From 239f98d0d261ebb51d220ab1df1599c4641f31c4 Mon Sep 17 00:00:00 2001
From: GitHub Action Bot <tyler.mairose@sailpoint.com>
Date: Sat, 21 Oct 2023 12:35:07 +0000
Subject: [PATCH] Automated commit 'IDNWAIMEA-11385: DAS related changes in
 Certs API (#1391)

* IDNWAIMEA-11385: Initial commit for DAS related API changes

* IDNWAIMEA-11385: Added default for all boolean values

* IDNWAIMEA-11385: Fixed linter errors

* IDNWAIMEA-11385: Fixed linter errors

* IDNWAIMEA-11385: Adding nullable in object level for go SDK

* IDNWAIMEA-11385: Moving data access details to DataAccess model

* IDNWAIMEA-11385: Updated example in v3 Access Summaries API

* IDNWAIMEA-11385: Added security for Access Summaries API

* IDNWAIMEA-11385: Added security for Access Summaries API' by github action: 6597365801
---
 ...ntity-certifications-access-summaries.yaml | 14 ++++++++
 idn/v3/schemas/DataAccess.yaml                | 36 +++++++++++++++++++
 .../reviews/ReviewableEntitlement.yaml        | 14 ++++++++
 3 files changed, 64 insertions(+)
 create mode 100644 idn/v3/schemas/DataAccess.yaml

diff --git a/idn/v3/paths/identity-certifications-access-summaries.yaml b/idn/v3/paths/identity-certifications-access-summaries.yaml
index e03ab65..ba832f7 100644
--- a/idn/v3/paths/identity-certifications-access-summaries.yaml
+++ b/idn/v3/paths/identity-certifications-access-summaries.yaml
@@ -7,6 +7,8 @@ get:
     This API returns a list of access summaries for the specified identity campaign certification and type. A token with
     ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this
     API.
+  security:
+    - oauth2: [ idn:certification:read ]
   parameters:
     - in: path
       name: id
@@ -96,6 +98,18 @@ get:
                 sourceName: ODS-AD-Source
                 hasPermissions: true
                 revocable: true
+                containsDataAccess: true
+                dataAccess:
+                  policies:
+                    - value: GDPR-1
+                    - value: GDPR-2
+                  categories:
+                    - {value: email-7, matchCount: 74}
+                    - {value: email-9, matchCount: 30}
+                  impactScore:
+                    value: Medium
+
+
     '400':
       $ref: '../responses/400.yaml'
     '401':
diff --git a/idn/v3/schemas/DataAccess.yaml b/idn/v3/schemas/DataAccess.yaml
new file mode 100644
index 0000000..d551767
--- /dev/null
+++ b/idn/v3/schemas/DataAccess.yaml
@@ -0,0 +1,36 @@
+type: object
+description: DAS data for the entitlement
+nullable: true
+properties:
+  policies:
+    type: array
+    description: List of classification policies that apply to resources the entitlement \ groups has access to
+    items:
+      type: object
+      properties:
+        value:
+          type: string
+          description: Value of the policy
+          example: GDPR-20
+  categories:
+    type: array
+    description: List of classification categories that apply to resources the entitlement \ groups has access to
+    items:
+      type: object
+      properties:
+        value:
+          type: string
+          description: Value of the category
+          example: email-7
+        matchCount:
+          type: integer
+          description: Number of matched for each category
+          example: 10
+  impactScore:
+    type: object
+    properties:
+      value:
+        type: string
+        description: Impact Score for this data
+        example: Medium
+
diff --git a/idn/v3/schemas/reviews/ReviewableEntitlement.yaml b/idn/v3/schemas/reviews/ReviewableEntitlement.yaml
index 6812429..7b5680e 100644
--- a/idn/v3/schemas/reviews/ReviewableEntitlement.yaml
+++ b/idn/v3/schemas/reviews/ReviewableEntitlement.yaml
@@ -17,6 +17,7 @@ properties:
   privileged:
     type: boolean
     example: false
+    default: false
     description: Indicates if the entitlement is a privileged entitlement
   owner:
     $ref: '../IdentityReferenceWithNameAndEmail.yaml'
@@ -43,19 +44,30 @@ properties:
   hasPermissions:
     type: boolean
     description: Indicates if the entitlement has permissions
+    default: false
     example: false
   isPermission:
     type: boolean
     description: Indicates if the entitlement is a representation of an account permission
     example: false
+    default: false
   revocable:
     type: boolean
     description: Indicates whether the entitlement can be revoked
     example: true
+    default: false
   cloudGoverned:
     type: boolean
     description: True if the entitlement is cloud governed
     example: false
+    default: false
+  containsDataAccess:
+    type: boolean
+    description: True if the entitlement has DAS data
+    default: false
+    example: true
+  dataAccess:
+    $ref: '../DataAccess.yaml'
   account:
     type: object
     nullable: true
@@ -69,10 +81,12 @@ properties:
         type: boolean
         example: false
         description: Indicates whether this account is currently disabled
+        default: false
       locked:
         type: boolean
         example: false
         description: Indicates whether this account is currently locked
+        default: false
       type:
         $ref: '../DtoType.yaml'
       id: