Automated commit by github action: 3222032606

idn/beta/paths/entitlement.yaml

@@ -0,0 +1,40 @@
+post:
+  operationId: createEntitlement
+  tags:
+    - Entitlements
+  summary: Creates an entitlement
+  description: >-
+    This internal endpoint creates an entitlement using the given entitlement payload
+  requestBody:
+    required: true
+    content:
+      application/json:
+        schema:
+          $ref: '../schemas/gov-entitlement/EntitlementDTO.yaml'
+  responses:
+    '201':
+      description: Returns the created entitlement DTO object.
+      content:
+        application/json:
+          schema:
+            type: array
+            items:
+              $ref: '../schemas/gov-entitlement/EntitlementDTO.yaml'
+    '400':
+      description: |
+        * Source is missing
+        * Source schema is missing
+        * Entitlement value is missing and source schema object type is not of the permission type
+        * Attribute is missing
+      content:
+        application/json:
+          schema:
+            $ref: '../../v3/schemas/ErrorResponseDto.yaml'
+    '401':
+      $ref: '../../v3/responses/401.yaml'
+    '403':
+      $ref: '../../v3/responses/403.yaml'
+    '429':
+      $ref: '../../v3/responses/429.yaml'
+    '500':
+      $ref: '../../v3/responses/500.yaml'

idn/beta/paths/entitlements-query-by-source-id-and-attribute-and-value.yaml

@@ -0,0 +1,43 @@
+post:
+  operationId: getEntitlementBySourceIdAndAttributeValues
+  tags:
+    - Entitlements
+  summary: Queries an entitlement
+  description: >-
+    This internal endpoint queries for an entitlement by its source id, attribute and value.
+    It is expected to get no more than one entitlement.
+  requestBody:
+    required: true
+    content:
+      application/json:
+        schema:
+          type: array
+          items:
+            $ref: '../schemas/gov-entitlement/EntitlementQueryRequest.yaml'
+  responses:
+    '200':
+      description: List of entitlements
+      content:
+        application/json:
+          schema:
+            type: array
+            items:
+              $ref: '../schemas/gov-entitlement/EntitlementDTO.yaml'
+    '400':
+      description: |
+        * Source id is missing
+        * Attribute name is missing
+        * Attribute value is missing
+        * Assignments + removals total number > 50 or equal to 0
+      content:
+        application/json:
+          schema:
+            $ref: '../../v3/schemas/ErrorResponseDto.yaml'
+    '401':
+      $ref: '../../v3/responses/401.yaml'
+    '403':
+      $ref: '../../v3/responses/403.yaml'
+    '429':
+      $ref: '../../v3/responses/429.yaml'
+    '500':
+      $ref: '../../v3/responses/500.yaml'

idn/beta/paths/entitlements-update-segment-assignments.yaml

@@ -0,0 +1,34 @@
+post:
+  operationId: updateEntitlementSegmentAssignments
+  tags:
+    - Entitlements
+  summary: update entitlements of a segment
+  description: >-
+    This internal endpoint assigns or removes entitlements to a segment
+  requestBody:
+    required: true
+    content:
+      application/json:
+        schema:
+          $ref: '../schemas/UpdateSegmentEntitlementAssignmentInput.yaml'
+  responses:
+    '200':
+      description: Successfully updated.
+    '400':
+      description: |
+        * Assignments or removals are missing
+        * An entitlement id is found both in assignments and removals
+        * Assignments and removals are not of the Entitlement type
+        * Assignments + removals total number > 50 or equal to 0
+      content:
+        application/json:
+          schema:
+            $ref: '../../v3/schemas/ErrorResponseDto.yaml'
+    '401':
+      $ref: '../../v3/responses/401.yaml'
+    '403':
+      $ref: '../../v3/responses/403.yaml'
+    '429':
+      $ref: '../../v3/responses/429.yaml'
+    '500':
+      $ref: '../../v3/responses/500.yaml'

idn/beta/schemas/UpdateSegmentEntitlementAssignmentInput.yaml

@@ -0,0 +1,16 @@
+type: object
+properties:
+  segmentId:
+    type: string
+    description: Segment id
+    example: 313c28e5-3c3f-4bfe-bdd6-748afc123576
+  assignments:
+    type: array
+    description: Array of entitlement ids to be assigned to the segment
+    items:
+      $ref: '../../v3/schemas/BaseReferenceDto.yaml'
+  removals:
+    type: array
+    description: Array of entitlement ids to be removed from the segment
+    items:
+      $ref: '../../v3/schemas/BaseReferenceDto.yaml'

