From 2af790e60af88d2496c109df1066a048aaf135f0 Mon Sep 17 00:00:00 2001 From: AbiMano4688 Date: Mon, 25 Sep 2023 17:17:19 +0530 Subject: [PATCH 1/6] RLP-114334 && RLP-115316 --- .../cspm/ArchivedAssetsMicroService.json | 115 ------------------ openapi-specs/cspm/AssetExplorer.json | 6 +- openapi-specs/cspm/AssetInventory.json | 4 + openapi-specs/cspm/CompliancePosture.json | 12 ++ openapi-specs/cspm/Reports.json | 1 + .../cspm/consolidated_spec/all_endpoints.csv | 1 - 6 files changed, 21 insertions(+), 118 deletions(-) diff --git a/openapi-specs/cspm/ArchivedAssetsMicroService.json b/openapi-specs/cspm/ArchivedAssetsMicroService.json index b100c9ee2..5c93005f4 100644 --- a/openapi-specs/cspm/ArchivedAssetsMicroService.json +++ b/openapi-specs/cspm/ArchivedAssetsMicroService.json @@ -59,121 +59,6 @@ } ], "paths": { - "/das/api/v1/resource": { - "get": { - "tags": [ - "Resource Explorer" - ], - "description": "Get the latest snapshot of the resource by using the Restricted Resource Name (RRN). To get the RRN, see [Where Do I Find The RRN for My Resource?](https://pan.dev/prisma-cloud/api/cspm/resource-explorer/#where-do-i-find-the-rrn-for-my-resource)\n:::info\n **Replacement  Endpoint: [Get Asset](/prisma-cloud/api/cspm/asset-2/#get-asset)**\n:::", - "operationId": "Get Resource Snapshot", - "parameters": [ - { - "name": "rrn", - "in": "query", - "description": "Restricted Resource Name\n\n **Example:** rrn::storageBucket:us-east-1:123456789012:test-bucket", - "required": true, - "schema": { - "type": "string", - "example": null - } - } - ], - "responses": { - "200": { - "description": "Successfully retrieved latest resource snapshots by RRN", - "content": { - "application/json": { - "schema": { - "type": "array", - "example": null, - "items": { - "$ref": "#/components/schemas/ResourceSnapshotBeanV2" - } - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ApiErrorV2" - } - } - } - }, - "401": { - "description": "Unauthorized Access", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ApiErrorV2" - } - } - } - }, - "403": { - "description": "Tenant License Expired", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ApiErrorV2" - } - } - } - }, - "405": { - "description": "Wrong Http Method", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ApiErrorV2" - } - } - } - }, - "425": { - "description": "Too Early to access the resource", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ApiErrorV2" - } - } - } - }, - "429": { - "description": "Rate Limit Exceeded", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ApiErrorV2" - } - } - } - }, - "500": { - "description": "Failed with an Exception, Internal Error Occurred", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ApiErrorV2" - } - } - } - } - }, - "deprecated": true, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, "/config/api/v1/tenant/{prisma_id}/archiveList": { "get": { "tags": [ diff --git a/openapi-specs/cspm/AssetExplorer.json b/openapi-specs/cspm/AssetExplorer.json index 568d5e42a..d539df722 100644 --- a/openapi-specs/cspm/AssetExplorer.json +++ b/openapi-specs/cspm/AssetExplorer.json @@ -645,7 +645,7 @@ } }, "type": "object" - }, +}, "Problem": { "type": "object", "properties": { @@ -1642,6 +1642,7 @@ }, "/resource/scan_info": { "get": { + "deprecated": true, "description": "Returns a full breakdown of passed/failed statistics and associated policies for resources. \r\n\r\nThe query parameters enable you to add filters to your request to narrow your results.\n### Filter by Time\nThe following table has examples of common filters by time. The time filter narrows the\nresponse to resources from account onboarding until the point in time of interest.\n\nPoint in time of interest | timeAmount | timeType | timeUnit \n-------------| ---- | ----------- | -------------\n24 hours ago | 24 | **relative** | hour \n1 week ago | 1 | **relative** | week\n1 month ago | 1 | **relative** | month \n1 year ago | 1 | **relative** | year \nLatest | Not required with **to_now** | **to_now** | Defaults to **epoch**\n\n### How Current is the Returned Data?\nSince Prisma Cloud relies on snapshots of data, there can be an hour or two delay between the \ntime a resource passes or fails a policy check and the reporting of that result through this method.\n\n### Filter by Cloud Type\nYou can specify more than one cloud type to request a combination of data. For \nexample **cloud.type=gcp&cloud.type=azure** returns data for both **gcp** and **azure**.\n\n### Filter by Compliance Standard, Requirement, and/or Section \nYou can also broaden your filter by specifying any of the following query parameters more than once:\n* **policy.complianceStandard**\n* **policy.complianceRequirement**\n* **policy.complianceSection**\n", "operationId": "get-resource-scan-info", "parameters": [ @@ -1843,6 +1844,7 @@ ] }, "post": { + "deprecated": true, "description": "Returns a full breakdown of passed/failed statistics and associated policies for resources. \r\n\r\nYou can get a list of the valid names and values for the filters body parameter through \n[List Inventory Filters V2](/prisma-cloud/api/cspm/get-asset-inventory-v-2-dashboard-filter-options).\n\n### Filter by Time\nThe time filter narrows the response to resources from account onboarding until the point in time of interest.\n\n#### Time Types\n\nTime Type | Required **timeRange.value** Parameters\n----------|-----------------\n**to_now** | No **timeRange.value** parameter required\n**relative** | **timeRange.value.amount**, **timeRange.value.unit** \n**absolute** | **timeRange.value.endTime** (**timeRange.value.startTime** is ignored)\n\n### How Current is the Returned Data?\nSince Prisma Cloud relies on snapshots of data, there can be an hour or two delay between the \ntime a resource passes or fails a policy check and the reporting of that result through this method.\n", "operationId": "post-resource-scan-info", "requestBody": { @@ -1885,7 +1887,7 @@ "Asset Explorer" ] } - }, +}, "/uai/v1/asset": { "post": { "tags": [ diff --git a/openapi-specs/cspm/AssetInventory.json b/openapi-specs/cspm/AssetInventory.json index ab46e720a..70a4ec010 100644 --- a/openapi-specs/cspm/AssetInventory.json +++ b/openapi-specs/cspm/AssetInventory.json @@ -914,6 +914,7 @@ }, "/v2/inventory": { "get": { + "deprecated": true, "description": "Returns asset inventory pass/fail data for the specified time period. \r\n\r\nThe response includes an attribute **groupedAggregates**, whose content depends on the **groupBy** query parameter.\nThe following table shows the attributes that **groupedAggregates** will include for the specified **groupBy** query parameter:\n\n**groupBy** | **groupedAggregates** Includes\n-------------| ------------------------------\nnot specified | **cloudTypeName**\n**cloudType** | **cloudTypeName**\n**cloud.account** | **accountName**\n**cloud.region** | **regionName**, **cloudTypeName**\n**cloud.service** | **serviceName**, **cloudTypeName**\n**resource.type** | **resourceTypeName**, **cloudTypeName**\n\n\nIf you specify **groupBy** multiple times in a single request, then **groupedAggregates** will include multiple attributes.\nFor example, you can set the following in the URL: **groupBy=cloud.account&groupBy=cloud.service**. Doing so will have the same effect\nas specifying a comma-separated list of values for **groupBy**.\n", "operationId": "asset-inventory-v2", "parameters": [ @@ -1101,6 +1102,7 @@ ] }, "post": { + "deprecated": true, "description": "Returns asset inventory pass/fail data for the specified time period. \r\n\r\nYou can get a list of the valid names and values for the filters body parameter \nthrough [List Inventory Filters V2](/prisma-cloud/api/cspm/get-asset-inventory-v-2-dashboard-filter-options).\n\nThe response includes an attribute **groupedAggregates**, whose content depends on the **groupBy** request body parameter.\nThe following table shows the attributes that **groupedAggregates** will include for the specified **groupBy** value:\n\n**groupBy** | **groupedAggregates** Includes \n-------------| ------------------------------\n_not specified_ | **cloudTypeName**\n**cloudType** | **cloudTypeName**\n**cloud.account** | **accountName**\n**cloud.region** | **regionName**, **cloudTypeName**\n**cloud.service** | **serviceName**, **cloudTypeName**\n**resource.type** | **resourceTypeName**, **cloudTypeName**\n\n\nIf **groupBy** includes multiple values, then **groupedAggregates** will include multiple attributes. \n", "operationId": "post-method-for-asset-inventory-v2", "requestBody": { @@ -1143,6 +1145,7 @@ }, "/v2/inventory/trend": { "get": { + "deprecated": true, "description": "Returns asset inventory pass/fail trends for the specified time period.", "operationId": "asset-inventory-trend-v2", "parameters": [ @@ -1328,6 +1331,7 @@ ] }, "post": { + "deprecated": true, "description": "Returns asset inventory pass/fail trends for the specified time period. \r\n\r\nYou can get a list of the valid names and values for the filters body parameter \nthrough [List Inventory Filters V2](/prisma-cloud/api/cspm/get-asset-inventory-v-2-dashboard-filter-options).\n", "operationId": "post-method-asset-inventory-trend-v2", "requestBody": { diff --git a/openapi-specs/cspm/CompliancePosture.json b/openapi-specs/cspm/CompliancePosture.json index e1416490c..a1232994f 100644 --- a/openapi-specs/cspm/CompliancePosture.json +++ b/openapi-specs/cspm/CompliancePosture.json @@ -670,6 +670,7 @@ "paths": { "/compliance/posture": { "get": { + "deprecated": true, "description": "Returns a breakdown of the passed/failed statistics and associated policies for compliance standards, requirements, and sections. Also returns a summary for all compliance standards.", "operationId": "get-compliance-posture", "parameters": [ @@ -795,6 +796,7 @@ ] }, "post": { + "deprecated": true, "description": "Returns a breakdown of the passed/failed statistics and associated policies for compliance standards, requirements, and sections. Also returns a summary for all compliance standards.", "operationId": "post-compliance-posture", "requestBody": { @@ -837,6 +839,7 @@ }, "/compliance/posture/{complianceId}": { "get": { + "deprecated": true, "description": "Returns a breakdown of the passed/failed statistics and associated policies for compliance standards, requirements, and sections for the given compliance standard ID.", "operationId": "get-compliance-posture-for-standard", "parameters": [ @@ -963,6 +966,7 @@ ] }, "post": { + "deprecated": true, "description": "Returns a breakdown of the passed/failed statistics and associated policies for compliance standards, requirements, and sections for the given compliance standard ID.", "operationId": "post-compliance-posture-for-standard", "parameters": [ @@ -1017,6 +1021,7 @@ }, "/compliance/posture/{complianceId}/{requirementId}": { "get": { + "deprecated": true, "description": "Returns a breakdown of the passed/failed statistics and associated policies for compliance sections for the specified compliance standard ID and compliance requirement ID.", "operationId": "get-compliance-posture-for-requirement", "parameters": [ @@ -1144,6 +1149,7 @@ ] }, "post": { + "deprecated": true, "description": "Returns a breakdown of the passed/failed statistics and associated policies for compliance sections for the specified compliance standard ID and compliance requirement ID. \r\n\r\nThe **fields** body parameter allows you to request specific fields. These fields are separate \nfrom the filters you specify. The following are valid **fields** items.\n\n* cloud.account\n* account.group\n* cloud.region\n* cloud.type\n* policy.complianceStandard\n* policy.complianceRequirement\n* policy.complianceSection\n\nThe **filters** body parameter enables you to narrow your request for alerts. \nSee [Get Compliance Overview Filters and Options](/prisma-cloud/api/cspm/get-compliance-posture-filters-and-options) \nfor for an API request to list all the valid filters.\n", "operationId": "post-compliance-posture-for-requirement", "parameters": [ @@ -1208,6 +1214,7 @@ }, "/compliance/posture/trend": { "get": { + "deprecated": true, "description": "Returns a compliance posture summary that describes the passed/failed statistics trend.", "operationId": "get-compliance-posture-trend", "parameters": [ @@ -1336,6 +1343,7 @@ ] }, "post": { + "deprecated": true, "description": "Returns a compliance posture summary that describes the passed/failed statistics trend. \r\n\r\nThe **fields** body parameter allows you to request specific fields. These fields are separate \nfrom the filters you specify. The following are valid **fields** items.\n\n* cloud.account\n* account.group\n* cloud.region\n* cloud.type\n* policy.complianceStandard\n* policy.complianceRequirement\n* policy.complianceSection\n\nThe **filters** body parameter enables you to narrow your request for alerts. \nSee [Get Compliance Overview Filters and Options](/prisma-cloud/api/cspm/get-compliance-posture-filters-and-options) \nfor the API request to list all valid filters.\n", "operationId": "post-compliance-posture-trend", "requestBody": { @@ -1381,6 +1389,7 @@ }, "/compliance/posture/trend/{complianceId}": { "get": { + "deprecated": true, "description": "Returns a compliance posture summary that describes the passed/failed statistics trend for the specified compliance standard ID.", "operationId": "get-compliance-posture-trend-for-standard", "parameters": [ @@ -1510,6 +1519,7 @@ ] }, "post": { + "deprecated": true, "description": "Returns a compliance posture summary that describes the passed/failed statistics trend for the specified compliance standard ID. \r\n\r\nThe **fields** request body parameter allows you to request specific fields. These fields are separate \nfrom the filters you specify. The following are valid **fields** items.\n\n* cloud.account\n* account.group\n* cloud.region\n* cloud.type\n* policy.complianceStandard\n* policy.complianceRequirement\n* policy.complianceSection\n\nThe **filters** request body parameter enables you to narrow your request for alerts. \nSee [Get Compliance Overview Filters and Options](/prisma-cloud/api/cspm/get-compliance-posture-filters-and-options) \nfor for an API request to list all the valid filters.\n", "operationId": "post-compliance-posture-trend-for-standard", "parameters": [ @@ -1567,6 +1577,7 @@ }, "/compliance/posture/trend/{complianceId}/{requirementId}": { "get": { + "deprecated": true, "description": "Returns the compliance posture summary that describes the passed/failed statistics trend for the given compliance standard ID and compliance requirement ID.", "operationId": "get-compliance-posture-trend-for-requirement", "parameters": [ @@ -1697,6 +1708,7 @@ ] }, "post": { + "deprecated": true, "description": "Returns the compliance posture summary that describes the passed/failed statistics trend for the given compliance standard ID and compliance requirement ID. \r\n\r\nThe **fields** body parameter allows you to request specific fields. These fields are separate \nfrom the filters you specify. The following are valid **fields** items.\n\n* cloud.account\n* account.group\n* cloud.region\n* cloud.type\n* policy.complianceStandard\n* policy.complianceRequirement\n* policy.complianceSection\n\nThe **filters** body parameter enables you to narrow your request for alerts. \nSee [Get Compliance Overview Filters and Options](/prisma-cloud/api/cspm/get-compliance-posture-filters-and-options)\nfor the API request to list all valid filters. \n", "operationId": "post-compliance-posture-trend-for-requirement", "parameters": [ diff --git a/openapi-specs/cspm/Reports.json b/openapi-specs/cspm/Reports.json index d9d494fe4..9cb4dfb58 100644 --- a/openapi-specs/cspm/Reports.json +++ b/openapi-specs/cspm/Reports.json @@ -790,6 +790,7 @@ ] }, "post": { + "deprecated": true, "description": "Creates a compliance report generation configuration based on the specified parameters. Report generation can be either one-time or recurring. \r\n\r\nYou can use the body parameters to specify whether the report is a one-time report \nor a recurring report. Specify a recurring report by providing a valid \n**target.schedule** body parameter.\n", "operationId": "save-report", "requestBody": { diff --git a/openapi-specs/cspm/consolidated_spec/all_endpoints.csv b/openapi-specs/cspm/consolidated_spec/all_endpoints.csv index 5dbb4e31e..63a961b7d 100644 --- a/openapi-specs/cspm/consolidated_spec/all_endpoints.csv +++ b/openapi-specs/cspm/consolidated_spec/all_endpoints.csv @@ -59,7 +59,6 @@ "get","/anomalies/trusted_list/types","List Allowed Trusted List Types","getAllowedTrustedListTypes","Anomalies","AnomaliesMicroService.json" "get","/anomalies/settings","Get All Anomaly Settings","getAllAnomaliesSettings","Anomalies","AnomaliesMicroService.json" "get","/anomalies/policies","List Policies for Trusted List Type","get-policies-anomalies","Anomalies","AnomaliesMicroService.json" -"get","/das/api/v1/resource",,"Get Resource Snapshot","Resource Explorer","ArchivedAssetsMicroService.json" "get","/config/api/v1/tenant/{prisma_id}/archiveList","Bulk Export Resource Archives","bulkExportResourceArchives","Archived Assets","ArchivedAssetsMicroService.json" "get","/filter/resource/scan_info/suggest","List Resource Info Filters","get-resource-info-filters-and-options","Asset Explorer","Monolith" "post","/filter/resource/scan_info/suggest","List Resource Info Filter Autocomplete Suggestions","get-resource-info-filter-options","Asset Explorer","Monolith" From 01ff59098661d6d4a5e0ec447e0253a844b54d80 Mon Sep 17 00:00:00 2001 From: AbiMano4688 Date: Tue, 3 Oct 2023 16:18:46 +0530 Subject: [PATCH 2/6] added OIDC APIs --- .../cspm/PermissionGroupsMicroService.json | 3602 ++++++++++------- .../cspm/consolidated_spec/all_endpoints.csv | 7 +- 2 files changed, 2081 insertions(+), 1528 deletions(-) diff --git a/openapi-specs/cspm/PermissionGroupsMicroService.json b/openapi-specs/cspm/PermissionGroupsMicroService.json index 8177bed77..3336b368a 100644 --- a/openapi-specs/cspm/PermissionGroupsMicroService.json +++ b/openapi-specs/cspm/PermissionGroupsMicroService.json @@ -1,10 +1,16 @@ { "openapi": "3.0.1", "info": { - "title": "Prisma Cloud Permission Groups API", - "description": "Permission groups enable you to restrict access to one or more features available on the Prisma Cloud administrative console. Permission group APIs allow you to retrieve, update or delete one or more existing permissions groups. You can also use these APIs to create a custom permission group and then you must attach it to a role and assign the role to a user.", - "contact": {}, - "version": "Latest" + "title": "Authentication and RBAC API's", + "contact": { + "name": "Platform", + "url": "https://panw-rnd.slack.com/archives/C01DQJBJ7LJ" + }, + "version": "1.0" + }, + "externalDocs": { + "description": "Platform Wiki Documentation", + "url": "https://redlock.atlassian.net/wiki/spaces/RED/pages/2744877602/Platform+AuthN+Integration+Template" }, "servers": [ { @@ -57,61 +63,13 @@ { "description": "Permission groups enable you to restrict access to one or more features available on the Prisma Cloud administrative console. Permission group APIs allow you to retrieve, update or delete one or more existing permissions groups. You can also use these APIs to create a custom permission group and then you must attach it to a role and assign the role to a user.", "name": "Permission Groups" + }, + { + "name": "Access Control", + "description": "OpenID Connect OpenID Connect (OIDC) is an open security protocol for authentication based on the OAuth 2.0 framework. Prisma Cloud offers the option to set up SSO, leveraging Service Provider initiated OIDC. Prisma Cloud System Administrators can use the following OAuth2 APIs to configure tenant SSO authenticatication using OIDC." } ], "paths": { - "/authz/v1/feature": { - "get": { - "tags": [ - "Permission Groups" - ], - "summary": "Get all active features", - "description": "Returns a list of Prisma Cloud features that can be added to Custom Permission Groups", - "operationId": "getFeatures", - "responses": { - "200": { - "description": "Successful operation", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "type": "string" - } - } - } - } - }, - "4XX": { - "description": "Client error", - "headers": { - "x-redlock-status": { - "description": "error description", - "style": "simple", - "schema": { - "type": "string" - } - } - }, - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "type": "string" - } - } - } - } - } - }, - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, "/authz/v1/permission_group/{id}": { "get": { "tags": [ @@ -175,7 +133,8 @@ { "x-redlock-auth": [] } - ] + ], + "x-public": "true" }, "put": { "tags": [ @@ -226,7 +185,8 @@ { "x-redlock-auth": [] } - ] + ], + "x-public": "true" }, "delete": { "tags": [ @@ -267,52 +227,30 @@ { "x-redlock-auth": [] } - ] + ], + "x-public": "true" } }, - "/authz/v1/permission_group": { + "/authn/api/v1/oauth2/config": { "get": { "tags": [ - "Permission Groups" - ], - "summary": "Get all existing Permission Groups", - "description": "Returns a list of all existing Permission Groups.", - "operationId": "getAll", - "parameters": [ - { - "name": "includeAssociatedRoles", - "in": "query", - "description": "To include associated roles in the response", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "name": "includeFeatures", - "in": "query", - "description": "To include permitted features in the response", - "required": false, - "schema": { - "type": "boolean" - } - } + "Access Control" ], + "summary": "Get OAuth2 Configuration", + "description": "Get the OAuth2 configuration details of a tenant that is used by OpenID Connect(OIDC).", + "operationId": "get-oauth2-config", "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/PermissionGroupDetail" - } + "$ref": "#/components/schemas/OAuth2ConfigDetail" } } } }, - "4XX": { + "400": { "description": "Client error", "headers": { "x-redlock-status": { @@ -326,10 +264,37 @@ "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/PermissionGroupDetail" - } + "$ref": "#/components/schemas/SpringErrorResponse" + } + } + } + }, + "401": { + "description": "Authentication error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OAuth2ConfigDetail" + } + } + } + }, + "403": { + "description": "Authorization error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OAuth2ConfigDetail" + } + } + } + }, + "429": { + "description": "Too many requests", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OAuth2ConfigDetail" } } } @@ -339,30 +304,33 @@ { "x-redlock-auth": [] } - ] + ], + "x-microservice": "true", + "x-ga": "23.10.1", + "x-public": "true" }, - "post": { + "put": { "tags": [ - "Permission Groups" + "Access Control" ], - "summary": "Add new Custom Permission Group", - "description": "Creates a new custom permission group with granular permissions that restrict access to the Prisma Cloud administrative console. Values include name, optional description and selection of enabled features and functions.", - "operationId": "save", + "summary": "Update OAuth2 Configuration", + "description": "Updates the parameters of an existing OAuth2 configuration that is used by OpenID Connect(OIDC).", + "operationId": "update-oauth2-config", "requestBody": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PermissionGroupRequest" + "$ref": "#/components/schemas/OAuth2ConfigDetail" } } }, "required": true }, "responses": { - "201": { + "204": { "description": "Successful operation" }, - "4XX": { + "400": { "description": "Client error", "headers": { "x-redlock-status": { @@ -372,82 +340,807 @@ "type": "string" } } + }, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SpringErrorResponse" + } + } } + }, + "401": { + "description": "Authentication error" + }, + "403": { + "description": "Authorization error" + }, + "429": { + "description": "Too many requests" } }, "security": [ { "x-redlock-auth": [] } - ] - } - } - }, - "components": { - "schemas": { - "ErrorDetails": { - "required": [ - "message", - "name" ], - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "message": { - "type": "string" - } - } + "x-microservice": "true", + "x-ga": "23.10.1", + "x-public": "true" }, - "SpringErrorResponse": { - "required": [ - "error", - "message", - "path", - "status", - "timestamp" + "post": { + "tags": [ + "Access Control" ], - "type": "object", - "properties": { - "timestamp": { - "type": "string" + "summary": "Create an OAuth2 Configuration", + "description": "Create an OAuth2 configuration for a given tenant to be used by OpenID Connect(OIDC).", + "operationId": "create-oauth2-config", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OAuth2ConfigDetail" + } + } }, - "status": { - "type": "integer", - "format": "int32" + "required": true + }, + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "type": "string" + } + } + } }, - "error": { - "type": "string" + "400": { + "description": "Client error", + "headers": { + "x-redlock-status": { + "description": "error description", + "style": "simple", + "schema": { + "type": "string" + } + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SpringErrorResponse" + } + } + } }, - "errorDetails": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ErrorDetails" + "401": { + "description": "Authentication error", + "content": { + "application/json": { + "schema": { + "type": "string" + } + } } }, - "message": { - "type": "string" + "403": { + "description": "Authorization error", + "content": { + "application/json": { + "schema": { + "type": "string" + } + } + } }, - "path": { - "type": "string" + "429": { + "description": "Too many requests", + "content": { + "application/json": { + "schema": { + "type": "string" + } + } + } } - } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-microservice": "true", + "x-ga": "23.10.1", + "x-public": "true" }, - "UserAccount": { - "required": [ - "email", - "firstName", - "lastName", - "timeZone" + "patch": { + "tags": [ + "Access Control" ], - "type": "object", - "properties": { - "email": { - "type": "string" - }, - "firstName": { - "type": "string" + "summary": "Update OAuth2 Configuration", + "description": "Updates the parameters of an existing OAuth2 configuration that is used by OpenID Connect(OIDC).", + "operationId": "patch-oauth2-config", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OAuth2ConfigDetail" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Client error", + "headers": { + "x-redlock-status": { + "description": "error description", + "style": "simple", + "schema": { + "type": "string" + } + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SpringErrorResponse" + } + } + } + }, + "401": { + "description": "Authentication error" + }, + "403": { + "description": "Authorization error" + }, + "429": { + "description": "Too many requests" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-microservice": "true", + "x-ga": "23.10.1", + "x-public": "true" + } + }, + "/authz/v1/permission_group": { + "get": { + "tags": [ + "Permission Groups" + ], + "summary": "Get all existing Permission Groups", + "description": "Returns the list of all existing Permission Groups.", + "operationId": "getAll", + "parameters": [ + { + "name": "includeAssociatedRoles", + "in": "query", + "description": "To include associated roles in the response", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "name": "includeFeatures", + "in": "query", + "description": "To include permitted features in the response", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/PermissionGroupDetail" + } + } + } + } + }, + "4XX": { + "description": "Client error", + "headers": { + "x-redlock-status": { + "description": "error description", + "style": "simple", + "schema": { + "type": "string" + } + } + }, + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/PermissionGroupDetail" + } + } + } + } + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + }, + "post": { + "tags": [ + "Permission Groups" + ], + "summary": "Add new Custom Permission Group", + "description": "Creates a new custom permission group with granular permissions that restrict access to the Prisma Cloud administrative console. Values include name, optional description and selection of enabled features and functions.", + "operationId": "save", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PermissionGroupRequest" + } + } + }, + "required": true + }, + "responses": { + "201": { + "description": "Successful operation" + }, + "4XX": { + "description": "Client error", + "headers": { + "x-redlock-status": { + "description": "error description", + "style": "simple", + "schema": { + "type": "string" + } + } + } + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/authz/v1/feature": { + "get": { + "tags": [ + "Permission Groups" + ], + "summary": "Get all active features", + "description": "Returns the list of Prisma Cloud features that can be added to Custom Permission Groups", + "operationId": "getFeatures", + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + }, + "4XX": { + "description": "Client error", + "headers": { + "x-redlock-status": { + "description": "error description", + "style": "simple", + "schema": { + "type": "string" + } + } + }, + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/authn/api/v1/oauth2/login": { + "get": { + "tags": [ + "Access Control" + ], + "summary": "Get OAuth2 Login URL", + "description": "Get the OAuth2 login url for the tenant.", + "operationId": "get-oauth2-login-url", + "parameters": [ + { + "name": "user_name", + "in": "query", + "description": "User name of the tenant requesting the login URL.", + "required": false, + "schema": { + "type": "string" + } + }, + { + "name": "prisma_id", + "in": "query", + "description": "PrismaId of the tenant requesting the login url", + "required": false, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "type": "string" + } + } + } + }, + "400": { + "description": "Client error", + "headers": { + "x-redlock-status": { + "description": "error description", + "style": "simple", + "schema": { + "type": "string" + } + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SpringErrorResponse" + } + } + } + }, + "429": { + "description": "Too many requests", + "content": { + "application/json": { + "schema": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + } + } + } + }, + "x-microservice": "true", + "x-ga": "23.10.1", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + } + }, + "components": { + "schemas": { + "Feature": { + "required": [ + "featureName", + "operations" + ], + "type": "object", + "properties": { + "featureName": { + "type": "string", + "description": "Prisma Cloud Feature Name. Prisma Cloud feature names can be retreived from GET: /authz/v1/feature API Endpoint" + }, + "operations": { + "type": "object", + "additionalProperties": { + "type": "object", + "description": "A mapping of operations and a boolean value representing whether the privilege to perform the operation needs to be granted." + }, + "description": "A mapping of operations and a boolean value representing whether the privilege to perform the operation needs to be granted." + } + }, + "description": "Collection of permitted features associated with the role. \n Refer to PermissionGroup API docs to get the entire list of PC features." + }, + "PermissionGroupRequest": { + "title": "Model used for permission group", + "required": [ + "features", + "name" + ], + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Permission Group Name" + }, + "description": { + "type": "string", + "description": "Permission Group Description" + }, + "features": { + "type": "array", + "description": "List of Prisma Cloud Features", + "items": { + "$ref": "#/components/schemas/Feature" + } + } + } + }, + "ErrorDetails": { + "required": [ + "message", + "name" + ], + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "message": { + "type": "string" + } + } + }, + "SpringErrorResponse": { + "required": [ + "error", + "message", + "path", + "status", + "timestamp" + ], + "type": "object", + "properties": { + "timestamp": { + "type": "string" + }, + "status": { + "type": "integer", + "format": "int32" + }, + "error": { + "type": "string" + }, + "errorDetails": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ErrorDetails" + } + }, + "message": { + "type": "string" + }, + "path": { + "type": "string" + } + } + }, + "SsoConfig": { + "type": "object", + "properties": { + "identityProvider": { + "title": "IdP Issuer URI", + "type": "string" + }, + "certificate": { + "title": "IdP Certificate", + "type": "string" + }, + "enabled": { + "title": "SSO Enabled", + "type": "boolean" + }, + "logoutRedirectUrl": { + "title": "IdP Sign-Off URL", + "type": "string" + }, + "relayStateParamName": { + "title": "IdP Relay State Param", + "type": "string" + }, + "lastLoginErrors": { + "title": "Last Login Errors", + "type": "array", + "items": { + "title": "Last Login Errors", + "type": "string" + } + }, + "audienceUri": { + "title": "AudienceUri or Prisma Cloud SP-Entity-Id", + "type": "string" + }, + "autoProvisionEnabled": { + "title": "AutoProvision Enabled", + "type": "boolean" + }, + "requireAccessSamlUrlPublic": { + "title": "Skip Public address check for Access SAML URL", + "type": "boolean" + }, + "autoProvisionSamlEmail": { + "title": "AutoProvision SAML Attribute - Email (Mandatory)", + "type": "string" + }, + "autoProvisionSamlFirstName": { + "title": "AutoProvision SAML Attribute - First name (Mandatory)", + "type": "string" + }, + "autoProvisionSamlLastName": { + "title": "AutoProvision SAML Attribute - Last name (Mandatory)", + "type": "string" + }, + "autoProvisionSamlRole": { + "title": "AutoProvision SAML Attribute - Role (Mandatory)", + "type": "string" + }, + "autoProvisionSamlTimezone": { + "title": "AutoProvision SAML Attribute - TZ", + "type": "string" + }, + "redLockAccessSamlUrl": { + "title": "IdP Configured Prisma Cloud Access URL", + "type": "string" + } + } + }, + "AllowListParams": { + "title": "IpAllowListParams", + "required": [ + "cidr", + "name" + ], + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "description": { + "type": "string" + }, + "cidr": { + "type": "array", + "items": { + "type": "string" + } + }, + "trimmedName": { + "type": "string" + }, + "trimmedDescription": { + "type": "string" + }, + "trimmedCidrs": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "description": "Model for login IP allow list parameters" + }, + "IpAllowListData": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Login IP allow list ID", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Name" + }, + "description": { + "type": "string", + "description": "Description" + }, + "cidr": { + "type": "array", + "description": "List of CIDR blocks (IP addresses) from which access is allowed when Login IP Allow List flag is enabled.", + "items": { + "type": "string", + "description": "List of CIDR blocks (IP addresses) from which access is allowed when Login IP Allow List flag is enabled." + } + }, + "lastModifiedTs": { + "type": "integer", + "description": "Timestamp for last modification of CIDR block list", + "format": "int64", + "readOnly": true + } + }, + "description": "Model for login IP allow list data" + }, + "OAuth2ConfigDetail": { + "required": [ + "clientId", + "grantType", + "idpAuthUri", + "issuer", + "tokenUri" + ], + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Id", + "format": "uuid", + "readOnly": true + }, + "clientSecret": { + "type": "string", + "description": "Client ID secret from the IdP", + "writeOnly": true + }, + "prismaId": { + "type": "integer", + "description": "Prisma ID of the tenant", + "format": "int64", + "readOnly": true + }, + "clientId": { + "type": "string", + "description": "Client ID obtained after Identity Provider(IdP) configuration" + }, + "issuer": { + "type": "string", + "description": "Issuer claim" + }, + "grantType": { + "type": "string", + "description": "Grant type", + "enum": [ + "authorization_code" + ] + }, + "withPkce": { + "type": "boolean", + "description": "Using proof key for code exchange(PKCE) as additional verification. PKCE ensures that only the client that requests the access token can redeem it.", + "enum": [ + true, + false + ] + }, + "idpAuthUri": { + "type": "string", + "description": "The endpoint to authenticate on the IdP." + }, + "tokenUri": { + "type": "string", + "description": "The Identity Provider token endpoint URL for obtaining access and ID tokens." + }, + "jwkSetUri": { + "type": "string", + "description": "The URL of the IdP JSON Web Key Set document. This document contains signing keys that are used to validate the signatures from the provider." + }, + "endSessionUri": { + "type": "string", + "description": "The URL used to sign out the user from the IdP." + }, + "isActive": { + "type": "boolean", + "description": "True to activate OAuth2 configuration; False otherwise.", + "enum": [ + true, + false + ] + }, + "pcAuthUri": { + "type": "string", + "description": "Prisma Cloud endpoint to begin the authentication flow", + "readOnly": true + }, + "pcRelayUri": { + "type": "string", + "description": "Prisma Cloud callback endpoint from the idP during authentication", + "readOnly": true + }, + "clientSecretIsBlank": { + "type": "boolean", + "description": "Is there a client secret configured", + "readOnly": true, + "enum": [ + true, + false + ] + }, + "lastLoginErrors": { + "type": "array", + "description": "Recent OAuth2 login errors", + "readOnly": true, + "items": { + "type": "string", + "description": "Recent OAuth2 login errors", + "readOnly": true + } + }, + "createdBy": { + "type": "string", + "description": "User who created the resource", + "readOnly": true + }, + "createdTs": { + "type": "integer", + "description": "Timestamp for created on", + "format": "int64", + "readOnly": true + }, + "lastModifiedBy": { + "type": "string", + "description": "User for last modification", + "readOnly": true + }, + "lastModifiedTs": { + "type": "integer", + "description": "Timestamp for last modification", + "format": "int64", + "readOnly": true + } + } + }, + "MultiRoleUserProfile": { + "required": [ + "email", + "firstName", + "lastName", + "timeZone" + ], + "type": "object", + "properties": { + "email": { + "type": "string" + }, + "firstName": { + "type": "string" }, "lastName": { "type": "string" @@ -502,36 +1195,6 @@ "activeRole": { "$ref": "#/components/schemas/UserProfileRoleDetail" }, - "username": { - "type": "string", - "description": "User or service account name" - }, - "type": { - "type": "string", - "description": "User type. Default is USER_ACCOUNT.", - "enum": [ - "USER_ACCOUNT", - "SERVICE_ACCOUNT" - ] - }, - "accessKeyName": { - "type": "string" - }, - "accessKeyExpiration": { - "type": "integer", - "description": "Access key expiration timestamp in milliseconds", - "format": "int64" - }, - "enableKeyExpiration": { - "type": "boolean", - "description": "true = Enable access key expiration. Default is false." - }, - "accessKeysCount": { - "type": "integer", - "description": "Access key count", - "format": "int32", - "readOnly": true - }, "userRoleName": { "type": "string", "writeOnly": true @@ -561,52 +1224,6 @@ } } }, - "CreateUserAccessKeyResponse": { - "type": "object", - "properties": { - "id": { - "type": "string" - }, - "secretKey": { - "type": "string" - } - } - }, - "ChangePasswordRequest": { - "type": "object", - "properties": { - "userName": { - "type": "string" - }, - "password": { - "type": "string" - }, - "newPassword": { - "type": "string" - } - } - }, - "SupportUserProfile": { - "type": "object", - "properties": { - "email": { - "type": "string" - }, - "supportAccessLevel": { - "type": "string", - "enum": [ - "NONE", - "LIGHT_AGENT", - "AGENT", - "ADMIN" - ] - }, - "failedLoginCount": { - "type": "integer", - "format": "int32" - } - } - }, "UserProfile": { "required": [ "email", @@ -679,396 +1296,414 @@ } } }, - "OpenIdConfigurationResponse": { + "Attributes": { "type": "object", "properties": { - "issuer": { - "type": "string" + "onlyAllowCIAccess": { + "type": "boolean" }, - "authorization_endpoint": { - "type": "string" + "onlyAllowComputeAccess": { + "type": "boolean" }, - "jwks_uri": { - "type": "string" + "hasDefenderPermissions": { + "type": "boolean" }, - "token_endpoint": { + "onlyAllowReadAccess": { + "type": "boolean" + } + } + }, + "UserRole": { + "type": "object", + "properties": { + "id": { "type": "string" }, - "token_endpoint_auth_methods_supported": { - "type": "array", - "items": { - "type": "string" - } - }, - "introspection_endpoint": { + "name": { "type": "string" }, - "introspection_endpoint_auth_methods_supported": { - "type": "array", - "items": { - "type": "string" - } + "description": { + "type": "string" }, - "revocation_endpoint": { + "lastModifiedBy": { "type": "string" }, - "response_types_supported": { + "lastModifiedTs": { + "type": "integer", + "format": "int64" + }, + "accountGroupIds": { "type": "array", "items": { "type": "string" } }, - "subject_types_supported": { + "resourceListIds": { "type": "array", "items": { "type": "string" } }, - "id_token_signing_alg_values_supported": { + "codeRepositoryIds": { "type": "array", "items": { "type": "string" } }, - "grant_types_supported": { + "associatedUsers": { "type": "array", "items": { "type": "string" } + }, + "restrictDismissalAccess": { + "type": "boolean" + }, + "additionalAttributes": { + "$ref": "#/components/schemas/Attributes" + }, + "roleType": { + "type": "string" } } }, - "Feature": { - "required": [ - "featureName", - "operations" - ], + "SupportUserProfileRequest": { "type": "object", "properties": { - "featureName": { - "type": "string", - "description": "Prisma Cloud Feature Name. Prisma Cloud feature names can be retreived from GET: /authz/v1/feature API Endpoint" + "email": { + "type": "string" }, - "operations": { - "type": "object", - "additionalProperties": { - "type": "object", - "description": "A mapping of operations and a boolean value representing whether the privilege to perform the operation needs to be granted." - }, - "description": "A mapping of operations and a boolean value representing whether the privilege to perform the operation needs to be granted." + "supportAccessLevel": { + "type": "string" } - }, - "description": "Collection of permitted features associated with the role. \n Refer to PermissionGroup API docs to get the entire list of PC features." + } }, - "RoleInternalPermissionGroup": { - "required": [ - "custom", - "features", - "name" - ], + "UserSearchCriteria": { + "title": "User Search Request Filter", "type": "object", "properties": { - "name": { - "type": "string", - "description": "PermissionGroup Name" - }, - "custom": { - "type": "boolean", - "description": "Indicates whether the permissionGroup associated with the role is 'Default' or 'Custom' type." - }, - "features": { + "permissionGroupIds": { "type": "array", - "description": "Collection of permitted features associated with the role. \n Refer to PermissionGroup API docs to get the entire list of PC features.", "items": { - "$ref": "#/components/schemas/Feature" + "type": "string" } - } - }, - "description": "Permission Group is only populated for the active role, i.e. active=true" - }, - "UserInternalRole": { - "required": [ - "active", - "default", - "id", - "name" - ], - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "Unique id of the Role" - }, - "name": { - "type": "string", - "description": "Name of the Role" - }, - "active": { - "type": "boolean", - "description": "Indicates whether the role is active role or not" - }, - "permissionGroup": { - "$ref": "#/components/schemas/RoleInternalPermissionGroup" }, - "default": { - "type": "boolean", - "description": "Indicates whether the role is default or not" + "userRoleIds": { + "type": "array", + "items": { + "type": "string" + } } } }, - "UserProfileV2": { - "required": [ - "email", - "firstName", - "lastName", - "timeZone" - ], - "type": "object", - "properties": { - "email": { - "type": "string" - }, - "firstName": { - "type": "string" - }, - "lastName": { - "type": "string" - }, - "displayName": { - "type": "string" - }, - "timeZone": { - "type": "string", - "description": "Time zone (e.g. America/Los_Angeles)" - }, - "lastLoginTs": { - "type": "integer", - "format": "int64", - "readOnly": true - }, - "accessKeysAllowed": { - "type": "boolean" - }, - "roles": { + "PageResponse": { + "type": "object", + "properties": { + "content": { "type": "array", "items": { - "$ref": "#/components/schemas/UserInternalRole" + "$ref": "#/components/schemas/UserSearch" } + }, + "nextPageToken": { + "type": "string" } - } + }, + "description": "Response with along with nextPageToken" }, - "AllowListParams": { - "title": "IpAllowListParams", - "required": [ - "cidr", - "name" - ], + "UserSearch": { "type": "object", "properties": { - "name": { - "type": "string" - }, - "description": { + "username": { "type": "string" }, - "cidr": { + "roles": { "type": "array", + "properties": { + "List of role IDs": { + "type": "string" + } + }, "items": { - "type": "string" + "$ref": "#/components/schemas/roleDetail" } }, - "trimmedName": { + "timezone": { "type": "string" }, - "trimmedDescription": { - "type": "string" + "ssoBypassAllowed": { + "type": "boolean" }, - "trimmedCidrs": { - "type": "array", - "items": { - "type": "string" - } + "accessKeysAllowed": { + "type": "boolean" } }, - "description": "Model for login IP allow list parameters" + "description": "User Search Result Data" }, - "IpAllowListData": { + "roleDetail": { "type": "object", "properties": { - "id": { - "type": "string", - "description": "Login IP allow list ID", - "readOnly": true - }, - "name": { - "type": "string", - "description": "Name" - }, - "description": { - "type": "string", - "description": "Description" + "roleId": { + "type": "string" + } + }, + "description": "user role" + }, + "EntitlementToRoleSearchRequest": { + "type": "object", + "properties": { + "resourceListIds": { + "uniqueItems": true, + "type": "array", + "items": { + "type": "string" + } }, - "cidr": { + "accountGroupIds": { + "uniqueItems": true, "type": "array", - "description": "List of CIDR blocks (IP addresses) from which access is allowed when Login IP Allow List flag is enabled.", "items": { - "type": "string", - "description": "List of CIDR blocks (IP addresses) from which access is allowed when Login IP Allow List flag is enabled." + "type": "string" } }, - "lastModifiedTs": { - "type": "integer", - "description": "Timestamp for last modification of CIDR block list", - "format": "int64", - "readOnly": true + "codeRepositoryIds": { + "uniqueItems": true, + "type": "array", + "items": { + "type": "string" + } } - }, - "description": "Model for login IP allow list data" + } }, - "CustomerSupportFilter": { + "CustomerNameResponse": { "type": "object", "properties": { "customerName": { "type": "string" }, - "customerId": { - "type": "integer", - "format": "int32" - }, - "entitlementSerialNumber": { + "prismaId": { "type": "string" + }, + "tosAccepted": { + "type": "boolean" } } }, - "UserAccessKeyDetailResponse": { + "SamlLoginResponse": { "type": "object", "properties": { - "Access key id": { - "type": "string", - "format": "uuid", - "readOnly": true + "errorReasonExpectedValue": { + "type": "string" }, - "name": { + "errorReasonActualValue": { "type": "string" }, - "createdBy": { + "errorReasonKey": { + "type": "string", + "enum": [ + "SAML_ASSERTION", + "SAML_ASSERTION_AUDIENCE_URI", + "SAML_ASSERTION_AUTHN_STATEMENT", + "SAML_ASSERTION_AUTHN_STATEMENT_SESSION_TIME", + "SAML_ASSERTION_CONDITIONS", + "SAML_ASSERTION_ISSUE_INSTANT", + "SAML_ASSERTION_ISSUER_URI", + "SAML_ASSERTION_SIGNATURE", + "SAML_ASSERTION_SUBJECT_CONFIRMATION_DATA_NOT_ON_OR_AFTER", + "SAML_ASSERTION_SUBJECT_CONFIRMATION_DATA_RECIPIENT", + "SAML_ASSERTION_TIME_LIMIT_NOT_BEFORE", + "SAML_ASSERTION_TIME_LIMIT_NOT_ON_OR_AFTER", + "SAML_CERTIFICATE", + "SAML_CONFIGURATION", + "SAML_CUSTOMER", + "SAML_DESTINATION_URI", + "SAML_PARSING_STATUS_CODE", + "SAML_RESPONSE", + "SAML_USER" + ] + }, + "message": { "type": "string" }, - "createdTs": { - "type": "integer", - "format": "int64" + "token": { + "type": "string" }, - "lastUsedTime": { - "type": "integer", - "format": "int64" + "customerNames": { + "type": "array", + "items": { + "$ref": "#/components/schemas/CustomerNameResponse" + } }, - "status": { + "forwardLocation": { "type": "string" }, - "expiresOn": { - "type": "integer", - "format": "int64" + "prismaSamlAttributes": { + "type": "object", + "additionalProperties": { + "type": "object" + } }, - "role": { + "pingSamlAttributes": { "type": "object", "additionalProperties": { - "type": "string", - "description": "Role of User" - }, - "description": "Role of User" + "type": "object" + } }, - "roleType": { - "type": "string" + "customerId": { + "type": "integer", + "format": "int32" }, - "username": { + "prismaId": { "type": "string" - } - } - }, - "Attributes": { - "type": "object", - "properties": { - "onlyAllowCIAccess": { - "type": "boolean" }, - "onlyAllowComputeAccess": { - "type": "boolean" + "errorInfoUnavailable": { + "type": "string", + "writeOnly": true, + "enum": [ + "SAML_ASSERTION", + "SAML_ASSERTION_AUDIENCE_URI", + "SAML_ASSERTION_AUTHN_STATEMENT", + "SAML_ASSERTION_AUTHN_STATEMENT_SESSION_TIME", + "SAML_ASSERTION_CONDITIONS", + "SAML_ASSERTION_ISSUE_INSTANT", + "SAML_ASSERTION_ISSUER_URI", + "SAML_ASSERTION_SIGNATURE", + "SAML_ASSERTION_SUBJECT_CONFIRMATION_DATA_NOT_ON_OR_AFTER", + "SAML_ASSERTION_SUBJECT_CONFIRMATION_DATA_RECIPIENT", + "SAML_ASSERTION_TIME_LIMIT_NOT_BEFORE", + "SAML_ASSERTION_TIME_LIMIT_NOT_ON_OR_AFTER", + "SAML_CERTIFICATE", + "SAML_CONFIGURATION", + "SAML_CUSTOMER", + "SAML_DESTINATION_URI", + "SAML_PARSING_STATUS_CODE", + "SAML_RESPONSE", + "SAML_USER" + ] + }, + "errorInfoMultiple": { + "type": "string", + "writeOnly": true, + "enum": [ + "SAML_ASSERTION", + "SAML_ASSERTION_AUDIENCE_URI", + "SAML_ASSERTION_AUTHN_STATEMENT", + "SAML_ASSERTION_AUTHN_STATEMENT_SESSION_TIME", + "SAML_ASSERTION_CONDITIONS", + "SAML_ASSERTION_ISSUE_INSTANT", + "SAML_ASSERTION_ISSUER_URI", + "SAML_ASSERTION_SIGNATURE", + "SAML_ASSERTION_SUBJECT_CONFIRMATION_DATA_NOT_ON_OR_AFTER", + "SAML_ASSERTION_SUBJECT_CONFIRMATION_DATA_RECIPIENT", + "SAML_ASSERTION_TIME_LIMIT_NOT_BEFORE", + "SAML_ASSERTION_TIME_LIMIT_NOT_ON_OR_AFTER", + "SAML_CERTIFICATE", + "SAML_CONFIGURATION", + "SAML_CUSTOMER", + "SAML_DESTINATION_URI", + "SAML_PARSING_STATUS_CODE", + "SAML_RESPONSE", + "SAML_USER" + ] + }, + "errorInfoInvalid": { + "type": "string", + "writeOnly": true, + "enum": [ + "SAML_ASSERTION", + "SAML_ASSERTION_AUDIENCE_URI", + "SAML_ASSERTION_AUTHN_STATEMENT", + "SAML_ASSERTION_AUTHN_STATEMENT_SESSION_TIME", + "SAML_ASSERTION_CONDITIONS", + "SAML_ASSERTION_ISSUE_INSTANT", + "SAML_ASSERTION_ISSUER_URI", + "SAML_ASSERTION_SIGNATURE", + "SAML_ASSERTION_SUBJECT_CONFIRMATION_DATA_NOT_ON_OR_AFTER", + "SAML_ASSERTION_SUBJECT_CONFIRMATION_DATA_RECIPIENT", + "SAML_ASSERTION_TIME_LIMIT_NOT_BEFORE", + "SAML_ASSERTION_TIME_LIMIT_NOT_ON_OR_AFTER", + "SAML_CERTIFICATE", + "SAML_CONFIGURATION", + "SAML_CUSTOMER", + "SAML_DESTINATION_URI", + "SAML_PARSING_STATUS_CODE", + "SAML_RESPONSE", + "SAML_USER" + ] }, - "hasDefenderPermissions": { - "type": "boolean" + "errorInfoDisabled": { + "type": "string", + "writeOnly": true, + "enum": [ + "SAML_ASSERTION", + "SAML_ASSERTION_AUDIENCE_URI", + "SAML_ASSERTION_AUTHN_STATEMENT", + "SAML_ASSERTION_AUTHN_STATEMENT_SESSION_TIME", + "SAML_ASSERTION_CONDITIONS", + "SAML_ASSERTION_ISSUE_INSTANT", + "SAML_ASSERTION_ISSUER_URI", + "SAML_ASSERTION_SIGNATURE", + "SAML_ASSERTION_SUBJECT_CONFIRMATION_DATA_NOT_ON_OR_AFTER", + "SAML_ASSERTION_SUBJECT_CONFIRMATION_DATA_RECIPIENT", + "SAML_ASSERTION_TIME_LIMIT_NOT_BEFORE", + "SAML_ASSERTION_TIME_LIMIT_NOT_ON_OR_AFTER", + "SAML_CERTIFICATE", + "SAML_CONFIGURATION", + "SAML_CUSTOMER", + "SAML_DESTINATION_URI", + "SAML_PARSING_STATUS_CODE", + "SAML_RESPONSE", + "SAML_USER" + ] }, - "onlyAllowReadAccess": { - "type": "boolean" + "fullErrorMessage": { + "type": "string" } } }, - "UserRole": { + "SamlLoginRequest": { + "title": "Model used for saml authentication", + "required": [ + "rawSaml", + "requestIpAddress" + ], "type": "object", "properties": { - "id": { - "type": "string" - }, - "name": { - "type": "string" - }, - "description": { + "rawSaml": { "type": "string" }, - "lastModifiedBy": { + "requestIpAddress": { "type": "string" }, - "lastModifiedTs": { - "type": "integer", - "format": "int64" - }, - "accountGroupIds": { - "type": "array", - "items": { - "type": "string" - } - }, - "resourceListIds": { - "type": "array", - "items": { - "type": "string" - } - }, - "codeRepositoryIds": { - "type": "array", - "items": { - "type": "string" - } - }, - "associatedUsers": { - "type": "array", - "items": { - "type": "string" - } - }, - "restrictDismissalAccess": { - "type": "boolean" - }, - "additionalAttributes": { - "$ref": "#/components/schemas/Attributes" - }, - "roleType": { + "relayState": { "type": "string" } } }, - "CustomerNameResponse": { + "LoginRequest": { + "title": "Model used for authentication", "type": "object", "properties": { + "username": { + "type": "string" + }, "customerName": { "type": "string" }, "prismaId": { "type": "string" }, + "password": { + "type": "string" + }, "tosAccepted": { "type": "boolean" + }, + "ssoSession": { + "type": "boolean" } - } + }, + "description": "Model used for authentication" }, "LoginResponse": { "type": "object", @@ -1094,210 +1729,68 @@ } } }, - "GetServicesResponse": { - "required": [ - "services" - ], + "ServiceTokenResponse": { "type": "object", "properties": { - "services": { - "uniqueItems": true, - "type": "array", - "items": { - "$ref": "#/components/schemas/ServiceResponse" - } - }, - "errors": { - "type": "object", - "additionalProperties": { - "type": "string" - } + "empty": { + "type": "boolean" } + }, + "additionalProperties": { + "type": "string" } }, - "JwkResponse": { - "required": [ - "alg", - "key_ops", - "kid", - "kty", - "used_for_grant" - ], + "ChangePasswordRequest": { "type": "object", "properties": { - "kid": { - "type": "string" - }, - "kty": { - "type": "string" - }, - "alg": { - "type": "string", - "enum": [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512" - ] - }, - "key_ops": { - "type": "array", - "items": { - "type": "string" - } - }, - "used_for_grant": { - "type": "boolean" - }, - "expires_at": { - "type": "integer", - "format": "int64" - }, - "token_duration_seconds": { - "type": "integer", - "format": "int64" - }, - "k": { - "type": "string" - }, - "e": { - "type": "string" - }, - "n": { - "type": "string" - }, - "d": { - "type": "string" - }, - "p": { - "type": "string" - }, - "q": { - "type": "string" - }, - "dp": { + "userName": { "type": "string" }, - "dq": { + "password": { "type": "string" }, - "qi": { + "newPassword": { "type": "string" } } }, - "JwksResponse": { - "required": [ - "keys" - ], - "type": "object", - "properties": { - "keys": { - "uniqueItems": true, - "type": "array", - "items": { - "$ref": "#/components/schemas/JwkResponse" - } - } - } - }, - "ServiceResponse": { - "required": [ - "id", - "is_enabled", - "jwks", - "password", - "roles", - "username" - ], + "ForgotPasswordRequest": { "type": "object", "properties": { - "id": { - "type": "integer", - "format": "int64" - }, "username": { "type": "string" }, - "password": { + "resetToken": { "type": "string" }, - "roles": { - "uniqueItems": true, - "type": "array", - "items": { - "type": "string" - } - }, - "jwks": { - "$ref": "#/components/schemas/JwksResponse" - }, - "customer_name": { - "type": "string", - "deprecated": true - }, - "prisma_id": { + "recaptchaResponse": { "type": "string" - }, - "is_enabled": { - "type": "boolean" } } }, - "LoginRequest": { - "title": "Model used for authentication", + "UsernamePasswordRequest": { + "title": "Model used to validate user/password", "type": "object", "properties": { "username": { "type": "string" }, - "customerName": { - "type": "string" - }, - "prismaId": { - "type": "string" - }, "password": { "type": "string" - }, - "tosAccepted": { - "type": "boolean" - }, - "ssoSession": { - "type": "boolean" - } - }, - "description": "Model used for authentication" + } + } }, - "EntitlementToRoleSearchRequest": { + "ExternalJwtIntegration": { + "title": "Model used for JWT integrations with external vendors", "type": "object", "properties": { - "resourceListIds": { - "uniqueItems": true, - "type": "array", - "items": { - "type": "string" - } - }, - "accountGroupIds": { - "uniqueItems": true, - "type": "array", - "items": { - "type": "string" - } - }, - "codeRepositoryIds": { - "uniqueItems": true, - "type": "array", - "items": { - "type": "string" - } + "integration": { + "type": "string" } - } + }, + "description": "Model