LukeParke/developer.sailpoint.com
1
0
Fork 0
mirror of https://github.com/LukeHagar/developer.sailpoint.com.git synced 2025-12-09 12:27:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Automated commit by github action: 4983968596

Browse Source
This commit is contained in:
GitHub Action Bot
2023-05-15 18:41:28 +00:00
parent c7bf74d879
commit e17b71a07d
14 changed files with 409 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
static/api-specs/idn/sailpoint-api.v3.yaml
View File

@@ -864,8 +864,16 @@ paths:
$ref: './v3/paths/sod-report-run.yaml'
/sod-policies/{id}/violation-report:
$ref: './v3/paths/sod-violation-report.yaml'
/sod-risks/risks/{id}:
$ref: "./v3/paths/sod-arm-risk.yaml"
/sod-violation-report-status/{reportResultId}:
$ref: './v3/paths/sod-violation-report-status.yaml'
/sod-violations/predict:
$ref: "./v3/paths/sod-violations-predict.yaml"
/sod-violations/check:
$ref: "./v3/paths/sod-violations-check.yaml"
/sod-violations/config:
$ref: "./v3/paths/sod-violations-config.yaml"
/sources:
$ref: "./v3/paths/sources.yaml"
/sources/{id}:

41
static/api-specs/idn/v3/paths/sod-arm-risk.yaml Normal file
View File

@@ -0,0 +1,41 @@
get:
security:
- oauth2: [idn:sod-policy:read]
operationId: getArmRiskById
tags:
- SOD Policy
summary: Gets the specified ARM risk.
description: >-
This API gets the specified ARM risk.
Any authenticated token can call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: >-
The composite ID of the ARM Risk.
It should consist of a jobId, rulebookId, and a riskCode; each separated by a "!"
example: 52435!246635!BS_04
responses:
'200':
description: ARM Risk
content:
application/json:
schema:
$ref: '../schemas/sod/models/ArmRisk.yaml'
'400':
$ref: '../responses/400.yaml'
'401':
$ref: '../responses/401.yaml'
'403':
$ref: '../responses/403.yaml'
'404':
$ref: '../responses/404.yaml'
'429':
$ref: '../responses/429.yaml'
'500':
$ref: '../responses/500.yaml'

59
static/api-specs/idn/v3/paths/sod-violations-check.yaml Normal file
View File

@@ -0,0 +1,59 @@
post:
security:
- oauth2: [idn:sod-violation:read]
operationId: startViolationCheck
tags:
- SOD Violations
summary: Check SOD violations
description: >-
This API initiates a SOD policy verification asynchronously.
A token with ORG_ADMIN authority is required to call this API.
requestBody:
required: true
content:
application/json:
schema:
$ref: '../schemas/IdentityWithNewAccess.yaml'
example:
{
"identityId": "2c91808568c529c60168cca6f90c1313",
"accessRefs": [
{
"type": "ENTITLEMENT",
"id": "2c918087682f9a86016839c050861ab1",
"name": "CN=Information Access,OU=test,OU=test-service,DC=TestAD,DC=local"
},
{
"type": "ENTITLEMENT",
"id": "2c918087682f9a86016839c0509c1ab2",
"name": "CN=Information Technology,OU=test,OU=test-service,DC=TestAD,DC=local"
}
],
"clientMetadata": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
}
}
responses:
'202':
description: Request ID with a timestamp.
content:
application/json:
schema:
$ref: '../schemas/SodViolationCheck.yaml'
'400':
$ref: '../responses/400.yaml'
'401':
$ref: '../responses/401.yaml'
'403':
$ref: '../responses/403.yaml'
'404':
$ref: '../responses/404.yaml'
'429':
$ref: '../responses/429.yaml'
'500':
$ref: '../responses/500.yaml'

28
static/api-specs/idn/v3/paths/sod-violations-config.yaml Normal file
View File

