diff --git a/.openapi-generator/FILES b/.openapi-generator/FILES index 9152225..a77c186 100644 --- a/.openapi-generator/FILES +++ b/.openapi-generator/FILES @@ -5,7 +5,7 @@ README.md docs/Access.md docs/AccessList.md -docs/AccessRuleCondition.md +docs/AccessRule.md docs/AccessRulesApi.md docs/AddBundleGroupRequest.md docs/AddBundleResourceRequest.md @@ -67,6 +67,7 @@ docs/GroupRemoteInfoGitlabGroup.md docs/GroupRemoteInfoGoogleGroup.md docs/GroupRemoteInfoLdapGroup.md docs/GroupRemoteInfoOktaGroup.md +docs/GroupRemoteInfoSnowflakeRole.md docs/GroupResource.md docs/GroupResourceList.md docs/GroupTypeEnum.md @@ -175,6 +176,7 @@ docs/UAR.md docs/UARReviewerAssignmentPolicyEnum.md docs/UARScope.md docs/UarsApi.md +docs/UpdateAccessRuleInfo.md docs/UpdateConfigurationTemplateInfo.md docs/UpdateGroupBindingInfo.md docs/UpdateGroupBindingInfoList.md @@ -223,7 +225,7 @@ opal_security/exceptions.py opal_security/models/__init__.py opal_security/models/access.py opal_security/models/access_list.py -opal_security/models/access_rule_condition.py +opal_security/models/access_rule.py opal_security/models/add_bundle_group_request.py opal_security/models/add_bundle_resource_request.py opal_security/models/add_group_resource_request.py @@ -279,6 +281,7 @@ opal_security/models/group_remote_info_gitlab_group.py opal_security/models/group_remote_info_google_group.py opal_security/models/group_remote_info_ldap_group.py opal_security/models/group_remote_info_okta_group.py +opal_security/models/group_remote_info_snowflake_role.py opal_security/models/group_resource.py opal_security/models/group_resource_list.py opal_security/models/group_type_enum.py @@ -376,6 +379,7 @@ opal_security/models/ticketing_provider_enum.py opal_security/models/uar.py opal_security/models/uar_reviewer_assignment_policy_enum.py opal_security/models/uar_scope.py +opal_security/models/update_access_rule_info.py opal_security/models/update_configuration_template_info.py opal_security/models/update_group_binding_info.py opal_security/models/update_group_binding_info_list.py @@ -403,24 +407,7 @@ setup.cfg setup.py test-requirements.txt test/__init__.py -test/test_access_rule_condition.py -test/test_access_rules_api.py -test/test_add_bundle_group_request.py -test/test_add_bundle_resource_request.py -test/test_bundle.py -test/test_bundle_group.py -test/test_bundle_resource.py -test/test_bundles_api.py -test/test_create_bundle_info.py -test/test_group_containing_group.py -test/test_group_containing_group_list.py -test/test_group_with_access_level.py -test/test_paginated_bundle_group_list.py -test/test_paginated_bundle_list.py -test/test_paginated_bundle_resource_list.py -test/test_rule_clauses.py -test/test_rule_conjunction.py -test/test_rule_disjunction.py -test/test_tag_selector.py -test/test_update_resource_user_request.py +test/test_access_rule.py +test/test_group_remote_info_snowflake_role.py +test/test_update_access_rule_info.py tox.ini diff --git a/.openapi-generator/VERSION b/.openapi-generator/VERSION index 5f84a81..758bb9c 100644 --- a/.openapi-generator/VERSION +++ b/.openapi-generator/VERSION @@ -1 +1 @@ -7.12.0 +7.10.0 diff --git a/README.md b/README.md index b766004..4f8eeaa 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ This Python package is automatically generated by the [OpenAPI Generator](https: - API version: 1.0 - [Releases](https://github.com/opalsecurity/opal-python/releases/) -- Generator version: 7.12.0 +- Generator version: 7.10.0 - Build package: org.openapitools.codegen.languages.PythonClientCodegen For more information, please visit [https://www.opal.dev/](https://www.opal.dev/) @@ -82,14 +82,14 @@ configuration = opal.Configuration( with opal.ApiClient(configuration) as api_client: # Create an instance of the API class api_instance = opal.AccessRulesApi(api_client) - access_rule_id = '1b978423-db0a-4037-a4cf-f79c60cb67b3' # str | The access rule ID (group ID) of the access rule. + update_access_rule_info = opal_security.UpdateAccessRuleInfo() # UpdateAccessRuleInfo | try: - api_response = api_instance.get_access_rule(access_rule_id) - print("The response of AccessRulesApi->get_access_rule:\n") + api_response = api_instance.create_access_rule(update_access_rule_info) + print("The response of AccessRulesApi->create_access_rule:\n") pprint(api_response) except ApiException as e: - print("Exception when calling AccessRulesApi->get_access_rule: %s\n" % e) + print("Exception when calling AccessRulesApi->create_access_rule: %s\n" % e) ``` @@ -141,6 +141,7 @@ All URIs are relative to *https://api.opal.dev/v1* Class | Method | HTTP request | Description ------------ | ------------- | ------------- | ------------- +*AccessRulesApi* | [**create_access_rule**](docs/AccessRulesApi.md#create_access_rule) | **POST** /access-rules | *AccessRulesApi* | [**get_access_rule**](docs/AccessRulesApi.md#get_access_rule) | **GET** /access-rules/{access_rule_id} | *AccessRulesApi* | [**update_access_rule**](docs/AccessRulesApi.md#update_access_rule) | **PUT** /access-rules/{access_rule_id} | *AppsApi* | [**get_app**](docs/AppsApi.md#get_app) | **GET** /apps/{app_id} | @@ -261,7 +262,7 @@ Class | Method | HTTP request | Description - [Access](docs/Access.md) - [AccessList](docs/AccessList.md) - - [AccessRuleCondition](docs/AccessRuleCondition.md) + - [AccessRule](docs/AccessRule.md) - [AddBundleGroupRequest](docs/AddBundleGroupRequest.md) - [AddBundleResourceRequest](docs/AddBundleResourceRequest.md) - [AddGroupResourceRequest](docs/AddGroupResourceRequest.md) @@ -317,6 +318,7 @@ Class | Method | HTTP request | Description - [GroupRemoteInfoGoogleGroup](docs/GroupRemoteInfoGoogleGroup.md) - [GroupRemoteInfoLdapGroup](docs/GroupRemoteInfoLdapGroup.md) - [GroupRemoteInfoOktaGroup](docs/GroupRemoteInfoOktaGroup.md) + - [GroupRemoteInfoSnowflakeRole](docs/GroupRemoteInfoSnowflakeRole.md) - [GroupResource](docs/GroupResource.md) - [GroupResourceList](docs/GroupResourceList.md) - [GroupTypeEnum](docs/GroupTypeEnum.md) @@ -414,6 +416,7 @@ Class | Method | HTTP request | Description - [UAR](docs/UAR.md) - [UARReviewerAssignmentPolicyEnum](docs/UARReviewerAssignmentPolicyEnum.md) - [UARScope](docs/UARScope.md) + - [UpdateAccessRuleInfo](docs/UpdateAccessRuleInfo.md) - [UpdateConfigurationTemplateInfo](docs/UpdateConfigurationTemplateInfo.md) - [UpdateGroupBindingInfo](docs/UpdateGroupBindingInfo.md) - [UpdateGroupBindingInfoList](docs/UpdateGroupBindingInfoList.md) diff --git a/api/openapi.yaml b/api/openapi.yaml index 303cf1b..61de61f 100644 --- a/api/openapi.yaml +++ b/api/openapi.yaml @@ -408,6 +408,14 @@ paths: example: 72e75a6f-7183-48c5-94ff-6013f213314b format: uuid type: string + access_level_remote_id: + description: The remote ID of the access level to grant to this user. Required if the group being added requires an access level. If omitted, the default access level remote ID value (empty string) is used. + example: arn:aws:iam::590304332660:role/AdministratorAccess + type: string + access_level_name: + description: The name of the access level to grant to this user. If omitted, the default access level name value (empty string) is used. + example: AdministratorAccess + type: string required: - group_id responses: @@ -442,6 +450,15 @@ paths: schema: format: uuid type: string + - description: The remote ID of the access level to remove. + example: arn:aws:iam::590304332660:role/AdministratorAccess + explode: true + in: query + name: access_level_remote_id + required: false + schema: + type: string + style: form responses: "200": description: Group was successfully removed from the bundle. @@ -589,8 +606,8 @@ paths: summary: Example with date value: 2021-11-01 withDatetime: - summary: Example with date and time - value: 2021-11-01 12:00:00 + summary: Example with date and time in ISO 8601 datetime format. + value: 2025-01-01T00:00:00Z explode: true in: query name: start_date_filter @@ -604,8 +621,8 @@ paths: summary: Example with date value: 2021-11-12 withDatetime: - summary: Example with date and time - value: 2021-11-12 12:00:00 + summary: Example with date and time in ISO 8601 datetime format. + value: 2025-01-01T00:00:00Z explode: true in: query name: end_date_filter @@ -1988,6 +2005,36 @@ paths: description: Returns a list of requests for your organization that is visible by the admin. operationId: getRequests parameters: + - description: A start date filter for the events. + examples: + withDate: + summary: Example with date + value: 2021-11-01 + withDatetime: + summary: Example with date and time in ISO 8601 datetime format. + value: 2025-01-01T00:00:00Z + explode: true + in: query + name: start_date_filter + required: false + schema: + type: string + style: form + - description: An end date filter for the events. + examples: + withDate: + summary: Example with date + value: 2021-11-12 + withDatetime: + summary: Example with date and time in ISO 8601 datetime format. + value: 2025-01-01T00:00:00Z + explode: true + in: query + name: end_date_filter + required: false + schema: + type: string + style: form - description: The pagination cursor value. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw explode: true @@ -2841,6 +2888,7 @@ paths: - resources /resource-user-access-status/{resource_id}/{user_id}: get: + deprecated: true description: Get user's access status to a resource. operationId: resource_user_access_status_retrieve parameters: @@ -3060,6 +3108,27 @@ paths: - BearerAuth: [] tags: - users + /access-rules: + post: + description: Creates a new access rule config for the given group_id. + operationId: create_access_rule + requestBody: + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/UpdateAccessRuleInfo" + responses: + "201": + content: + application/json: + schema: + $ref: "#/components/schemas/AccessRule" + description: The created access rule config for the group. + security: + - BearerAuth: [] + tags: + - access-rules /access-rules/{access_rule_id}: get: description: Returns a list of access rule config given the group_id of the access rule. @@ -3080,7 +3149,7 @@ paths: content: application/json: schema: - $ref: "#/components/schemas/AccessRuleCondition" + $ref: "#/components/schemas/AccessRule" description: The access rules for the group. security: - BearerAuth: [] @@ -3105,13 +3174,13 @@ paths: content: application/json: schema: - $ref: "#/components/schemas/AccessRuleCondition" + $ref: "#/components/schemas/UpdateAccessRuleInfo" responses: "200": content: application/json: schema: - $ref: "#/components/schemas/AccessRuleCondition" + $ref: "#/components/schemas/AccessRule" description: The updated access rule config for the group. security: - BearerAuth: [] @@ -5406,6 +5475,7 @@ components: - GCP_BIG_QUERY_TABLE - GCP_SERVICE_ACCOUNT - GIT_HUB_REPO + - GIT_HUB_ORG_ROLE - GIT_LAB_PROJECT - GOOGLE_WORKSPACE_ROLE - MONGO_INSTANCE @@ -5930,6 +6000,16 @@ components: type: object required: - group_id + snowflake_role: + description: Remote info for Snowflake role. + properties: + role_id: + description: The id of the Snowflake role. + example: 01fa7402-01d8-103b-8deb-5f3a0ab7884 + type: string + type: object + required: + - role_id type: object ResourceRemoteInfo: description: Information that defines the remote resource. This replaces the deprecated remote_id and metadata fields. @@ -6803,10 +6883,10 @@ components: ### Usage Example Returned from the `GET Requests` endpoint. enum: - - pending - - approved - - denied - - canceled + - PENDING + - APPROVED + - DENIED + - CANCELED type: string Request: description: |- @@ -7679,15 +7759,67 @@ components: - group_id - group_type type: object - AccessRuleCondition: + UpdateAccessRuleInfo: + description: |- + # UpdateAccessRuleInfo Object + ### Description + The `UpdateAccessRuleInfo` object is used as an input to the UpdateAccessRule and CreateAccessRule API. + properties: + name: + description: The name of the access rule. + example: Platform Engineering + type: string + description: + description: A description of the group. + example: This access rule represents all platform engineers in the company. + type: string + admin_owner_id: + description: The ID of the owner of the group. + example: 7c86c85d-0651-43e2-a748-d69d658418e8 + format: uuid + type: string + status: + description: The status of the access rule. + type: string + enum: + - ACTIVE + - PAUSED + example: ACTIVE + ruleClauses: + $ref: "#/components/schemas/RuleClauses" + required: + - status + - ruleClauses + - name + - admin_owner_id + - description + AccessRule: description: |- - # Access Rule Config Object + # Access Rule Object ### Description - The `AccessRuleConfig` object is used to represent an access rule configuration. + The `AccessRule` object is used to represent an access rule configuration. ### Usage Example Get access rule configurations from the `GET Access Rule Configs` endpoint. properties: + access_rule_id: + description: The ID (group ID) of the access rule. + example: 7c86c85d-0651-43e2-a748-d69d658418e8 + format: uuid + type: string + name: + description: The name of the access rule. + example: Platform Engineering + type: string + description: + description: A description of the group. + example: This access rule represents all platform engineers in the company. + type: string + admin_owner_id: + description: The ID of the owner of the group. + example: 7c86c85d-0651-43e2-a748-d69d658418e8 + format: uuid + type: string status: description: The status of the access rule. type: string @@ -7700,6 +7832,10 @@ components: required: - status - ruleClauses + - name + - admin_owner_id + - access_rule_id + - description RuleClauses: properties: when: @@ -7721,7 +7857,6 @@ components: properties: selectors: type: array - minItems: 1 items: $ref: "#/components/schemas/TagSelector" required: @@ -8802,6 +8937,14 @@ components: format: uuid type: string readOnly: true + access_level_name: + description: The access level of the group within a bundle. + example: Read + type: string + access_level_remote_id: + description: The remote ID of the access level of the group within a bundle. + example: arn:aws:iam::490306337630:role/SupportUser + type: string PaginatedBundleGroupList: example: next: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw diff --git a/docs/AccessRule.md b/docs/AccessRule.md new file mode 100644 index 0000000..943471b --- /dev/null +++ b/docs/AccessRule.md @@ -0,0 +1,35 @@ +# AccessRule + +# Access Rule Object ### Description The `AccessRule` object is used to represent an access rule configuration. ### Usage Example Get access rule configurations from the `GET Access Rule Configs` endpoint. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**access_rule_id** | **str** | The ID (group ID) of the access rule. | +**name** | **str** | The name of the access rule. | +**description** | **str** | A description of the group. | +**admin_owner_id** | **str** | The ID of the owner of the group. | +**status** | **str** | The status of the access rule. | +**rule_clauses** | [**RuleClauses**](RuleClauses.md) | | + +## Example + +```python +from opal_security.models.access_rule import AccessRule + +# TODO update the JSON string below +json = "{}" +# create an instance of AccessRule from a JSON string +access_rule_instance = AccessRule.from_json(json) +# print the JSON string representation of the object +print(AccessRule.to_json()) + +# convert the object into a dict +access_rule_dict = access_rule_instance.to_dict() +# create an instance of AccessRule from a dict +access_rule_from_dict = AccessRule.from_dict(access_rule_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/AccessRulesApi.md b/docs/AccessRulesApi.md index c63ffad..5c9f233 100644 --- a/docs/AccessRulesApi.md +++ b/docs/AccessRulesApi.md @@ -4,12 +4,95 @@ All URIs are relative to *https://api.opal.dev/v1* Method | HTTP request | Description ------------- | ------------- | ------------- +[**create_access_rule**](AccessRulesApi.md#create_access_rule) | **POST** /access-rules | [**get_access_rule**](AccessRulesApi.md#get_access_rule) | **GET** /access-rules/{access_rule_id} | [**update_access_rule**](AccessRulesApi.md#update_access_rule) | **PUT** /access-rules/{access_rule_id} | +# **create_access_rule** +> AccessRule create_access_rule(update_access_rule_info) + + + +Creates a new access rule config for the given group_id. + +### Example + +* Bearer Authentication (BearerAuth): + +```python +import opal_security +from opal_security.models.access_rule import AccessRule +from opal_security.models.update_access_rule_info import UpdateAccessRuleInfo +from opal_security.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to https://api.opal.dev/v1 +# See configuration.py for a list of all supported configuration parameters. +import opal_security as opal + +configuration = opal.Configuration( + host = "https://api.opal.dev/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure Bearer authorization: BearerAuth +configuration = opal.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with opal_security.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = opal_security.AccessRulesApi(api_client) + update_access_rule_info = opal_security.UpdateAccessRuleInfo() # UpdateAccessRuleInfo | + + try: + api_response = api_instance.create_access_rule(update_access_rule_info) + print("The response of AccessRulesApi->create_access_rule:\n") + pprint(api_response) + except Exception as e: + print("Exception when calling AccessRulesApi->create_access_rule: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **update_access_rule_info** | [**UpdateAccessRuleInfo**](UpdateAccessRuleInfo.md)| | + +### Return type + +[**AccessRule**](AccessRule.md) + +### Authorization + +[BearerAuth](../README.md#BearerAuth) + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**201** | The created access rule config for the group. | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + # **get_access_rule** -> AccessRuleCondition get_access_rule(access_rule_id) +> AccessRule get_access_rule(access_rule_id) + + Returns a list of access rule config given the group_id of the access rule. @@ -19,7 +102,7 @@ Returns a list of access rule config given the group_id of the access rule. ```python import opal_security -from opal_security.models.access_rule_condition import AccessRuleCondition +from opal_security.models.access_rule import AccessRule from opal_security.rest import ApiException from pprint import pprint @@ -66,7 +149,7 @@ Name | Type | Description | Notes ### Return type -[**AccessRuleCondition**](AccessRuleCondition.md) +[**AccessRule**](AccessRule.md) ### Authorization @@ -86,7 +169,9 @@ Name | Type | Description | Notes [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) # **update_access_rule** -> AccessRuleCondition update_access_rule(access_rule_id, access_rule_condition) +> AccessRule update_access_rule(access_rule_id, update_access_rule_info) + + Updates the access rule config for the given group_id. @@ -96,7 +181,8 @@ Updates the access rule config for the given group_id. ```python import opal_security -from opal_security.models.access_rule_condition import AccessRuleCondition +from opal_security.models.access_rule import AccessRule +from opal_security.models.update_access_rule_info import UpdateAccessRuleInfo from opal_security.rest import ApiException from pprint import pprint @@ -123,10 +209,10 @@ with opal_security.ApiClient(configuration) as api_client: # Create an instance of the API class api_instance = opal_security.AccessRulesApi(api_client) access_rule_id = '1b978423-db0a-4037-a4cf-f79c60cb67b3' # str | The access rule ID (group ID) of the access rule. - access_rule_condition = opal_security.AccessRuleCondition() # AccessRuleCondition | + update_access_rule_info = opal_security.UpdateAccessRuleInfo() # UpdateAccessRuleInfo | try: - api_response = api_instance.update_access_rule(access_rule_id, access_rule_condition) + api_response = api_instance.update_access_rule(access_rule_id, update_access_rule_info) print("The response of AccessRulesApi->update_access_rule:\n") pprint(api_response) except Exception as e: @@ -141,11 +227,11 @@ with opal_security.ApiClient(configuration) as api_client: Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **access_rule_id** | **str**| The access rule ID (group ID) of the access rule. | - **access_rule_condition** | [**AccessRuleCondition**](AccessRuleCondition.md)| | + **update_access_rule_info** | [**UpdateAccessRuleInfo**](UpdateAccessRuleInfo.md)| | ### Return type -[**AccessRuleCondition**](AccessRuleCondition.md) +[**AccessRule**](AccessRule.md) ### Authorization diff --git a/docs/AddBundleGroupRequest.md b/docs/AddBundleGroupRequest.md index cad701f..964cc21 100644 --- a/docs/AddBundleGroupRequest.md +++ b/docs/AddBundleGroupRequest.md @@ -6,6 +6,8 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **group_id** | **str** | The ID of the group to add. | +**access_level_remote_id** | **str** | The remote ID of the access level to grant to this user. Required if the group being added requires an access level. If omitted, the default access level remote ID value (empty string) is used. | [optional] +**access_level_name** | **str** | The name of the access level to grant to this user. If omitted, the default access level name value (empty string) is used. | [optional] ## Example diff --git a/docs/AppsApi.md b/docs/AppsApi.md index 4356bc4..41adb4f 100644 --- a/docs/AppsApi.md +++ b/docs/AppsApi.md @@ -12,6 +12,8 @@ Method | HTTP request | Description # **get_app** > App get_app(app_id) + + Returns an `App` object. ### Example @@ -89,6 +91,8 @@ Name | Type | Description | Notes # **get_apps** > AppsList get_apps(app_type_filter=app_type_filter, owner_filter=owner_filter) + + Returns a list of `App` objects. ### Example @@ -169,6 +173,8 @@ Name | Type | Description | Notes # **get_sync_errors** > List[SyncErrorList] get_sync_errors(app_id=app_id, resource_id=resource_id, group_id=group_id) + + Returns a list of recent sync errors that have occurred since the last successful sync. ### Example diff --git a/docs/BundleGroup.md b/docs/BundleGroup.md index 938da16..cfc76e8 100644 --- a/docs/BundleGroup.md +++ b/docs/BundleGroup.md @@ -7,6 +7,8 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **bundle_id** | **str** | The ID of the bundle containing the group. | [optional] [readonly] **group_id** | **str** | The ID of the group within a bundle. | [optional] [readonly] +**access_level_name** | **str** | The access level of the group within a bundle. | [optional] +**access_level_remote_id** | **str** | The remote ID of the access level of the group within a bundle. | [optional] ## Example diff --git a/docs/BundlesApi.md b/docs/BundlesApi.md index f0495b6..83a45bc 100644 --- a/docs/BundlesApi.md +++ b/docs/BundlesApi.md @@ -22,6 +22,8 @@ Method | HTTP request | Description # **add_bundle_group** > BundleGroup add_bundle_group(bundle_id, add_bundle_group_request) + + Adds a group to a bundle. ### Example @@ -102,6 +104,8 @@ Name | Type | Description | Notes # **add_bundle_resource** > BundleResource add_bundle_resource(bundle_id, add_bundle_resource_request=add_bundle_resource_request) + + Adds a resource to a bundle. ### Example @@ -182,6 +186,8 @@ Name | Type | Description | Notes # **create_bundle** > Bundle create_bundle(create_bundle_info) + + Creates a bundle. ### Example @@ -260,6 +266,8 @@ Name | Type | Description | Notes # **delete_bundle** > delete_bundle(bundle_id) + + Deletes a bundle. ### Example @@ -334,6 +342,8 @@ void (empty response body) # **get_bundle** > Bundle get_bundle(bundle_id) + + Returns a `Bundle` object. ### Example @@ -411,6 +421,8 @@ Name | Type | Description | Notes # **get_bundle_groups** > PaginatedBundleGroupList get_bundle_groups(bundle_id, page_size=page_size, cursor=cursor) + + Returns a list of `Group` objects in a given bundle. ### Example @@ -492,6 +504,8 @@ Name | Type | Description | Notes # **get_bundle_resources** > PaginatedBundleResourceList get_bundle_resources(bundle_id, page_size=page_size, cursor=cursor) + + Returns a list of `Resource` objects in a given bundle. ### Example @@ -573,6 +587,8 @@ Name | Type | Description | Notes # **get_bundle_visibility** > VisibilityInfo get_bundle_visibility(bundle_id) + + Gets the visibility of the bundle. ### Example @@ -650,6 +666,8 @@ Name | Type | Description | Notes # **get_bundles** > PaginatedBundleList get_bundles(page_size=page_size, cursor=cursor, contains=contains) + + Returns a list of `Bundle` objects. ### Example @@ -729,7 +747,9 @@ Name | Type | Description | Notes [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) # **remove_bundle_group** -> remove_bundle_group(bundle_id, group_id) +> remove_bundle_group(bundle_id, group_id, access_level_remote_id=access_level_remote_id) + + Removes a group from a bundle. @@ -766,9 +786,10 @@ with opal_security.ApiClient(configuration) as api_client: api_instance = opal_security.BundlesApi(api_client) bundle_id = '32acc112-21ff-4669-91c2-21e27683eaa1' # str | The ID of the bundle. group_id = '72e75a6f-7183-48c5-94ff-6013f213314b' # str | The ID of the group to remove. + access_level_remote_id = 'arn:aws:iam::590304332660:role/AdministratorAccess' # str | The remote ID of the access level to remove. (optional) try: - api_instance.remove_bundle_group(bundle_id, group_id) + api_instance.remove_bundle_group(bundle_id, group_id, access_level_remote_id=access_level_remote_id) except Exception as e: print("Exception when calling BundlesApi->remove_bundle_group: %s\n" % e) ``` @@ -782,6 +803,7 @@ Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- **bundle_id** | **str**| The ID of the bundle. | **group_id** | **str**| The ID of the group to remove. | + **access_level_remote_id** | **str**| The remote ID of the access level to remove. | [optional] ### Return type @@ -807,6 +829,8 @@ void (empty response body) # **remove_bundle_resource** > remove_bundle_resource(bundle_id, resource_id, access_level_remote_id=access_level_remote_id) + + Removes a resource from a bundle. ### Example @@ -885,6 +909,8 @@ void (empty response body) # **set_bundle_visibility** > set_bundle_visibility(bundle_id, visibility_info) + + Sets the visibility of the bundle. ### Example @@ -962,6 +988,8 @@ void (empty response body) # **update_bundle** > Bundle update_bundle(bundle_id, bundle) + + Updates a bundle. ### Example diff --git a/docs/ConfigurationTemplatesApi.md b/docs/ConfigurationTemplatesApi.md index dcd8712..c10b46f 100644 --- a/docs/ConfigurationTemplatesApi.md +++ b/docs/ConfigurationTemplatesApi.md @@ -13,6 +13,8 @@ Method | HTTP request | Description # **create_configuration_template** > ConfigurationTemplate create_configuration_template(create_configuration_template_info) + + Creates a configuration template. ### Example @@ -91,6 +93,8 @@ Name | Type | Description | Notes # **delete_configuration_template** > delete_configuration_template(configuration_template_id) + + Deletes a configuration template. ### Example @@ -165,6 +169,8 @@ void (empty response body) # **get_configuration_templates** > PaginatedConfigurationTemplateList get_configuration_templates() + + Returns a list of `ConfigurationTemplate` objects. ### Example @@ -238,6 +244,8 @@ This endpoint does not need any parameter. # **update_configuration_template** > ConfigurationTemplate update_configuration_template(update_configuration_template_info) + + Update a configuration template. ### Example diff --git a/docs/EventsApi.md b/docs/EventsApi.md index 8fd046b..583435e 100644 --- a/docs/EventsApi.md +++ b/docs/EventsApi.md @@ -10,6 +10,8 @@ Method | HTTP request | Description # **events** > PaginatedEventList events(start_date_filter=start_date_filter, end_date_filter=end_date_filter, actor_filter=actor_filter, object_filter=object_filter, event_type_filter=event_type_filter, api_token_filter=api_token_filter, cursor=cursor, page_size=page_size) + + Returns a list of `Event` objects. ### Example diff --git a/docs/GroupBindingsApi.md b/docs/GroupBindingsApi.md index f34af17..0fded3b 100644 --- a/docs/GroupBindingsApi.md +++ b/docs/GroupBindingsApi.md @@ -14,6 +14,8 @@ Method | HTTP request | Description # **create_group_binding** > GroupBinding create_group_binding(create_group_binding_info) + + Creates a group binding. ### Example @@ -92,6 +94,8 @@ Name | Type | Description | Notes # **delete_group_binding** > delete_group_binding(group_binding_id) + + Deletes a group binding. ### Example @@ -166,6 +170,8 @@ void (empty response body) # **get_group_binding** > GroupBinding get_group_binding(group_binding_id) + + Returns a `GroupBinding` object. ### Example @@ -243,6 +249,8 @@ Name | Type | Description | Notes # **get_group_bindings** > PaginatedGroupBindingsList get_group_bindings(cursor=cursor, page_size=page_size) + + Returns a list of `GroupBinding` objects. ### Example @@ -322,6 +330,8 @@ Name | Type | Description | Notes # **update_group_bindings** > update_group_bindings(update_group_binding_info_list) + + Bulk updates a list of group bindings. ### Example diff --git a/docs/GroupRemoteInfo.md b/docs/GroupRemoteInfo.md index 4344194..3101f6f 100644 --- a/docs/GroupRemoteInfo.md +++ b/docs/GroupRemoteInfo.md @@ -15,6 +15,7 @@ Name | Type | Description | Notes **duo_group** | [**GroupRemoteInfoDuoGroup**](GroupRemoteInfoDuoGroup.md) | | [optional] **azure_ad_security_group** | [**GroupRemoteInfoAzureAdSecurityGroup**](GroupRemoteInfoAzureAdSecurityGroup.md) | | [optional] **azure_ad_microsoft_365_group** | [**GroupRemoteInfoAzureAdMicrosoft365Group**](GroupRemoteInfoAzureAdMicrosoft365Group.md) | | [optional] +**snowflake_role** | [**GroupRemoteInfoSnowflakeRole**](GroupRemoteInfoSnowflakeRole.md) | | [optional] ## Example diff --git a/docs/GroupRemoteInfoSnowflakeRole.md b/docs/GroupRemoteInfoSnowflakeRole.md new file mode 100644 index 0000000..7c43b1d --- /dev/null +++ b/docs/GroupRemoteInfoSnowflakeRole.md @@ -0,0 +1,30 @@ +# GroupRemoteInfoSnowflakeRole + +Remote info for Snowflake role. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**role_id** | **str** | The id of the Snowflake role. | + +## Example + +```python +from opal_security.models.group_remote_info_snowflake_role import GroupRemoteInfoSnowflakeRole + +# TODO update the JSON string below +json = "{}" +# create an instance of GroupRemoteInfoSnowflakeRole from a JSON string +group_remote_info_snowflake_role_instance = GroupRemoteInfoSnowflakeRole.from_json(json) +# print the JSON string representation of the object +print(GroupRemoteInfoSnowflakeRole.to_json()) + +# convert the object into a dict +group_remote_info_snowflake_role_dict = group_remote_info_snowflake_role_instance.to_dict() +# create an instance of GroupRemoteInfoSnowflakeRole from a dict +group_remote_info_snowflake_role_from_dict = GroupRemoteInfoSnowflakeRole.from_dict(group_remote_info_snowflake_role_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/GroupsApi.md b/docs/GroupsApi.md index d26f8da..1d5d034 100644 --- a/docs/GroupsApi.md +++ b/docs/GroupsApi.md @@ -35,6 +35,8 @@ Method | HTTP request | Description # **add_group_containing_group** > GroupContainingGroup add_group_containing_group(group_id, group_containing_group) + + Creates a new containing group. ### Example @@ -114,6 +116,8 @@ Name | Type | Description | Notes # **add_group_resource** > GroupResource add_group_resource(group_id, resource_id, access_level_remote_id=access_level_remote_id, add_group_resource_request=add_group_resource_request) + + Adds a resource to a group. ### Example @@ -198,6 +202,8 @@ Name | Type | Description | Notes # **add_group_user** > GroupUser add_group_user(group_id, user_id, duration_minutes=duration_minutes, access_level_remote_id=access_level_remote_id, add_group_user_request=add_group_user_request) + + Adds a user to this group. ### Example @@ -284,6 +290,8 @@ Name | Type | Description | Notes # **create_group** > Group create_group(create_group_info) + + Creates an Opal group or [imports a remote group](https://docs.opal.dev/reference/end-system-objects). ### Example @@ -362,6 +370,8 @@ Name | Type | Description | Notes # **delete_group** > delete_group(group_id) + + Deletes a group. ### Example @@ -436,6 +446,8 @@ void (empty response body) # **delete_group_user** > delete_group_user(group_id, user_id) + + Removes a user's access from this group. ### Example @@ -512,6 +524,8 @@ void (empty response body) # **get_group** > Group get_group(group_id) + + Returns a `Group` object. ### Example @@ -589,6 +603,8 @@ Name | Type | Description | Notes # **get_group_containing_group** > GroupContainingGroup get_group_containing_group(group_id, containing_group_id) + + Gets a specific containing group for a group. ### Example @@ -668,6 +684,8 @@ Name | Type | Description | Notes # **get_group_containing_groups** > GroupContainingGroupList get_group_containing_groups(group_id) + + Gets the list of groups that the group gives access to. ### Example @@ -745,6 +763,8 @@ Name | Type | Description | Notes # **get_group_message_channels** > MessageChannelList get_group_message_channels(group_id) + + Gets the list of audit and reviewer message channels attached to a group. ### Example @@ -822,6 +842,8 @@ Name | Type | Description | Notes # **get_group_on_call_schedules** > OnCallScheduleList get_group_on_call_schedules(group_id) + + Gets the list of on call schedules attached to a group. ### Example @@ -899,6 +921,8 @@ Name | Type | Description | Notes # **get_group_resources** > GroupResourceList get_group_resources(group_id) + + Gets the list of resources that the group gives access to. ### Example @@ -976,6 +1000,8 @@ Name | Type | Description | Notes # **get_group_reviewer_stages** > List[ReviewerStage] get_group_reviewer_stages(group_id) + + Gets the list of reviewer stages for a group. ### Example @@ -1053,6 +1079,8 @@ Name | Type | Description | Notes # **get_group_reviewers** > List[str] get_group_reviewers(group_id) + + Gets the list of owner IDs of the reviewers for a group. ### Example @@ -1129,6 +1157,8 @@ Name | Type | Description | Notes # **get_group_tags** > TagsList get_group_tags(group_id) + + Returns all tags applied to the group. ### Example @@ -1206,6 +1236,8 @@ Name | Type | Description | Notes # **get_group_users** > GroupUserList get_group_users(group_id) + + Gets the list of users for this group. ### Example @@ -1283,6 +1315,8 @@ Name | Type | Description | Notes # **get_group_visibility** > VisibilityInfo get_group_visibility(group_id) + + Gets the visibility of this group. ### Example @@ -1360,6 +1394,8 @@ Name | Type | Description | Notes # **get_groups** > PaginatedGroupsList get_groups(cursor=cursor, page_size=page_size, group_type_filter=group_type_filter, group_ids=group_ids, group_name=group_name) + + Returns a list of groups for your organization. ### Example @@ -1446,6 +1482,8 @@ Name | Type | Description | Notes # **remove_group_containing_group** > remove_group_containing_group(group_id, containing_group_id) + + Removes a containing group from a group. ### Example @@ -1522,6 +1560,8 @@ void (empty response body) # **set_group_message_channels** > List[str] set_group_message_channels(group_id, message_channel_id_list) + + Sets the list of audit message channels attached to a group. ### Example @@ -1601,6 +1641,8 @@ Name | Type | Description | Notes # **set_group_on_call_schedules** > List[str] set_group_on_call_schedules(group_id, on_call_schedule_id_list) + + Sets the list of on call schedules attached to a group. ### Example @@ -1680,6 +1722,8 @@ Name | Type | Description | Notes # **set_group_resources** > set_group_resources(group_id, update_group_resources_info) + + Sets the list of resources that the group gives access to. ### Example @@ -1757,6 +1801,8 @@ void (empty response body) # **set_group_reviewer_stages** > List[ReviewerStage] set_group_reviewer_stages(group_id, reviewer_stage_list) + + Sets the list of reviewer stages for a group. ### Example @@ -1837,6 +1883,8 @@ Name | Type | Description | Notes # **set_group_reviewers** > List[str] set_group_reviewers(group_id, reviewer_id_list) + + Sets the list of reviewers for a group. ### Example @@ -1916,6 +1964,8 @@ Name | Type | Description | Notes # **set_group_visibility** > VisibilityInfo set_group_visibility(group_id, visibility_info) + + Sets the visibility of this group. ### Example @@ -1995,6 +2045,8 @@ Name | Type | Description | Notes # **update_groups** > UpdateGroupInfoList update_groups(update_group_info_list) + + Bulk updates a list of groups. ### Example diff --git a/docs/IdpGroupMappingsApi.md b/docs/IdpGroupMappingsApi.md index 088205a..dc5302a 100644 --- a/docs/IdpGroupMappingsApi.md +++ b/docs/IdpGroupMappingsApi.md @@ -12,6 +12,8 @@ Method | HTTP request | Description # **delete_idp_group_mappings** > delete_idp_group_mappings(app_resource_id, group_id) + + Deletes an `IdpGroupMapping` object. ### Example @@ -88,6 +90,8 @@ void (empty response body) # **get_idp_group_mappings** > IdpGroupMappingList get_idp_group_mappings(app_resource_id) + + Returns the configured set of available `IdpGroupMapping` objects for an Okta app. ### Example @@ -165,6 +169,8 @@ Name | Type | Description | Notes # **update_idp_group_mappings** > update_idp_group_mappings(app_resource_id, update_idp_group_mappings_request) + + Updates the list of available `IdpGroupMapping` objects for an Okta app. ### Example diff --git a/docs/MessageChannelsApi.md b/docs/MessageChannelsApi.md index f4918ab..be867a3 100644 --- a/docs/MessageChannelsApi.md +++ b/docs/MessageChannelsApi.md @@ -12,6 +12,8 @@ Method | HTTP request | Description # **create_message_channel** > MessageChannel create_message_channel(create_message_channel_info) + + Creates a `MessageChannel` objects. ### Example @@ -90,6 +92,8 @@ Name | Type | Description | Notes # **get_message_channel** > MessageChannel get_message_channel(message_channel_id) + + Gets a `MessageChannel` object. ### Example @@ -167,6 +171,8 @@ Name | Type | Description | Notes # **get_message_channels** > MessageChannelList get_message_channels() + + Returns a list of `MessageChannel` objects. ### Example diff --git a/docs/NonHumanIdentitiesApi.md b/docs/NonHumanIdentitiesApi.md index 040c778..511955d 100644 --- a/docs/NonHumanIdentitiesApi.md +++ b/docs/NonHumanIdentitiesApi.md @@ -10,6 +10,8 @@ Method | HTTP request | Description # **get_nhis** > PaginatedResourcesList get_nhis(cursor=cursor, page_size=page_size) + + Returns a list of non-human identities for your organization. ### Example diff --git a/docs/OnCallSchedulesApi.md b/docs/OnCallSchedulesApi.md index 912b3d9..885e65a 100644 --- a/docs/OnCallSchedulesApi.md +++ b/docs/OnCallSchedulesApi.md @@ -12,6 +12,8 @@ Method | HTTP request | Description # **create_on_call_schedule** > OnCallSchedule create_on_call_schedule(create_on_call_schedule_info) + + Creates a `OnCallSchedule` objects. ### Example @@ -90,6 +92,8 @@ Name | Type | Description | Notes # **get_on_call_schedule** > OnCallSchedule get_on_call_schedule(on_call_schedule_id) + + Gets a `OnCallSchedule` object. ### Example @@ -167,6 +171,8 @@ Name | Type | Description | Notes # **get_on_call_schedules** > OnCallScheduleList get_on_call_schedules() + + Returns a list of `OnCallSchedule` objects. ### Example diff --git a/docs/OwnersApi.md b/docs/OwnersApi.md index a9c0d1e..8986cb3 100644 --- a/docs/OwnersApi.md +++ b/docs/OwnersApi.md @@ -17,6 +17,8 @@ Method | HTTP request | Description # **create_owner** > Owner create_owner(create_owner_info) + + Creates an owner. ### Example @@ -95,6 +97,8 @@ Name | Type | Description | Notes # **delete_owner** > delete_owner(owner_id) + + Deletes an owner. ### Example @@ -169,6 +173,8 @@ void (empty response body) # **get_owner** > Owner get_owner(owner_id) + + Returns an `Owner` object. ### Example @@ -246,6 +252,8 @@ Name | Type | Description | Notes # **get_owner_from_name** > Owner get_owner_from_name(owner_name) + + Returns an `Owner` object. Does not support owners with `/` in their name, use /owners?name=... instead. ### Example @@ -323,6 +331,8 @@ Name | Type | Description | Notes # **get_owner_users** > UserList get_owner_users(owner_id) + + Gets the list of users for this owner, in escalation priority order if applicable. ### Example @@ -400,6 +410,8 @@ Name | Type | Description | Notes # **get_owners** > PaginatedOwnersList get_owners(cursor=cursor, page_size=page_size, name=name) + + Returns a list of `Owner` objects. ### Example @@ -481,6 +493,8 @@ Name | Type | Description | Notes # **set_owner_users** > UserList set_owner_users(owner_id, user_id_list) + + Sets the list of users for this owner. If escalation is enabled, the order of this list is the escalation priority order of the users. If the owner has a source group, adding or removing users from this list won't be possible. ### Example @@ -561,6 +575,8 @@ Name | Type | Description | Notes # **update_owners** > UpdateOwnerInfoList update_owners(update_owner_info_list) + + Bulk updates a list of owners. ### Example diff --git a/docs/RequestStatusEnum.md b/docs/RequestStatusEnum.md index d1fa9ff..fdbb782 100644 --- a/docs/RequestStatusEnum.md +++ b/docs/RequestStatusEnum.md @@ -4,13 +4,13 @@ ## Enum -* `PENDING` (value: `'pending'`) +* `PENDING` (value: `'PENDING'`) -* `APPROVED` (value: `'approved'`) +* `APPROVED` (value: `'APPROVED'`) -* `DENIED` (value: `'denied'`) +* `DENIED` (value: `'DENIED'`) -* `CANCELED` (value: `'canceled'`) +* `CANCELED` (value: `'CANCELED'`) [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/docs/RequestsApi.md b/docs/RequestsApi.md index f38d6d8..a3f25b8 100644 --- a/docs/RequestsApi.md +++ b/docs/RequestsApi.md @@ -11,6 +11,8 @@ Method | HTTP request | Description # **create_request** > CreateRequest200Response create_request(create_request_info) + + Create an access request ### Example @@ -87,7 +89,9 @@ Name | Type | Description | Notes [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) # **get_requests** -> RequestList get_requests(cursor=cursor, page_size=page_size, show_pending_only=show_pending_only) +> RequestList get_requests(start_date_filter=start_date_filter, end_date_filter=end_date_filter, cursor=cursor, page_size=page_size, show_pending_only=show_pending_only) + + Returns a list of requests for your organization that is visible by the admin. @@ -123,12 +127,14 @@ configuration = opal.Configuration( with opal_security.ApiClient(configuration) as api_client: # Create an instance of the API class api_instance = opal_security.RequestsApi(api_client) + start_date_filter = '2021-11-01' # str | A start date filter for the events. (optional) + end_date_filter = '2021-11-12' # str | An end date filter for the events. (optional) cursor = 'cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw' # str | The pagination cursor value. (optional) page_size = 200 # int | Number of results to return per page. Default is 200. (optional) show_pending_only = True # bool | Boolean toggle for if it should only show pending requests. (optional) try: - api_response = api_instance.get_requests(cursor=cursor, page_size=page_size, show_pending_only=show_pending_only) + api_response = api_instance.get_requests(start_date_filter=start_date_filter, end_date_filter=end_date_filter, cursor=cursor, page_size=page_size, show_pending_only=show_pending_only) print("The response of RequestsApi->get_requests:\n") pprint(api_response) except Exception as e: @@ -142,6 +148,8 @@ with opal_security.ApiClient(configuration) as api_client: Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- + **start_date_filter** | **str**| A start date filter for the events. | [optional] + **end_date_filter** | **str**| An end date filter for the events. | [optional] **cursor** | **str**| The pagination cursor value. | [optional] **page_size** | **int**| Number of results to return per page. Default is 200. | [optional] **show_pending_only** | **bool**| Boolean toggle for if it should only show pending requests. | [optional] diff --git a/docs/ResourceTypeEnum.md b/docs/ResourceTypeEnum.md index 7b9ed0c..beacbd1 100644 --- a/docs/ResourceTypeEnum.md +++ b/docs/ResourceTypeEnum.md @@ -78,6 +78,8 @@ The type of the resource. * `GIT_HUB_REPO` (value: `'GIT_HUB_REPO'`) +* `GIT_HUB_ORG_ROLE` (value: `'GIT_HUB_ORG_ROLE'`) + * `GIT_LAB_PROJECT` (value: `'GIT_LAB_PROJECT'`) * `GOOGLE_WORKSPACE_ROLE` (value: `'GOOGLE_WORKSPACE_ROLE'`) diff --git a/docs/ResourcesApi.md b/docs/ResourcesApi.md index e7195e4..9ea47d7 100644 --- a/docs/ResourcesApi.md +++ b/docs/ResourcesApi.md @@ -31,6 +31,8 @@ Method | HTTP request | Description # **add_resource_nhi** > ResourceNHI add_resource_nhi(resource_id, non_human_identity_id, add_resource_nhi_request=add_resource_nhi_request) + + Gives a non-human identity access to this resource. ### Example @@ -113,6 +115,8 @@ Name | Type | Description | Notes # **add_resource_user** > ResourceUser add_resource_user(resource_id, user_id, duration_minutes=duration_minutes, access_level_remote_id=access_level_remote_id, add_resource_user_request=add_resource_user_request) + + Adds a user to this resource. ### Example @@ -199,6 +203,8 @@ Name | Type | Description | Notes # **create_resource** > Resource create_resource(create_resource_info) + + Creates a resource. See [here](https://docs.opal.dev/reference/end-system-objects) for details about importing resources. ### Example @@ -277,6 +283,8 @@ Name | Type | Description | Notes # **delete_resource** > delete_resource(resource_id) + + Deletes a resource. ### Example @@ -351,6 +359,8 @@ void (empty response body) # **delete_resource_nhi** > delete_resource_nhi(resource_id, non_human_identity_id, access_level_remote_id=access_level_remote_id) + + Removes a non-human identity's direct access from this resource. ### Example @@ -429,6 +439,8 @@ void (empty response body) # **delete_resource_user** > delete_resource_user(resource_id, user_id, access_level_remote_id=access_level_remote_id) + + Removes a user's direct access from this resource. ### Example @@ -507,6 +519,8 @@ void (empty response body) # **get_resource** > Resource get_resource(resource_id) + + Retrieves a resource. ### Example @@ -584,6 +598,8 @@ Name | Type | Description | Notes # **get_resource_message_channels** > MessageChannelList get_resource_message_channels(resource_id) + + Gets the list of audit message channels attached to a resource. ### Example @@ -661,6 +677,8 @@ Name | Type | Description | Notes # **get_resource_nhis** > AccessList get_resource_nhis(resource_id, limit=limit) + + Gets the list of non-human identities with access to this resource. ### Example @@ -740,6 +758,8 @@ Name | Type | Description | Notes # **get_resource_reviewer_stages** > List[ReviewerStage] get_resource_reviewer_stages(resource_id) + + Gets the list reviewer stages for a resource. ### Example @@ -817,6 +837,8 @@ Name | Type | Description | Notes # **get_resource_reviewers** > List[str] get_resource_reviewers(resource_id) + + Gets the list of owner IDs of the reviewers for a resource. ### Example @@ -893,6 +915,8 @@ Name | Type | Description | Notes # **get_resource_tags** > TagsList get_resource_tags(resource_id) + + Returns all tags applied to the resource. ### Example @@ -970,6 +994,8 @@ Name | Type | Description | Notes # **get_resource_users** > ResourceAccessUserList get_resource_users(resource_id, limit=limit) + + Gets the list of users for this resource. ### Example @@ -1049,6 +1075,8 @@ Name | Type | Description | Notes # **get_resource_visibility** > VisibilityInfo get_resource_visibility(resource_id) + + Gets the visibility of this resource. ### Example @@ -1126,6 +1154,8 @@ Name | Type | Description | Notes # **get_resources** > PaginatedResourcesList get_resources(cursor=cursor, page_size=page_size, resource_type_filter=resource_type_filter, resource_ids=resource_ids, resource_name=resource_name, parent_resource_id=parent_resource_id) + + Returns a list of resources for your organization. ### Example @@ -1214,6 +1244,8 @@ Name | Type | Description | Notes # **resource_user_access_status_retrieve** > ResourceUserAccessStatus resource_user_access_status_retrieve(resource_id, user_id, access_level_remote_id=access_level_remote_id, cursor=cursor, page_size=page_size) + + Get user's access status to a resource. ### Example @@ -1299,6 +1331,8 @@ Name | Type | Description | Notes # **set_resource_message_channels** > List[str] set_resource_message_channels(resource_id, message_channel_id_list) + + Sets the list of audit message channels attached to a resource. ### Example @@ -1378,6 +1412,8 @@ Name | Type | Description | Notes # **set_resource_reviewer_stages** > List[ReviewerStage] set_resource_reviewer_stages(resource_id, reviewer_stage_list) + + Sets the list of reviewer stages for a resource. ### Example @@ -1458,6 +1494,8 @@ Name | Type | Description | Notes # **set_resource_reviewers** > List[str] set_resource_reviewers(resource_id, reviewer_id_list) + + Sets the list of reviewers for a resource. ### Example @@ -1537,6 +1575,8 @@ Name | Type | Description | Notes # **set_resource_visibility** > VisibilityInfo set_resource_visibility(resource_id, visibility_info) + + Sets the visibility of this resource. ### Example @@ -1616,6 +1656,8 @@ Name | Type | Description | Notes # **update_resource_user** > ResourceUser update_resource_user(resource_id, user_id, update_resource_user_request) + + Updates a user's access level or duration on this resource. ### Example @@ -1698,6 +1740,8 @@ Name | Type | Description | Notes # **update_resources** > UpdateResourceInfoList update_resources(update_resource_info_list) + + Bulk updates a list of resources. ### Example diff --git a/docs/SessionsApi.md b/docs/SessionsApi.md index 589a63c..22311f7 100644 --- a/docs/SessionsApi.md +++ b/docs/SessionsApi.md @@ -10,6 +10,8 @@ Method | HTTP request | Description # **sessions** > SessionsList sessions(resource_id, user_id=user_id) + + Returns a list of `Session` objects. ### Example diff --git a/docs/TagsApi.md b/docs/TagsApi.md index bf93f9c..52d49e0 100644 --- a/docs/TagsApi.md +++ b/docs/TagsApi.md @@ -20,6 +20,8 @@ Method | HTTP request | Description # **add_group_tag** > add_group_tag(tag_id, group_id) + + Applies a tag to a group. ### Example @@ -96,6 +98,8 @@ void (empty response body) # **add_resource_tag** > add_resource_tag(tag_id, resource_id) + + Applies a tag to a resource. ### Example @@ -172,6 +176,8 @@ void (empty response body) # **add_user_tag** > add_user_tag(tag_id, user_id) + + Applies a tag to a user. ### Example @@ -248,6 +254,8 @@ void (empty response body) # **create_tag** > Tag create_tag(tag_key=tag_key, tag_value=tag_value, admin_owner_id=admin_owner_id, create_tag_info=create_tag_info) + + Creates a tag with the given key and value. ### Example @@ -332,6 +340,8 @@ Name | Type | Description | Notes # **delete_tag_by_id** > delete_tag_by_id(tag_id) + + UNSTABLE. May be removed at any time. Deletes a tag with the given id. ### Example @@ -406,6 +416,8 @@ void (empty response body) # **get_tag** > Tag get_tag(tag_key, tag_value=tag_value) + + Gets a tag with the given key and value. ### Example @@ -485,6 +497,8 @@ Name | Type | Description | Notes # **get_tag_by_id** > Tag get_tag_by_id(tag_id) + + UNSTABLE. May be removed at any time. Gets a tag with the given id. ### Example @@ -562,6 +576,8 @@ Name | Type | Description | Notes # **get_tags** > PaginatedTagsList get_tags(cursor=cursor, page_size=page_size) + + Returns a list of tags created by your organization. ### Example @@ -641,6 +657,8 @@ Name | Type | Description | Notes # **remove_group_tag** > remove_group_tag(tag_id, group_id) + + Removes a tag from a group. ### Example @@ -717,6 +735,8 @@ void (empty response body) # **remove_resource_tag** > remove_resource_tag(tag_id, resource_id) + + Removes a tag from a resource. ### Example @@ -793,6 +813,8 @@ void (empty response body) # **remove_user_tag** > remove_user_tag(tag_id, user_id) + + Removes a tag from a user. ### Example diff --git a/docs/UarsApi.md b/docs/UarsApi.md index 0382cc0..0de803a 100644 --- a/docs/UarsApi.md +++ b/docs/UarsApi.md @@ -12,6 +12,8 @@ Method | HTTP request | Description # **create_uar** > UAR create_uar(create_uar_info) + + Starts a User Access Review. ### Example @@ -90,6 +92,8 @@ Name | Type | Description | Notes # **get_uar** > UAR get_uar(uar_id) + + Retrieves a specific UAR. ### Example @@ -167,6 +171,8 @@ Name | Type | Description | Notes # **get_uars** > PaginatedUARsList get_uars(cursor=cursor, page_size=page_size) + + Returns a list of `UAR` objects. ### Example diff --git a/docs/UpdateAccessRuleInfo.md b/docs/UpdateAccessRuleInfo.md new file mode 100644 index 0000000..5deb162 --- /dev/null +++ b/docs/UpdateAccessRuleInfo.md @@ -0,0 +1,34 @@ +# UpdateAccessRuleInfo + +# UpdateAccessRuleInfo Object ### Description The `UpdateAccessRuleInfo` object is used as an input to the UpdateAccessRule and CreateAccessRule API. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**name** | **str** | The name of the access rule. | +**description** | **str** | A description of the group. | +**admin_owner_id** | **str** | The ID of the owner of the group. | +**status** | **str** | The status of the access rule. | +**rule_clauses** | [**RuleClauses**](RuleClauses.md) | | + +## Example + +```python +from opal_security.models.update_access_rule_info import UpdateAccessRuleInfo + +# TODO update the JSON string below +json = "{}" +# create an instance of UpdateAccessRuleInfo from a JSON string +update_access_rule_info_instance = UpdateAccessRuleInfo.from_json(json) +# print the JSON string representation of the object +print(UpdateAccessRuleInfo.to_json()) + +# convert the object into a dict +update_access_rule_info_dict = update_access_rule_info_instance.to_dict() +# create an instance of UpdateAccessRuleInfo from a dict +update_access_rule_info_from_dict = UpdateAccessRuleInfo.from_dict(update_access_rule_info_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/UsersApi.md b/docs/UsersApi.md index 7d6d09b..6f25054 100644 --- a/docs/UsersApi.md +++ b/docs/UsersApi.md @@ -12,6 +12,8 @@ Method | HTTP request | Description # **get_user_tags** > TagsList get_user_tags(user_id) + + Returns all tags applied to the user. ### Example @@ -89,6 +91,8 @@ Name | Type | Description | Notes # **get_users** > PaginatedUsersList get_users(cursor=cursor, page_size=page_size) + + Returns a list of users for your organization. ### Example @@ -168,6 +172,8 @@ Name | Type | Description | Notes # **user** > User user(user_id=user_id, email=email) + + Returns a `User` object. ### Example diff --git a/opal_security/__init__.py b/opal_security/__init__.py index b80246d..c360c22 100644 --- a/opal_security/__init__.py +++ b/opal_security/__init__.py @@ -51,7 +51,7 @@ # import models into sdk package from opal_security.models.access import Access from opal_security.models.access_list import AccessList -from opal_security.models.access_rule_condition import AccessRuleCondition +from opal_security.models.access_rule import AccessRule from opal_security.models.add_bundle_group_request import AddBundleGroupRequest from opal_security.models.add_bundle_resource_request import AddBundleResourceRequest from opal_security.models.add_group_resource_request import AddGroupResourceRequest @@ -107,6 +107,7 @@ from opal_security.models.group_remote_info_google_group import GroupRemoteInfoGoogleGroup from opal_security.models.group_remote_info_ldap_group import GroupRemoteInfoLdapGroup from opal_security.models.group_remote_info_okta_group import GroupRemoteInfoOktaGroup +from opal_security.models.group_remote_info_snowflake_role import GroupRemoteInfoSnowflakeRole from opal_security.models.group_resource import GroupResource from opal_security.models.group_resource_list import GroupResourceList from opal_security.models.group_type_enum import GroupTypeEnum @@ -204,6 +205,7 @@ from opal_security.models.uar import UAR from opal_security.models.uar_reviewer_assignment_policy_enum import UARReviewerAssignmentPolicyEnum from opal_security.models.uar_scope import UARScope +from opal_security.models.update_access_rule_info import UpdateAccessRuleInfo from opal_security.models.update_configuration_template_info import UpdateConfigurationTemplateInfo from opal_security.models.update_group_binding_info import UpdateGroupBindingInfo from opal_security.models.update_group_binding_info_list import UpdateGroupBindingInfoList diff --git a/opal_security/api/access_rules_api.py b/opal_security/api/access_rules_api.py index 0f73d20..0255fdc 100644 --- a/opal_security/api/access_rules_api.py +++ b/opal_security/api/access_rules_api.py @@ -19,7 +19,8 @@ from pydantic import Field, StrictStr from typing_extensions import Annotated -from opal_security.models.access_rule_condition import AccessRuleCondition +from opal_security.models.access_rule import AccessRule +from opal_security.models.update_access_rule_info import UpdateAccessRuleInfo from opal_security.api_client import ApiClient, RequestSerialized from opal_security.api_response import ApiResponse @@ -39,6 +40,280 @@ def __init__(self, api_client=None) -> None: self.api_client = api_client + @validate_call + def create_access_rule( + self, + update_access_rule_info: UpdateAccessRuleInfo, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> AccessRule: + """create_access_rule + + Creates a new access rule config for the given group_id. + + :param update_access_rule_info: (required) + :type update_access_rule_info: UpdateAccessRuleInfo + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._create_access_rule_serialize( + update_access_rule_info=update_access_rule_info, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '201': "AccessRule", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ).data + + + @validate_call + def create_access_rule_with_http_info( + self, + update_access_rule_info: UpdateAccessRuleInfo, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> ApiResponse[AccessRule]: + """create_access_rule + + Creates a new access rule config for the given group_id. + + :param update_access_rule_info: (required) + :type update_access_rule_info: UpdateAccessRuleInfo + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._create_access_rule_serialize( + update_access_rule_info=update_access_rule_info, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '201': "AccessRule", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ) + + + @validate_call + def create_access_rule_without_preload_content( + self, + update_access_rule_info: UpdateAccessRuleInfo, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> RESTResponseType: + """create_access_rule + + Creates a new access rule config for the given group_id. + + :param update_access_rule_info: (required) + :type update_access_rule_info: UpdateAccessRuleInfo + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._create_access_rule_serialize( + update_access_rule_info=update_access_rule_info, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '201': "AccessRule", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + return response_data.response + + + def _create_access_rule_serialize( + self, + update_access_rule_info, + _request_auth, + _content_type, + _headers, + _host_index, + ) -> RequestSerialized: + + _host = None + + _collection_formats: Dict[str, str] = { + } + + _path_params: Dict[str, str] = {} + _query_params: List[Tuple[str, str]] = [] + _header_params: Dict[str, Optional[str]] = _headers or {} + _form_params: List[Tuple[str, str]] = [] + _files: Dict[ + str, Union[str, bytes, List[str], List[bytes], List[Tuple[str, bytes]]] + ] = {} + _body_params: Optional[bytes] = None + + # process the path parameters + # process the query parameters + # process the header parameters + # process the form parameters + # process the body parameter + if update_access_rule_info is not None: + _body_params = update_access_rule_info + + + # set the HTTP header `Accept` + if 'Accept' not in _header_params: + _header_params['Accept'] = self.api_client.select_header_accept( + [ + 'application/json' + ] + ) + + # set the HTTP header `Content-Type` + if _content_type: + _header_params['Content-Type'] = _content_type + else: + _default_content_type = ( + self.api_client.select_header_content_type( + [ + 'application/json' + ] + ) + ) + if _default_content_type is not None: + _header_params['Content-Type'] = _default_content_type + + # authentication setting + _auth_settings: List[str] = [ + 'BearerAuth' + ] + + return self.api_client.param_serialize( + method='POST', + resource_path='/access-rules', + path_params=_path_params, + query_params=_query_params, + header_params=_header_params, + body=_body_params, + post_params=_form_params, + files=_files, + auth_settings=_auth_settings, + collection_formats=_collection_formats, + _host=_host, + _request_auth=_request_auth + ) + + + + @validate_call def get_access_rule( self, @@ -55,7 +330,7 @@ def get_access_rule( _content_type: Optional[StrictStr] = None, _headers: Optional[Dict[StrictStr, Any]] = None, _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, - ) -> AccessRuleCondition: + ) -> AccessRule: """get_access_rule Returns a list of access rule config given the group_id of the access rule. @@ -93,7 +368,7 @@ def get_access_rule( ) _response_types_map: Dict[str, Optional[str]] = { - '200': "AccessRuleCondition", + '200': "AccessRule", } response_data = self.api_client.call_api( *_param, @@ -122,7 +397,7 @@ def get_access_rule_with_http_info( _content_type: Optional[StrictStr] = None, _headers: Optional[Dict[StrictStr, Any]] = None, _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, - ) -> ApiResponse[AccessRuleCondition]: + ) -> ApiResponse[AccessRule]: """get_access_rule Returns a list of access rule config given the group_id of the access rule. @@ -160,7 +435,7 @@ def get_access_rule_with_http_info( ) _response_types_map: Dict[str, Optional[str]] = { - '200': "AccessRuleCondition", + '200': "AccessRule", } response_data = self.api_client.call_api( *_param, @@ -227,7 +502,7 @@ def get_access_rule_without_preload_content( ) _response_types_map: Dict[str, Optional[str]] = { - '200': "AccessRuleCondition", + '200': "AccessRule", } response_data = self.api_client.call_api( *_param, @@ -304,7 +579,7 @@ def _get_access_rule_serialize( def update_access_rule( self, access_rule_id: Annotated[StrictStr, Field(description="The access rule ID (group ID) of the access rule.")], - access_rule_condition: AccessRuleCondition, + update_access_rule_info: UpdateAccessRuleInfo, _request_timeout: Union[ None, Annotated[StrictFloat, Field(gt=0)], @@ -317,15 +592,15 @@ def update_access_rule( _content_type: Optional[StrictStr] = None, _headers: Optional[Dict[StrictStr, Any]] = None, _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, - ) -> AccessRuleCondition: + ) -> AccessRule: """update_access_rule Updates the access rule config for the given group_id. :param access_rule_id: The access rule ID (group ID) of the access rule. (required) :type access_rule_id: str - :param access_rule_condition: (required) - :type access_rule_condition: AccessRuleCondition + :param update_access_rule_info: (required) + :type update_access_rule_info: UpdateAccessRuleInfo :param _request_timeout: timeout setting for this request. If one number provided, it will be total request timeout. It can also be a pair (tuple) of @@ -350,7 +625,7 @@ def update_access_rule( _param = self._update_access_rule_serialize( access_rule_id=access_rule_id, - access_rule_condition=access_rule_condition, + update_access_rule_info=update_access_rule_info, _request_auth=_request_auth, _content_type=_content_type, _headers=_headers, @@ -358,7 +633,7 @@ def update_access_rule( ) _response_types_map: Dict[str, Optional[str]] = { - '200': "AccessRuleCondition", + '200': "AccessRule", } response_data = self.api_client.call_api( *_param, @@ -375,7 +650,7 @@ def update_access_rule( def update_access_rule_with_http_info( self, access_rule_id: Annotated[StrictStr, Field(description="The access rule ID (group ID) of the access rule.")], - access_rule_condition: AccessRuleCondition, + update_access_rule_info: UpdateAccessRuleInfo, _request_timeout: Union[ None, Annotated[StrictFloat, Field(gt=0)], @@ -388,15 +663,15 @@ def update_access_rule_with_http_info( _content_type: Optional[StrictStr] = None, _headers: Optional[Dict[StrictStr, Any]] = None, _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, - ) -> ApiResponse[AccessRuleCondition]: + ) -> ApiResponse[AccessRule]: """update_access_rule Updates the access rule config for the given group_id. :param access_rule_id: The access rule ID (group ID) of the access rule. (required) :type access_rule_id: str - :param access_rule_condition: (required) - :type access_rule_condition: AccessRuleCondition + :param update_access_rule_info: (required) + :type update_access_rule_info: UpdateAccessRuleInfo :param _request_timeout: timeout setting for this request. If one number provided, it will be total request timeout. It can also be a pair (tuple) of @@ -421,7 +696,7 @@ def update_access_rule_with_http_info( _param = self._update_access_rule_serialize( access_rule_id=access_rule_id, - access_rule_condition=access_rule_condition, + update_access_rule_info=update_access_rule_info, _request_auth=_request_auth, _content_type=_content_type, _headers=_headers, @@ -429,7 +704,7 @@ def update_access_rule_with_http_info( ) _response_types_map: Dict[str, Optional[str]] = { - '200': "AccessRuleCondition", + '200': "AccessRule", } response_data = self.api_client.call_api( *_param, @@ -446,7 +721,7 @@ def update_access_rule_with_http_info( def update_access_rule_without_preload_content( self, access_rule_id: Annotated[StrictStr, Field(description="The access rule ID (group ID) of the access rule.")], - access_rule_condition: AccessRuleCondition, + update_access_rule_info: UpdateAccessRuleInfo, _request_timeout: Union[ None, Annotated[StrictFloat, Field(gt=0)], @@ -466,8 +741,8 @@ def update_access_rule_without_preload_content( :param access_rule_id: The access rule ID (group ID) of the access rule. (required) :type access_rule_id: str - :param access_rule_condition: (required) - :type access_rule_condition: AccessRuleCondition + :param update_access_rule_info: (required) + :type update_access_rule_info: UpdateAccessRuleInfo :param _request_timeout: timeout setting for this request. If one number provided, it will be total request timeout. It can also be a pair (tuple) of @@ -492,7 +767,7 @@ def update_access_rule_without_preload_content( _param = self._update_access_rule_serialize( access_rule_id=access_rule_id, - access_rule_condition=access_rule_condition, + update_access_rule_info=update_access_rule_info, _request_auth=_request_auth, _content_type=_content_type, _headers=_headers, @@ -500,7 +775,7 @@ def update_access_rule_without_preload_content( ) _response_types_map: Dict[str, Optional[str]] = { - '200': "AccessRuleCondition", + '200': "AccessRule", } response_data = self.api_client.call_api( *_param, @@ -512,7 +787,7 @@ def update_access_rule_without_preload_content( def _update_access_rule_serialize( self, access_rule_id, - access_rule_condition, + update_access_rule_info, _request_auth, _content_type, _headers, @@ -540,8 +815,8 @@ def _update_access_rule_serialize( # process the header parameters # process the form parameters # process the body parameter - if access_rule_condition is not None: - _body_params = access_rule_condition + if update_access_rule_info is not None: + _body_params = update_access_rule_info # set the HTTP header `Accept` diff --git a/opal_security/api/bundles_api.py b/opal_security/api/bundles_api.py index 52a9242..aa249cc 100644 --- a/opal_security/api/bundles_api.py +++ b/opal_security/api/bundles_api.py @@ -2569,6 +2569,7 @@ def remove_bundle_group( self, bundle_id: Annotated[StrictStr, Field(description="The ID of the bundle.")], group_id: Annotated[StrictStr, Field(description="The ID of the group to remove.")], + access_level_remote_id: Annotated[Optional[StrictStr], Field(description="The remote ID of the access level to remove.")] = None, _request_timeout: Union[ None, Annotated[StrictFloat, Field(gt=0)], @@ -2590,6 +2591,8 @@ def remove_bundle_group( :type bundle_id: str :param group_id: The ID of the group to remove. (required) :type group_id: str + :param access_level_remote_id: The remote ID of the access level to remove. + :type access_level_remote_id: str :param _request_timeout: timeout setting for this request. If one number provided, it will be total request timeout. It can also be a pair (tuple) of @@ -2615,6 +2618,7 @@ def remove_bundle_group( _param = self._remove_bundle_group_serialize( bundle_id=bundle_id, group_id=group_id, + access_level_remote_id=access_level_remote_id, _request_auth=_request_auth, _content_type=_content_type, _headers=_headers, @@ -2640,6 +2644,7 @@ def remove_bundle_group_with_http_info( self, bundle_id: Annotated[StrictStr, Field(description="The ID of the bundle.")], group_id: Annotated[StrictStr, Field(description="The ID of the group to remove.")], + access_level_remote_id: Annotated[Optional[StrictStr], Field(description="The remote ID of the access level to remove.")] = None, _request_timeout: Union[ None, Annotated[StrictFloat, Field(gt=0)], @@ -2661,6 +2666,8 @@ def remove_bundle_group_with_http_info( :type bundle_id: str :param group_id: The ID of the group to remove. (required) :type group_id: str + :param access_level_remote_id: The remote ID of the access level to remove. + :type access_level_remote_id: str :param _request_timeout: timeout setting for this request. If one number provided, it will be total request timeout. It can also be a pair (tuple) of @@ -2686,6 +2693,7 @@ def remove_bundle_group_with_http_info( _param = self._remove_bundle_group_serialize( bundle_id=bundle_id, group_id=group_id, + access_level_remote_id=access_level_remote_id, _request_auth=_request_auth, _content_type=_content_type, _headers=_headers, @@ -2711,6 +2719,7 @@ def remove_bundle_group_without_preload_content( self, bundle_id: Annotated[StrictStr, Field(description="The ID of the bundle.")], group_id: Annotated[StrictStr, Field(description="The ID of the group to remove.")], + access_level_remote_id: Annotated[Optional[StrictStr], Field(description="The remote ID of the access level to remove.")] = None, _request_timeout: Union[ None, Annotated[StrictFloat, Field(gt=0)], @@ -2732,6 +2741,8 @@ def remove_bundle_group_without_preload_content( :type bundle_id: str :param group_id: The ID of the group to remove. (required) :type group_id: str + :param access_level_remote_id: The remote ID of the access level to remove. + :type access_level_remote_id: str :param _request_timeout: timeout setting for this request. If one number provided, it will be total request timeout. It can also be a pair (tuple) of @@ -2757,6 +2768,7 @@ def remove_bundle_group_without_preload_content( _param = self._remove_bundle_group_serialize( bundle_id=bundle_id, group_id=group_id, + access_level_remote_id=access_level_remote_id, _request_auth=_request_auth, _content_type=_content_type, _headers=_headers, @@ -2777,6 +2789,7 @@ def _remove_bundle_group_serialize( self, bundle_id, group_id, + access_level_remote_id, _request_auth, _content_type, _headers, @@ -2803,6 +2816,10 @@ def _remove_bundle_group_serialize( if group_id is not None: _path_params['group_id'] = group_id # process the query parameters + if access_level_remote_id is not None: + + _query_params.append(('access_level_remote_id', access_level_remote_id)) + # process the header parameters # process the form parameters # process the body parameter diff --git a/opal_security/api/requests_api.py b/opal_security/api/requests_api.py index 77868d8..dd2cf2b 100644 --- a/opal_security/api/requests_api.py +++ b/opal_security/api/requests_api.py @@ -319,6 +319,8 @@ def _create_request_serialize( @validate_call def get_requests( self, + start_date_filter: Annotated[Optional[StrictStr], Field(description="A start date filter for the events.")] = None, + end_date_filter: Annotated[Optional[StrictStr], Field(description="An end date filter for the events.")] = None, cursor: Annotated[Optional[StrictStr], Field(description="The pagination cursor value.")] = None, page_size: Annotated[Optional[Annotated[int, Field(le=1000, strict=True)]], Field(description="Number of results to return per page. Default is 200.")] = None, show_pending_only: Annotated[Optional[StrictBool], Field(description="Boolean toggle for if it should only show pending requests.")] = None, @@ -339,6 +341,10 @@ def get_requests( Returns a list of requests for your organization that is visible by the admin. + :param start_date_filter: A start date filter for the events. + :type start_date_filter: str + :param end_date_filter: An end date filter for the events. + :type end_date_filter: str :param cursor: The pagination cursor value. :type cursor: str :param page_size: Number of results to return per page. Default is 200. @@ -368,6 +374,8 @@ def get_requests( """ # noqa: E501 _param = self._get_requests_serialize( + start_date_filter=start_date_filter, + end_date_filter=end_date_filter, cursor=cursor, page_size=page_size, show_pending_only=show_pending_only, @@ -394,6 +402,8 @@ def get_requests( @validate_call def get_requests_with_http_info( self, + start_date_filter: Annotated[Optional[StrictStr], Field(description="A start date filter for the events.")] = None, + end_date_filter: Annotated[Optional[StrictStr], Field(description="An end date filter for the events.")] = None, cursor: Annotated[Optional[StrictStr], Field(description="The pagination cursor value.")] = None, page_size: Annotated[Optional[Annotated[int, Field(le=1000, strict=True)]], Field(description="Number of results to return per page. Default is 200.")] = None, show_pending_only: Annotated[Optional[StrictBool], Field(description="Boolean toggle for if it should only show pending requests.")] = None, @@ -414,6 +424,10 @@ def get_requests_with_http_info( Returns a list of requests for your organization that is visible by the admin. + :param start_date_filter: A start date filter for the events. + :type start_date_filter: str + :param end_date_filter: An end date filter for the events. + :type end_date_filter: str :param cursor: The pagination cursor value. :type cursor: str :param page_size: Number of results to return per page. Default is 200. @@ -443,6 +457,8 @@ def get_requests_with_http_info( """ # noqa: E501 _param = self._get_requests_serialize( + start_date_filter=start_date_filter, + end_date_filter=end_date_filter, cursor=cursor, page_size=page_size, show_pending_only=show_pending_only, @@ -469,6 +485,8 @@ def get_requests_with_http_info( @validate_call def get_requests_without_preload_content( self, + start_date_filter: Annotated[Optional[StrictStr], Field(description="A start date filter for the events.")] = None, + end_date_filter: Annotated[Optional[StrictStr], Field(description="An end date filter for the events.")] = None, cursor: Annotated[Optional[StrictStr], Field(description="The pagination cursor value.")] = None, page_size: Annotated[Optional[Annotated[int, Field(le=1000, strict=True)]], Field(description="Number of results to return per page. Default is 200.")] = None, show_pending_only: Annotated[Optional[StrictBool], Field(description="Boolean toggle for if it should only show pending requests.")] = None, @@ -489,6 +507,10 @@ def get_requests_without_preload_content( Returns a list of requests for your organization that is visible by the admin. + :param start_date_filter: A start date filter for the events. + :type start_date_filter: str + :param end_date_filter: An end date filter for the events. + :type end_date_filter: str :param cursor: The pagination cursor value. :type cursor: str :param page_size: Number of results to return per page. Default is 200. @@ -518,6 +540,8 @@ def get_requests_without_preload_content( """ # noqa: E501 _param = self._get_requests_serialize( + start_date_filter=start_date_filter, + end_date_filter=end_date_filter, cursor=cursor, page_size=page_size, show_pending_only=show_pending_only, @@ -539,6 +563,8 @@ def get_requests_without_preload_content( def _get_requests_serialize( self, + start_date_filter, + end_date_filter, cursor, page_size, show_pending_only, @@ -564,6 +590,14 @@ def _get_requests_serialize( # process the path parameters # process the query parameters + if start_date_filter is not None: + + _query_params.append(('start_date_filter', start_date_filter)) + + if end_date_filter is not None: + + _query_params.append(('end_date_filter', end_date_filter)) + if cursor is not None: _query_params.append(('cursor', cursor)) diff --git a/opal_security/api/resources_api.py b/opal_security/api/resources_api.py index c2173e4..8ba087b 100644 --- a/opal_security/api/resources_api.py +++ b/opal_security/api/resources_api.py @@ -4293,7 +4293,7 @@ def resource_user_access_status_retrieve( _headers: Optional[Dict[StrictStr, Any]] = None, _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, ) -> ResourceUserAccessStatus: - """resource_user_access_status_retrieve + """(Deprecated) resource_user_access_status_retrieve Get user's access status to a resource. @@ -4328,6 +4328,7 @@ def resource_user_access_status_retrieve( :type _host_index: int, optional :return: Returns the result object. """ # noqa: E501 + warnings.warn("GET /resource-user-access-status/{resource_id}/{user_id} is deprecated.", DeprecationWarning) _param = self._resource_user_access_status_retrieve_serialize( resource_id=resource_id, @@ -4376,7 +4377,7 @@ def resource_user_access_status_retrieve_with_http_info( _headers: Optional[Dict[StrictStr, Any]] = None, _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, ) -> ApiResponse[ResourceUserAccessStatus]: - """resource_user_access_status_retrieve + """(Deprecated) resource_user_access_status_retrieve Get user's access status to a resource. @@ -4411,6 +4412,7 @@ def resource_user_access_status_retrieve_with_http_info( :type _host_index: int, optional :return: Returns the result object. """ # noqa: E501 + warnings.warn("GET /resource-user-access-status/{resource_id}/{user_id} is deprecated.", DeprecationWarning) _param = self._resource_user_access_status_retrieve_serialize( resource_id=resource_id, @@ -4459,7 +4461,7 @@ def resource_user_access_status_retrieve_without_preload_content( _headers: Optional[Dict[StrictStr, Any]] = None, _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, ) -> RESTResponseType: - """resource_user_access_status_retrieve + """(Deprecated) resource_user_access_status_retrieve Get user's access status to a resource. @@ -4494,6 +4496,7 @@ def resource_user_access_status_retrieve_without_preload_content( :type _host_index: int, optional :return: Returns the result object. """ # noqa: E501 + warnings.warn("GET /resource-user-access-status/{resource_id}/{user_id} is deprecated.", DeprecationWarning) _param = self._resource_user_access_status_retrieve_serialize( resource_id=resource_id, diff --git a/opal_security/api_client.py b/opal_security/api_client.py index d4b3ebc..a99efc4 100644 --- a/opal_security/api_client.py +++ b/opal_security/api_client.py @@ -518,7 +518,7 @@ def parameters_to_url_query(self, params, collection_formats): if k in collection_formats: collection_format = collection_formats[k] if collection_format == 'multi': - new_params.extend((k, quote(str(value))) for value in v) + new_params.extend((k, str(value)) for value in v) else: if collection_format == 'ssv': delimiter = ' ' diff --git a/opal_security/configuration.py b/opal_security/configuration.py index 47c40a4..f8a4d28 100644 --- a/opal_security/configuration.py +++ b/opal_security/configuration.py @@ -19,7 +19,7 @@ from logging import FileHandler import multiprocessing import sys -from typing import Any, ClassVar, Dict, List, Literal, Optional, TypedDict, Union +from typing import Any, ClassVar, Dict, List, Literal, Optional, TypedDict from typing_extensions import NotRequired, Self import urllib3 @@ -162,8 +162,6 @@ class Configuration: :param ssl_ca_cert: str - the path to a file of concatenated CA certificates in PEM format. :param retries: Number of retries for API requests. - :param ca_cert_data: verify the peer using concatenated CA certificate data - in PEM (str) or DER (bytes) format. :Example: """ @@ -178,14 +176,13 @@ def __init__( username: Optional[str]=None, password: Optional[str]=None, access_token: Optional[str]=None, - server_index: Optional[int]=None, + server_index: Optional[int]=None, server_variables: Optional[ServerVariablesT]=None, server_operation_index: Optional[Dict[int, int]]=None, server_operation_variables: Optional[Dict[int, ServerVariablesT]]=None, ignore_operation_servers: bool=False, ssl_ca_cert: Optional[str]=None, retries: Optional[int] = None, - ca_cert_data: Optional[Union[str, bytes]] = None, *, debug: Optional[bool] = None, ) -> None: @@ -263,10 +260,6 @@ def __init__( self.ssl_ca_cert = ssl_ca_cert """Set this to customize the certificate file to verify the peer. """ - self.ca_cert_data = ca_cert_data - """Set this to verify the peer using PEM (str) or DER (bytes) - certificate data. - """ self.cert_file = None """client certificate file """ diff --git a/opal_security/exceptions.py b/opal_security/exceptions.py index e1d48ca..12f9285 100644 --- a/opal_security/exceptions.py +++ b/opal_security/exceptions.py @@ -151,13 +151,6 @@ def from_response( if http_resp.status == 404: raise NotFoundException(http_resp=http_resp, body=body, data=data) - # Added new conditions for 409 and 422 - if http_resp.status == 409: - raise ConflictException(http_resp=http_resp, body=body, data=data) - - if http_resp.status == 422: - raise UnprocessableEntityException(http_resp=http_resp, body=body, data=data) - if 500 <= http_resp.status <= 599: raise ServiceException(http_resp=http_resp, body=body, data=data) raise ApiException(http_resp=http_resp, body=body, data=data) @@ -196,16 +189,6 @@ class ServiceException(ApiException): pass -class ConflictException(ApiException): - """Exception for HTTP 409 Conflict.""" - pass - - -class UnprocessableEntityException(ApiException): - """Exception for HTTP 422 Unprocessable Entity.""" - pass - - def render_path(path_to_item): """Returns a string representation of a path""" result = "" diff --git a/opal_security/models/__init__.py b/opal_security/models/__init__.py index dde490a..87e6d30 100644 --- a/opal_security/models/__init__.py +++ b/opal_security/models/__init__.py @@ -17,7 +17,7 @@ # import models into model package from opal_security.models.access import Access from opal_security.models.access_list import AccessList -from opal_security.models.access_rule_condition import AccessRuleCondition +from opal_security.models.access_rule import AccessRule from opal_security.models.add_bundle_group_request import AddBundleGroupRequest from opal_security.models.add_bundle_resource_request import AddBundleResourceRequest from opal_security.models.add_group_resource_request import AddGroupResourceRequest @@ -73,6 +73,7 @@ from opal_security.models.group_remote_info_google_group import GroupRemoteInfoGoogleGroup from opal_security.models.group_remote_info_ldap_group import GroupRemoteInfoLdapGroup from opal_security.models.group_remote_info_okta_group import GroupRemoteInfoOktaGroup +from opal_security.models.group_remote_info_snowflake_role import GroupRemoteInfoSnowflakeRole from opal_security.models.group_resource import GroupResource from opal_security.models.group_resource_list import GroupResourceList from opal_security.models.group_type_enum import GroupTypeEnum @@ -170,6 +171,7 @@ from opal_security.models.uar import UAR from opal_security.models.uar_reviewer_assignment_policy_enum import UARReviewerAssignmentPolicyEnum from opal_security.models.uar_scope import UARScope +from opal_security.models.update_access_rule_info import UpdateAccessRuleInfo from opal_security.models.update_configuration_template_info import UpdateConfigurationTemplateInfo from opal_security.models.update_group_binding_info import UpdateGroupBindingInfo from opal_security.models.update_group_binding_info_list import UpdateGroupBindingInfoList diff --git a/opal_security/models/access_rule.py b/opal_security/models/access_rule.py new file mode 100644 index 0000000..ed3e0f8 --- /dev/null +++ b/opal_security/models/access_rule.py @@ -0,0 +1,122 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr, field_validator +from typing import Any, ClassVar, Dict, List +from opal_security.models.rule_clauses import RuleClauses +from typing import Optional, Set +from typing_extensions import Self + +class AccessRule(BaseModel): + """ + # Access Rule Object ### Description The `AccessRule` object is used to represent an access rule configuration. ### Usage Example Get access rule configurations from the `GET Access Rule Configs` endpoint. + """ # noqa: E501 + access_rule_id: StrictStr = Field(description="The ID (group ID) of the access rule.") + name: StrictStr = Field(description="The name of the access rule.") + description: StrictStr = Field(description="A description of the group.") + admin_owner_id: StrictStr = Field(description="The ID of the owner of the group.") + status: StrictStr = Field(description="The status of the access rule.") + rule_clauses: RuleClauses = Field(alias="ruleClauses") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["access_rule_id", "name", "description", "admin_owner_id", "status", "ruleClauses"] + + @field_validator('status') + def status_validate_enum(cls, value): + """Validates the enum""" + if value not in set(['ACTIVE', 'PAUSED']): + raise ValueError("must be one of enum values ('ACTIVE', 'PAUSED')") + return value + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of AccessRule from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of rule_clauses + if self.rule_clauses: + _dict['ruleClauses'] = self.rule_clauses.to_dict() + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of AccessRule from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "access_rule_id": obj.get("access_rule_id"), + "name": obj.get("name"), + "description": obj.get("description"), + "admin_owner_id": obj.get("admin_owner_id"), + "status": obj.get("status"), + "ruleClauses": RuleClauses.from_dict(obj["ruleClauses"]) if obj.get("ruleClauses") is not None else None + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/add_bundle_group_request.py b/opal_security/models/add_bundle_group_request.py index 3801982..0fd11a2 100644 --- a/opal_security/models/add_bundle_group_request.py +++ b/opal_security/models/add_bundle_group_request.py @@ -19,7 +19,7 @@ import json from pydantic import BaseModel, ConfigDict, Field, StrictStr -from typing import Any, ClassVar, Dict, List +from typing import Any, ClassVar, Dict, List, Optional from typing import Optional, Set from typing_extensions import Self @@ -28,8 +28,10 @@ class AddBundleGroupRequest(BaseModel): AddBundleGroupRequest """ # noqa: E501 group_id: StrictStr = Field(description="The ID of the group to add.") + access_level_remote_id: Optional[StrictStr] = Field(default=None, description="The remote ID of the access level to grant to this user. Required if the group being added requires an access level. If omitted, the default access level remote ID value (empty string) is used.") + access_level_name: Optional[StrictStr] = Field(default=None, description="The name of the access level to grant to this user. If omitted, the default access level name value (empty string) is used.") additional_properties: Dict[str, Any] = {} - __properties: ClassVar[List[str]] = ["group_id"] + __properties: ClassVar[List[str]] = ["group_id", "access_level_remote_id", "access_level_name"] model_config = ConfigDict( populate_by_name=True, @@ -89,7 +91,9 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: return cls.model_validate(obj) _obj = cls.model_validate({ - "group_id": obj.get("group_id") + "group_id": obj.get("group_id"), + "access_level_remote_id": obj.get("access_level_remote_id"), + "access_level_name": obj.get("access_level_name") }) # store additional fields in additional_properties for _key in obj.keys(): diff --git a/opal_security/models/bundle_group.py b/opal_security/models/bundle_group.py index a5fbb43..f9927ae 100644 --- a/opal_security/models/bundle_group.py +++ b/opal_security/models/bundle_group.py @@ -29,8 +29,10 @@ class BundleGroup(BaseModel): """ # noqa: E501 bundle_id: Optional[StrictStr] = Field(default=None, description="The ID of the bundle containing the group.") group_id: Optional[StrictStr] = Field(default=None, description="The ID of the group within a bundle.") + access_level_name: Optional[StrictStr] = Field(default=None, description="The access level of the group within a bundle.") + access_level_remote_id: Optional[StrictStr] = Field(default=None, description="The remote ID of the access level of the group within a bundle.") additional_properties: Dict[str, Any] = {} - __properties: ClassVar[List[str]] = ["bundle_id", "group_id"] + __properties: ClassVar[List[str]] = ["bundle_id", "group_id", "access_level_name", "access_level_remote_id"] model_config = ConfigDict( populate_by_name=True, @@ -95,7 +97,9 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: _obj = cls.model_validate({ "bundle_id": obj.get("bundle_id"), - "group_id": obj.get("group_id") + "group_id": obj.get("group_id"), + "access_level_name": obj.get("access_level_name"), + "access_level_remote_id": obj.get("access_level_remote_id") }) # store additional fields in additional_properties for _key in obj.keys(): diff --git a/opal_security/models/group_remote_info.py b/opal_security/models/group_remote_info.py index bda537b..9a28167 100644 --- a/opal_security/models/group_remote_info.py +++ b/opal_security/models/group_remote_info.py @@ -29,6 +29,7 @@ from opal_security.models.group_remote_info_google_group import GroupRemoteInfoGoogleGroup from opal_security.models.group_remote_info_ldap_group import GroupRemoteInfoLdapGroup from opal_security.models.group_remote_info_okta_group import GroupRemoteInfoOktaGroup +from opal_security.models.group_remote_info_snowflake_role import GroupRemoteInfoSnowflakeRole from typing import Optional, Set from typing_extensions import Self @@ -45,8 +46,9 @@ class GroupRemoteInfo(BaseModel): duo_group: Optional[GroupRemoteInfoDuoGroup] = None azure_ad_security_group: Optional[GroupRemoteInfoAzureAdSecurityGroup] = None azure_ad_microsoft_365_group: Optional[GroupRemoteInfoAzureAdMicrosoft365Group] = None + snowflake_role: Optional[GroupRemoteInfoSnowflakeRole] = None additional_properties: Dict[str, Any] = {} - __properties: ClassVar[List[str]] = ["active_directory_group", "github_team", "gitlab_group", "google_group", "ldap_group", "okta_group", "duo_group", "azure_ad_security_group", "azure_ad_microsoft_365_group"] + __properties: ClassVar[List[str]] = ["active_directory_group", "github_team", "gitlab_group", "google_group", "ldap_group", "okta_group", "duo_group", "azure_ad_security_group", "azure_ad_microsoft_365_group", "snowflake_role"] model_config = ConfigDict( populate_by_name=True, @@ -116,6 +118,9 @@ def to_dict(self) -> Dict[str, Any]: # override the default output from pydantic by calling `to_dict()` of azure_ad_microsoft_365_group if self.azure_ad_microsoft_365_group: _dict['azure_ad_microsoft_365_group'] = self.azure_ad_microsoft_365_group.to_dict() + # override