diff --git a/.openapi-generator/FILES b/.openapi-generator/FILES index ae34470..cf240c7 100644 --- a/.openapi-generator/FILES +++ b/.openapi-generator/FILES @@ -4,7 +4,9 @@ .travis.yml README.md docs/Access.md +docs/AccessEntityFilters.md docs/AccessList.md +docs/AccessRelationshipFilters.md docs/AccessRule.md docs/AccessRulesApi.md docs/AddBundleGroupRequest.md @@ -35,6 +37,7 @@ docs/ConfigurationTemplatesApi.md docs/CreateBundleInfo.md docs/CreateConfigurationTemplateInfo.md docs/CreateDelegationRequest.md +docs/CreateEventStreamInfo.md docs/CreateGroupBindingInfo.md docs/CreateGroupBindingInfoGroupsInner.md docs/CreateGroupInfo.md @@ -56,8 +59,16 @@ docs/CreateUARInfo.md docs/Delegation.md docs/DelegationsApi.md docs/DenyRequestRequest.md +docs/EntityItemTypeEnum.md +docs/EntityNameFilter.md +docs/EntityTagFilter.md docs/EntityTypeEnum.md docs/Event.md +docs/EventStream.md +docs/EventStreamConnection.md +docs/EventStreamConnectionTypeEnum.md +docs/EventStreamList.md +docs/EventStreamsApi.md docs/EventsApi.md docs/GetResourceUser200Response.md docs/Group.md @@ -81,6 +92,7 @@ docs/GroupRemoteInfoGithubEnterpriseTeam.md docs/GroupRemoteInfoGithubTeam.md docs/GroupRemoteInfoGitlabGroup.md docs/GroupRemoteInfoGoogleGroup.md +docs/GroupRemoteInfoGrafanaTeam.md docs/GroupRemoteInfoIncidentioOnCallSchedule.md docs/GroupRemoteInfoLdapGroup.md docs/GroupRemoteInfoOktaGroup.md @@ -90,7 +102,10 @@ docs/GroupRemoteInfoRootlyOnCallSchedule.md docs/GroupRemoteInfoSnowflakeRole.md docs/GroupRemoteInfoTailscaleGroup.md docs/GroupRemoteInfoTwingateGroup.md +docs/GroupRemoteInfoTwingateGroupSynced.md docs/GroupRemoteInfoWorkdayUserSecurityGroup.md +docs/GroupRemoteInfoZendeskGroup.md +docs/GroupRemoteInfoZendeskOrganization.md docs/GroupResource.md docs/GroupResourceList.md docs/GroupTypeEnum.md @@ -112,9 +127,16 @@ docs/OnCallScheduleIDList.md docs/OnCallScheduleList.md docs/OnCallScheduleProviderEnum.md docs/OnCallSchedulesApi.md +docs/OpalNodeQuery.md +docs/OpalNodeQueryBody.md +docs/OpalNodeQueryResults.md +docs/OpalQueriesApi.md +docs/OpalQueryResultEdge.md +docs/OpalQueryResultNode.md docs/Owner.md docs/OwnersApi.md docs/PageInfo.md +docs/PaginatedAccessRulesList.md docs/PaginatedAssignedRequestList.md docs/PaginatedBundleGroupList.md docs/PaginatedBundleList.md @@ -207,6 +229,9 @@ docs/ResourceRemoteInfoGithubOrgRole.md docs/ResourceRemoteInfoGithubRepo.md docs/ResourceRemoteInfoGitlabProject.md docs/ResourceRemoteInfoGoogleWorkspaceRole.md +docs/ResourceRemoteInfoGrafanaDashboard.md +docs/ResourceRemoteInfoGrafanaFolder.md +docs/ResourceRemoteInfoGrafanaRole.md docs/ResourceRemoteInfoIlevelAdvancedRole.md docs/ResourceRemoteInfoNetsuiteRole.md docs/ResourceRemoteInfoOktaApp.md @@ -226,6 +251,7 @@ docs/ResourceRemoteInfoTailscaleSsh.md docs/ResourceRemoteInfoTeleportRole.md docs/ResourceRemoteInfoTwingateResource.md docs/ResourceRemoteInfoWorkdayRole.md +docs/ResourceRemoteInfoZendeskRole.md docs/ResourceTypeEnum.md docs/ResourceUser.md docs/ResourceUserAccessStatus.md @@ -247,6 +273,7 @@ docs/ScopedRolePermissionList.md docs/Session.md docs/SessionsApi.md docs/SessionsList.md +docs/StringMatchType.md docs/SubEvent.md docs/SyncError.md docs/SyncErrorList.md @@ -267,6 +294,7 @@ docs/UARScope.md docs/UarsApi.md docs/UpdateAccessRuleInfo.md docs/UpdateConfigurationTemplateInfo.md +docs/UpdateEventStreamInfo.md docs/UpdateGroupBindingInfo.md docs/UpdateGroupBindingInfoList.md docs/UpdateGroupInfo.md @@ -281,12 +309,18 @@ docs/UpdateResourceInfo.md docs/UpdateResourceInfoList.md docs/UpdateResourceUserRequest.md docs/User.md +docs/UserAttributeSelector.md docs/UserHrIdpStatusEnum.md docs/UserIDList.md docs/UserList.md docs/UsersApi.md docs/VisibilityInfo.md docs/VisibilityTypeEnum.md +docs/WebhookApiKeyCredential.md +docs/WebhookApiKeyLocationEnum.md +docs/WebhookAuthTypeEnum.md +docs/WebhookCredentials.md +docs/WebhookHmacCredential.md git_push.sh opal_security/__init__.py opal_security/api/__init__.py @@ -295,6 +329,7 @@ opal_security/api/apps_api.py opal_security/api/bundles_api.py opal_security/api/configuration_templates_api.py opal_security/api/delegations_api.py +opal_security/api/event_streams_api.py opal_security/api/events_api.py opal_security/api/group_bindings_api.py opal_security/api/groups_api.py @@ -302,6 +337,7 @@ opal_security/api/idp_group_mappings_api.py opal_security/api/message_channels_api.py opal_security/api/non_human_identities_api.py opal_security/api/on_call_schedules_api.py +opal_security/api/opal_queries_api.py opal_security/api/owners_api.py opal_security/api/requests_api.py opal_security/api/resources_api.py @@ -316,7 +352,9 @@ opal_security/configuration.py opal_security/exceptions.py opal_security/models/__init__.py opal_security/models/access.py +opal_security/models/access_entity_filters.py opal_security/models/access_list.py +opal_security/models/access_relationship_filters.py opal_security/models/access_rule.py opal_security/models/add_bundle_group_request.py opal_security/models/add_bundle_resource_request.py @@ -343,6 +381,7 @@ opal_security/models/configuration_template.py opal_security/models/create_bundle_info.py opal_security/models/create_configuration_template_info.py opal_security/models/create_delegation_request.py +opal_security/models/create_event_stream_info.py opal_security/models/create_group_binding_info.py opal_security/models/create_group_binding_info_groups_inner.py opal_security/models/create_group_info.py @@ -363,8 +402,15 @@ opal_security/models/create_tag_info.py opal_security/models/create_uar_info.py opal_security/models/delegation.py opal_security/models/deny_request_request.py +opal_security/models/entity_item_type_enum.py +opal_security/models/entity_name_filter.py +opal_security/models/entity_tag_filter.py opal_security/models/entity_type_enum.py opal_security/models/event.py +opal_security/models/event_stream.py +opal_security/models/event_stream_connection.py +opal_security/models/event_stream_connection_type_enum.py +opal_security/models/event_stream_list.py opal_security/models/get_resource_user200_response.py opal_security/models/group.py opal_security/models/group_access_level.py @@ -386,6 +432,7 @@ opal_security/models/group_remote_info_github_enterprise_team.py opal_security/models/group_remote_info_github_team.py opal_security/models/group_remote_info_gitlab_group.py opal_security/models/group_remote_info_google_group.py +opal_security/models/group_remote_info_grafana_team.py opal_security/models/group_remote_info_incidentio_on_call_schedule.py opal_security/models/group_remote_info_ldap_group.py opal_security/models/group_remote_info_okta_group.py @@ -395,7 +442,10 @@ opal_security/models/group_remote_info_rootly_on_call_schedule.py opal_security/models/group_remote_info_snowflake_role.py opal_security/models/group_remote_info_tailscale_group.py opal_security/models/group_remote_info_twingate_group.py +opal_security/models/group_remote_info_twingate_group_synced.py opal_security/models/group_remote_info_workday_user_security_group.py +opal_security/models/group_remote_info_zendesk_group.py +opal_security/models/group_remote_info_zendesk_organization.py opal_security/models/group_resource.py opal_security/models/group_resource_list.py opal_security/models/group_type_enum.py @@ -412,8 +462,14 @@ opal_security/models/on_call_schedule.py opal_security/models/on_call_schedule_id_list.py opal_security/models/on_call_schedule_list.py opal_security/models/on_call_schedule_provider_enum.py +opal_security/models/opal_node_query.py +opal_security/models/opal_node_query_body.py +opal_security/models/opal_node_query_results.py +opal_security/models/opal_query_result_edge.py +opal_security/models/opal_query_result_node.py opal_security/models/owner.py opal_security/models/page_info.py +opal_security/models/paginated_access_rules_list.py opal_security/models/paginated_assigned_request_list.py opal_security/models/paginated_bundle_group_list.py opal_security/models/paginated_bundle_list.py @@ -505,6 +561,9 @@ opal_security/models/resource_remote_info_github_org_role.py opal_security/models/resource_remote_info_github_repo.py opal_security/models/resource_remote_info_gitlab_project.py opal_security/models/resource_remote_info_google_workspace_role.py +opal_security/models/resource_remote_info_grafana_dashboard.py +opal_security/models/resource_remote_info_grafana_folder.py +opal_security/models/resource_remote_info_grafana_role.py opal_security/models/resource_remote_info_ilevel_advanced_role.py opal_security/models/resource_remote_info_netsuite_role.py opal_security/models/resource_remote_info_okta_app.py @@ -524,6 +583,7 @@ opal_security/models/resource_remote_info_tailscale_ssh.py opal_security/models/resource_remote_info_teleport_role.py opal_security/models/resource_remote_info_twingate_resource.py opal_security/models/resource_remote_info_workday_role.py +opal_security/models/resource_remote_info_zendesk_role.py opal_security/models/resource_type_enum.py opal_security/models/resource_user.py opal_security/models/resource_user_access_status.py @@ -543,6 +603,7 @@ opal_security/models/scoped_role_permission.py opal_security/models/scoped_role_permission_list.py opal_security/models/session.py opal_security/models/sessions_list.py +opal_security/models/string_match_type.py opal_security/models/sub_event.py opal_security/models/sync_error.py opal_security/models/sync_error_list.py @@ -560,6 +621,7 @@ opal_security/models/uar_reviewer_assignment_policy_enum.py opal_security/models/uar_scope.py opal_security/models/update_access_rule_info.py opal_security/models/update_configuration_template_info.py +opal_security/models/update_event_stream_info.py opal_security/models/update_group_binding_info.py opal_security/models/update_group_binding_info_list.py opal_security/models/update_group_info.py @@ -574,11 +636,17 @@ opal_security/models/update_resource_info.py opal_security/models/update_resource_info_list.py opal_security/models/update_resource_user_request.py opal_security/models/user.py +opal_security/models/user_attribute_selector.py opal_security/models/user_hr_idp_status_enum.py opal_security/models/user_id_list.py opal_security/models/user_list.py opal_security/models/visibility_info.py opal_security/models/visibility_type_enum.py +opal_security/models/webhook_api_key_credential.py +opal_security/models/webhook_api_key_location_enum.py +opal_security/models/webhook_auth_type_enum.py +opal_security/models/webhook_credentials.py +opal_security/models/webhook_hmac_credential.py opal_security/py.typed opal_security/rest.py pyproject.toml @@ -587,15 +655,38 @@ setup.cfg setup.py test-requirements.txt test/__init__.py -test/test_api_access_level_enum.py -test/test_group_remote_info_clickhouse_role.py -test/test_group_remote_info_twingate_group.py -test/test_paginated_tokens_list.py -test/test_resource_remote_info_clickhouse_database.py -test/test_resource_remote_info_clickhouse_table.py -test/test_resource_remote_info_datadog_role.py -test/test_resource_remote_info_netsuite_role.py -test/test_resource_remote_info_twingate_resource.py -test/test_token.py -test/test_tokens_api.py +test/test_access_entity_filters.py +test/test_access_relationship_filters.py +test/test_create_event_stream_info.py +test/test_entity_item_type_enum.py +test/test_entity_name_filter.py +test/test_entity_tag_filter.py +test/test_event_stream.py +test/test_event_stream_connection.py +test/test_event_stream_connection_type_enum.py +test/test_event_stream_list.py +test/test_event_streams_api.py +test/test_group_remote_info_grafana_team.py +test/test_group_remote_info_twingate_group_synced.py +test/test_group_remote_info_zendesk_group.py +test/test_group_remote_info_zendesk_organization.py +test/test_opal_node_query.py +test/test_opal_node_query_body.py +test/test_opal_node_query_results.py +test/test_opal_queries_api.py +test/test_opal_query_result_edge.py +test/test_opal_query_result_node.py +test/test_paginated_access_rules_list.py +test/test_resource_remote_info_grafana_dashboard.py +test/test_resource_remote_info_grafana_folder.py +test/test_resource_remote_info_grafana_role.py +test/test_resource_remote_info_zendesk_role.py +test/test_string_match_type.py +test/test_update_event_stream_info.py +test/test_user_attribute_selector.py +test/test_webhook_api_key_credential.py +test/test_webhook_api_key_location_enum.py +test/test_webhook_auth_type_enum.py +test/test_webhook_credentials.py +test/test_webhook_hmac_credential.py tox.ini diff --git a/README.md b/README.md index 1ba7a07..b201c10 100644 --- a/README.md +++ b/README.md @@ -142,6 +142,7 @@ Class | Method | HTTP request | Description ------------ | ------------- | ------------- | ------------- *AccessRulesApi* | [**create_access_rule**](docs/AccessRulesApi.md#create_access_rule) | **POST** /access-rules | *AccessRulesApi* | [**get_access_rule**](docs/AccessRulesApi.md#get_access_rule) | **GET** /access-rules/{access_rule_id} | +*AccessRulesApi* | [**get_access_rules**](docs/AccessRulesApi.md#get_access_rules) | **GET** /access-rules | *AccessRulesApi* | [**update_access_rule**](docs/AccessRulesApi.md#update_access_rule) | **PUT** /access-rules/{access_rule_id} | *AppsApi* | [**get_app**](docs/AppsApi.md#get_app) | **GET** /apps/{app_id} | Get app by ID *AppsApi* | [**get_apps**](docs/AppsApi.md#get_apps) | **GET** /apps | Get apps @@ -167,6 +168,10 @@ Class | Method | HTTP request | Description *DelegationsApi* | [**delete_delegation**](docs/DelegationsApi.md#delete_delegation) | **DELETE** /delegations/{delegation_id} | *DelegationsApi* | [**get_delegation**](docs/DelegationsApi.md#get_delegation) | **GET** /delegations/{delegation_id} | Get delegation by ID *DelegationsApi* | [**get_delegations**](docs/DelegationsApi.md#get_delegations) | **GET** /delegations | Get delegations +*EventStreamsApi* | [**create_event_stream**](docs/EventStreamsApi.md#create_event_stream) | **POST** /event-streams | Create event stream +*EventStreamsApi* | [**delete_event_stream**](docs/EventStreamsApi.md#delete_event_stream) | **DELETE** /event-streams/{event_stream_id} | Delete event stream +*EventStreamsApi* | [**get_event_streams**](docs/EventStreamsApi.md#get_event_streams) | **GET** /event-streams | Get event streams +*EventStreamsApi* | [**update_event_stream**](docs/EventStreamsApi.md#update_event_stream) | **PUT** /event-streams/{event_stream_id} | Update event stream *EventsApi* | [**events**](docs/EventsApi.md#events) | **GET** /events | *EventsApi* | [**get_event**](docs/EventsApi.md#get_event) | **GET** /events/{event_id} | Get event by ID *GroupBindingsApi* | [**create_group_binding**](docs/GroupBindingsApi.md#create_group_binding) | **POST** /group-bindings | @@ -214,6 +219,7 @@ Class | Method | HTTP request | Description *OnCallSchedulesApi* | [**create_on_call_schedule**](docs/OnCallSchedulesApi.md#create_on_call_schedule) | **POST** /on-call-schedules | *OnCallSchedulesApi* | [**get_on_call_schedule**](docs/OnCallSchedulesApi.md#get_on_call_schedule) | **GET** /on-call-schedules/{on_call_schedule_id} | Get on call schedule by ID *OnCallSchedulesApi* | [**get_on_call_schedules**](docs/OnCallSchedulesApi.md#get_on_call_schedules) | **GET** /on-call-schedules | Get on call schedules +*OpalQueriesApi* | [**run_opal_query**](docs/OpalQueriesApi.md#run_opal_query) | **POST** /queries/run | Run an ad-hoc OpalQuery *OwnersApi* | [**create_owner**](docs/OwnersApi.md#create_owner) | **POST** /owners | *OwnersApi* | [**delete_owner**](docs/OwnersApi.md#delete_owner) | **DELETE** /owners/{owner_id} | *OwnersApi* | [**get_owner**](docs/OwnersApi.md#get_owner) | **GET** /owners/{owner_id} | Get owner by ID @@ -283,7 +289,9 @@ Class | Method | HTTP request | Description ## Documentation For Models - [Access](docs/Access.md) + - [AccessEntityFilters](docs/AccessEntityFilters.md) - [AccessList](docs/AccessList.md) + - [AccessRelationshipFilters](docs/AccessRelationshipFilters.md) - [AccessRule](docs/AccessRule.md) - [AddBundleGroupRequest](docs/AddBundleGroupRequest.md) - [AddBundleResourceRequest](docs/AddBundleResourceRequest.md) @@ -310,6 +318,7 @@ Class | Method | HTTP request | Description - [CreateBundleInfo](docs/CreateBundleInfo.md) - [CreateConfigurationTemplateInfo](docs/CreateConfigurationTemplateInfo.md) - [CreateDelegationRequest](docs/CreateDelegationRequest.md) + - [CreateEventStreamInfo](docs/CreateEventStreamInfo.md) - [CreateGroupBindingInfo](docs/CreateGroupBindingInfo.md) - [CreateGroupBindingInfoGroupsInner](docs/CreateGroupBindingInfoGroupsInner.md) - [CreateGroupInfo](docs/CreateGroupInfo.md) @@ -330,8 +339,15 @@ Class | Method | HTTP request | Description - [CreateUARInfo](docs/CreateUARInfo.md) - [Delegation](docs/Delegation.md) - [DenyRequestRequest](docs/DenyRequestRequest.md) + - [EntityItemTypeEnum](docs/EntityItemTypeEnum.md) + - [EntityNameFilter](docs/EntityNameFilter.md) + - [EntityTagFilter](docs/EntityTagFilter.md) - [EntityTypeEnum](docs/EntityTypeEnum.md) - [Event](docs/Event.md) + - [EventStream](docs/EventStream.md) + - [EventStreamConnection](docs/EventStreamConnection.md) + - [EventStreamConnectionTypeEnum](docs/EventStreamConnectionTypeEnum.md) + - [EventStreamList](docs/EventStreamList.md) - [GetResourceUser200Response](docs/GetResourceUser200Response.md) - [Group](docs/Group.md) - [GroupAccessLevel](docs/GroupAccessLevel.md) @@ -353,6 +369,7 @@ Class | Method | HTTP request | Description - [GroupRemoteInfoGithubTeam](docs/GroupRemoteInfoGithubTeam.md) - [GroupRemoteInfoGitlabGroup](docs/GroupRemoteInfoGitlabGroup.md) - [GroupRemoteInfoGoogleGroup](docs/GroupRemoteInfoGoogleGroup.md) + - [GroupRemoteInfoGrafanaTeam](docs/GroupRemoteInfoGrafanaTeam.md) - [GroupRemoteInfoIncidentioOnCallSchedule](docs/GroupRemoteInfoIncidentioOnCallSchedule.md) - [GroupRemoteInfoLdapGroup](docs/GroupRemoteInfoLdapGroup.md) - [GroupRemoteInfoOktaGroup](docs/GroupRemoteInfoOktaGroup.md) @@ -362,7 +379,10 @@ Class | Method | HTTP request | Description - [GroupRemoteInfoSnowflakeRole](docs/GroupRemoteInfoSnowflakeRole.md) - [GroupRemoteInfoTailscaleGroup](docs/GroupRemoteInfoTailscaleGroup.md) - [GroupRemoteInfoTwingateGroup](docs/GroupRemoteInfoTwingateGroup.md) + - [GroupRemoteInfoTwingateGroupSynced](docs/GroupRemoteInfoTwingateGroupSynced.md) - [GroupRemoteInfoWorkdayUserSecurityGroup](docs/GroupRemoteInfoWorkdayUserSecurityGroup.md) + - [GroupRemoteInfoZendeskGroup](docs/GroupRemoteInfoZendeskGroup.md) + - [GroupRemoteInfoZendeskOrganization](docs/GroupRemoteInfoZendeskOrganization.md) - [GroupResource](docs/GroupResource.md) - [GroupResourceList](docs/GroupResourceList.md) - [GroupTypeEnum](docs/GroupTypeEnum.md) @@ -379,8 +399,14 @@ Class | Method | HTTP request | Description - [OnCallScheduleIDList](docs/OnCallScheduleIDList.md) - [OnCallScheduleList](docs/OnCallScheduleList.md) - [OnCallScheduleProviderEnum](docs/OnCallScheduleProviderEnum.md) + - [OpalNodeQuery](docs/OpalNodeQuery.md) + - [OpalNodeQueryBody](docs/OpalNodeQueryBody.md) + - [OpalNodeQueryResults](docs/OpalNodeQueryResults.md) + - [OpalQueryResultEdge](docs/OpalQueryResultEdge.md) + - [OpalQueryResultNode](docs/OpalQueryResultNode.md) - [Owner](docs/Owner.md) - [PageInfo](docs/PageInfo.md) + - [PaginatedAccessRulesList](docs/PaginatedAccessRulesList.md) - [PaginatedAssignedRequestList](docs/PaginatedAssignedRequestList.md) - [PaginatedBundleGroupList](docs/PaginatedBundleGroupList.md) - [PaginatedBundleList](docs/PaginatedBundleList.md) @@ -472,6 +498,9 @@ Class | Method | HTTP request | Description - [ResourceRemoteInfoGithubRepo](docs/ResourceRemoteInfoGithubRepo.md) - [ResourceRemoteInfoGitlabProject](docs/ResourceRemoteInfoGitlabProject.md) - [ResourceRemoteInfoGoogleWorkspaceRole](docs/ResourceRemoteInfoGoogleWorkspaceRole.md) + - [ResourceRemoteInfoGrafanaDashboard](docs/ResourceRemoteInfoGrafanaDashboard.md) + - [ResourceRemoteInfoGrafanaFolder](docs/ResourceRemoteInfoGrafanaFolder.md) + - [ResourceRemoteInfoGrafanaRole](docs/ResourceRemoteInfoGrafanaRole.md) - [ResourceRemoteInfoIlevelAdvancedRole](docs/ResourceRemoteInfoIlevelAdvancedRole.md) - [ResourceRemoteInfoNetsuiteRole](docs/ResourceRemoteInfoNetsuiteRole.md) - [ResourceRemoteInfoOktaApp](docs/ResourceRemoteInfoOktaApp.md) @@ -491,6 +520,7 @@ Class | Method | HTTP request | Description - [ResourceRemoteInfoTeleportRole](docs/ResourceRemoteInfoTeleportRole.md) - [ResourceRemoteInfoTwingateResource](docs/ResourceRemoteInfoTwingateResource.md) - [ResourceRemoteInfoWorkdayRole](docs/ResourceRemoteInfoWorkdayRole.md) + - [ResourceRemoteInfoZendeskRole](docs/ResourceRemoteInfoZendeskRole.md) - [ResourceTypeEnum](docs/ResourceTypeEnum.md) - [ResourceUser](docs/ResourceUser.md) - [ResourceUserAccessStatus](docs/ResourceUserAccessStatus.md) @@ -510,6 +540,7 @@ Class | Method | HTTP request | Description - [ScopedRolePermissionList](docs/ScopedRolePermissionList.md) - [Session](docs/Session.md) - [SessionsList](docs/SessionsList.md) + - [StringMatchType](docs/StringMatchType.md) - [SubEvent](docs/SubEvent.md) - [SyncError](docs/SyncError.md) - [SyncErrorList](docs/SyncErrorList.md) @@ -527,6 +558,7 @@ Class | Method | HTTP request | Description - [UARScope](docs/UARScope.md) - [UpdateAccessRuleInfo](docs/UpdateAccessRuleInfo.md) - [UpdateConfigurationTemplateInfo](docs/UpdateConfigurationTemplateInfo.md) + - [UpdateEventStreamInfo](docs/UpdateEventStreamInfo.md) - [UpdateGroupBindingInfo](docs/UpdateGroupBindingInfo.md) - [UpdateGroupBindingInfoList](docs/UpdateGroupBindingInfoList.md) - [UpdateGroupInfo](docs/UpdateGroupInfo.md) @@ -541,11 +573,17 @@ Class | Method | HTTP request | Description - [UpdateResourceInfoList](docs/UpdateResourceInfoList.md) - [UpdateResourceUserRequest](docs/UpdateResourceUserRequest.md) - [User](docs/User.md) + - [UserAttributeSelector](docs/UserAttributeSelector.md) - [UserHrIdpStatusEnum](docs/UserHrIdpStatusEnum.md) - [UserIDList](docs/UserIDList.md) - [UserList](docs/UserList.md) - [VisibilityInfo](docs/VisibilityInfo.md) - [VisibilityTypeEnum](docs/VisibilityTypeEnum.md) + - [WebhookApiKeyCredential](docs/WebhookApiKeyCredential.md) + - [WebhookApiKeyLocationEnum](docs/WebhookApiKeyLocationEnum.md) + - [WebhookAuthTypeEnum](docs/WebhookAuthTypeEnum.md) + - [WebhookCredentials](docs/WebhookCredentials.md) + - [WebhookHmacCredential](docs/WebhookHmacCredential.md) diff --git a/api/openapi.yaml b/api/openapi.yaml index dd34b00..86061cd 100644 --- a/api/openapi.yaml +++ b/api/openapi.yaml @@ -4,7 +4,9 @@ info: email: hello@opal.dev name: Opal Team url: https://www.opal.dev/ - description: The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + description: + The Opal API is a RESTful API that allows you to interact with the + Opal Security platform programmatically. title: Opal API version: "1.0" servers: @@ -22,6 +24,8 @@ tags: description: Operations related to configuration templates - name: delegations description: Operations related to request reviewer delegations + - name: event-streams + description: Operations related to event streaming connections - name: events description: Operations related to events - name: groups @@ -36,6 +40,8 @@ tags: description: Operations related to non-human identities - name: on-call-schedules description: Operations related to on-call schedules + - name: opal-queries + description: Operations related to OpalQuery - name: owners description: Operations related to owners - name: requests @@ -126,7 +132,9 @@ paths: description: Returns a list of `Bundle` objects. operationId: getBundles parameters: - - description: The maximum number of bundles to return from the beginning of the list. Default is 200, max is 1000. + - description: + The maximum number of bundles to return from the beginning of the + list. Default is 200, max is 1000. example: 200 explode: true in: query @@ -135,7 +143,9 @@ paths: schema: type: integer style: form - - description: A cursor indicating where to start fetching items after a specific point. + - description: + A cursor indicating where to start fetching items after a specific + point. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw explode: true in: query @@ -278,7 +288,9 @@ paths: format: uuid type: string style: simple - - description: The maximum number of resources to return from the beginning of the list. Default is 200, max is 1000. + - description: + The maximum number of resources to return from the beginning of the + list. Default is 200, max is 1000. example: 200 explode: true in: query @@ -287,7 +299,9 @@ paths: schema: type: integer style: form - - description: A cursor indicating where to start fetching items after a specific point. + - description: + A cursor indicating where to start fetching items after a specific + point. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw explode: true in: query @@ -331,11 +345,17 @@ paths: format: uuid type: string access_level_remote_id: - description: The remote ID of the access level to grant to this user. Required if the resource being added requires an access level. If omitted, the default access level remote ID value (empty string) is used. + description: + The remote ID of the access level to grant to this user. Required + if the resource being added requires an access level. If + omitted, the default access level remote ID value (empty + string) is used. example: arn:aws:iam::590304332660:role/AdministratorAccess type: string access_level_name: - description: The name of the access level to grant to this user. If omitted, the default access level name value (empty string) is used. + description: + The name of the access level to grant to this user. If omitted, the + default access level name value (empty string) is used. example: AdministratorAccess type: string required: @@ -372,7 +392,9 @@ paths: schema: format: uuid type: string - - description: The remote ID of the access level to grant. If omitted, the default access level remote ID value (empty string) is used. + - description: + The remote ID of the access level to grant. If omitted, the default + access level remote ID value (empty string) is used. example: arn:aws:iam::590304332660:role/AdministratorAccess explode: true in: query @@ -402,7 +424,9 @@ paths: format: uuid type: string style: simple - - description: The maximum number of groups to return from the beginning of the list. Default is 200, max is 1000. + - description: + The maximum number of groups to return from the beginning of the + list. Default is 200, max is 1000. example: 200 explode: true in: query @@ -411,7 +435,9 @@ paths: schema: type: integer style: form - - description: A cursor indicating where to start fetching items after a specific point. + - description: + A cursor indicating where to start fetching items after a specific + point. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw explode: true in: query @@ -455,11 +481,17 @@ paths: format: uuid type: string access_level_remote_id: - description: The remote ID of the access level to grant to this user. Required if the group being added requires an access level. If omitted, the default access level remote ID value (empty string) is used. + description: + The remote ID of the access level to grant to this user. Required + if the group being added requires an access level. If + omitted, the default access level remote ID value (empty + string) is used. example: arn:aws:iam::590304332660:role/AdministratorAccess type: string access_level_name: - description: The name of the access level to grant to this user. If omitted, the default access level name value (empty string) is used. + description: + The name of the access level to grant to this user. If omitted, the + default access level name value (empty string) is used. example: AdministratorAccess type: string required: @@ -554,7 +586,10 @@ paths: content: application/json: schema: - description: The visibility details of the bundle. Setting to LIMITED visibility with no visibility groups will make bundle only visible to admins and users with access. + description: + The visibility details of the bundle. Setting to LIMITED visibility + with no visibility groups will make bundle only visible to + admins and users with access. $ref: "#/components/schemas/VisibilityInfo" responses: "200": @@ -641,6 +676,98 @@ paths: - BearerAuth: [] tags: - configuration-templates + /event-streams: + get: + summary: Get event streams + description: Returns a list of configured event streaming connections for your organization. + operationId: getEventStreams + responses: + "200": + content: + application/json: + schema: + $ref: "#/components/schemas/EventStreamList" + description: A list of event streams for your organization. + security: + - BearerAuth: [] + tags: + - event-streams + post: + summary: Create event stream + description: Creates a new event streaming connection. + operationId: createEventStream + requestBody: + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/CreateEventStreamInfo" + responses: + "200": + content: + application/json: + schema: + $ref: "#/components/schemas/EventStream" + description: The event stream just created. Credentials are returned in clear text only on creation. + security: + - BearerAuth: [] + tags: + - event-streams + /event-streams/{event_stream_id}: + put: + summary: Update event stream + description: Updates an existing event streaming connection. + operationId: updateEventStream + parameters: + - description: The ID of the event stream. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: event_stream_id + required: true + schema: + format: uuid + type: string + style: simple + requestBody: + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/UpdateEventStreamInfo" + responses: + "200": + content: + application/json: + schema: + $ref: "#/components/schemas/EventStream" + description: The updated event stream. + security: + - BearerAuth: [] + tags: + - event-streams + delete: + summary: Delete event stream + description: Deletes an event streaming connection. + operationId: deleteEventStream + parameters: + - description: The ID of the event stream. + example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 + explode: false + in: path + name: event_stream_id + required: true + schema: + format: uuid + type: string + style: simple + responses: + "200": + description: The event stream was successfully deleted. + security: + - BearerAuth: [] + tags: + - event-streams /events: get: description: Returns a list of `Event` objects. @@ -705,7 +832,9 @@ paths: schema: type: string style: form - - description: An API filter for the events. Supply the name and preview of the API token. + - description: + An API filter for the events. Supply the name and preview of the + API token. example: fullaccess:**************************M_g== explode: true in: query @@ -831,7 +960,9 @@ paths: schema: type: string style: form - - description: The IDs of the tags to filter by. Returns only groups that have any of these tags applied. + - description: + The IDs of the tags to filter by. Returns only groups that have any + of these tags applied. in: query name: tag_ids required: false @@ -873,7 +1004,8 @@ paths: tags: - groups post: - description: Creates an Opal group or [imports a remote group](https://docs.opal.dev/reference/end-system-objects). + description: Creates an Opal group or [imports a remote + group](https://docs.opal.dev/reference/end-system-objects). operationId: createGroup requestBody: required: true @@ -1286,7 +1418,10 @@ paths: format: uuid type: string style: simple - - description: The remote ID of the access level to grant to this user. If omitted, the default access level remote ID value (empty string) is used. + - description: + The remote ID of the access level to grant to this user. If + omitted, the default access level remote ID value (empty string) is + used. example: arn:aws:iam::590304332660:role/AdministratorAccess explode: true in: query @@ -1306,11 +1441,16 @@ paths: duration_minutes: 60 properties: access_level_remote_id: - description: The remote ID of the access level to grant to this user. If omitted, the default access level remote ID value (empty string) is used. + description: + The remote ID of the access level to grant to this user. If + omitted, the default access level remote ID value (empty + string) is used. example: arn:aws:iam::590304332660:role/AdministratorAccess type: string duration_minutes: - description: The duration for which the resource can be accessed (in minutes). Use 0 to set to indefinite. + description: + The duration for which the resource can be accessed (in minutes). + Use 0 to set to indefinite. example: 60 type: integer maximum: 525960 # One year @@ -1621,7 +1761,10 @@ paths: access_level_remote_id: arn:aws:iam::590304332660:role/AdministratorAccess properties: duration_minutes: - description: The updated duration for which the group can be accessed (in minutes). Use 0 for indefinite. + description: + The updated duration for which the group can be accessed (in + minutes). Use 0 for indefinite, or a negative value to + revoke access. type: integer maximum: 525960 # One year example: 120 @@ -1666,7 +1809,9 @@ paths: format: uuid type: string style: simple - - description: The duration for which the group can be accessed (in minutes). Use 0 to set to indefinite. + - description: + The duration for which the group can be accessed (in minutes). Use + 0 to set to indefinite. example: 60 explode: true in: query @@ -1677,7 +1822,10 @@ paths: maximum: 525960 # One year style: form deprecated: true - - description: The remote ID of the access level to grant to this user. If omitted, the default access level remote ID value (empty string) is used. + - description: + The remote ID of the access level to grant to this user. If + omitted, the default access level remote ID value (empty string) is + used. example: arn:aws:iam::590304332660:role/AdministratorAccess explode: true in: query @@ -1697,11 +1845,16 @@ paths: access_level_remote_id: arn:aws:iam::590304332660:role/AdministratorAccess properties: duration_minutes: - description: The duration for which the group can be accessed (in minutes). Use 0 to set to indefinite. + description: + The duration for which the group can be accessed (in minutes). Use + 0 to set to indefinite. example: 60 type: integer access_level_remote_id: - description: The remote ID of the access level to grant to this user. If omitted, the default access level remote ID value (empty string) is used. + description: + The remote ID of the access level to grant to this user. If + omitted, the default access level remote ID value (empty + string) is used. example: arn:aws:iam::590304332660:role/AdministratorAccess type: string required: @@ -1742,7 +1895,10 @@ paths: format: uuid type: string style: simple - - description: The remote ID of the access level for which this user has direct access. If omitted, the default access level remote ID value (empty string) is assumed. + - description: + The remote ID of the access level for which this user has direct + access. If omitted, the default access level remote ID value (empty + string) is assumed. example: 30 explode: true in: query @@ -1925,7 +2081,9 @@ paths: - group-bindings /idp-group-mappings/{app_resource_id}: get: - description: Returns the configured set of available `IdpGroupMapping` objects for an Okta app. + description: + Returns the configured set of available `IdpGroupMapping` objects + for an Okta app. operationId: getIdpGroupMappings parameters: - description: The ID of the Okta app. @@ -1944,7 +2102,9 @@ paths: application/json: schema: $ref: "#/components/schemas/IdpGroupMappingList" - description: The configured set of available `IdpGroupMapping` objects for an Okta app. + description: + The configured set of available `IdpGroupMapping` objects for an + Okta app. security: - BearerAuth: [] tags: @@ -1986,7 +2146,9 @@ paths: type: object responses: "200": - description: The updated set of available `IdpGroupMapping` objects for an Okta app. + description: + The updated set of available `IdpGroupMapping` objects for an Okta + app. security: - BearerAuth: [] tags: @@ -2253,7 +2415,9 @@ paths: - owners /owners/name/{owner_name}: get: - description: Returns an `Owner` object. Does not support owners with `/` in their name, use /owners?name=... instead. + description: + Returns an `Owner` object. Does not support owners with `/` in + their name, use /owners?name=... instead. operationId: getOwnerFromName parameters: - description: The name of the owner. @@ -2278,7 +2442,9 @@ paths: - owners /owners/{owner_id}/users: get: - description: Gets the list of users for this owner, in escalation priority order if applicable. + description: + Gets the list of users for this owner, in escalation priority order + if applicable. operationId: get_owner_users parameters: - description: The ID of the owner. @@ -2303,7 +2469,11 @@ paths: tags: - owners put: - description: Sets the list of users for this owner. If escalation is enabled, the order of this list is the escalation priority order of the users. If the owner has a source group, adding or removing users from this list won't be possible. + description: + Sets the list of users for this owner. If escalation is enabled, + the order of this list is the escalation priority order of the users. If + the owner has a source group, adding or removing users from this list + won't be possible. operationId: set_owner_users parameters: - description: The ID of the owner. @@ -2336,7 +2506,9 @@ paths: /requests: get: summary: Get requests - description: Returns a list of requests for your organization that is visible by the admin. + description: + Returns a list of requests for your organization that is visible by + the admin. operationId: getRequests parameters: - description: A start date filter for the events. @@ -2475,7 +2647,8 @@ paths: operationId: getRequestsRelay deprecated: true parameters: - - description: Number of results to return after the cursor. Use either first/after or last/before, not both. + - description: Number of results to return after the cursor. Use either + first/after or last/before, not both. example: 10 in: query name: first @@ -2484,14 +2657,19 @@ paths: type: integer minimum: 1 maximum: 100 - - description: Cursor to fetch results after. Used with 'first' for forward pagination. - example: "Y3Vyc29yOnYyOpK5MjAyMS0wMS0wN1QwNzo0MToyNy4xMTlaFjYwZmM2YmJlZjk4YzE1N2ZhNjFhYjk4Nw==" + - description: + Cursor to fetch results after. Used with 'first' for forward + pagination. + example: + "Y3Vyc29yOnYyOpK5MjAyMS0wMS0wN1QwNzo0MToyNy4xMTlaFjYwZmM2YmJlZjk4YzE1N\ + 2ZhNjFhYjk4Nw==" in: query name: after required: false schema: type: string - - description: Number of results to return before the cursor. Use either first/after or last/before, not both. + - description: Number of results to return before the cursor. Use either + first/after or last/before, not both. example: 10 in: query name: last @@ -2500,8 +2678,12 @@ paths: type: integer minimum: 1 maximum: 100 - - description: Cursor to fetch results before. Used with 'last' for backward pagination. - example: "Y3Vyc29yOnYyOpK5MjAyMS0wMS0wN1QwNzo0MToyNy4xMTlaFjYwZmM2YmJlZjk4YzE1N2ZhNjFhYjk4Nw==" + - description: + Cursor to fetch results before. Used with 'last' for backward + pagination. + example: + "Y3Vyc29yOnYyOpK5MjAyMS0wMS0wN1QwNzo0MToyNy4xMTlaFjYwZmM2YmJlZjk4YzE1N\ + 2ZhNjFhYjk4Nw==" in: query name: before required: false @@ -2782,7 +2964,9 @@ paths: format: uuid type: string style: form - - description: The ancestor resource id to filter by. Returns all resources that are descendants of the specified resource. + - description: + The ancestor resource id to filter by. Returns all resources that + are descendants of the specified resource. example: - 4baf8423-db0a-4037-a4cf-f79c60cb67a5 explode: false @@ -2793,14 +2977,19 @@ paths: format: uuid type: string style: form - - description: Filter resources by their remote id. This will return all resources that have a remote id that matches the provided remote id. Note that this requires resource_type_filter to be provided. + - description: + Filter resources by their remote id. This will return all resources + that have a remote id that matches the provided remote id. Note that + this requires resource_type_filter to be provided. in: query name: remote_id required: false schema: type: string style: form - - description: The IDs of the tags to filter by. Returns only resources that have any of these tags applied. + - description: + The IDs of the tags to filter by. Returns only resources that have + any of these tags applied. in: query name: tag_ids required: false @@ -2843,7 +3032,9 @@ paths: tags: - resources post: - description: Creates a resource. See [here](https://docs.opal.dev/reference/end-system-objects) for details about importing resources. + description: Creates a resource. See + [here](https://docs.opal.dev/reference/end-system-objects) for details + about importing resources. operationId: createResource requestBody: required: true @@ -3297,12 +3488,16 @@ paths: access_level_remote_id: roles/cloudsql.instanceUser properties: duration_minutes: - description: The duration for which the resource can be accessed (in minutes). Use 0 to set to indefinite. + description: + The duration for which the resource can be accessed (in minutes). + Use 0 to set to indefinite. example: 60 type: integer maximum: 525960 # One year access_level_remote_id: - description: The remote ID of the access level to grant. If omitted, the default access level remote ID value (empty string) is used. + description: + The remote ID of the access level to grant. If omitted, the default + access level remote ID value (empty string) is used. example: roles/cloudsql.instanceUser type: string required: @@ -3314,7 +3509,9 @@ paths: application/json: schema: $ref: "#/components/schemas/ResourceNHI" - description: Details about the access that the non-human identity was granted to the resource. + description: + Details about the access that the non-human identity was granted to + the resource. security: - BearerAuth: [] tags: @@ -3333,7 +3530,9 @@ paths: format: uuid type: string style: simple - - description: The resource ID of the non-human identity to remove from this resource. + - description: + The resource ID of the non-human identity to remove from this + resource. example: f92aa855-cea9-4814-b9d8-f2a60d3e4a06 explode: false in: path @@ -3343,7 +3542,10 @@ paths: format: uuid type: string style: simple - - description: The remote ID of the access level for which this non-human identity has direct access. If omitted, the default access level remote ID value (empty string) is assumed. + - description: + The remote ID of the access level for which this non-human identity + has direct access. If omitted, the default access level remote ID + value (empty string) is assumed. example: roles/cloudsql.instanceUser explode: true in: query @@ -3354,7 +3556,9 @@ paths: style: form responses: "200": - description: This non-human identity's access was successfully removed from this resource. + description: + This non-human identity's access was successfully removed from this + resource. security: - BearerAuth: [] tags: @@ -3384,7 +3588,9 @@ paths: format: uuid type: string style: simple - - description: The duration for which the resource can be accessed (in minutes). Use 0 to set to indefinite. + - description: + The duration for which the resource can be accessed (in minutes). + Use 0 to set to indefinite. example: 60 explode: true in: query @@ -3395,7 +3601,10 @@ paths: maximum: 525960 # One year style: form deprecated: true - - description: The remote ID of the access level to grant to this user. If omitted, the default access level remote ID value (empty string) is used. + - description: + The remote ID of the access level to grant to this user. If + omitted, the default access level remote ID value (empty string) is + used. example: arn:aws:iam::590304332660:role/AdministratorAccess explode: true in: query @@ -3415,12 +3624,17 @@ paths: access_level_remote_id: arn:aws:iam::590304332660:role/AdministratorAccess properties: duration_minutes: - description: The duration for which the resource can be accessed (in minutes). Use 0 to set to indefinite. + description: + The duration for which the resource can be accessed (in minutes). + Use 0 to set to indefinite. example: 60 type: integer maximum: 525960 # One year access_level_remote_id: - description: The remote ID of the access level to grant to this user. If omitted, the default access level remote ID value (empty string) is used. + description: + The remote ID of the access level to grant to this user. If + omitted, the default access level remote ID value (empty + string) is used. example: arn:aws:iam::590304332660:role/AdministratorAccess type: string required: @@ -3470,7 +3684,9 @@ paths: access_level_remote_id: arn:aws:iam::590304332660:role/AdministratorAccess properties: duration_minutes: - description: The updated duration for which the resource can be accessed (in minutes). Use 0 for indefinite. + description: + The updated duration for which the resource can be accessed (in + minutes). Use 0 for indefinite. type: integer maximum: 525960 # One year example: 120 @@ -3515,7 +3731,10 @@ paths: format: uuid type: string style: simple - - description: The remote ID of the access level for which this user has direct access. If omitted, the default access level remote ID value (empty string) is assumed. + - description: + The remote ID of the access level for which this user has direct + access. If omitted, the default access level remote ID value (empty + string) is assumed. example: arn:aws:iam::590304332660:role/AdministratorAccess explode: true in: query @@ -3617,7 +3836,10 @@ paths: format: uuid type: string style: simple - - description: The remote ID of the access level that you wish to query for the resource. If omitted, the default access level remote ID value (empty string) is used. + - description: + The remote ID of the access level that you wish to query for the + resource. If omitted, the default access level remote ID value + (empty string) is used. example: arn:aws:iam::590304332660:role/AdministratorAccess explode: true in: query @@ -3684,7 +3906,9 @@ paths: - resources /resources/{resource_id}/scoped-role-permissions: get: - description: Returns all the scoped role permissions that apply to the given resource. Only OPAL_SCOPED_ROLE resource type supports this field. + description: + Returns all the scoped role permissions that apply to the given + resource. Only OPAL_SCOPED_ROLE resource type supports this field. operationId: get_resource_scoped_role_permissions parameters: - description: The ID of the resource whose scoped role permissions belong to. @@ -3712,7 +3936,9 @@ paths: description: Sets all the scoped role permissions on an OPAL_SCOPED_ROLE resource. operationId: set_resource_scoped_role_permissions parameters: - - description: The ID of the resource whose scoped role permissions belong to. Must be of OPAL_SCOPED_ROLE resource type. + - description: + The ID of the resource whose scoped role permissions belong to. + Must be of OPAL_SCOPED_ROLE resource type. name: resource_id example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 explode: false @@ -3868,7 +4094,10 @@ paths: format: uuid type: string style: form - - description: The email of the user. If both user ID and email are provided, user ID will take precedence. If neither are provided, an error will occur. + - description: + The email of the user. If both user ID and email are provided, user + ID will take precedence. If neither are provided, an error will + occur. example: johndoe@domain.org explode: true in: query @@ -3912,7 +4141,9 @@ paths: type: integer maximum: 1000 style: form - - description: The IDs of the tags to filter by. Returns only users that have any of these tags applied. + - description: + The IDs of the tags to filter by. Returns only users that have any + of these tags applied. in: query name: tag_ids required: false @@ -4026,6 +4257,39 @@ paths: tags: - users /access-rules: + get: + description: Returns a list of access rules for your organization. + operationId: get_access_rules + parameters: + - description: The pagination cursor value. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + explode: true + in: query + name: cursor + required: false + schema: + type: string + style: form + - description: Number of results to return per page. Default is 200. + example: 200 + explode: true + in: query + name: page_size + required: false + schema: + type: integer + style: form + responses: + "200": + content: + application/json: + schema: + $ref: "#/components/schemas/PaginatedAccessRulesList" + description: One page of access rules for your organization. + security: + - BearerAuth: [] + tags: + - access-rules post: description: Creates a new access rule config for the given group_id. operationId: create_access_rule @@ -4048,7 +4312,9 @@ paths: - access-rules /access-rules/{access_rule_id}: get: - description: Returns a list of access rule config given the group_id of the access rule. + description: + Returns a list of access rule config given the group_id of the + access rule. operationId: get_access_rule parameters: - description: The access rule ID (group ID) of the access rule. @@ -4595,10 +4861,37 @@ paths: - BearerAuth: [] tags: - on-call-schedules + /queries/run: + post: + summary: Run an ad-hoc OpalQuery + description: Runs an ad-hoc OpalQuery and returns the results. Currently + supports NODE queries (users, resources, groups). This endpoint is only + available to our OpalQuery beta group. Please contact Opal support if + you'd like to be added to the beta. + operationId: runOpalQuery + requestBody: + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/RunOpalQueryRequest" + responses: + "200": + content: + application/json: + schema: + $ref: "#/components/schemas/OpalQueryResults" + description: The results of the OpalQuery. + security: + - BearerAuth: [] + tags: + - opal-queries /tokens: get: summary: Get tokens - description: Returns a list of first-party API tokens for your organization. Requires admin access. + description: + Returns a list of first-party API tokens for your organization. + Requires admin access. operationId: getTokens parameters: - description: The pagination cursor value. @@ -4655,7 +4948,9 @@ paths: /tokens/{token_id}: delete: summary: Delete token - description: Deletes a first-party API token. Admins can delete any token. Non-admins can only delete their own tokens when the organization allows all users to create API tokens. + description: Deletes a first-party API token. Admins can delete any token. + Non-admins can only delete their own tokens when the organization allows + all users to create API tokens. operationId: deleteToken parameters: - description: The ID of the token to delete. @@ -4764,7 +5059,9 @@ paths: - uars /sync_errors: get: - description: Returns a list of recent sync errors that have occurred since the last successful sync. + description: + Returns a list