@@ -0,0 +1,28 @@
get:
security:
- oauth2: [idn:sod-policy:read]
operationId: getArmConfig
tags:
- SOD Violations
summary: Expose just the ARM config
description: >-
This API expose just the ARM config from Tenaya (Org Config Service) for UI.
responses:
'200':
description: Org config with ARM data.
content:
application/json:
schema:
$ref: '../schemas/PublicOrgConfigArmData.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

55
static/api-specs/idn/v3/paths/sod-violations-predict.yaml Normal file
View File

@@ -0,0 +1,55 @@
post:
security:
- oauth2: [idn:sod-violation:read]
operationId: startPredictSodViolations
tags:
- SOD Violations
summary: Predict SOD violations for identity.
description: >-
This API is used to check if granting some additional accesses would cause the subject to be in violation of any SOD policies.
Returns the violations that would be caused.
A token with ORG_ADMIN or API authority is required to call this API.
requestBody:
required: true
content:
application/json:
schema:
$ref: '../schemas/sod/models/IdentityWithNewAccess.yaml'
example:
{
"identityId": "2c91808568c529c60168cca6f90c1313",
"accessRefs": [
{
"type": "ENTITLEMENT",
"id": "2c918087682f9a86016839c050861ab1",
"name": "CN=Information Access,OU=test,OU=test-service,DC=TestAD,DC=local"
},
{
"type": "ENTITLEMENT",
"id": "2c918087682f9a86016839c0509c1ab2",
"name": "CN=Information Technology,OU=test,OU=test-service,DC=TestAD,DC=local"
}
]
}
responses:
'200':
description: Violation Contexts
content:
application/json:
schema:
$ref: '../schemas/sod/models/ViolationPrediction.yaml'
'400':
$ref: '../responses/400.yaml'
'401':
$ref: '../responses/401.yaml'
'403':
$ref: '../responses/403.yaml'
'404':
$ref: '../responses/404.yaml'
'429':
$ref: '../responses/429.yaml'
'500':
$ref: '../responses/500.yaml'

25
static/api-specs/idn/v3/schemas/IdentityWithNewAccess.yaml Normal file
View File

@@ -0,0 +1,25 @@
description: An identity with a set of access to be added
required:
- identityId
- accessRefs
type: object
properties:
identityId:
description: Set of identity id's to be checked.
type: string
example: '2c91809050db617d0150e0bf3215385e'
accessRefs:
description: The bundle of access profiles to be added to the identities specified. All references must be ENTITLEMENT type.
type: array
items:
$ref: './BaseReferenceDto.yaml'
clientMetadata:
type: object
additionalProperties:
type: string
description: >-
Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on
completion of the violation check.
example:
clientName: client1
clientId: 2c91808f7892918f0178b78da4a305a1

14
static/api-specs/idn/v3/schemas/PublicOrgConfigArmData.yaml Normal file
View File

@@ -0,0 +1,14 @@
type : object
description: >-
Arm Data for the org configuration.
properties:
armCustomerId:
type: string
description: ARM Customer ID
nullable: true
example: DE38E75A-5FF6-4A65-5DC7-08D64426B09E
armSsoUrl:
type: string
description: ARM SSO URL
nullable: true
example: https://your-arm-sso-url

57
static/api-specs/idn/v3/schemas/sod/models/ArmRisk.yaml Normal file
View File

@@ -0,0 +1,57 @@
description: An object containing the details of an ARM risk listing of the SOD violation reasons detected by this check.
type: object
properties:
name:
type: string
description: Risk Name
example: "BS02_RISK"
readOnly: true
description:
type: string
description: Description
example: "This is a description of risk code BS02"
readOnly: true
owners:
type: array
items:
type: string
description: List of risk owners' SAP usernames
example: []
readOnly: true
externalReference:
type: string
description: URL to "what if" details in ARM
example: https://webui-dev.erpmaestro.com/home/what-if-report/100000
readOnly: true
rating:
type: string
description: Risk Rating
example: "Informational"
readOnly: true
businessFunctions:
type: object
description: A map from business function codes to "Left side" or "Right side"
additionalProperties:
type: string
example:
BS02_01: Left side
BS02_02: Right side
readOnly: true
approvers:
type: array
items:
type: string
description: List of risk approvers' SAP usernames
example:
- JOE USER
readOnly: true
mitigatingControls:
type: string
description: What was done to mitigate risks
example: Required two levels of verification
readOnly: true
correctionAdvice:
type: string
description: Recommendation on how to resolve risk
example: Run a certification campaign and determine if access should be revoked
readOnly: true

