diff --git a/static/api-specs/idn/beta/paths/sources-entitlement-request-config.yaml b/static/api-specs/idn/beta/paths/sources-entitlement-request-config.yaml new file mode 100644 index 000000000..daa8aa5e4 --- /dev/null +++ b/static/api-specs/idn/beta/paths/sources-entitlement-request-config.yaml @@ -0,0 +1,91 @@ +put: + security: + - oauth2: [ idn:sources:update ] + operationId: updateSourceEntitlementRequestConfig + summary: Update Source Entitlement Request Configuration + tags: + - Sources + description: >- + This API replaces the current entitlement request configuration for a source. + This source-level configuration should apply for all the entitlements in the source. + + + Access request to any entitlements in the source should follow this configuration unless a separate + entitlement-level configuration is defined. + + - During access request, this source-level entitlement request configuration overrides the global organization-level configuration. + + - However, the entitlement-level configuration (if defined) overrides this source-level configuration. + + + A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + requestBody: + required: true + content: + application/json: + schema: + $ref: '../schemas/SourceEntitlementRequestConfig.yaml' + examples: + Set config with no approvals: + description: If no approvals are required, the following config can be set. + value: + { + "accessRequestConfig": { + "approvalSchemes": [ + ] + } + } + + Set config with one approval: + description: In case of single approval the following config can be set. + value: + { + "accessRequestConfig": { + "approvalSchemes": [ + { + "approverType": "SOURCE_OWNER" + } + ], + "requestCommentRequired": true, + "denialCommentRequired": false + } + } + + Set config with multiple approvals: + description: In case of multiple levels of approvals the following config can be set. + value: + { + "accessRequestConfig": { + "approvalSchemes": [ + { + "approverType": "ENTITLEMENT_OWNER" + }, + { + "approverType": "SOURCE_OWNER" + }, + { + "approverType": "GOVERNANCE_GROUP", + "approverId": "95e538a3-30c1-433a-af05-4bed973bbc22" + } + ], + "requestCommentRequired": true, + "denialCommentRequired": false + } + } + responses: + '200': + description: Source Entitlement Request Configuration Details. + content: + application/json: + schema: + $ref: '../schemas/SourceEntitlementRequestConfig.yaml' + '400': + $ref: '../../v3/responses/400.yaml' + '401': + $ref: '../../v3/responses/401.yaml' + '403': + $ref: '../../v3/responses/403.yaml' + '429': + $ref: '../../v3/responses/429.yaml' + '500': + $ref: '../../v3/responses/500.yaml' \ No newline at end of file diff --git a/static/api-specs/idn/beta/schemas/EntitlementAccessRequestConfig.yaml b/static/api-specs/idn/beta/schemas/EntitlementAccessRequestConfig.yaml new file mode 100644 index 000000000..5ffa84d9b --- /dev/null +++ b/static/api-specs/idn/beta/schemas/EntitlementAccessRequestConfig.yaml @@ -0,0 +1,19 @@ +type: object +properties: + approvalSchemes: + type: array + description: Ordered list of approval steps for the access request. Empty when no approval is required. + items: + $ref: './EntitlementApprovalScheme.yaml' + requestCommentRequired: + type: boolean + description: If the requester must provide a comment during access request. + default: false + example: true + denialCommentRequired: + type: boolean + description: If the reviewer must provide a comment when denying the access request. + default: false + example: false + + diff --git a/static/api-specs/idn/beta/schemas/EntitlementApprovalScheme.yaml b/static/api-specs/idn/beta/schemas/EntitlementApprovalScheme.yaml new file mode 100644 index 000000000..e7b6ce9c1 --- /dev/null +++ b/static/api-specs/idn/beta/schemas/EntitlementApprovalScheme.yaml @@ -0,0 +1,32 @@ +type: object +properties: + approverType: + type: string + enum: + - ENTITLEMENT_OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: >- + Describes the individual or group that is responsible for an approval step. Values are as follows. + + + **ENTITLEMENT_OWNER**: Owner of the associated Entitlement + + + **SOURCE_OWNER**: Owner of the associated Source + + + **MANAGER**: Manager of the Identity for whom the request is being made + + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: Id of the specific approver, used only when approverType is GOVERNANCE_GROUP + example: e3eab852-8315-467f-9de7-70eda97f63c8 + + diff --git a/static/api-specs/idn/beta/schemas/SourceEntitlementRequestConfig.yaml b/static/api-specs/idn/beta/schemas/SourceEntitlementRequestConfig.yaml new file mode 100644 index 000000000..6c54b72b5 --- /dev/null +++ b/static/api-specs/idn/beta/schemas/SourceEntitlementRequestConfig.yaml @@ -0,0 +1,6 @@ +type: object +description: Entitlement Request Configuration +properties: + accessRequestConfig: + $ref: './EntitlementAccessRequestConfig.yaml' + description: Configuration for requesting access to entitlements \ No newline at end of file