group_ids: - - 7870617d-e72a-47f5-a84c-693817ab4567 - - 1520617d-e72a-47f5-a84c-693817ab48ad2 + - 7870617d-e72a-47f5-a84c-693817ab4567 + - 1520617d-e72a-47f5-a84c-693817ab48ad2 properties: visibility: $ref: "#/components/schemas/VisibilityTypeEnum" visibility_group_ids: items: - format: uuid type: string + format: uuid type: array + type: object required: - - visibility + - visibility MessageChannelIDList: description: A list of message channel IDs. example: message_channel_ids: - - 7870617d-e72a-47f5-a84c-693817ab4567 - - 1520617d-e72a-47f5-a84c-693817ab48ad2 + - 7870617d-e72a-47f5-a84c-693817ab4567 + - 1520617d-e72a-47f5-a84c-693817ab48ad2 properties: message_channel_ids: items: - format: uuid type: string + format: uuid type: array + type: object required: - - message_channel_ids + - message_channel_ids OnCallScheduleIDList: - description: "A list of on call schedule Opal UUIDs. To get the matching remote\ - \ IDs, use the /on-call-schedules endpoints." + description: A list of on call schedule Opal UUIDs. To get the matching remote IDs, use the /on-call-schedules endpoints. example: on_call_schedule_ids: - - 9546209c-42c2-4801-96d7-9ec42df0f59c - - bb0197c0-5ea5-45d9-b3b7-b6c439be6435 + - 9546209c-42c2-4801-96d7-9ec42df0f59c + - bb0197c0-5ea5-45d9-b3b7-b6c439be6435 properties: on_call_schedule_ids: items: - format: uuid type: string + format: uuid type: array + type: object required: - - on_call_schedule_ids + - on_call_schedule_ids ReviewerIDList: description: A list of reviewer IDs. example: reviewer_ids: - - 7870617d-e72a-47f5-a84c-693817ab4567 - - 1520617d-e72a-47f5-a84c-693817ab48ad2 + - 7870617d-e72a-47f5-a84c-693817ab4567 + - 1520617d-e72a-47f5-a84c-693817ab48ad2 properties: reviewer_ids: items: - format: uuid type: string + format: uuid type: array + type: object required: - - reviewer_ids + - reviewer_ids ReviewerStageList: - example: - stages: - - owner_ids: - - 7870617d-e72a-47f5-a84c-693817ab4567 - - 1520617d-e72a-47f5-a84c-693817ab48ad2 - - owner_ids: - - 7870617d-e72a-47f5-a84c-693817ab4567 - - 1520617d-e72a-47f5-a84c-693817ab48ad2 properties: stages: description: A list of reviewer stages. items: $ref: "#/components/schemas/ReviewerStage" type: array + type: object required: - - stages + - stages ReviewerStage: description: A reviewer stage. example: owner_ids: - - 7870617d-e72a-47f5-a84c-693817ab4567 - - 1520617d-e72a-47f5-a84c-693817ab48ad2 + - 7870617d-e72a-47f5-a84c-693817ab4567 + - 1520617d-e72a-47f5-a84c-693817ab48ad2 properties: require_manager_approval: description: Whether this reviewer stage should require manager approval. - example: false + example: False type: boolean require_admin_approval: description: Whether this reviewer stage should require admin approval. - example: false + example: False type: boolean operator: - description: The operator of the reviewer stage. Admin and manager approval - are also treated as reviewers. + description: The operator of the reviewer stage. Admin and manager approval are also treated as reviewers. enum: - - AND - - OR + - AND + - OR example: AND type: string owner_ids: items: - format: uuid type: string + format: uuid type: array + type: object required: - - operator - - owner_ids - - require_manager_approval + - operator + - require_manager_approval + - owner_ids + - stage MessageChannel: description: |- # MessageChannel Object @@ -6953,7 +6939,7 @@ components: third_party_provider: SLACK remote_id: C03FJR97276 name: api-team-audit-channel - is_private: false + is_private: False properties: message_channel_id: description: The ID of the message channel. @@ -6972,10 +6958,11 @@ components: type: string is_private: description: A bool representing whether or not the message channel is private. - example: false + example: False type: boolean + type: object required: - - message_channel_id + - message_channel_id CreateMessageChannelInfo: description: |- # CreateMessageChannelInfo Object @@ -6991,13 +6978,14 @@ components: description: The remote ID of the message channel example: C03FJR97276 type: string + type: object required: - - remote_id - - third_party_provider + - third_party_provider + - remote_id MessageChannelProviderEnum: description: The third party provider of the message channel. enum: - - SLACK + - SLACK example: SLACK type: string OnCallSchedule: @@ -7029,6 +7017,9 @@ components: description: The name of the on call schedule. example: Customer Support On-Call type: string + type: object + required: + - message_channel_id CreateOnCallScheduleInfo: description: |- # CreateOnCallScheduleInfo Object @@ -7044,133 +7035,581 @@ components: description: The remote ID of the on call schedule example: PNZNINN type: string + type: object required: - - remote_id - - third_party_provider + - third_party_provider + - remote_id OnCallScheduleProviderEnum: description: The third party provider of the on call schedule. enum: - - OPSGENIE - - PAGER_DUTY + - OPSGENIE + - PAGER_DUTY example: PAGER_DUTY type: string TicketingProviderEnum: description: The third party ticketing platform provider. enum: - - JIRA - - LINEAR - - SERVICE_NOW + - JIRA + - LINEAR + - SERVICE_NOW example: LINEAR type: string GroupRemoteInfo: - description: "Information that defines the remote group. This replaces the deprecated\ - \ remote_id and metadata fields. If remote_info is provided, a group will\ - \ be imported into Opal. For group types that support group creation through\ - \ Opal, a new group will be created if remote_info is not provided." + description: Information that defines the remote group. This replaces the deprecated remote_id and metadata fields. If remote_info is provided, a group will be imported into Opal. For group types that support group creation through Opal, a new group will be created if remote_info is not provided. properties: active_directory_group: - $ref: "#/components/schemas/GroupRemoteInfo_active_directory_group" + description: Remote info for Active Directory group. + properties: + group_id: + description: The id of the Google group. + example: 01fa7402-01d8-103b-8deb-5f3a0ab7884 + type: string + type: object + required: + - group_id github_team: - $ref: "#/components/schemas/GroupRemoteInfo_github_team" + description: Remote info for GitHub team. + properties: + team_id: + deprecated: true + description: The id of the GitHub team. + example: 898931321 + type: string + team_slug: + description: The slug of the GitHub team. + example: opal-security + type: string + type: object + required: + - team_slug gitlab_group: - $ref: "#/components/schemas/GroupRemoteInfo_gitlab_group" + description: Remote info for Gitlab group. + properties: + group_id: + description: The id of the Gitlab group. + example: 898931321 + type: string + type: object + required: + - group_id google_group: - $ref: "#/components/schemas/GroupRemoteInfo_google_group" + description: Remote info for Google group. + properties: + group_id: + description: The id of the Google group. + example: 1y6w882181n7sg + type: string + type: object + required: + - group_id ldap_group: - $ref: "#/components/schemas/GroupRemoteInfo_ldap_group" + description: Remote info for LDAP group. + properties: + group_id: + description: The id of the LDAP group. + example: 01fa7402-01d8-103b-8deb-5f3a0ab7884 + type: string + type: object + required: + - group_id okta_group: - $ref: "#/components/schemas/GroupRemoteInfo_okta_group" + description: Remote info for Okta Directory group. + properties: + group_id: + description: The id of the Okta Directory group. + example: 00gjs33pe8rtmRrp3rd6 + type: string + type: object + required: + - group_id duo_group: - $ref: "#/components/schemas/GroupRemoteInfo_duo_group" + description: Remote info for Duo Security group. + properties: + group_id: + description: The id of the Duo Security group. + example: DSRD8W89B9DNDBY4RHAC + type: string + type: object + required: + - group_id azure_ad_security_group: - $ref: "#/components/schemas/GroupRemoteInfo_azure_ad_security_group" + description: Remote info for Microsoft Entra ID Security group. + properties: + group_id: + description: The id of the Microsoft Entra ID Security group. + example: 01fa7402-01d8-103b-8deb-5f3a0ab7884 + type: string + type: object + required: + - group_id azure_ad_microsoft_365_group: - $ref: "#/components/schemas/GroupRemoteInfo_azure_ad_microsoft_365_group" + description: Remote info for Microsoft Entra ID Microsoft 365 group. + properties: + group_id: + description: The id of the Microsoft Entra ID Microsoft 365 group. + example: 01fa7402-01d8-103b-8deb-5f3a0ab7884 + type: string + type: object + required: + - group_id snowflake_role: - $ref: "#/components/schemas/GroupRemoteInfo_snowflake_role" + description: Remote info for Snowflake role. + properties: + role_id: + description: The id of the Snowflake role. + example: 01fa7402-01d8-103b-8deb-5f3a0ab7884 + type: string + type: object + required: + - role_id okta_group_rule: - $ref: "#/components/schemas/GroupRemoteInfo_okta_group_rule" + description: Remote info for Okta Directory group rule. + properties: + rule_id: + description: The id of the Okta group rule. + example: 0pr3f7zMZZHPgUoWO0g4 + type: string + type: object + required: + - rule_id workday_user_security_group: - $ref: "#/components/schemas/GroupRemoteInfo_workday_user_security_group" + description: Remote info for Workday User Security group. + properties: + group_id: + description: The id of the Workday User Security group. + example: 123abc456def + type: string + type: object + required: + - group_id + type: object ResourceRemoteInfo: - description: Information that defines the remote resource. This replaces the - deprecated remote_id and metadata fields. + description: Information that defines the remote resource. This replaces the deprecated remote_id and metadata fields. properties: aws_organizational_unit: - $ref: "#/components/schemas/ResourceRemoteInfo_aws_organizational_unit" + description: Remote info for AWS organizational unit. + properties: + parent_id: + description: The id of the parent organizational unit. + example: ou-1234 + type: string + organizational_unit_id: + description: The id of the AWS organizational unit that is being created. + example: ou-1234 + type: string + type: object + required: + - organizational_unit_id aws_account: - $ref: "#/components/schemas/ResourceRemoteInfo_aws_account" + description: Remote info for AWS account. + properties: + account_id: + description: The id of the AWS account. + example: 234234234234 + type: string + organizational_unit_id: + description: The id of the AWS organizational unit. Required only if customer has OUs enabled. + example: ou-1234 + type: string + type: object + required: + - account_id aws_permission_set: - $ref: "#/components/schemas/ResourceRemoteInfo_aws_permission_set" + description: Remote info for AWS Identity Center permission set. + properties: + arn: + description: The ARN of the permission set. + example: arn:aws:sso:::permissionSet/asdf-32139302d201d32/ps-f03323201211e1b9 + type: string + account_id: + description: The ID of an AWS account to which this permission set is provisioned. + example: 234234234234 + type: string + type: object + required: + - arn + - account_id aws_iam_role: - $ref: "#/components/schemas/ResourceRemoteInfo_aws_iam_role" + description: Remote info for AWS IAM role. + properties: + arn: + description: The ARN of the IAM role. + example: arn:aws:iam::179308207300:role/MyRole + type: string + account_id: + description: The id of the AWS account. Required for AWS Organizations. + example: 234234234234 + type: string + type: object + required: + - arn aws_ec2_instance: - $ref: "#/components/schemas/ResourceRemoteInfo_aws_ec2_instance" + description: Remote info for AWS EC2 instance. + properties: + instance_id: + description: The instanceId of the EC2 instance. + example: i-13f1a1e2899f9e93a + type: string + region: + description: The region of the EC2 instance. + example: us-east-2 + type: string + account_id: + description: The id of the AWS account. Required for AWS Organizations. + example: 234234234234 + type: string + type: object + required: + - instance_id + - region aws_rds_instance: - $ref: "#/components/schemas/ResourceRemoteInfo_aws_rds_instance" + description: Remote info for AWS RDS instance. + properties: + instance_id: + description: The instanceId of the RDS instance. + example: demo-mysql-db + type: string + region: + description: The region of the RDS instance. + example: us-east-2 + type: string + resource_id: + description: The resourceId of the RDS instance. + example: db-AOO8V0XUCNU13XLZXQDQRSN0NQ + type: string + account_id: + description: The id of the AWS account. Required for AWS Organizations. + example: 234234234234 + type: string + type: object + required: + - instance_id + - region + - resource_id aws_eks_cluster: - $ref: "#/components/schemas/ResourceRemoteInfo_aws_eks_cluster" + description: Remote info for AWS EKS cluster. + properties: + arn: + description: The ARN of the EKS cluster. + example: arn:aws:eks:us-east-2:234234234234:cluster/testcluster + type: string + account_id: + description: The id of the AWS account. Required for AWS Organizations. + example: 234234234234 + type: string + type: object + required: + - arn custom_connector: - $ref: "#/components/schemas/ResourceRemoteInfo_custom_connector" + description: Remote info for a custom connector resource. + properties: + remote_resource_id: + description: The id of the resource in the end system + example: 01fa7402-01d8-103b-8deb-5f3a0ab7884 + type: string + can_have_usage_events: + description: A bool representing whether or not the resource can have usage data. + example: False + type: boolean + type: object + required: + - remote_resource_id + - can_have_usage_events gcp_organization: - $ref: "#/components/schemas/ResourceRemoteInfo_gcp_organization" + description: Remote info for GCP organization. + properties: + organization_id: + description: The id of the organization. + example: organizations/898931321 + type: string + type: object + required: + - organization_id gcp_bucket: - $ref: "#/components/schemas/ResourceRemoteInfo_gcp_bucket" + description: Remote info for GCP bucket. + properties: + bucket_id: + description: The id of the bucket. + example: example-bucket-898931321 + type: string + type: object + required: + - bucket_id gcp_compute_instance: - $ref: "#/components/schemas/ResourceRemoteInfo_gcp_compute_instance" + description: Remote info for GCP compute instance. + properties: + instance_id: + description: The id of the instance. + example: example-instance-898931321 + type: string + project_id: + description: The id of the project the instance is in. + example: example-project-898931321 + type: string + zone: + description: The zone the instance is in. + example: us-central1-a + type: string + type: object + required: + - instance_id + - project_id + - zone gcp_big_query_dataset: - $ref: "#/components/schemas/ResourceRemoteInfo_gcp_big_query_dataset" + description: Remote info for GCP BigQuery Dataset. + properties: + project_id: + description: The id of the project the dataset is in. + example: example-project-898931321 + type: string + dataset_id: + description: The id of the dataset. + example: example-dataset-898931321 + type: string + type: object + required: + - project_id + - dataset_id gcp_big_query_table: - $ref: "#/components/schemas/ResourceRemoteInfo_gcp_big_query_table" + description: Remote info for GCP BigQuery Table. + properties: + project_id: + description: The id of the project the table is in. + example: example-project-898931321 + type: string + dataset_id: + description: The id of the dataset the table is in. + example: example-dataset-898931321 + type: string + table_id: + description: The id of the table. + example: example-table-898931321 + type: string + type: object + required: + - project_id + - dataset_id + - table_id gcp_folder: - $ref: "#/components/schemas/ResourceRemoteInfo_gcp_folder" + description: Remote info for GCP folder. + properties: + folder_id: + description: The id of the folder. + example: folder/898931321 + type: string + type: object + required: + - folder_id gcp_gke_cluster: - $ref: "#/components/schemas/ResourceRemoteInfo_gcp_gke_cluster" + description: Remote info for GCP GKE cluster. + properties: + cluster_name: + description: The name of the GKE cluster. + example: example-cluster-898931321 + type: string + type: object + required: + - cluster_name gcp_project: - $ref: "#/components/schemas/ResourceRemoteInfo_gcp_project" + description: Remote info for GCP project. + properties: + project_id: + description: The id of the project. + example: example-project-898931321 + type: string + type: object + required: + - project_id gcp_sql_instance: - $ref: "#/components/schemas/ResourceRemoteInfo_gcp_sql_instance" + description: Remote info for GCP SQL instance. + properties: + instance_id: + description: The id of the SQL instance. + example: example-sql-898931321 + type: string + project_id: + description: The id of the project the instance is in. + example: example-project-898931321 + type: string + type: object + required: + - instance_id + - project_id gcp_service_account: - $ref: "#/components/schemas/ResourceRemoteInfo_gcp_service_account" + description: Remote info for a GCP service account. + properties: + email: + description: The email of the service account. + example: production@project.iam.gserviceaccount.com + type: string + service_account_id: + description: The id of the service account. + example: 103561576023829463298 + type: string + project_id: + description: The id of the project the service account is in. + example: example-project-898931321 + type: string + type: object + required: + - email + - service_account_id + - project_id google_workspace_role: - $ref: "#/components/schemas/ResourceRemoteInfo_google_workspace_role" + description: Remote info for GCP workspace role. + properties: + role_id: + description: The id of the role. + example: google-workspace-role:01234567890123456 + type: string + type: object + required: + - role_id github_repo: - $ref: "#/components/schemas/ResourceRemoteInfo_github_repo" + description: Remote info for GitHub repository. + properties: + repo_id: + deprecated: true + description: The id of the repository. + example: 898931321 + type: string + repo_name: + description: The name of the repository. + example: Opal Security + type: string + type: object + required: + - repo_name github_org_role: - $ref: "#/components/schemas/ResourceRemoteInfo_github_org_role" + description: Remote info for GitHub organization role. + properties: + role_id: + description: The id of the role. + example: 112233 + type: string + type: object + required: + - role_id gitlab_project: - $ref: "#/components/schemas/ResourceRemoteInfo_gitlab_project" + description: Remote info for Gitlab project. + properties: + project_id: + description: The id of the project. + example: 898931321 + type: string + type: object + required: + - project_id okta_app: - $ref: "#/components/schemas/ResourceRemoteInfo_okta_app" + description: Remote info for Okta directory app. + properties: + app_id: + description: The id of the app. + example: a9dfas0f678asdf67867 + type: string + type: object + required: + - app_id okta_standard_role: - $ref: "#/components/schemas/ResourceRemoteInfo_okta_standard_role" + description: Remote info for Okta directory standard role. + properties: + role_type: + description: The type of the standard role. + example: ORG_ADMIN + type: string + type: object + required: + - role_type okta_custom_role: - $ref: "#/components/schemas/ResourceRemoteInfo_okta_custom_role" + description: Remote info for Okta directory custom role. + properties: + role_id: + description: The id of the custom role. + example: a9dfas0f678asdf67867 + type: string + type: object + required: + - role_id pagerduty_role: - $ref: "#/components/schemas/ResourceRemoteInfo_pagerduty_role" + description: Remote info for Pagerduty role. + properties: + role_name: + description: The name of the role. + example: owner + type: string + type: object + required: + - role_name salesforce_permission_set: - $ref: "#/components/schemas/ResourceRemoteInfo_salesforce_permission_set" + description: Remote info for Salesforce permission set. + properties: + permission_set_id: + description: The id of the permission set. + example: 0PS5Y090202wOV7WAM + type: string + type: object + required: + - permission_set_id salesforce_profile: - $ref: "#/components/schemas/ResourceRemoteInfo_salesforce_profile" + description: Remote info for Salesforce profile. + properties: + profile_id: + description: The id of the permission set. + example: 0PS5Y090202wOV7WAM + type: string + user_license_id: + description: The id of the user license. + example: 1005Y030081Qb5XJHS + type: string + type: object + required: + - profile_id + - user_license_id salesforce_role: - $ref: "#/components/schemas/ResourceRemoteInfo_salesforce_role" + description: Remote info for Salesforce role. + properties: + role_id: + description: The id of the role. + example: 0PS5Y090202wOV7WAM + type: string + type: object + required: + - role_id teleport_role: - $ref: "#/components/schemas/ResourceRemoteInfo_teleport_role" + description: Remote info for Teleport role. + properties: + role_name: + description: The name role. + example: admin_role + type: string + type: object + required: + - role_name datastax_astra_role: - $ref: "#/components/schemas/ResourceRemoteInfo_datastax_astra_role" + description: Remote info for an Astra role. + properties: + role_id: + description: The id of the role. + example: 123e4567-e89b-12d3-a456-426614174000 + type: string + type: object + required: + - role_id coupa_role: - $ref: "#/components/schemas/ResourceRemoteInfo_coupa_role" + description: Remote info for Coupa role. + properties: + role_id: + description: The id of the role. + example: 999 + type: string + type: object + required: + - role_id + type: object RiskSensitivityEnum: - description: Indicates the level of potential impact misuse or unauthorized - access may incur. - enum: - - UNKNOWN - - CRITICAL - - HIGH - - MEDIUM - - LOW - - NONE type: string + description: "Indicates the level of potential impact misuse or unauthorized access may incur." + enum: [UNKNOWN, CRITICAL, HIGH, MEDIUM, LOW, NONE] CreateResourceInfo: description: |- # CreateResourceInfo Object @@ -7213,10 +7652,7 @@ components: $ref: "#/components/schemas/ResourceRemoteInfo" remote_resource_id: deprecated: true - description: "Deprecated - use remote_info instead. The ID of the resource\ - \ on the remote system. Include only for items linked to remote systems.