idn/beta/schemas/gov-entitlement/EntitlementDTO.yaml

@@ -0,0 +1,135 @@
+allOf:
+  - $ref: '../BaseCommonDto.yaml'
+  - type: object
+    description: Entitlement object that represents entitlement
+
+    properties:
+      attribute:
+        description: Name of the entitlement attribute
+        type: string
+        example: authorizationType
+      uuid:
+        description: Unique entitlement identifier within the database
+        type: string
+        example: 6a099125e1614e4c9024bff6c6159f49
+      value:
+        description: Raw value of the entitlement
+        type: string
+        example: CN=Users,dc=sailpoint,dc=com
+      description:
+        description: Entitlment description
+        type: string
+        example: some entitlement description
+      sourceSchemaObjectType:
+        description: Schema objectType on the given application that maps to an Account Group
+        type: string
+        example: group
+      privileged:
+        description: Determines if this entitlement is privileged.
+        type: boolean
+        example: true
+      isGroup:
+        type: boolean
+        description: >-
+          True when this object is used to represent a group attribute, otherwise it represents an account attribute.
+          For the time being, the property is always true.
+        example: true
+      cloudGoverned:
+        description: Determines if this entitlement is governed in the cloud.
+        type: boolean
+        example: true
+      requestable:
+        description: Determines if this entitlement is requestable.
+        type: boolean
+        example: true
+      cloudEligible:
+        description: Determines if this entitlement is cloud eligible.
+        type: boolean
+        example: true
+      attributes:
+        description: Entitlement attributes
+        type: object
+        example: {
+          "cn": "Human Resources-bchun2",
+          "owner": "CN=Fritz.8349b2f31e67,OU=flatfileAD,dc=flatfile,dc=endtoend,dc=com",
+          "objectguid": "objectguidHuman-Resources-bchun2",
+          "description": "HR-desc",
+          "sysDescriptions": {
+            "en_US": "HR-desc"
+          },
+          "entitlementAggregated": "true"
+        }
+      source:
+        type: object
+        properties:
+          id:
+            type: string
+            description: Object reference id
+            example: 2b86153b97a94abc936c8a11b106aaf8
+          value:
+            type: string
+            description: Object reference name
+            example: accountant
+          type:
+            type: string
+            description: SOURCE (added because exists in Entitlement V3)
+            example: SOURCE
+      owner:
+        type: object
+        properties:
+          id:
+            type: string
+            description: Object reference id
+            example: 2b86153b97a94abc936c8a11b106aaf8
+          value:
+            type: string
+            description: Object reference name
+            example: accountant
+          uuid:
+            type: string
+            description: owner uuid identifier reference
+            example: 2b86153b-97a9-4abc-936c-8a11b106aaf8
+      hash:
+        type: string
+        description: Read-only calculated hash value of an entitlement
+        example: 5c8b309fa18a2c76d7fbee2b9e00dba99e4c82de
+      directPermissions:
+        type: array
+        items:
+          $ref: './PermissionDTO.yaml'
+      inheritFrom:
+        type: array
+        description: List of parent entitlements
+        items:
+          type: string
+          example: [
+              a9ced5a52d284b83a7f5595873d35b4e
+          ]
+      segments:
+        type: array
+        description: List of entitlement segments
+        items:
+          type: string
+          example: [
+              students
+          ]
+      lastRefresh:
+        type: string
+        description: Last time the entitlement was refreshed
+        example: '2022-06-24T16:12:53.389386Z'
+      idnServiceApp:
+        type: string
+        description: IDN service application
+        example: AppName123
+      idnExceptional:
+        type: string
+        description: Informs whether an entitlement is a priviliged one.
+        example: PRIVILEGED
+      entitlementitlementAggregated:
+        type: string
+        description: Indicates whether an entitlement was aggregated
+        example: true
+      segmentStatus:
+        type: string
+        description: Segment status (GLOBAL/LOCAL)
+        example: GLOBAL

idn/beta/schemas/gov-entitlement/EntitlementQueryRequest.yaml

@@ -0,0 +1,14 @@
+type: object
+properties:
+  sourceId:
+    type: string
+    description: source id
+    example: 2b86153b97a94abc936c8a11b106aaf8
+  attribute:
+    type: string
+    description: attribute name
+    example: memberOf
+  value:
+    type: string
+    description: attribute value
+    example: CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com

idn/beta/schemas/gov-entitlement/PermissionDTO.yaml

@@ -0,0 +1,22 @@
+type: object
+properties:
+  target:
+    type: string
+    description: perimission target
+    example: SYS.GV_$TRANSACTION
+  annotation:
+    type: string
+    description: permission annotation
+    example: some extra information about a permission
+  rights:
+    type: array
+    description: All the rights (e.g. actions) that this permission allows on the target
+    items:
+      type: string
+      example: SELECT
+  attributes:
+    type: object
+    description: permission attribute values
+    example: {
+      "id": "2e8d818024bc4d2191c67affdb473b0d"
+    }