diff --git a/.openapi-generator/FILES b/.openapi-generator/FILES index c937d38..4e56528 100644 --- a/.openapi-generator/FILES +++ b/.openapi-generator/FILES @@ -36,10 +36,12 @@ docs/CreateConfigurationTemplateInfo.md docs/CreateGroupBindingInfo.md docs/CreateGroupBindingInfoGroupsInner.md docs/CreateGroupInfo.md +docs/CreateIdpGroupMappingRequest.md docs/CreateMessageChannelInfo.md docs/CreateOnCallScheduleInfo.md docs/CreateOwnerInfo.md docs/CreateRequest200Response.md +docs/CreateRequestCommentRequest.md docs/CreateRequestConfigurationInfoList.md docs/CreateRequestInfo.md docs/CreateRequestInfoCustomMetadataInner.md @@ -49,6 +51,7 @@ docs/CreateRequestInfoSupportTicket.md docs/CreateResourceInfo.md docs/CreateTagInfo.md docs/CreateUARInfo.md +docs/DenyRequestRequest.md docs/EntityTypeEnum.md docs/Event.md docs/EventsApi.md @@ -115,6 +118,9 @@ docs/PropagationStatus.md docs/PropagationStatusEnum.md docs/RemoteUser.md docs/Request.md +docs/RequestApprovalEnum.md +docs/RequestComment.md +docs/RequestCommentList.md docs/RequestConfiguration.md docs/RequestConnection.md docs/RequestCustomFieldResponse.md @@ -123,6 +129,7 @@ docs/RequestEdge.md docs/RequestItemStages.md docs/RequestList.md docs/RequestReviewer.md +docs/RequestReviewerStages.md docs/RequestStage.md docs/RequestStatusEnum.md docs/RequestTemplateCustomFieldTypeEnum.md @@ -142,6 +149,7 @@ docs/ResourceRemoteInfoAwsOrganizationalUnit.md docs/ResourceRemoteInfoAwsPermissionSet.md docs/ResourceRemoteInfoAwsRdsInstance.md docs/ResourceRemoteInfoCustomConnector.md +docs/ResourceRemoteInfoDatastaxAstraRole.md docs/ResourceRemoteInfoGcpBigQueryDataset.md docs/ResourceRemoteInfoGcpBigQueryTable.md docs/ResourceRemoteInfoGcpBucket.md @@ -152,6 +160,7 @@ docs/ResourceRemoteInfoGcpOrganization.md docs/ResourceRemoteInfoGcpProject.md docs/ResourceRemoteInfoGcpServiceAccount.md docs/ResourceRemoteInfoGcpSqlInstance.md +docs/ResourceRemoteInfoGithubOrgRole.md docs/ResourceRemoteInfoGithubRepo.md docs/ResourceRemoteInfoGitlabProject.md docs/ResourceRemoteInfoGoogleWorkspaceRole.md @@ -181,7 +190,6 @@ docs/RuleConjunction.md docs/RuleDisjunction.md docs/ScopedRolePermission.md docs/ScopedRolePermissionList.md -docs/ScopedRolePermissionsApi.md docs/Session.md docs/SessionsApi.md docs/SessionsList.md @@ -240,7 +248,6 @@ opal_security/api/on_call_schedules_api.py opal_security/api/owners_api.py opal_security/api/requests_api.py opal_security/api/resources_api.py -opal_security/api/scoped_role_permissions_api.py opal_security/api/sessions_api.py opal_security/api/tags_api.py opal_security/api/uars_api.py @@ -279,10 +286,12 @@ opal_security/models/create_configuration_template_info.py opal_security/models/create_group_binding_info.py opal_security/models/create_group_binding_info_groups_inner.py opal_security/models/create_group_info.py +opal_security/models/create_idp_group_mapping_request.py opal_security/models/create_message_channel_info.py opal_security/models/create_on_call_schedule_info.py opal_security/models/create_owner_info.py opal_security/models/create_request200_response.py +opal_security/models/create_request_comment_request.py opal_security/models/create_request_configuration_info_list.py opal_security/models/create_request_info.py opal_security/models/create_request_info_custom_metadata_inner.py @@ -292,6 +301,7 @@ opal_security/models/create_request_info_support_ticket.py opal_security/models/create_resource_info.py opal_security/models/create_tag_info.py opal_security/models/create_uar_info.py +opal_security/models/deny_request_request.py opal_security/models/entity_type_enum.py opal_security/models/event.py opal_security/models/get_resource_user200_response.py @@ -350,6 +360,9 @@ opal_security/models/propagation_status.py opal_security/models/propagation_status_enum.py opal_security/models/remote_user.py opal_security/models/request.py +opal_security/models/request_approval_enum.py +opal_security/models/request_comment.py +opal_security/models/request_comment_list.py opal_security/models/request_configuration.py opal_security/models/request_connection.py opal_security/models/request_custom_field_response.py @@ -358,6 +371,7 @@ opal_security/models/request_edge.py opal_security/models/request_item_stages.py opal_security/models/request_list.py opal_security/models/request_reviewer.py +opal_security/models/request_reviewer_stages.py opal_security/models/request_stage.py opal_security/models/request_status_enum.py opal_security/models/request_template_custom_field_type_enum.py @@ -376,6 +390,7 @@ opal_security/models/resource_remote_info_aws_organizational_unit.py opal_security/models/resource_remote_info_aws_permission_set.py opal_security/models/resource_remote_info_aws_rds_instance.py opal_security/models/resource_remote_info_custom_connector.py +opal_security/models/resource_remote_info_datastax_astra_role.py opal_security/models/resource_remote_info_gcp_big_query_dataset.py opal_security/models/resource_remote_info_gcp_big_query_table.py opal_security/models/resource_remote_info_gcp_bucket.py @@ -386,6 +401,7 @@ opal_security/models/resource_remote_info_gcp_organization.py opal_security/models/resource_remote_info_gcp_project.py opal_security/models/resource_remote_info_gcp_service_account.py opal_security/models/resource_remote_info_gcp_sql_instance.py +opal_security/models/resource_remote_info_github_org_role.py opal_security/models/resource_remote_info_github_repo.py opal_security/models/resource_remote_info_gitlab_project.py opal_security/models/resource_remote_info_google_workspace_role.py @@ -459,14 +475,13 @@ setup.cfg setup.py test-requirements.txt test/__init__.py -test/test_paginated_remote_users_list.py -test/test_remote_user.py -test/test_resource_remote_info_google_workspace_role.py -test/test_role_permission_name_enum.py -test/test_role_permission_target_type_enum.py -test/test_scoped_role_permission.py -test/test_scoped_role_permission_list.py -test/test_scoped_role_permissions_api.py -test/test_sync_task.py -test/test_third_party_provider_enum.py +test/test_create_idp_group_mapping_request.py +test/test_create_request_comment_request.py +test/test_deny_request_request.py +test/test_request_approval_enum.py +test/test_request_comment.py +test/test_request_comment_list.py +test/test_request_reviewer_stages.py +test/test_resource_remote_info_datastax_astra_role.py +test/test_resource_remote_info_github_org_role.py tox.ini diff --git a/README.md b/README.md index 06b1012..997c974 100644 --- a/README.md +++ b/README.md @@ -188,6 +188,7 @@ Class | Method | HTTP request | Description *GroupsApi* | [**get_group_users**](docs/GroupsApi.md#get_group_users) | **GET** /groups/{group_id}/users | *GroupsApi* | [**get_group_visibility**](docs/GroupsApi.md#get_group_visibility) | **GET** /groups/{group_id}/visibility | *GroupsApi* | [**get_groups**](docs/GroupsApi.md#get_groups) | **GET** /groups | +*GroupsApi* | [**get_user_groups**](docs/GroupsApi.md#get_user_groups) | **GET** /groups/users/{user_id} | *GroupsApi* | [**remove_group_containing_group**](docs/GroupsApi.md#remove_group_containing_group) | **DELETE** /groups/{group_id}/containing-groups/{containing_group_id} | *GroupsApi* | [**set_group_message_channels**](docs/GroupsApi.md#set_group_message_channels) | **PUT** /groups/{group_id}/message-channels | *GroupsApi* | [**set_group_on_call_schedules**](docs/GroupsApi.md#set_group_on_call_schedules) | **PUT** /groups/{group_id}/on-call-schedules | @@ -197,6 +198,7 @@ Class | Method | HTTP request | Description *GroupsApi* | [**set_group_visibility**](docs/GroupsApi.md#set_group_visibility) | **PUT** /groups/{group_id}/visibility | *GroupsApi* | [**update_group_user**](docs/GroupsApi.md#update_group_user) | **PUT** /groups/{group_id}/users/{user_id} | *GroupsApi* | [**update_groups**](docs/GroupsApi.md#update_groups) | **PUT** /groups | +*IdpGroupMappingsApi* | [**create_idp_group_mapping**](docs/IdpGroupMappingsApi.md#create_idp_group_mapping) | **POST** /idp-group-mappings/{app_resource_id}/{group_id}/ | *IdpGroupMappingsApi* | [**delete_idp_group_mappings**](docs/IdpGroupMappingsApi.md#delete_idp_group_mappings) | **DELETE** /idp-group-mappings/{app_resource_id}/{group_id}/ | *IdpGroupMappingsApi* | [**get_idp_group_mappings**](docs/IdpGroupMappingsApi.md#get_idp_group_mappings) | **GET** /idp-group-mappings/{app_resource_id} | *IdpGroupMappingsApi* | [**update_idp_group_mappings**](docs/IdpGroupMappingsApi.md#update_idp_group_mappings) | **PUT** /idp-group-mappings/{app_resource_id} | @@ -217,7 +219,10 @@ Class | Method | HTTP request | Description *OwnersApi* | [**update_owners**](docs/OwnersApi.md#update_owners) | **PUT** /owners | *RequestsApi* | [**approve_request**](docs/RequestsApi.md#approve_request) | **POST** /requests/{id}/approve | *RequestsApi* | [**create_request**](docs/RequestsApi.md#create_request) | **POST** /requests | +*RequestsApi* | [**create_request_comment**](docs/RequestsApi.md#create_request_comment) | **POST** /requests/{id}/comments | +*RequestsApi* | [**deny_request**](docs/RequestsApi.md#deny_request) | **POST** /requests/{id}/deny | *RequestsApi* | [**get_request**](docs/RequestsApi.md#get_request) | **GET** /requests/{id} | +*RequestsApi* | [**get_request_comments**](docs/RequestsApi.md#get_request_comments) | **GET** /requests/{id}/comments | *RequestsApi* | [**get_requests**](docs/RequestsApi.md#get_requests) | **GET** /requests | *RequestsApi* | [**get_requests_relay**](docs/RequestsApi.md#get_requests_relay) | **GET** /requests/relay | *ResourcesApi* | [**add_resource_nhi**](docs/ResourcesApi.md#add_resource_nhi) | **POST** /resources/{resource_id}/non-human-identities/{non_human_identity_id} | @@ -237,6 +242,7 @@ Class | Method | HTTP request | Description *ResourcesApi* | [**get_resource_users**](docs/ResourcesApi.md#get_resource_users) | **GET** /resources/{resource_id}/users | *ResourcesApi* | [**get_resource_visibility**](docs/ResourcesApi.md#get_resource_visibility) | **GET** /resources/{resource_id}/visibility | *ResourcesApi* | [**get_resources**](docs/ResourcesApi.md#get_resources) | **GET** /resources | +*ResourcesApi* | [**get_user_resources**](docs/ResourcesApi.md#get_user_resources) | **GET** /resources/users/{user_id} | *ResourcesApi* | [**resource_user_access_status_retrieve**](docs/ResourcesApi.md#resource_user_access_status_retrieve) | **GET** /resource-user-access-status/{resource_id}/{user_id} | *ResourcesApi* | [**set_resource_message_channels**](docs/ResourcesApi.md#set_resource_message_channels) | **PUT** /resources/{resource_id}/message-channels | *ResourcesApi* | [**set_resource_reviewer_stages**](docs/ResourcesApi.md#set_resource_reviewer_stages) | **PUT** /resources/{resource_id}/reviewer-stages | @@ -245,8 +251,6 @@ Class | Method | HTTP request | Description *ResourcesApi* | [**set_resource_visibility**](docs/ResourcesApi.md#set_resource_visibility) | **PUT** /resources/{resource_id}/visibility | *ResourcesApi* | [**update_resource_user**](docs/ResourcesApi.md#update_resource_user) | **PUT** /resources/{resource_id}/users/{user_id} | *ResourcesApi* | [**update_resources**](docs/ResourcesApi.md#update_resources) | **PUT** /resources | -*ScopedRolePermissionsApi* | [**get_resource_scoped_role_permissions**](docs/ScopedRolePermissionsApi.md#get_resource_scoped_role_permissions) | **GET** /resources/{resource_id}/scoped-role-permissions | -*ScopedRolePermissionsApi* | [**set_resource_scoped_role_permissions**](docs/ScopedRolePermissionsApi.md#set_resource_scoped_role_permissions) | **PUT** /resources/{resource_id}/scoped-role-permissions | *SessionsApi* | [**sessions**](docs/SessionsApi.md#sessions) | **GET** /sessions | *TagsApi* | [**add_group_tag**](docs/TagsApi.md#add_group_tag) | **POST** /tags/{tag_id}/groups/{group_id} | *TagsApi* | [**add_resource_tag**](docs/TagsApi.md#add_resource_tag) | **POST** /tags/{tag_id}/resources/{resource_id} | @@ -299,10 +303,12 @@ Class | Method | HTTP request | Description - [CreateGroupBindingInfo](docs/CreateGroupBindingInfo.md) - [CreateGroupBindingInfoGroupsInner](docs/CreateGroupBindingInfoGroupsInner.md) - [CreateGroupInfo](docs/CreateGroupInfo.md) + - [CreateIdpGroupMappingRequest](docs/CreateIdpGroupMappingRequest.md) - [CreateMessageChannelInfo](docs/CreateMessageChannelInfo.md) - [CreateOnCallScheduleInfo](docs/CreateOnCallScheduleInfo.md) - [CreateOwnerInfo](docs/CreateOwnerInfo.md) - [CreateRequest200Response](docs/CreateRequest200Response.md) + - [CreateRequestCommentRequest](docs/CreateRequestCommentRequest.md) - [CreateRequestConfigurationInfoList](docs/CreateRequestConfigurationInfoList.md) - [CreateRequestInfo](docs/CreateRequestInfo.md) - [CreateRequestInfoCustomMetadataInner](docs/CreateRequestInfoCustomMetadataInner.md) @@ -312,6 +318,7 @@ Class | Method | HTTP request | Description - [CreateResourceInfo](docs/CreateResourceInfo.md) - [CreateTagInfo](docs/CreateTagInfo.md) - [CreateUARInfo](docs/CreateUARInfo.md) + - [DenyRequestRequest](docs/DenyRequestRequest.md) - [EntityTypeEnum](docs/EntityTypeEnum.md) - [Event](docs/Event.md) - [GetResourceUser200Response](docs/GetResourceUser200Response.md) @@ -370,6 +377,9 @@ Class | Method | HTTP request | Description - [PropagationStatusEnum](docs/PropagationStatusEnum.md) - [RemoteUser](docs/RemoteUser.md) - [Request](docs/Request.md) + - [RequestApprovalEnum](docs/RequestApprovalEnum.md) + - [RequestComment](docs/RequestComment.md) + - [RequestCommentList](docs/RequestCommentList.md) - [RequestConfiguration](docs/RequestConfiguration.md) - [RequestConnection](docs/RequestConnection.md) - [RequestCustomFieldResponse](docs/RequestCustomFieldResponse.md) @@ -378,6 +388,7 @@ Class | Method | HTTP request | Description - [RequestItemStages](docs/RequestItemStages.md) - [RequestList](docs/RequestList.md) - [RequestReviewer](docs/RequestReviewer.md) + - [RequestReviewerStages](docs/RequestReviewerStages.md) - [RequestStage](docs/RequestStage.md) - [RequestStatusEnum](docs/RequestStatusEnum.md) - [RequestTemplateCustomFieldTypeEnum](docs/RequestTemplateCustomFieldTypeEnum.md) @@ -396,6 +407,7 @@ Class | Method | HTTP request | Description - [ResourceRemoteInfoAwsPermissionSet](docs/ResourceRemoteInfoAwsPermissionSet.md) - [ResourceRemoteInfoAwsRdsInstance](docs/ResourceRemoteInfoAwsRdsInstance.md) - [ResourceRemoteInfoCustomConnector](docs/ResourceRemoteInfoCustomConnector.md) + - [ResourceRemoteInfoDatastaxAstraRole](docs/ResourceRemoteInfoDatastaxAstraRole.md) - [ResourceRemoteInfoGcpBigQueryDataset](docs/ResourceRemoteInfoGcpBigQueryDataset.md) - [ResourceRemoteInfoGcpBigQueryTable](docs/ResourceRemoteInfoGcpBigQueryTable.md) - [ResourceRemoteInfoGcpBucket](docs/ResourceRemoteInfoGcpBucket.md) @@ -406,6 +418,7 @@ Class | Method | HTTP request | Description - [ResourceRemoteInfoGcpProject](docs/ResourceRemoteInfoGcpProject.md) - [ResourceRemoteInfoGcpServiceAccount](docs/ResourceRemoteInfoGcpServiceAccount.md) - [ResourceRemoteInfoGcpSqlInstance](docs/ResourceRemoteInfoGcpSqlInstance.md) + - [ResourceRemoteInfoGithubOrgRole](docs/ResourceRemoteInfoGithubOrgRole.md) - [ResourceRemoteInfoGithubRepo](docs/ResourceRemoteInfoGithubRepo.md) - [ResourceRemoteInfoGitlabProject](docs/ResourceRemoteInfoGitlabProject.md) - [ResourceRemoteInfoGoogleWorkspaceRole](docs/ResourceRemoteInfoGoogleWorkspaceRole.md) diff --git a/api/openapi.yaml b/api/openapi.yaml index 25be93c..b5d08ad 100644 --- a/api/openapi.yaml +++ b/api/openapi.yaml @@ -40,8 +40,6 @@ tags: description: Operations related to requests - name: resources description: Operations related to resources - - name: scoped-role-permissions - description: Operations related to scoped role permissions - name: sessions description: Operations related to sessions - name: tags @@ -1489,6 +1487,25 @@ paths: format: uuid type: string style: simple + - description: The pagination cursor value. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: + type: string + style: form + - description: Number of results to return per page. Default is 200. + example: 200 + explode: true + in: query + name: page_size + required: false + schema: + type: integer + maximum: 1000 + style: form responses: "200": content: @@ -1671,6 +1688,51 @@ paths: - BearerAuth: [] tags: - groups + /groups/users/{user_id}: + get: + description: Returns all groups that the user is a member of. + operationId: get_user_groups + parameters: + - description: The ID of the user whose groups to return. + name: user_id + example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 + explode: false + in: path + required: true + schema: + format: uuid + type: string + style: simple + - description: The pagination cursor value. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: + type: string + style: form + - description: Number of results to return per page. Default is 200. + example: 200 + explode: true + in: query + name: page_size + required: false + schema: + type: integer + maximum: 1000 + style: form + responses: + "200": + content: + application/json: + schema: + $ref: "#/components/schemas/GroupUserList" + description: The groups that the user is a member of. + security: + - BearerAuth: [] + tags: + - groups /group-bindings: get: description: Returns a list of `GroupBinding` objects. @@ -1858,6 +1920,65 @@ paths: tags: - idp-group-mappings /idp-group-mappings/{app_resource_id}/{group_id}/: + post: + description: | + Creates or updates an individual `IdpGroupMapping` object (upsert operation). + + **Behavior:** + - If the mapping doesn't exist, it will be created with the provided values + - If the mapping exists, only the fields provided in the request will be updated + operationId: createIdpGroupMapping + parameters: + - description: The ID of the Okta app. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: app_resource_id + required: true + schema: + format: uuid + type: string + style: simple + - description: The ID of the group. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: group_id + required: true + schema: + format: uuid + type: string + style: simple + requestBody: + required: false + content: + application/json: + schema: + properties: + alias: + description: Optional alias for the group mapping + type: string + nullable: true + hidden_from_end_user: + description: | + Whether this mapping should be hidden from end users. + - **New mappings**: If not provided, defaults to `false` + - **Existing mappings**: If not provided, existing value is preserved (no change) + - **Explicit values**: If provided, value is updated to the specified boolean + type: boolean + nullable: true + type: object + responses: + "200": + description: The IDP group mapping was successfully created or updated. + content: + application/json: + schema: + $ref: "#/components/schemas/IdpGroupMapping" + security: + - BearerAuth: [] + tags: + - idp-group-mappings delete: description: Deletes an `IdpGroupMapping` object. operationId: delete_idp_group_mappings @@ -2338,10 +2459,7 @@ paths: type: object properties: level: - type: string - enum: [REGULAR, ADMIN] - description: "The decision level for the approval" - example: "REGULAR" + $ref: "#/components/schemas/RequestApprovalEnum" comment: type: string description: "Optional comment for the approval" @@ -2358,11 +2476,108 @@ paths: properties: request: $ref: "#/components/schemas/Request" - taskId: - type: string - format: uuid - description: "ID of the task created for propagating access" - example: "c6f85bfb-3fe7-4936-a68d-7a5e1e3d0f6a" + security: + - BearerAuth: [] + tags: + - requests + /requests/{id}/deny: + post: + description: "Deny an access request" + operationId: "denyRequest" + parameters: + - description: "The ID of the request to deny" + in: path + name: id + required: true + schema: + type: string + format: uuid + requestBody: + description: Denial parameters + required: true + content: + application/json: + schema: + type: object + properties: + comment: + type: string + description: "Comment for the denial" + example: "Denied due to insufficient justification" + required: + - comment + responses: + "200": + description: "Request successfully denied" + content: + application/json: + schema: + type: object + properties: + request: + $ref: "#/components/schemas/Request" + security: + - BearerAuth: [] + tags: + - requests + /requests/{id}/comments: + get: + description: Returns a list of comments for a specific request. + operationId: getRequestComments + parameters: + - description: "The ID of the request to get comments for" + in: path + name: id + required: true + schema: + type: string + format: uuid + responses: + "200": + description: A list of comments associated with the specified request. + content: + application/json: + schema: + type: object + $ref: "#/components/schemas/RequestCommentList" + security: + - BearerAuth: [] + tags: + - requests + post: + description: "Comment on an access request" + operationId: "createRequestComment" + parameters: + - description: "The ID of the request to comment on" + in: path + name: id + required: true + schema: + type: string + format: uuid + requestBody: + description: Comment parameters + required: true + content: + application/json: + schema: + type: object + properties: + comment: + type: string + description: "comment" + required: + - comment + responses: + "200": + description: "Request successfully commented" + content: + application/json: + schema: + type: object + properties: + request: + $ref: "#/components/schemas/Request" security: - BearerAuth: [] tags: @@ -2391,7 +2606,7 @@ paths: type: integer maximum: 1000 style: form - - description: The resource type to filter by. + - description: The resource type to filter by. Required when remote_id is provided. example: AWS_IAM_ROLE explode: true in: query @@ -2446,6 +2661,13 @@ paths: format: uuid type: string style: form + - description: Filter resources by their remote id. This will return all resources that have a remote id that matches the provided remote id. Note that this requires resource_type_filter to be provided. + in: query + name: remote_id + required: false + schema: + type: string + style: form responses: "200": content: @@ -3341,7 +3563,6 @@ paths: - BearerAuth: [] tags: - resources - - scoped-role-permissions put: description: Sets all the scoped role permissions on an OPAL_SCOPED_ROLE resource. operationId: set_resource_scoped_role_permissions @@ -3373,7 +3594,59 @@ paths: - BearerAuth: [] tags: - resources - - scoped-role-permissions + /resources/users/{user_id}: + get: + description: Gets the list of resources for this user. + operationId: get_user_resources + parameters: + - description: The ID of the user. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: user_id + required: true + schema: + format: uuid + type: string + style: simple + - description: Limit the number of results returned. + example: 200 + explode: true + in: query + name: limit + required: false + schema: + type: integer + style: form + - description: The pagination cursor value. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: + type: string + style: form + - description: Include user's access to unmanaged resources. + example: false + explode: true + in: query + name: include_unmanaged + required: false + schema: + type: boolean + style: form + responses: + "200": + content: + application/json: + schema: + $ref: "#/components/schemas/ResourceAccessUserList" + description: List of resources user has access to. + security: + - BearerAuth: [] + tags: + - resources /sessions: get: description: Returns a list of `Session` objects. @@ -4266,6 +4539,7 @@ paths: - BearerAuth: [] tags: - apps + components: schemas: PaginatedAssignedRequestList: @@ -4925,6 +5199,18 @@ components: has_direct_access: true num_access_paths: 3 properties: + next: + description: + The cursor with which to continue pagination if additional + result pages exist. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + nullable: true + type: string + previous: + description: The cursor used to obtain the current result page. + example: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ + nullable: true + type: string results: items: $ref: "#/components/schemas/ResourceAccessUser" @@ -5637,6 +5923,10 @@ components: description: The recommended duration for which the group should be requested (in minutes). -1 represents an indefinite duration. type: integer example: 120 + extensions_duration_in_minutes: + description: The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration. + type: integer + example: 120 require_manager_approval: description: A bool representing whether or not access requests to the group require manager approval. example: False @@ -5721,6 +6011,8 @@ components: type: object GroupUserList: example: + next: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + previous: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ results: - full_name: Jake Barnes user_id: 29827fb8-f2dd-4e80-9576-28e31e9934ac @@ -5737,6 +6029,18 @@ components: items: $ref: "#/components/schemas/GroupUser" type: array + next: + description: + The cursor with which to continue pagination if additional + result pages exist. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + nullable: true + type: string + previous: + description: The cursor used to obtain the current result page. + example: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ + nullable: true + type: string type: object GroupAccessLevel: description: |- @@ -5967,6 +6271,10 @@ components: type: string format: uuid type: array + extensions_duration_in_minutes: + description: The duration for which access can be extended (in minutes). + type: integer + example: 120 request_configurations: type: array items: @@ -6110,6 +6418,8 @@ components: - MARIADB_INSTANCE - POSTGRES_INSTANCE - TELEPORT_ROLE + - ILEVEL_ADVANCED_ROLE + - DATASTAX_ASTRA_ROLE example: AWS_IAM_ROLE type: string VisibilityTypeEnum: @@ -6551,7 +6861,7 @@ components: example: LINEAR type: string GroupRemoteInfo: - description: Information that defines the remote group. This replaces the deprecated remote_id and metadata fields. + description: Information that defines the remote group. This replaces the deprecated remote_id and metadata fields. If remote_info is provided, a group will be imported into Opal. For group types that support group creation through Opal, a new group will be created if remote_info is not provided. properties: active_directory_group: description: Remote info for Active Directory group. @@ -6976,6 +7286,16 @@ components: type: object required: - repo_name + github_org_role: + description: Remote info for GitHub organization role. + properties: + role_id: + description: The id of the role. + example: 112233 + type: string + type: object + required: + - role_id gitlab_project: description: Remote info for Gitlab project. properties: @@ -7071,6 +7391,16 @@ components: type: object required: - role_name + datastax_astra_role: + description: Remote info for an Astra role. + properties: + role_id: + description: The id of the role. + example: 123e4567-e89b-12d3-a456-426614174000 + type: string + type: object + required: + - role_id type: object RiskSensitivityEnum: type: string @@ -7624,20 +7954,20 @@ components: request_id: 4c86c85d-0651-43e2-a748-d69d658418e8 user_id: c86c85d-0651-43e2-a748-d69d658418e8 comment: This is a comment. - stages: - requestedRoleName: "Admin" - requestedItemName: "AWS Production Account" - stages: - - stage: 1 - operator: AND - reviewers: - - id: 7c86c85d-0651-43e2-a748-d69d658418e8 - status: PENDING - - stage: 2 - operator: OR - reviewers: - - id: 8d86c85d-0651-43e2-a748-d69d658418e9 - status: APPROVED + reviewer_stages: + - requestedRoleName: "Admin" + requestedItemName: "AWS Production Account" + stages: + - stage: 1 + operator: AND + reviewers: + - id: 7c86c85d-0651-43e2-a748-d69d658418e8 + status: PENDING + - stage: 2 + operator: OR + reviewers: + - id: 8d86c85d-0651-43e2-a748-d69d658418e9 + status: APPROVED properties: id: description: The unique identifier of the request. @@ -7692,8 +8022,14 @@ components: items: $ref: "#/components/schemas/RequestCustomFieldResponse" stages: + deprecated: true description: The stages configuration for this request $ref: "#/components/schemas/RequestItemStages" + reviewer_stages: + description: The configured reviewer stages for every item in this request + type: array + items: + $ref: "#/components/schemas/RequestReviewerStages" required: - id - created_at @@ -7701,9 +8037,101 @@ components: - requester_id - status - reason + RequestCommentList: + description: A paginated list of request comments + type: object + example: + comments: + - created_at: 2021-01-06T20:00:00Z + request_id: 4c86c85d-0651-43e2-a748-d69d658418e8 + user_id: c86c85d-0651-43e2-a748-d69d658418e8 + comment: This is a comment. + properties: + comments: + items: + $ref: "#/components/schemas/RequestComment" + type: array + required: + - comments + RequestComment: + description: |- + # Request Comment Object + ### Description + The `RequestComment` object is used to represent a comment on a request. + + ### Usage Example + Returned from the `GET Requests` endpoint as part of a `Request` object. + example: + created_at: 2021-01-06T20:00:00Z + request_id: 4c86c85d-0651-43e2-a748-d69d658418e8 + user_id: c86c85d-0651-43e2-a748-d69d658418e8 + comment: This is a comment. + properties: + created_at: + description: The date and time the comment was created. + example: 2021-01-06T20:00:00Z + format: date-time + type: string + request_id: + description: The unique identifier of the request the comment is associated with. + example: 7c86c85d-0651-43e2-a748-d69d658418e8 + format: uuid + type: string + user_id: + description: The unique identifier of the user who made the comment. + example: 7c86c85d-0651-43e2-a748-d69d658418e8 + format: uuid + type: string + user_full_name: + description: The user's full name. + example: Jake Barnes + type: string + user_email: + description: The user's email address. + example: jake.barnes@company.com + type: string + comment: + description: The content of the comment. + example: This is a comment. + type: string + required: + - created_at + - request_id + - user_id + - comment + RequestReviewerStages: + description: The stages configuration for a request item + type: object + properties: + access_level_name: + description: The name of the access level requested. + example: admin + type: string + access_level_remote_id: + description: The ID of the access level requested on the remote system. + example: arn:aws:iam::490306337630:role/SupportUser + type: string + item_name: + description: The name of the requested item + type: string + item_id: + description: The ID of the resource requested. + example: f454d283-ca87-4a8a-bdbb-df212eca5353 + format: uuid + type: string + stages: + description: The stages of review for this request + type: array + items: + $ref: "#/components/schemas/RequestStage" + required: + - item_name + - item_id + - stages RequestItemStages: description: The stages configuration for a request item type: object + deprecated: true properties: requestedRoleName: description: The name of the requested role @@ -7752,6 +8180,10 @@ components: description: The unique identifier of the reviewer type: string format: uuid + full_name: + description: The user's full name. + example: Jake Barnes + type: string status: description: The status of this reviewer's review type: string @@ -7935,6 +8367,10 @@ components: description: The recommended duration for which the resource should be requested (in minutes). -1 represents an indefinite duration. type: integer example: 120 + extensions_duration_in_minutes: + description: The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration. + type: integer + example: 120 require_manager_approval: description: A bool representing whether or not access requests to the resource require manager approval. example: False @@ -8193,6 +8629,10 @@ components: example: False type: boolean deprecated: true + extensions_duration_in_minutes: + description: The duration for which access can be extended (in minutes). + type: integer + example: 120 request_configurations: type: array items: @@ -8963,6 +9403,10 @@ components: description: A bool representing whether or not access requests to the resource require an access ticket. example: False type: boolean + extensions_duration_in_minutes: + description: The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration. + type: integer + example: 120 request_template_id: description: The ID of the associated request template. example: 06851574-e50d-40ca-8c78-f72ae6ab4304 @@ -9860,6 +10304,11 @@ components: example: id: 7c86c85d-0651-43e2-a748-d69d658418e8 completed_at: 2023-10-01T12:00:00Z + RequestApprovalEnum: + type: string + enum: [REGULAR, ADMIN] + description: "The decision level for the approval" + example: "REGULAR" securitySchemes: BearerAuth: scheme: bearer diff --git a/docs/ApproveRequest200Response.md b/docs/ApproveRequest200Response.md index eec3230..0142472 100644 --- a/docs/ApproveRequest200Response.md +++ b/docs/ApproveRequest200Response.md @@ -6,7 +6,6 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **request** | [**Request**](Request.md) | | [optional] -**task_id** | **str** | ID of the task created for propagating access | [optional] ## Example diff --git a/docs/ApproveRequestRequest.md b/docs/ApproveRequestRequest.md index 7b0f725..7a7547e 100644 --- a/docs/ApproveRequestRequest.md +++ b/docs/ApproveRequestRequest.md @@ -5,7 +5,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**level** | **str** | The decision level for the approval | +**level** | [**RequestApprovalEnum**](RequestApprovalEnum.md) | | **comment** | **str** | Optional comment for the approval | [optional] ## Example diff --git a/docs/CreateIdpGroupMappingRequest.md b/docs/CreateIdpGroupMappingRequest.md new file mode 100644 index 0000000..047a0e5 --- /dev/null +++ b/docs/CreateIdpGroupMappingRequest.md @@ -0,0 +1,30 @@ +# CreateIdpGroupMappingRequest + + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**alias** | **str** | Optional alias for the group mapping | [optional] +**hidden_from_end_user** | **bool** | Whether this mapping should be hidden from end users. - **New mappings**: If not provided, defaults to `false` - **Existing mappings**: If not provided, existing value is preserved (no change) - **Explicit values**: If provided, value is updated to the specified boolean | [optional] + +## Example + +```python +from opal_security.models.create_idp_group_mapping_request import CreateIdpGroupMappingRequest + +# TODO update the JSON string below +json = "{}" +# create an instance of CreateIdpGroupMappingRequest from a JSON string +create_idp_group_mapping_request_instance = CreateIdpGroupMappingRequest.from_json(json) +# print the JSON string representation of the object +print(CreateIdpGroupMappingRequest.to_json()) + +# convert the object into a dict +create_idp_group_mapping_request_dict = create_idp_group_mapping_request_instance.to_dict() +# create an instance of CreateIdpGroupMappingRequest from a dict +create_idp_group_mapping_request_from_dict = CreateIdpGroupMappingRequest.from_dict(create_idp_group_mapping_request_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/CreateRequestCommentRequest.md b/docs/CreateRequestCommentRequest.md new file mode 100644 index 0000000..ff7517b --- /dev/null +++ b/docs/CreateRequestCommentRequest.md @@ -0,0 +1,29 @@ +# CreateRequestCommentRequest + + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**comment** | **str** | comment | + +## Example + +```python +from opal_security.models.create_request_comment_request import CreateRequestCommentRequest + +# TODO update the JSON string below +json = "{}" +# create an instance of CreateRequestCommentRequest from a JSON string +create_request_comment_request_instance = CreateRequestCommentRequest.from_json(json) +# print the JSON string representation of the object +print(CreateRequestCommentRequest.to_json()) + +# convert the object into a dict +create_request_comment_request_dict = create_request_comment_request_instance.to_dict() +# create an instance of CreateRequestCommentRequest from a dict +create_request_comment_request_from_dict = CreateRequestCommentRequest.from_dict(create_request_comment_request_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/DenyRequestRequest.md b/docs/DenyRequestRequest.md new file mode 100644 index 0000000..514e9ec --- /dev/null +++ b/docs/DenyRequestRequest.md @@ -0,0 +1,29 @@ +# DenyRequestRequest + + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**comment** | **str** | Comment for the denial | + +## Example + +```python +from opal_security.models.deny_request_request import DenyRequestRequest + +# TODO update the JSON string below +json = "{}" +# create an instance of DenyRequestRequest from a JSON string +deny_request_request_instance = DenyRequestRequest.from_json(json) +# print the JSON string representation of the object +print(DenyRequestRequest.to_json()) + +# convert the object into a dict +deny_request_request_dict = deny_request_request_instance.to_dict() +# create an instance of DenyRequestRequest from a dict +deny_request_request_from_dict = DenyRequestRequest.from_dict(deny_request_request_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/Group.md b/docs/Group.md index 6fd8490..17ae2d2 100644 --- a/docs/Group.md +++ b/docs/Group.md @@ -17,6 +17,7 @@ Name | Type | Description | Notes **group_type** | [**GroupTypeEnum**](GroupTypeEnum.md) | | [optional] **max_duration** | **int** | The maximum duration for which the group can be requested (in minutes). | [optional] **recommended_duration** | **int** | The recommended duration for which the group should be requested (in minutes). -1 represents an indefinite duration. | [optional] +**extensions_duration_in_minutes** | **int** | The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration. | [optional] **require_manager_approval** | **bool** | A bool representing whether or not access requests to the group require manager approval. | [optional] **require_support_ticket** | **bool** | A bool representing whether or not access requests to the group require an access ticket. | [optional] **require_mfa_to_approve** | **bool** | A bool representing whether or not to require MFA for reviewers to approve requests for this group. | [optional] diff --git a/docs/GroupRemoteInfo.md b/docs/GroupRemoteInfo.md index 88523e6..04e4070 100644 --- a/docs/GroupRemoteInfo.md +++ b/docs/GroupRemoteInfo.md @@ -1,6 +1,6 @@ # GroupRemoteInfo -Information that defines the remote group. This replaces the deprecated remote_id and metadata fields. +Information that defines the remote group. This replaces the deprecated remote_id and metadata fields. If remote_info is provided, a group will be imported into Opal. For group types that support group creation through Opal, a new group will be created if remote_info is not provided. ## Properties diff --git a/docs/GroupUserList.md b/docs/GroupUserList.md index a9e762a..e923df8 100644 --- a/docs/GroupUserList.md +++ b/docs/GroupUserList.md @@ -6,6 +6,8 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **results** | [**List[GroupUser]**](GroupUser.md) | | [optional] +**next** | **str** | The cursor with which to continue pagination if additional result pages exist. | [optional] +**previous** | **str** | The cursor used to obtain the current result page. | [optional] ## Example diff --git a/docs/GroupsApi.md b/docs/GroupsApi.md index b4fafd5..24055d5 100644 --- a/docs/GroupsApi.md +++ b/docs/GroupsApi.md @@ -22,6 +22,7 @@ Method | HTTP request | Description [**get_group_users**](GroupsApi.md#get_group_users) | **GET** /groups/{group_id}/users | [**get_group_visibility**](GroupsApi.md#get_group_visibility) | **GET** /groups/{group_id}/visibility | [**get_groups**](GroupsApi.md#get_groups) | **GET** /groups | +[**get_user_groups**](GroupsApi.md#get_user_groups) | **GET** /groups/users/{user_id} | [**remove_group_containing_group**](GroupsApi.md#remove_group_containing_group) | **DELETE** /groups/{group_id}/containing-groups/{containing_group_id} | [**set_group_message_channels**](GroupsApi.md#set_group_message_channels) | **PUT** /groups/{group_id}/message-channels | [**set_group_on_call_schedules**](GroupsApi.md#set_group_on_call_schedules) | **PUT** /groups/{group_id}/on-call-schedules | @@ -1237,7 +1238,7 @@ Name | Type | Description | Notes [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) # **get_group_users** -> GroupUserList get_group_users(group_id) +> GroupUserList get_group_users(group_id, cursor=cursor, page_size=page_size) @@ -1276,9 +1277,11 @@ with opal_security.ApiClient(configuration) as api_client: # Create an instance of the API class api_instance = opal_security.GroupsApi(api_client) group_id = '4baf8423-db0a-4037-a4cf-f79c60cb67a5' # str | The ID of the group. + cursor = 'cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw' # str | The pagination cursor value. (optional) + page_size = 200 # int | Number of results to return per page. Default is 200. (optional) try: - api_response = api_instance.get_group_users(group_id) + api_response = api_instance.get_group_users(group_id, cursor=cursor, page_size=page_size) print("The response of GroupsApi->get_group_users:\n") pprint(api_response) except Exception as e: @@ -1293,6 +1296,8 @@ with opal_security.ApiClient(configuration) as api_client: Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **group_id** | **str**| The ID of the group. | + **cursor** | **str**| The pagination cursor value. | [optional] + **page_size** | **int**| Number of results to return per page. Default is 200. | [optional] ### Return type @@ -1482,6 +1487,89 @@ Name | Type | Description | Notes [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +# **get_user_groups** +> GroupUserList get_user_groups(user_id, cursor=cursor, page_size=page_size) + + + +Returns all groups that the user is a member of. + +### Example + +* Bearer Authentication (BearerAuth): + +```python +import opal_security +from opal_security.models.group_user_list import GroupUserList +from opal_security.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to https://api.opal.dev/v1 +# See configuration.py for a list of all supported configuration parameters. +import opal_security as opal + +configuration = opal.Configuration( + host = "https://api.opal.dev/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure Bearer authorization: BearerAuth +configuration = opal.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with opal_security.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = opal_security.GroupsApi(api_client) + user_id = '1b978423-db0a-4037-a4cf-f79c60cb67b3' # str | The ID of the user whose groups to return. + cursor = 'cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw' # str | The pagination cursor value. (optional) + page_size = 200 # int | Number of results to return per page. Default is 200. (optional) + + try: + api_response = api_instance.get_user_groups(user_id, cursor=cursor, page_size=page_size) + print("The response of GroupsApi->get_user_groups:\n") + pprint(api_response) + except Exception as e: + print("Exception when calling GroupsApi->get_user_groups: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| The ID of the user whose groups to return. | + **cursor** | **str**| The pagination cursor value. | [optional] + **page_size** | **int**| Number of results to return per page. Default is 200. | [optional] + +### Return type + +[**GroupUserList**](GroupUserList.md) + +### Authorization + +[BearerAuth](../README.md#BearerAuth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | The groups that the user is a member of. | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + # **remove_group_containing_group** > remove_group_containing_group(group_id, containing_group_id) diff --git a/docs/IdpGroupMappingsApi.md b/docs/IdpGroupMappingsApi.md index dc5302a..5a660f9 100644 --- a/docs/IdpGroupMappingsApi.md +++ b/docs/IdpGroupMappingsApi.md @@ -4,11 +4,96 @@ All URIs are relative to *https://api.opal.dev/v1* Method | HTTP request | Description ------------- | ------------- | ------------- +[**create_idp_group_mapping**](IdpGroupMappingsApi.md#create_idp_group_mapping) | **POST** /idp-group-mappings/{app_resource_id}/{group_id}/ | [**delete_idp_group_mappings**](IdpGroupMappingsApi.md#delete_idp_group_mappings) | **DELETE** /idp-group-mappings/{app_resource_id}/{group_id}/ | [**get_idp_group_mappings**](IdpGroupMappingsApi.md#get_idp_group_mappings) | **GET** /idp-group-mappings/{app_resource_id} | [**update_idp_group_mappings**](IdpGroupMappingsApi.md#update_idp_group_mappings) | **PUT** /idp-group-mappings/{app_resource_id} | +# **create_idp_group_mapping** +> IdpGroupMapping create_idp_group_mapping(app_resource_id, group_id, create_idp_group_mapping_request=create_idp_group_mapping_request) + + + +Creates or updates an individual `IdpGroupMapping` object (upsert operation). **Behavior:** - If the mapping doesn't exist, it will be created with the provided values - If the mapping exists, only the fields provided in the request will be updated + +### Example + +* Bearer Authentication (BearerAuth): + +```python +import opal_security +from opal_security.models.create_idp_group_mapping_request import CreateIdpGroupMappingRequest +from opal_security.models.idp_group_mapping import IdpGroupMapping +from opal_security.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to https://api.opal.dev/v1 +# See configuration.py for a list of all supported configuration parameters. +import opal_security as opal + +configuration = opal.Configuration( + host = "https://api.opal.dev/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure Bearer authorization: BearerAuth +configuration = opal.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with opal_security.