\ - \ See [this guide](https://docs.opal.dev/reference/end-system-objects)\ - \ for details on how to specify this field." + description: Deprecated - use remote_info instead. The ID of the resource on the remote system. Include only for items linked to remote systems. See [this guide](https://docs.opal.dev/reference/end-system-objects) for details on how to specify this field. example: API_ACCESS_MANAGEMENT_ADMIN-51d203da-313a-4fd9-8fcf-420ce6312345 type: string metadata: @@ -7454,17 +7890,18 @@ components: type: string custom_request_notification: description: Custom request notification sent upon request approval. - example: Check your email to register your account. - maxLength: 800 type: string + maxLength: 800 nullable: true + example: "Check your email to register your account." risk_sensitivity_override: allOf: - - $ref: "#/components/schemas/RiskSensitivityEnum" + - $ref: "#/components/schemas/RiskSensitivityEnum" required: - - app_id - - name - - resource_type + - name + - resource_type + - app_id + type: object CreateBundleInfo: description: |- # CreateBundleInfo Object @@ -7479,20 +7916,20 @@ components: admin_owner_id: 7870617d-e72a-47f5-a84c-693817ab4567 properties: name: - description: The name of the bundle. - example: Test Bundle type: string + description: The name of the bundle. + example: "Test Bundle" description: - description: A brief description of the bundle. - example: This is a test bundle type: string + description: A brief description of the bundle. + example: "This is a test bundle" admin_owner_id: - description: The ID of the bundle's admin owner. - example: 7c86c85d-0651-43e2-a748-d69d658418e8 type: string + description: The ID of the bundle's admin owner. + example: "7c86c85d-0651-43e2-a748-d69d658418e8" required: - - admin_owner_id - - name + - name + - admin_owner_id CreateGroupInfo: description: |- # CreateGroupInfo Object @@ -7506,8 +7943,8 @@ components: name: Engineering Team description: Engineering team Okta group. group_type: OKTA_GROUP - metadata: "{ \"okta_directory_group\": { \"group_id\": \"00g4bs66kwtpe1g12345\"\ - \ } }" + metadata: |- + { "okta_directory_group": { "group_id": "00g4bs66kwtpe1g12345" } } app_id: f454d283-ca87-4a8a-bdbb-df212eca5353 properties: name: @@ -7529,10 +7966,7 @@ components: $ref: "#/components/schemas/GroupRemoteInfo" remote_group_id: deprecated: true - description: "Deprecated - use remote_info instead. The ID of the group\ - \ on the remote system. Include only for items linked to remote systems.\ - \ See [this guide](https://docs.opal.dev/reference/end-system-objects)\ - \ for details on how to specify this field." + description: Deprecated - use remote_info instead. The ID of the group on the remote system. Include only for items linked to remote systems. See [this guide](https://docs.opal.dev/reference/end-system-objects) for details on how to specify this field. example: 00g4fixjd6Bc9w012345 type: string metadata: @@ -7626,62 +8060,65 @@ components: "type": "object" } ``` - example: "{ \"okta_directory_group\": { \"group_id\": \"00g4bs66kwtpe1g12345\"\ - \ } }" + example: |- + { "okta_directory_group": { "group_id": "00g4bs66kwtpe1g12345" } } type: string custom_request_notification: description: Custom request notification sent upon request approval. - example: Check your email to register your account. - maxLength: 800 type: string + maxLength: 800 nullable: true + example: "Check your email to register your account." risk_sensitivity_override: allOf: - - $ref: "#/components/schemas/RiskSensitivityEnum" + - $ref: "#/components/schemas/RiskSensitivityEnum" required: - - app_id - - group_type - - name + - name + - group_type + - app_id + type: object PaginatedResourcesList: example: next: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw previous: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ results: - - resource_id: f454d283-ca67-4a8a-bdbb-df212eca5353 - description: This resource represents AWS IAM role "SupportUser". - admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 - remote_id: arn:aws:iam::490306337630:role/SupportUser - remote_name: SupportUser - max_duration: 120 - require_manager_approval: false - require_support_ticket: false - parent_resource_id: f454d283-ca67-4a8a-bdbb-df212eca5345 - - resource_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b - description: This resource represents GCP project "app-demo". - remote_id: app-demo-307223 - remote_name: app-demo - admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 - max_duration: 360 - require_manager_approval: false - require_support_ticket: true + - resource_id: f454d283-ca67-4a8a-bdbb-df212eca5353 + description: This resource represents AWS IAM role "SupportUser". + admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + remote_id: arn:aws:iam::490306337630:role/SupportUser + remote_name: SupportUser + max_duration: 120 + require_manager_approval: False + require_support_ticket: False + parent_resource_id: f454d283-ca67-4a8a-bdbb-df212eca5345 + - resource_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b + description: This resource represents GCP project "app-demo". + remote_id: app-demo-307223 + remote_name: app-demo + admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + max_duration: 360 + require_manager_approval: False + require_support_ticket: True properties: next: - description: The cursor with which to continue pagination if additional + description: + The cursor with which to continue pagination if additional result pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - type: string nullable: true + type: string previous: description: The cursor used to obtain the current result page. example: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ - type: string nullable: true + type: string results: items: $ref: "#/components/schemas/Resource" type: array + type: object required: - - results + - results RequestStatusEnum: description: |- # Request Status @@ -7691,10 +8128,10 @@ components: ### Usage Example Returned from the `GET Requests` endpoint. enum: - - PENDING - - APPROVED - - DENIED - - CANCELED + - PENDING + - APPROVED + - DENIED + - CANCELED type: string Request: description: |- @@ -7715,26 +8152,26 @@ components: reason: I need this resource. duration_minutes: 1440 request_comments: - - id: 7c86c85d-0651-43e2-a748-d69d658418e8 - created_at: 2021-01-06T20:00:00Z - updated_at: 2021-01-06T20:00:00Z - request_id: 4c86c85d-0651-43e2-a748-d69d658418e8 - user_id: c86c85d-0651-43e2-a748-d69d658418e8 - comment: This is a comment. + - id: 7c86c85d-0651-43e2-a748-d69d658418e8 + created_at: 2021-01-06T20:00:00Z + updated_at: 2021-01-06T20:00:00Z + request_id: 4c86c85d-0651-43e2-a748-d69d658418e8 + user_id: c86c85d-0651-43e2-a748-d69d658418e8 + comment: This is a comment. reviewer_stages: - - requestedRoleName: Admin - requestedItemName: AWS Production Account - stages: - - stage: 1 - operator: AND - reviewers: - - id: 7c86c85d-0651-43e2-a748-d69d658418e8 - status: PENDING - - stage: 2 - operator: OR - reviewers: - - id: 8d86c85d-0651-43e2-a748-d69d658418e9 - status: APPROVED + - requestedRoleName: "Admin" + requestedItemName: "AWS Production Account" + stages: + - stage: 1 + operator: AND + reviewers: + - id: 7c86c85d-0651-43e2-a748-d69d658418e8 + status: PENDING + - stage: 2 + operator: OR + reviewers: + - id: 8d86c85d-0651-43e2-a748-d69d658418e9 + status: APPROVED properties: id: description: The unique identifier of the request. @@ -7757,18 +8194,18 @@ components: format: uuid type: string target_user_id: - description: The unique identifier of the user who is the target of the - request. + description: The unique identifier of the user who is the target of the request. example: 7c86c85d-0651-43e2-a748-d69d658418e8 format: uuid type: string target_group_id: - description: The unique identifier of the group who is the target of the - request. + description: The unique identifier of the group who is the target of the request. example: 7c86c85d-0651-43e2-a748-d69d658418e8 format: uuid type: string status: + description: The status of the request. + example: pending $ref: "#/components/schemas/RequestStatusEnum" reason: description: The reason for the request. @@ -7780,44 +8217,46 @@ components: type: integer requested_items_list: description: The list of targets for the request. + type: array items: $ref: "#/components/schemas/RequestedItem" - type: array custom_fields_responses: - description: The responses given to the custom fields associated to the - request + description: The responses given to the custom fields associated to the request + type: array items: $ref: "#/components/schemas/RequestCustomFieldResponse" - type: array stages: + deprecated: true + description: The stages configuration for this request $ref: "#/components/schemas/RequestItemStages" reviewer_stages: description: The configured reviewer stages for every item in this request + type: array items: $ref: "#/components/schemas/RequestReviewerStages" - type: array required: - - created_at - - id - - reason - - requester_id - - status - - updated_at + - id + - created_at + - updated_at + - requester_id + - status + - reason RequestCommentList: description: A paginated list of request comments + type: object example: comments: - - created_at: 2021-01-06T20:00:00Z - request_id: 4c86c85d-0651-43e2-a748-d69d658418e8 - user_id: c86c85d-0651-43e2-a748-d69d658418e8 - comment: This is a comment. + - created_at: 2021-01-06T20:00:00Z + request_id: 4c86c85d-0651-43e2-a748-d69d658418e8 + user_id: c86c85d-0651-43e2-a748-d69d658418e8 + comment: This is a comment. properties: comments: items: $ref: "#/components/schemas/RequestComment" type: array required: - - comments + - comments RequestComment: description: |- # Request Comment Object @@ -7838,8 +8277,7 @@ components: format: date-time type: string request_id: - description: The unique identifier of the request the comment is associated - with. + description: The unique identifier of the request the comment is associated with. example: 7c86c85d-0651-43e2-a748-d69d658418e8 format: uuid type: string @@ -7861,12 +8299,13 @@ components: example: This is a comment. type: string required: - - comment - - created_at - - request_id - - user_id + - created_at + - request_id + - user_id + - comment RequestReviewerStages: description: The stages configuration for a request item + type: object properties: access_level_name: description: The name of the access level requested. @@ -7886,16 +8325,17 @@ components: type: string stages: description: The stages of review for this request + type: array items: $ref: "#/components/schemas/RequestStage" - type: array required: - - item_id - - item_name - - stages + - item_name + - item_id + - stages RequestItemStages: - deprecated: true description: The stages configuration for a request item + type: object + deprecated: true properties: requestedRoleName: description: The name of the requested role @@ -7905,56 +8345,59 @@ components: type: string stages: description: The stages of review for this request + type: array items: $ref: "#/components/schemas/RequestStage" - type: array required: - - requestedItemName - - stages + - requestedItemName + - stages RequestStage: description: A stage in the request review process + type: object properties: stage: description: The stage number type: integer operator: + description: The operator to apply to reviewers in this stage $ref: "#/components/schemas/ReviewStageOperator" reviewers: description: The reviewers for this stage + type: array items: $ref: "#/components/schemas/RequestReviewer" - type: array required: - - operator - - reviewers - - stage + - stage + - operator + - reviewers ReviewStageOperator: description: The operator to apply to reviewers in a stage - enum: - - AND - - OR type: string + enum: + - AND + - OR RequestReviewer: description: A reviewer in a request stage + type: object properties: id: description: The unique identifier of the reviewer - format: uuid type: string + format: uuid full_name: description: The user's full name. example: Jake Barnes type: string status: description: The status of this reviewer's review - enum: - - PENDING - - APPROVED - - REJECTED type: string + enum: + - PENDING + - APPROVED + - REJECTED required: - - id - - status + - id + - status RequestedItem: description: |- # Requested Item Object @@ -7963,12 +8406,6 @@ components: ### Usage Example Returned from the `GET Requests` endpoint. - example: - resource_id: null - group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 - access_level_name: admin - access_level_remote_id: arn:aws:iam::490306337630:role/SupportUser - name: Engineering Team properties: resource_id: description: The ID of the resource requested. @@ -8000,25 +8437,36 @@ components: description: The name of the target on the remote system. example: SupportUser type: string + example: + resource_id: null + group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 + access_level_name: admin + access_level_remote_id: arn:aws:iam::490306337630:role/SupportUser + name: Engineering Team RequestCustomFieldResponse: properties: field_name: type: string field_type: + example: SHORT_TEXT $ref: "#/components/schemas/RequestTemplateCustomFieldTypeEnum" field_value: - $ref: "#/components/schemas/RequestCustomFieldResponse_field_value" - required: - - field_name - - field_type - - field_value + oneOf: + - type: string + example: "This is a response to a long text or short text or multi choice" + - type: boolean + example: true + required: + - field_name + - field_type + - field_value RequestTemplateCustomFieldTypeEnum: description: The type of the custom request field. enum: - - SHORT_TEXT - - LONG_TEXT - - BOOLEAN - - MULTI_CHOICE + - SHORT_TEXT + - LONG_TEXT + - BOOLEAN + - MULTI_CHOICE type: string RequestList: description: |- @@ -8030,35 +8478,34 @@ components: Returned from the `GET Requests` endpoint. example: requests: - - id: 7c86c85d-0651-43e2-a748-d69d658418e8 - organization_id: w86c85d-0651-43e2-a748-d69d658418e8 - created_at: 2021-01-06T20:00:00Z - updated_at: 2021-01-06T20:00:00Z - requester_id: c86c85d-0651-43e2-a748-d69d658418e8 - target_user_id: r86c85d-0651-43e2-a748-d69d658418e8 - target_group_id: g86c85d-0651-43e2-a748-d69d658418e8 - status: pending - reason: I need this resource. - duration_minutes: 1440 - request_comments: - - id: 4c86c85d-0651-43e2-a748-d69d658418e8 + - id: 7c86c85d-0651-43e2-a748-d69d658418e8 + organization_id: w86c85d-0651-43e2-a748-d69d658418e8 created_at: 2021-01-06T20:00:00Z updated_at: 2021-01-06T20:00:00Z - request_id: 7c86c85d-0651-43e2-a748-d69d658418e8 - user_id: c86c85d-0651-43e2-a748-d69d658418e8 - comment: This is a comment. + requester_id: c86c85d-0651-43e2-a748-d69d658418e8 + target_user_id: r86c85d-0651-43e2-a748-d69d658418e8 + target_group_id: g86c85d-0651-43e2-a748-d69d658418e8 + status: pending + reason: I need this resource. + duration_minutes: 1440 + request_comments: + - id: 4c86c85d-0651-43e2-a748-d69d658418e8 + created_at: 2021-01-06T20:00:00Z + updated_at: 2021-01-06T20:00:00Z + request_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + user_id: c86c85d-0651-43e2-a748-d69d658418e8 + comment: This is a comment. cursor: eyJjcmVhdGVkX2F0IjoiMjAyMS0wMS0wNlQyMDo0NzowMFoiLCJ2YWx1ZSI6ImFkbWluIn0= properties: requests: description: The list of requests. + type: array items: $ref: "#/components/schemas/Request" - type: array cursor: - description: The cursor to use in the next request to get the next page - of results. - example: eyJjcmVhdGVkX2F0IjoiMjAyMS0wMS0wNlQyMDo0NzowMFoiLCJ2YWx1ZSI6ImFkbWluIn0= + description: The cursor to use in the next request to get the next page of results. type: string + example: eyJjcmVhdGVkX2F0IjoiMjAyMS0wMS0wNlQyMDo0NzowMFoiLCJ2YWx1ZSI6ImFkbWluIn0= Resource: description: |- # Resource Object @@ -8075,13 +8522,13 @@ components: remote_id: 318038399 remote_name: repo-name max_duration: 120 - require_manager_approval: false - require_support_ticket: false + require_manager_approval: False + require_support_ticket: False parent_resource_id: f454d283-ca67-4a8a-bdbb-df212eca5345 ancestor_resource_ids: - - f454d283-ca67-4a8a-bdbb-df212eca5345 + - f454d283-ca67-4a8a-bdbb-df212eca5345 descendant_resource_ids: - - f454d283-ca67-4a8a-bdbb-df212eca5345 + - f454d283-ca67-4a8a-bdbb-df212eca5345 properties: resource_id: description: The ID of the resource. @@ -8117,51 +8564,41 @@ components: resource_type: $ref: "#/components/schemas/ResourceTypeEnum" max_duration: - description: The maximum duration for which the resource can be requested - (in minutes). - example: 120 + description: The maximum duration for which the resource can be requested (in minutes). type: integer - recommended_duration: - description: The recommended duration for which the resource should be requested - (in minutes). -1 represents an indefinite duration. example: 120 + recommended_duration: + description: The recommended duration for which the resource should be requested (in minutes). -1 represents an indefinite duration. type: integer - extensions_duration_in_minutes: - description: "The duration for which access can be extended (in minutes).