used for JWT integrations with external vendors" }, - "UserProfileInternal": { + "UserAccount": { "required": [ "email", "firstName", @@ -1395,851 +1888,788 @@ "format": "int32", "readOnly": true }, - "sfSyncStatus": { - "type": "boolean" - }, "userRoleName": { "type": "string", "writeOnly": true } } }, - "PermissionGroupRequest": { - "title": "Model used for permission group", - "required": [ - "features", - "name" - ], + "CreateUserAccessKeyResponse": { "type": "object", "properties": { - "name": { - "type": "string", - "description": "Permission Group Name" - }, - "description": { - "type": "string", - "description": "Permission Group Description" + "id": { + "type": "string" }, - "features": { - "type": "array", - "description": "List of Prisma Cloud Features", - "items": { - "$ref": "#/components/schemas/Feature" - } + "secretKey": { + "type": "string" } } }, - "ForgotPasswordRequest": { + "CustomerSupportFilter": { "type": "object", "properties": { - "username": { + "customerName": { "type": "string" }, - "resetToken": { - "type": "string" + "customerId": { + "type": "integer", + "format": "int32" }, - "recaptchaResponse": { + "entitlementSerialNumber": { "type": "string" } } }, - "PermissionGroupDetail": { + "AccountFilterVO": { "type": "object", "properties": { - "name": { - "type": "string", - "description": "Permission Group Name" - }, - "description": { - "type": "string", - "description": "Permission Group Description" - }, - "type": { - "type": "string", - "description": "Permission Group Type", - "enum": [ - "Default", - "Custom", - "Internal", - "Default", - "Custom" - ] - }, - "lastModifiedBy": { - "type": "string" - }, - "lastModifiedTs": { - "type": "integer", - "format": "int64" - }, - "associatedRoles": { - "type": "object", - "additionalProperties": { - "type": "object", - "description": "Map of associated role Ids and Names" - }, - "description": "Map of associated role Ids and Names" - }, - "features": { - "$ref": "#/components/schemas/Feature" - }, - "acceptAccountGroups": { - "type": "boolean", - "description": "acceptAccountGroups" - }, - "acceptResourceLists": { - "type": "boolean", - "description": "acceptResourceLists" + "groupIds": { + "type": "array", + "items": { + "type": "string" + } }, - "acceptCodeRepositories": { - "type": "boolean", - "description": "acceptCodeRepositories" + "groupNames": { + "type": "array", + "items": { + "type": "string" + } }, - "custom": { - "type": "boolean", - "description": "Boolean value signifying whether this is a custom (i.e. user-defined) permission group. Is set to true if the attribute value of permissionGroupType is set to CUSTOM" + "cloudTypes": { + "type": "array", + "items": { + "type": "string" + } }, - "id": { - "type": "string", - "description": "Permission Group ID" + "fetchEnabledAccountsOnly": { + "type": "boolean" } } }, - "PermissionGroup": { + "ResourceListFilterVO": { "type": "object", "properties": { - "name": { - "type": "string", - "description": "Permission Group Name" + "resourceListIds": { + "type": "array", + "items": { + "type": "string" + } }, - "custom": { - "type": "boolean", - "description": "Boolean value signifying whether this is a custom (i.e. user-defined) permission group. Is set to true if the attribute value of permissionGroupType is set to CUSTOM" + "resourceListNames": { + "type": "array", + "items": { + "type": "string" + } }, - "id": { - "type": "string", - "description": "Permission Group ID" + "resourceListTypes": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "TAG", + "RESOURCE_ID", + "STRING", + "IP_ADDRESS", + "NUMBER", + "RESOURCE_GROUP", + "COMPUTE_ACCESS_GROUP" + ] + } } } }, - "User": { + "UserEntitlementsRequestVO": { "type": "object", "properties": { - "username": { - "type": "string" - }, - "password": { + "redLockResourceType": { "type": "string" }, - "firstname": { + "requestType": { "type": "string" }, - "lastname": { - "type": "string" + "accountFilters": { + "$ref": "#/components/schemas/AccountFilterVO" }, - "timezone": { - "type": "string" + "resourceListFilters": { + "$ref": "#/components/schemas/ResourceListFilterVO" }, - "resetToken": { + "userClientIp": { "type": "string" }, - "resetTokenTs": { - "type": "integer", - "format": "int64" - }, - "customerId": { - "type": "integer", - "format": "int32" - }, - "deleted": { + "doIpWhitelistCheck": { "type": "boolean" }, - "defaultUserRoleId": { - "type": "string" - }, - "userRoleDetails": { - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/UserInternalRoleDetail" - } - }, - "customerName": { - "type": "string" - }, - "lastLoginTime": { - "type": "integer", - "format": "int64" - }, - "tosBypassAllowed": { + "doAuthorizationCheck": { "type": "boolean" }, - "lastModifiedBy": { - "type": "string" - }, - "lastModifiedTs": { - "type": "integer", - "format": "int64" - }, - "tosAccepted": { + "fetchAccountGroups": { "type": "boolean" }, - "ssoBypassAllowed": { + "fetchAccounts": { "type": "boolean" }, - "sessionTimeout": { - "type": "integer", - "format": "int32" - }, - "provisional": { + "fetchResourceLists": { "type": "boolean" }, - "canAssumeRole": { + "fetchCodeRepositories": { "type": "boolean" }, - "supportAccessLevel": { - "type": "string", - "enum": [ - "NONE", - "LIGHT_AGENT", - "AGENT", - "ADMIN" - ] - }, - "accessKeysAllowed": { + "fetchNonOnboardedAccounts": { "type": "boolean" }, - "sfSyncStatus": { + "doSupportAccessCheck": { "type": "boolean" }, - "type": { + "requiredSupportAccessLevel": { "type": "string", "enum": [ - "USER_ACCOUNT", - "SERVICE_ACCOUNT" + "NONE", + "LIGHT_AGENT", + "SRE", + "AGENT", + "ADMIN" ] - }, - "fullName": { - "type": "string" - }, - "active": { - "type": "boolean" } - }, - "description": "User object" + } }, - "UserInternalRoleDetail": { + "CloudAccountMetaVO": { "type": "object", "properties": { "id": { - "type": "string" + "type": "integer", + "format": "int32" }, - "name": { + "accountId": { "type": "string" }, - "permissionGroup": { - "$ref": "#/components/schemas/PermissionGroup" - }, - "restrictedDismissalAccess": { - "type": "boolean" + "accountName": { + "type": "string" }, - "hasDefenderPermissions": { + "enabled": { "type": "boolean" }, - "onlyAllowReadAccess": { - "type": "boolean" + "cloudType": { + "type": "string" }, - "onlyAllowComputeAccess": { - "type": "boolean" + "groupIds": { + "uniqueItems": true, + "type": "array", + "items": { + "type": "string" + } }, - "onlyAllowCIAccess": { - "type": "boolean" + "groupNames": { + "uniqueItems": true, + "type": "array", + "items": { + "type": "string" + } } } }, - "MultiRoleUserProfile": { + "JsonNode": { + "type": "object" + }, + "ResourceListVO": { "required": [ - "email", - "firstName", - "lastName", - "timeZone" + "resourceListType" ], "type": "object", "properties": { - "email": { - "type": "string" - }, - "firstName": { + "id": { "type": "string" }, - "lastName": { + "name": { "type": "string" }, - "timeZone": { + "resourceListType": { "type": "string", - "description": "Time zone (e.g. America/Los_Angeles)" + "enum": [ + "TAG", + "RESOURCE_ID", + "STRING", + "IP_ADDRESS", + "NUMBER", + "RESOURCE_GROUP", + "COMPUTE_ACCESS_GROUP" + ] }, - "enabled": { - "type": "boolean", - "readOnly": true + "description": { + "type": "string" }, "lastModifiedBy": { - "type": "string", - "readOnly": true + "type": "string" }, "lastModifiedTs": { "type": "integer", - "format": "int64", - "readOnly": true - }, - "lastLoginTs": { - "type": "integer", - "format": "int64", - "readOnly": true - }, - "displayName": { - "type": "string", - "readOnly": true - }, - "ssoBypassAllowed": { - "type": "boolean" + "format": "int64" }, - "accessKeysAllowed": { - "type": "boolean" + "members": { + "$ref": "#/components/schemas/JsonNode" + } + } + }, + "UserEntitlementsResponseVO": { + "type": "object", + "properties": { + "userMeta": { + "$ref": "#/components/schemas/UserMetaVO" }, - "defaultRoleId": { - "type": "string" + "groupIdVsName": { + "type": "object", + "additionalProperties": { + "type": "string" + } }, - "roleIds": { + "resourceLists": { "type": "array", "items": { - "type": "string" + "$ref": "#/components/schemas/ResourceListVO" } }, - "roles": { + "accounts": { "type": "array", "items": { - "$ref": "#/components/schemas/UserProfileRoleDetail" + "$ref": "#/components/schemas/CloudAccountMetaVO" } }, - "activeRole": { - "$ref": "#/components/schemas/UserProfileRoleDetail" - }, - "userRoleName": { - "type": "string", - "writeOnly": true + "codeRepositoriesEntitlementUrl": { + "type": "string" } } }, - "SsoConfig": { + "UserMetaVO": { "type": "object", "properties": { - "identityProvider": { - "title": "IdP Issuer URI", - "type": "string" - }, - "certificate": { - "title": "IdP Certificate", + "username": { "type": "string" }, - "enabled": { - "title": "SSO Enabled", - "type": "boolean" - }, - "logoutRedirectUrl": { - "title": "IdP Sign-Off URL", + "roleType": { "type": "string" }, - "relayStateParamName": { - "title": "IdP Relay State Param", + "customerName": { "type": "string" }, - "lastLoginErrors": { - "title": "Last Login Errors", - "type": "array", - "items": { - "title": "Last Login Errors", - "type": "string" - } - }, - "audienceUri": { - "title": "AudienceUri or Prisma Cloud SP-Entity-Id", + "timeZone": { "type": "string" }, - "autoProvisionEnabled": { - "title": "AutoProvision Enabled", - "type": "boolean" + "lastLoginTime": { + "type": "integer", + "format": "int64" }, - "requireAccessSamlUrlPublic": { - "title": "Skip Public address check for Access SAML URL", + "ssoSession": { "type": "boolean" }, - "autoProvisionSamlEmail": { - "title": "AutoProvision SAML Attribute - Email (Mandatory)", - "type": "string" + "customerCreatedTs": { + "type": "integer", + "format": "int64" }, - "autoProvisionSamlFirstName": { - "title": "AutoProvision SAML Attribute - First name (Mandatory)", - "type": "string" + "licenseType": { + "type": "string", + "enum": [ + "ENTERPRISE", + "BUSINESS" + ] }, - "autoProvisionSamlLastName": { - "title": "AutoProvision SAML Attribute - Last name (Mandatory)", - "type": "string" + "customerId": { + "type": "integer", + "format": "int32" }, - "autoProvisionSamlRole": { - "title": "AutoProvision SAML Attribute - Role (Mandatory)", + "prismaId": { "type": "string" }, - "autoProvisionSamlTimezone": { - "title": "AutoProvision SAML Attribute - TZ", + "activeUserRoleId": { "type": "string" }, - "redLockAccessSamlUrl": { - "title": "IdP Configured Prisma Cloud Access URL", - "type": "string" + "supportAccessLevel": { + "type": "string", + "enum": [ + "NONE", + "LIGHT_AGENT", + "SRE", + "AGENT", + "ADMIN" + ] } } }, - "UserAccessKeyResponse": { + "TokenInfoResponse": { + "required": [ + "active" + ], "type": "object", "properties": { - "Access key id": { + "active": { + "type": "boolean" + }, + "username": { + "type": "string" + }, + "roles": { + "uniqueItems": true, + "type": "array", + "items": { + "type": "string" + } + }, + "authorized": { + "type": "boolean", + "description": "Null if roles query param is not sent otherwise {true only if the roles are authorized for the token}" + }, + "exp": { + "type": "integer", + "format": "int64" + }, + "prismaId": { + "type": "string" + }, + "claims": { + "type": "object", + "additionalProperties": { + "type": "object" + } + }, + "authorizedSupportLevels": { + "uniqueItems": true, + "type": "array", + "items": { + "type": "string" + } + }, + "ipAddressClaimIsTrusted": { "type": "string", - "format": "uuid", - "readOnly": true + "description": "ipAddress claim trusted ip outcome", + "enum": [ + "NOT_PERFORMED", + "PERFORMED_AND_VALID", + "PERFORMED_AND_INVALID" + ] }, - "name": { + "customer_name": { "type": "string" }, - "expiresOn": { - "type": "integer", - "description": "Timestamp in milliseconds when access key expires", - "format": "int64" + "user_type": { + "type": "string", + "enum": [ + "USER", + "SERVICE" + ] } } }, - "AccountFilterVO": { + "CreateServiceRequest": { + "required": [ + "jwk", + "roles", + "username" + ], "type": "object", "properties": { - "groupIds": { - "type": "array", - "items": { - "type": "string" - } + "username": { + "type": "string" }, - "groupNames": { - "type": "array", - "items": { - "type": "string" - } + "password": { + "type": "string", + "deprecated": true }, - "cloudTypes": { + "roles": { + "uniqueItems": true, "type": "array", "items": { "type": "string" } }, - "fetchEnabledAccountsOnly": { - "type": "boolean" + "jwk": { + "$ref": "#/components/schemas/Jwk" + }, + "customer_name": { + "type": "string", + "description": "Should only be specified for compute console", + "deprecated": true + }, + "prisma_id": { + "type": "string", + "description": "Should only be specified for compute console" } } }, - "ResourceListFilterVO": { + "Jwk": { + "required": [ + "alg", + "token_duration_seconds" + ], "type": "object", "properties": { - "resourceListIds": { - "type": "array", - "items": { - "type": "string" - } + "alg": { + "type": "string", + "enum": [ + "HS256", + "HS384", + "HS512", + "RS256", + "RS384", + "RS512" + ] }, - "resourceListNames": { - "type": "array", - "items": { - "type": "string" - } + "kid": { + "type": "string" }, - "resourceListTypes": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "TAG", - "RESOURCE_ID", - "STRING", - "IP_ADDRESS", - "NUMBER", - "RESOURCE_GROUP", - "COMPUTE_ACCESS_GROUP" - ] - } + "token_duration_seconds": { + "maximum": 3600, + "minimum": 60, + "type": "integer", + "format": "int64" } } }, - "UserEntitlementsRequestVO": { + "JwkResponse": { + "required": [ + "alg", + "key_ops", + "kid", + "kty", + "used_for_grant" + ], "type": "object", "properties": { - "redLockResourceType": { - "type": "string" - }, - "requestType": { + "kid": { "type": "string" }, - "accountFilters": { - "$ref": "#/components/schemas/AccountFilterVO" - }, - "resourceListFilters": { - "$ref": "#/components/schemas/ResourceListFilterVO" - }, - "userClientIp": { + "kty": { "type": "string" }, - "doIpWhitelistCheck": { - "type": "boolean" + "alg": { + "type": "string", + "enum": [ + "HS256", + "HS384", + "HS512", + "RS256", + "RS384", + "RS512" + ] }, - "doAuthorizationCheck": { - "type": "boolean" + "key_ops": { + "type": "array", + "items": { + "type": "string" + } }, - "fetchAccountGroups": { + "used_for_grant": { "type": "boolean" }, - "fetchAccounts": { - "type": "boolean" + "expires_at": { + "type": "integer", + "format": "int64" }, - "fetchResourceLists": { - "type": "boolean" + "token_duration_seconds": { + "type": "integer", + "format": "int64" }, - "fetchCodeRepositories": { - "type": "boolean" + "k": { + "type": "string" }, - "fetchNonOnboardedAccounts": { - "type": "boolean" + "e": { + "type": "string" }, - "doSupportAccessCheck": { - "type": "boolean" + "n": { + "type": "string" }, - "requiredSupportAccessLevel": { - "type": "string", - "enum": [ - "NONE", - "LIGHT_AGENT", - "AGENT", - "ADMIN" - ] - } - } - }, - "CloudAccountMetaVO": { - "type": "object", - "properties": { - "accountId": { + "d": { "type": "string" }, - "accountName": { + "p": { "type": "string" }, - "enabled": { - "type": "boolean" + "q": { + "type": "string" }, - "cloudType": { + "dp": { "type": "string" }, - "groupIds": { - "uniqueItems": true, - "type": "array", - "items": { - "type": "string" - } + "dq": { + "type": "string" }, - "groupNames": { + "qi": { + "type": "string" + } + } + }, + "JwksResponse": { + "required": [ + "keys" + ], + "type": "object", + "properties": { + "keys": { "uniqueItems": true, "type": "array", "items": { - "type": "string" + "$ref": "#/components/schemas/JwkResponse" } } } }, - "JsonNode": { - "type": "object" - }, - "ResourceListVO": { + "ServiceResponse": { "required": [ - "resourceListType" + "id", + "is_enabled", + "jwks", + "password", + "roles", + "username" ], "type": "object", "properties": { "id": { + "type": "integer", + "format": "int64" + }, + "username": { "type": "string" }, - "name": { + "password": { "type": "string" }, - "resourceListType": { - "type": "string", - "enum": [ - "TAG", - "RESOURCE_ID", - "STRING", - "IP_ADDRESS", - "NUMBER", - "RESOURCE_GROUP", - "COMPUTE_ACCESS_GROUP" - ] + "roles": { + "uniqueItems": true, + "type": "array", + "items": { + "type": "string" + } + }, + "jwks": { + "$ref": "#/components/schemas/JwksResponse" + }, + "customer_name": { + "type": "string", + "deprecated": true }, - "description": { + "prisma_id": { "type": "string" }, - "lastModifiedBy": { + "is_enabled": { + "type": "boolean" + } + } + }, + "TokenResponse": { + "required": [ + "access_token", + "token_type" + ], + "type": "object", + "properties": { + "access_token": { "type": "string" }, - "lastModifiedTs": { + "token_type": { + "type": "string" + }, + "expires_in": { "type": "integer", "format": "int64" - }, - "members": { - "$ref": "#/components/schemas/JsonNode" } } }, - "UserEntitlementsResponseVO": { + "UserAccessKeyRequest": { "type": "object", "properties": { - "userMeta": { - "$ref": "#/components/schemas/UserMetaVO" - }, - "groupIdVsName": { - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "resourceLists": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ResourceListVO" - } + "name": { + "type": "string", + "description": "Access Key Name" }, - "accounts": { - "type": "array", - "items": { - "$ref": "#/components/schemas/CloudAccountMetaVO" - } + "expiresOn": { + "type": "integer", + "description": "Timestamp in milliseconds when access key expires", + "format": "int64" }, - "codeRepositoriesEntitlementUrl": { + "serviceAccountName": { "type": "string" } } }, - "UserMetaVO": { + "UserAccessKeyDetailResponse": { "type": "object", "properties": { - "username": { - "type": "string" - }, - "roleType": { - "type": "string" + "Access key id": { + "type": "string", + "format": "uuid", + "readOnly": true }, - "customerName": { + "name": { "type": "string" }, - "timeZone": { + "createdBy": { "type": "string" }, - "lastLoginTime": { + "createdTs": { "type": "integer", "format": "int64" }, - "ssoSession": { - "type": "boolean" - }, - "customerCreatedTs": { + "lastUsedTime": { "type": "integer", "format": "int64" }, - "licenseType": { - "type": "string", - "enum": [ - "ENTERPRISE", - "BUSINESS" - ] + "status": { + "type": "string" }, - "customerId": { + "expiresOn": { "type": "integer", - "format": "int32" + "format": "int64" }, - "prismaId": { - "type": "string" + "role": { + "type": "object", + "additionalProperties": { + "type": "string", + "description": "Role of User" + }, + "description": "Role of User" }, - "activeUserRoleId": { + "roleType": { "type": "string" }, - "supportAccessLevel": { - "type": "string", - "enum": [ - "NONE", - "LIGHT_AGENT", - "AGENT", - "ADMIN" - ] + "username": { + "type": "string" } } }, - "UsernameVsDisplayName": { + "UserProfileInternal": { + "required": [ + "email", + "firstName", + "lastName", + "timeZone" + ], "type": "object", "properties": { - "id": { + "email": { "type": "string" }, - "name": { + "firstName": { "type": "string" - } - } - }, - "TokenResponse": { - "type": "object", - "properties": { - "empty": { - "type": "boolean" - } - }, - "additionalProperties": { - "type": "string" - } - }, - "UserEntitlementsMeta": { - "type": "object", - "properties": { - "codeRepositoryIds": { - "type": "array", - "items": { - "type": "string" - } - }, - "resourceListIds": { - "type": "array", - "items": { - "type": "string" - } }, - "accountGroupIds": { - "type": "array", - "items": { - "type": "string" - } - } - }, - "description": "User entitlements" - }, - "UserRoleView": { - "type": "object", - "properties": { - "id": { + "lastName": { "type": "string" }, - "name": { - "type": "string" + "timeZone": { + "type": "string", + "description": "Time zone (e.g. America/Los_Angeles)" }, - "description": { - "type": "string" + "enabled": { + "type": "boolean", + "readOnly": true }, "lastModifiedBy": { - "type": "string" + "type": "string", + "readOnly": true }, "lastModifiedTs": { "type": "integer", - "format": "int64" + "format": "int64", + "readOnly": true }, - "accountGroupIds": { - "type": "array", - "items": { - "type": "string" - } + "lastLoginTs": { + "type": "integer", + "format": "int64", + "readOnly": true }, - "resourceListIds": { - "type": "array", - "items": { - "type": "string" - } + "displayName": { + "type": "string", + "readOnly": true }, - "codeRepositoryIds": { + "ssoBypassAllowed": { + "type": "boolean" + }, + "accessKeysAllowed": { + "type": "boolean" + }, + "defaultRoleId": { + "type": "string" + }, + "roleIds": { "type": "array", "items": { "type": "string" } }, - "associatedUsers": { + "roles": { "type": "array", "items": { - "type": "string" + "$ref": "#/components/schemas/UserProfileRoleDetail" } }, - "restrictDismissalAccess": { - "type": "boolean" + "activeRole": { + "$ref": "#/components/schemas/UserProfileRoleDetail" }, - "additionalAttributes": { - "$ref": "#/components/schemas/Attributes" + "username": { + "type": "string", + "description": "User or service account name" }, - "accountGroups": { - "type": "array", - "items": { - "type": "object", - "additionalProperties": { - "type": "string" - } - } + "type": { + "type": "string", + "description": "User type. Default is USER_ACCOUNT.", + "enum": [ + "USER_ACCOUNT", + "SERVICE_ACCOUNT" + ] }, - "resourceLists": { + "accessKeyName": { + "type": "string" + }, + "accessKeyExpiration": { + "type": "integer", + "description": "Access key expiration timestamp in milliseconds", + "format": "int64" + }, + "enableKeyExpiration": { + "type": "boolean", + "description": "true = Enable access key expiration. Default is false." + }, + "accessKeysCount": { + "type": "integer", + "description": "Access key count", + "format": "int32", + "readOnly": true + }, + "sfSyncStatus": { + "type": "boolean" + }, + "userRoleName": { + "type": "string", + "writeOnly": true + } + } + }, + "UserEntitlementsMeta": { + "type": "object", + "properties": { + "codeRepositoryIds": { "type": "array", "items": { - "type": "object", - "additionalProperties": { - "type": "string" - } + "type": "string" } }, - "codeRepositories": { + "resourceListIds": { "type": "array", "items": { - "type": "object", - "additionalProperties": { - "type": "string" - } + "type": "string" } }, - "accountIds": { - "uniqueItems": true, + "accountGroupIds": { "type": "array", "items": { "type": "string" } - }, - "roleType": { - "type": "string" - } - } - }, - "UsernameValidationResponse": { - "type": "object", - "properties": { - "regex": { - "type": "string" } - } + }, + "description": "User entitlements" }, - "CreateServiceRequest": { - "required": [ - "jwk", - "roles", - "username" - ], + "UpdateServiceRequest": { "type": "object", "properties": { - "username": { - "type": "string" - }, "password": { - "type": "string", - "deprecated": true + "type": "string" }, "roles": { "uniqueItems": true, @@ -2257,413 +2687,441 @@ }, "prisma_id": { "type": "string" + }, + "add_roles": { + "uniqueItems": true, + "type": "array", + "items": { + "type": "string" + } + }, + "remove_roles": { + "uniqueItems": true, + "type": "array", + "items": { + "type": "string" + } + }, + "is_enabled": { + "type": "boolean" } } }, - "Jwk": { + "RoleInternalPermissionGroup": { "required": [ - "alg", - "token_duration_seconds" + "custom", + "features", + "name" ], "type": "object", "properties": { - "alg": { + "name": { "type": "string", - "enum": [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512" - ] + "description": "PermissionGroup Name" }, - "kid": { - "type": "string" + "custom": { + "type": "boolean", + "description": "Indicates whether the permissionGroup associated with the role is 'Default' or 'Custom' type." }, - "token_duration_seconds": { - "maximum": 3600, - "minimum": 60, - "type": "integer", - "format": "int64" + "features": { + "type": "array", + "description": "Collection of permitted features associated with the role. \n Refer to PermissionGroup API docs to get the entire list of PC features.", + "items": { + "$ref": "#/components/schemas/Feature" + } } - } + }, + "description": "Permission Group is only populated for the active role, i.e. active=true" }, - "SamlLoginResponse": { + "UserInternalRole": { + "required": [ + "active", + "default", + "id", + "name" + ], "type": "object", "properties": { - "errorReasonExpectedValue": { - "type": "string" - }, - "errorReasonActualValue": { - "type": "string" + "id": { + "type": "string", + "description": "Unique id of the Role" }, - "errorReasonKey": { + "name": { "type": "string", - "enum": [ - "SAML_ASSERTION", - "SAML_ASSERTION_AUDIENCE_URI", - "SAML_ASSERTION_AUTHN_STATEMENT", - "SAML_ASSERTION_AUTHN_STATEMENT_SESSION_TIME", - "SAML_ASSERTION_CONDITIONS", - "SAML_ASSERTION_ISSUE_INSTANT", - "SAML_ASSERTION_ISSUER_URI", - "SAML_ASSERTION_SIGNATURE", - "SAML_ASSERTION_SUBJECT_CONFIRMATION_DATA_NOT_ON_OR_AFTER", - "SAML_ASSERTION_SUBJECT_CONFIRMATION_DATA_RECIPIENT", - "SAML_ASSERTION_TIME_LIMIT_NOT_BEFORE", - "SAML_ASSERTION_TIME_LIMIT_NOT_ON_OR_AFTER", - "SAML_CERTIFICATE", - "SAML_CONFIGURATION", - "SAML_CUSTOMER", - "SAML_DESTINATION_URI", - "SAML_PARSING_STATUS_CODE", - "SAML_RESPONSE", - "SAML_USER" - ] + "description": "Name of the Role" }, - "message": { + "active": { + "type": "boolean", + "description": "Indicates whether the role is active role or not" + }, + "permissionGroup": { + "$ref": "#/components/schemas/RoleInternalPermissionGroup" + }, + "default": { + "type": "boolean", + "description": "Indicates whether the role is default or not" + } + } + }, + "UserProfileV2": { + "required": [ + "email", + "firstName", + "lastName", + "timeZone" + ], + "type": "object", + "properties": { + "email": { "type": "string" }, - "token": { + "firstName": { "type": "string" }, - "customerNames": { - "type": "array", - "items": { - "$ref": "#/components/schemas/CustomerNameResponse" - } + "lastName": { + "type": "string" }, - "forwardLocation": { + "displayName": { "type": "string" }, - "prismaSamlAttributes": { - "type": "object", - "additionalProperties": { - "type": "object" - } + "timeZone": { + "type": "string", + "description": "Time zone (e.g. America/Los_Angeles)" }, - "pingSamlAttributes": { - "type": "object", - "additionalProperties": { - "type": "object" - } + "lastLoginTs": { + "type": "integer", + "format": "int64", + "readOnly": true }, - "errorInfoMultiple": { - "type": "string", - "writeOnly": true, - "enum": [ - "SAML_ASSERTION", - "SAML_ASSERTION_AUDIENCE_URI", - "SAML_ASSERTION_AUTHN_STATEMENT", - "SAML_ASSERTION_AUTHN_STATEMENT_SESSION_TIME", - "SAML_ASSERTION_CONDITIONS", - "SAML_ASSERTION_ISSUE_INSTANT", - "SAML_ASSERTION_ISSUER_URI", - "SAML_ASSERTION_SIGNATURE", - "SAML_ASSERTION_SUBJECT_CONFIRMATION_DATA_NOT_ON_OR_AFTER", - "SAML_ASSERTION_SUBJECT_CONFIRMATION_DATA_RECIPIENT", - "SAML_ASSERTION_TIME_LIMIT_NOT_BEFORE", - "SAML_ASSERTION_TIME_LIMIT_NOT_ON_OR_AFTER", - "SAML_CERTIFICATE", - "SAML_CONFIGURATION", - "SAML_CUSTOMER", - "SAML_DESTINATION_URI", - "SAML_PARSING_STATUS_CODE", - "SAML_RESPONSE", - "SAML_USER" - ] + "accessKeysAllowed": { + "type": "boolean" }, - "errorInfoInvalid": { - "type": "string", - "writeOnly": true, - "enum": [ - "SAML_ASSERTION", - "SAML_ASSERTION_AUDIENCE_URI", - "SAML_ASSERTION_AUTHN_STATEMENT", - "SAML_ASSERTION_AUTHN_STATEMENT_SESSION_TIME", - "SAML_ASSERTION_CONDITIONS", - "SAML_ASSERTION_ISSUE_INSTANT", - "SAML_ASSERTION_ISSUER_URI", - "SAML_ASSERTION_SIGNATURE", - "SAML_ASSERTION_SUBJECT_CONFIRMATION_DATA_NOT_ON_OR_AFTER", - "SAML_ASSERTION_SUBJECT_CONFIRMATION_DATA_RECIPIENT", - "SAML_ASSERTION_TIME_LIMIT_NOT_BEFORE", - "SAML_ASSERTION_TIME_LIMIT_NOT_ON_OR_AFTER", - "SAML_CERTIFICATE", - "SAML_CONFIGURATION", - "SAML_CUSTOMER", - "SAML_DESTINATION_URI", - "SAML_PARSING_STATUS_CODE", - "SAML_RESPONSE", - "SAML_USER" - ] + "roles": { + "type": "array", + "items": { + "$ref": "#/components/schemas/UserInternalRole" + } + } + } + }, + "PermissionGroupDetail": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Permission Group Name" }, - "errorInfoDisabled": { + "description": { "type": "string", - "writeOnly": true, - "enum": [ - "SAML_ASSERTION", - "SAML_ASSERTION_AUDIENCE_URI", - "SAML_ASSERTION_AUTHN_STATEMENT", - "SAML_ASSERTION_AUTHN_STATEMENT_SESSION_TIME", - "SAML_ASSERTION_CONDITIONS", - "SAML_ASSERTION_ISSUE_INSTANT", - "SAML_ASSERTION_ISSUER_URI", - "SAML_ASSERTION_SIGNATURE", - "SAML_ASSERTION_SUBJECT_CONFIRMATION_DATA_NOT_ON_OR_AFTER", - "SAML_ASSERTION_SUBJECT_CONFIRMATION_DATA_RECIPIENT", - "SAML_ASSERTION_TIME_LIMIT_NOT_BEFORE", - "SAML_ASSERTION_TIME_LIMIT_NOT_ON_OR_AFTER", - "SAML_CERTIFICATE", - "SAML_CONFIGURATION", - "SAML_CUSTOMER", - "SAML_DESTINATION_URI", - "SAML_PARSING_STATUS_CODE", - "SAML_RESPONSE", - "SAML_USER" - ] + "description": "Permission