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = opal_security.IdpGroupMappingsApi(api_client) + app_resource_id = '4baf8423-db0a-4037-a4cf-f79c60cb67a5' # str | The ID of the Okta app. + group_id = '4baf8423-db0a-4037-a4cf-f79c60cb67a5' # str | The ID of the group. + create_idp_group_mapping_request = opal_security.CreateIdpGroupMappingRequest() # CreateIdpGroupMappingRequest | (optional) + + try: + api_response = api_instance.create_idp_group_mapping(app_resource_id, group_id, create_idp_group_mapping_request=create_idp_group_mapping_request) + print("The response of IdpGroupMappingsApi->create_idp_group_mapping:\n") + pprint(api_response) + except Exception as e: + print("Exception when calling IdpGroupMappingsApi->create_idp_group_mapping: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **app_resource_id** | **str**| The ID of the Okta app. | + **group_id** | **str**| The ID of the group. | + **create_idp_group_mapping_request** | [**CreateIdpGroupMappingRequest**](CreateIdpGroupMappingRequest.md)| | [optional] + +### Return type + +[**IdpGroupMapping**](IdpGroupMapping.md) + +### Authorization + +[BearerAuth](../README.md#BearerAuth) + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | The IDP group mapping was successfully created or updated. | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + # **delete_idp_group_mappings** > delete_idp_group_mappings(app_resource_id, group_id) diff --git a/docs/Request.md b/docs/Request.md index e6507f0..de0a72c 100644 --- a/docs/Request.md +++ b/docs/Request.md @@ -18,6 +18,7 @@ Name | Type | Description | Notes **requested_items_list** | [**List[RequestedItem]**](RequestedItem.md) | The list of targets for the request. | [optional] **custom_fields_responses** | [**List[RequestCustomFieldResponse]**](RequestCustomFieldResponse.md) | The responses given to the custom fields associated to the request | [optional] **stages** | [**RequestItemStages**](RequestItemStages.md) | The stages configuration for this request | [optional] +**reviewer_stages** | [**List[RequestReviewerStages]**](RequestReviewerStages.md) | The configured reviewer stages for every item in this request | [optional] ## Example diff --git a/docs/RequestApprovalEnum.md b/docs/RequestApprovalEnum.md new file mode 100644 index 0000000..450acdb --- /dev/null +++ b/docs/RequestApprovalEnum.md @@ -0,0 +1,13 @@ +# RequestApprovalEnum + +The decision level for the approval + +## Enum + +* `REGULAR` (value: `'REGULAR'`) + +* `ADMIN` (value: `'ADMIN'`) + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/RequestComment.md b/docs/RequestComment.md new file mode 100644 index 0000000..a143ecc --- /dev/null +++ b/docs/RequestComment.md @@ -0,0 +1,35 @@ +# RequestComment + +# Request Comment Object ### Description The `RequestComment` object is used to represent a comment on a request. ### Usage Example Returned from the `GET Requests` endpoint as part of a `Request` object. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**created_at** | **datetime** | The date and time the comment was created. | +**request_id** | **str** | The unique identifier of the request the comment is associated with. | +**user_id** | **str** | The unique identifier of the user who made the comment. | +**user_full_name** | **str** | The user's full name. | [optional] +**user_email** | **str** | The user's email address. | [optional] +**comment** | **str** | The content of the comment. | + +## Example + +```python +from opal_security.models.request_comment import RequestComment + +# TODO update the JSON string below +json = "{}" +# create an instance of RequestComment from a JSON string +request_comment_instance = RequestComment.from_json(json) +# print the JSON string representation of the object +print(RequestComment.to_json()) + +# convert the object into a dict +request_comment_dict = request_comment_instance.to_dict() +# create an instance of RequestComment from a dict +request_comment_from_dict = RequestComment.from_dict(request_comment_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/RequestCommentList.md b/docs/RequestCommentList.md new file mode 100644 index 0000000..8dad3ce --- /dev/null +++ b/docs/RequestCommentList.md @@ -0,0 +1,30 @@ +# RequestCommentList + +A paginated list of request comments + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**comments** | [**List[RequestComment]**](RequestComment.md) | | + +## Example + +```python +from opal_security.models.request_comment_list import RequestCommentList + +# TODO update the JSON string below +json = "{}" +# create an instance of RequestCommentList from a JSON string +request_comment_list_instance = RequestCommentList.from_json(json) +# print the JSON string representation of the object +print(RequestCommentList.to_json()) + +# convert the object into a dict +request_comment_list_dict = request_comment_list_instance.to_dict() +# create an instance of RequestCommentList from a dict +request_comment_list_from_dict = RequestCommentList.from_dict(request_comment_list_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/RequestConfiguration.md b/docs/RequestConfiguration.md index 82e9687..abc7642 100644 --- a/docs/RequestConfiguration.md +++ b/docs/RequestConfiguration.md @@ -13,6 +13,7 @@ Name | Type | Description | Notes **max_duration_minutes** | **int** | The maximum duration for which the resource can be requested (in minutes). | [optional] **recommended_duration_minutes** | **int** | The recommended duration for which the resource should be requested (in minutes). -1 represents an indefinite duration. | [optional] **require_support_ticket** | **bool** | A bool representing whether or not access requests to the resource require an access ticket. | +**extensions_duration_in_minutes** | **int** | The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration. | [optional] **request_template_id** | **str** | The ID of the associated request template. | [optional] **reviewer_stages** | [**List[ReviewerStage]**](ReviewerStage.md) | The list of reviewer stages for the request configuration. | [optional] **priority** | **int** | The priority of the request configuration. | diff --git a/docs/RequestReviewer.md b/docs/RequestReviewer.md index 0f0fa7a..3619b7f 100644 --- a/docs/RequestReviewer.md +++ b/docs/RequestReviewer.md @@ -7,6 +7,7 @@ A reviewer in a request stage Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **id** | **str** | The unique identifier of the reviewer | +**full_name** | **str** | The user's full name. | [optional] **status** | **str** | The status of this reviewer's review | ## Example diff --git a/docs/RequestReviewerStages.md b/docs/RequestReviewerStages.md new file mode 100644 index 0000000..6abd470 --- /dev/null +++ b/docs/RequestReviewerStages.md @@ -0,0 +1,34 @@ +# RequestReviewerStages + +The stages configuration for a request item + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**access_level_name** | **str** | The name of the access level requested. | [optional] +**access_level_remote_id** | **str** | The ID of the access level requested on the remote system. | [optional] +**item_name** | **str** | The name of the requested item | +**item_id** | **str** | The ID of the resource requested. | +**stages** | [**List[RequestStage]**](RequestStage.md) | The stages of review for this request | + +## Example + +```python +from opal_security.models.request_reviewer_stages import RequestReviewerStages + +# TODO update the JSON string below +json = "{}" +# create an instance of RequestReviewerStages from a JSON string +request_reviewer_stages_instance = RequestReviewerStages.from_json(json) +# print the JSON string representation of the object +print(RequestReviewerStages.to_json()) + +# convert the object into a dict +request_reviewer_stages_dict = request_reviewer_stages_instance.to_dict() +# create an instance of RequestReviewerStages from a dict +request_reviewer_stages_from_dict = RequestReviewerStages.from_dict(request_reviewer_stages_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/RequestsApi.md b/docs/RequestsApi.md index e3fc06e..f9eb1a6 100644 --- a/docs/RequestsApi.md +++ b/docs/RequestsApi.md @@ -6,7 +6,10 @@ Method | HTTP request | Description ------------- | ------------- | ------------- [**approve_request**](RequestsApi.md#approve_request) | **POST** /requests/{id}/approve | [**create_request**](RequestsApi.md#create_request) | **POST** /requests | +[**create_request_comment**](RequestsApi.md#create_request_comment) | **POST** /requests/{id}/comments | +[**deny_request**](RequestsApi.md#deny_request) | **POST** /requests/{id}/deny | [**get_request**](RequestsApi.md#get_request) | **GET** /requests/{id} | +[**get_request_comments**](RequestsApi.md#get_request_comments) | **GET** /requests/{id}/comments | [**get_requests**](RequestsApi.md#get_requests) | **GET** /requests | [**get_requests_relay**](RequestsApi.md#get_requests_relay) | **GET** /requests/relay | @@ -173,6 +176,170 @@ Name | Type | Description | Notes [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +# **create_request_comment** +> ApproveRequest200Response create_request_comment(id, create_request_comment_request) + + + +Comment on an access request + +### Example + +* Bearer Authentication (BearerAuth): + +```python +import opal_security +from opal_security.models.approve_request200_response import ApproveRequest200Response +from opal_security.models.create_request_comment_request import CreateRequestCommentRequest +from opal_security.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to https://api.opal.dev/v1 +# See configuration.py for a list of all supported configuration parameters. +import opal_security as opal + +configuration = opal.Configuration( + host = "https://api.opal.dev/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure Bearer authorization: BearerAuth +configuration = opal.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with opal_security.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = opal_security.RequestsApi(api_client) + id = 'id_example' # str | The ID of the request to comment on + create_request_comment_request = opal_security.CreateRequestCommentRequest() # CreateRequestCommentRequest | Comment parameters + + try: + api_response = api_instance.create_request_comment(id, create_request_comment_request) + print("The response of RequestsApi->create_request_comment:\n") + pprint(api_response) + except Exception as e: + print("Exception when calling RequestsApi->create_request_comment: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **id** | **str**| The ID of the request to comment on | + **create_request_comment_request** | [**CreateRequestCommentRequest**](CreateRequestCommentRequest.md)| Comment parameters | + +### Return type + +[**ApproveRequest200Response**](ApproveRequest200Response.md) + +### Authorization + +[BearerAuth](../README.md#BearerAuth) + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | Request successfully commented | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **deny_request** +> ApproveRequest200Response deny_request(id, deny_request_request) + + + +Deny an access request + +### Example + +* Bearer Authentication (BearerAuth): + +```python +import opal_security +from opal_security.models.approve_request200_response import ApproveRequest200Response +from opal_security.models.deny_request_request import DenyRequestRequest +from opal_security.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to https://api.opal.dev/v1 +# See configuration.py for a list of all supported configuration parameters. +import opal_security as opal + +configuration = opal.Configuration( + host = "https://api.opal.dev/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure Bearer authorization: BearerAuth +configuration = opal.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with opal_security.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = opal_security.RequestsApi(api_client) + id = 'id_example' # str | The ID of the request to deny + deny_request_request = opal_security.DenyRequestRequest() # DenyRequestRequest | Denial parameters + + try: + api_response = api_instance.deny_request(id, deny_request_request) + print("The response of RequestsApi->deny_request:\n") + pprint(api_response) + except Exception as e: + print("Exception when calling RequestsApi->deny_request: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **id** | **str**| The ID of the request to deny | + **deny_request_request** | [**DenyRequestRequest**](DenyRequestRequest.md)| Denial parameters | + +### Return type + +[**ApproveRequest200Response**](ApproveRequest200Response.md) + +### Authorization + +[BearerAuth](../README.md#BearerAuth) + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | Request successfully denied | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + # **get_request** > Request get_request(id) @@ -252,6 +419,84 @@ Name | Type | Description | Notes [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +# **get_request_comments** +> RequestCommentList get_request_comments(id) + + + +Returns a list of comments for a specific request. + +### Example + +* Bearer Authentication (BearerAuth): + +```python +import opal_security +from opal_security.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to https://api.opal.dev/v1 +# See configuration.py for a list of all supported configuration parameters. +import opal_security as opal + +configuration = opal.Configuration( + host = "https://api.opal.dev/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure Bearer authorization: BearerAuth +configuration = opal.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with opal_security.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = opal_security.RequestsApi(api_client) + id = 'id_example' # str | The ID of the request to get comments for + + try: + api_response = api_instance.get_request_comments(id) + print("The response of RequestsApi->get_request_comments:\n") + pprint(api_response) + except Exception as e: + print("Exception when calling RequestsApi->get_request_comments: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **id** | **str**| The ID of the request to get comments for | + +### Return type + +[**RequestCommentList**](RequestCommentList.md) + +### Authorization + +[BearerAuth](../README.md#BearerAuth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | A list of comments associated with the specified request. | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + # **get_requests** > RequestList get_requests(start_date_filter=start_date_filter, end_date_filter=end_date_filter, requester_id=requester_id, target_user_id=target_user_id, cursor=cursor, page_size=page_size, show_pending_only=show_pending_only) diff --git a/docs/Resource.md b/docs/Resource.md index 6379297..dfc9515 100644 --- a/docs/Resource.md +++ b/docs/Resource.md @@ -16,6 +16,7 @@ Name | Type | Description | Notes **resource_type** | [**ResourceTypeEnum**](ResourceTypeEnum.md) | | [optional] **max_duration** | **int** | The maximum duration for which the resource can be requested (in minutes). | [optional] **recommended_duration** | **int** | The recommended duration for which the resource should be requested (in minutes). -1 represents an indefinite duration. | [optional] +**extensions_duration_in_minutes** | **int** | The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration. | [optional] **require_manager_approval** | **bool** | A bool representing whether or not access requests to the resource require manager approval. | [optional] **require_support_ticket** | **bool** | A bool representing whether or not access requests to the resource require an access ticket. | [optional] **require_mfa_to_approve** | **bool** | A bool representing whether or not to require MFA for reviewers to approve requests for this resource. | [optional] diff --git a/docs/ResourceAccessUserList.md b/docs/ResourceAccessUserList.md index ee14812..1f6160b 100644 --- a/docs/ResourceAccessUserList.md +++ b/docs/ResourceAccessUserList.md @@ -5,6 +5,8 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- +**next** | **str** | The cursor with which to continue pagination if additional result pages exist. | [optional] +**previous** | **str** | The cursor used to obtain the current result page. | [optional] **results** | [**List[ResourceAccessUser]**](ResourceAccessUser.md) | | [optional] ## Example diff --git a/docs/ResourceRemoteInfo.md b/docs/ResourceRemoteInfo.md index 6752ac4..f0a6231 100644 --- a/docs/ResourceRemoteInfo.md +++ b/docs/ResourceRemoteInfo.md @@ -26,6 +26,7 @@ Name | Type | Description | Notes **gcp_service_account** | [**ResourceRemoteInfoGcpServiceAccount**](ResourceRemoteInfoGcpServiceAccount.md) | | [optional] **google_workspace_role** | [**ResourceRemoteInfoGoogleWorkspaceRole**](ResourceRemoteInfoGoogleWorkspaceRole.md) | | [optional] **github_repo** | [**ResourceRemoteInfoGithubRepo**](ResourceRemoteInfoGithubRepo.md) | | [optional] +**github_org_role** | [**ResourceRemoteInfoGithubOrgRole**](ResourceRemoteInfoGithubOrgRole.md) | | [optional] **gitlab_project** | [**ResourceRemoteInfoGitlabProject**](ResourceRemoteInfoGitlabProject.md) | | [optional] **okta_app** | [**ResourceRemoteInfoOktaApp**](ResourceRemoteInfoOktaApp.md) | | [optional] **okta_standard_role** | [**ResourceRemoteInfoOktaStandardRole**](ResourceRemoteInfoOktaStandardRole.md) | | [optional] @@ -35,6 +36,7 @@ Name | Type | Description | Notes **salesforce_profile** | [**ResourceRemoteInfoSalesforceProfile**](ResourceRemoteInfoSalesforceProfile.md) | | [optional] **salesforce_role** | [**ResourceRemoteInfoSalesforceRole**](ResourceRemoteInfoSalesforceRole.md) | | [optional] **teleport_role** | [**ResourceRemoteInfoTeleportRole**](ResourceRemoteInfoTeleportRole.md) | | [optional] +**datastax_astra_role** | [**ResourceRemoteInfoDatastaxAstraRole**](ResourceRemoteInfoDatastaxAstraRole.md) | | [optional] ## Example diff --git a/docs/ResourceRemoteInfoDatastaxAstraRole.md b/docs/ResourceRemoteInfoDatastaxAstraRole.md new file mode 100644 index 0000000..232bf2b --- /dev/null +++ b/docs/ResourceRemoteInfoDatastaxAstraRole.md @@ -0,0 +1,30 @@ +# ResourceRemoteInfoDatastaxAstraRole + +Remote info for an Astra role. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**role_id** | **str** | The id of the role. | + +## Example + +```python +from opal_security.models.resource_remote_info_datastax_astra_role import ResourceRemoteInfoDatastaxAstraRole + +# TODO update the JSON string below +json = "{}" +# create an instance of ResourceRemoteInfoDatastaxAstraRole from a JSON string +resource_remote_info_datastax_astra_role_instance = ResourceRemoteInfoDatastaxAstraRole.from_json(json) +# print the JSON string representation of the object +print(ResourceRemoteInfoDatastaxAstraRole.to_json()) + +# convert the object into a dict +resource_remote_info_datastax_astra_role_dict = resource_remote_info_datastax_astra_role_instance.to_dict() +# create an instance of ResourceRemoteInfoDatastaxAstraRole from a dict +resource_remote_info_datastax_astra_role_from_dict = ResourceRemoteInfoDatastaxAstraRole.from_dict(resource_remote_info_datastax_astra_role_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/ResourceRemoteInfoGithubOrgRole.md b/docs/ResourceRemoteInfoGithubOrgRole.md new file mode 100644 index 0000000..84d773f --- /dev/null +++ b/docs/ResourceRemoteInfoGithubOrgRole.md @@ -0,0 +1,30 @@ +# ResourceRemoteInfoGithubOrgRole + +Remote info for GitHub organization role. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**role_id** | **str** | The id of the role. | + +## Example + +```python +from opal_security.models.resource_remote_info_github_org_role import ResourceRemoteInfoGithubOrgRole + +# TODO update the JSON string below +json = "{}" +# create an instance of ResourceRemoteInfoGithubOrgRole from a JSON string +resource_remote_info_github_org_role_instance = ResourceRemoteInfoGithubOrgRole.from_json(json) +# print the JSON string representation of the object +print(ResourceRemoteInfoGithubOrgRole.to_json()) + +# convert the object into a dict +resource_remote_info_github_org_role_dict = resource_remote_info_github_org_role_instance.to_dict() +# create an instance of ResourceRemoteInfoGithubOrgRole from a dict +resource_remote_info_github_org_role_from_dict = ResourceRemoteInfoGithubOrgRole.from_dict(resource_remote_info_github_org_role_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/ResourceTypeEnum.md b/docs/ResourceTypeEnum.md index ce4c64c..4b748aa 100644 --- a/docs/ResourceTypeEnum.md +++ b/docs/ResourceTypeEnum.md @@ -124,6 +124,10 @@ The type of the resource. * `TELEPORT_ROLE` (value: `'TELEPORT_ROLE'`) +* `ILEVEL_ADVANCED_ROLE` (value: `'ILEVEL_ADVANCED_ROLE'`) + +* `DATASTAX_ASTRA_ROLE` (value: `'DATASTAX_ASTRA_ROLE'`) + [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/docs/ResourcesApi.md b/docs/ResourcesApi.md index c2af49a..f58c571 100644 --- a/docs/ResourcesApi.md +++ b/docs/ResourcesApi.md @@ -21,6 +21,7 @@ Method | HTTP request | Description [**get_resource_users**](ResourcesApi.md#get_resource_users) | **GET** /resources/{resource_id}/users | [**get_resource_visibility**](ResourcesApi.md#get_resource_visibility) | **GET** /resources/{resource_id}/visibility | [**get_resources**](ResourcesApi.md#get_resources) | **GET** /resources | +[**get_user_resources**](ResourcesApi.md#get_user_resources) | **GET** /resources/users/{user_id} | [**resource_user_access_status_retrieve**](ResourcesApi.md#resource_user_access_status_retrieve) | **GET** /resource-user-access-status/{resource_id}/{user_id} | [**set_resource_message_channels**](ResourcesApi.md#set_resource_message_channels) | **PUT** /resources/{resource_id}/message-channels | [**set_resource_reviewer_stages**](ResourcesApi.md#set_resource_reviewer_stages) | **PUT** /resources/{resource_id}/reviewer-stages | @@ -1318,7 +1319,7 @@ Name | Type | Description | Notes [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) # **get_resources** -> PaginatedResourcesList get_resources(cursor=cursor, page_size=page_size, resource_type_filter=resource_type_filter, resource_ids=resource_ids, resource_name=resource_name, parent_resource_id=parent_resource_id, ancestor_resource_id=ancestor_resource_id) +> PaginatedResourcesList get_resources(cursor=cursor, page_size=page_size, resource_type_filter=resource_type_filter, resource_ids=resource_ids, resource_name=resource_name, parent_resource_id=parent_resource_id, ancestor_resource_id=ancestor_resource_id, remote_id=remote_id) @@ -1359,14 +1360,15 @@ with opal_security.ApiClient(configuration) as api_client: api_instance = opal_security.ResourcesApi(api_client) cursor = 'cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw' # str | The pagination cursor value. (optional) page_size = 200 # int | Number of results to return per page. Default is 200. (optional) - resource_type_filter = opal_security.ResourceTypeEnum() # ResourceTypeEnum | The resource type to filter by. (optional) + resource_type_filter = opal_security.ResourceTypeEnum() # ResourceTypeEnum | The resource type to filter by. Required when remote_id is provided. (optional) resource_ids = ['[\"4baf8423-db0a-4037-a4cf-f79c60cb67a5\",\"1b978423-db0a-4037-a4cf-f79c60cb67b3\"]'] # List[str] | The resource ids to filter by. (optional) resource_name = 'example-name' # str | Resource name. (optional) parent_resource_id = '[\"4baf8423-db0a-4037-a4cf-f79c60cb67a5\"]' # str | The parent resource id to filter by. (optional) ancestor_resource_id = '[\"4baf8423-db0a-4037-a4cf-f79c60cb67a5\"]' # str | The ancestor resource id to filter by. Returns all resources that are descendants of the specified resource. (optional) + remote_id = 'remote_id_example' # str | Filter resources by their remote id. This will return all resources that have a remote id that matches the provided remote id. Note that this requires resource_type_filter to be provided. (optional) try: - api_response = api_instance.get_resources(cursor=cursor, page_size=page_size, resource_type_filter=resource_type_filter, resource_ids=resource_ids, resource_name=resource_name, parent_resource_id=parent_resource_id, ancestor_resource_id=ancestor_resource_id) + api_response = api_instance.get_resources(cursor=cursor, page_size=page_size, resource_type_filter=resource_type_filter, resource_ids=resource_ids, resource_name=resource_name, parent_resource_id=parent_resource_id, ancestor_resource_id=ancestor_resource_id, remote_id=remote_id) print("The response of ResourcesApi->get_resources:\n") pprint(api_response) except Exception as e: @@ -1382,11 +1384,12 @@ Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **cursor** | **str**| The pagination cursor value. | [optional] **page_size** | **int**| Number of results to return per page. Default is 200. | [optional] - **resource_type_filter** | [**ResourceTypeEnum**](.md)| The resource type to filter by. | [optional] + **resource_type_filter** | [**ResourceTypeEnum**](.md)| The resource type to filter by. Required when remote_id is provided. | [optional] **resource_ids** | [**List[str]**](str.md)| The resource ids to filter by. | [optional] **resource_name** | **str**| Resource name. | [optional] **parent_resource_id** | **str**| The parent resource id to filter by. | [optional] **ancestor_resource_id** | **str**| The ancestor resource id to filter by. Returns all resources that are descendants of the specified resource. | [optional] + **remote_id** | **str**| Filter resources by their remote id. This will return all resources that have a remote id that matches the provided remote id. Note that this requires resource_type_filter to be provided. | [optional] ### Return type @@ -1409,6 +1412,91 @@ Name | Type | Description | Notes [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +# **get_user_resources** +> ResourceAccessUserList get_user_resources(user_id, limit=limit, cursor=cursor, include_unmanaged=include_unmanaged) + + + +Gets the list of resources for this user. + +### Example + +* Bearer Authentication (BearerAuth): + +```python +import opal_security +from opal_security.models.resource_access_user_list import ResourceAccessUserList +from opal_security.