\ - \ Set to 0 to disable extensions. When > 0, extensions are enabled for\ - \ the specified duration." example: 120 + extensions_duration_in_minutes: + description: The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration. type: integer + example: 120 require_manager_approval: - deprecated: true - description: A bool representing whether or not access requests to the resource - require manager approval. - example: false + description: A bool representing whether or not access requests to the resource require manager approval. + example: False type: boolean + deprecated: true require_support_ticket: - description: A bool representing whether or not access requests to the resource - require an access ticket. - example: false + description: A bool representing whether or not access requests to the resource require an access ticket. + example: False type: boolean require_mfa_to_approve: - description: A bool representing whether or not to require MFA for reviewers - to approve requests for this resource. - example: false + description: A bool representing whether or not to require MFA for reviewers to approve requests for this resource. + example: False type: boolean require_mfa_to_request: - description: A bool representing whether or not to require MFA for requesting - access to this resource. - example: false + description: A bool representing whether or not to require MFA for requesting access to this resource. + example: False type: boolean require_mfa_to_connect: - description: A bool representing whether or not to require MFA to connect - to this resource. - example: false + description: A bool representing whether or not to require MFA to connect to this resource. + example: False type: boolean auto_approval: - description: A bool representing whether or not to automatically approve - requests to this resource. - example: false + description: A bool representing whether or not to automatically approve requests to this resource. + example: False type: boolean request_template_id: description: The ID of the associated request template. @@ -8169,9 +8606,8 @@ components: format: uuid type: string is_requestable: - description: A bool representing whether or not to allow access requests - to this resource. - example: false + description: A bool representing whether or not to allow access requests to this resource. + example: False type: boolean parent_resource_id: description: The ID of the parent resource. @@ -8184,13 +8620,13 @@ components: format: uuid type: string request_configurations: - description: A list of configurations for requests to this resource. + type: array items: $ref: "#/components/schemas/RequestConfiguration" - type: array + description: A list of configurations for requests to this resource. request_configuration_list: - description: A list of configurations for requests to this resource. Deprecated - in favor of `request_configurations`. + description: A list of configurations for requests to this resource. Deprecated in favor of `request_configurations`. + deprecated: true items: $ref: "#/components/schemas/RequestConfiguration" type: array @@ -8198,23 +8634,20 @@ components: $ref: "#/components/schemas/TicketPropagationConfiguration" custom_request_notification: description: Custom request notification sent upon request approval. - maxLength: 800 type: string + maxLength: 800 nullable: true risk_sensitivity: - allOf: - - $ref: "#/components/schemas/RiskSensitivityEnum" - description: "The risk sensitivity level for the resource. When an override\ - \ is set, this field will match that." + description: The risk sensitivity level for the resource. When an override is set, this field will match that. readOnly: true + allOf: + - $ref: "#/components/schemas/RiskSensitivityEnum" risk_sensitivity_override: allOf: - - $ref: "#/components/schemas/RiskSensitivityEnum" + - $ref: "#/components/schemas/RiskSensitivityEnum" metadata: + description: JSON metadata about the remote resource. Only set for items linked to remote systems. See [this guide](https://docs.opal.dev/reference/end-system-objects) for details. deprecated: true - description: "JSON metadata about the remote resource. Only set for items\ - \ linked to remote systems. See [this guide](https://docs.opal.dev/reference/end-system-objects)\ - \ for details." example: |- { "okta_directory_role": @@ -8228,58 +8661,75 @@ components: $ref: "#/components/schemas/ResourceRemoteInfo" ancestor_resource_ids: description: List of resource IDs that are ancestors of this resource. - example: - - f454d283-ca67-4a8a-bdbb-df212eca5345 - - f454d283-ca67-4a8a-bdbb-df212eca5346 + type: array items: format: uuid type: string - type: array + example: + - f454d283-ca67-4a8a-bdbb-df212eca5345 + - f454d283-ca67-4a8a-bdbb-df212eca5346 descendant_resource_ids: description: List of resource IDs that are descendants of this resource. - example: - - f454d283-ca67-4a8a-bdbb-df212eca5347 - - f454d283-ca67-4a8a-bdbb-df212eca5348 + type: array items: format: uuid type: string - type: array + example: + - f454d283-ca67-4a8a-bdbb-df212eca5347 + - f454d283-ca67-4a8a-bdbb-df212eca5348 last_successful_sync: + readOnly: true + description: Information about the last successful sync of this resource. $ref: "#/components/schemas/SyncTask" required: - - resource_id + - resource_id + type: object AwsPermissionSetMetadata: description: Metadata for AWS Identity Center permission set. properties: aws_permission_set: - $ref: "#/components/schemas/AwsPermissionSetMetadata_aws_permission_set" - required: - - aws_permission_set + type: object + properties: + arn: + description: The ARN of the permission set. + example: arn:aws:sso:::permissionSet/asdf-32139302d201d32/ps-f03323201211e1b9 + type: string + account_id: + description: The ID of an AWS account to which this permission set is provisioned. + example: 234234234234 + type: string + required: + - arn + - account_id + type: object + required: + - aws_permission_set UpdateResourceInfoList: example: resources: - - resource_id: f454d283-ca87-4a8a-bdbb-df212eca5353 - name: my-mongo-db - description: This resource represents AWS IAM role "SupportUser". - admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 - max_duration: 120 - require_manager_approval: false - require_support_ticket: false - - resource_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b - name: Admin Role - description: This resource represents GCP project "app-demo". - admin_owner_id: 4220bc12-ab8a-4b5d-be7b-f6bbcf9159f3 - max_duration: 360 - require_manager_approval: false - require_support_ticket: true + - resource_id: f454d283-ca87-4a8a-bdbb-df212eca5353 + name: my-mongo-db + description: This resource represents AWS IAM role "SupportUser". + admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + max_duration: 120 + require_manager_approval: False + require_support_ticket: False + - resource_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b + name: Admin Role + description: This resource represents GCP project "app-demo". + admin_owner_id: 4220bc12-ab8a-4b5d-be7b-f6bbcf9159f3 + max_duration: 360 + require_manager_approval: False + require_support_ticket: True properties: resources: description: A list of resources with information to update. items: $ref: "#/components/schemas/UpdateResourceInfo" type: array + type: object required: - - resources + - resources UpdateResourceInfo: description: |- # UpdateResourceInfo Object @@ -8291,8 +8741,8 @@ components: description: This resource represents AWS IAM role "SupportUser". admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 max_duration: 120 - require_manager_approval: false - require_support_ticket: false + require_manager_approval: False + require_support_ticket: False properties: resource_id: description: The ID of the resource. @@ -8313,165 +8763,192 @@ components: format: uuid type: string max_duration: - deprecated: true - description: The maximum duration for which the resource can be requested - (in minutes). Use -1 to set to indefinite. Deprecated in favor of `request_configurations`. - example: 120 + description: The maximum duration for which the resource can be requested (in minutes). Use -1 to set to indefinite. Deprecated in favor of `request_configurations`. type: integer - recommended_duration: - deprecated: true - description: The recommended duration for which the resource should be requested - (in minutes). Will be the default value in a request. Use -1 to set to - indefinite and 0 to unset. Deprecated in favor of `request_configurations`. example: 120 + deprecated: true + recommended_duration: + description: The recommended duration for which the resource should be requested (in minutes). Will be the default value in a request. Use -1 to set to indefinite and 0 to unset. Deprecated in favor of `request_configurations`. type: integer - require_manager_approval: + example: 120 deprecated: true - description: A bool representing whether or not access requests to the resource - require manager approval. - example: false + require_manager_approval: + description: A bool representing whether or not access requests to the resource require manager approval. + example: False type: boolean - require_support_ticket: deprecated: true - description: A bool representing whether or not access requests to the resource - require an access ticket. Deprecated in favor of `request_configurations`. - example: false + require_support_ticket: + description: A bool representing whether or not access requests to the resource require an access ticket. Deprecated in favor of `request_configurations`. + example: False type: boolean - folder_id: deprecated: true + folder_id: description: The ID of the folder that the resource is located in. example: e27cb7b0-98e2-4555-9916-9e6d8ca6b079 format: uuid type: string + deprecated: true require_mfa_to_approve: - description: A bool representing whether or not to require MFA for reviewers - to approve requests for this resource. - example: false + description: A bool representing whether or not to require MFA for reviewers to approve requests for this resource. + example: False type: boolean require_mfa_to_request: - deprecated: true - description: A bool representing whether or not to require MFA for requesting - access to this resource. Deprecated in favor of `request_configurations`. - example: false + description: A bool representing whether or not to require MFA for requesting access to this resource. Deprecated in favor of `request_configurations`. + example: False type: boolean + deprecated: true require_mfa_to_connect: - description: A bool representing whether or not to require MFA to connect - to this resource. - example: false + description: A bool representing whether or not to require MFA to connect to this resource. + example: False type: boolean auto_approval: + description: A bool representing whether or not to automatically approve requests to this resource. Deprecated in favor of `request_configurations`. + example: False + type: boolean deprecated: true - description: A bool representing whether or not to automatically approve - requests to this resource. Deprecated in favor of `request_configurations`. - example: false - type: boolean ticket_propagation: $ref: "#/components/schemas/TicketPropagationConfiguration" custom_request_notification: description: Custom request notification sent upon request approval. - example: Check your email to register your account. - maxLength: 800 type: string + maxLength: 800 nullable: true + example: "Check your email to register your account." risk_sensitivity_override: allOf: - - $ref: "#/components/schemas/RiskSensitivityEnum" + - $ref: "#/components/schemas/RiskSensitivityEnum" configuration_template_id: description: The ID of the associated configuration template. example: 06851574-e50d-40ca-8c78-f72ae6ab4304 format: uuid type: string request_template_id: - deprecated: true - description: The ID of the associated request template. Deprecated in favor - of `request_configurations`. + description: The ID of the associated request template. Deprecated in favor of `request_configurations`. example: 06851574-e50d-40ca-8c78-f72ae6ab4304 format: uuid type: string - is_requestable: deprecated: true - description: A bool representing whether or not to allow access requests - to this resource. Deprecated in favor of `request_configurations`. - example: false + is_requestable: + description: A bool representing whether or not to allow access requests to this resource. Deprecated in favor of `request_configurations`. + example: False type: boolean - extensions_duration_in_minutes: deprecated: true - description: "The duration for which access can be extended (in minutes).\ - \ Deprecated, set the extension duration in the request_configuration\ - \ you want it to apply to." - example: 120 + extensions_duration_in_minutes: + description: The duration for which access can be extended (in minutes). Deprecated, set the extension duration in the request_configuration you want it to apply to. type: integer + example: 120 + deprecated: true request_configurations: - description: "A list of configurations for requests to this resource. If\ - \ not provided, the default request configuration will be used." + type: array items: $ref: "#/components/schemas/RequestConfiguration" - type: array + description: A list of configurations for requests to this resource. If not provided, the default request configuration will be used. request_configuration_list: + description: A list of configurations for requests to this resource. If not provided, the default request configuration will be used. Deprecated in favor of `request_configurations`. $ref: "#/components/schemas/CreateRequestConfigurationInfoList" - required: - - resource_id + deprecated: true + example: + request_configurations: + - request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + organization_id: w86c85d-0651-43e2-a748-d69d658418e8 + condition: null + allow_requests: True + auto_approval: False + require_mfa_to_request: False + max_duration_minutes: 120 + recommended_duration_minutes: 120 + require_support_ticket: False + reviewer_stages: + - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + owner_ids: + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 + stage: 1 + priority: 0 + - request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e9 + organization_id: w86c85d-0651-43e2-a748-d69d658418e8 + condition: + group_id: 1b978423-db0a-4037-a4cf-f79c60cb67b4 + allow_requests: True + auto_approval: False + require_mfa_to_request: False + max_duration_minutes: 120 + recommended_duration_minutes: 120 + require_support_ticket: False + reviewer_stages: + - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + owner_ids: + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 + stage: 1 + priority: 1 + required: + - resource_id + type: object PaginatedTagsList: example: next: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw previous: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ results: - - tag_id: f290a738-5f9f-43c2-ad67-fa31ff0eb946 - created_at: 2022-01-23T04:56:07Z - updated_at: 2022-02-23T01:34:07Z - user_creator_id: d4a7d928-783e-4599-8ec6-088d635a5bcc - admin_owner_id: bfb518b1-3f5b-4e3b-8eb8-3b3fabd4ea2b - key: database-name - value: redis_db - - tag_id: 92f0a738-5f9f-43c2-ad67-fa31ff0eb052 - created_at: 2022-03-23T04:56:07Z - updated_at: 2022-04-23T01:34:07Z - user_creator_id: a4d7d928-783e-4599-8ec6-088d635af4ac - admin_owner_id: gtg418b1-3f5b-4e3b-8eb8-3b3fabd4eaa1 - key: database-type - value: sql + - tag_id: f290a738-5f9f-43c2-ad67-fa31ff0eb946 + created_at: 2022-01-23T04:56:07Z + updated_at: 2022-02-23T01:34:07Z + user_creator_id: d4a7d928-783e-4599-8ec6-088d635a5bcc + admin_owner_id: bfb518b1-3f5b-4e3b-8eb8-3b3fabd4ea2b + key: database-name + value: redis_db + - tag_id: 92f0a738-5f9f-43c2-ad67-fa31ff0eb052 + created_at: 2022-03-23T04:56:07Z + updated_at: 2022-04-23T01:34:07Z + user_creator_id: a4d7d928-783e-4599-8ec6-088d635af4ac + admin_owner_id: gtg418b1-3f5b-4e3b-8eb8-3b3fabd4eaa1 + key: database-type + value: sql properties: next: - description: The cursor with which to continue pagination if additional + description: + The cursor with which to continue pagination if additional result pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - type: string nullable: true + type: string previous: description: The cursor used to obtain the current result page. example: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ - type: string nullable: true + type: string results: items: $ref: "#/components/schemas/Tag" type: array required: - - results + - results + type: object TagsList: example: results: - - tag_id: f290a738-5f9f-43c2-ad67-fa31ff0eb946 - created_at: 2022-01-23T04:56:07Z - updated_at: 2022-02-23T01:34:07Z - user_creator_id: d4a7d928-783e-4599-8ec6-088d635a5bcc - admin_owner_id: bfb518b1-3f5b-4e3b-8eb8-3b3fabd4ea2b - key: database-name - value: redis_db - - tag_id: 92f0a738-5f9f-43c2-ad67-fa31ff0eb052 - created_at: 2022-03-23T04:56:07Z - updated_at: 2022-04-23T01:34:07Z - user_creator_id: a4d7d928-783e-4599-8ec6-088d635af4ac - admin_owner_id: gtg418b1-3f5b-4e3b-8eb8-3b3fabd4eaa1 - key: database-type - value: sql + - tag_id: f290a738-5f9f-43c2-ad67-fa31ff0eb946 + created_at: 2022-01-23T04:56:07Z + updated_at: 2022-02-23T01:34:07Z + user_creator_id: d4a7d928-783e-4599-8ec6-088d635a5bcc + admin_owner_id: bfb518b1-3f5b-4e3b-8eb8-3b3fabd4ea2b + key: database-name + value: redis_db + - tag_id: 92f0a738-5f9f-43c2-ad67-fa31ff0eb052 + created_at: 2022-03-23T04:56:07Z + updated_at: 2022-04-23T01:34:07Z + user_creator_id: a4d7d928-783e-4599-8ec6-088d635af4ac + admin_owner_id: gtg418b1-3f5b-4e3b-8eb8-3b3fabd4eaa1 + key: database-type + value: sql properties: tags: items: $ref: "#/components/schemas/Tag" type: array required: - - tags + - tags + type: object Tag: description: |- # Tag Object @@ -8516,8 +8993,9 @@ components: description: The value of the tag. example: redis_db type: string + type: object required: - - tag_id + - tag_id CreateTagInfo: description: |- # CreateTagInfo Object @@ -8539,48 +9017,50 @@ components: example: production type: string required: - - tag_key + - tag_key + type: object PaginatedGroupBindingsList: example: next: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw previous: cj1sZXdwd2VycWtJ results: - - group_binding_id: f454d283-ca87-4a8a-bdbb-df212eca5353 - created_by_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b - created_at: 2022-01-23T04:56:07Z - source_group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 - groups: - - group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 - group_type: OKTA_GROUP - - group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b - group_type: AWS_SSO_GROUP - - group_binding_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b - created_by_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b - source_group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b - created_at: 2022-01-23T04:56:07Z - groups: - - group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b - group_type: AWS_SSO_GROUP - - group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 - group_type: OKTA_GROUP + - group_binding_id: f454d283-ca87-4a8a-bdbb-df212eca5353 + created_by_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b + created_at: 2022-01-23T04:56:07Z + source_group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 + groups: + - group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 + group_type: OKTA_GROUP + - group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b + group_type: AWS_SSO_GROUP + - group_binding_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b + created_by_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b + source_group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b + created_at: 2022-01-23T04:56:07Z + groups: + - group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b + group_type: AWS_SSO_GROUP + - group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 + group_type: OKTA_GROUP properties: next: - description: The cursor with which to continue pagination if additional + description: + The cursor with which to continue pagination if additional result pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - type: string nullable: true + type: string previous: description: The cursor used to obtain the current result page. example: cj1sZXdwd2VycWtJ - type: string nullable: true + type: string results: items: $ref: "#/components/schemas/GroupBinding" type: array required: - - results + - results CreateGroupBindingInfo: description: |- # CreateGroupBindingInfo Object @@ -8589,8 +9069,8 @@ components: example: source_group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 groups: - - group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 - - group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b + - group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 + - group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b properties: source_group_id: description: The ID of the source group. @@ -8600,32 +9080,41 @@ components: groups: description: The list of groups. items: - $ref: "#/components/schemas/CreateGroupBindingInfo_groups_inner" + properties: + group_id: + description: The ID of the group. + example: f454d283-ca87-4a8a-bdbb-df212eca5353 + format: uuid + type: string + required: + - group_id type: array required: - - groups - - source_group_id + - source_group_id + - groups + type: object UpdateGroupBindingInfoList: example: group_bindings: - - group_binding_id: f454d283-ca87-4a8a-bdbb-df212eca5353 - source_group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 - groups: - - group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 - - group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b - - group_binding_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b - source_group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b - groups: - - group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b - - group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 + - group_binding_id: f454d283-ca87-4a8a-bdbb-df212eca5353 + source_group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 + groups: + - group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 + - group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b + - group_binding_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b + source_group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b + groups: + - group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b + - group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 properties: group_bindings: description: A list of group bindings with information to update. items: $ref: "#/components/schemas/UpdateGroupBindingInfo" type: array + type: object required: - - group_bindings + - group_bindings UpdateGroupBindingInfo: description: |- # UpdateGroupBindingInfo Object @@ -8635,8 +9124,8 @@ components: group_binding_id: 0ae19dbf-324d-4216-999c-574d46182c7e source_group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 groups: - - group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 - - group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b + - group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 + - group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b properties: group_binding_id: description: The ID of the group binding. @@ -8651,12 +9140,20 @@ components: groups: description: The list of groups. items: - $ref: "#/components/schemas/CreateGroupBindingInfo_groups_inner" + properties: + group_id: + description: The ID of the group. + example: f454d283-ca87-4a8a-bdbb-df212eca5353 + format: uuid + type: string + required: + - group_id type: array required: - - group_binding_id - - groups - - source_group_id + - group_binding_id + - source_group_id + - groups + type: object GroupBinding: description: |- # Group Binding Object @@ -8671,10 +9168,10 @@ components: created_at: 2022-01-23T04:56:07Z source_group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 groups: - - group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 - group_type: OKTA_GROUP - - group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b - group_type: AWS_SSO_GROUP + - group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 + group_type: OKTA_GROUP + - group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b + group_type: AWS_SSO_GROUP properties: group_binding_id: description: The ID of the group binding. @@ -8702,11 +9199,11 @@ components: $ref: "#/components/schemas/GroupBindingGroup" type: array required: - - created_at - - created_by_id - - group_binding_id - - groups - - source_group_id + - group_binding_id + - created_by_id + - created_at + - source_group_id + - groups GroupBindingGroup: description: |- # Group Binding Group Object @@ -8727,51 +9224,14 @@ components: group_type: $ref: "#/components/schemas/GroupTypeEnum" required: - - group_id - - group_type + - group_id + - group_type + type: object UpdateAccessRuleInfo: description: |- # UpdateAccessRuleInfo Object ### Description The `UpdateAccessRuleInfo` object is used as an input to the UpdateAccessRule and CreateAccessRule API. - example: - ruleClauses: - unless: - clauses: - - selectors: - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - - selectors: - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - when: - clauses: - - selectors: - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - - selectors: - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - name: Platform Engineering - description: This access rule represents all platform engineers in the company. - admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 - status: ACTIVE properties: name: description: The name of the access rule. @@ -8788,19 +9248,19 @@ components: type: string status: description: The status of the access rule. + type: string enum: - - ACTIVE - - PAUSED + - ACTIVE + - PAUSED example: ACTIVE - type: string ruleClauses: $ref: "#/components/schemas/RuleClauses" required: - - admin_owner_id - - description - - name - - ruleClauses - - status + - status + - ruleClauses + - name + - admin_owner_id + - description AccessRule: description: |- # Access Rule Object @@ -8809,45 +9269,6 @@ components: ### Usage Example Get access rule configurations from the `GET Access Rule Configs` endpoint. - example: - ruleClauses: - unless: - clauses: - - selectors: - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - - selectors: - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - when: - clauses: - - selectors: - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - - selectors: - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - name: Platform Engineering - description: This access rule represents all platform engineers in the company. - admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 - access_rule_id: 7c86c85d-0651-43e2-a748-d69d658418e8 - status: ACTIVE properties: access_rule_id: description: The ID (group ID) of the access rule. @@ -8869,150 +9290,91 @@ components: type: string status: description: The status of the access rule. + type: string enum: - - ACTIVE - - PAUSED + - ACTIVE + - PAUSED example: ACTIVE - type: string ruleClauses: $ref: "#/components/schemas/RuleClauses" required: - - access_rule_id - - admin_owner_id - - description - - name - - ruleClauses - - status + - status + - ruleClauses + - name + - admin_owner_id + - access_rule_id + - description RuleClauses: - example: - unless: - clauses: - - selectors: - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - - selectors: - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - when: - clauses: - - selectors: - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - - selectors: - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key properties: when: $ref: "#/components/schemas/RuleConjunction" unless: $ref: "#/components/schemas/RuleConjunction" required: - - when + - when RuleConjunction: - example: - clauses: - - selectors: - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - - selectors: - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key properties: clauses: + type: array + minItems: 1 items: $ref: "#/components/schemas/RuleDisjunction" - minItems: 1 - type: array required: - - clauses + - clauses RuleDisjunction: - example: - selectors: - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key - - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key properties: selectors: + type: array items: $ref: "#/components/schemas/TagSelector" - type: array required: - - selectors + - selectors TagSelector: - example: - connection_id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91 - value: value - key: key properties: key: type: string value: type: string connection_id: - format: uuid type: string + format: uuid required: - - connection_id - - key - - value + - key + - value + - connection_id PaginatedOwnersList: example: next: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw previous: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ results: - - owner_id: f454d283-ca87-4a8a-bdbb-df212eca5353 - name: API Owner - description: This owner represents the API team owners. - access_request_escalation_period: 120 - - owner_id: e8581682-04f7-473a-a419-472f0fb26d46 - name: Finance Owner - description: This owner represents the Finance team owners. - access_request_escalation_period: 120 + - owner_id: f454d283-ca87-4a8a-bdbb-df212eca5353 + name: API Owner + description: This owner represents the API team owners. + access_request_escalation_period: 120 + - owner_id: e8581682-04f7-473a-a419-472f0fb26d46 + name: Finance Owner + description: This owner represents the Finance team owners. + access_request_escalation_period: 120 properties: next: - description: The cursor with which to continue pagination if additional + description: + The cursor with which to continue pagination if additional result pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - type: string nullable: true + type: string previous: description: The cursor used to obtain the current result page. example: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ - type: string nullable: true + type: string results: items: $ref: "#/components/schemas/Owner" type: array + type: object required: - - results + - results Owner: description: |- # Owner Object @@ -9038,10 +9400,9 @@ components: example: This owner represents the API team owners. type: string access_request_escalation_period: - description: The amount of time (in minutes) before the next reviewer is - notified. Use 0 to remove escalation policy. - example: 120 + description: The amount of time (in minutes) before the next reviewer is notified. Use 0 to remove escalation policy. type: integer + example: 120 reviewer_message_channel_id: example: 37cb7e41-12ba-46da-92ff-030abe0450b1 format: uuid @@ -9053,7 +9414,8 @@ components: type: string nullable: true required: - - owner_id + - owner_id + type: object CreateOwnerInfo: description: |- # CreateOwnerInfo Object @@ -9076,19 +9438,17 @@ components: example: This owner represents the API team owners. type: string access_request_escalation_period: - description: The amount of time (in minutes) before the next reviewer is - notified. Use 0 to remove escalation policy. - example: 120 + description: The amount of time (in minutes) before the next reviewer is notified. Use 0 to remove escalation policy. type: integer + example: 120 user_ids: - description: Users to add to the created owner. If setting a source_group_id - this list must be empty. + description: Users to add to the created owner. If setting a source_group_id this list must be empty. example: - - 7870617d-e72a-47f5-a84c-693817ab4567 - - 1520617d-e72a-47f5-a84c-693817ab48ad2 + - 7870617d-e72a-47f5-a84c-693817ab4567 + - 1520617d-e72a-47f5-a84c-693817ab48ad2 items: - format: uuid type: string + format: uuid type: array reviewer_message_channel_id: description: The message channel id for the reviewer channel. @@ -9100,27 +9460,29 @@ components: format: uuid type: string required: - - name - - user_ids + - name + - user_ids + type: object UpdateOwnerInfoList: example: owners: - - owner_id: f454d283-ca87-4a8a-bdbb-df212eca5353 - name: API Owner - description: This owner represents the API team owners. - access_request_escalation_period: 120 - - owner_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b - name: Finance Owner - description: This owner represents the Finance team owners. - access_request_escalation_period: 15 + - owner_id: f454d283-ca87-4a8a-bdbb-df212eca5353 + name: API Owner + description: This owner represents the API team owners. + access_request_escalation_period: 120 + - owner_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b + name: Finance Owner + description: This owner represents the Finance team owners. + access_request_escalation_period: 15 properties: owners: description: A list of owners with information to update. items: $ref: "#/components/schemas/UpdateOwnerInfo" type: array + type: object required: - - owners + - owners UpdateOwnerInfo: description: |- # UpdateOwnerInfo Object @@ -9146,23 +9508,21 @@ components: example: This owner represents the API team owners. type: string access_request_escalation_period: - description: The amount of time (in minutes) before the next reviewer is - notified. Use 0 to remove escalation policy. + description: The amount of time (in minutes) before the next reviewer is notified. Use 0 to remove escalation policy. example: 120 type: integer reviewer_message_channel_id: - description: The message channel id for the reviewer channel. Use "" to - remove an existing message channel. + description: The message channel id for the reviewer channel. Use "" to remove an existing message channel. example: 37cb7e41-12ba-46da-92ff-030abe0450b1 type: string source_group_id: - description: Sync this owner's user list with a source group. Use "" to - remove an existing source group. + description: Sync this owner's user list with a source group. Use "" to remove an existing source group. example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 format: uuid type: string required: - - owner_id + - owner_id + type: object Condition: description: |- # Condition Object @@ -9173,23 +9533,24 @@ components: Used to match request configurations to users in `RequestConfiguration` example: group_ids: - - 1b978423-db0a-4037-a4cf-f79c60cb67b3 + - 1b978423-db0a-4037-a4cf-f79c60cb67b3 + type: object properties: group_ids: description: The list of group IDs to match. example: - - 1b978423-db0a-4037-a4cf-f79c60cb67b3 + - 1b978423-db0a-4037-a4cf-f79c60cb67b3 items: - format: uuid type: string + format: uuid type: array role_remote_ids: description: The list of role remote IDs to match. example: - - arn:aws:iam::590304332660:role/AdministratorAccess + - arn:aws:iam::590304332660:role/AdministratorAccess + type: array items: type: string - type: array RequestConfiguration: description: |- # Request Configuration Object @@ -9205,58 +9566,52 @@ components: updated_at: 2021-01-06T20:00:00Z condition: group_id: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - allow_requests: true - auto_approval: false - require_mfa_to_request: false + allow_requests: True + auto_approval: False + require_mfa_to_request: False max_duration_minutes: 120 recommended_duration_minutes: 120 - require_support_ticket: false + require_support_ticket: False reviewer_stages: - - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 - owner_ids: - - 37cb7e41-12ba-46da-92ff-030abe0450b1 - - 37cb7e41-12ba-46da-92ff-030abe0450b2 - stage: 1 + - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + owner_ids: + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 + stage: 1 priority: 1 + type: object properties: condition: + description: The condition for the request configuration. $ref: "#/components/schemas/Condition" allow_requests: - description: A bool representing whether or not to allow requests for this - resource. - example: true + description: A bool representing whether or not to allow requests for this resource. + example: True type: boolean auto_approval: - description: A bool representing whether or not to automatically approve - requests for this resource. - example: false + description: A bool representing whether or not to automatically approve requests for this resource. + example: False type: boolean require_mfa_to_request: - description: A bool representing whether or not to require MFA for requesting - access to this resource. - example: false + description: A bool representing whether or not to require MFA for requesting access to this resource. + example: False type: boolean max_duration_minutes: - description: The maximum duration for which the resource can be requested - (in minutes). - example: 120 + description: The maximum duration for which the resource can be requested (in minutes). type: integer - recommended_duration_minutes: - description: The recommended duration for which the resource should be requested - (in minutes). -1 represents an indefinite duration. example: 120 + recommended_duration_minutes: + description: The recommended duration for which the resource should be requested (in minutes). -1 represents an indefinite duration. type: integer + example: 120 require_support_ticket: - description: A bool representing whether or not access requests to the resource - require an access ticket. - example: false + description: A bool representing whether or not access requests to the resource require an access ticket. + example: False type: boolean extensions_duration_in_minutes: - description: "The duration for which access can be extended (in minutes).