LukeParke/developer.sailpoint.com
1
0
Fork 0
mirror of https://github.com/LukeHagar/developer.sailpoint.com.git synced 2025-12-10 20:37:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Automated commit by github action: 4959257712

Browse Source
This commit is contained in:
GitHub Action Bot
2023-05-12 13:13:02 +00:00
parent cc74f79666
commit 1dc8a384da
3 changed files with 568 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
static/api-specs/idn/sailpoint-api.v3.yaml
View File

@@ -854,6 +854,8 @@ paths:
$ref: './v3/paths/password-org-config.yaml' $ref: './v3/paths/password-org-config.yaml'
/sod-policies: /sod-policies:
$ref: './v3/paths/sod-policies.yaml' $ref: './v3/paths/sod-policies.yaml'
/sod-policies/{id}:
$ref: './v3/paths/sod-policy.yaml'
/sources: /sources:
$ref: "./v3/paths/sources.yaml" $ref: "./v3/paths/sources.yaml"
/sources/{id}: /sources/{id}:

560
static/api-specs/idn/v3/paths/sod-policy.yaml Normal file
View File

@@ -0,0 +1,560 @@
get:
security:
- oauth2: [idn:sod-policy:read]
operationId: getSodPolicy
tags:
- SOD Policy
summary: Get SOD policy by ID
description: >-
This gets specified SOD policy.
Requires role of ORG_ADMIN.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the SOD Policy to retrieve.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
responses:
'200':
description: SOD policy ID.
content:
application/json:
schema:
$ref: '../schemas/SodPolicy.yaml'
examples:
Conflicting Access Based Policy:
value:
{
"id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"name": "Conflicting-Policy-Name",
"created": "2020-01-01T00:00:00.000000Z",
"modified": "2020-01-01T00:00:00.000000Z",
"description": "This policy ensures compliance of xyz",
"ownerRef": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "Owner Name"
},
"externalPolicyReference": "XYZ policy",
"policyQuery": "@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)",
"compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee",
"correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.",
"state": "ENFORCED",
"tags": [
"string"
],
"creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"violationOwnerAssignmentConfig": {
"assignmentRule": "MANAGER",
"ownerRef": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "Violation Owner Name"
}
},
"scheduled": true,
"type": "CONFLICTING_ACCESS_BASED",
"conflictingAccessCriteria": {
"leftCriteria": {
"name": "money-in",
"criteriaList": [
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a66"
},
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a67"
}
]
},
"rightCriteria": {
"name": "money-out",
"criteriaList": [
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a68"
},
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a69"
}
]
}
}
}
General Policy:
value:
{
"description": "Description",
"ownerRef": {
"type": "IDENTITY",
"id": "2c918087682f9a86016839c05e8f1aff",
"name": "Owner Name"
},
"externalPolicyReference": "New policy",
"policyQuery": "policy query implementation",
"compensatingControls": "Compensating controls",
"correctionAdvice": "Correction advice",
"tags": [],
"state": "ENFORCED",
"scheduled": false,
"creatorId": "2c918087682f9a86016839c05e8f1aff",
"modifierId": null,
"violationOwnerAssignmentConfig": null,
"type": "GENERAL",
"conflictingAccessCriteria": null,
"id": "52c11db4-733e-4c31-949a-766c95ec95f1",
"name": "General-Policy-Name",
"created": "2020-05-12T19:47:38Z",
"modified": "2020-05-12T19:47:38Z"
}
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
put:
security:
- oauth2: [idn:sod-policy:write]
operationId: setSodPolicy
tags:
- SOD Policy
summary: Update SOD policy by ID
description: >-
This updates a specified SOD policy.
Requires role of ORG_ADMIN.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the SOD policy to update.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
$ref: '../schemas/SodPolicy.yaml'
examples:
Conflicting Access Based Policy:
value:
{
"name": "Conflicting-Policy-Name",
"description": "Modified Description",
"externalPolicyReference": "XYZ policy",
"compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee",
"correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.",
"state": "ENFORCED",
"tags": [
"string"
],
"violationOwnerAssignmentConfig": {
"assignmentRule": "MANAGER",
"ownerRef": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "Violation Owner Name"
}
},
"scheduled": true,
"type": "CONFLICTING_ACCESS_BASED",
"conflictingAccessCriteria": {
"leftCriteria": {
"name": "money-in",
"criteriaList": [
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a66"
},
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a67"
}
]
},
"rightCriteria": {
"name": "money-out",
"criteriaList": [
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a68"
},
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a69"
}
]
}
}
}
General Policy:
value:
{
"description": "Modified Description",
"ownerRef": {
"type": "IDENTITY",
"id": "2c918087682f9a86016839c05e8f1aff",
"name": "Owner Name"
},
"externalPolicyReference": "New policy",
"policyQuery": "policy query implementation",
"compensatingControls": "Compensating controls",
"correctionAdvice": "Correction advice",
"tags": [],
"state": "ENFORCED",
"scheduled": false,
"creatorId": "2c918087682f9a86016839c05e8f1aff",
"modifierId": null,
"violationOwnerAssignmentConfig": null,
"type": "GENERAL",
"conflictingAccessCriteria": null,
"id": "52c11db4-733e-4c31-949a-766c95ec95f1",
"name": "General-Policy-Name",
"created": "2020-05-12T19:47:38Z",
"modified": "2020-05-12T19:47:38Z"
}
responses:
'200':
description: SOD Policy by ID
content:
application/json:
schema:
$ref: '../schemas/SodPolicy.yaml'
examples:
Conflicting Access Based Policy:
value:
{
"id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"name": "Conflicting-Policy-Name",
"created": "2020-01-01T00:00:00.000000Z",
"modified": "2020-01-01T00:00:00.000000Z",
"description": "Modified description",
"ownerRef": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "Owner Name"
},
"externalPolicyReference": "XYZ policy",
"policyQuery": "@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)",
"compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee",
"correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.",
"state": "ENFORCED",
"tags": [
"string"
],
"creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"violationOwnerAssignmentConfig": {
"assignmentRule": "MANAGER",
"ownerRef": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "Violation Owner Name"
}
},
"scheduled": true,
"type": "CONFLICTING_ACCESS_BASED",
"conflictingAccessCriteria": {
"leftCriteria": {
"name": "money-in",
"criteriaList": [
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a66"
},
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a67"
}
]
},
"rightCriteria": {
"name": "money-out",
"criteriaList": [
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a68"
},
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a69"
}
]
}
}
}
General Policy:
value:
{
"description": "Modified Description",
"ownerRef": {
"type": "IDENTITY",
"id": "2c918087682f9a86016839c05e8f1aff",
"name": "Owner Name"
},
"externalPolicyReference": "New policy",
"policyQuery": "policy query implementation",
"compensatingControls": "Compensating controls",
"correctionAdvice": "Correction advice",
"tags": [],
"state": "ENFORCED",
"scheduled": false,
"creatorId": "2c918087682f9a86016839c05e8f1aff",
"modifierId": null,
"violationOwnerAssignmentConfig": null,
"type": "GENERAL",
"conflictingAccessCriteria": null,
"id": "52c11db4-733e-4c31-949a-766c95ec95f1",
"name": "General-Policy-Name",
"created": "2020-05-12T19:47:38Z",
"modified": "2020-05-12T19:47:38Z"
}
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
delete:
security:
- oauth2: [idn:sod-policy:write]
operationId: deleteSodPolicy
tags:
- SOD Policy
summary: Delete SOD policy by ID
description: >-
This deletes a specified SOD policy.
Requires role of ORG_ADMIN.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the SOD Policy to delete.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
- in: query
name: logical
schema:
type: boolean
default: true
description: >-
Indicates whether this is a soft delete (logical true) or a hard delete.
Soft delete marks the policy as deleted and just save it with this status. It could be fully deleted or recovered further.
Hard delete vise versa permanently delete SOD request during this call.
example: true
required: false
responses:
'204':
description: No content.
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
patch:
security:
- oauth2: [idn:sod-policy:write]
operationId: patchSodPolicy
tags:
- SOD Policy
summary: Patch SOD policy by ID
description: >-
Allows updating SOD Policy fields other than ["id","created","creatorId","policyQuery","type"] using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
Requires role of ORG_ADMIN.
This endpoint can only patch CONFLICTING_ACCESS_BASED type policies. Do not use this endpoint to patch general policies - doing so will build an API exception.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the SOD policy being modified.
example: 2c918083-5d19-1a86-015d-28455b4a2329
requestBody:
required: true
description: |
A list of SOD Policy update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The following fields are patchable:
* name
* description
* ownerRef
* externalPolicyReference
* compensatingControls
* correctionAdvice
* state
* tags
* violationOwnerAssignmentConfig
* scheduled
* conflictingAccessCriteria
content:
application/json-patch+json:
schema:
type: array
items:
$ref: '../schemas/JsonPatchOperation.yaml'
examples:
Conflicting Access Based Policy:
value:
- op: "replace"
path: "/description"
value: "Modified description"
- op: "replace"
path: "/conflictingAccessCriteria/leftCriteria/name"
value: "money-in-modified"
- op: "replace"
path: "/conflictingAccessCriteria/rightCriteria"
value: {
"name": "money-out-modified",
"criteriaList": [
{
"type": "ENTITLEMENT",
"id": "2c918087682f9a86016839c0509c1ab2"
}
]
}
General Policy:
value:
- op: "replace"
path: "/description"
value: "Modified description"
responses:
'200':
description: >-
Indicates the PATCH operation succeeded, and returns the SOD policy's new representation.
content:
application/json:
schema:
$ref: '../schemas/SodPolicy.yaml'
examples:
Conflicting Access Based Policy:
value:
{
"id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"name": "Conflicting-Policy-Name",
"created": "2020-01-01T00:00:00.000000Z",
"modified": "2020-01-01T00:00:00.000000Z",
"description": "Modified description",
"ownerRef": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "Owner Name"
},
"externalPolicyReference": "XYZ policy",
"policyQuery": "@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c918087682f9a86016839c0509c1ab2)",
"compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee",
"correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.",
"state": "ENFORCED",
"tags": [
"string"
],
"creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"violationOwnerAssignmentConfig": {
"assignmentRule": "MANAGER",
"ownerRef": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "Violation Owner Name"
}
},
"scheduled": true,
"type": "CONFLICTING_ACCESS_BASED",
"conflictingAccessCriteria": {
"leftCriteria": {
"name": "money-in-modified",
"criteriaList": [
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a66"
},
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a67"
}
]
},
"rightCriteria": {
"name": "money-out-modified",
"criteriaList": [
{
"type": "ENTITLEMENT",
"id": "2c918087682f9a86016839c0509c1ab2"
}
]
}
}
}
General Policy:
value:
{
"description": "Modified description",
"ownerRef": {
"type": "IDENTITY",
"id": "2c918087682f9a86016839c05e8f1aff",
"name": "Owner Name"
},
"externalPolicyReference": "New policy",
"policyQuery": "policy query implementation",
"compensatingControls": "Compensating controls",
"correctionAdvice": "Correction advice",
"tags": [],
"state": "ENFORCED",
"scheduled": false,
"creatorId": "2c918087682f9a86016839c05e8f1aff",
"modifierId": null,
"violationOwnerAssignmentConfig": null,
"type": "GENERAL",
"conflictingAccessCriteria": null,
"id": "52c11db4-733e-4c31-949a-766c95ec95f1",
"name": "General-Policy-Name",
"created": "2020-05-12T19:47:38Z",
"modified": "2020-05-12T19:47:38Z"
}
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

