Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pull in the latest and greatest rdl endpoints #2410

Merged
merged 1 commit into from
Nov 15, 2023
Merged

pull in the latest and greatest rdl endpoints #2410

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
185 changes: 172 additions & 13 deletions ui/src/config/zms.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -754,6 +754,12 @@
"optional": true,
"comment": "If true, ask for delete confirmation in audit and review enabled roles.",
"default": false
},
{
"name": "lastReviewedDate",
"type": "Timestamp",
"optional": true,
"comment": "last review timestamp of the role"
}
],
"closed": false
Expand Down Expand Up @@ -803,12 +809,6 @@
"optional": true,
"comment": "an audit log for role membership changes",
"items": "RoleAuditLog"
},
{
"name": "lastReviewedDate",
"type": "Timestamp",
"optional": true,
"comment": "last review timestamp of the role"
}
],
"closed": false
Expand Down Expand Up @@ -2246,6 +2246,12 @@
"optional": true,
"comment": "If true, ask for delete confirmation in audit and review enabled groups.",
"default": false
},
{
"name": "lastReviewedDate",
"type": "Timestamp",
"optional": true,
"comment": "last review timestamp of the group"
}
],
"closed": false
Expand Down Expand Up @@ -2282,12 +2288,6 @@
"optional": true,
"comment": "an audit log for group membership changes",
"items": "GroupAuditLog"
},
{
"name": "lastReviewedDate",
"type": "Timestamp",
"optional": true,
"comment": "last review timestamp of the group"
}
],
"closed": false
Expand Down Expand Up @@ -3180,6 +3180,87 @@
"closed": false
}
},
{
"StructTypeDef": {
"type": "Struct",
"name": "ReviewObject",
"comment": "Details for the roles and/or groups that need to be reviewed",
"fields": [
{
"name": "domainName",
"type": "DomainName",
"optional": false,
"comment": "name of the domain"
},
{
"name": "name",
"type": "EntityName",
"optional": false,
"comment": "name of the role and/or group"
},
{
"name": "memberExpiryDays",
"type": "Int32",
"optional": false,
"comment": "all user members in the object have specified max expiry days"
},
{
"name": "memberReviewDays",
"type": "Int32",
"optional": false,
"comment": "all user members in the object have specified max review days"
},
{
"name": "serviceExpiryDays",
"type": "Int32",
"optional": false,
"comment": "all services in the object have specified max expiry days"
},
{
"name": "serviceReviewDays",
"type": "Int32",
"optional": false,
"comment": "all services in the object have specified max review days"
},
{
"name": "groupExpiryDays",
"type": "Int32",
"optional": false,
"comment": "all groups in the object have specified max expiry days"
},
{
"name": "groupReviewDays",
"type": "Int32",
"optional": false,
"comment": "all groups in the object have specified max review days"
},
{
"name": "lastReviewedDate",
"type": "Timestamp",
"optional": true,
"comment": "last review timestamp of the object"
}
],
"closed": false
}
},
{
"StructTypeDef": {
"type": "Struct",
"name": "ReviewObjects",
"comment": "The representation for a list of objects with full details",
"fields": [
{
"name": "list",
"type": "Array",
"optional": false,
"comment": "list of review objects",
"items": "ReviewObject"
}
],
"closed": false
}
},
{
"StructTypeDef": {
"type": "Struct",
Expand Down Expand Up @@ -5741,7 +5822,7 @@
"type": "DomainRoleMember",
"method": "GET",
"path": "/role",
"comment": "Fetch all the roles across domains by either calling or specified principal The optional expand argument will include all direct and indirect roles, however, it will force authorization that you must be either the principal or for service accounts have update access to the service identity: 1. authenticated principal is the same as the check principal 2. system authorized (\"access\", \"sys.auth:meta.role.lookup\") 3. service admin (\"update\", \"{principal}\")",
"comment": "Fetch all the roles across domains by either calling or specified principal The optional expand argument will include all direct and indirect roles, however, it will force authorization that you must be either the principal or for service accounts have update access to the service identity: 1. authenticated principal is the same as the check principal 2. system authorized (\"access\", \"sys.auth:meta.role.lookup\") 3. service admin (\"update\", \"{principal}\") 4. domain authorized (\"access\", \"{domainName}:meta.role.lookup\") if domainName is provided",
"inputs": [
{
"name": "principal",
Expand Down Expand Up @@ -11035,6 +11116,84 @@
},
"name": "getDependentDomainList"
},
{
"type": "ReviewObjects",
"method": "GET",
"path": "/review/role",
"comment": "Fetch all the roles across domains for either the caller or specified principal that require a review based on the last reviewed date and configured attributes. The method requires the caller to be either the principal or authorized in system to carry out the operation for any principal (typically this would be system administrators) 1. authenticated principal is the same as the check principal 2. system authorized (\"access\", \"sys.auth:meta.review.lookup\")",
"inputs": [
{
"name": "principal",
"type": "ResourceName",
"comment": "If not present, will return roles for the user making the call",
"pathParam": false,
"queryParam": "principal",
"optional": true,
"flag": false
}
],
"auth": {
"authenticate": true
},
"expected": "OK",
"exceptions": {
"TOO_MANY_REQUESTS": {
"type": "ResourceError"
},
"UNAUTHORIZED": {
"type": "ResourceError"
},
"BAD_REQUEST": {
"type": "ResourceError"
},
"NOT_FOUND": {
"type": "ResourceError"
},
"FORBIDDEN": {
"type": "ResourceError"
}
},
"name": "GetRolesForReview"
},
{
"type": "ReviewObjects",
"method": "GET",
"path": "/review/group",
"comment": "Fetch all the groups across domains for either the caller or specified principal that require a review based on the last reviewed date and configured attributes. The method requires the caller to be either the principal or authorized in system to carry out the operation for any principal (typically this would be system administrators) 1. authenticated principal is the same as the check principal 2. system authorized (\"access\", \"sys.auth:meta.review.lookup\")",
"inputs": [
{
"name": "principal",
"type": "ResourceName",
"comment": "If not present, will return groups for the user making the call",
"pathParam": false,
"queryParam": "principal",
"optional": true,
"flag": false
}
],
"auth": {
"authenticate": true
},
"expected": "OK",
"exceptions": {
"TOO_MANY_REQUESTS": {
"type": "ResourceError"
},
"UNAUTHORIZED": {
"type": "ResourceError"
},
"BAD_REQUEST": {
"type": "ResourceError"
},
"NOT_FOUND": {
"type": "ResourceError"
},
"FORBIDDEN": {
"type": "ResourceError"
}
},
"name": "GetGroupsForReview"
},
{
"type": "Info",
"method": "GET",
Expand Down