\ - \ Set to 0 to disable extensions. When > 0, extensions are enabled for\ - \ the specified duration." - example: 120 + description: The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration. type: integer + example: 120 request_template_id: description: The ID of the associated request template. example: 06851574-e50d-40ca-8c78-f72ae6ab4304 @@ -9272,11 +9627,12 @@ components: example: 1 type: integer required: - - allow_requests - - auto_approval - - priority - - require_mfa_to_request - - require_support_ticket + - organization_id + - allow_requests + - auto_approval + - require_mfa_to_request + - require_support_ticket + - priority CreateRequestConfigurationInfoList: description: |- # CreateRequestConfigurationInfoList Object @@ -9299,47 +9655,48 @@ components: using a single group as a condition. example: request_configurations: - - request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e8 - organization_id: w86c85d-0651-43e2-a748-d69d658418e8 - condition: null - allow_requests: true - auto_approval: false - require_mfa_to_request: false - max_duration_minutes: 120 - recommended_duration_minutes: 120 - require_support_ticket: false - reviewer_stages: - - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 - owner_ids: - - 37cb7e41-12ba-46da-92ff-030abe0450b1 - - 37cb7e41-12ba-46da-92ff-030abe0450b2 - stage: 1 - priority: 0 - - request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e9 - organization_id: w86c85d-0651-43e2-a748-d69d658418e8 - condition: - group_id: 1b978423-db0a-4037-a4cf-f79c60cb67b4 - allow_requests: true - auto_approval: false - require_mfa_to_request: false - max_duration_minutes: 120 - recommended_duration_minutes: 120 - require_support_ticket: false - reviewer_stages: - - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 - owner_ids: - - 37cb7e41-12ba-46da-92ff-030abe0450b1 - - 37cb7e41-12ba-46da-92ff-030abe0450b2 - stage: 1 - priority: 1 + - request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + organization_id: w86c85d-0651-43e2-a748-d69d658418e8 + condition: null + allow_requests: True + auto_approval: False + require_mfa_to_request: False + max_duration_minutes: 120 + recommended_duration_minutes: 120 + require_support_ticket: False + reviewer_stages: + - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + owner_ids: + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 + stage: 1 + priority: 0 + - request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e9 + organization_id: w86c85d-0651-43e2-a748-d69d658418e8 + condition: + group_id: 1b978423-db0a-4037-a4cf-f79c60cb67b4 + allow_requests: True + auto_approval: False + require_mfa_to_request: False + max_duration_minutes: 120 + recommended_duration_minutes: 120 + require_support_ticket: False + reviewer_stages: + - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + owner_ids: + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 + stage: 1 + priority: 1 properties: request_configurations: description: A list of request configurations to create. items: $ref: "#/components/schemas/RequestConfiguration" type: array + type: object required: - - request_configurations + - request_configurations CreateConfigurationTemplateInfo: description: |- # CreateConfigurationTemplateInfo Object @@ -9352,18 +9709,24 @@ components: admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 visibility: private linked_audit_message_channel_ids: - - 37cb7e41-12ba-46da-92ff-030abe0450b1 - - 37cb7e41-12ba-46da-92ff-030abe0450b2 + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e8 member_oncall_schedule_ids: - - 37cb7e41-12ba-46da-92ff-030abe0450b1 - - 37cb7e41-12ba-46da-92ff-030abe0450b2 + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 break_glass_user_ids: - - 37cb7e41-12ba-46da-92ff-030abe0450b1 - - 37cb7e41-12ba-46da-92ff-030abe0450b2 - require_mfa_to_approve: false - require_mfa_to_connect: false + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 + require_mfa_to_approve: False + require_mfa_to_connect: False name: Prod AWS Template + required: + - admin_owner_id + - visibility + - name + - require_mfa_to_approve + - require_mfa_to_connect properties: admin_owner_id: description: The ID of the owner of the configuration template. @@ -9371,74 +9734,100 @@ components: format: uuid type: string visibility: + description: The visibility info of the configuration template. + example: private $ref: "#/components/schemas/VisibilityInfo" linked_audit_message_channel_ids: - description: The IDs of the audit message channels linked to the configuration - template. + description: The IDs of the audit message channels linked to the configuration template. example: - - 37cb7e41-12ba-46da-92ff-030abe0450b1 - - 37cb7e41-12ba-46da-92ff-030abe0450b2 + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 items: - format: uuid type: string + format: uuid type: array member_oncall_schedule_ids: - description: The IDs of the on-call schedules linked to the configuration - template. + description: The IDs of the on-call schedules linked to the configuration template. example: - - 37cb7e41-12ba-46da-92ff-030abe0450b1 - - 37cb7e41-12ba-46da-92ff-030abe0450b2 + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 items: - format: uuid type: string + format: uuid type: array break_glass_user_ids: - description: The IDs of the break glass users linked to the configuration - template. + description: The IDs of the break glass users linked to the configuration template. example: - - 37cb7e41-12ba-46da-92ff-030abe0450b1 - - 37cb7e41-12ba-46da-92ff-030abe0450b2 + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 items: - format: uuid type: string + format: uuid type: array require_mfa_to_approve: - description: A bool representing whether or not to require MFA for reviewers - to approve requests for this configuration template. - example: false + description: A bool representing whether or not to require MFA for reviewers to approve requests for this configuration template. + example: False type: boolean require_mfa_to_connect: - description: A bool representing whether or not to require MFA to connect - to resources associated with this configuration template. - example: false + description: A bool representing whether or not to require MFA to connect to resources associated with this configuration template. + example: False type: boolean name: description: The name of the configuration template. example: Prod AWS Template type: string request_configurations: - description: "The request configuration list of the configuration template.\ - \ If not provided, the default request configuration will be used." + type: array items: $ref: "#/components/schemas/RequestConfiguration" - type: array + description: The request configuration list of the configuration template. If not provided, the default request configuration will be used. request_configuration_list: + description: The request configuration list of the configuration template. If not provided, the default request configuration will be used. Deprecated in favor of `request_configurations`. $ref: "#/components/schemas/CreateRequestConfigurationInfoList" + deprecated: true + example: + request_configurations: + - request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + organization_id: w86c85d-0651-43e2-a748-d69d658418e8 + condition: null + allow_requests: True + auto_approval: False + require_mfa_to_request: False + max_duration_minutes: 120 + recommended_duration_minutes: 120 + require_support_ticket: False + reviewer_stages: + - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + owner_ids: + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 + stage: 1 + priority: 0 + - request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e9 + organization_id: w86c85d-0651-43e2-a748-d69d658418e8 + condition: + group_id: 1b978423-db0a-4037-a4cf-f79c60cb67b4 + allow_requests: True + auto_approval: False + require_mfa_to_request: False + max_duration_minutes: 120 + recommended_duration_minutes: 120 + require_support_ticket: False + reviewer_stages: + - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + owner_ids: + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 + stage: 1 + priority: 1 ticket_propagation: $ref: "#/components/schemas/TicketPropagationConfiguration" custom_request_notification: - description: Custom request notification sent upon request approval for - this configuration template. - example: Check your email to register your account. - maxLength: 800 + description: Custom request notification sent upon request approval for this configuration template. type: string + maxLength: 800 nullable: true - required: - - admin_owner_id - - name - - require_mfa_to_approve - - require_mfa_to_connect - - visibility + example: "Check your email to register your account." ConfigurationTemplate: description: |- # Configuration Template Object @@ -9452,17 +9841,17 @@ components: admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 visibility: private linked_audit_message_channel_ids: - - 37cb7e41-12ba-46da-92ff-030abe0450b1 - - 37cb7e41-12ba-46da-92ff-030abe0450b2 + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e8 member_oncall_schedule_ids: - - 37cb7e41-12ba-46da-92ff-030abe0450b1 - - 37cb7e41-12ba-46da-92ff-030abe0450b2 + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 break_glass_user_ids: - - 37cb7e41-12ba-46da-92ff-030abe0450b1 - - 37cb7e41-12ba-46da-92ff-030abe0450b2 - require_mfa_to_approve: false - require_mfa_to_connect: false + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 + require_mfa_to_approve: False + require_mfa_to_connect: False name: Prod AWS Template properties: configuration_template_id: @@ -9480,65 +9869,60 @@ components: format: uuid type: string visibility: + description: The visibility info of the configuration template. + example: private $ref: "#/components/schemas/VisibilityInfo" linked_audit_message_channel_ids: - description: The IDs of the audit message channels linked to the configuration - template. + description: The IDs of the audit message channels linked to the configuration template. example: - - 37cb7e41-12ba-46da-92ff-030abe0450b1 - - 37cb7e41-12ba-46da-92ff-030abe0450b2 + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 items: - format: uuid type: string + format: uuid type: array request_configuration_id: - description: The ID of the request configuration linked to the configuration - template. + description: The ID of the request configuration linked to the configuration template. example: 7c86c85d-0651-43e2-a748-d69d658418e8 format: uuid type: string member_oncall_schedule_ids: - description: The IDs of the on-call schedules linked to the configuration - template. + description: The IDs of the on-call schedules linked to the configuration template. example: - - 37cb7e41-12ba-46da-92ff-030abe0450b1 - - 7c86c85d-0651-43e2-a748-d69d658418e8 + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 7c86c85d-0651-43e2-a748-d69d658418e8 items: - format: uuid type: string + format: uuid type: array break_glass_user_ids: - description: The IDs of the break glass users linked to the configuration - template. + description: The IDs of the break glass users linked to the configuration template. example: - - 37cb7e41-12ba-46da-92ff-030abe0450b1 - - 37cb7e41-12ba-46da-92ff-030abe0450b2 + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 items: - format: uuid type: string + format: uuid type: array require_mfa_to_approve: - description: A bool representing whether or not to require MFA for reviewers - to approve requests for this configuration template. - example: false + description: A bool representing whether or not to require MFA for reviewers to approve requests for this configuration template. + example: False type: boolean require_mfa_to_connect: - description: A bool representing whether or not to require MFA to connect - to resources associated with this configuration template. - example: false + description: A bool representing whether or not to require MFA to connect to resources associated with this configuration template. + example: False type: boolean ticket_propagation: $ref: "#/components/schemas/TicketPropagationConfiguration" custom_request_notification: - description: Custom request notification sent upon request approval for - this configuration template. - example: Check your email to register your account. - maxLength: 800 + description: Custom request notification sent upon request approval for this configuration template. type: string + maxLength: 800 nullable: true + example: "Check your email to register your account." TicketPropagationConfiguration: - description: "Configuration for ticket propagation, when enabled, a ticket will\ - \ be created for access changes related to the users in this resource." + description: Configuration for ticket propagation, when enabled, a ticket will be created for access changes related to the users in this resource. + type: object properties: enabled_on_grant: type: boolean @@ -9549,8 +9933,8 @@ components: ticket_project_id: type: string required: - - enabled_on_grant - - enabled_on_revocation + - enabled_on_grant + - enabled_on_revocation UpdateConfigurationTemplateInfo: description: |- # UpdateConfigurationTemplateInfo Object @@ -9564,18 +9948,20 @@ components: admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 visibility: private linked_audit_message_channel_ids: - - 37cb7e41-12ba-46da-92ff-030abe0450b1 - - 37cb7e41-12ba-46da-92ff-030abe0450b2 + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e8 member_oncall_schedule_ids: - - 37cb7e41-12ba-46da-92ff-030abe0450b1 - - 37cb7e41-12ba-46da-92ff-030abe0450b2 + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 break_glass_user_ids: - - 37cb7e41-12ba-46da-92ff-030abe0450b1 - - 37cb7e41-12ba-46da-92ff-030abe0450b2 - require_mfa_to_approve: false - require_mfa_to_connect: false + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 + require_mfa_to_approve: False + require_mfa_to_connect: False name: Prod AWS Template + required: + - configuration_template_id properties: configuration_template_id: description: The ID of the configuration template. @@ -9592,66 +9978,96 @@ components: format: uuid type: string visibility: + description: The visibility info of the configuration template. + example: private $ref: "#/components/schemas/VisibilityInfo" linked_audit_message_channel_ids: - description: The IDs of the audit message channels linked to the configuration - template. + description: The IDs of the audit message channels linked to the configuration template. example: - - 37cb7e41-12ba-46da-92ff-030abe0450b1 - - 37cb7e41-12ba-46da-92ff-030abe0450b2 + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 items: - format: uuid type: string + format: uuid type: array request_configurations: - description: The request configuration list linked to the configuration - template. + type: array items: $ref: "#/components/schemas/RequestConfiguration" - type: array + description: The request configuration list linked to the configuration template. request_configuration_list: + description: The request configuration list linked to the configuration template. Deprecated in favor of `request_configurations`. $ref: "#/components/schemas/CreateRequestConfigurationInfoList" + deprecated: true + example: + request_configurations: + - request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + organization_id: w86c85d-0651-43e2-a748-d69d658418e8 + condition: null + allow_requests: True + auto_approval: False + require_mfa_to_request: False + max_duration_minutes: 120 + recommended_duration_minutes: 120 + require_support_ticket: False + reviewer_stages: + - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + owner_ids: + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 + stage: 1 + priority: 0 + - request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e9 + organization_id: w86c85d-0651-43e2-a748-d69d658418e8 + condition: + group_id: 1b978423-db0a-4037-a4cf-f79c60cb67b4 + allow_requests: True + auto_approval: False + require_mfa_to_request: False + max_duration_minutes: 120 + recommended_duration_minutes: 120 + require_support_ticket: False + reviewer_stages: + - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + owner_ids: + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 + stage: 1 + priority: 1 member_oncall_schedule_ids: - description: The IDs of the on-call schedules linked to the configuration - template. + description: The IDs of the on-call schedules linked to the configuration template. example: - - 37cb7e41-12ba-46da-92ff-030abe0450b1 - - 7c86c85d-0651-43e2-a748-d69d658418e8 + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 7c86c85d-0651-43e2-a748-d69d658418e8 items: - format: uuid type: string + format: uuid type: array break_glass_user_ids: - description: The IDs of the break glass users linked to the configuration - template. + description: The IDs of the break glass users linked to the configuration template. example: - - 37cb7e41-12ba-46da-92ff-030abe0450b1 - - 37cb7e41-12ba-46da-92ff-030abe0450b2 + - 37cb7e41-12ba-46da-92ff-030abe0450b1 + - 37cb7e41-12ba-46da-92ff-030abe0450b2 items: - format: uuid type: string + format: uuid type: array require_mfa_to_approve: - description: A bool representing whether or not to require MFA for reviewers - to approve requests for this configuration template. - example: false + description: A bool representing whether or not to require MFA for reviewers to approve requests for this configuration template. + example: False type: boolean require_mfa_to_connect: - description: A bool representing whether or not to require MFA to connect - to resources associated with this configuration template. - example: false + description: A bool representing whether or not to require MFA to connect to resources associated with this configuration template. + example: False type: boolean ticket_propagation: $ref: "#/components/schemas/TicketPropagationConfiguration" custom_request_notification: - description: Custom request notification sent upon request approval for - this configuration template. - example: Check your email to register your account. - maxLength: 800 + description: Custom request notification sent upon request approval for this configuration template. type: string + maxLength: 800 nullable: true - required: - - configuration_template_id + example: "Check your email to register your account." PaginatedConfigurationTemplateList: description: |- # PaginatedConfigurationTemplateList Object @@ -9662,21 +10078,21 @@ components: Returned from the `GET Configuration Templates` endpoint. example: results: - - configuration_template_id: 7c86c85d-0651-43e2-a748-d69d658418e8 - admin_owner_id: a4d7d928-783e-4599-8ec6-088d635af4ac - visibility: private - linked_audit_message_channel_ids: - - l3cb7e41-12ba-46da-92ff-030abe0450b1 - - f3cb7e41-12ba-46da-92ff-030abe0450b2 - request_configuration_id: r3cb7e41-12ba-46da-92ff-030abe0450b1 - member_oncall_schedule_ids: - - 23cb7e41-12ba-46da-92ff-030abe0450b1 - - m3cb7e41-12ba-46da-92ff-030abe0450b2 - break_glass_user_ids: - - 63cb7e41-12ba-46da-92ff-030abe0450b1 - - b3cb7e41-12ba-46da-92ff-030abe0450b2 - require_mfa_to_approve: false - require_mfa_to_connect: false + - configuration_template_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + admin_owner_id: a4d7d928-783e-4599-8ec6-088d635af4ac + visibility: private + linked_audit_message_channel_ids: + - l3cb7e41-12ba-46da-92ff-030abe0450b1 + - f3cb7e41-12ba-46da-92ff-030abe0450b2 + request_configuration_id: r3cb7e41-12ba-46da-92ff-030abe0450b1 + member_oncall_schedule_ids: + - 23cb7e41-12ba-46da-92ff-030abe0450b1 + - m3cb7e41-12ba-46da-92ff-030abe0450b2 + break_glass_user_ids: + - 63cb7e41-12ba-46da-92ff-030abe0450b1 + - b3cb7e41-12ba-46da-92ff-030abe0450b2 + require_mfa_to_approve: False + require_mfa_to_connect: False properties: results: items: @@ -9684,94 +10100,117 @@ components: type: array CreateRequestInfo: description: All the information needed for creating a request - example: - support_ticket: - ticketing_provider: LINEAR - identifier: identifier - remote_id: remote_id - url: url - reason: reason - target_group_id: userd283-ca87-4a8a-bdbb-df212eca5353 - duration_minutes: 0 - resources: - - access_level_remote_id: arn:aws:iam::490306337630:role/SupportUser - id: group283-ca87-4a8a-bdbb-df212eca5353 - access_level_name: arn:aws:iam::490306337630:role/SupportUser - - access_level_remote_id: arn:aws:iam::490306337630:role/SupportUser - id: group283-ca87-4a8a-bdbb-df212eca5353 - access_level_name: arn:aws:iam::490306337630:role/SupportUser - groups: - - access_level_remote_id: arn:aws:iam::490306337630:role/SupportUser - id: f454d283-ca87-4a8a-bdbb-df212eca5353 - access_level_name: arn:aws:iam::490306337630:role/SupportUser - - access_level_remote_id: arn:aws:iam::490306337630:role/SupportUser - id: f454d283-ca87-4a8a-bdbb-df212eca5353 - access_level_name: arn:aws:iam::490306337630:role/SupportUser - target_user_id: userd283-ca87-4a8a-bdbb-df212eca5353 - custom_metadata: - - name: name - type: SHORT_TEXT - value: value - - name: name - type: SHORT_TEXT - value: value properties: resources: - items: - $ref: "#/components/schemas/CreateRequestInfo_resources_inner" type: array - groups: items: - $ref: "#/components/schemas/CreateRequestInfo_groups_inner" + type: object + properties: + id: + description: The ID of the resource requested. Should not be specified if group_id is specified. + example: group283-ca87-4a8a-bdbb-df212eca5353 + format: uuid + type: string + access_level_remote_id: + description: The ID of the access level requested on the remote system. + example: arn:aws:iam::490306337630:role/SupportUser + type: string + access_level_name: + description: The ID of the access level requested on the remote system. + example: arn:aws:iam::490306337630:role/SupportUser + type: string + groups: type: array + items: + type: object + properties: + id: + description: The ID of the group requested. Should