the default output from pydantic by calling `to_dict()` of snowflake_role + if self.snowflake_role: + _dict['snowflake_role'] = self.snowflake_role.to_dict() # puts key-value pairs in additional_properties in the top level if self.additional_properties is not None: for _key, _value in self.additional_properties.items(): @@ -141,7 +146,8 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: "okta_group": GroupRemoteInfoOktaGroup.from_dict(obj["okta_group"]) if obj.get("okta_group") is not None else None, "duo_group": GroupRemoteInfoDuoGroup.from_dict(obj["duo_group"]) if obj.get("duo_group") is not None else None, "azure_ad_security_group": GroupRemoteInfoAzureAdSecurityGroup.from_dict(obj["azure_ad_security_group"]) if obj.get("azure_ad_security_group") is not None else None, - "azure_ad_microsoft_365_group": GroupRemoteInfoAzureAdMicrosoft365Group.from_dict(obj["azure_ad_microsoft_365_group"]) if obj.get("azure_ad_microsoft_365_group") is not None else None + "azure_ad_microsoft_365_group": GroupRemoteInfoAzureAdMicrosoft365Group.from_dict(obj["azure_ad_microsoft_365_group"]) if obj.get("azure_ad_microsoft_365_group") is not None else None, + "snowflake_role": GroupRemoteInfoSnowflakeRole.from_dict(obj["snowflake_role"]) if obj.get("snowflake_role") is not None else None }) # store additional fields in additional_properties for _key in obj.keys(): diff --git a/opal_security/models/group_remote_info_snowflake_role.py b/opal_security/models/group_remote_info_snowflake_role.py new file mode 100644 index 0000000..abd9e48 --- /dev/null +++ b/opal_security/models/group_remote_info_snowflake_role.py @@ -0,0 +1,101 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr +from typing import Any, ClassVar, Dict, List +from typing import Optional, Set +from typing_extensions import Self + +class GroupRemoteInfoSnowflakeRole(BaseModel): + """ + Remote info for Snowflake role. + """ # noqa: E501 + role_id: StrictStr = Field(description="The id of the Snowflake role.") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["role_id"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of GroupRemoteInfoSnowflakeRole from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of GroupRemoteInfoSnowflakeRole from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "role_id": obj.get("role_id") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/request_status_enum.py b/opal_security/models/request_status_enum.py index 83ed8ac..08bf6e7 100644 --- a/opal_security/models/request_status_enum.py +++ b/opal_security/models/request_status_enum.py @@ -27,10 +27,10 @@ class RequestStatusEnum(str, Enum): """ allowed enum values """ - PENDING = 'pending' - APPROVED = 'approved' - DENIED = 'denied' - CANCELED = 'canceled' + PENDING = 'PENDING' + APPROVED = 'APPROVED' + DENIED = 'DENIED' + CANCELED = 'CANCELED' @classmethod def from_json(cls, json_str: str) -> Self: diff --git a/opal_security/models/resource_type_enum.py b/opal_security/models/resource_type_enum.py index 5aa794e..8ba4815 100644 --- a/opal_security/models/resource_type_enum.py +++ b/opal_security/models/resource_type_enum.py @@ -64,6 +64,7 @@ class ResourceTypeEnum(str, Enum): GCP_BIG_QUERY_TABLE = 'GCP_BIG_QUERY_TABLE' GCP_SERVICE_ACCOUNT = 'GCP_SERVICE_ACCOUNT' GIT_HUB_REPO = 'GIT_HUB_REPO' + GIT_HUB_ORG_ROLE = 'GIT_HUB_ORG_ROLE' GIT_LAB_PROJECT = 'GIT_LAB_PROJECT' GOOGLE_WORKSPACE_ROLE = 'GOOGLE_WORKSPACE_ROLE' MONGO_INSTANCE = 'MONGO_INSTANCE' diff --git a/opal_security/models/rule_disjunction.py b/opal_security/models/rule_disjunction.py index bdbc7bc..7bf3367 100644 --- a/opal_security/models/rule_disjunction.py +++ b/opal_security/models/rule_disjunction.py @@ -18,9 +18,8 @@ import re # noqa: F401 import json -from pydantic import BaseModel, ConfigDict, Field +from pydantic import BaseModel, ConfigDict from typing import Any, ClassVar, Dict, List -from typing_extensions import Annotated from opal_security.models.tag_selector import TagSelector from typing import Optional, Set from typing_extensions import Self @@ -29,7 +28,7 @@ class RuleDisjunction(BaseModel): """ RuleDisjunction """ # noqa: E501 - selectors: Annotated[List[TagSelector], Field(min_length=1)] + selectors: List[TagSelector] additional_properties: Dict[str, Any] = {} __properties: ClassVar[List[str]] = ["selectors"] diff --git a/opal_security/models/update_access_rule_info.py b/opal_security/models/update_access_rule_info.py new file mode 100644 index 0000000..934de38 --- /dev/null +++ b/opal_security/models/update_access_rule_info.py @@ -0,0 +1,120 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr, field_validator +from typing import Any, ClassVar, Dict, List +from opal_security.models.rule_clauses import RuleClauses +from typing import Optional, Set +from typing_extensions import Self + +class UpdateAccessRuleInfo(BaseModel): + """ + # UpdateAccessRuleInfo Object ### Description The `UpdateAccessRuleInfo` object is used as an input to the UpdateAccessRule and CreateAccessRule API. + """ # noqa: E501 + name: StrictStr = Field(description="The name of the access rule.") + description: StrictStr = Field(description="A description of the group.") + admin_owner_id: StrictStr = Field(description="The ID of the owner of the group.") + status: StrictStr = Field(description="The status of the access rule.") + rule_clauses: RuleClauses = Field(alias="ruleClauses") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["name", "description", "admin_owner_id", "status", "ruleClauses"] + + @field_validator('status') + def status_validate_enum(cls, value): + """Validates the enum""" + if value not in set(['ACTIVE', 'PAUSED']): + raise ValueError("must be one of enum values ('ACTIVE', 'PAUSED')") + return value + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of UpdateAccessRuleInfo from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of rule_clauses + if self.rule_clauses: + _dict['ruleClauses'] = self.rule_clauses.to_dict() + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of UpdateAccessRuleInfo from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "name": obj.get("name"), + "description": obj.get("description"), + "admin_owner_id": obj.get("admin_owner_id"), + "status": obj.get("status"), + "ruleClauses": RuleClauses.from_dict(obj["ruleClauses"]) if obj.get("ruleClauses") is not None else None + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/rest.py b/opal_security/rest.py index 7044330..34aa2ca 100644 --- a/opal_security/rest.py +++ b/opal_security/rest.py @@ -77,7 +77,6 @@ def __init__(self, configuration) -> None: "ca_certs": configuration.ssl_ca_cert, "cert_file": configuration.cert_file, "key_file": configuration.key_file, - "ca_cert_data": configuration.ca_cert_data, } if configuration.assert_hostname is not None: pool_args['assert_hostname'] = ( diff --git a/pyproject.toml b/pyproject.toml index f45123a..ed45f2a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -12,7 +12,7 @@ include = ["opal_security/py.typed"] [tool.poetry.dependencies] python = "^3.8" -urllib3 = ">= 1.25.3, < 3.0.0" +urllib3 = ">= 1.25.3 < 3.0.0" python-dateutil = ">= 2.8.2" pydantic = ">= 2" typing-extensions = ">= 4.7.1" diff --git a/test/test_access_rule.py b/test/test_access_rule.py new file mode 100644 index 0000000..c5064c6 --- /dev/null +++ b/test/test_access_rule.py @@ -0,0 +1,103 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.access_rule import AccessRule + +class TestAccessRule(unittest.TestCase): + """AccessRule unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> AccessRule: + """Test AccessRule + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `AccessRule` + """ + model = AccessRule() + if include_optional: + return AccessRule( + access_rule_id = '7c86c85d-0651-43e2-a748-d69d658418e8', + name = 'Platform Engineering', + description = 'This access rule represents all platform engineers in the company.', + admin_owner_id = '7c86c85d-0651-43e2-a748-d69d658418e8', + status = 'ACTIVE', + rule_clauses = opal_security.models.rule_clauses.RuleClauses( + when = opal_security.models.rule_conjunction.RuleConjunction( + clauses = [ + opal_security.models.rule_disjunction.RuleDisjunction( + selectors = [ + opal_security.models.tag_selector.TagSelector( + key = '', + value = '', + connection_id = '', ) + ], ) + ], ), + unless = opal_security.models.rule_conjunction.RuleConjunction( + clauses = [ + opal_security.models.rule_disjunction.RuleDisjunction( + selectors = [ + opal_security.models.tag_selector.TagSelector( + key = '', + value = '', + connection_id = '', ) + ], ) + ], ), ) + ) + else: + return AccessRule( + access_rule_id = '7c86c85d-0651-43e2-a748-d69d658418e8', + name = 'Platform Engineering', + description = 'This access rule represents all platform engineers in the company.', + admin_owner_id = '7c86c85d-0651-43e2-a748-d69d658418e8', + status = 'ACTIVE', + rule_clauses = opal_security.models.rule_clauses.RuleClauses( + when = opal_security.models.rule_conjunction.RuleConjunction( + clauses = [ + opal_security.models.rule_disjunction.RuleDisjunction( + selectors = [ + opal_security.models.tag_selector.TagSelector( + key = '', + value = '', + connection_id = '', ) + ], ) + ], ), + unless = opal_security.models.rule_conjunction.RuleConjunction( + clauses = [ + opal_security.models.rule_disjunction.RuleDisjunction( + selectors = [ + opal_security.models.tag_selector.TagSelector( + key = '', + value = '', + connection_id = '', ) + ], ) + ], ), ), + ) + """ + + def testAccessRule(self): + """Test AccessRule""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_group_remote_info_snowflake_role.py b/test/test_group_remote_info_snowflake_role.py new file mode 100644 index 0000000..82fba9d --- /dev/null +++ b/test/test_group_remote_info_snowflake_role.py @@ -0,0 +1,53 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.group_remote_info_snowflake_role import GroupRemoteInfoSnowflakeRole + +class TestGroupRemoteInfoSnowflakeRole(unittest.TestCase): + """GroupRemoteInfoSnowflakeRole unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> GroupRemoteInfoSnowflakeRole: + """Test GroupRemoteInfoSnowflakeRole + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `GroupRemoteInfoSnowflakeRole` + """ + model = GroupRemoteInfoSnowflakeRole() + if include_optional: + return GroupRemoteInfoSnowflakeRole( + role_id = '01fa7402-01d8-103b-8deb-5f3a0ab7884' + ) + else: + return GroupRemoteInfoSnowflakeRole( + role_id = '01fa7402-01d8-103b-8deb-5f3a0ab7884', + ) + """ + + def testGroupRemoteInfoSnowflakeRole(self): + """Test GroupRemoteInfoSnowflakeRole""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_update_access_rule_info.py b/test/test_update_access_rule_info.py new file mode 100644 index 0000000..63c04c6 --- /dev/null +++ b/test/test_update_access_rule_info.py @@ -0,0 +1,101 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.update_access_rule_info import UpdateAccessRuleInfo + +class TestUpdateAccessRuleInfo(unittest.TestCase): + """UpdateAccessRuleInfo unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> UpdateAccessRuleInfo: + """Test UpdateAccessRuleInfo + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `UpdateAccessRuleInfo` + """ + model = UpdateAccessRuleInfo() + if include_optional: + return UpdateAccessRuleInfo( + name = 'Platform Engineering', + description = 'This access rule represents all platform engineers in the company.', + admin_owner_id = '7c86c85d-0651-43e2-a748-d69d658418e8', + status = 'ACTIVE', + rule_clauses = opal_security.models.rule_clauses.RuleClauses( + when = opal_security.models.rule_conjunction.RuleConjunction( + clauses = [ + opal_security.models.rule_disjunction.RuleDisjunction( + selectors = [ + opal_security.models.tag_selector.TagSelector( + key = '', + value = '', + connection_id = '', ) + ], ) + ], ), + unless = opal_security.models.rule_conjunction.RuleConjunction( + clauses = [ + opal_security.models.rule_disjunction.RuleDisjunction( + selectors = [ + opal_security.models.tag_selector.TagSelector( + key = '', + value = '', + connection_id = '', ) + ], ) + ], ), ) + ) + else: + return UpdateAccessRuleInfo( + name = 'Platform Engineering', + description = 'This access rule represents all platform engineers in the company.', + admin_owner_id = '7c86c85d-0651-43e2-a748-d69d658418e8', + status = 'ACTIVE', + rule_clauses = opal_security.models.rule_clauses.RuleClauses( + when = opal_security.models.rule_conjunction.RuleConjunction( + clauses = [ + opal_security.models.rule_disjunction.RuleDisjunction( + selectors = [ + opal_security.models.tag_selector.TagSelector( + key = '', + value = '', + connection_id = '', ) + ], ) + ], ), + unless = opal_security.models.rule_conjunction.RuleConjunction( + clauses = [ + opal_security.models.rule_disjunction.RuleDisjunction( + selectors = [ + opal_security.models.tag_selector.TagSelector( + key = '', + value = '', + connection_id = '', ) + ], ) + ], ), ), + ) + """ + + def testUpdateAccessRuleInfo(self): + """Test UpdateAccessRuleInfo""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main()