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to https://api.opal.dev/v1 +# See configuration.py for a list of all supported configuration parameters. +import opal_security as opal + +configuration = opal.Configuration( + host = "https://api.opal.dev/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure Bearer authorization: BearerAuth +configuration = opal.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with opal_security.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = opal_security.ResourcesApi(api_client) + user_id = '4baf8423-db0a-4037-a4cf-f79c60cb67a5' # str | The ID of the user. + limit = 200 # int | Limit the number of results returned. (optional) + cursor = 'cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw' # str | The pagination cursor value. (optional) + include_unmanaged = false # bool | Include user's access to unmanaged resources. (optional) + + try: + api_response = api_instance.get_user_resources(user_id, limit=limit, cursor=cursor, include_unmanaged=include_unmanaged) + print("The response of ResourcesApi->get_user_resources:\n") + pprint(api_response) + except Exception as e: + print("Exception when calling ResourcesApi->get_user_resources: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| The ID of the user. | + **limit** | **int**| Limit the number of results returned. | [optional] + **cursor** | **str**| The pagination cursor value. | [optional] + **include_unmanaged** | **bool**| Include user's access to unmanaged resources. | [optional] + +### Return type + +[**ResourceAccessUserList**](ResourceAccessUserList.md) + +### Authorization + +[BearerAuth](../README.md#BearerAuth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | List of resources user has access to. | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + # **resource_user_access_status_retrieve** > ResourceUserAccessStatus resource_user_access_status_retrieve(resource_id, user_id, access_level_remote_id=access_level_remote_id, cursor=cursor, page_size=page_size) diff --git a/docs/UpdateGroupInfo.md b/docs/UpdateGroupInfo.md index 08dc4f5..1c66393 100644 --- a/docs/UpdateGroupInfo.md +++ b/docs/UpdateGroupInfo.md @@ -22,6 +22,7 @@ Name | Type | Description | Notes **request_template_id** | **str** | The ID of the associated request template. Deprecated in favor of `request_configurations`. | [optional] **is_requestable** | **bool** | A bool representing whether or not to allow access requests to this group. Deprecated in favor of `request_configurations`. | [optional] **group_leader_user_ids** | **List[str]** | A list of User IDs for the group leaders of the group | [optional] +**extensions_duration_in_minutes** | **int** | The duration for which access can be extended (in minutes). | [optional] **request_configurations** | [**List[RequestConfiguration]**](RequestConfiguration.md) | The request configuration list of the configuration template. If not provided, the default request configuration will be used. | [optional] **request_configuration_list** | [**CreateRequestConfigurationInfoList**](CreateRequestConfigurationInfoList.md) | The request configuration list of the configuration template. If not provided, the default request configuration will be used. Deprecated in favor of `request_configurations`. | [optional] **custom_request_notification** | **str** | Custom request notification sent to the requester when the request is approved. | [optional] diff --git a/docs/UpdateResourceInfo.md b/docs/UpdateResourceInfo.md index f4ee275..736d2d2 100644 --- a/docs/UpdateResourceInfo.md +++ b/docs/UpdateResourceInfo.md @@ -25,6 +25,7 @@ Name | Type | Description | Notes **configuration_template_id** | **str** | The ID of the associated configuration template. | [optional] **request_template_id** | **str** | The ID of the associated request template. Deprecated in favor of `request_configurations`. | [optional] **is_requestable** | **bool** | A bool representing whether or not to allow access requests to this resource. Deprecated in favor of `request_configurations`. | [optional] +**extensions_duration_in_minutes** | **int** | The duration for which access can be extended (in minutes). | [optional] **request_configurations** | [**List[RequestConfiguration]**](RequestConfiguration.md) | A list of configurations for requests to this resource. If not provided, the default request configuration will be used. | [optional] **request_configuration_list** | [**CreateRequestConfigurationInfoList**](CreateRequestConfigurationInfoList.md) | A list of configurations for requests to this resource. If not provided, the default request configuration will be used. Deprecated in favor of `request_configurations`. | [optional] diff --git a/opal_security/__init__.py b/opal_security/__init__.py index 267d58b..3c99d12 100644 --- a/opal_security/__init__.py +++ b/opal_security/__init__.py @@ -32,7 +32,6 @@ from opal_security.api.owners_api import OwnersApi from opal_security.api.requests_api import RequestsApi from opal_security.api.resources_api import ResourcesApi -from opal_security.api.scoped_role_permissions_api import ScopedRolePermissionsApi from opal_security.api.sessions_api import SessionsApi from opal_security.api.tags_api import TagsApi from opal_security.api.uars_api import UarsApi @@ -79,10 +78,12 @@ from opal_security.models.create_group_binding_info import CreateGroupBindingInfo from opal_security.models.create_group_binding_info_groups_inner import CreateGroupBindingInfoGroupsInner from opal_security.models.create_group_info import CreateGroupInfo +from opal_security.models.create_idp_group_mapping_request import CreateIdpGroupMappingRequest from opal_security.models.create_message_channel_info import CreateMessageChannelInfo from opal_security.models.create_on_call_schedule_info import CreateOnCallScheduleInfo from opal_security.models.create_owner_info import CreateOwnerInfo from opal_security.models.create_request200_response import CreateRequest200Response +from opal_security.models.create_request_comment_request import CreateRequestCommentRequest from opal_security.models.create_request_configuration_info_list import CreateRequestConfigurationInfoList from opal_security.models.create_request_info import CreateRequestInfo from opal_security.models.create_request_info_custom_metadata_inner import CreateRequestInfoCustomMetadataInner @@ -92,6 +93,7 @@ from opal_security.models.create_resource_info import CreateResourceInfo from opal_security.models.create_tag_info import CreateTagInfo from opal_security.models.create_uar_info import CreateUARInfo +from opal_security.models.deny_request_request import DenyRequestRequest from opal_security.models.entity_type_enum import EntityTypeEnum from opal_security.models.event import Event from opal_security.models.get_resource_user200_response import GetResourceUser200Response @@ -150,6 +152,9 @@ from opal_security.models.propagation_status_enum import PropagationStatusEnum from opal_security.models.remote_user import RemoteUser from opal_security.models.request import Request +from opal_security.models.request_approval_enum import RequestApprovalEnum +from opal_security.models.request_comment import RequestComment +from opal_security.models.request_comment_list import RequestCommentList from opal_security.models.request_configuration import RequestConfiguration from opal_security.models.request_connection import RequestConnection from opal_security.models.request_custom_field_response import RequestCustomFieldResponse @@ -158,6 +163,7 @@ from opal_security.models.request_item_stages import RequestItemStages from opal_security.models.request_list import RequestList from opal_security.models.request_reviewer import RequestReviewer +from opal_security.models.request_reviewer_stages import RequestReviewerStages from opal_security.models.request_stage import RequestStage from opal_security.models.request_status_enum import RequestStatusEnum from opal_security.models.request_template_custom_field_type_enum import RequestTemplateCustomFieldTypeEnum @@ -176,6 +182,7 @@ from opal_security.models.resource_remote_info_aws_permission_set import ResourceRemoteInfoAwsPermissionSet from opal_security.models.resource_remote_info_aws_rds_instance import ResourceRemoteInfoAwsRdsInstance from opal_security.models.resource_remote_info_custom_connector import ResourceRemoteInfoCustomConnector +from opal_security.models.resource_remote_info_datastax_astra_role import ResourceRemoteInfoDatastaxAstraRole from opal_security.models.resource_remote_info_gcp_big_query_dataset import ResourceRemoteInfoGcpBigQueryDataset from opal_security.models.resource_remote_info_gcp_big_query_table import ResourceRemoteInfoGcpBigQueryTable from opal_security.models.resource_remote_info_gcp_bucket import ResourceRemoteInfoGcpBucket @@ -186,6 +193,7 @@ from opal_security.models.resource_remote_info_gcp_project import ResourceRemoteInfoGcpProject from opal_security.models.resource_remote_info_gcp_service_account import ResourceRemoteInfoGcpServiceAccount from opal_security.models.resource_remote_info_gcp_sql_instance import ResourceRemoteInfoGcpSqlInstance +from opal_security.models.resource_remote_info_github_org_role import ResourceRemoteInfoGithubOrgRole from opal_security.models.resource_remote_info_github_repo import ResourceRemoteInfoGithubRepo from opal_security.models.resource_remote_info_gitlab_project import ResourceRemoteInfoGitlabProject from opal_security.models.resource_remote_info_google_workspace_role import ResourceRemoteInfoGoogleWorkspaceRole diff --git a/opal_security/api/__init__.py b/opal_security/api/__init__.py index 66e8f5b..e6c3fcc 100644 --- a/opal_security/api/__init__.py +++ b/opal_security/api/__init__.py @@ -15,7 +15,6 @@ from opal_security.api.owners_api import OwnersApi from opal_security.api.requests_api import RequestsApi from opal_security.api.resources_api import ResourcesApi -from opal_security.api.scoped_role_permissions_api import ScopedRolePermissionsApi from opal_security.api.sessions_api import SessionsApi from opal_security.api.tags_api import TagsApi from opal_security.api.uars_api import UarsApi diff --git a/opal_security/api/groups_api.py b/opal_security/api/groups_api.py index 2750b36..a7cb181 100644 --- a/opal_security/api/groups_api.py +++ b/opal_security/api/groups_api.py @@ -4199,6 +4199,8 @@ def _get_group_tags_serialize( def get_group_users( self, group_id: Annotated[StrictStr, Field(description="The ID of the group.")], + cursor: Annotated[Optional[StrictStr], Field(description="The pagination cursor value.")] = None, + page_size: Annotated[Optional[Annotated[int, Field(le=1000, strict=True)]], Field(description="Number of results to return per page. Default is 200.")] = None, _request_timeout: Union[ None, Annotated[StrictFloat, Field(gt=0)], @@ -4218,6 +4220,10 @@ def get_group_users( :param group_id: The ID of the group. (required) :type group_id: str + :param cursor: The pagination cursor value. + :type cursor: str + :param page_size: Number of results to return per page. Default is 200. + :type page_size: int :param _request_timeout: timeout setting for this request. If one number provided, it will be total request timeout. It can also be a pair (tuple) of @@ -4242,6 +4248,8 @@ def get_group_users( _param = self._get_group_users_serialize( group_id=group_id, + cursor=cursor, + page_size=page_size, _request_auth=_request_auth, _content_type=_content_type, _headers=_headers, @@ -4266,6 +4274,8 @@ def get_group_users( def get_group_users_with_http_info( self, group_id: Annotated[StrictStr, Field(description="The ID of the group.")], + cursor: Annotated[Optional[StrictStr], Field(description="The pagination cursor value.")] = None, + page_size: Annotated[Optional[Annotated[int, Field(le=1000, strict=True)]], Field(description="Number of results to return per page. Default is 200.")] = None, _request_timeout: Union[ None, Annotated[StrictFloat, Field(gt=0)], @@ -4285,6 +4295,10 @@ def get_group_users_with_http_info( :param group_id: The ID of the group. (required) :type group_id: str + :param cursor: The pagination cursor value. + :type cursor: str + :param page_size: Number of results to return per page. Default is 200. + :type page_size: int :param _request_timeout: timeout setting for this request. If one number provided, it will be total request timeout. It can also be a pair (tuple) of @@ -4309,6 +4323,8 @@ def get_group_users_with_http_info( _param = self._get_group_users_serialize( group_id=group_id, + cursor=cursor, + page_size=page_size, _request_auth=_request_auth, _content_type=_content_type, _headers=_headers, @@ -4333,6 +4349,8 @@ def get_group_users_with_http_info( def get_group_users_without_preload_content( self, group_id: Annotated[StrictStr, Field(description="The ID of the group.")], + cursor: Annotated[Optional[StrictStr], Field(description="The pagination cursor value.")] = None, + page_size: Annotated[Optional[Annotated[int, Field(le=1000, strict=True)]], Field(description="Number of results to return per page. Default is 200.")] = None, _request_timeout: Union[ None, Annotated[StrictFloat, Field(gt=0)], @@ -4352,6 +4370,10 @@ def get_group_users_without_preload_content( :param group_id: The ID of the group. (required) :type group_id: str + :param cursor: The pagination cursor value. + :type cursor: str + :param page_size: Number of results to return per page. Default is 200. + :type page_size: int :param _request_timeout: timeout setting for this request. If one number provided, it will be total request timeout. It can also be a pair (tuple) of @@ -4376,6 +4398,8 @@ def get_group_users_without_preload_content( _param = self._get_group_users_serialize( group_id=group_id, + cursor=cursor, + page_size=page_size, _request_auth=_request_auth, _content_type=_content_type, _headers=_headers, @@ -4395,6 +4419,8 @@ def get_group_users_without_preload_content( def _get_group_users_serialize( self, group_id, + cursor, + page_size, _request_auth, _content_type, _headers, @@ -4419,6 +4445,14 @@ def _get_group_users_serialize( if group_id is not None: _path_params['group_id'] = group_id # process the query parameters + if cursor is not None: + + _query_params.append(('cursor', cursor)) + + if page_size is not None: + + _query_params.append(('page_size', page_size)) + # process the header parameters # process the form parameters # process the body parameter @@ -5049,6 +5083,301 @@ def _get_groups_serialize( + @validate_call + def get_user_groups( + self, + user_id: Annotated[StrictStr, Field(description="The ID of the user whose groups to return.")], + cursor: Annotated[Optional[StrictStr], Field(description="The pagination cursor value.")] = None, + page_size: Annotated[Optional[Annotated[int, Field(le=1000, strict=True)]], Field(description="Number of results to return per page. Default is 200.")] = None, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> GroupUserList: + """get_user_groups + + Returns all groups that the user is a member of. + + :param user_id: The ID of the user whose groups to return. (required) + :type user_id: str + :param cursor: The pagination cursor value. + :type cursor: str + :param page_size: Number of results to return per page. Default is 200. + :type page_size: int + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._get_user_groups_serialize( + user_id=user_id, + cursor=cursor, + page_size=page_size, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "GroupUserList", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ).data + + + @validate_call + def get_user_groups_with_http_info( + self, + user_id: Annotated[StrictStr, Field(description="The ID of the user whose groups to return.")], + cursor: Annotated[Optional[StrictStr], Field(description="The pagination cursor value.")] = None, + page_size: Annotated[Optional[Annotated[int, Field(le=1000, strict=True)]], Field(description="Number of results to return per page. Default is 200.")] = None, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> ApiResponse[GroupUserList]: + """get_user_groups + + Returns all groups that the user is a member of. + + :param user_id: The ID of the user whose groups to return. (required) + :type user_id: str + :param cursor: The pagination cursor value. + :type cursor: str + :param page_size: Number of results to return per page. Default is 200. + :type page_size: int + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._get_user_groups_serialize( + user_id=user_id, + cursor=cursor, + page_size=page_size, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "GroupUserList", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ) + + + @validate_call + def get_user_groups_without_preload_content( + self, + user_id: Annotated[StrictStr, Field(description="The ID of the user whose groups to return.")], + cursor: Annotated[Optional[StrictStr], Field(description="The pagination cursor value.")] = None, + page_size: Annotated[Optional[Annotated[int, Field(le=1000, strict=True)]], Field(description="Number of results to return per page. Default is 200.")] = None, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> RESTResponseType: + """get_user_groups + + Returns all groups that the user is a member of. + + :param user_id: The ID of the user whose groups to return. (required) + :type user_id: str + :param cursor: The pagination cursor value. + :type cursor: str + :param page_size: Number of results to return per page. Default is 200. + :type page_size: int + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._get_user_groups_serialize( + user_id=user_id, + cursor=cursor, + page_size=page_size, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "GroupUserList", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + return response_data.response + + + def _get_user_groups_serialize( + self, + user_id, + cursor, + page_size, + _request_auth, + _content_type, + _headers, + _host_index, + ) -> RequestSerialized: + + _host = None + + _collection_formats: Dict[str, str] = { + } + + _path_params: Dict[str, str] = {} + _query_params: List[Tuple[str, str]] = [] + _header_params: Dict[str, Optional[str]] = _headers or {} + _form_params: List[Tuple[str, str]] = [] + _files: Dict[ + str, Union[str, bytes, List[str], List[bytes], List[Tuple[str, bytes]]] + ] = {} + _body_params: Optional[bytes] = None + + # process the path parameters + if user_id is not None: + _path_params['user_id'] = user_id + # process the query parameters + if cursor is not None: + + _query_params.append(('cursor', cursor)) + + if page_size is not None: + + _query_params.append(('page_size', page_size)) + + # process the header parameters + # process the form parameters + # process the body parameter + + + # set the HTTP header `Accept` + if 'Accept' not in _header_params: + _header_params['Accept'] = self.api_client.select_header_accept( + [ + 'application/json' + ] + ) + + + # authentication setting + _auth_settings: List[str] = [ + 'BearerAuth' + ] + + return self.api_client.param_serialize( + method='GET', + resource_path='/groups/users/{user_id}', + path_params=_path_params, + query_params=_query_params, + header_params=_header_params, + body=_body_params, + post_params=_form_params, + files=_files, + auth_settings=_auth_settings, + collection_formats=_collection_formats, + _host=_host, + _request_auth=_request_auth + ) + + + + @validate_call def remove_group_containing_group( self, diff --git a/opal_security/api/idp_group_mappings_api.py b/opal_security/api/idp_group_mappings_api.py index b0fcf35..108cae8 100644 --- a/opal_security/api/idp_group_mappings_api.py +++ b/opal_security/api/idp_group_mappings_api.py @@ -18,7 +18,10 @@ from typing_extensions import Annotated from pydantic import Field, StrictStr +from typing import Optional from typing_extensions import Annotated +from opal_security.models.create_idp_group_mapping_request import CreateIdpGroupMappingRequest +from opal_security.models.idp_group_mapping import IdpGroupMapping from opal_security.models.idp_group_mapping_list import IdpGroupMappingList from opal_security.models.update_idp_group_mappings_request import UpdateIdpGroupMappingsRequest @@ -40,6 +43,310 @@ def __init__(self, api_client=None) -> None: self.api_client = api_client + @validate_call + def create_idp_group_mapping( + self, + app_resource_id: Annotated[StrictStr, Field(description="The ID of the Okta app.")], + group_id: Annotated[StrictStr, Field(description="The ID of the group.")], + create_idp_group_mapping_request: Optional[CreateIdpGroupMappingRequest] = None, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> IdpGroupMapping: + """create_idp_group_mapping + + Creates or updates an individual `IdpGroupMapping` object (upsert operation). **Behavior:** - If the mapping doesn't exist, it will be created with the provided values - If the mapping exists, only the fields provided in the request will be updated + + :param app_resource_id: The ID of the Okta app. (required) + :type app_resource_id: str + :param group_id: The ID of the group. (required) + :type group_id: str + :param create_idp_group_mapping_request: + :type create_idp_group_mapping_request: CreateIdpGroupMappingRequest + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._create_idp_group_mapping_serialize( + app_resource_id=app_resource_id, + group_id=group_id, + create_idp_group_mapping_request=create_idp_group_mapping_request, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "IdpGroupMapping", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ).data + + + @validate_call + def create_idp_group_mapping_with_http_info( + self, + app_resource_id: Annotated[StrictStr, Field(description="The