Group Description" }, - "errorInfoUnavailable": { + "type": { "type": "string", - "writeOnly": true, + "description": "Permission Group Type", "enum": [ - "SAML_ASSERTION", - "SAML_ASSERTION_AUDIENCE_URI", - "SAML_ASSERTION_AUTHN_STATEMENT", - "SAML_ASSERTION_AUTHN_STATEMENT_SESSION_TIME", - "SAML_ASSERTION_CONDITIONS", - "SAML_ASSERTION_ISSUE_INSTANT", - "SAML_ASSERTION_ISSUER_URI", - "SAML_ASSERTION_SIGNATURE", - "SAML_ASSERTION_SUBJECT_CONFIRMATION_DATA_NOT_ON_OR_AFTER", - "SAML_ASSERTION_SUBJECT_CONFIRMATION_DATA_RECIPIENT", - "SAML_ASSERTION_TIME_LIMIT_NOT_BEFORE", - "SAML_ASSERTION_TIME_LIMIT_NOT_ON_OR_AFTER", - "SAML_CERTIFICATE", - "SAML_CONFIGURATION", - "SAML_CUSTOMER", - "SAML_DESTINATION_URI", - "SAML_PARSING_STATUS_CODE", - "SAML_RESPONSE", - "SAML_USER" + "Default", + "Custom" ] }, - "fullErrorMessage": { + "lastModifiedBy": { "type": "string" }, - "customerId": { + "lastModifiedTs": { "type": "integer", - "format": "int32" + "format": "int64" }, - "prismaId": { - "type": "string" + "associatedRoles": { + "type": "object", + "additionalProperties": { + "type": "object", + "description": "Map of associated role Ids and Names" + }, + "description": "Map of associated role Ids and Names" + }, + "features": { + "$ref": "#/components/schemas/Feature" + }, + "acceptAccountGroups": { + "type": "boolean", + "description": "acceptAccountGroups" + }, + "acceptResourceLists": { + "type": "boolean", + "description": "acceptResourceLists" + }, + "acceptCodeRepositories": { + "type": "boolean", + "description": "acceptCodeRepositories" + }, + "custom": { + "type": "boolean", + "description": "Boolean value signifying whether this is a custom (i.e. user-defined) permission group. Is set to true if the attribute value of permissionGroupType is set to CUSTOM" + }, + "id": { + "type": "string", + "description": "Permission Group ID" } } }, - "ExternalJwtIntegration": { - "title": "Model used for JWT integrations with external vendors", + "UsernameValidationResponse": { "type": "object", "properties": { - "integration": { + "regex": { "type": "string" } - }, - "description": "Model used for JWT integrations with external vendors" + } }, - "UserSearchCriteria": { - "title": "User Search Request Filter", + "PermissionGroup": { "type": "object", "properties": { - "permissionGroupIds": { - "type": "array", - "items": { - "type": "string" - } + "name": { + "type": "string", + "description": "Permission Group Name" }, - "userRoleIds": { - "type": "array", - "items": { - "type": "string" - } + "custom": { + "type": "boolean", + "description": "Boolean value signifying whether this is a custom (i.e. user-defined) permission group. Is set to true if the attribute value of permissionGroupType is set to CUSTOM" + }, + "id": { + "type": "string", + "description": "Permission Group ID" } } }, - "PageListUserSearchVO": { + "User": { "type": "object", "properties": { - "content": { - "type": "array", - "items": { - "$ref": "#/components/schemas/UserSearchVO" + "username": { + "type": "string" + }, + "password": { + "type": "string" + }, + "firstname": { + "type": "string" + }, + "lastname": { + "type": "string" + }, + "timezone": { + "type": "string" + }, + "resetToken": { + "type": "string" + }, + "resetTokenTs": { + "type": "integer", + "format": "int64" + }, + "customerId": { + "type": "integer", + "format": "int32" + }, + "prismaId": { + "type": "integer", + "format": "int64" + }, + "deleted": { + "type": "boolean" + }, + "defaultUserRoleId": { + "type": "string" + }, + "userRoleDetails": { + "type": "object", + "additionalProperties": { + "$ref": "#/components/schemas/UserInternalRoleDetail" } }, - "nextPageToken": { + "customerName": { "type": "string" - } - } - }, - "RoleDetail": { - "type": "object", - "properties": { - "roleId": { + }, + "lastLoginTime": { + "type": "integer", + "format": "int64" + }, + "tosBypassAllowed": { + "type": "boolean" + }, + "lastModifiedBy": { + "type": "string" + }, + "lastModifiedTs": { + "type": "integer", + "format": "int64" + }, + "tosAccepted": { + "type": "boolean" + }, + "ssoBypassAllowed": { + "type": "boolean" + }, + "sessionTimeout": { + "type": "integer", + "format": "int32" + }, + "provisional": { + "type": "boolean" + }, + "canAssumeRole": { + "type": "boolean" + }, + "supportAccessLevel": { + "type": "string", + "enum": [ + "NONE", + "LIGHT_AGENT", + "SRE", + "AGENT", + "ADMIN" + ] + }, + "accessKeysAllowed": { + "type": "boolean" + }, + "sfSyncStatus": { + "type": "boolean" + }, + "type": { + "type": "string", + "enum": [ + "USER_ACCOUNT", + "SERVICE_ACCOUNT" + ] + }, + "fullName": { "type": "string" + }, + "active": { + "type": "boolean" } }, - "description": "List of role IDs" + "description": "User object" }, - "UserSearchVO": { + "UserInternalRoleDetail": { "type": "object", "properties": { - "username": { - "type": "string", - "description": "User name / User email" + "id": { + "type": "string" }, - "roles": { - "type": "array", - "description": "List of role IDs", - "items": { - "$ref": "#/components/schemas/RoleDetail" - } + "name": { + "type": "string" }, - "timezone": { - "type": "string", - "description": "timeZone" + "permissionGroup": { + "$ref": "#/components/schemas/PermissionGroup" + }, + "restrictedDismissalAccess": { + "type": "boolean" + }, + "hasDefenderPermissions": { + "type": "boolean" + }, + "onlyAllowReadAccess": { + "type": "boolean" }, - "ssoBypassAllowed": { - "type": "boolean", - "description": "ssoBypassAllowed" + "onlyAllowComputeAccess": { + "type": "boolean" }, - "accessKeysAllowed": { - "type": "boolean", - "description": "accessKeysAllowed" + "onlyAllowCIAccess": { + "type": "boolean" } } }, - "UserAccessKeyRequest": { + "UserRoleView": { "type": "object", "properties": { - "name": { - "type": "string", - "description": "Access Key Name" + "id": { + "type": "string" }, - "expiresOn": { - "type": "integer", - "description": "Timestamp in milliseconds when access key expires", - "format": "int64" + "name": { + "type": "string" }, - "serviceAccountName": { + "description": { "type": "string" - } - } - }, - "UpdateServiceRequest": { - "type": "object", - "properties": { - "password": { + }, + "lastModifiedBy": { "type": "string" }, - "roles": { - "uniqueItems": true, + "lastModifiedTs": { + "type": "integer", + "format": "int64" + }, + "accountGroupIds": { "type": "array", "items": { "type": "string" } }, - "jwk": { - "$ref": "#/components/schemas/Jwk" - }, - "customer_name": { - "type": "string", - "deprecated": true - }, - "prisma_id": { - "type": "string" + "resourceListIds": { + "type": "array", + "items": { + "type": "string" + } }, - "add_roles": { - "uniqueItems": true, + "codeRepositoryIds": { "type": "array", "items": { "type": "string" } }, - "remove_roles": { - "uniqueItems": true, + "associatedUsers": { "type": "array", "items": { "type": "string" } }, - "is_enabled": { - "type": "boolean" - } - } - }, - "TokenInfoResponse": { - "required": [ - "active" - ], - "type": "object", - "properties": { - "active": { + "restrictDismissalAccess": { "type": "boolean" }, - "username": { - "type": "string" + "additionalAttributes": { + "$ref": "#/components/schemas/Attributes" }, - "roles": { - "uniqueItems": true, + "accountGroups": { "type": "array", "items": { - "type": "string" + "type": "object", + "additionalProperties": { + "type": "string" + } } }, - "authorized": { - "type": "boolean", - "description": "Null if roles query param is not sent otherwise {true only if the roles are authorized for the token}" - }, - "exp": { - "type": "integer", - "format": "int64" - }, - "prismaId": { - "type": "string" + "resourceLists": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } }, - "claims": { - "type": "object", - "additionalProperties": { - "type": "object" + "codeRepositories": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": { + "type": "string" + } } }, - "ipAddressClaimIsTrusted": { - "type": "string", - "description": "ipAddress claim trusted ip outcome", - "enum": [ - "NOT_PERFORMED", - "PERFORMED_AND_VALID", - "PERFORMED_AND_INVALID" - ] + "accountIds": { + "uniqueItems": true, + "type": "array", + "items": { + "type": "string" + } }, - "customer_name": { + "roleType": { "type": "string" - }, - "user_type": { - "type": "string", - "enum": [ - "USER", - "SERVICE" - ] } } }, - "UsernamePasswordRequest": { - "title": "Model used to validate user/password", + "UsernameVsDisplayName": { "type": "object", "properties": { - "username": { + "id": { "type": "string" }, - "password": { + "name": { "type": "string" } } @@ -2676,33 +3134,123 @@ } } }, - "SupportUserProfileRequest": { + "GetServicesResponse": { + "required": [ + "services" + ], + "type": "object", + "properties": { + "services": { + "uniqueItems": true, + "type": "array", + "items": { + "$ref": "#/components/schemas/ServiceResponse" + } + }, + "errors": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + } + }, + "UserAccessKeyResponse": { + "type": "object", + "properties": { + "Access key id": { + "type": "string", + "format": "uuid", + "readOnly": true + }, + "name": { + "type": "string" + }, + "expiresOn": { + "type": "integer", + "description": "Timestamp in milliseconds when access key expires", + "format": "int64" + } + } + }, + "SupportUserProfile": { "type": "object", "properties": { "email": { "type": "string" }, "supportAccessLevel": { - "type": "string" + "type": "string", + "enum": [ + "NONE", + "LIGHT_AGENT", + "SRE", + "AGENT", + "ADMIN" + ] + }, + "failedLoginCount": { + "type": "integer", + "format": "int32" } } }, - "SamlLoginRequest": { - "title": "Model used for saml authentication", - "required": [ - "rawSaml", - "requestIpAddress" - ], + "OpenIdConfigurationResponse": { "type": "object", "properties": { - "rawSaml": { + "issuer": { "type": "string" }, - "requestIpAddress": { + "authorization_endpoint": { "type": "string" }, - "relayState": { + "jwks_uri": { + "type": "string" + }, + "token_endpoint": { + "type": "string" + }, + "token_endpoint_auth_methods_supported": { + "type": "array", + "items": { + "type": "string" + } + }, + "introspection_endpoint": { + "type": "string" + }, + "introspection_endpoint_auth_methods_supported": { + "type": "array", + "items": { + "type": "string" + } + }, + "revocation_endpoint": { "type": "string" + }, + "response_types_supported": { + "type": "array", + "items": { + "type": "string" + } + }, + "subject_types_supported": { + "type": "array", + "items": { + "type": "string" + } + }, + "id_token_signing_alg_values_supported": { + "type": "array", + "items": { + "type": "string" + } + }, + "grant_types_supported": { + "type": "array", + "items": { + "type": "string" + } } } } diff --git a/openapi-specs/cspm/consolidated_spec/all_endpoints.csv b/openapi-specs/cspm/consolidated_spec/all_endpoints.csv index 63a961b7d..22d39f5d8 100644 --- a/openapi-specs/cspm/consolidated_spec/all_endpoints.csv +++ b/openapi-specs/cspm/consolidated_spec/all_endpoints.csv @@ -287,12 +287,17 @@ "get","/cloud-accounts-manager/v1/cloud-accounts/aws/{accountId}/features/aws-flow-logs/s3","Fetch AWS S3 Flow Log details","get-aws-s3-flowlog","Cloud Ingested Logs","Monolith" "patch","/cloud-accounts-manager/v1/cloud-accounts/aws/{accountId}/features/aws-flow-logs/s3","Save AWS S3 Flow Log details","save-aws-s3-flowlog","Cloud Ingested Logs","Monolith" "post","/cloud-accounts-manager/v1/cloud-accounts/aws/{accountId}/features/aws-flow-logs/s3/status","Check AWS S3 Flow Log status","check-aws-s3-flowlog","Cloud Ingested Logs","Monolith" -"get","/authz/v1/feature","Get all active features","getFeatures","Permission Groups","PermissionGroupsMicroService.json" "get","/authz/v1/permission_group/{id}","Get an existing Permission Group by ID","get_1","Permission Groups","PermissionGroupsMicroService.json" "put","/authz/v1/permission_group/{id}","Update an existing Permission Group","update_1","Permission Groups","PermissionGroupsMicroService.json" "delete","/authz/v1/permission_group/{id}","Delete an existing Permission Group by ID","delete","Permission Groups","PermissionGroupsMicroService.json" +"get","/authn/api/v1/oauth2/config","Get OAuth2 Configuration","get-oauth2-config","Access Control","PermissionGroupsMicroService.json" +"put","/authn/api/v1/oauth2/config","Update OAuth2 Configuration","update-oauth2-config","Access Control","PermissionGroupsMicroService.json" +"post","/authn/api/v1/oauth2/config","Create an OAuth2 Configuration","create-oauth2-config","Access Control","PermissionGroupsMicroService.json" +"patch","/authn/api/v1/oauth2/config","Update OAuth2 Configuration","patch-oauth2-config","Access control","PermissionGroupsMicroService.json" "get","/authz/v1/permission_group","Get all existing Permission Groups","getAll","Permission Groups","PermissionGroupsMicroService.json" "post","/authz/v1/permission_group","Add new Custom Permission Group","save","Permission Groups","PermissionGroupsMicroService.json" +"get","/authz/v1/feature","Get all active features","getFeatures","Permission Groups","PermissionGroupsMicroService.json" +"get","/authn/api/v1/oauth2/login","Get OAuth2 Login URL","get-oauth2-login-url","Access Control","PermissionGroupsMicroService.json" "get","/filter/policy/suggest","List Policy Filters","get-policy-filters-and-options","Policy","Monolith" "post","/filter/policy/suggest","List Policy Filter Autocomplete Suggestions","get-policy-filter-options","Policy","Monolith" "get","/policy","List Policies","get-policies","Policy","Monolith" From 7be09156970e7452a0af8f707c70c9f1fcf8f36b Mon Sep 17 00:00:00 2001 From: AbiMano4688 Date: Wed, 4 Oct 2023 11:02:40 +0530 Subject: [PATCH 3/6] modified desc and title --- .../cspm/PermissionGroupsMicroService.json | 64 +++++++++---------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/openapi-specs/cspm/PermissionGroupsMicroService.json b/openapi-specs/cspm/PermissionGroupsMicroService.json index 3336b368a..00e6ba08b 100644 --- a/openapi-specs/cspm/PermissionGroupsMicroService.json +++ b/openapi-specs/cspm/PermissionGroupsMicroService.json @@ -65,8 +65,8 @@ "name": "Permission Groups" }, { - "name": "Access Control", - "description": "OpenID Connect OpenID Connect (OIDC) is an open security protocol for authentication based on the OAuth 2.0 framework. Prisma Cloud offers the option to set up SSO, leveraging Service Provider initiated OIDC. Prisma Cloud System Administrators can use the following OAuth2 APIs to configure tenant SSO authenticatication using OIDC." + "name": "SSO", + "description": "OpenID Connect OpenID Connect (OIDC) is an open security protocol for authentication based on the OAuth 2.0 framework. Prisma Cloud offers the option to set up SSO, leveraging Service Provider initiated OIDC. Prisma Cloud System Administrators can use the following APIs to configure tenant SSO authenticatication using OIDC." } ], "paths": { @@ -234,9 +234,9 @@ "/authn/api/v1/oauth2/config": { "get": { "tags": [ - "Access Control" + "SSO" ], - "summary": "Get OAuth2 Configuration", + "summary": "Get OIDC Configuration", "description": "Get the OAuth2 configuration details of a tenant that is used by OpenID Connect(OIDC).", "operationId": "get-oauth2-config", "responses": { @@ -311,9 +311,9 @@ }, "put": { "tags": [ - "Access Control" + "SSO" ], - "summary": "Update OAuth2 Configuration", + "summary": "Update OIDC Configuration", "description": "Updates the parameters of an existing OAuth2 configuration that is used by OpenID Connect(OIDC).", "operationId": "update-oauth2-config", "requestBody": { @@ -370,9 +370,9 @@ }, "post": { "tags": [ - "Access Control" + "SSO" ], - "summary": "Create an OAuth2 Configuration", + "summary": "Create an OIDC Configuration", "description": "Create an OAuth2 configuration for a given tenant to be used by OpenID Connect(OIDC).", "operationId": "create-oauth2-config", "requestBody": { @@ -457,9 +457,9 @@ }, "patch": { "tags": [ - "Access Control" + "SSO" ], - "summary": "Update OAuth2 Configuration", + "summary": "Update OIDC Configuration", "description": "Updates the parameters of an existing OAuth2 configuration that is used by OpenID Connect(OIDC).", "operationId": "patch-oauth2-config", "requestBody": { @@ -685,10 +685,10 @@ "/authn/api/v1/oauth2/login": { "get": { "tags": [ - "Access Control" + "SSO" ], - "summary": "Get OAuth2 Login URL", - "description": "Get the OAuth2 login url for the tenant.", + "summary": "Get OIDC Login URL", + "description": "Get the OIDC login URL for the tenant.", "operationId": "get-oauth2-login-url", "parameters": [ { @@ -703,7 +703,7 @@ { "name": "prisma_id", "in": "query", - "description": "PrismaId of the tenant requesting the login url", + "description": "PrismaId of the tenant requesting the login URL.", "required": false, "schema": { "type": "string" @@ -1018,26 +1018,26 @@ }, "clientSecret": { "type": "string", - "description": "Client ID secret from the IdP", + "description": "Client ID secret from the Identity Provider(IdP).", "writeOnly": true }, "prismaId": { "type": "integer", - "description": "Prisma ID of the tenant", + "description": "Prisma ID of the tenant.", "format": "int64", "readOnly": true }, "clientId": { "type": "string", - "description": "Client ID obtained after Identity Provider(IdP) configuration" + "description": "Client ID obtained after Identity Provider(IdP) configuration." }, "issuer": { "type": "string", - "description": "Issuer claim" + "description": "The identifier of the OpenID Connect(OIDC) provider." }, "grantType": { "type": "string", - "description": "Grant type", + "description": "Grant types are a way to specify how a client wants to interact with an Identity Provider(IdP).", "enum": [ "authorization_code" ] @@ -1052,7 +1052,7 @@ }, "idpAuthUri": { "type": "string", - "description": "The endpoint to authenticate on the IdP." + "description": "The URL of the authentication endpoint on the Identity Provider(IdP)." }, "tokenUri": { "type": "string", @@ -1060,15 +1060,15 @@ }, "jwkSetUri": { "type": "string", - "description": "The URL of the IdP JSON Web Key Set document. This document contains signing keys that are used to validate the signatures from the provider." + "description": "The URL of the Identity Provider(IdP) JSON Web Key Set document. This document contains signing keys that are used to validate the signatures from the provider." }, "endSessionUri": { "type": "string", - "description": "The URL used to sign out the user from the IdP." + "description": "The URL used to sign out the user from the Identity Provider(IdP)." }, "isActive": { "type": "boolean", - "description": "True to activate OAuth2 configuration; False otherwise.", + "description": "True to enable SSO using OIDC; False otherwise.", "enum": [ true, false @@ -1076,17 +1076,17 @@ }, "pcAuthUri": { "type": "string", - "description": "Prisma Cloud endpoint to begin the authentication flow", + "description": "Prisma Cloud endpoint URL to begin the authentication flow.", "readOnly": true }, "pcRelayUri": { "type": "string", - "description": "Prisma Cloud callback endpoint from the idP during authentication", + "description": "Prisma Cloud callback endpoint URL from the IdP during authentication.", "readOnly": true }, "clientSecretIsBlank": { "type": "boolean", - "description": "Is there a client secret configured", + "description": "True if client secret configured; False otherwise. ", "readOnly": true, "enum": [ true, @@ -1095,33 +1095,33 @@ }, "lastLoginErrors": { "type": "array", - "description": "Recent OAuth2 login errors", + "description": "Recent OIDC login errors.", "readOnly": true, "items": { "type": "string", - "description": "Recent OAuth2 login errors", + "description": "Recent OIDC login errors.", "readOnly": true } }, "createdBy": { "type": "string", - "description": "User who created the resource", + "description": "User who created the resource.", "readOnly": true }, "createdTs": { "type": "integer", - "description": "Timestamp for created on", + "description": "Created on timestamp.", "format": "int64", "readOnly": true }, "lastModifiedBy": { "type": "string", - "description": "User for last modification", + "description": "User who made the last update.", "readOnly": true }, "lastModifiedTs": { "type": "integer", - "description": "Timestamp for last modification", + "description": "Last update timestamp.", "format": "int64", "readOnly": true } From ded904f2d40cb15b4f1d174299dedb643c5ba7ee Mon Sep 17 00:00:00 2001 From: AbiMano4688 Date: Wed, 4 Oct 2023 11:11:25 +0530 Subject: [PATCH 4/6] edits --- openapi-specs/cspm/PermissionGroupsMicroService.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openapi-specs/cspm/PermissionGroupsMicroService.json b/openapi-specs/cspm/PermissionGroupsMicroService.json index 00e6ba08b..2febf4c51 100644 --- a/openapi-specs/cspm/PermissionGroupsMicroService.json +++ b/openapi-specs/cspm/PermissionGroupsMicroService.json @@ -66,7 +66,7 @@ }, { "name": "SSO", - "description": "OpenID Connect OpenID Connect (OIDC) is an open security protocol for authentication based on the OAuth 2.0 framework. Prisma Cloud offers the option to set up SSO, leveraging Service Provider initiated OIDC. Prisma Cloud System Administrators can use the following APIs to configure tenant SSO authenticatication using OIDC." + "description": "OpenID Connect OpenID Connect (OIDC) is an open security protocol for authentication based on the OAuth 2.0 framework. Prisma Cloud offers the option to set up SSO, leveraging Service Provider initiated OIDC. Prisma Cloud System Administrators can use the following APIs to configure tenant SSO authentication using OIDC." } ], "paths": { From 56bed35fe8e651ac4ab6760ba81771d638d7a441 Mon Sep 17 00:00:00 2001 From: AbiMano4688 Date: Fri, 6 Oct 2023 17:02:29 +0530 Subject: [PATCH 5/6] reverting Resource Snapshot API sunset --- .../cspm/ArchivedAssetsMicroService.json | 115 ++++++++++++++++++ 1 file changed, 115 insertions(+) diff --git a/openapi-specs/cspm/ArchivedAssetsMicroService.json b/openapi-specs/cspm/ArchivedAssetsMicroService.json index 5c93005f4..b100c9ee2 100644 --- a/openapi-specs/cspm/ArchivedAssetsMicroService.json +++ b/openapi-specs/cspm/ArchivedAssetsMicroService.json @@ -59,6 +59,121 @@ } ], "paths": { + "/das/api/v1/resource": { + "get": { + "tags": [ + "Resource Explorer" + ], + "description": "Get the latest snapshot of the resource by using the Restricted Resource Name (RRN). To get the RRN, see [Where Do I Find The RRN for My Resource?](https://pan.dev/prisma-cloud/api/cspm/resource-explorer/#where-do-i-find-the-rrn-for-my-resource)\n:::info\n **Replacement  Endpoint: [Get Asset](/prisma-cloud/api/cspm/asset-2/#get-asset)**\n:::", + "operationId": "Get Resource Snapshot", + "parameters": [ + { + "name": "rrn", + "in": "query", + "description": "Restricted Resource Name\n\n **Example:** rrn::storageBucket:us-east-1:123456789012:test-bucket", + "required": true, + "schema": { + "type": "string", + "example": null + } + } + ], + "responses": { + "200": { + "description": "Successfully retrieved latest resource snapshots by RRN", + "content": { + "application/json": { + "schema": { + "type": "array", + "example": null, + "items": { + "$ref": "#/components/schemas/ResourceSnapshotBeanV2" + } + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorV2" + } + } + } + }, + "401": { + "description": "Unauthorized Access", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorV2" + } + } + } + }, + "403": { + "description": "Tenant License Expired", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorV2" + } + } + } + }, + "405": { + "description": "Wrong Http Method", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorV2" + } + } + } + }, + "425": { + "description": "Too Early to access the resource", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorV2" + } + } + } + }, + "429": { + "description": "Rate Limit Exceeded", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorV2" + } + } + } + }, + "500": { + "description": "Failed with an Exception, Internal Error Occurred", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorV2" + } + } + } + } + }, + "deprecated": true, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, "/config/api/v1/tenant/{prisma_id}/archiveList": { "get": { "tags": [ From 248642d23e19bafb375c2a8130f2efe4ba1afef9 Mon Sep 17 00:00:00 2001 From: AbiMano4688 Date: Fri, 6 Oct 2023 17:07:14 +0530 Subject: [PATCH 6/6] Adding the API back --- .../cspm/consolidated_spec/all_endpoints.csv | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/openapi-specs/cspm/consolidated_spec/all_endpoints.csv b/openapi-specs/cspm/consolidated_spec/all_endpoints.csv index 22d39f5d8..da0ca5169 100644 --- a/openapi-specs/cspm/consolidated_spec/all_endpoints.csv +++ b/openapi-specs/cspm/consolidated_spec/all_endpoints.csv @@ -59,6 +59,7 @@ "get","/anomalies/trusted_list/types","List Allowed Trusted List Types","getAllowedTrustedListTypes","Anomalies","AnomaliesMicroService.json" "get","/anomalies/settings","Get All Anomaly Settings","getAllAnomaliesSettings","Anomalies","AnomaliesMicroService.json" "get","/anomalies/policies","List Policies for Trusted List Type","get-policies-anomalies","Anomalies","AnomaliesMicroService.json" +"get","/das/api/v1/resource",,"Get Resource Snapshot","Resource Explorer","ArchivedAssetsMicroService.json" "get","/config/api/v1/tenant/{prisma_id}/archiveList","Bulk Export Resource Archives","bulkExportResourceArchives","Archived Assets","ArchivedAssetsMicroService.json" "get","/filter/resource/scan_info/suggest","List Resource Info Filters","get-resource-info-filters-and-options","Asset Explorer","Monolith" "post","/filter/resource/scan_info/suggest","List Resource Info Filter Autocomplete Suggestions","get-resource-info-filter-options","Asset Explorer","Monolith" @@ -290,14 +291,14 @@ "get","/authz/v1/permission_group/{id}","Get an existing Permission Group by ID","get_1","Permission Groups","PermissionGroupsMicroService.json" "put","/authz/v1/permission_group/{id}","Update an existing Permission Group","update_1","Permission Groups","PermissionGroupsMicroService.json" "delete","/authz/v1/permission_group/{id}","Delete an existing Permission Group by ID","delete","Permission Groups","PermissionGroupsMicroService.json" -"get","/authn/api/v1/oauth2/config","Get OAuth2 Configuration","get-oauth2-config","Access Control","PermissionGroupsMicroService.json" -"put","/authn/api/v1/oauth2/config","Update OAuth2 Configuration","update-oauth2-config","Access Control","PermissionGroupsMicroService.json" -"post","/authn/api/v1/oauth2/config","Create an OAuth2 Configuration","create-oauth2-config","Access Control","PermissionGroupsMicroService.json" -"patch","/authn/api/v1/oauth2/config","Update OAuth2 Configuration","patch-oauth2-config","Access control","PermissionGroupsMicroService.json" +"get","/authn/api/v1/oauth2/config","Get OIDC Configuration","get-oauth2-config","SSO","PermissionGroupsMicroService.json" +"put","/authn/api/v1/oauth2/config","Update OIDC Configuration","update-oauth2-config","SSO","PermissionGroupsMicroService.json" +"post","/authn/api/v1/oauth2/config","Create an OIDC Configuration","create-oauth2-config","SSO","PermissionGroupsMicroService.json" +"patch","/authn/api/v1/oauth2/config","Update OIDC Configuration Partially","patch-oauth2-config","SSO","PermissionGroupsMicroService.json" "get","/authz/v1/permission_group","Get all existing Permission Groups","getAll","Permission Groups","PermissionGroupsMicroService.json" "post","/authz/v1/permission_group","Add new Custom Permission Group","save","Permission Groups","PermissionGroupsMicroService.json" "get","/authz/v1/feature","Get all active features","getFeatures","Permission Groups","PermissionGroupsMicroService.json" -"get","/authn/api/v1/oauth2/login","Get OAuth2 Login URL","get-oauth2-login-url","Access Control","PermissionGroupsMicroService.json" +"get","/authn/api/v1/oauth2/login","Get OIDC Login URL","get-oauth2-login-url","SSO","PermissionGroupsMicroService.json" "get","/filter/policy/suggest","List Policy Filters","get-policy-filters-and-options","Policy","Monolith" "post","/filter/policy/suggest","List Policy Filter Autocomplete Suggestions","get-policy-filter-options","Policy","Monolith" "get","/policy","List Policies","get-policies","Policy","Monolith"