of recent sync errors that have occurred since the + last successful sync. operationId: getSyncErrors parameters: - description: The ID of the app to list sync errors for. @@ -4813,10 +5110,14 @@ paths: /delegations: get: summary: Get delegations - description: Returns a list of request reviewer delegations configured for your organization. + description: + Returns a list of request reviewer delegations configured for your + organization. operationId: getDelegations parameters: - - description: The delegator user ID to filter delegations by the user delegating their access review requests. + - description: + The delegator user ID to filter delegations by the user delegating + their access review requests. example: 29827fb8-f2dd-4e80-9576-28e31e9934ac explode: true in: query @@ -4826,7 +5127,9 @@ paths: format: uuid type: string style: form - - description: The delegate user ID to filter delegations by the user being delegated to. + - description: + The delegate user ID to filter delegations by the user being + delegated to. example: 29827fb8-f2dd-4e80-9576-28e31e9934ac explode: true in: query @@ -4867,7 +5170,9 @@ paths: tags: - delegations post: - description: Creates a new request reviewer delegation to delegate access review requests from one user to another. + description: + Creates a new request reviewer delegation to delegate access review + requests from one user to another. operationId: createDelegation requestBody: required: true @@ -4937,6 +5242,291 @@ paths: components: schemas: + AccessEntityFilters: + type: object + description: + Filters for matching entities by type, name, tag, IDs, connections, + or access levels. Supports recursive logical composition via + allOf/anyOf. + properties: + entityTypes: + type: array + description: Filter by entity type. Only RESOURCE, GROUP, and USER are + queryable via OpalQuery. + items: + type: string + enum: [RESOURCE, GROUP, USER] + entityItemTypes: + type: array + description: Filter by entity item types. + items: + $ref: "#/components/schemas/EntityItemTypeEnum" + entityName: + $ref: "#/components/schemas/EntityNameFilter" + entityTag: + $ref: "#/components/schemas/EntityTagFilter" + entityIDs: + type: array + description: Filter by specific entity UUIDs. + items: + type: string + format: uuid + importedFromApp: + type: array + description: Filter by app IDs from which returned nodes will be imported from. + items: + type: string + format: uuid + roleRemoteIds: + type: array + description: Filter by role remote IDs. Can only be applied within a hasAccessTo clause. + items: + type: string + roleNames: + type: array + description: Filter by role display names (e.g. "Admin", "Read"). Can only be applied within a hasAccessTo clause. + items: + type: string + allOf: + type: array + description: > + A list of nested filters that must all match (logical AND). Each + item has the same shape as this object — scalar fields like + `entityTypes` or `entityTag`, and can further nest `allOf`, + `anyOf`, or `not`. + items: + $ref: "#/components/schemas/AccessEntityFilters" + anyOf: + type: array + description: > + A list of nested filters where at least one must match (logical + OR). Each item has the same shape as this object. + items: + $ref: "#/components/schemas/AccessEntityFilters" + not: + description: > + Excludes entities matching the embedded filter (logical NOT). Pass + a filter object with the same shape as this one — typically a + single scalar field, like `{not: {entityTypes: ["RESOURCE"]}}` to + exclude resources. + type: object + x-go-type: AccessEntityFilters + + RunOpalQueryRequest: + description: + Request body for running an ad-hoc OpalQuery. The `type` field + determines which query schema applies. + oneOf: + - $ref: "#/components/schemas/OpalNodeQuery" + discriminator: + propertyName: type + mapping: + NODE: "#/components/schemas/OpalNodeQuery" + # example: + # type: NODE + # query: + # nodeFilters: + # entityTypes: [RESOURCE] + # allOf: + # - entityTag: + # key: env + # value: prod + # - entityTag: + # key: team + # value: platform + # not: + # entityItemTypes: [AWS_IAM_ROLE] + # accessFilters: + # isAccessibleBy: + # entityTypes: [USER] + # entityTag: + # key: contractor + # first: 50 + + OpalNodeQuery: + type: object + required: + - type + description: + Request body for a NODE-type OpalQuery. Returns entities (users, + resources, groups) matching the given filters. + example: + type: NODE + query: + nodeFilters: + entityTypes: [RESOURCE] + entityTag: + key: env + value: prod + accessFilters: + isAccessibleBy: + entityTypes: [USER] + entityTag: + key: contractor + first: 50 + properties: + type: + type: string + enum: + - NODE + query: + $ref: "#/components/schemas/OpalNodeQueryBody" + first: + type: integer + description: Maximum number of results to return. Defaults to 200. + example: 200 + after: + type: string + description: Cursor from a previous response to fetch the next page of results. + example: 29827fb8-f2dd-4e80-9576-28e31e9934ac + + OpalNodeQueryBody: + type: object + description: The filter body for a NODE-type OpalQuery. + properties: + nodeFilters: + $ref: "#/components/schemas/AccessEntityFilters" + accessFilters: + $ref: "#/components/schemas/AccessRelationshipFilters" + + OpalQueryResultNode: + type: object + required: + - id + - name + - entityType + - entityItemType + description: A matched entity from an OpalQuery result. + properties: + id: + type: string + format: uuid + description: The entity's unique identifier. + name: + type: string + description: The display name of the entity. + entityType: + type: string + enum: + - USER + - GROUP + - RESOURCE + description: The top-level entity type. + entityItemType: + $ref: "#/components/schemas/EntityItemTypeEnum" + + OpalQueryResultEdge: + type: object + required: + - node + - cursor + description: + A single result edge from an OpalQuery, containing the matched + entity and its pagination cursor. + properties: + node: + $ref: "#/components/schemas/OpalQueryResultNode" + cursor: + type: string + description: Opaque cursor for this entity, used for pagination. + + OpalQueryResults: + description: + Paginated results of an OpalQuery. The `type` field discriminates + which result schema applies and mirrors the `type` field on the request. + oneOf: + - $ref: "#/components/schemas/OpalNodeQueryResults" + discriminator: + propertyName: type + mapping: + NODE: "#/components/schemas/OpalNodeQueryResults" + + OpalNodeQueryResults: + type: object + required: + - type + - edges + - pageInfo + description: + Paginated results of a NODE-type OpalQuery — one edge per matched + entity (user, resource, or group). + properties: + type: + type: string + enum: + - NODE + edges: + type: array + description: List of matched entities. + items: + $ref: "#/components/schemas/OpalQueryResultEdge" + pageInfo: + $ref: "#/components/schemas/PageInfo" + + AccessRelationshipFilters: + type: object + description: > + Filters the returned nodes by the access edges connected to them. + When `isAccessibleBy` and `hasAccessTo` are provided, the returned nodes + must satisfy both edge constraints simultaneously. + properties: + isAccessibleBy: + description: + Inbound-edge filter. The returned node must be accessible by at + least one entity matching this filter. + $ref: "#/components/schemas/AccessEntityFilters" + hasAccessTo: + description: + Outbound-edge filter. The returned node must have access to at + least one entity matching this filter. + $ref: "#/components/schemas/AccessEntityFilters" + + EntityNameFilter: + type: object + required: + - stringMatchType + - string + description: Filters entities by name using a string match strategy. + properties: + stringMatchType: + $ref: "#/components/schemas/StringMatchType" + string: + type: string + description: The string value to match against the entity name. + example: engineering + + EntityTagFilter: + type: object + required: + - key + description: + Filters entities by a tag key/value pair, optionally scoped to a + connection. + properties: + key: + type: string + description: The tag key to filter by. + example: team + value: + type: string + description: + The tag value to filter by. If omitted, matches any value for the + given key. + example: platform + connectionId: + type: string + format: uuid + description: If specified, filters by tags associated with this connection. + + StringMatchType: + type: string + description: How to match a string value against entity names. + enum: + - CONTAINS + - EQUALS + - STARTS_WITH + - ENDS_WITH + PaginatedAssignedRequestList: type: object required: @@ -5000,7 +5590,9 @@ components: type: integer description: The total number of items available UARScope: - description: If set, the access review will only contain resources and groups that match at least one of the filters in scope. + description: + If set, the access review will only contain resources and groups + that match at least one of the filters in scope. example: filter_operator: ANY users: @@ -5031,18 +5623,25 @@ components: type: string enum: [STRICT, VIEW_VISIBLE_AND_ASSIGNED, VIEW_ALL] users: - description: The access review will only include the following users. If any users are selected, any entity filters will be applied to only the entities that the selected users have access to. + description: + The access review will only include the following users. If any + users are selected, any entity filters will be applied to only the + entities that the selected users have access to. items: example: userd283-ca87-4a8a-bdbb-df212eca5353 type: string format: uuid type: array filter_operator: - description: Specifies whether entities must match all (AND) or any (OR) of the filters. + description: + Specifies whether entities must match all (AND) or any (OR) of the + filters. type: string enum: [ANY, ALL] entities: - description: This access review will include resources and groups with ids in the given strings. + description: + This access review will include resources and groups with ids in + the given strings. items: example: f454d283-as87-4a8a-bdbb-df212eca5353 type: string @@ -5056,7 +5655,9 @@ components: format: uuid type: array admins: - description: This access review will include resources and groups who are owned by one of the owners corresponding to the given IDs. + description: + This access review will include resources and groups who are owned + by one of the owners corresponding to the given IDs. items: example: f454d283-ca87-4a8a-bdbb-df212eca5353 type: string @@ -5076,12 +5677,16 @@ components: type: boolean example: False tags: - description: This access review will include resources and groups who are tagged with one of the given tags. + description: + This access review will include resources and groups who are tagged + with one of the given tags. items: $ref: "#/components/schemas/TagFilter" type: array names: - description: This access review will include resources and groups whose name contains one of the given strings. + description: + This access review will include resources and groups whose name + contains one of the given strings. items: example: demo type: string @@ -5128,8 +5733,8 @@ components: properties: next: description: - The cursor with which to continue pagination if additional - result pages exist. + The cursor with which to continue pagination if additional result + pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw nullable: true type: string @@ -5177,7 +5782,9 @@ components: reviewer_assignment_policy: $ref: "#/components/schemas/UARReviewerAssignmentPolicyEnum" send_reviewer_assignment_notification: - description: A bool representing whether to send a notification to reviewers when they're assigned a new review. Default is False. + description: + A bool representing whether to send a notification to reviewers + when they're assigned a new review. Default is False. example: False type: boolean deadline: @@ -5186,15 +5793,22 @@ components: type: string format: date-time time_zone: - description: The time zone name (as defined by the IANA Time Zone database) used in the access review deadline and exported audit report. Default is America/Los_Angeles. + description: + The time zone name (as defined by the IANA Time Zone database) used + in the access review deadline and exported audit report. Default is + America/Los_Angeles. example: America/Los_Angeles type: string self_review_allowed: - description: A bool representing whether to present a warning when a user is the only reviewer for themself. Default is False. + description: + A bool representing whether to present a warning when a user is the + only reviewer for themself. Default is False. example: False type: boolean instantly_action_reviews: - description: A bool representing whether to