6
static/api-specs/idn/v3/schemas/SodPolicy.yaml
View File

@@ -4,6 +4,7 @@ properties:
type: string type: string
description: Policy id description: Policy id
example: "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" example: "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde"
readOnly: true
name: name:
type: string type: string
description: Policy Business Name description: Policy Business Name
@@ -13,11 +14,13 @@ properties:
format: date-time format: date-time
description: The time when this SOD policy is created. description: The time when this SOD policy is created.
example: "2020-01-01T00:00:00.000000Z" example: "2020-01-01T00:00:00.000000Z"
readOnly: true
modified: modified:
type: string type: string
format: date-time format: date-time
description: The time when this SOD policy is modified. description: The time when this SOD policy is modified.
example: "2020-01-01T00:00:00.000000Z" example: "2020-01-01T00:00:00.000000Z"
readOnly: true
description: description:
type: string type: string
description: Optional description of the SOD policy description: Optional description of the SOD policy
@@ -25,6 +28,7 @@ properties:
nullable: true nullable: true
ownerRef: ownerRef:
$ref: '../schemas/BaseReferenceDto.yaml' $ref: '../schemas/BaseReferenceDto.yaml'
readOnly: true
externalPolicyReference: externalPolicyReference:
type: string type: string
description: Optional External Policy Reference description: Optional External Policy Reference
@@ -61,11 +65,13 @@ properties:
type: string type: string
description: Policy's creator ID description: Policy's creator ID
example: "0f11f2a47c944bf3a2bd742580fe3bde" example: "0f11f2a47c944bf3a2bd742580fe3bde"
readOnly: true
modifierId: modifierId:
type: string type: string
description: Policy's modifier ID description: Policy's modifier ID
example: "0f11f2a47c944bf3a2bd742580fe3bde" example: "0f11f2a47c944bf3a2bd742580fe3bde"
nullable : true nullable : true
readOnly: true
violationOwnerAssignmentConfig: violationOwnerAssignmentConfig:
$ref: './ViolationOwnerAssignmentConfig.yaml' $ref: './ViolationOwnerAssignmentConfig.yaml'
nullable: true nullable: true