not be specified if resource_id is specified. + example: f454d283-ca87-4a8a-bdbb-df212eca5353 + format: uuid + type: string + access_level_remote_id: + description: The ID of the access level requested on the remote system. + example: arn:aws:iam::490306337630:role/SupportUser + type: string + access_level_name: + description: The ID of the access level requested on the remote system. + example: arn:aws:iam::490306337630:role/SupportUser + type: string + required: + - id target_user_id: - description: The ID of the user to be granted access. Should not be specified - if target_group_id is specified. + description: The ID of the user to be granted access. Should not be specified if target_group_id is specified. example: userd283-ca87-4a8a-bdbb-df212eca5353 format: uuid type: string target_group_id: - description: The ID of the group the request is for. Should not be specified - if target_user_id is specified. + description: The ID of the group the request is for. Should not be specified if target_user_id is specified. example: userd283-ca87-4a8a-bdbb-df212eca5353 format: uuid type: string reason: type: string support_ticket: - $ref: "#/components/schemas/CreateRequestInfo_support_ticket" + type: object + properties: + ticketing_provider: + $ref: "#/components/schemas/TicketingProviderEnum" + remote_id: + type: string + identifier: + type: string + url: + type: string + required: + - ticketing_provider + - remote_id + - identifier + - url duration_minutes: - description: The duration of the request in minutes. -1 represents an indefinite - duration - minimum: -1 + description: The duration of the request in minutes. -1 represents an indefinite duration type: integer + minimum: -1 custom_metadata: - items: - $ref: "#/components/schemas/CreateRequestInfo_custom_metadata_inner" type: array + items: + type: object + properties: + name: + type: string + type: + $ref: "#/components/schemas/RequestTemplateCustomFieldTypeEnum" + value: + type: string + required: + - name + - type + - value + required: - - duration_minutes - - groups - - reason - - resources + - reason + - duration_minutes + - resources + - groups SyncErrorList: example: sync_errors: - - app_id: b5a5ca27-0ea3-4d86-9199-2126d57d1fbd - first_seen: 2022-07-14T06:59:59Z - last_seen: 2022-08-23T04:32:46Z - error_message: Failed to connect to the remote system - insufficient credentials. - - app_id: b5a5ca27-0ea3-4d86-9199-2126d57d1fbd - first_seen: 2023-04-24T06:59:59Z - last_seen: 2024-08-21T04:32:46Z - error_message: Resource not found. + - app_id: b5a5ca27-0ea3-4d86-9199-2126d57d1fbd + first_seen: 2022-07-14T06:59:59Z + last_seen: 2022-08-23T04:32:46Z + error_message: Failed to connect to the remote system - insufficient credentials. + - app_id: b5a5ca27-0ea3-4d86-9199-2126d57d1fbd + first_seen: 2023-04-24T06:59:59Z + last_seen: 2024-08-21T04:32:46Z + error_message: Resource not found. properties: sync_errors: items: $ref: "#/components/schemas/SyncError" type: array + type: object required: - - sync_errors + - sync_errors SyncError: description: |- # SyncError Object @@ -9789,13 +10228,13 @@ components: first_seen: description: The time when this error was first seen. example: 2022-07-14T06:59:59Z - format: date-time type: string + format: date-time last_seen: description: The time when this error was most recently seen. example: 2022-07-14T06:59:59Z - format: date-time type: string + format: date-time error_message: description: The error message associated with the sync error. example: Failed to connect to the remote system - insufficient credentials. @@ -9806,27 +10245,18 @@ components: format: uuid type: string required: - - error_message - - first_seen - - last_seen + - first_seen + - last_seen + - error_message + type: object Bundle: - example: - updated_at: 2000-01-23T04:56:07.000+00:00 - bundle_id: a381e7a3-e5e0-4c48-b1d6-4ccb4c191bc1 - name: Bundle 1 - total_num_items: 15 - description: Description of bundle 1 - created_at: 2000-01-23T04:56:07.000+00:00 - admin_owner_id: 4aed3e8a-727b-4d72-8010-3b8710c50bec - total_num_groups: 5 - total_num_resources: 10 properties: bundle_id: description: The ID of the bundle. example: a381e7a3-e5e0-4c48-b1d6-4ccb4c191bc1 format: uuid - readOnly: true type: string + readOnly: true name: description: The name of the bundle. example: Bundle 1 @@ -9836,15 +10266,15 @@ components: example: Description of bundle 1 type: string created_at: - description: "The creation timestamp of the bundle, in ISO 8601 format" + type: string format: date-time + description: The creation timestamp of the bundle, in ISO 8601 format readOnly: true - type: string updated_at: - description: "The last updated timestamp of the bundle, in ISO 8601 format" + type: string format: date-time + description: The last updated timestamp of the bundle, in ISO 8601 format readOnly: true - type: string admin_owner_id: description: The ID of the owner of the bundle. example: 4aed3e8a-727b-4d72-8010-3b8710c50bec @@ -9853,50 +10283,51 @@ components: total_num_items: description: The total number of items in the bundle. example: 15 - readOnly: true type: integer + readOnly: true total_num_resources: description: The total number of resources in the bundle. example: 10 - readOnly: true type: integer + readOnly: true total_num_groups: description: The total number of groups in the bundle. example: 5 - readOnly: true type: integer + readOnly: true PaginatedBundleList: example: next: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw previous: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ totalCount: 2 bundles: - - id: a381e7a3-e5e0-4c48-b1d6-4ccb4c191bc1 - name: Bundle 1 - description: Description of bundle 1 - admin_owner_id: 4aed3e8a-727b-4d72-8010-3b8710c50bec - total_num_items: 0 - total_num_resources: 0 - total_num_groups: 0 - - id: 8294e9c9-deb6-48e9-9c99-da2a1e04a87f - name: Bundle 2 - description: Description of bundle 2 - admin_owner_id: 4aed3e8a-727b-4d72-8010-3b8710c50bec - total_num_items: 0 - total_num_resources: 0 - total_num_groups: 0 + - id: a381e7a3-e5e0-4c48-b1d6-4ccb4c191bc1 + name: Bundle 1 + description: Description of bundle 1 + admin_owner_id: 4aed3e8a-727b-4d72-8010-3b8710c50bec + total_num_items: 0 + total_num_resources: 0 + total_num_groups: 0 + - id: 8294e9c9-deb6-48e9-9c99-da2a1e04a87f + name: Bundle 2 + description: Description of bundle 2 + admin_owner_id: 4aed3e8a-727b-4d72-8010-3b8710c50bec + total_num_items: 0 + total_num_resources: 0 + total_num_groups: 0 properties: previous: description: The cursor used to obtain the current result page. example: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ - type: string nullable: true + type: string next: - description: The cursor with which to continue pagination if additional + description: + The cursor with which to continue pagination if additional result pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - type: string nullable: true + type: string total_count: description: The total number of items in the result set. example: 2 @@ -9905,34 +10336,29 @@ components: items: $ref: "#/components/schemas/Bundle" type: array + type: object required: - - bundles + - bundles BundleResource: - example: - bundle_id: a381e7a3-e5e0-4c48-b1d6-4ccb4c191bc1 - access_level_remote_id: arn:aws:iam::490306337630:role/SupportUser - resource_id: a381e7a3-e5e0-4c48-b1d6-4ccb4c191bc1 - access_level_name: Read properties: bundle_id: description: The ID of the bundle containing the resource. example: a381e7a3-e5e0-4c48-b1d6-4ccb4c191bc1 format: uuid - readOnly: true type: string + readOnly: true resource_id: description: The ID of the resource within a bundle. example: a381e7a3-e5e0-4c48-b1d6-4ccb4c191bc1 format: uuid - readOnly: true type: string + readOnly: true access_level_name: description: The access level of the resource within a bundle. example: Read type: string access_level_remote_id: - description: The remote ID of the access level of the resource within a - bundle. + description: The remote ID of the access level of the resource within a bundle. example: arn:aws:iam::490306337630:role/SupportUser type: string PaginatedBundleResourceList: @@ -9941,22 +10367,23 @@ components: previous: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ total_count: 3 bundle_resources: - - id: a381e7a3-e5e0-4c48-b1d6-4ccb4c191bc1 - name: Resource 1 - access_level_name: read - access_level_remote_id: pull + - id: a381e7a3-e5e0-4c48-b1d6-4ccb4c191bc1 + name: Resource 1 + access_level_name: read + access_level_remote_id: pull properties: previous: description: The cursor used to obtain the current result page. example: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ - type: string nullable: true + type: string next: - description: The cursor with which to continue pagination if additional + description: + The cursor with which to continue pagination if additional result pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - type: string nullable: true + type: string total_count: description: The total number of items in the result set. example: 2 @@ -9965,27 +10392,23 @@ components: items: $ref: "#/components/schemas/BundleResource" type: array + type: object required: - - bundle_resources + - bundle_resources BundleGroup: - example: - group_id: a381e7a3-e5e0-4c48-b1d6-4ccb4c191bc1 - bundle_id: a381e7a3-e5e0-4c48-b1d6-4ccb4c191bc1 - access_level_remote_id: arn:aws:iam::490306337630:role/SupportUser - access_level_name: Read properties: bundle_id: description: The ID of the bundle containing the group. example: a381e7a3-e5e0-4c48-b1d6-4ccb4c191bc1 format: uuid - readOnly: true type: string + readOnly: true group_id: description: The ID of the group within a bundle. example: a381e7a3-e5e0-4c48-b1d6-4ccb4c191bc1 format: uuid - readOnly: true type: string + readOnly: true access_level_name: description: The access level of the group within a bundle. example: Read @@ -10000,22 +10423,23 @@ components: previous: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ total_count: 2 bundle_groups: - - id: a381e7a3-e5e0-4c48-b1d6-4ccb4c191bc1 - name: Group 1 - - id: 8294e9c9-deb6-48e9-9c99-da2a1e04a87f - name: Group 2 + - id: a381e7a3-e5e0-4c48-b1d6-4ccb4c191bc1 + name: Group 1 + - id: 8294e9c9-deb6-48e9-9c99-da2a1e04a87f + name: Group 2 properties: previous: description: The cursor used to obtain the current result page. example: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ - type: string nullable: true + type: string next: - description: The cursor with which to continue pagination if additional + description: + The cursor with which to continue pagination if additional result pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - type: string nullable: true + type: string total_count: description: The total number of items in the result set. example: 2 @@ -10024,34 +10448,36 @@ components: items: $ref: "#/components/schemas/BundleGroup" type: array + type: object required: - - bundle_groups + - bundle_groups ScopedRolePermissionList: example: permissions: - - target_ids: - - a381e7a3-e5e0-4c48-b1d6-4ccb4c191bc1 - - 8294e9c9-deb6-48e9-9c99-da2a1e04a87f - target_type: RESOURCE - permission_name: READ + - target_ids: + - a381e7a3-e5e0-4c48-b1d6-4ccb4c191bc1 + - 8294e9c9-deb6-48e9-9c99-da2a1e04a87f + target_type: RESOURCE + permission_name: READ properties: permissions: + type: array items: $ref: "#/components/schemas/ScopedRolePermission" - type: array + type: object required: - - permissions + - permissions ScopedRolePermission: + type: object properties: target_ids: - description: "The IDs of the entities that this permission applies to. If\ - \ empty of missing, the permission will have untargeted scope." + description: The IDs of the entities that this permission applies to. If empty of missing, the permission will have untargeted scope. example: - - a381e7a3-e5e0-4c48-b1d6-4ccb4c191bc1 - - 8294e9c9-deb6-48e9-9c99-da2a1e04a87f + - a381e7a3-e5e0-4c48-b1d6-4ccb4c191bc1 + - 8294e9c9-deb6-48e9-9c99-da2a1e04a87f items: - format: uuid type: string + format: uuid type: array target_type: $ref: "#/components/schemas/RolePermissionTargetTypeEnum" @@ -10060,15 +10486,12 @@ components: allow_all: type: boolean required: - - allow_all - - permission_name - - target_type + - target_type + - permission_name + - allow_all SyncTask: - description: "Represents a sync task that has been completed, either successfully\ - \ or with errors." - example: - id: 7c86c85d-0651-43e2-a748-d69d658418e8 - completed_at: 2023-10-01T12:00:00Z + type: object + description: Represents a sync task that has been completed, either successfully or with errors. properties: id: description: The ID of the sync task. @@ -10078,19 +10501,21 @@ components: completed_at: description: The time when the sync task was completed. example: 2023-10-01T12:00:00Z - format: date-time type: string + format: date-time required: - - completed_at - - id + - id + - completed_at + example: + id: 7c86c85d-0651-43e2-a748-d69d658418e8 + completed_at: 2023-10-01T12:00:00Z RequestApprovalEnum: - description: The decision level for the approval - enum: - - REGULAR - - ADMIN - example: REGULAR type: string + enum: [REGULAR, ADMIN] + description: "The decision level for the approval" + example: "REGULAR" Delegation: + type: object description: |- # Delegation Object ### Description @@ -10099,15 +10524,6 @@ components: ### Usage Example List from the `GET Delegations` endpoint. Get from the `GET Delegation` endpoint. - example: - start_time: 2023-10-01T12:00:00Z - reason: I need to be out of the office - delegate_user_id: 7c86c85d-0651-43e2-a748-d69d658418e8 - updated_at: 2023-10-01T12:00:00Z - end_time: 2023-10-01T12:00:00Z - created_at: 2023-10-01T12:00:00Z - id: 4aed3e8a-727b-4d72-8010-3b8710c50bec - delegator_user_id: 123e4567-e89b-12d3-a456-426614174000 properties: id: description: The ID of the delegation. @@ -10127,89 +10543,62 @@ components: start_time: description: The start time of the delegation. example: 2023-10-01T12:00:00Z - format: date-time type: string + format: date-time end_time: description: The end time of the delegation. example: 2023-10-01T12:00:00Z - format: date-time type: string + format: date-time reason: description: The reason for the delegation. - example: I need to be out of the office + example: "I need to be out of the office" type: string created_at: description: The creation time of the delegation. example: 2023-10-01T12:00:00Z - format: date-time type: string + format: date-time updated_at: description: The last updated time of the delegation. example: 2023-10-01T12:00:00Z - format: date-time type: string + format: date-time required: - - created_at - - delegate_user_id - - delegator_user_id - - end_time - - id - - reason - - start_time - - updated_at + - id + - delegator_user_id + - delegate_user_id + - start_time + - end_time + - reason + - created_at + - updated_at PaginatedDelegationsList: + type: object description: A list of delegations for your organization. - example: - next: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - previous: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ - total_count: 2 - results: - - start_time: 2023-10-01T12:00:00Z - reason: I need to be out of the office - delegate_user_id: 7c86c85d-0651-43e2-a748-d69d658418e8 - updated_at: 2023-10-01T12:00:00Z - end_time: 2023-10-01T12:00:00Z - created_at: 2023-10-01T12:00:00Z - id: 4aed3e8a-727b-4d72-8010-3b8710c50bec - delegator_user_id: 123e4567-e89b-12d3-a456-426614174000 - - start_time: 2023-10-01T12:00:00Z - reason: I need to be out of the office - delegate_user_id: 7c86c85d-0651-43e2-a748-d69d658418e8 - updated_at: 2023-10-01T12:00:00Z - end_time: 2023-10-01T12:00:00Z - created_at: 2023-10-01T12:00:00Z - id: 4aed3e8a-727b-4d72-8010-3b8710c50bec - delegator_user_id: 123e4567-e89b-12d3-a456-426614174000 properties: results: description: The delegations in the result set. + type: array items: $ref: "#/components/schemas/Delegation" - type: array next: - description: The cursor with which to continue pagination if additional - result pages exist. + description: The cursor with which to continue pagination if additional result pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - type: string nullable: true + type: string previous: description: The cursor used to obtain the current result page. example: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ - type: string nullable: true + type: string total_count: description: The total number of items in the result set. example: 2 type: integer CreateDelegationRequest: - description: Request body for creating a new delegation of access review requests - from one user to another. - example: - start_time: 2023-10-01T12:00:00Z - reason: I need to be out of the office - delegate_user_id: 7c86c85d-0651-43e2-a748-d69d658418e8 - end_time: 2023-10-01T12:00:00Z - delegator_user_id: 123e4567-e89b-12d3-a456-426614174000 + type: object + description: Request body for creating a new delegation of access review requests from one user to another. properties: delegator_user_id: description: The ID of the user delegating their access review requests. @@ -10224,908 +10613,23 @@ components: start_time: description: The start time of the delegation. example: 2023-10-01T12:00:00Z - format: date-time type: string + format: date-time end_time: description: The end time of the delegation. example: 2023-10-01T12:00:00Z - format: date-time type: string + format: date-time reason: description: The reason for the delegation. - example: I need to be out of the office - type: string - required: - - delegate_user_id - - delegator_user_id - - end_time - - reason - - start_time - addBundleResource_request: - properties: - resource_id: - description: The ID of the resource to add. - example: 72e75a6f-7183-48c5-94ff-6013f213314b - format: uuid - type: string - access_level_remote_id: - description: "The remote ID of the access level to grant to this user. Required\ - \ if the resource being added requires an access level. If omitted, the\ - \ default access level remote ID value (empty string) is used." - example: arn:aws:iam::590304332660:role/AdministratorAccess - type: string - access_level_name: - description: "The name of the access level to grant to this user. If omitted,\ - \ the default access level name value (empty string) is used." - example: AdministratorAccess - type: string - required: - - resource_id - addBundleGroup_request: - properties: - group_id: - description: The ID of the group to add. - example: 72e75a6f-7183-48c5-94ff-6013f213314b - format: uuid - type: string - access_level_remote_id: - description: "The remote ID of the access level to grant to this user. Required\ - \ if the group being added requires an access level. If omitted, the default\ - \ access level remote ID value (empty string) is used." - example: arn:aws:iam::590304332660:role/AdministratorAccess - type: string - access_level_name: - description: "The name of the access level to grant to this user. If omitted,\ - \ the default access level name value (empty string) is used." - example: AdministratorAccess - type: string - required: - - group_id - add_group_resource_request: - example: - access_level_remote_id: arn:aws:iam::590304332660:role/AdministratorAccess - duration_minutes: 60 - properties: - access_level_remote_id: - description: "The remote ID of the access level to grant to this user. If\ - \ omitted, the default access level remote ID value (empty string) is\ - \ used." - example: arn:aws:iam::590304332660:role/AdministratorAccess - type: string - duration_minutes: - description: The duration for which the resource can be accessed (in minutes). - Use 0 to set to indefinite. - example: 60 - maximum: 525960 - minimum: 0 - type: integer - update_group_user_request: - example: - duration_minutes: 60 - access_level_remote_id: arn:aws:iam::590304332660:role/AdministratorAccess - properties: - duration_minutes: - description: The updated