6
static/api-specs/idn/v3/schemas/sod/models/ExceptionAccessCriteria.yaml Normal file
View File

@@ -0,0 +1,6 @@
type: object
properties:
leftCriteria:
$ref: './ExceptionCriteria.yaml'
rightCriteria:
$ref: './ExceptionCriteria.yaml'

30
static/api-specs/idn/v3/schemas/sod/models/ExceptionCriteria.yaml Normal file
View File

@@ -0,0 +1,30 @@
type: object
properties:
criteriaList:
type: array
description: List of exception criteria. There is a min of 1 and max of 50 items in the list.
items:
allOf:
- $ref: './ExceptionCriteriaAccess.yaml'
description: The types of objects supported for SOD violations
properties:
type:
enum:
- "ENTITLEMENT"
example: "ENTITLEMENT"
description: The type of object that is referenced
# oneOf:
# - minItems: 1
# - maxItems: 50
example: [
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a66",
"existing": true
},
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a67",
"existing": false
}
]

21
static/api-specs/idn/v3/schemas/sod/models/ExceptionCriteriaAccess.yaml Normal file
View File

@@ -0,0 +1,21 @@
type: object
properties:
type:
$ref: '../../DtoType.yaml'
description: DTO type
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local
existing:
type: boolean
description: Whether the subject identity already had that access or not
default: false
example: true
description: >-
Access reference with addition of boolean existing flag to indicate whether the access was extant

30
static/api-specs/idn/v3/schemas/sod/models/IdentityWithNewAccess.yaml Normal file
View File

@@ -0,0 +1,30 @@
description: An identity with a set of access to be added
required:
- identityId
- accessRefs
type: object
properties:
identityId:
description: Identity id to be checked.
type: string
example: 2c91808568c529c60168cca6f90c1313
accessRefs:
description: The list of ENTITLEMENTs to consider for calculating possible violations in a preventive check.
type: array
items:
allOf:
- $ref: '../../BaseReferenceDto.yaml'
description: The types of objects supported for SOD violations
properties:
type:
enum:
- "ENTITLEMENT"
example: "ENTITLEMENT"
description: The type of object that is referenced
example:
- type: ENTITLEMENT
id: 2c918087682f9a86016839c050861ab1
name: CN=Information Access,OU=test,OU=test-service,DC=TestAD,DC=local
- type: ENTITLEMENT
id: 2c918087682f9a86016839c0509c1ab2
name: CN=Information Technology,OU=test,OU=test-service,DC=TestAD,DC=local

25
static/api-specs/idn/v3/schemas/sod/models/ViolationContext.yaml Normal file
View File

@@ -0,0 +1,25 @@
type: object
properties:
policy:
allOf:
- $ref: '../../BaseReferenceDto.yaml'
- type: object
properties:
type:
type: string
example: 'SOD_POLICY'
name:
type: string
example: 'A very cool policy name'
description: The types of objects supported for SOD violations
properties:
type:
enum:
- "ENTITLEMENT"
example: "ENTITLEMENT"
description: The type of object that is referenced
conflictingAccessCriteria:
$ref: './ExceptionAccessCriteria.yaml'
nullable: false
description: The object which contains the left and right hand side of the entitlements that got violated according to the policy.

10
static/api-specs/idn/v3/schemas/sod/models/ViolationPrediction.yaml Normal file
View File

@@ -0,0 +1,10 @@
description: An object containing a listing of the SOD violation reasons detected by this check.
required:
- requestId
type: object
properties:
violationContexts:
type: array
description: List of Violation Contexts
items:
$ref: './ViolationContext.yaml'