ID of the Okta app.")], + group_id: Annotated[StrictStr, Field(description="The ID of the group.")], + create_idp_group_mapping_request: Optional[CreateIdpGroupMappingRequest] = None, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> ApiResponse[IdpGroupMapping]: + """create_idp_group_mapping + + Creates or updates an individual `IdpGroupMapping` object (upsert operation). **Behavior:** - If the mapping doesn't exist, it will be created with the provided values - If the mapping exists, only the fields provided in the request will be updated + + :param app_resource_id: The ID of the Okta app. (required) + :type app_resource_id: str + :param group_id: The ID of the group. (required) + :type group_id: str + :param create_idp_group_mapping_request: + :type create_idp_group_mapping_request: CreateIdpGroupMappingRequest + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._create_idp_group_mapping_serialize( + app_resource_id=app_resource_id, + group_id=group_id, + create_idp_group_mapping_request=create_idp_group_mapping_request, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "IdpGroupMapping", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ) + + + @validate_call + def create_idp_group_mapping_without_preload_content( + self, + app_resource_id: Annotated[StrictStr, Field(description="The ID of the Okta app.")], + group_id: Annotated[StrictStr, Field(description="The ID of the group.")], + create_idp_group_mapping_request: Optional[CreateIdpGroupMappingRequest] = None, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> RESTResponseType: + """create_idp_group_mapping + + Creates or updates an individual `IdpGroupMapping` object (upsert operation). **Behavior:** - If the mapping doesn't exist, it will be created with the provided values - If the mapping exists, only the fields provided in the request will be updated + + :param app_resource_id: The ID of the Okta app. (required) + :type app_resource_id: str + :param group_id: The ID of the group. (required) + :type group_id: str + :param create_idp_group_mapping_request: + :type create_idp_group_mapping_request: CreateIdpGroupMappingRequest + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._create_idp_group_mapping_serialize( + app_resource_id=app_resource_id, + group_id=group_id, + create_idp_group_mapping_request=create_idp_group_mapping_request, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "IdpGroupMapping", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + return response_data.response + + + def _create_idp_group_mapping_serialize( + self, + app_resource_id, + group_id, + create_idp_group_mapping_request, + _request_auth, + _content_type, + _headers, + _host_index, + ) -> RequestSerialized: + + _host = None + + _collection_formats: Dict[str, str] = { + } + + _path_params: Dict[str, str] = {} + _query_params: List[Tuple[str, str]] = [] + _header_params: Dict[str, Optional[str]] = _headers or {} + _form_params: List[Tuple[str, str]] = [] + _files: Dict[ + str, Union[str, bytes, List[str], List[bytes], List[Tuple[str, bytes]]] + ] = {} + _body_params: Optional[bytes] = None + + # process the path parameters + if app_resource_id is not None: + _path_params['app_resource_id'] = app_resource_id + if group_id is not None: + _path_params['group_id'] = group_id + # process the query parameters + # process the header parameters + # process the form parameters + # process the body parameter + if create_idp_group_mapping_request is not None: + _body_params = create_idp_group_mapping_request + + + # set the HTTP header `Accept` + if 'Accept' not in _header_params: + _header_params['Accept'] = self.api_client.select_header_accept( + [ + 'application/json' + ] + ) + + # set the HTTP header `Content-Type` + if _content_type: + _header_params['Content-Type'] = _content_type + else: + _default_content_type = ( + self.api_client.select_header_content_type( + [ + 'application/json' + ] + ) + ) + if _default_content_type is not None: + _header_params['Content-Type'] = _default_content_type + + # authentication setting + _auth_settings: List[str] = [ + 'BearerAuth' + ] + + return self.api_client.param_serialize( + method='POST', + resource_path='/idp-group-mappings/{app_resource_id}/{group_id}/', + path_params=_path_params, + query_params=_query_params, + header_params=_header_params, + body=_body_params, + post_params=_form_params, + files=_files, + auth_settings=_auth_settings, + collection_formats=_collection_formats, + _host=_host, + _request_auth=_request_auth + ) + + + + @validate_call def delete_idp_group_mappings( self, diff --git a/opal_security/api/requests_api.py b/opal_security/api/requests_api.py index 407a7ed..8c4bb83 100644 --- a/opal_security/api/requests_api.py +++ b/opal_security/api/requests_api.py @@ -18,12 +18,14 @@ from typing_extensions import Annotated from pydantic import Field, StrictBool, StrictStr -from typing import Optional +from typing import Any, Dict, Optional from typing_extensions import Annotated from opal_security.models.approve_request200_response import ApproveRequest200Response from opal_security.models.approve_request_request import ApproveRequestRequest from opal_security.models.create_request200_response import CreateRequest200Response +from opal_security.models.create_request_comment_request import CreateRequestCommentRequest from opal_security.models.create_request_info import CreateRequestInfo +from opal_security.models.deny_request_request import DenyRequestRequest from opal_security.models.request import Request from opal_security.models.request_connection import RequestConnection from opal_security.models.request_list import RequestList @@ -610,6 +612,584 @@ def _create_request_serialize( + @validate_call + def create_request_comment( + self, + id: Annotated[StrictStr, Field(description="The ID of the request to comment on")], + create_request_comment_request: Annotated[CreateRequestCommentRequest, Field(description="Comment parameters")], + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> ApproveRequest200Response: + """create_request_comment + + Comment on an access request + + :param id: The ID of the request to comment on (required) + :type id: str + :param create_request_comment_request: Comment parameters (required) + :type create_request_comment_request: CreateRequestCommentRequest + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._create_request_comment_serialize( + id=id, + create_request_comment_request=create_request_comment_request, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "ApproveRequest200Response", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ).data + + + @validate_call + def create_request_comment_with_http_info( + self, + id: Annotated[StrictStr, Field(description="The ID of the request to comment on")], + create_request_comment_request: Annotated[CreateRequestCommentRequest, Field(description="Comment parameters")], + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> ApiResponse[ApproveRequest200Response]: + """create_request_comment + + Comment on an access request + + :param id: The ID of the request to comment on (required) + :type id: str + :param create_request_comment_request: Comment parameters (required) + :type create_request_comment_request: CreateRequestCommentRequest + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._create_request_comment_serialize( + id=id, + create_request_comment_request=create_request_comment_request, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "ApproveRequest200Response", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ) + + + @validate_call + def create_request_comment_without_preload_content( + self, + id: Annotated[StrictStr, Field(description="The ID of the request to comment on")], + create_request_comment_request: Annotated[CreateRequestCommentRequest, Field(description="Comment parameters")], + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> RESTResponseType: + """create_request_comment + + Comment on an access request + + :param id: The ID of the request to comment on (required) + :type id: str + :param create_request_comment_request: Comment parameters (required) + :type create_request_comment_request: CreateRequestCommentRequest + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._create_request_comment_serialize( + id=id, + create_request_comment_request=create_request_comment_request, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "ApproveRequest200Response", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + return response_data.response + + + def _create_request_comment_serialize( + self, + id, + create_request_comment_request, + _request_auth, + _content_type, + _headers, + _host_index, + ) -> RequestSerialized: + + _host = None + + _collection_formats: Dict[str, str] = { + } + + _path_params: Dict[str, str] = {} + _query_params: List[Tuple[str, str]] = [] + _header_params: Dict[str, Optional[str]] = _headers or {} + _form_params: List[Tuple[str, str]] = [] + _files: Dict[ + str, Union[str, bytes, List[str], List[bytes], List[Tuple[str, bytes]]] + ] = {} + _body_params: Optional[bytes] = None + + # process the path parameters + if id is not None: + _path_params['id'] = id + # process the query parameters + # process the header parameters + # process the form parameters + # process the body parameter + if create_request_comment_request is not None: + _body_params = create_request_comment_request + + + # set the HTTP header `Accept` + if 'Accept' not in _header_params: + _header_params['Accept'] = self.api_client.select_header_accept( + [ + 'application/json' + ] + ) + + # set the HTTP header `Content-Type` + if _content_type: + _header_params['Content-Type'] = _content_type + else: + _default_content_type = ( + self.api_client.select_header_content_type( + [ + 'application/json' + ] + ) + ) + if _default_content_type is not None: + _header_params['Content-Type'] = _default_content_type + + # authentication setting + _auth_settings: List[str] = [ + 'BearerAuth' + ] + + return self.api_client.param_serialize( + method='POST', + resource_path='/requests/{id}/comments', + path_params=_path_params, + query_params=_query_params, + header_params=_header_params, + body=_body_params, + post_params=_form_params, + files=_files, + auth_settings=_auth_settings, + collection_formats=_collection_formats, + _host=_host, + _request_auth=_request_auth + ) + + + + + @validate_call + def deny_request( + self, + id: Annotated[StrictStr, Field(description="The ID of the request to deny")], + deny_request_request: Annotated[DenyRequestRequest, Field(description="Denial parameters")], + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> ApproveRequest200Response: + """deny_request + + Deny an access request + + :param id: The ID of the request to deny (required) + :type id: str + :param deny_request_request: Denial parameters (required) + :type deny_request_request: DenyRequestRequest + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._deny_request_serialize( + id=id, + deny_request_request=deny_request_request, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "ApproveRequest200Response", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ).data + + + @validate_call + def deny_request_with_http_info( + self, + id: Annotated[StrictStr, Field(description="The ID of the request to deny")], + deny_request_request: Annotated[DenyRequestRequest, Field(description="Denial parameters")], + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> ApiResponse[ApproveRequest200Response]: + """deny_request + + Deny an access request + + :param id: The ID of the request to deny (required) + :type id: str + :param deny_request_request: Denial parameters (required) + :type deny_request_request: DenyRequestRequest + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._deny_request_serialize( + id=id, + deny_request_request=deny_request_request, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "ApproveRequest200Response", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ) + + + @validate_call + def deny_request_without_preload_content( + self, + id: Annotated[StrictStr, Field(description="The ID of the request to deny")], + deny_request_request: Annotated[DenyRequestRequest, Field(description="Denial parameters")], + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> RESTResponseType: + """deny_request + + Deny an access request + + :param id: The ID of the request to deny (required) + :type id: str + :param deny_request_request: Denial parameters (required) + :type deny_request_request: DenyRequestRequest + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._deny_request_serialize( + id=id, + deny_request_request=deny_request_request, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "ApproveRequest200Response", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + return response_data.response + + + def _deny_request_serialize( + self, + id, + deny_request_request, + _request_auth, + _content_type, + _headers, + _host_index, + ) -> RequestSerialized: + + _host = None + + _collection_formats: Dict[str, str] = { + } + + _path_params: Dict[str, str] = {} + _query_params: List[Tuple[str, str]] = [] + _header_params: Dict[str, Optional[str]] = _headers or {} + _form_params: List[Tuple[str, str]] = [] + _files: Dict[ + str, Union[str, bytes, List[str], List[bytes], List[Tuple[str, bytes]]] + ] = {} + _body_params: Optional[bytes] = None + + # process the path parameters + if id is not None: + _path_params['id'] = id + # process the query parameters + # process the header parameters + # process the form parameters + # process the body parameter + if deny_request_request is not None: + _body_params = deny_request_request + + + # set the HTTP header `Accept` + if 'Accept' not in _header_params: + _header_params['Accept'] = self.api_client.select_header_accept( + [ + 'application/json' + ] + ) + + # set the HTTP header `Content-Type` + if _content_type: + _header_params['Content-Type'] = _content_type + else: + _default_content_type = ( + self.api_client.select_header_content_type( + [ + 'application/json' + ] + ) + ) + if _default_content_type is not None: + _header_params['Content-Type'] = _default_content_type + + # authentication setting + _auth_settings: List[str] = [ + 'BearerAuth' + ] + + return self.api_client.param_serialize( + method='POST', + resource_path='/requests/{id}/deny', + path_params=_path_params, + query_params=_query_params, + header_params=_header_params, + body=_body_params, + post_params=_form_params, + files=_files, + auth_settings=_auth_settings, + collection_formats=_collection_formats, + _host=_host, + _request_auth=_request_auth + ) + + + + @validate_call def get_request( self, @@ -871,6 +1451,267 @@ def _get_request_serialize( + @validate_call + def get_request_comments( + self, + id: Annotated[StrictStr, Field(description="The ID of the request to get comments for")], + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> RequestCommentList: + """get_request_comments + + Returns a list of comments for a specific request. + + :param id: The ID of the request to get comments for (required) + :type id: str + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._get_request_comments_serialize( + id=id, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "RequestCommentList", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ).data + + + @validate_call + def get_request_comments_with_http_info( + self, + id: Annotated[StrictStr, Field(description="The ID of the request to get comments for")], + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> ApiResponse[RequestCommentList]: + """get_request_comments + + Returns a list of comments for a specific request. + + :param id: The ID of the request to get comments for (required) + :type id: str + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._get_request_comments_serialize( + id=id, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "RequestCommentList", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ) + + + @validate_call + def get_request_comments_without_preload_content( + self, + id: Annotated[StrictStr, Field(description="The ID of the request to get comments for")], + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> RESTResponseType: + """get_request_comments + + Returns a list of comments for a specific request. + + :param id: The ID of the request to get comments for (required) + :type id: str + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._get_request_comments_serialize( + id=id, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "RequestCommentList", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + return response_data.response + + + def _get_request_comments_serialize( + self, + id, + _request_auth, + _content_type, + _headers, + _host_index, + ) -> RequestSerialized: + + _host = None + + _collection_formats: Dict[str, str] = { + } + + _path_params: Dict[str, str] = {} + _query_params: List[Tuple[str, str]] = [] + _header_params: Dict[str, Optional[str]] = _headers or {} + _form_params: List[Tuple[str, str]] = [] + _files: Dict[ + str, Union[str, bytes, List[str], List[bytes], List[Tuple[str, bytes]]] + ] = {} + _body_params: Optional[bytes] = None + + # process the path parameters + if id is not None: + _path_params['id'] = id + # process the query parameters + # process the header parameters + # process the form parameters + # process the body parameter + + + # set the HTTP header `Accept` + if 'Accept' not in _header_params: + _header_params['Accept'] = self.api_client.select_header_accept( + [ + 'application/json' + ] + ) + + + # authentication setting + _auth_settings: List[str] = [ + 'BearerAuth' + ] + + return self.api_client.param_serialize( + method='GET', + resource_path='/requests/{id}/comments', + path_params=_path_params, + query_params=_query_params, + header_params=_header_params, + body=_body_params, + post_params=_form_params, + files=_files, + auth_settings=_auth_settings, + collection_formats=_collection_formats, + _host=_host, + _request_auth=_request_auth + ) + + + + @validate_call def get_requests( self, diff --git a/opal_security/api/resources_api.py b/opal_security/api/resources_api.py index c620b14..aea3ed9 100644 --- a/opal_security/api/resources_api.py +++ b/opal_security/api/resources_api.py @@ -17,7 +17,7 @@ from typing import Any, Dict, List, Optional, Tuple, Union from typing_extensions import Annotated -from pydantic import Field, StrictInt, StrictStr +from pydantic import Field, StrictBool, StrictInt, StrictStr from typing import List, Optional from typing_extensions import Annotated from opal_security.models.access_list import AccessList @@ -4487,11 +4487,12 @@ def get_resources( self, cursor: Annotated[Optional[StrictStr], Field(description="The pagination cursor value.")] = None, page_size: Annotated[Optional[Annotated[int, Field(le=1000, strict=True)]], Field(description="Number of results to return per page. Default is 200.")] = None, - resource_type_filter: Annotated[Optional[ResourceTypeEnum], Field(description="The resource type to filter by.")] = None, + resource_type_filter: Annotated[Optional[ResourceTypeEnum], Field(description="The resource type to filter by. Required when remote_id is provided.")] = None, resource_ids: Annotated[Optional[List[StrictStr]], Field(description="The resource ids to filter by.")] = None, resource_name: Annotated[Optional[StrictStr], Field(description="Resource name.")] = None, parent_resource_id: Annotated[Optional[StrictStr], Field(description="The parent resource id to filter by.")] = None, ancestor_resource_id: Annotated[Optional[StrictStr], Field(description="The ancestor resource id to filter by. Returns all resources that are descendants of the specified resource.")] = None, + remote_id: Annotated[Optional[StrictStr], Field(description="Filter resources by their remote id. This will return all resources that have a remote id that matches the provided remote id. Note that this requires resource_type_filter to be provided.")] = None, _request_timeout: Union[ None, Annotated[StrictFloat, Field(gt=0)], @@ -4513,7 +4514,7 @@ def get_resources( :type cursor: str :param page_size: Number of results to return per page. Default is 200. :type page_size: int - :param resource_type_filter: The resource type to filter by. + :param resource_type_filter: The resource type to filter by. Required when remote_id is provided. :type resource_type_filter: ResourceTypeEnum :param resource_ids: The resource ids to filter by. :type resource_ids: List[str] @@ -4523,6 +4524,8 @@ def get_resources( :type parent_resource_id: str :param ancestor_resource_id: The ancestor resource id to filter by. Returns all resources that are descendants of the specified resource. :type ancestor_resource_id: str + :param remote_id: Filter resources by their remote id. This will return all resources that have a remote id that matches the provided remote id. Note that this requires resource_type_filter to be provided. + :type remote_id: str :param _request_timeout: timeout setting for this request. If one number provided, it will be total request timeout. It can also be a pair (tuple) of @@ -4553,6 +4556,7 @@ def get_resources( resource_name=resource_name, parent_resource_id=parent_resource_id, ancestor_resource_id=ancestor_resource_id, + remote_id=remote_id, _request_auth=_request_auth, _content_type=_content_type, _headers=_headers, @@ -4578,11 +4582,12 @@ def get_resources_with_http_info( self, cursor: Annotated[Optional[StrictStr], Field(description="The pagination cursor value.")] = None, page_size: Annotated[Optional[Annotated[int, Field(le=1000, strict=True)]], Field(description="Number of results to return per page. Default is 200.")] = None, - resource_type_filter: Annotated[Optional[ResourceTypeEnum], Field(description="The resource type to filter by.")] = None, + resource_type_filter: Annotated[Optional[ResourceTypeEnum], Field(description="The resource type to filter by. Required when remote_id is provided.")] = None, resource_ids: Annotated[Optional[List[StrictStr]], Field(description="The resource ids to filter by.")] = None, resource_name: Annotated[Optional[StrictStr], Field(description="Resource name.")] = None, parent_resource_id: Annotated[Optional[StrictStr], Field(description="The parent resource id to filter by.")] = None, ancestor_resource_id: Annotated[Optional[StrictStr], Field(description="The ancestor resource id to filter by. Returns all resources that are descendants of the specified resource.")] = None, + remote_id: Annotated[Optional[StrictStr], Field(description="Filter resources by their remote id. This will return all resources that have a remote id that matches the provided remote id. Note that this requires resource_type_filter to be provided.")] = None, _request_timeout: Union[ None, Annotated[StrictFloat, Field(gt=0)], @@ -4604,7 +4609,7 @@ def get_resources_with_http_info( :type cursor: str :param page_size: Number of results to return per page. Default is 200. :type page_size: int - :param resource_type_filter: The resource type to filter by. + :param resource_type_filter: The resource type to filter by. Required when remote_id is provided. :type resource_type_filter: ResourceTypeEnum :param resource_ids: The resource ids to filter by. :type resource_ids: List[str] @@ -4614,6 +4619,8 @@ def get_resources_with_http_info( :type parent_resource_id: str :param ancestor_resource_id: The