duration for which the group can be accessed (in - minutes). Use 0 for indefinite. - example: 120 - maximum: 525960 - type: integer - access_level_remote_id: - description: The updated remote ID of the access level granted to this user. - example: arn:aws:iam::590304332660:role/ReadOnlyAccess - type: string - required: - - duration_minutes - add_group_user_request: - example: - duration_minutes: 60 - access_level_remote_id: arn:aws:iam::590304332660:role/AdministratorAccess - properties: - duration_minutes: - description: The duration for which the group can be accessed (in minutes). - Use 0 to set to indefinite. - example: 60 - type: integer - access_level_remote_id: - description: "The remote ID of the access level to grant to this user. If\ - \ omitted, the default access level remote ID value (empty string) is\ - \ used." - example: arn:aws:iam::590304332660:role/AdministratorAccess - type: string - required: - - duration_minutes - updateIdpGroupMappings_request_mappings_inner: - properties: - group_id: - format: uuid - type: string - alias: - type: string - hidden_from_end_user: - type: boolean - updateIdpGroupMappings_request: - properties: - mappings: - items: - $ref: "#/components/schemas/updateIdpGroupMappings_request_mappings_inner" - type: array - required: - - mappings - createIdpGroupMapping_request: - properties: - alias: - description: Optional alias for the group mapping - type: string - nullable: true - hidden_from_end_user: - description: | - Whether this mapping should be hidden from end users. - - **New mappings**: If not provided, defaults to `false` - - **Existing mappings**: If not provided, existing value is preserved (no change) - - **Explicit values**: If provided, value is updated to the specified boolean - type: boolean - nullable: true - createRequest_200_response: - example: - id: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - properties: - id: - example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 - format: uuid - type: string - approveRequest_request: - properties: - level: - $ref: "#/components/schemas/RequestApprovalEnum" - comment: - description: Optional comment for the approval - example: Approved after security review - type: string - required: - - level - approveRequest_200_response: - example: - request: - id: 7c86c85d-0651-43e2-a748-d69d658418e8 - created_at: 2021-01-06T20:00:00Z - updated_at: 2021-01-06T20:00:00Z - requester_id: c86c85d-0651-43e2-a748-d69d658418e8 - target_user_id: r86c85d-0651-43e2-a748-d69d658418e8 - target_group_id: r86c85d-0651-43e2-a748-d69d658418e8 - status: pending - reason: I need this resource. - duration_minutes: 1440 - request_comments: - - id: 7c86c85d-0651-43e2-a748-d69d658418e8 - created_at: 2021-01-06T20:00:00Z - updated_at: 2021-01-06T20:00:00Z - request_id: 4c86c85d-0651-43e2-a748-d69d658418e8 - user_id: c86c85d-0651-43e2-a748-d69d658418e8 - comment: This is a comment. - reviewer_stages: - - requestedRoleName: Admin - requestedItemName: AWS Production Account - stages: - - stage: 1 - operator: AND - reviewers: - - id: 7c86c85d-0651-43e2-a748-d69d658418e8 - status: PENDING - - stage: 2 - operator: OR - reviewers: - - id: 8d86c85d-0651-43e2-a748-d69d658418e9 - status: APPROVED - properties: - request: - $ref: "#/components/schemas/Request" - denyRequest_request: - properties: - comment: - description: Comment for the denial - example: Denied due to insufficient justification - type: string - required: - - comment - createRequestComment_request: - properties: - comment: - description: comment - type: string - required: - - comment - add_resource_nhi_request: - example: - duration_minutes: 60 - access_level_remote_id: roles/cloudsql.instanceUser - properties: - duration_minutes: - description: The duration for which the resource can be accessed (in minutes). - Use 0 to set to indefinite. - example: 60 - maximum: 525960 - type: integer - access_level_remote_id: - description: "The remote ID of the access level to grant. If omitted, the\ - \ default access level remote ID value (empty string) is used." - example: roles/cloudsql.instanceUser - type: string - required: - - duration_minutes - getResourceUser_200_response: - example: - cursor: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - data: - - full_name: Jake Barnes - user_id: 29827fb8-f2dd-4e80-9576-28e31e9934ac - resource_id: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - expiration_date: 2022-01-23T04:56:07Z - email: jake@company.dev - - full_name: Jake Barnes - user_id: 29827fb8-f2dd-4e80-9576-28e31e9934ac - resource_id: 1b978423-db0a-4037-a4cf-f79c60cb67b3 - expiration_date: 2022-01-23T04:56:07Z - email: jake@company.dev - total_count: 120 - properties: - data: - items: - $ref: "#/components/schemas/ResourceUser" - type: array - cursor: - description: Pagination cursor for the next page of results - example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw - type: string - total_count: - description: Total number of results - example: 120 - type: integer - required: - - data - update_resource_user_request: - example: - duration_minutes: 60 - access_level_remote_id: arn:aws:iam::590304332660:role/AdministratorAccess - properties: - duration_minutes: - description: The updated duration for which the resource can be accessed - (in minutes). Use 0 for indefinite. - example: 120 - maximum: 525960 - type: integer - access_level_remote_id: - description: The updated remote ID of the access level granted to this user. - example: arn:aws:iam::590304332660:role/ReadOnlyAccess - type: string - required: - - duration_minutes - add_resource_user_request: - example: - duration_minutes: 60 - access_level_remote_id: arn:aws:iam::590304332660:role/AdministratorAccess - properties: - duration_minutes: - description: The duration for which the resource can be accessed (in minutes). - Use 0 to set to indefinite. - example: 60 - maximum: 525960 - type: integer - access_level_remote_id: - description: "The remote ID of the access level to grant to this user. If\ - \ omitted, the default access level remote ID value (empty string) is\ - \ used." - example: arn:aws:iam::590304332660:role/AdministratorAccess - type: string - required: - - duration_minutes - GroupRemoteInfo_active_directory_group: - description: Remote info for Active Directory group. - properties: - group_id: - description: The id of the Google group. - example: 01fa7402-01d8-103b-8deb-5f3a0ab7884 - type: string - required: - - group_id - GroupRemoteInfo_github_team: - description: Remote info for GitHub team. - properties: - team_id: - deprecated: true - description: The id of the GitHub team. - example: 898931321 - type: string - team_slug: - description: The slug of the GitHub team. - example: opal-security - type: string - required: - - team_slug - GroupRemoteInfo_gitlab_group: - description: Remote info for Gitlab group. - properties: - group_id: - description: The id of the Gitlab group. - example: 898931321 - type: string - required: - - group_id - GroupRemoteInfo_google_group: - description: Remote info for Google group. - properties: - group_id: - description: The id of the Google group. - example: 1y6w882181n7sg - type: string - required: - - group_id - GroupRemoteInfo_ldap_group: - description: Remote info for LDAP group. - properties: - group_id: - description: The id of the LDAP group. - example: 01fa7402-01d8-103b-8deb-5f3a0ab7884 - type: string - required: - - group_id - GroupRemoteInfo_okta_group: - description: Remote info for Okta Directory group. - properties: - group_id: - description: The id of the Okta Directory group. - example: 00gjs33pe8rtmRrp3rd6 - type: string - required: - - group_id - GroupRemoteInfo_duo_group: - description: Remote info for Duo Security group. - properties: - group_id: - description: The id of the Duo Security group. - example: DSRD8W89B9DNDBY4RHAC - type: string - required: - - group_id - GroupRemoteInfo_azure_ad_security_group: - description: Remote info for Microsoft Entra ID Security group. - properties: - group_id: - description: The id of the Microsoft Entra ID Security group. - example: 01fa7402-01d8-103b-8deb-5f3a0ab7884 - type: string - required: - - group_id - GroupRemoteInfo_azure_ad_microsoft_365_group: - description: Remote info for Microsoft Entra ID Microsoft 365 group. - properties: - group_id: - description: The id of the Microsoft Entra ID Microsoft 365 group. - example: 01fa7402-01d8-103b-8deb-5f3a0ab7884 - type: string - required: - - group_id - GroupRemoteInfo_snowflake_role: - description: Remote info for Snowflake role. - properties: - role_id: - description: The id of the Snowflake role. - example: 01fa7402-01d8-103b-8deb-5f3a0ab7884 - type: string - required: - - role_id - GroupRemoteInfo_okta_group_rule: - description: Remote info for Okta Directory group rule. - properties: - rule_id: - description: The id of the Okta group rule. - example: 0pr3f7zMZZHPgUoWO0g4 - type: string - required: - - rule_id - GroupRemoteInfo_workday_user_security_group: - description: Remote info for Workday User Security group. - properties: - group_id: - description: The id of the Workday User Security group. - example: 123abc456def - type: string - required: - - group_id - ResourceRemoteInfo_aws_organizational_unit: - description: Remote info for AWS organizational unit. - properties: - parent_id: - description: The id of the parent organizational unit. - example: ou-1234 - type: string - organizational_unit_id: - description: The id of the AWS organizational unit that is being created. - example: ou-1234 - type: string - required: - - organizational_unit_id - ResourceRemoteInfo_aws_account: - description: Remote info for AWS account. - properties: - account_id: - description: The id of the AWS account. - example: 234234234234 - type: string - organizational_unit_id: - description: The id of the AWS organizational unit. Required only if customer - has OUs enabled. - example: ou-1234 - type: string - required: - - account_id - ResourceRemoteInfo_aws_permission_set: - description: Remote info for AWS Identity Center permission set. - properties: - arn: - description: The ARN of the permission set. - example: arn:aws:sso:::permissionSet/asdf-32139302d201d32/ps-f03323201211e1b9 - type: string - account_id: - description: The ID of an AWS account to which this permission set is provisioned. - example: 234234234234 - type: string - required: - - account_id - - arn - ResourceRemoteInfo_aws_iam_role: - description: Remote info for AWS IAM role. - properties: - arn: - description: The ARN of the IAM role. - example: arn:aws:iam::179308207300:role/MyRole - type: string - account_id: - description: The id of the AWS account. Required for AWS Organizations. - example: 234234234234 - type: string - required: - - arn - ResourceRemoteInfo_aws_ec2_instance: - description: Remote info for AWS EC2 instance. - properties: - instance_id: - description: The instanceId of the EC2 instance. - example: i-13f1a1e2899f9e93a - type: string - region: - description: The region of the EC2 instance. - example: us-east-2 - type: string - account_id: - description: The id of the AWS account. Required for AWS Organizations. - example: 234234234234 - type: string - required: - - instance_id - - region - ResourceRemoteInfo_aws_rds_instance: - description: Remote info for AWS RDS instance. - properties: - instance_id: - description: The instanceId of the RDS instance. - example: demo-mysql-db - type: string - region: - description: The region of the RDS instance. - example: us-east-2 - type: string - resource_id: - description: The resourceId of the RDS instance. - example: db-AOO8V0XUCNU13XLZXQDQRSN0NQ - type: string - account_id: - description: The id of the AWS account. Required for AWS Organizations. - example: 234234234234 - type: string - required: - - instance_id - - region - - resource_id - ResourceRemoteInfo_aws_eks_cluster: - description: Remote info for AWS EKS cluster. - properties: - arn: - description: The ARN of the EKS cluster. - example: arn:aws:eks:us-east-2:234234234234:cluster/testcluster - type: string - account_id: - description: The id of the AWS account. Required for AWS Organizations. - example: 234234234234 - type: string - required: - - arn - ResourceRemoteInfo_custom_connector: - description: Remote info for a custom connector resource. - properties: - remote_resource_id: - description: The id of the resource in the end system - example: 01fa7402-01d8-103b-8deb-5f3a0ab7884 - type: string - can_have_usage_events: - description: A bool representing whether or not the resource can have usage - data. - example: false - type: boolean - required: - - can_have_usage_events - - remote_resource_id - ResourceRemoteInfo_gcp_organization: - description: Remote info for GCP organization. - properties: - organization_id: - description: The id of the organization. - example: organizations/898931321 - type: string - required: - - organization_id - ResourceRemoteInfo_gcp_bucket: - description: Remote info for GCP bucket. - properties: - bucket_id: - description: The id of the bucket. - example: example-bucket-898931321 - type: string - required: - - bucket_id - ResourceRemoteInfo_gcp_compute_instance: - description: Remote info for GCP compute instance. - properties: - instance_id: - description: The id of the instance. - example: example-instance-898931321 - type: string - project_id: - description: The id of the project the instance is in. - example: example-project-898931321 - type: string - zone: - description: The zone the instance is in. - example: us-central1-a - type: string - required: - - instance_id - - project_id - - zone - ResourceRemoteInfo_gcp_big_query_dataset: - description: Remote info for GCP BigQuery Dataset. - properties: - project_id: - description: The id of the project the dataset is in. - example: example-project-898931321 - type: string - dataset_id: - description: The id of the dataset. - example: example-dataset-898931321 - type: string - required: - - dataset_id - - project_id - ResourceRemoteInfo_gcp_big_query_table: - description: Remote info for GCP BigQuery Table. - properties: - project_id: - description: The id of the project the table is in. - example: example-project-898931321 - type: string - dataset_id: - description: The id of the dataset the table is in. - example: example-dataset-898931321 - type: string - table_id: - description: The id of the table. - example: example-table-898931321 - type: string - required: - - dataset_id - - project_id - - table_id - ResourceRemoteInfo_gcp_folder: - description: Remote info for GCP folder. - properties: - folder_id: - description: The id of the folder. - example: folder/898931321 - type: string - required: - - folder_id - ResourceRemoteInfo_gcp_gke_cluster: - description: Remote info for GCP GKE cluster. - properties: - cluster_name: - description: The name of the GKE cluster. - example: example-cluster-898931321 - type: string - required: - - cluster_name - ResourceRemoteInfo_gcp_project: - description: Remote info for GCP project. - properties: - project_id: - description: The id of the project. - example: example-project-898931321 - type: string - required: - - project_id - ResourceRemoteInfo_gcp_sql_instance: - description: Remote info for GCP SQL instance. - properties: - instance_id: - description: The id of the SQL instance. - example: example-sql-898931321 - type: string - project_id: - description: The id of the project the instance is in. - example: example-project-898931321 - type: string - required: - - instance_id - - project_id - ResourceRemoteInfo_gcp_service_account: - description: Remote info for a GCP service account. - properties: - email: - description: The email of the service account. - example: production@project.iam.gserviceaccount.com - type: string - service_account_id: - description: The id of the service account. - example: 103561576023829463298 - type: string - project_id: - description: The id of the project the service account is in. - example: example-project-898931321 - type: string - required: - - email - - project_id - - service_account_id - ResourceRemoteInfo_google_workspace_role: - description: Remote info for GCP workspace role. - properties: - role_id: - description: The id of the role. - example: google-workspace-role:01234567890123456 - type: string - required: - - role_id - ResourceRemoteInfo_github_repo: - description: Remote info for GitHub repository. - properties: - repo_id: - deprecated: true - description: The id of the repository. - example: 898931321 - type: string - repo_name: - description: The name of the repository. - example: Opal Security - type: string - required: - - repo_name - ResourceRemoteInfo_github_org_role: - description: Remote info for GitHub organization role. - properties: - role_id: - description: The id of the role. - example: 112233 - type: string - required: - - role_id - ResourceRemoteInfo_gitlab_project: - description: Remote info for Gitlab project. - properties: - project_id: - description: The id of the project. - example: 898931321 - type: string - required: - - project_id - ResourceRemoteInfo_okta_app: - description: Remote info for Okta directory app. - properties: - app_id: - description: The id of the app. - example: a9dfas0f678asdf67867 - type: string - required: - - app_id - ResourceRemoteInfo_okta_standard_role: - description: Remote info for Okta directory standard role. - properties: - role_type: - description: The type of the standard role. - example: ORG_ADMIN - type: string - required: - - role_type - ResourceRemoteInfo_okta_custom_role: - description: Remote info for Okta directory custom role. - properties: - role_id: - description: The id of the custom role. - example: a9dfas0f678asdf67867 - type: string - required: - - role_id - ResourceRemoteInfo_pagerduty_role: - description: Remote info for Pagerduty role. - properties: - role_name: - description: The name of the role. - example: owner - type: string - required: - - role_name - ResourceRemoteInfo_salesforce_permission_set: - description: Remote info for Salesforce permission set. - properties: - permission_set_id: - description: The id of the permission set. - example: 0PS5Y090202wOV7WAM - type: string - required: - - permission_set_id - ResourceRemoteInfo_salesforce_profile: - description: Remote info for Salesforce profile. - properties: - profile_id: - description: The id of the permission set. - example: 0PS5Y090202wOV7WAM - type: string - user_license_id: - description: The id of the user license. - example: 1005Y030081Qb5XJHS - type: string - required: - - profile_id - - user_license_id - ResourceRemoteInfo_salesforce_role: - description: Remote info for Salesforce role. - properties: - role_id: - description: The id of the role. - example: 0PS5Y090202wOV7WAM - type: string - required: - - role_id - ResourceRemoteInfo_teleport_role: - description: Remote info for Teleport role. - properties: - role_name: - description: The name role. - example: admin_role - type: string - required: - - role_name - ResourceRemoteInfo_datastax_astra_role: - description: Remote info for an Astra role. - properties: - role_id: - description: The id of the role. - example: 123e4567-e89b-12d3-a456-426614174000 - type: string - required: - - role_id - ResourceRemoteInfo_coupa_role: - description: Remote info for Coupa role. - properties: - role_id: - description: The id of the role. - example: 999 - type: string - required: - - role_id - RequestCustomFieldResponse_field_value: - oneOf: - - example: This is a response to a long text or short text or multi choice - type: string - - example: true - type: boolean - AwsPermissionSetMetadata_aws_permission_set: - properties: - arn: - description: The ARN of the permission set. - example: arn:aws:sso:::permissionSet/asdf-32139302d201d32/ps-f03323201211e1b9 - type: string - account_id: - description: The ID of an AWS account to which this permission set is provisioned. - example: 234234234234 - type: string - required: - - account_id - - arn - CreateGroupBindingInfo_groups_inner: - properties: - group_id: - description: The ID of the group. - example: f454d283-ca87-4a8a-bdbb-df212eca5353 - format: uuid - type: string - required: - - group_id - CreateRequestInfo_resources_inner: - example: - access_level_remote_id: arn:aws:iam::490306337630:role/SupportUser - id: group283-ca87-4a8a-bdbb-df212eca5353 - access_level_name: arn:aws:iam::490306337630:role/SupportUser - properties: - id: - description: The ID of the resource requested. Should not be specified if - group_id is specified. - example: group283-ca87-4a8a-bdbb-df212eca5353 - format: uuid - type: string - access_level_remote_id: - description: The ID of the access level requested on the remote system. - example: arn:aws:iam::490306337630:role/SupportUser - type: string - access_level_name: - description: The ID of the access level requested on the remote system. - example: arn:aws:iam::490306337630:role/SupportUser - type: string - CreateRequestInfo_groups_inner: - example: - access_level_remote_id: arn:aws:iam::490306337630:role/SupportUser - id: f454d283-ca87-4a8a-bdbb-df212eca5353 - access_level_name: arn:aws:iam::490306337630:role/SupportUser - properties: - id: - description: The ID of the group requested. Should not be specified if resource_id - is specified. - example: f454d283-ca87-4a8a-bdbb-df212eca5353 - format: uuid - type: string - access_level_remote_id: - description: The ID of the access level requested on the remote system. - example: arn:aws:iam::490306337630:role/SupportUser - type: string - access_level_name: - description: The ID of the access level requested on the remote system. - example: arn:aws:iam::490306337630:role/SupportUser - type: string - required: - - id - CreateRequestInfo_support_ticket: - example: - ticketing_provider: LINEAR - identifier: identifier - remote_id: remote_id - url: url - properties: - ticketing_provider: - $ref: "#/components/schemas/TicketingProviderEnum" - remote_id: - type: string - identifier: - type: string - url: - type: string - required: - - identifier - - remote_id - - ticketing_provider - - url - CreateRequestInfo_custom_metadata_inner: - example: - name: name - type: SHORT_TEXT - value: value - properties: - name: - type: string - type: - $ref: "#/components/schemas/RequestTemplateCustomFieldTypeEnum" - value: + example: "I need to be out of the office" type: string required: - - name - - type - - value + - delegator_user_id + - delegate_user_id + - start_time + - end_time + - reason securitySchemes: BearerAuth: scheme: bearer diff --git a/api_apps.go b/api_apps.go index 3332c96..205d879 100644 --- a/api_apps.go +++ b/api_apps.go @@ -35,7 +35,7 @@ func (r ApiGetAppRequest) Execute() (*App, *http.Response, error) { } /* -GetApp Method for GetApp +GetApp Get app by ID Returns an `App` object. @@ -151,7 +151,7 @@ func (r ApiGetAppsRequest) Execute() (*AppsList, *http.Response, error) { } /* -GetApps Method for GetApps +GetApps Get apps Returns a list of `App` objects. diff --git a/api_delegations.go b/api_delegations.go index 7c4a244..2f77156 100644 --- a/api_delegations.go +++ b/api_delegations.go @@ -237,7 +237,7 @@ func (r ApiGetDelegationRequest) Execute() (*Delegation, *http.Response, error) } /* -GetDelegation Method for GetDelegation +GetDelegation Get delegation by ID Returns a specific delegation by its ID. @@ -367,7 +367,7 @@ func (r ApiGetDelegationsRequest) Execute() (*PaginatedDelegationsList, *http.Re } /* -GetDelegations Method for GetDelegations +GetDelegations Get delegations Returns a list of request reviewer delegations configured for your organization. diff --git a/docs/AppsAPI.md b/docs/AppsAPI.md index 9574c66..cc8f351 100644 --- a/docs/AppsAPI.md +++ b/docs/AppsAPI.md @@ -4,8 +4,8 @@ All URIs are relative to *https://api.opal.dev/v1* Method | HTTP request | Description ------------- | ------------- | ------------- -[**GetApp**](AppsAPI.md#GetApp) | **Get** /apps/{app_id} | -[**GetApps**](AppsAPI.md#GetApps) | **Get** /apps | +[**GetApp**](AppsAPI.md#GetApp) | **Get** /apps/{app_id} | Get app by ID +[**GetApps**](AppsAPI.md#GetApps) | **Get** /apps | Get apps [**GetSyncErrors**](AppsAPI.md#GetSyncErrors) | **Get** /sync_errors | @@ -14,7 +14,7 @@ Method | HTTP request | Description > App GetApp(ctx, appId).Execute() - +Get app by ID @@ -84,7 +84,7 @@ Name | Type | Description | Notes > AppsList GetApps(ctx).AppTypeFilter(appTypeFilter).OwnerFilter(ownerFilter).Execute() - +Get apps diff --git a/docs/DelegationsAPI.md b/docs/DelegationsAPI.md index 342f460..45dfcb9 100644 --- a/docs/DelegationsAPI.md +++ b/docs/DelegationsAPI.md @@ -6,8 +6,8 @@ Method | HTTP request | Description ------------- | ------------- | ------------- [**CreateDelegation**](DelegationsAPI.md#CreateDelegation) | **Post** /delegations | [**DeleteDelegation**](DelegationsAPI.md#DeleteDelegation) | **Delete** /delegations/{delegation_id} | -[**GetDelegation**](DelegationsAPI.md#GetDelegation) | **Get** /delegations/{delegation_id} | -[**GetDelegations**](DelegationsAPI.md#GetDelegations) | **Get** /delegations | +[**GetDelegation**](DelegationsAPI.md#GetDelegation) | **Get** /delegations/{delegation_id} | Get delegation by ID +[**GetDelegations**](DelegationsAPI.md#GetDelegations) | **Get** /delegations | Get delegations @@ -150,7 +150,7 @@ Name | Type | Description | Notes > Delegation GetDelegation(ctx, delegationId).Execute() - +Get delegation by ID @@ -220,7 +220,7 @@ Name | Type | Description | Notes > PaginatedDelegationsList GetDelegations(ctx).DelegatorUserId(delegatorUserId).DelegateUserId(delegateUserId).Cursor(cursor).PageSize(pageSize).Execute() - +Get delegations diff --git a/model_configuration_template.go b/model_configuration_template.go index c231eb3..f82b2f3 100644 --- a/model_configuration_template.go +++ b/model_configuration_template.go @@ -26,6 +26,7 @@ type ConfigurationTemplate struct { Name *string `json:"name,omitempty"` // The ID of the owner of the configuration template. AdminOwnerId *string `json:"admin_owner_id,omitempty"` + // The visibility info of the configuration template. Visibility *VisibilityInfo `json:"visibility,omitempty"` // The IDs of the audit message channels linked to the configuration template. LinkedAuditMessageChannelIds []string `json:"linked_audit_message_channel_ids,omitempty"` diff --git a/model_create_configuration_template_info.go b/model_create_configuration_template_info.go index 002479a..3405778 100644 --- a/model_create_configuration_template_info.go +++ b/model_create_configuration_template_info.go @@ -23,6 +23,7 @@ var _ MappedNullable = &CreateConfigurationTemplateInfo{} type CreateConfigurationTemplateInfo struct { // The ID of the owner of the configuration template. AdminOwnerId string `json:"admin_owner_id"` + // The visibility info of the configuration template. Visibility VisibilityInfo `json:"visibility"` // The IDs of the audit message channels linked to the configuration template. LinkedAuditMessageChannelIds []string `json:"linked_audit_message_channel_ids,omitempty"` @@ -38,6 +39,8 @@ type CreateConfigurationTemplateInfo struct { Name string `json:"name"` // The request configuration list of the configuration template. If not provided, the default request configuration will be used. RequestConfigurations []RequestConfiguration `json:"request_configurations,omitempty"` + // The request configuration list of the configuration template. If not provided, the default request configuration will be used. Deprecated in favor of `request_configurations`. + // Deprecated RequestConfigurationList *CreateRequestConfigurationInfoList `json:"request_configuration_list,omitempty"` TicketPropagation *TicketPropagationConfiguration `json:"ticket_propagation,omitempty"` // Custom request notification sent upon request approval for this configuration template. @@ -318,6 +321,7 @@ func (o *CreateConfigurationTemplateInfo) SetRequestConfigurations(v []RequestCo } // GetRequestConfigurationList returns the RequestConfigurationList field value if set, zero value otherwise. +// Deprecated func (o *CreateConfigurationTemplateInfo) GetRequestConfigurationList() CreateRequestConfigurationInfoList { if o == nil || IsNil(o.RequestConfigurationList) { var ret CreateRequestConfigurationInfoList @@ -328,6 +332,7 @@ func (o *CreateConfigurationTemplateInfo) GetRequestConfigurationList() CreateRe // GetRequestConfigurationListOk returns a tuple with the RequestConfigurationList field value if set, nil otherwise // and a boolean to check if the value has been set. +// Deprecated func (o *CreateConfigurationTemplateInfo) GetRequestConfigurationListOk() (*CreateRequestConfigurationInfoList, bool) { if o == nil || IsNil(o.RequestConfigurationList) { return nil, false @@ -345,6 +350,7 @@ func (o *CreateConfigurationTemplateInfo) HasRequestConfigurationList() bool { } // SetRequestConfigurationList gets a reference to the given CreateRequestConfigurationInfoList and assigns it to the RequestConfigurationList field. +// Deprecated func (o *CreateConfigurationTemplateInfo) SetRequestConfigurationList(v CreateRequestConfigurationInfoList) { o.RequestConfigurationList = &v } diff --git a/model_group.go b/model_group.go index 6f13833..45a55ca 100644 --- a/model_group.go +++ b/model_group.go @@ -76,6 +76,7 @@ type Group struct { // The risk sensitivity level for the group. When an override is set, this field will match that. RiskSensitivity *RiskSensitivityEnum `json:"risk_sensitivity,omitempty"` RiskSensitivityOverride *RiskSensitivityEnum `json:"risk_sensitivity_override,omitempty"` + // Information about the last successful sync of this group. LastSuccessfulSync *SyncTask `json:"last_successful_sync,omitempty"` AdditionalProperties map[string]interface{} } diff --git a/model_remote_user.go b/model_remote_user.go index d6bf4d9..46c9a68 100644 --- a/model_remote_user.go +++ b/model_remote_user.go @@ -25,6 +25,7 @@ type RemoteUser struct { UserId string `json:"user_id"` // The ID of the remote user. RemoteId string `json:"remote_id"` + // The third party provider of the remote user. ThirdPartyProvider ThirdPartyProviderEnum `json:"third_party_provider"` AdditionalProperties map[string]interface{} } diff --git a/model_request.go b/model_request.go index 0efe6f1..252be16 100644 --- a/model_request.go +++ b/model_request.go @@ -34,6 +34,7 @@ type Request struct { TargetUserId *string `json:"target_user_id,omitempty"` // The unique identifier of the group who is the target of the request. TargetGroupId *string `json:"target_group_id,omitempty"` + // The status of the request. Status RequestStatusEnum `json:"status"` // The reason for the request. Reason string `json:"reason"` @@ -43,6 +44,7 @@ type Request struct { RequestedItemsList []RequestedItem `json:"requested_items_list,omitempty"` // The responses given to the custom fields associated to the request CustomFieldsResponses []RequestCustomFieldResponse `json:"custom_fields_responses,omitempty"` + // The stages configuration for this request // Deprecated Stages *RequestItemStages `json:"stages,omitempty"` // The configured reviewer stages for every item in this request diff --git a/model_request_configuration.go b/model_request_configuration.go index 84f0eb8..75bb343 100644 --- a/model_request_configuration.go +++ b/model_request_configuration.go @@ -21,6 +21,7 @@ var _ MappedNullable = &RequestConfiguration{} // RequestConfiguration # Request Configuration Object ### Description The `RequestConfiguration` object is used to represent a request configuration. ### Usage Example Returned from the `GET Request Configurations` endpoint. type RequestConfiguration struct { + // The condition for the request configuration. Condition *Condition `json:"condition,omitempty"` // A bool representing whether or not to allow requests for this resource. AllowRequests bool `json:"allow_requests"` diff --git a/model_request_stage.go b/model_request_stage.go index 27eea2c..465b101 100644 --- a/model_request_stage.go +++ b/model_request_stage.go @@ -23,6 +23,7 @@ var _ MappedNullable = &RequestStage{} type RequestStage struct { // The stage number Stage int32 `json:"stage"` + // The operator to apply to reviewers in this stage Operator ReviewStageOperator `json:"operator"` // The reviewers for this stage Reviewers []RequestReviewer `json:"reviewers"` diff --git a/model_resource.go b/model_resource.go index 7a8442f..40c4743 100644 --- a/model_resource.go +++ b/model_resource.go @@ -81,6 +81,7 @@ type Resource struct { AncestorResourceIds []string `json:"ancestor_resource_ids,omitempty"` // List of resource IDs that are descendants of this resource. DescendantResourceIds []string `json:"descendant_resource_ids,omitempty"` + // Information about the last successful sync of this resource. LastSuccessfulSync *SyncTask `json:"last_successful_sync,omitempty"` AdditionalProperties map[string]interface{} } diff --git a/model_update_configuration_template_info.go b/model_update_configuration_template_info.go index 5ddbfec..10243b3 100644 --- a/model_update_configuration_template_info.go +++ b/model_update_configuration_template_info.go @@ -27,11 +27,14 @@ type UpdateConfigurationTemplateInfo struct { Name *string `json:"name,omitempty"` // The ID of the owner of the configuration template. AdminOwnerId *string `json:"admin_owner_id,omitempty"` + // The visibility info of the configuration template. Visibility *VisibilityInfo `json:"visibility,omitempty"` // The IDs of the audit message channels linked to the configuration template. LinkedAuditMessageChannelIds []string `json:"linked_audit_message_channel_ids,omitempty"` // The request configuration list linked to the configuration template. RequestConfigurations []RequestConfiguration `json:"request_configurations,omitempty"` + // The request configuration list linked to the configuration template. Deprecated in favor of `request_configurations`. + // Deprecated RequestConfigurationList *CreateRequestConfigurationInfoList `json:"request_configuration_list,omitempty"` // The IDs of the on-call schedules linked to the configuration template. MemberOncallScheduleIds []string `json:"member_oncall_schedule_ids,omitempty"` @@ -252,6 +255,7 @@ func (o *UpdateConfigurationTemplateInfo) SetRequestConfigurations(v []RequestCo } // GetRequestConfigurationList returns the RequestConfigurationList field value if set, zero value otherwise. +// Deprecated func (o *UpdateConfigurationTemplateInfo) GetRequestConfigurationList() CreateRequestConfigurationInfoList { if o == nil || IsNil(o.RequestConfigurationList) { var ret CreateRequestConfigurationInfoList @@ -262,6 +266,7 @@ func (o *UpdateConfigurationTemplateInfo) GetRequestConfigurationList() CreateRe // GetRequestConfigurationListOk returns a tuple with the RequestConfigurationList field value if set, nil otherwise // and a boolean to check if the value has been set. +// Deprecated func (o *UpdateConfigurationTemplateInfo) GetRequestConfigurationListOk() (*CreateRequestConfigurationInfoList, bool) { if o == nil || IsNil(o.RequestConfigurationList) { return nil, false @@ -279,6 +284,7 @@ func (o *UpdateConfigurationTemplateInfo) HasRequestConfigurationList() bool { } // SetRequestConfigurationList gets a reference to the given CreateRequestConfigurationInfoList and assigns it to the RequestConfigurationList field. +// Deprecated func (o *UpdateConfigurationTemplateInfo) SetRequestConfigurationList(v CreateRequestConfigurationInfoList) { o.RequestConfigurationList = &v } diff --git a/model_update_group_info.go b/model_update_group_info.go index 3afcd14..a9ebe1e 100644 --- a/model_update_group_info.go +++ b/model_update_group_info.go @@ -67,6 +67,8 @@ type UpdateGroupInfo struct { ExtensionsDurationInMinutes *int32 `json:"extensions_duration_in_minutes,omitempty"` // The request configuration list of the configuration template. If not provided, the default request configuration will be used. RequestConfigurations []RequestConfiguration `json:"request_configurations,omitempty"` + // The request configuration list of the configuration template. If not provided, the default request configuration will be used. Deprecated in favor of `request_configurations`. + // Deprecated RequestConfigurationList *CreateRequestConfigurationInfoList `json:"request_configuration_list,omitempty"` // Custom request notification sent to the requester when the request is approved. CustomRequestNotification *string `json:"custom_request_notification,omitempty"` @@ -693,6 +695,7 @@ func (o *UpdateGroupInfo) SetRequestConfigurations(v []RequestConfiguration) { } // GetRequestConfigurationList returns the RequestConfigurationList field value if set, zero value otherwise. +// Deprecated func (o *UpdateGroupInfo) GetRequestConfigurationList() CreateRequestConfigurationInfoList { if o == nil || IsNil(o.RequestConfigurationList) { var ret CreateRequestConfigurationInfoList @@ -703,6 +706,7 @@ func (o *UpdateGroupInfo) GetRequestConfigurationList() CreateRequestConfigurati // GetRequestConfigurationListOk returns a tuple with the RequestConfigurationList field value if set, nil otherwise // and a boolean to check if the value has been set. +// Deprecated func (o *UpdateGroupInfo) GetRequestConfigurationListOk() (*CreateRequestConfigurationInfoList, bool) { if o == nil || IsNil(o.RequestConfigurationList) { return nil, false @@ -720,6 +724,7 @@ func (o *UpdateGroupInfo) HasRequestConfigurationList() bool { } // SetRequestConfigurationList gets a reference to the given CreateRequestConfigurationInfoList and assigns it to the RequestConfigurationList field. +// Deprecated func (o *UpdateGroupInfo) SetRequestConfigurationList(v CreateRequestConfigurationInfoList) { o.RequestConfigurationList = &v } diff --git a/model_update_resource_info.go b/model_update_resource_info.go index 2ce3ed1..4756690 100644 --- a/model_update_resource_info.go +++ b/model_update_resource_info.go @@ -71,6 +71,8 @@ type UpdateResourceInfo struct { ExtensionsDurationInMinutes *int32 `json:"extensions_duration_in_minutes,omitempty"` // A list of configurations for requests to this resource. If not provided, the default request configuration will be used. RequestConfigurations []RequestConfiguration `json:"request_configurations,omitempty"` + // A list of configurations for requests to this resource. If not provided, the default request configuration will be used. Deprecated in favor of `request_configurations`. + // Deprecated RequestConfigurationList *CreateRequestConfigurationInfoList `json:"request_configuration_list,omitempty"` AdditionalProperties map[string]interface{} } @@ -790,6 +792,7 @@ func (o *UpdateResourceInfo) SetRequestConfigurations(v []RequestConfiguration) } // GetRequestConfigurationList returns the RequestConfigurationList field value if set, zero value otherwise. +// Deprecated func (o *UpdateResourceInfo) GetRequestConfigurationList() CreateRequestConfigurationInfoList { if o == nil || IsNil(o.RequestConfigurationList) { var ret CreateRequestConfigurationInfoList @@ -800,6 +803,7 @@ func (o *UpdateResourceInfo) GetRequestConfigurationList() CreateRequestConfigur // GetRequestConfigurationListOk returns a tuple with the RequestConfigurationList field value if set, nil otherwise // and a boolean to check if the value has been set. +// Deprecated func (o *UpdateResourceInfo) GetRequestConfigurationListOk() (*CreateRequestConfigurationInfoList, bool) { if o == nil || IsNil(o.RequestConfigurationList) { return nil, false @@ -817,6 +821,7 @@ func (o *UpdateResourceInfo) HasRequestConfigurationList() bool { } // SetRequestConfigurationList gets a reference to the given CreateRequestConfigurationInfoList and assigns it to the RequestConfigurationList field. +// Deprecated func (o *UpdateResourceInfo) SetRequestConfigurationList(v CreateRequestConfigurationInfoList) { o.RequestConfigurationList = &v }