ancestor resource id to filter by. Returns all resources that are descendants of the specified resource. :type ancestor_resource_id: str + :param remote_id: Filter resources by their remote id. This will return all resources that have a remote id that matches the provided remote id. Note that this requires resource_type_filter to be provided. + :type remote_id: str :param _request_timeout: timeout setting for this request. If one number provided, it will be total request timeout. It can also be a pair (tuple) of @@ -4644,6 +4651,7 @@ def get_resources_with_http_info( resource_name=resource_name, parent_resource_id=parent_resource_id, ancestor_resource_id=ancestor_resource_id, + remote_id=remote_id, _request_auth=_request_auth, _content_type=_content_type, _headers=_headers, @@ -4669,11 +4677,12 @@ def get_resources_without_preload_content( self, cursor: Annotated[Optional[StrictStr], Field(description="The pagination cursor value.")] = None, page_size: Annotated[Optional[Annotated[int, Field(le=1000, strict=True)]], Field(description="Number of results to return per page. Default is 200.")] = None, - resource_type_filter: Annotated[Optional[ResourceTypeEnum], Field(description="The resource type to filter by.")] = None, + resource_type_filter: Annotated[Optional[ResourceTypeEnum], Field(description="The resource type to filter by. Required when remote_id is provided.")] = None, resource_ids: Annotated[Optional[List[StrictStr]], Field(description="The resource ids to filter by.")] = None, resource_name: Annotated[Optional[StrictStr], Field(description="Resource name.")] = None, parent_resource_id: Annotated[Optional[StrictStr], Field(description="The parent resource id to filter by.")] = None, ancestor_resource_id: Annotated[Optional[StrictStr], Field(description="The ancestor resource id to filter by. Returns all resources that are descendants of the specified resource.")] = None, + remote_id: Annotated[Optional[StrictStr], Field(description="Filter resources by their remote id. This will return all resources that have a remote id that matches the provided remote id. Note that this requires resource_type_filter to be provided.")] = None, _request_timeout: Union[ None, Annotated[StrictFloat, Field(gt=0)], @@ -4695,7 +4704,7 @@ def get_resources_without_preload_content( :type cursor: str :param page_size: Number of results to return per page. Default is 200. :type page_size: int - :param resource_type_filter: The resource type to filter by. + :param resource_type_filter: The resource type to filter by. Required when remote_id is provided. :type resource_type_filter: ResourceTypeEnum :param resource_ids: The resource ids to filter by. :type resource_ids: List[str] @@ -4705,6 +4714,8 @@ def get_resources_without_preload_content( :type parent_resource_id: str :param ancestor_resource_id: The ancestor resource id to filter by. Returns all resources that are descendants of the specified resource. :type ancestor_resource_id: str + :param remote_id: Filter resources by their remote id. This will return all resources that have a remote id that matches the provided remote id. Note that this requires resource_type_filter to be provided. + :type remote_id: str :param _request_timeout: timeout setting for this request. If one number provided, it will be total request timeout. It can also be a pair (tuple) of @@ -4735,6 +4746,7 @@ def get_resources_without_preload_content( resource_name=resource_name, parent_resource_id=parent_resource_id, ancestor_resource_id=ancestor_resource_id, + remote_id=remote_id, _request_auth=_request_auth, _content_type=_content_type, _headers=_headers, @@ -4760,6 +4772,7 @@ def _get_resources_serialize( resource_name, parent_resource_id, ancestor_resource_id, + remote_id, _request_auth, _content_type, _headers, @@ -4811,6 +4824,10 @@ def _get_resources_serialize( _query_params.append(('ancestor_resource_id', ancestor_resource_id)) + if remote_id is not None: + + _query_params.append(('remote_id', remote_id)) + # process the header parameters # process the form parameters # process the body parameter @@ -4848,6 +4865,318 @@ def _get_resources_serialize( + @validate_call + def get_user_resources( + self, + user_id: Annotated[StrictStr, Field(description="The ID of the user.")], + limit: Annotated[Optional[StrictInt], Field(description="Limit the number of results returned.")] = None, + cursor: Annotated[Optional[StrictStr], Field(description="The pagination cursor value.")] = None, + include_unmanaged: Annotated[Optional[StrictBool], Field(description="Include user's access to unmanaged resources.")] = None, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> ResourceAccessUserList: + """get_user_resources + + Gets the list of resources for this user. + + :param user_id: The ID of the user. (required) + :type user_id: str + :param limit: Limit the number of results returned. + :type limit: int + :param cursor: The pagination cursor value. + :type cursor: str + :param include_unmanaged: Include user's access to unmanaged resources. + :type include_unmanaged: bool + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._get_user_resources_serialize( + user_id=user_id, + limit=limit, + cursor=cursor, + include_unmanaged=include_unmanaged, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "ResourceAccessUserList", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ).data + + + @validate_call + def get_user_resources_with_http_info( + self, + user_id: Annotated[StrictStr, Field(description="The ID of the user.")], + limit: Annotated[Optional[StrictInt], Field(description="Limit the number of results returned.")] = None, + cursor: Annotated[Optional[StrictStr], Field(description="The pagination cursor value.")] = None, + include_unmanaged: Annotated[Optional[StrictBool], Field(description="Include user's access to unmanaged resources.")] = None, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> ApiResponse[ResourceAccessUserList]: + """get_user_resources + + Gets the list of resources for this user. + + :param user_id: The ID of the user. (required) + :type user_id: str + :param limit: Limit the number of results returned. + :type limit: int + :param cursor: The pagination cursor value. + :type cursor: str + :param include_unmanaged: Include user's access to unmanaged resources. + :type include_unmanaged: bool + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._get_user_resources_serialize( + user_id=user_id, + limit=limit, + cursor=cursor, + include_unmanaged=include_unmanaged, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "ResourceAccessUserList", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ) + + + @validate_call + def get_user_resources_without_preload_content( + self, + user_id: Annotated[StrictStr, Field(description="The ID of the user.")], + limit: Annotated[Optional[StrictInt], Field(description="Limit the number of results returned.")] = None, + cursor: Annotated[Optional[StrictStr], Field(description="The pagination cursor value.")] = None, + include_unmanaged: Annotated[Optional[StrictBool], Field(description="Include user's access to unmanaged resources.")] = None, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> RESTResponseType: + """get_user_resources + + Gets the list of resources for this user. + + :param user_id: The ID of the user. (required) + :type user_id: str + :param limit: Limit the number of results returned. + :type limit: int + :param cursor: The pagination cursor value. + :type cursor: str + :param include_unmanaged: Include user's access to unmanaged resources. + :type include_unmanaged: bool + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._get_user_resources_serialize( + user_id=user_id, + limit=limit, + cursor=cursor, + include_unmanaged=include_unmanaged, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "ResourceAccessUserList", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + return response_data.response + + + def _get_user_resources_serialize( + self, + user_id, + limit, + cursor, + include_unmanaged, + _request_auth, + _content_type, + _headers, + _host_index, + ) -> RequestSerialized: + + _host = None + + _collection_formats: Dict[str, str] = { + } + + _path_params: Dict[str, str] = {} + _query_params: List[Tuple[str, str]] = [] + _header_params: Dict[str, Optional[str]] = _headers or {} + _form_params: List[Tuple[str, str]] = [] + _files: Dict[ + str, Union[str, bytes, List[str], List[bytes], List[Tuple[str, bytes]]] + ] = {} + _body_params: Optional[bytes] = None + + # process the path parameters + if user_id is not None: + _path_params['user_id'] = user_id + # process the query parameters + if limit is not None: + + _query_params.append(('limit', limit)) + + if cursor is not None: + + _query_params.append(('cursor', cursor)) + + if include_unmanaged is not None: + + _query_params.append(('include_unmanaged', include_unmanaged)) + + # process the header parameters + # process the form parameters + # process the body parameter + + + # set the HTTP header `Accept` + if 'Accept' not in _header_params: + _header_params['Accept'] = self.api_client.select_header_accept( + [ + 'application/json' + ] + ) + + + # authentication setting + _auth_settings: List[str] = [ + 'BearerAuth' + ] + + return self.api_client.param_serialize( + method='GET', + resource_path='/resources/users/{user_id}', + path_params=_path_params, + query_params=_query_params, + header_params=_header_params, + body=_body_params, + post_params=_form_params, + files=_files, + auth_settings=_auth_settings, + collection_formats=_collection_formats, + _host=_host, + _request_auth=_request_auth + ) + + + + @validate_call def resource_user_access_status_retrieve( self, diff --git a/opal_security/models/__init__.py b/opal_security/models/__init__.py index b180e65..1228c4d 100644 --- a/opal_security/models/__init__.py +++ b/opal_security/models/__init__.py @@ -44,10 +44,12 @@ from opal_security.models.create_group_binding_info import CreateGroupBindingInfo from opal_security.models.create_group_binding_info_groups_inner import CreateGroupBindingInfoGroupsInner from opal_security.models.create_group_info import CreateGroupInfo +from opal_security.models.create_idp_group_mapping_request import CreateIdpGroupMappingRequest from opal_security.models.create_message_channel_info import CreateMessageChannelInfo from opal_security.models.create_on_call_schedule_info import CreateOnCallScheduleInfo from opal_security.models.create_owner_info import CreateOwnerInfo from opal_security.models.create_request200_response import CreateRequest200Response +from opal_security.models.create_request_comment_request import CreateRequestCommentRequest from opal_security.models.create_request_configuration_info_list import CreateRequestConfigurationInfoList from opal_security.models.create_request_info import CreateRequestInfo from opal_security.models.create_request_info_custom_metadata_inner import CreateRequestInfoCustomMetadataInner @@ -57,6 +59,7 @@ from opal_security.models.create_resource_info import CreateResourceInfo from opal_security.models.create_tag_info import CreateTagInfo from opal_security.models.create_uar_info import CreateUARInfo +from opal_security.models.deny_request_request import DenyRequestRequest from opal_security.models.entity_type_enum import EntityTypeEnum from opal_security.models.event import Event from opal_security.models.get_resource_user200_response import GetResourceUser200Response @@ -115,6 +118,9 @@ from opal_security.models.propagation_status_enum import PropagationStatusEnum from opal_security.models.remote_user import RemoteUser from opal_security.models.request import Request +from opal_security.models.request_approval_enum import RequestApprovalEnum +from opal_security.models.request_comment import RequestComment +from opal_security.models.request_comment_list import RequestCommentList from opal_security.models.request_configuration import RequestConfiguration from opal_security.models.request_connection import RequestConnection from opal_security.models.request_custom_field_response import RequestCustomFieldResponse @@ -123,6 +129,7 @@ from opal_security.models.request_item_stages import RequestItemStages from opal_security.models.request_list import RequestList from opal_security.models.request_reviewer import RequestReviewer +from opal_security.models.request_reviewer_stages import RequestReviewerStages from opal_security.models.request_stage import RequestStage from opal_security.models.request_status_enum import RequestStatusEnum from opal_security.models.request_template_custom_field_type_enum import RequestTemplateCustomFieldTypeEnum @@ -141,6 +148,7 @@ from opal_security.models.resource_remote_info_aws_permission_set import ResourceRemoteInfoAwsPermissionSet from opal_security.models.resource_remote_info_aws_rds_instance import ResourceRemoteInfoAwsRdsInstance from opal_security.models.resource_remote_info_custom_connector import ResourceRemoteInfoCustomConnector +from opal_security.models.resource_remote_info_datastax_astra_role import ResourceRemoteInfoDatastaxAstraRole from opal_security.models.resource_remote_info_gcp_big_query_dataset import ResourceRemoteInfoGcpBigQueryDataset from opal_security.models.resource_remote_info_gcp_big_query_table import ResourceRemoteInfoGcpBigQueryTable from opal_security.models.resource_remote_info_gcp_bucket import ResourceRemoteInfoGcpBucket @@ -151,6 +159,7 @@ from opal_security.models.resource_remote_info_gcp_project import ResourceRemoteInfoGcpProject from opal_security.models.resource_remote_info_gcp_service_account import ResourceRemoteInfoGcpServiceAccount from opal_security.models.resource_remote_info_gcp_sql_instance import ResourceRemoteInfoGcpSqlInstance +from opal_security.models.resource_remote_info_github_org_role import ResourceRemoteInfoGithubOrgRole from opal_security.models.resource_remote_info_github_repo import ResourceRemoteInfoGithubRepo from opal_security.models.resource_remote_info_gitlab_project import ResourceRemoteInfoGitlabProject from opal_security.models.resource_remote_info_google_workspace_role import ResourceRemoteInfoGoogleWorkspaceRole diff --git a/opal_security/models/approve_request200_response.py b/opal_security/models/approve_request200_response.py index ba222a2..8ac066d 100644 --- a/opal_security/models/approve_request200_response.py +++ b/opal_security/models/approve_request200_response.py @@ -18,7 +18,7 @@ import re # noqa: F401 import json -from pydantic import BaseModel, ConfigDict, Field, StrictStr +from pydantic import BaseModel, ConfigDict from typing import Any, ClassVar, Dict, List, Optional from opal_security.models.request import Request from typing import Optional, Set @@ -29,9 +29,8 @@ class ApproveRequest200Response(BaseModel): ApproveRequest200Response """ # noqa: E501 request: Optional[Request] = None - task_id: Optional[StrictStr] = Field(default=None, description="ID of the task created for propagating access", alias="taskId") additional_properties: Dict[str, Any] = {} - __properties: ClassVar[List[str]] = ["request", "taskId"] + __properties: ClassVar[List[str]] = ["request"] model_config = ConfigDict( populate_by_name=True, @@ -94,8 +93,7 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: return cls.model_validate(obj) _obj = cls.model_validate({ - "request": Request.from_dict(obj["request"]) if obj.get("request") is not None else None, - "taskId": obj.get("taskId") + "request": Request.from_dict(obj["request"]) if obj.get("request") is not None else None }) # store additional fields in additional_properties for _key in obj.keys(): diff --git a/opal_security/models/approve_request_request.py b/opal_security/models/approve_request_request.py index 931b48c..93cb0ef 100644 --- a/opal_security/models/approve_request_request.py +++ b/opal_security/models/approve_request_request.py @@ -18,8 +18,9 @@ import re # noqa: F401 import json -from pydantic import BaseModel, ConfigDict, Field, StrictStr, field_validator +from pydantic import BaseModel, ConfigDict, Field, StrictStr from typing import Any, ClassVar, Dict, List, Optional +from opal_security.models.request_approval_enum import RequestApprovalEnum from typing import Optional, Set from typing_extensions import Self @@ -27,18 +28,11 @@ class ApproveRequestRequest(BaseModel): """ ApproveRequestRequest """ # noqa: E501 - level: StrictStr = Field(description="The decision level for the approval") + level: RequestApprovalEnum comment: Optional[StrictStr] = Field(default=None, description="Optional comment for the approval") additional_properties: Dict[str, Any] = {} __properties: ClassVar[List[str]] = ["level", "comment"] - @field_validator('level') - def level_validate_enum(cls, value): - """Validates the enum""" - if value not in set(['REGULAR', 'ADMIN']): - raise ValueError("must be one of enum values ('REGULAR', 'ADMIN')") - return value - model_config = ConfigDict( populate_by_name=True, validate_assignment=True, diff --git a/opal_security/models/create_idp_group_mapping_request.py b/opal_security/models/create_idp_group_mapping_request.py new file mode 100644 index 0000000..fa24676 --- /dev/null +++ b/opal_security/models/create_idp_group_mapping_request.py @@ -0,0 +1,103 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictBool, StrictStr +from typing import Any, ClassVar, Dict, List, Optional +from typing import Optional, Set +from typing_extensions import Self + +class CreateIdpGroupMappingRequest(BaseModel): + """ + CreateIdpGroupMappingRequest + """ # noqa: E501 + alias: Optional[StrictStr] = Field(default=None, description="Optional alias for the group mapping") + hidden_from_end_user: Optional[StrictBool] = Field(default=None, description="Whether this mapping should be hidden from end users. - **New mappings**: If not provided, defaults to `false` - **Existing mappings**: If not provided, existing value is preserved (no change) - **Explicit values**: If provided, value is updated to the specified boolean ") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["alias", "hidden_from_end_user"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of CreateIdpGroupMappingRequest from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of CreateIdpGroupMappingRequest from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "alias": obj.get("alias"), + "hidden_from_end_user": obj.get("hidden_from_end_user") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/create_request_comment_request.py b/opal_security/models/create_request_comment_request.py new file mode 100644 index 0000000..8bab463 --- /dev/null +++ b/opal_security/models/create_request_comment_request.py @@ -0,0 +1,101 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr +from typing import Any, ClassVar, Dict, List +from typing import Optional, Set +from typing_extensions import Self + +class CreateRequestCommentRequest(BaseModel): + """ + CreateRequestCommentRequest + """ # noqa: E501 + comment: StrictStr = Field(description="comment") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["comment"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of CreateRequestCommentRequest from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of CreateRequestCommentRequest from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "comment": obj.get("comment") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/deny_request_request.py b/opal_security/models/deny_request_request.py new file mode 100644 index 0000000..3f4ac31 --- /dev/null +++ b/opal_security/models/deny_request_request.py @@ -0,0 +1,101 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr +from typing import Any, ClassVar, Dict, List +from typing import Optional, Set +from typing_extensions import Self + +class DenyRequestRequest(BaseModel): + """ + DenyRequestRequest + """ # noqa: E501 + comment: StrictStr = Field(description="Comment for the denial") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["comment"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of DenyRequestRequest from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of DenyRequestRequest from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "comment": obj.get("comment") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/group.py b/opal_security/models/group.py index a8c763f..4e20d56 100644 --- a/opal_security/models/group.py +++ b/opal_security/models/group.py @@ -44,6 +44,7 @@ class Group(BaseModel): group_type: Optional[GroupTypeEnum] = None max_duration: Optional[StrictInt] = Field(default=None, description="The maximum duration for which the group can be requested (in minutes).") recommended_duration: Optional[StrictInt] = Field(default=None, description="The recommended duration for which the group should be requested (in minutes). -1 represents an indefinite duration.") + extensions_duration_in_minutes: Optional[StrictInt] = Field(default=None, description="The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration.") require_manager_approval: Optional[StrictBool] = Field(default=None, description="A bool representing whether or not access requests to the group require manager approval.") require_support_ticket: Optional[StrictBool] = Field(default=None, description="A bool representing whether or not access requests to the group require an access ticket.") require_mfa_to_approve: Optional[StrictBool] = Field(default=None, description="A bool representing whether or not to require MFA for reviewers to approve requests for this group.") @@ -62,7 +63,7 @@ class Group(BaseModel): risk_sensitivity_override: Optional[RiskSensitivityEnum] = None last_successful_sync: Optional[SyncTask] = Field(default=None, description="Information about the last successful sync of this group.") additional_properties: Dict[str, Any] = {} - __properties: ClassVar[List[str]] = ["group_id", "app_id", "name", "description", "admin_owner_id", "group_leader_user_ids", "remote_id", "remote_name", "group_type", "max_duration", "recommended_duration", "require_manager_approval", "require_support_ticket", "require_mfa_to_approve", "require_mfa_to_request", "auto_approval", "request_template_id", "configuration_template_id", "group_binding_id", "is_requestable", "request_configurations", "request_configuration_list", "metadata", "remote_info", "custom_request_notification", "risk_sensitivity", "risk_sensitivity_override", "last_successful_sync"] + __properties: ClassVar[List[str]] = ["group_id", "app_id", "name", "description", "admin_owner_id", "group_leader_user_ids", "remote_id", "remote_name", "group_type", "max_duration", "recommended_duration", "extensions_duration_in_minutes", "require_manager_approval", "require_support_ticket", "require_mfa_to_approve", "require_mfa_to_request", "auto_approval", "request_template_id", "configuration_template_id", "group_binding_id", "is_requestable", "request_configurations", "request_configuration_list", "metadata", "remote_info", "custom_request_notification", "risk_sensitivity", "risk_sensitivity_override", "last_successful_sync"] model_config = ConfigDict( populate_by_name=True, @@ -157,6 +158,7 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: "group_type": obj.get("group_type"), "max_duration": obj.get("max_duration"), "recommended_duration": obj.get("recommended_duration"), + "extensions_duration_in_minutes": obj.get("extensions_duration_in_minutes"), "require_manager_approval": obj.get("require_manager_approval"), "require_support_ticket": obj.get("require_support_ticket"), "require_mfa_to_approve": obj.get("require_mfa_to_approve"), diff --git a/opal_security/models/group_remote_info.py b/opal_security/models/group_remote_info.py index acc7b49..1102486 100644 --- a/opal_security/models/group_remote_info.py +++ b/opal_security/models/group_remote_info.py @@ -37,7 +37,7 @@ class GroupRemoteInfo(BaseModel): """ - Information that defines the remote group. This replaces the deprecated remote_id and metadata fields. + Information that defines the remote group. This replaces the deprecated remote_id and metadata fields. If remote_info is provided, a group will be imported into Opal. For group types that support group creation through Opal, a new group will be created if remote_info is not provided. """ # noqa: E501 active_directory_group: Optional[GroupRemoteInfoActiveDirectoryGroup] = None github_team: Optional[GroupRemoteInfoGithubTeam] = None diff --git a/opal_security/models/group_user_list.py b/opal_security/models/group_user_list.py index 95455a4..8a37ea7 100644 --- a/opal_security/models/group_user_list.py +++ b/opal_security/models/group_user_list.py @@ -18,7 +18,7 @@ import re # noqa: F401 import json -from pydantic import BaseModel, ConfigDict +from pydantic import BaseModel, ConfigDict, Field, StrictStr from typing import Any, ClassVar, Dict, List, Optional from opal_security.models.group_user import GroupUser from typing import Optional, Set @@ -29,8 +29,10 @@ class GroupUserList(BaseModel): GroupUserList """ # noqa: E501 results: Optional[List[GroupUser]] = None + next: Optional[StrictStr] = Field(default=None, description="The cursor with which to continue pagination if additional result pages exist.") + previous: Optional[StrictStr] = Field(default=None, description="The cursor used to obtain the current result page.") additional_properties: Dict[str, Any] = {} - __properties: ClassVar[List[str]] = ["results"] + __properties: ClassVar[List[str]] = ["results", "next", "previous"] model_config = ConfigDict( populate_by_name=True, @@ -97,7 +99,9 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: return cls.model_validate(obj) _obj = cls.model_validate({ - "results": [GroupUser.from_dict(_item) for _item in obj["results"]] if obj.get("results") is not None else None + "results": [GroupUser.from_dict(_item) for _item in obj["results"]] if obj.get("results") is not None else None, + "next": obj.get("next"), + "previous": obj.get("previous") }) # store additional fields in additional_properties for _key in obj.keys(): diff --git a/opal_security/models/request.py b/opal_security/models/request.py index a29b9d2..935571b 100644 --- a/opal_security/models/request.py +++ b/opal_security/models/request.py @@ -23,6 +23,7 @@ from typing import Any, ClassVar, Dict, List, Optional from opal_security.models.request_custom_field_response import RequestCustomFieldResponse from opal_security.models.request_item_stages import RequestItemStages +from opal_security.models.request_reviewer_stages import RequestReviewerStages from opal_security.models.request_status_enum import RequestStatusEnum from opal_security.models.requested_item import RequestedItem from typing import Optional, Set @@ -44,8 +45,9 @@ class Request(BaseModel): requested_items_list: Optional[List[RequestedItem]] = Field(default=None, description="The list of targets for the request.") custom_fields_responses: Optional[List[RequestCustomFieldResponse]] = Field(default=None, description="The responses given to the custom fields associated to the request") stages: Optional[RequestItemStages] = Field(default=None, description="The stages configuration for this request") + reviewer_stages: Optional[List[RequestReviewerStages]] = Field(default=None, description="The configured reviewer stages for every item in this request") additional_properties: Dict[str, Any] = {} - __properties: ClassVar[List[str]] = ["id", "created_at", "updated_at", "requester_id", "target_user_id", "target_group_id", "status", "reason", "duration_minutes", "requested_items_list", "custom_fields_responses", "stages"] + __properties: ClassVar[List[str]] = ["id", "created_at", "updated_at", "requester_id", "target_user_id", "target_group_id", "status", "reason", "duration_minutes", "requested_items_list", "custom_fields_responses", "stages", "reviewer_stages"] model_config = ConfigDict( populate_by_name=True, @@ -105,6 +107,13 @@ def to_dict(self) -> Dict[str, Any]: # override the default output from pydantic by calling `to_dict()` of stages if self.stages: _dict['stages'] = self.stages.to_dict() + # override the default output from pydantic by calling `to_dict()` of each item in reviewer_stages (list) + _items = [] + if self.reviewer_stages: + for _item_reviewer_stages in self.reviewer_stages: + if _item_reviewer_stages: + _items.append(_item_reviewer_stages.to_dict()) + _dict['reviewer_stages'] = _items # puts key-value pairs in additional_properties in the top level if self.additional_properties is not None: for _key, _value in self.additional_properties.items(): @@ -133,7 +142,8 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: "duration_minutes": obj.get("duration_minutes"), "requested_items_list": [RequestedItem.from_dict(_item) for _item in obj["requested_items_list"]] if obj.get("requested_items_list") is not None else None, "custom_fields_responses": [RequestCustomFieldResponse.from_dict(_item) for _item in obj["custom_fields_responses"]] if obj.get("custom_fields_responses") is not None else None, - "stages": RequestItemStages.from_dict(obj["stages"]) if obj.get("stages") is not None else None + "stages": RequestItemStages.from_dict(obj["stages"]) if obj.get("stages") is not None else None, + "reviewer_stages": [RequestReviewerStages.from_dict(_item) for _item in obj["reviewer_stages"]] if obj.get("reviewer_stages") is not None else None }) # store additional fields in additional_properties for _key in obj.keys(): diff --git a/opal_security/models/request_approval_enum.py b/opal_security/models/request_approval_enum.py new file mode 100644 index 0000000..4c453e0 --- /dev/null +++ b/opal_security/models/request_approval_enum.py @@ -0,0 +1,38 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import json +from enum import Enum +from typing_extensions import Self + + +class RequestApprovalEnum(str, Enum): + """ + The decision level for the approval + """ + + """ + allowed enum values + """ + REGULAR = 'REGULAR' + ADMIN = 'ADMIN' + + @classmethod + def from_json(cls, json_str: str) -> Self: + """Create an instance of RequestApprovalEnum from a JSON string""" + return cls(json.loads(json_str)) + + diff --git a/opal_security/models/request_comment.py b/opal_security/models/request_comment.py new file mode 100644 index 0000000..ef6a42d --- /dev/null +++ b/opal_security/models/request_comment.py @@ -0,0 +1,112 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from datetime import datetime +from pydantic import BaseModel, ConfigDict, Field, StrictStr +from typing import Any, ClassVar, Dict, List, Optional +from typing import Optional, Set +from typing_extensions import Self + +class RequestComment(BaseModel): + """ + # Request Comment Object ### Description The `RequestComment` object is used to represent a comment on a request. ### Usage Example Returned from the `GET Requests` endpoint as part of a `Request` object. + """ # noqa: E501 + created_at: datetime = Field(description="The date and time the comment was created.") + request_id: StrictStr = Field(description="The unique identifier of the request the comment is associated with.") + user_id: StrictStr = Field(description="The unique identifier of the user who made the comment.") + user_full_name: Optional[StrictStr] = Field(default=None, description="The user's full name.") + user_email: Optional[StrictStr] = Field(default=None, description="The user's email address.") + comment: StrictStr = Field(description="The content of the comment.") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["created_at", "request_id", "user_id", "user_full_name", "user_email", "comment"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of RequestComment from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of RequestComment from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "created_at": obj.get("created_at"), + "request_id": obj.get("request_id"), + "user_id": obj.get("user_id"), + "user_full_name": obj.get("user_full_name"), + "user_email": obj.get("user_email"), + "comment": obj.get("comment") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/request_comment_list.py b/opal_security/models/request_comment_list.py new file mode 100644 index 0000000..a15120d --- /dev/null +++ b/opal_security/models/request_comment_list.py @@ -0,0 +1,109 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict +from typing import Any, ClassVar, Dict, List +from opal_security.models.request_comment import RequestComment +from typing import Optional, Set +from typing_extensions import Self + +class RequestCommentList(BaseModel): + """ + A paginated list of request comments + """ # noqa: E501 + comments: List[RequestComment] + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["comments"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of RequestCommentList from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of each item in comments (list) + _items = [] + if self.comments: + for _item_comments in self.comments: + if _item_comments: + _items.append(_item_comments.to_dict()) + _dict['comments'] = _items + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of RequestCommentList from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "comments": [RequestComment.from_dict(_item) for _item in obj["comments"]] if obj.get("comments") is not None else None + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/request_configuration.py b/opal_security/models/request_configuration.py index 22839b2..be33956 100644 --- a/opal_security/models/request_configuration.py +++ b/opal_security/models/request_configuration.py @@ -36,11 +36,12 @@ class RequestConfiguration(BaseModel): max_duration_minutes: Optional[StrictInt] = Field(default=None, description="The maximum duration for which the resource can be requested (in minutes).") recommended_duration_minutes: Optional[StrictInt] = Field(default=None, description="The recommended duration for which the resource should be requested (in minutes). -1 represents an indefinite duration.") require_support_ticket: StrictBool = Field(description="A bool representing whether or not access requests to the resource require an access ticket.") + extensions_duration_in_minutes: Optional[StrictInt] = Field(default=None, description="The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration.") request_template_id: Optional[StrictStr] = Field(default=None, description="The ID of the associated request template.") reviewer_stages: Optional[List[ReviewerStage]] = Field(default=None, description="The list of reviewer stages for the request configuration.") priority: StrictInt = Field(description="The priority of the request configuration.") additional_properties: Dict[str, Any] = {} - __properties: ClassVar[List[str]] = ["condition", "allow_requests", "auto_approval", "require_mfa_to_request", "max_duration_minutes", "recommended_duration_minutes", "require_support_ticket", "request_template_id", "reviewer_stages", "priority"] + __properties: ClassVar[List[str]] = ["condition", "allow_requests", "auto_approval", "require_mfa_to_request", "max_duration_minutes", "recommended_duration_minutes", "require_support_ticket", "extensions_duration_in_minutes", "request_template_id", "reviewer_stages", "priority"] model_config = ConfigDict( populate_by_name=True, @@ -117,6 +118,7 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: "max_duration_minutes": obj.get("max_duration_minutes"), "recommended_duration_minutes": obj.get("recommended_duration_minutes"), "require_support_ticket": obj.get("require_support_ticket"), + "extensions_duration_in_minutes": obj.get("extensions_duration_in_minutes"), "request_template_id": obj.get("request_template_id"), "reviewer_stages": [ReviewerStage.from_dict(_item) for _item in obj["reviewer_stages"]] if obj.get("reviewer_stages") is not None else None, "priority": obj.get("priority") diff --git a/opal_security/models/request_reviewer.py b/opal_security/models/request_reviewer.py index 75f3dfa..c84d86b 100644 --- a/opal_security/models/request_reviewer.py +++ b/opal_security/models/request_reviewer.py @@ -19,7 +19,7 @@ import json from pydantic import BaseModel, ConfigDict, Field, StrictStr, field_validator -from typing import Any, ClassVar, Dict, List +from typing import Any, ClassVar, Dict, List, Optional from typing import Optional, Set from typing_extensions import Self @@ -28,9 +28,10 @@ class RequestReviewer(BaseModel): A reviewer in a request stage """ # noqa: E501 id: StrictStr = Field(description="The unique identifier of the reviewer") + full_name: Optional[StrictStr] = Field(default=None, description="The user's full name.") status: StrictStr = Field(description="The status of this reviewer's review") additional_properties: Dict[str, Any] = {} - __properties: ClassVar[List[str]] = ["id", "status"] + __properties: ClassVar[List[str]] = ["id", "full_name", "status"] @field_validator('status') def status_validate_enum(cls, value): @@ -98,6 +99,7 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: _obj = cls.model_validate({ "id": obj.get("id"), + "full_name": obj.get("full_name"), "status": obj.get("status") }) # store additional fields in additional_properties diff --git a/opal_security/models/request_reviewer_stages.py b/opal_security/models/request_reviewer_stages.py new file mode 100644 index 0000000..06309d7 --- /dev/null +++ b/opal_security/models/request_reviewer_stages.py @@ -0,0 +1,117 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr +from typing import Any, ClassVar, Dict, List, Optional +from opal_security.models.request_stage import RequestStage +from typing import Optional, Set +from typing_extensions import Self + +class RequestReviewerStages(BaseModel): + """ + The stages configuration for a request item + """ # noqa: E501 + access_level_name: Optional[StrictStr] = Field(default=None, description="The name of the access level requested.") + access_level_remote_id: Optional[StrictStr] = Field(default=None, description="The ID of the access level requested on the remote system.") + item_name: StrictStr = Field(description="The name of the requested item") + item_id: StrictStr = Field(description="The ID of the resource requested.") + stages: List[RequestStage] = Field(description="The stages of review for this request") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["access_level_name", "access_level_remote_id", "item_name", "item_id", "stages"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of RequestReviewerStages from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of each item in stages (list) + _items = [] + if self.stages: + for _item_stages in self.stages: + if _item_stages: + _items.append(_item_stages.to_dict()) + _dict['stages'] = _items + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of RequestReviewerStages from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "access_level_name": obj.get("access_level_name"), + "access_level_remote_id": obj.get("access_level_remote_id"), + "item_name": obj.get("item_name"), + "item_id": obj.get("item_id"), + "stages": [RequestStage.from_dict(_item) for _item in obj["stages"]] if obj.get("stages") is not None else None + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/resource.py b/opal_security/models/resource.py index a8b0dc6..ace6bcf 100644 --- a/opal_security/models/resource.py +++ b/opal_security/models/resource.py @@ -44,6 +44,7 @@ class Resource(BaseModel): resource_type: Optional[ResourceTypeEnum] = None max_duration: Optional[StrictInt] = Field(default=None, description="The maximum duration for which the resource can be requested (in minutes).") recommended_duration: Optional[StrictInt] = Field(default=None, description="The recommended duration for which the resource should be requested (in minutes). -1 represents an indefinite duration.") + extensions_duration_in_minutes: Optional[StrictInt] = Field(default=None, description="The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration.") require_manager_approval: Optional[StrictBool] = Field(default=None, description="A bool representing whether or not access requests to the resource require manager approval.") require_support_ticket: Optional[StrictBool] = Field(default=None, description="A bool representing whether or not access requests to the resource require an access ticket.") require_mfa_to_approve: Optional[StrictBool] = Field(default=None, description="A bool representing whether or not to require MFA for reviewers to approve requests for this resource.") @@ -66,7 +67,7 @@ class Resource(BaseModel): descendant_resource_ids: Optional[List[StrictStr]] = Field(default=None, description="List of resource IDs that are descendants of this resource.") last_successful_sync: Optional[SyncTask] = Field(default=None, description="Information about the last successful sync of this resource.") additional_properties: Dict[str, Any] = {} - __properties: ClassVar[List[str]] = ["resource_id", "app_id", "name", "description", "admin_owner_id", "remote_resource_id", "remote_resource_name", "resource_type", "max_duration", "recommended_duration", "require_manager_approval", "require_support_ticket", "require_mfa_to_approve", "require_mfa_to_request", "require_mfa_to_connect", "auto_approval", "request_template_id", "is_requestable", "parent_resource_id", "configuration_template_id", "request_configurations", "request_configuration_list", "ticket_propagation", "custom_request_notification", "risk_sensitivity", "risk_sensitivity_override", "metadata", "remote_info", "ancestor_resource_ids", "descendant_resource_ids", "last_successful_sync"] + __properties: ClassVar[List[str]] = ["resource_id", "app_id", "name", "description", "admin_owner_id", "remote_resource_id", "remote_resource_name", "resource_type", "max_duration", "recommended_duration", "extensions_duration_in_minutes", "require_manager_approval", "require_support_ticket", "require_mfa_to_approve", "require_mfa_to_request", "require_mfa_to_connect", "auto_approval", "request_template_id", "is_requestable", "parent_resource_id", "configuration_template_id", "request_configurations", "request_configuration_list", "ticket_propagation", "custom_request_notification", "risk_sensitivity", "risk_sensitivity_override", "metadata", "remote_info", "ancestor_resource_ids", "descendant_resource_ids", "last_successful_sync"] model_config = ConfigDict( populate_by_name=True, @@ -163,6 +164,7 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: "resource_type": obj.get("resource_type"), "max_duration": obj.get("max_duration"), "recommended_duration": obj.get("recommended_duration"), + "extensions_duration_in_minutes": obj.get("extensions_duration_in_minutes"), "require_manager_approval": obj.get("require_manager_approval"), "require_support_ticket": obj.get("require_support_ticket"), "require_mfa_to_approve": obj.get("require_mfa_to_approve"), diff --git a/opal_security/models/resource_access_user_list.py b/opal_security/models/resource_access_user_list.py index e57541f..c2593c5 100644 --- a/opal_security/models/resource_access_user_list.py +++ b/opal_security/models/resource_access_user_list.py @@ -18,7 +18,7 @@ import re # noqa: F401 import json -from pydantic import BaseModel, ConfigDict +from pydantic import BaseModel, ConfigDict, Field, StrictStr from typing import Any, ClassVar, Dict, List, Optional from opal_security.models.resource_access_user import ResourceAccessUser from typing import Optional, Set @@ -28,9 +28,11 @@ class ResourceAccessUserList(BaseModel): """ ResourceAccessUserList """ # noqa: E501 + next: Optional[StrictStr] = Field(default=None, description="The cursor with which to continue pagination if additional result pages exist.") + previous: Optional[StrictStr] = Field(default=None, description="The cursor used to obtain the current result page.") results: Optional[List[ResourceAccessUser]] = None additional_properties: Dict[str, Any] = {} - __properties: ClassVar[List[str]] = ["results"] + __properties: ClassVar[List[str]] = ["next", "previous", "results"] model_config = ConfigDict( populate_by_name=True, @@ -97,6 +99,8 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: return cls.model_validate(obj) _obj = cls.model_validate({ + "next": obj.get("next"), + "previous": obj.get("previous"), "results": [ResourceAccessUser.from_dict(_item) for _item in obj["results"]] if obj.get("results") is not None else None }) # store additional fields in additional_properties diff --git a/opal_security/models/resource_remote_info.py b/opal_security/models/resource_remote_info.py index 8a58114..e729654 100644 --- a/opal_security/models/resource_remote_info.py +++ b/opal_security/models/resource_remote_info.py @@ -28,6 +28,7 @@ from opal_security.models.resource_remote_info_aws_permission_set import ResourceRemoteInfoAwsPermissionSet from opal_security.models.resource_remote_info_aws_rds_instance import ResourceRemoteInfoAwsRdsInstance from opal_security.models.resource_remote_info_custom_connector import ResourceRemoteInfoCustomConnector +from opal_security.models.resource_remote_info_datastax_astra_role import ResourceRemoteInfoDatastaxAstraRole from opal_security.models.resource_remote_info_gcp_big_query_dataset import ResourceRemoteInfoGcpBigQueryDataset from opal_security.models.resource_remote_info_gcp_big_query_table import ResourceRemoteInfoGcpBigQueryTable from opal_security.models.resource_remote_info_gcp_bucket import ResourceRemoteInfoGcpBucket @@ -38,6 +39,7 @@ from opal_security.models.resource_remote_info_gcp_project import ResourceRemoteInfoGcpProject from opal_security.models.resource_remote_info_gcp_service_account import ResourceRemoteInfoGcpServiceAccount from opal_security.models.resource_remote_info_gcp_sql_instance import ResourceRemoteInfoGcpSqlInstance +from opal_security.models.resource_remote_info_github_org_role import ResourceRemoteInfoGithubOrgRole from opal_security.models.resource_remote_info_github_repo import ResourceRemoteInfoGithubRepo from opal_security.models.resource_remote_info_gitlab_project import ResourceRemoteInfoGitlabProject from opal_security.models.resource_remote_info_google_workspace_role import ResourceRemoteInfoGoogleWorkspaceRole @@ -76,6 +78,7 @@ class ResourceRemoteInfo(BaseModel): gcp_service_account: Optional[ResourceRemoteInfoGcpServiceAccount] = None google_workspace_role: Optional[ResourceRemoteInfoGoogleWorkspaceRole] = None github_repo: Optional[ResourceRemoteInfoGithubRepo] = None + github_org_role: Optional[ResourceRemoteInfoGithubOrgRole] = None gitlab_project: Optional[ResourceRemoteInfoGitlabProject] = None okta_app: Optional[ResourceRemoteInfoOktaApp] = None okta_standard_role: Optional[ResourceRemoteInfoOktaStandardRole] = None @@ -85,8 +88,9 @@ class ResourceRemoteInfo(BaseModel): salesforce_profile: Optional[ResourceRemoteInfoSalesforceProfile] = None salesforce_role: Optional[ResourceRemoteInfoSalesforceRole] = None teleport_role: Optional[ResourceRemoteInfoTeleportRole] = None + datastax_astra_role: Optional[ResourceRemoteInfoDatastaxAstraRole] = None additional_properties: Dict[str, Any] = {} - __properties: ClassVar[List[str]] = ["aws_organizational_unit", "aws_account", "aws_permission_set", "aws_iam_role", "aws_ec2_instance", "aws_rds_instance", "aws_eks_cluster", "custom_connector", "gcp_organization", "gcp_bucket", "gcp_compute_instance", "gcp_big_query_dataset", "gcp_big_query_table", "gcp_folder", "gcp_gke_cluster", "gcp_project", "gcp_sql_instance", "gcp_service_account", "google_workspace_role", "github_repo", "gitlab_project", "okta_app", "okta_standard_role", "okta_custom_role", "pagerduty_role", "salesforce_permission_set", "salesforce_profile", "salesforce_role", "teleport_role"] + __properties: ClassVar[List[str]] = ["aws_organizational_unit", "aws_account", "aws_permission_set", "aws_iam_role", "aws_ec2_instance", "aws_rds_instance", "aws_eks_cluster", "custom_connector", "gcp_organization", "gcp_bucket", "gcp_compute_instance", "gcp_big_query_dataset", "gcp_big_query_table", "gcp_folder", "gcp_gke_cluster", "gcp_project", "gcp_sql_instance", "gcp_service_account", "google_workspace_role", "github_repo", "github_org_role", "gitlab_project", "okta_app", "okta_standard_role", "okta_custom_role", "pagerduty_role", "salesforce_permission_set", "salesforce_profile", "salesforce_role", "teleport_role", "datastax_astra_role"] model_config = ConfigDict( populate_by_name=True, @@ -189,6 +193,9 @@ def to_dict(self) -> Dict[str, Any]: # override the default output from pydantic by calling `to_dict()` of github_repo if self.github_repo: _dict['github_repo'] = self.github_repo.to_dict() + # override the default output from pydantic by calling `to_dict()` of github_org_role + if self.github_org_role: + _dict['github_org_role'] = self.github_org_role.to_dict() # override the default output from pydantic by calling `to_dict()` of gitlab_project if self.gitlab_project: _dict['gitlab_project'] = self.gitlab_project.to_dict() @@ -216,6 +223,9 @@ def to_dict(self) -> Dict[str, Any]: # override the default output from pydantic by calling `to_dict()` of teleport_role if self.teleport_role: _dict['teleport_role'] = self.teleport_role.to_dict() + # override the default output from pydantic by calling `to_dict()` of datastax_astra_role + if self.datastax_astra_role: + _dict['datastax_astra_role'] = self.datastax_astra_role.to_dict() # puts key-value pairs in additional_properties in the top level if self.additional_properties is not None: for _key, _value in self.additional_properties.items(): @@ -253,6 +263,7 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: "gcp_service_account": ResourceRemoteInfoGcpServiceAccount.from_dict(obj["gcp_service_account"]) if obj.get("gcp_service_account") is not None else None, "google_workspace_role": ResourceRemoteInfoGoogleWorkspaceRole.from_dict(obj["google_workspace_role"]) if obj.get("google_workspace_role") is not None else None, "github_repo": ResourceRemoteInfoGithubRepo.from_dict(obj["github_repo"]) if obj.get("github_repo") is not None else None, + "github_org_role": ResourceRemoteInfoGithubOrgRole.from_dict(obj["github_org_role"]) if obj.get("github_org_role") is not None else None, "gitlab_project": ResourceRemoteInfoGitlabProject.from_dict(obj["gitlab_project"]) if obj.get("gitlab_project") is not None else None, "okta_app": ResourceRemoteInfoOktaApp.from_dict(obj["okta_app"]) if obj.get("okta_app") is not None else None, "okta_standard_role": ResourceRemoteInfoOktaStandardRole.from_dict(obj["okta_standard_role"]) if obj.get("okta_standard_role") is not None else None, @@ -261,7 +272,8 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: "salesforce_permission_set": ResourceRemoteInfoSalesforcePermissionSet.from_dict(obj["salesforce_permission_set"]) if obj.get("salesforce_permission_set") is not None else None, "salesforce_profile": ResourceRemoteInfoSalesforceProfile.from_dict(obj["salesforce_profile"]) if obj.get("salesforce_profile") is not None else None, "salesforce_role": ResourceRemoteInfoSalesforceRole.from_dict(obj["salesforce_role"]) if obj.get("salesforce_role") is not None else None, - "teleport_role": ResourceRemoteInfoTeleportRole.from_dict(obj["teleport_role"]) if obj.get("teleport_role") is not None else None + "teleport_role": ResourceRemoteInfoTeleportRole.from_dict(obj["teleport_role"]) if obj.get("teleport_role") is not None else None, + "datastax_astra_role": ResourceRemoteInfoDatastaxAstraRole.from_dict(obj["datastax_astra_role"]) if obj.get("datastax_astra_role") is not None else None }) # store additional fields in additional_properties for _key in obj.keys(): diff --git a/opal_security/models/resource_remote_info_datastax_astra_role.py b/opal_security/models/resource_remote_info_datastax_astra_role.py new file mode 100644 index 0000000..c4e29c4 --- /dev/null +++ b/opal_security/models/resource_remote_info_datastax_astra_role.py @@ -0,0 +1,101 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr +from typing import Any, ClassVar, Dict, List +from typing import Optional, Set +from typing_extensions import Self + +class ResourceRemoteInfoDatastaxAstraRole(BaseModel): + """ + Remote info for an Astra role. + """ # noqa: E501 + role_id: StrictStr = Field(description="The id of the role.") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["role_id"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of ResourceRemoteInfoDatastaxAstraRole from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of ResourceRemoteInfoDatastaxAstraRole from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "role_id": obj.get("role_id") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/resource_remote_info_github_org_role.py b/opal_security/models/resource_remote_info_github_org_role.py new file mode 100644 index 0000000..302a4ac --- /dev/null +++ b/opal_security/models/resource_remote_info_github_org_role.py @@ -0,0 +1,101 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr +from typing import Any, ClassVar, Dict, List +from typing import Optional, Set +from typing_extensions import Self + +class ResourceRemoteInfoGithubOrgRole(BaseModel): + """ + Remote info for GitHub organization role. + """ # noqa: E501 + role_id: StrictStr = Field(description="The id of the role.") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["role_id"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of ResourceRemoteInfoGithubOrgRole from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of ResourceRemoteInfoGithubOrgRole from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "role_id": obj.get("role_id") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/resource_type_enum.py b/opal_security/models/resource_type_enum.py index 8258779..eee293a 100644 --- a/opal_security/models/resource_type_enum.py +++ b/opal_security/models/resource_type_enum.py @@ -87,6 +87,8 @@ class ResourceTypeEnum(str, Enum): MARIADB_INSTANCE = 'MARIADB_INSTANCE' POSTGRES_INSTANCE = 'POSTGRES_INSTANCE' TELEPORT_ROLE = 'TELEPORT_ROLE' + ILEVEL_ADVANCED_ROLE = 'ILEVEL_ADVANCED_ROLE' + DATASTAX_ASTRA_ROLE = 'DATASTAX_ASTRA_ROLE' @classmethod def from_json(cls, json_str: str) -> Self: diff --git a/opal_security/models/update_group_info.py b/opal_security/models/update_group_info.py index e55061e..c967793 100644 --- a/opal_security/models/update_group_info.py +++ b/opal_security/models/update_group_info.py @@ -47,12 +47,13 @@ class UpdateGroupInfo(BaseModel): request_template_id: Optional[StrictStr] = Field(default=None, description="The ID of the associated request template. Deprecated in favor of `request_configurations`.") is_requestable: Optional[StrictBool] = Field(default=None, description="A bool representing whether or not to allow access requests to this group. Deprecated in favor of `request_configurations`.") group_leader_user_ids: Optional[List[StrictStr]] = Field(default=None, description="A list of User IDs for the group leaders of the group") + extensions_duration_in_minutes: Optional[StrictInt] = Field(default=None, description="The duration for which access can be extended (in minutes).") request_configurations: Optional[List[RequestConfiguration]] = Field(default=None, description="The request configuration list of the configuration template. If not provided, the default request configuration will be used.") request_configuration_list: Optional[CreateRequestConfigurationInfoList] = Field(default=None, description="The request configuration list of the configuration template. If not provided, the default request configuration will be used. Deprecated in favor of `request_configurations`.") custom_request_notification: Optional[Annotated[str, Field(strict=True, max_length=800)]] = Field(default=None, description="Custom request notification sent to the requester when the request is approved.") risk_sensitivity_override: Optional[RiskSensitivityEnum] = None additional_properties: Dict[str, Any] = {} - __properties: ClassVar[List[str]] = ["group_id", "name", "description", "admin_owner_id", "max_duration", "recommended_duration", "require_manager_approval", "require_support_ticket", "folder_id", "require_mfa_to_approve", "require_mfa_to_request", "auto_approval", "configuration_template_id", "request_template_id", "is_requestable", "group_leader_user_ids", "request_configurations", "request_configuration_list", "custom_request_notification", "risk_sensitivity_override"] + __properties: ClassVar[List[str]] = ["group_id", "name", "description", "admin_owner_id", "max_duration", "recommended_duration", "require_manager_approval", "require_support_ticket", "folder_id", "require_mfa_to_approve", "require_mfa_to_request", "auto_approval", "configuration_template_id", "request_template_id", "is_requestable", "group_leader_user_ids", "extensions_duration_in_minutes", "request_configurations", "request_configuration_list", "custom_request_notification", "risk_sensitivity_override"] model_config = ConfigDict( populate_by_name=True, @@ -138,6 +139,7 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: "request_template_id": obj.get("request_template_id"), "is_requestable": obj.get("is_requestable"), "group_leader_user_ids": obj.get("group_leader_user_ids"), + "extensions_duration_in_minutes": obj.get("extensions_duration_in_minutes"), "request_configurations": [RequestConfiguration.from_dict(_item) for _item in obj["request_configurations"]] if obj.get("request_configurations") is not None else None, "request_configuration_list": CreateRequestConfigurationInfoList.from_dict(obj["request_configuration_list"]) if obj.get("request_configuration_list") is not None else None, "custom_request_notification": obj.get("custom_request_notification"), diff --git a/opal_security/models/update_resource_info.py b/opal_security/models/update_resource_info.py index ea692d4..1e4b81a 100644 --- a/opal_security/models/update_resource_info.py +++ b/opal_security/models/update_resource_info.py @@ -51,10 +51,11 @@ class UpdateResourceInfo(BaseModel): configuration_template_id: Optional[StrictStr] = Field(default=None, description="The ID of the associated configuration template.") request_template_id: Optional[StrictStr] = Field(default=None, description="The ID of the associated request template. Deprecated in favor of `request_configurations`.") is_requestable: Optional[StrictBool] = Field(default=None, description="A bool representing whether or not to allow access requests to this resource. Deprecated in favor of `request_configurations`.") + extensions_duration_in_minutes: Optional[StrictInt] = Field(default=None, description="The duration for which access can be extended (in minutes).") request_configurations: Optional[List[RequestConfiguration]] = Field(default=None, description="A list of configurations for requests to this resource. If not provided, the default request configuration will be used.") request_configuration_list: Optional[CreateRequestConfigurationInfoList] = Field(default=None, description="A list of configurations for requests to this resource. If not provided, the default request configuration will be used. Deprecated in favor of `request_configurations`.") additional_properties: Dict[str, Any] = {} - __properties: ClassVar[List[str]] = ["resource_id", "name", "description", "admin_owner_id", "max_duration", "recommended_duration", "require_manager_approval", "require_support_ticket", "folder_id", "require_mfa_to_approve", "require_mfa_to_request", "require_mfa_to_connect", "auto_approval", "ticket_propagation", "custom_request_notification", "risk_sensitivity_override", "configuration_template_id", "request_template_id", "is_requestable", "request_configurations", "request_configuration_list"] + __properties: ClassVar[List[str]] = ["resource_id", "name", "description", "admin_owner_id", "max_duration", "recommended_duration", "require_manager_approval", "require_support_ticket", "folder_id", "require_mfa_to_approve", "require_mfa_to_request", "require_mfa_to_connect", "auto_approval", "ticket_propagation", "custom_request_notification", "risk_sensitivity_override", "configuration_template_id", "request_template_id", "is_requestable", "extensions_duration_in_minutes", "request_configurations", "request_configuration_list"] model_config = ConfigDict( populate_by_name=True, @@ -146,6 +147,7 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: "configuration_template_id": obj.get("configuration_template_id"), "request_template_id": obj.get("request_template_id"), "is_requestable": obj.get("is_requestable"), + "extensions_duration_in_minutes": obj.get("extensions_duration_in_minutes"), "request_configurations": [RequestConfiguration.from_dict(_item) for _item in obj["request_configurations"]] if obj.get("request_configurations") is not None else None, "request_configuration_list": CreateRequestConfigurationInfoList.from_dict(obj["request_configuration_list"]) if obj.get("request_configuration_list") is not None else None }) diff --git a/test/test_create_idp_group_mapping_request.py b/test/test_create_idp_group_mapping_request.py new file mode 100644 index 0000000..1e09eee --- /dev/null +++ b/test/test_create_idp_group_mapping_request.py @@ -0,0 +1,53 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.create_idp_group_mapping_request import CreateIdpGroupMappingRequest + +class TestCreateIdpGroupMappingRequest(unittest.TestCase): + """CreateIdpGroupMappingRequest unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> CreateIdpGroupMappingRequest: + """Test CreateIdpGroupMappingRequest + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `CreateIdpGroupMappingRequest` + """ + model = CreateIdpGroupMappingRequest() + if include_optional: + return CreateIdpGroupMappingRequest( + alias = '', + hidden_from_end_user = True + ) + else: + return CreateIdpGroupMappingRequest( + ) + """ + + def testCreateIdpGroupMappingRequest(self): + """Test CreateIdpGroupMappingRequest""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_create_request_comment_request.py b/test/test_create_request_comment_request.py new file mode 100644 index 0000000..7ab5bb2 --- /dev/null +++ b/test/test_create_request_comment_request.py @@ -0,0 +1,53 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.create_request_comment_request import CreateRequestCommentRequest + +class TestCreateRequestCommentRequest(unittest.TestCase): + """CreateRequestCommentRequest unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> CreateRequestCommentRequest: + """Test CreateRequestCommentRequest + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `CreateRequestCommentRequest` + """ + model = CreateRequestCommentRequest() + if include_optional: + return CreateRequestCommentRequest( + comment = '' + ) + else: + return CreateRequestCommentRequest( + comment = '', + ) + """ + + def testCreateRequestCommentRequest(self): + """Test CreateRequestCommentRequest""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_deny_request_request.py b/test/test_deny_request_request.py new file mode 100644 index 0000000..07471e3 --- /dev/null +++ b/test/test_deny_request_request.py @@ -0,0 +1,53 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.deny_request_request import DenyRequestRequest + +class TestDenyRequestRequest(unittest.TestCase): + """DenyRequestRequest unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> DenyRequestRequest: + """Test DenyRequestRequest + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `DenyRequestRequest` + """ + model = DenyRequestRequest() + if include_optional: + return DenyRequestRequest( + comment = 'Denied due to insufficient justification' + ) + else: + return DenyRequestRequest( + comment = 'Denied due to insufficient justification', + ) + """ + + def testDenyRequestRequest(self): + """Test DenyRequestRequest""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_request_approval_enum.py b/test/test_request_approval_enum.py new file mode 100644 index 0000000..6620068 --- /dev/null +++ b/test/test_request_approval_enum.py @@ -0,0 +1,34 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.request_approval_enum import RequestApprovalEnum + +class TestRequestApprovalEnum(unittest.TestCase): + """RequestApprovalEnum unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def testRequestApprovalEnum(self): + """Test RequestApprovalEnum""" + # inst = RequestApprovalEnum() + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_request_comment.py b/test/test_request_comment.py new file mode 100644 index 0000000..09affa0 --- /dev/null +++ b/test/test_request_comment.py @@ -0,0 +1,61 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.request_comment import RequestComment + +class TestRequestComment(unittest.TestCase): + """RequestComment unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> RequestComment: + """Test RequestComment + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `RequestComment` + """ + model = RequestComment() + if include_optional: + return RequestComment( + created_at = '2021-01-06T20:00:00Z', + request_id = '7c86c85d-0651-43e2-a748-d69d658418e8', + user_id = '7c86c85d-0651-43e2-a748-d69d658418e8', + user_full_name = 'Jake Barnes', + user_email = 'jake.barnes@company.com', + comment = 'This is a comment.' + ) + else: + return RequestComment( + created_at = '2021-01-06T20:00:00Z', + request_id = '7c86c85d-0651-43e2-a748-d69d658418e8', + user_id = '7c86c85d-0651-43e2-a748-d69d658418e8', + comment = 'This is a comment.', + ) + """ + + def testRequestComment(self): + """Test RequestComment""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_request_comment_list.py b/test/test_request_comment_list.py new file mode 100644 index 0000000..8b84ed5 --- /dev/null +++ b/test/test_request_comment_list.py @@ -0,0 +1,57 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.request_comment_list import RequestCommentList + +class TestRequestCommentList(unittest.TestCase): + """RequestCommentList unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> RequestCommentList: + """Test RequestCommentList + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `RequestCommentList` + """ + model = RequestCommentList() + if include_optional: + return RequestCommentList( + comments = [ + {created_at=2021-01-06T20:00:00Z, request_id=4c86c85d-0651-43e2-a748-d69d658418e8, user_id=c86c85d-0651-43e2-a748-d69d658418e8, comment=This is a comment.} + ] + ) + else: + return RequestCommentList( + comments = [ + {created_at=2021-01-06T20:00:00Z, request_id=4c86c85d-0651-43e2-a748-d69d658418e8, user_id=c86c85d-0651-43e2-a748-d69d658418e8, comment=This is a comment.} + ], + ) + """ + + def testRequestCommentList(self): + """Test RequestCommentList""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_request_reviewer_stages.py b/test/test_request_reviewer_stages.py new file mode 100644 index 0000000..70c2074 --- /dev/null +++ b/test/test_request_reviewer_stages.py @@ -0,0 +1,79 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.request_reviewer_stages import RequestReviewerStages + +class TestRequestReviewerStages(unittest.TestCase): + """RequestReviewerStages unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> RequestReviewerStages: + """Test RequestReviewerStages + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `RequestReviewerStages` + """ + model = RequestReviewerStages() + if include_optional: + return RequestReviewerStages( + access_level_name = 'admin', + access_level_remote_id = 'arn:aws:iam::490306337630:role/SupportUser', + item_name = '', + item_id = 'f454d283-ca87-4a8a-bdbb-df212eca5353', + stages = [ + opal_security.models.request_stage.RequestStage( + stage = 56, + operator = 'AND', + reviewers = [ + opal_security.models.request_reviewer.RequestReviewer( + id = '', + full_name = 'Jake Barnes', + status = 'PENDING', ) + ], ) + ] + ) + else: + return RequestReviewerStages( + item_name = '', + item_id = 'f454d283-ca87-4a8a-bdbb-df212eca5353', + stages = [ + opal_security.models.request_stage.RequestStage( + stage = 56, + operator = 'AND', + reviewers = [ + opal_security.models.request_reviewer.RequestReviewer( + id = '', + full_name = 'Jake Barnes', + status = 'PENDING', ) + ], ) + ], + ) + """ + + def testRequestReviewerStages(self): + """Test RequestReviewerStages""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_resource_remote_info_datastax_astra_role.py b/test/test_resource_remote_info_datastax_astra_role.py new file mode 100644 index 0000000..1f1df49 --- /dev/null +++ b/test/test_resource_remote_info_datastax_astra_role.py @@ -0,0 +1,53 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.resource_remote_info_datastax_astra_role import ResourceRemoteInfoDatastaxAstraRole + +class TestResourceRemoteInfoDatastaxAstraRole(unittest.TestCase): + """ResourceRemoteInfoDatastaxAstraRole unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> ResourceRemoteInfoDatastaxAstraRole: + """Test ResourceRemoteInfoDatastaxAstraRole + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `ResourceRemoteInfoDatastaxAstraRole` + """ + model = ResourceRemoteInfoDatastaxAstraRole() + if include_optional: + return ResourceRemoteInfoDatastaxAstraRole( + role_id = '123e4567-e89b-12d3-a456-426614174000' + ) + else: + return ResourceRemoteInfoDatastaxAstraRole( + role_id = '123e4567-e89b-12d3-a456-426614174000', + ) + """ + + def testResourceRemoteInfoDatastaxAstraRole(self): + """Test ResourceRemoteInfoDatastaxAstraRole""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_resource_remote_info_github_org_role.py b/test/test_resource_remote_info_github_org_role.py new file mode 100644 index 0000000..b244700 --- /dev/null +++ b/test/test_resource_remote_info_github_org_role.py @@ -0,0 +1,53 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.resource_remote_info_github_org_role import ResourceRemoteInfoGithubOrgRole + +class TestResourceRemoteInfoGithubOrgRole(unittest.TestCase): + """ResourceRemoteInfoGithubOrgRole unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> ResourceRemoteInfoGithubOrgRole: + """Test ResourceRemoteInfoGithubOrgRole + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `ResourceRemoteInfoGithubOrgRole` + """ + model = ResourceRemoteInfoGithubOrgRole() + if include_optional: + return ResourceRemoteInfoGithubOrgRole( + role_id = '112233' + ) + else: + return ResourceRemoteInfoGithubOrgRole( + role_id = '112233', + ) + """ + + def testResourceRemoteInfoGithubOrgRole(self): + """Test ResourceRemoteInfoGithubOrgRole""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main()