instantly action changes when reviewers submit their decision. Default is False. + description: + A bool representing whether to instantly action changes when + reviewers submit their decision. Default is False. type: boolean example: False uar_scope: @@ -5238,7 +5852,9 @@ components: reviewer_assignment_policy: $ref: "#/components/schemas/UARReviewerAssignmentPolicyEnum" send_reviewer_assignment_notification: - description: A bool representing whether to send a notification to reviewers when they're assigned a new review. Default is False. + description: + A bool representing whether to send a notification to reviewers + when they're assigned a new review. Default is False. example: False type: boolean deadline: @@ -5247,15 +5863,22 @@ components: type: string format: date-time time_zone: - description: The time zone name (as defined by the IANA Time Zone database) used in the access review deadline and exported audit report. Default is America/Los_Angeles. + description: + The time zone name (as defined by the IANA Time Zone database) used + in the access review deadline and exported audit report. Default is + America/Los_Angeles. example: America/Los_Angeles type: string self_review_allowed: - description: A bool representing whether to present a warning when a user is the only reviewer for themself. Default is False. + description: + A bool representing whether to present a warning when a user is the + only reviewer for themself. Default is False. example: False type: boolean instantly_action_reviews: - description: A bool representing whether to instantly action changes when reviewers submit their decision. Default is False. + description: + A bool representing whether to instantly action changes when + reviewers submit their decision. Default is False. type: boolean example: False reminder_schedule: @@ -5276,7 +5899,14 @@ components: - self_review_allowed type: object UARReviewerAssignmentPolicyEnum: - description: A policy for auto-assigning reviewers. If auto-assignment is on, specific assignments can still be manually adjusted after the access review is started. Default is Manually. BY_OWNING_TEAM_ADMIN assigns reviews to resource admins in round-robin fashion. BY_OWNING_TEAM_ADMIN_ALL assigns reviews to all resource admins. BY_APPROVERS assigns reviews to resource approvers in round-robin fashion. BY_APPROVERS_ALL assigns reviews to all resource approvers. + description: + A policy for auto-assigning reviewers. If auto-assignment is on, + specific assignments can still be manually adjusted after the access + review is started. Default is Manually. BY_OWNING_TEAM_ADMIN assigns + reviews to resource admins in round-robin fashion. + BY_OWNING_TEAM_ADMIN_ALL assigns reviews to all resource admins. + BY_APPROVERS assigns reviews to resource approvers in round-robin + fashion. BY_APPROVERS_ALL assigns reviews to all resource approvers. enum: - MANUALLY - BY_OWNING_TEAM_ADMIN @@ -5496,7 +6126,9 @@ components: key: "iam:GetRole" name: "Opal's service account is missing the 'iam:GetRole' permission." usage_reason: "Opal uses the 'iam:GetRole' permissions to view access to resources." - details: "403 Google API Error. Service account is not authorized to access role assignments." + details: + "403 Google API Error. Service account is not authorized to access role + assignments." severity: HIGH status: FAILED updated_at: 2021-01-06T20:00:00Z @@ -5506,15 +6138,21 @@ components: example: "iam:GetUser" type: string name: - description: The human-readable description of whether the validation has the permissions. + description: + The human-readable description of whether the validation has the + permissions. example: "Opal's service account is missing the 'iam:GetUser' description." usage_reason: description: The reason for needing the validation. example: Opal uses the 'iam:GetUser' permission to import users. type: string details: - description: Extra details regarding the validation. Could be an error message or restrictions on permissions. - example: 403 Google API Error. Service account is not authorized to access role assignments. + description: + Extra details regarding the validation. Could be an error message + or restrictions on permissions. + example: + 403 Google API Error. Service account is not authorized to access role + assignments. type: string severity: $ref: "#/components/schemas/AppValidationSeverityEnum" @@ -5586,8 +6224,8 @@ components: properties: next: description: - The cursor with which to continue pagination if additional - result pages exist. + The cursor with which to continue pagination if additional result + pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw nullable: true type: string @@ -5621,8 +6259,8 @@ components: properties: next: description: - The cursor with which to continue pagination if additional - result pages exist. + The cursor with which to continue pagination if additional result + pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw nullable: true type: string @@ -5803,11 +6441,15 @@ components: nullable: true type: string has_direct_access: - description: The user has direct access to this resources (vs. indirectly, like through a group). + description: + The user has direct access to this resources (vs. indirectly, like + through a group). example: true type: boolean num_access_paths: - description: The number of ways in which the user has access through this resource (directly and indirectly). + description: + The number of ways in which the user has access through this + resource (directly and indirectly). example: 3 format: int32 type: integer @@ -5885,11 +6527,15 @@ components: nullable: true type: string has_direct_access: - description: The principal has direct access to this entity (vs. inherited access). + description: + The principal has direct access to this entity (vs. inherited + access). example: true type: boolean num_access_paths: - description: The number of ways in which the principal has access to this entity (directly and inherited). + description: + The number of ways in which the principal has access to this entity + (directly and inherited). example: 3 format: int32 type: integer @@ -5949,8 +6595,8 @@ components: properties: next: description: - The cursor with which to continue pagination if additional - result pages exist. + The cursor with which to continue pagination if additional result + pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw nullable: true type: string @@ -6024,8 +6670,8 @@ components: properties: next: description: - The cursor with which to continue pagination if additional - result pages exist. + The cursor with which to continue pagination if additional result + pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw nullable: true type: string @@ -6055,8 +6701,8 @@ components: properties: next: description: - The cursor with which to continue pagination if additional - result pages exist. + The cursor with which to continue pagination if additional result + pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw nullable: true type: string @@ -6213,22 +6859,52 @@ components: results: - group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 app_id: b5a5ca27-0ea3-4d86-9199-2126d57d1fbd - description: This group represents Active Directory group "Payments Production Admin". We use this AD group to facilitate staging deployments and qualifying new releases. + name: Payments Production Admin + description: + This group represents Active Directory group "Payments Production + Admin". We use this AD group to facilitate staging deployments and + qualifying new releases. admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + group_leader_user_ids: + - 7c86c85d-0651-43e2-a748-d69d658418e8 + remote_id: 037m2jsg218b2wb + remote_name: Finance Team + group_type: ACTIVE_DIRECTORY_GROUP max_duration: 120 + recommended_duration: 60 + extensions_duration_in_minutes: 60 require_manager_approval: False require_support_ticket: False + require_mfa_to_approve: False + require_mfa_to_request: False + auto_approval: False + is_requestable: True - group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b - description: Manages the Integrations Team on-call privileged resources. This group is automatically synced with the on-call rotation defined in PagerDuty. + app_id: a7c3e291-1234-4abc-9def-1234567890ab + name: Integrations On-Call + description: + Manages the Integrations Team on-call privileged resources. This + group is automatically synced with the on-call rotation defined in + PagerDuty. admin_owner_id: 4220bc12-ab8a-4b5d-be7b-f6bbcf9159f3 + group_leader_user_ids: [] + remote_id: pagerduty-schedule:P123XYZ + remote_name: Integrations On-Call + group_type: PAGERDUTY_ON_CALL_SCHEDULE max_duration: 360 + recommended_duration: 120 + extensions_duration_in_minutes: 0 require_manager_approval: False require_support_ticket: True + require_mfa_to_approve: False + require_mfa_to_request: False + auto_approval: False + is_requestable: True properties: next: description: - The cursor with which to continue pagination if additional - result pages exist. + The cursor with which to continue pagination if additional result + pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw nullable: true type: string @@ -6299,7 +6975,9 @@ components: format: uuid type: string duration_minutes: - description: The updated duration for which the group can be accessed (in minutes). Use 0 for indefinite. + description: + The updated duration for which the group can be accessed (in + minutes). Use 0 for indefinite. type: integer maximum: 525960 # One year example: 120 @@ -6321,13 +6999,26 @@ components: example: group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 app_id: b5a5ca27-0ea3-4d86-9199-2126d57d1fbd + name: Payments Production Admin + description: + This group represents Active Directory group "Payments Production + Admin". We use this AD group to facilitate staging deployments and + qualifying new releases. + admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + group_leader_user_ids: + - 7c86c85d-0651-43e2-a748-d69d658418e8 remote_id: 037m2jsg218b2wb remote_name: Finance Team - description: This group represents Active Directory group "Payments Production Admin". We use this AD group to facilitate staging deployments and qualifying new releases. - admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 + group_type: ACTIVE_DIRECTORY_GROUP max_duration: 120 + recommended_duration: 60 + extensions_duration_in_minutes: 60 require_manager_approval: False require_support_ticket: False + require_mfa_to_approve: False + require_mfa_to_request: False + auto_approval: False + is_requestable: True properties: group_id: description: The ID of the group. @@ -6345,7 +7036,10 @@ components: type: string description: description: A description of the group. - example: This group represents Active Directory group "Payments Production Admin". We use this AD group to facilitate staging deployments and qualifying new releases. + example: + This group represents Active Directory group "Payments Production + Admin". We use this AD group to facilitate staging deployments and + qualifying new releases. type: string admin_owner_id: description: The ID of the owner of the group. @@ -6369,36 +7063,53 @@ components: group_type: $ref: "#/components/schemas/GroupTypeEnum" max_duration: - description: The maximum duration for which the group can be requested (in minutes). + description: + The maximum duration for which the group can be requested (in + minutes). type: integer example: 120 recommended_duration: - description: The recommended duration for which the group should be requested (in minutes). -1 represents an indefinite duration. + description: + The recommended duration for which the group should be requested + (in minutes). -1 represents an indefinite duration. type: integer example: 120 extensions_duration_in_minutes: - description: The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration. + description: + The duration for which access can be extended (in minutes). Set to + 0 to disable extensions. When > 0, extensions are enabled for the + specified duration. type: integer example: 120 require_manager_approval: - description: A bool representing whether or not access requests to the group require manager approval. + description: + A bool representing whether or not access requests to the group + require manager approval. example: False type: boolean deprecated: true require_support_ticket: - description: A bool representing whether or not access requests to the group require an access ticket. + description: + A bool representing whether or not access requests to the group + require an access ticket. example: False type: boolean require_mfa_to_approve: - description: A bool representing whether or not to require MFA for reviewers to approve requests for this group. + description: + A bool representing whether or not to require MFA for reviewers to + approve requests for this group. example: False type: boolean require_mfa_to_request: - description: A bool representing whether or not to require MFA for requesting access to this group. + description: + A bool representing whether or not to require MFA for requesting + access to this group. example: False type: boolean auto_approval: - description: A bool representing whether or not to automatically approve requests to this group. + description: + A bool representing whether or not to automatically approve + requests to this group. example: False type: boolean request_template_id: @@ -6417,7 +7128,9 @@ components: format: uuid type: string is_requestable: - description: A bool representing whether or not to allow access requests to this group. + description: + A bool representing whether or not to allow access requests to this + group. example: False type: boolean request_configurations: @@ -6427,14 +7140,20 @@ components: items: $ref: "#/components/schemas/RequestConfiguration" request_configuration_list: - description: A list of request configurations for this group. Deprecated in favor of `request_configurations`. + description: + A list of request configurations for this group. Deprecated in + favor of `request_configurations`. deprecated: true example: [] type: array items: $ref: "#/components/schemas/RequestConfiguration" metadata: - description: JSON metadata about the remote group. Only set for items linked to remote systems. See [this guide](https://docs.opal.dev/reference/end-system-objects) for details. + description: + JSON metadata about the remote group. Only set for items linked to + remote systems. See [this + guide](https://docs.opal.dev/reference/end-system-objects) for + details. deprecated: true example: |- { "okta_directory_group": { "group_id": "00g4bs66kwtpe1g12345" } } @@ -6442,13 +7161,17 @@ components: remote_info: $ref: "#/components/schemas/GroupRemoteInfo" custom_request_notification: - description: Custom request notification sent to the requester when the request is approved. + description: + Custom request notification sent to the requester when the request + is approved. type: string maxLength: 800 nullable: true example: "Check your email to register your account." risk_sensitivity: - description: The risk sensitivity level for the group. When an override is set, this field will match that. + description: + The risk sensitivity level for the group. When an override is set, + this field will match that. readOnly: true allOf: - $ref: "#/components/schemas/RiskSensitivityEnum" @@ -6484,8 +7207,8 @@ components: type: array next: description: - The cursor with which to continue pagination if additional - result pages exist. + The cursor with which to continue pagination if additional result + pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw nullable: true type: string @@ -6581,14 +7304,18 @@ components: - description type: object PropagationStatus: - description: The state of whether the push action was propagated to the remote system. If this is null, the access was synced from the remote system. + description: + The state of whether the push action was propagated to the remote + system. If this is null, the access was synced from the remote system. properties: status: $ref: "#/components/schemas/PropagationStatusEnum" required: - status PropagationStatusEnum: - description: The status of whether the user has been synced to the group or resource in the remote system. + description: + The status of whether the user has been synced to the group or + resource in the remote system. enum: - SUCCESS - ERR_REMOTE_INTERNAL_ERROR @@ -6618,14 +7345,20 @@ components: example: groups: - group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 - description: This group represents Active Directory group "Payments Production Admin". We use this AD group to facilitate staging deployments and qualifying new releases. + description: + This group represents Active Directory group "Payments Production + Admin". We use this AD group to facilitate staging deployments and + qualifying new releases. name: api-group admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 max_duration: 120 require_manager_approval: False require_support_ticket: False - group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b - description: Manages the Integrations Team on-call privileged resources. This group is automatically synced with the on-call rotation defined in PagerDuty. + description: + Manages the Integrations Team on-call privileged resources. This + group is automatically synced with the on-call rotation defined in + PagerDuty. name: on-call-integrations admin_owner_id: 4220bc12-ab8a-4b5d-be7b-f6bbcf9159f3 max_duration: 360 @@ -6647,7 +7380,10 @@ components: The `UpdateGroupInfo` object is used as an input to the UpdateGroup API. example: group_id: f454d283-ca87-4a87-bdbb-df212eca5353 - description: This group represents Active Directory group "Payments Production Admin". We use this AD group to facilitate staging deployments and qualifying new releases. + description: + This group represents Active Directory group "Payments Production + Admin". We use this AD group to facilitate staging deployments and + qualifying new releases. name: api-group admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 max_duration: 120 @@ -6665,7 +7401,10 @@ components: type: string description: description: A description of the group. - example: This group represents Active Directory group "Payments Production Admin". We use this AD group to facilitate staging deployments and qualifying new releases. + example: + This group represents Active Directory group "Payments Production + Admin". We use this AD group to facilitate staging deployments and + qualifying new releases. type: string admin_owner_id: description: The ID of the owner of the group. @@ -6673,22 +7412,35 @@ components: format: uuid type: string max_duration: - description: The maximum duration for which the group can be requested (in minutes). Use -1 to set to indefinite. Deprecated in favor of `request_configurations`. + description: + The maximum duration for which the group can be requested (in + minutes). Use -1 to set to indefinite. Deprecated in favor of + `request_configurations`. type: integer example: 120 deprecated: true recommended_duration: - description: The recommended duration for which the group should be requested (in minutes). Will be the default value in a request. Use -1 to set to indefinite and 0 to unset. Deprecated in favor of `request_configurations`. + description: + The recommended duration for which the group should be requested + (in minutes). Will be the default value in a request. Use -1 to set + to indefinite and 0 to unset. Deprecated in favor of + `request_configurations`. type: integer example: 120 deprecated: true require_manager_approval: - description: A bool representing whether or not access requests to the group require manager approval. Deprecated in favor of `request_configurations`. + description: + A bool representing whether or not access requests to the group + require manager approval. Deprecated in favor of + `request_configurations`. example: False type: boolean deprecated: true require_support_ticket: - description: A bool representing whether or not access requests to the group require an access ticket. Deprecated in favor of `request_configurations`. + description: + A bool representing whether or not access requests to the group + require an access ticket. Deprecated in favor of + `request_configurations`. example: False type: boolean deprecated: true @@ -6699,16 +7451,24 @@ components: type: string deprecated: true require_mfa_to_approve: - description: A bool representing whether or not to require MFA for reviewers to approve requests for this group. + description: + A bool representing whether or not to require MFA for reviewers to + approve requests for this group. example: False type: boolean require_mfa_to_request: - description: A bool representing whether or not to require MFA for requesting access to this group. Deprecated in favor of `request_configurations`. + description: + A bool representing whether or not to require MFA for requesting + access to this group. Deprecated in favor of + `request_configurations`. example: False type: boolean deprecated: true auto_approval: - description: A bool representing whether or not to automatically approve requests to this group. Deprecated in favor of `request_configurations`. + description: + A bool representing whether or not to automatically approve + requests to this group. Deprecated in favor of + `request_configurations`. example: False type: boolean deprecated: true @@ -6718,13 +7478,17 @@ components: format: uuid type: string request_template_id: - description: The ID of the associated request template. Deprecated in favor of `request_configurations`. + description: + The ID of the associated request template. Deprecated in favor of + `request_configurations`. example: 06851574-e50d-40ca-8c78-f72ae6ab4304 format: uuid type: string deprecated: true is_requestable: - description: A bool representing whether or not to allow access requests to this group. Deprecated in favor of `request_configurations`. + description: + A bool representing whether or not to allow access requests to this + group. Deprecated in favor of `request_configurations`. example: False type: boolean deprecated: true @@ -6735,7 +7499,10 @@ components: format: uuid type: array extensions_duration_in_minutes: - description: The duration for which access can be extended (in minutes). Deprecated, set the extension duration in the request_configuration you want it to apply to. + description: + The duration for which access can be extended (in minutes). + Deprecated, set the extension duration in the request_configuration + you want it to apply to. type: integer example: 120 deprecated: true @@ -6743,9 +7510,14 @@ components: type: array items: $ref: "#/components/schemas/RequestConfiguration" - description: The request configuration list of the configuration template. If not provided, the default request configuration will be used. + description: + The request configuration list of the configuration template. If + not provided, the default request configuration will be used. request_configuration_list: - description: The request configuration list of the configuration template. If not provided, the default request configuration will be used. Deprecated in favor of `request_configurations`. + description: + The request configuration list of the configuration template. If + not provided, the default request configuration will be used. + Deprecated in favor of `request_configurations`. $ref: "#/components/schemas/CreateRequestConfigurationInfoList" deprecated: true example: @@ -6784,7 +7556,9 @@ components: stage: 1 priority: 1 custom_request_notification: - description: Custom request notification sent to the requester when the request is approved. + description: + Custom request notification sent to the requester when the request + is approved. type: string maxLength: 800 nullable: true @@ -6825,6 +7599,9 @@ components: - GRAFANA_TEAM - CLICKHOUSE_ROLE - TWINGATE_GROUP + - TWINGATE_GROUP_SYNCED + - ZENDESK_GROUP + - ZENDESK_ORGANIZATION example: OPAL_GROUP type: string ResourceTypeEnum: @@ -6914,8 +7691,98 @@ components: - CLICKHOUSE_DATABASE - CLICKHOUSE_TABLE - TWINGATE_RESOURCE + - ZENDESK_ROLE example: AWS_IAM_ROLE type: string + EntityItemTypeEnum: + description: Granular subtype of an entity. + enum: + - USER + - SERVICE_USER + - ACTIVE_DIRECTORY_GROUP + - AWS_SSO_GROUP + - DUO_GROUP + - GIT_HUB_TEAM + - GIT_LAB_GROUP + - GOOGLE_GROUPS_GROUP + - GOOGLE_GROUPS_GKE_GROUP + - LDAP_GROUP + - OKTA_GROUP + - OKTA_GROUP_RULE + - TAILSCALE_GROUP + - TWINGATE_GROUP + - TWINGATE_GROUP_SYNCED + - OPAL_GROUP + - OPAL_ACCESS_RULE + - AZURE_AD_SECURITY_GROUP + - AZURE_AD_MICROSOFT_365_GROUP + - CONNECTOR_GROUP + - SNOWFLAKE_ROLE + - WORKDAY_USER_SECURITY_GROUP + - DATABRICKS_ACCOUNT_GROUP + - AWS_IAM_ROLE + - AWS_EC2_INSTANCE + - AWS_EKS_CLUSTER + - AWS_RDS_POSTGRES_INSTANCE + - AWS_RDS_POSTGRES_CLUSTER + - AWS_RDS_MYSQL_INSTANCE + - AWS_RDS_MYSQL_CLUSTER + - AWS_ACCOUNT + - AWS_SSO_PERMISSION_SET + - AZURE_MANAGEMENT_GROUP + - AZURE_RESOURCE_GROUP + - AZURE_SUBSCRIPTION + - AZURE_VIRTUAL_MACHINE + - AZURE_STORAGE_ACCOUNT + - AZURE_STORAGE_CONTAINER + - AZURE_SQL_SERVER + - AZURE_SQL_MANAGED_INSTANCE + - AZURE_SQL_DATABASE + - AZURE_SQL_MANAGED_DATABASE + - AZURE_USER_ASSIGNED_MANAGED_Identity + - AZURE_ENTRA_ID_ROLE + - AZURE_ENTERPRISE_APP + - CUSTOM + - CUSTOM_CONNECTOR + - GCP_ORGANIZATION + - GCP_BUCKET + - GCP_COMPUTE_INSTANCE + - GCP_BIG_QUERY_DATASET + - GCP_BIG_QUERY_TABLE + - GCP_FOLDER + - GCP_GKE_CLUSTER + - GCP_PROJECT + - GCP_CLOUD_SQL_POSTGRES_INSTANCE + - GCP_CLOUD_SQL_MYSQL_INSTANCE + - GCP_SERVICE_ACCOUNT + - GIT_HUB_REPO + - GIT_HUB_ORG_ROLE + - GIT_LAB_PROJECT + - GOOGLE_WORKSPACE_ROLE + - MONGO_INSTANCE + - MONGO_ATLAS_INSTANCE + - OKTA_APP + - OKTA_ROLE + - OPAL_ROLE + - OPAL_SCOPED_ROLE + - PAGERDUTY_ROLE + - TAILSCALE_SSH + - TWINGATE_RESOURCE + - SALESFORCE_PERMISSION_SET + - SALESFORCE_PROFILE + - SALESFORCE_ROLE + - SNOWFLAKE_DATABASE + - SNOWFLAKE_SCHEMA + - SNOWFLAKE_TABLE + - WORKDAY_ROLE + - MYSQL_INSTANCE + - MARIADB_INSTANCE + - POSTGRES_INSTANCE + - TELEPORT_ROLE + - DATABRICKS_ACCOUNT_SERVICE_PRINCIPAL + - ILEVEL_ADVANCED_ROLE + example: OPAL_ROLE + type: string VisibilityTypeEnum: description: The visibility level of the entity. enum: @@ -6997,7 +7864,9 @@ components: example: finance-team type: string hidden_from_end_user: - description: A bool representing whether or not the group is hidden from the end user. + description: + A bool representing whether or not the group is hidden from the end + user. example: False type: boolean required: @@ -7161,7 +8030,9 @@ components: required: - message_channel_ids OnCallScheduleIDList: - description: A list of on call schedule Opal UUIDs. To get the matching remote IDs, use the /on-call-schedules endpoints. + description: + A list of on call schedule Opal UUIDs. To get the matching remote + IDs, use the /on-call-schedules endpoints. example: on_call_schedule_ids: - 9546209c-42c2-4801-96d7-9ec42df0f59c @@ -7218,7 +8089,9 @@ components: example: False type: boolean operator: - description: The operator of the reviewer stage. Admin and manager approval are also treated as reviewers. + description: + The operator of the reviewer stage. Admin and manager approval are + also treated as reviewers. enum: - AND - OR @@ -7375,7 +8248,11 @@ components: description: "The database engine for the RDS instance." enum: [MYSQL, POSTGRESQL] GroupRemoteInfo: - description: Information that defines the remote group. This replaces the deprecated remote_id and metadata fields. If remote_info is provided, a group will be imported into Opal. For group types that support group creation through Opal, a new group will be created if remote_info is not provided. + description: Information that defines the remote group. This replaces the + deprecated remote_id and metadata fields. If remote_info is provided, a + group will be imported into Opal. For group types that support group + creation through Opal, a new group will be created if remote_info is not + provided. properties: active_directory_group: description: Remote info for Active Directory group. @@ -7407,6 +8284,16 @@ components: type: object required: - group_id + twingate_group_synced: + description: Remote info for Twingate synced group. + properties: + group_id: + description: The id of the Twingate synced group. + example: R3JvdXA6MTIzNA== + type: string + type: object + required: + - group_id aws_sso_group: description: Remote info for AWS SSO group. properties: @@ -7449,6 +8336,9 @@ components: description: The slug of the GitHub team. example: opal-security type: string + org_name: + description: GitHub team's org name, required only for Enterprise + type: string type: object required: - team_slug @@ -7612,9 +8502,41 @@ components: type: object required: - role_id + grafana_team: + description: Remote info for Grafana team. + properties: + team_id: + description: The ID of the team. + example: 2323 + type: string + type: object + required: + - team_id + zendesk_group: + description: Remote info for Zendesk group. + properties: + group_id: + description: The ID of the Zendesk group. + example: "12345" + type: string + type: object + required: + - group_id + zendesk_organization: + description: Remote info for Zendesk organization. + properties: + organization_id: + description: The ID of the Zendesk organization. + example: "67890" + type: string + type: object + required: + - organization_id type: object ResourceRemoteInfo: - description: Information that defines the remote resource. This replaces the deprecated remote_id and metadata fields. + description: + Information that defines the remote resource. This replaces the + deprecated remote_id and metadata fields. properties: databricks_account_service_principal: description: Remote info for Databricks account service principal. @@ -7745,7 +8667,9 @@ components: description: Remote info for Azure Enterprise App. properties: resource_id: - description: The remote application identifier (service principal or application object ID). + description: + The remote application identifier (service principal or application + object ID). example: aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee type: string type: object @@ -7783,7 +8707,9 @@ components: example: 234234234234 type: string organizational_unit_id: - description: The id of the AWS organizational unit. Required only if customer has OUs enabled. + description: + The id of the AWS organizational unit. Required only if customer + has OUs enabled. example: ou-1234 type: string type: object @@ -7797,7 +8723,9 @@ components: example: arn:aws:sso:::permissionSet/asdf-32139302d201d32/ps-f03323201211e1b9 type: string account_id: - description: The ID of an AWS account to which this permission set is provisioned. + description: + The ID of an AWS account to which this permission set is + provisioned. example: 234234234234 type: string type: object @@ -7857,7 +8785,9 @@ components: example: 234234234234 type: string database_name: - description: The name of the database in the RDS cluster. This can be the value of the tag `opal:database-name` or the database name. + description: + The name of the database in the RDS cluster. This can be the value + of the tag `opal:database-name` or the database name. example: mydatabase type: string engine: @@ -7917,7 +8847,9 @@ components: example: 01fa7402-01d8-103b-8deb-5f3a0ab7884 type: string can_have_usage_events: - description: A bool representing whether or not the resource can have usage data. + description: + A bool representing whether or not the resource can have usage + data. example: False type: boolean type: object @@ -8053,7 +8985,7 @@ components: type: string service_account_id: description: The id of the service account. - example: 103561576023829463298 + example: 103561576023829460000 type: string project_id: description: The id of the project the service account is in. @@ -8086,6 +9018,9 @@ components: description: The name of the repository. example: Opal Security type: string + org_name: + description: GitHub repo's org name, required only for Enterprise. + type: string type: object required: - repo_name @@ -8096,6 +9031,9 @@ components: description: The id of the role. example: 112233 type: string + org_name: + description: GitHub org role's org name, required only for Enterprise. + type: string type: object required: - role_id @@ -8440,10 +9378,52 @@ components: required: - database_name - table_name + grafana_folder: + description: Remote info for Grafana folder. + properties: + folder_uid: + description: The UID of the Grafana folder. + example: fffRTXX + type: string + type: object + required: + - folder_uid + grafana_dashboard: + description: Remote info for Grafana dashboard. + properties: + dashboard_uid: + description: The UID of the Grafana dashboard. + example: dddRTXX + type: string + type: object + required: + - dashboard_uid + grafana_role: + description: Remote info for Grafana role(fixed or custom). + properties: + role_uid: + description: The UID of the Grafana role. + example: rrfRTXX + type: string + type: object + required: + - role_uid + zendesk_role: + description: Remote info for Zendesk custom role. + properties: + role_id: + description: The ID of the Zendesk custom role. + example: "12345" + type: string + type: object + required: + - role_id type: object RiskSensitivityEnum: type: string - description: "Indicates the level of potential impact misuse or unauthorized access may incur." + description: + "Indicates the level of potential impact misuse or unauthorized + access may incur." enum: [UNKNOWN, CRITICAL, HIGH, MEDIUM, LOW, NONE] CreateResourceInfo: description: |- @@ -8487,7 +9467,11 @@ components: $ref: "#/components/schemas/ResourceRemoteInfo" remote_resource_id: deprecated: true - description: Deprecated - use remote_info instead. The ID of the resource on the remote system. Include only for items linked to remote systems. See [this guide](https://docs.opal.dev/reference/end-system-objects) for details on how to specify this field. + description: + Deprecated - use remote_info instead. The ID of the resource on the + remote system. Include only for items linked to remote systems. See + [this guide](https://docs.opal.dev/reference/end-system-objects) for + details on how to specify this field. example: API_ACCESS_MANAGEMENT_ADMIN-51d203da-313a-4fd9-8fcf-420ce6312345 type: string metadata: @@ -8801,7 +9785,11 @@ components: $ref: "#/components/schemas/GroupRemoteInfo" remote_group_id: deprecated: true - description: Deprecated - use remote_info instead. The ID of the group on the remote system. Include only for items linked to remote systems. See [this guide](https://docs.opal.dev/reference/end-system-objects) for details on how to specify this field. + description: + Deprecated - use remote_info instead. The ID of the group on the + remote system. Include only for items linked to remote systems. See + [this guide](https://docs.opal.dev/reference/end-system-objects) for + details on how to specify this field. example: 00g4fixjd6Bc9w012345 type: string metadata: @@ -8937,8 +9925,8 @@ components: properties: next: description: - The cursor with which to continue pagination if additional - result pages exist. + The cursor with which to continue pagination if additional result + pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw nullable: true type: string @@ -9065,7 +10053,9 @@ components: description: The stages configuration for this request $ref: "#/components/schemas/RequestItemStages" reviewer_stages: - description: The configured reviewer stages for every item in this request, or an error message if reviewers could not be loaded + description: + The configured reviewer stages for every item in this request, or + an error message if reviewers could not be loaded oneOf: - type: array items: @@ -9340,7 +10330,9 @@ components: items: $ref: "#/components/schemas/Request" cursor: - description: The cursor to use in the next request to get the next page of results. + description: + The cursor to use in the next request to get the next page of + results. type: string example: eyJjcmVhdGVkX2F0IjoiMjAyMS0wMS0wNlQyMDo0NzowMFoiLCJ2YWx1ZSI6ImFkbWluIn0= Resource: @@ -9401,40 +10393,59 @@ components: resource_type: $ref: "#/components/schemas/ResourceTypeEnum" max_duration: - description: The maximum duration for which the resource can be requested (in minutes). + description: + The maximum duration for which the resource can be requested (in + minutes). type: integer example: 120 recommended_duration: - description: The recommended duration for which the resource should be requested (in minutes). -1 represents an indefinite duration. + description: + The recommended duration for which the resource should be requested + (in minutes). -1 represents an indefinite duration. type: integer example: 120 extensions_duration_in_minutes: - description: The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration. + description: + The duration for which access can be extended (in minutes). Set to + 0 to disable extensions. When > 0, extensions are enabled for the + specified duration. type: integer example: 120 require_manager_approval: - description: A bool representing whether or not access requests to the resource require manager approval. + description: + A bool representing whether or not access requests to the resource + require manager approval. example: False type: boolean deprecated: true require_support_ticket: - description: A bool representing whether or not access requests to the resource require an access ticket. + description: + A bool representing whether or not access requests to the resource + require an access ticket. example: False type: boolean require_mfa_to_approve: - description: A bool representing whether or not to require MFA for reviewers to approve requests for this resource. + description: + A bool representing whether or not to require MFA for reviewers to + approve requests for this resource. example: False type: boolean require_mfa_to_request: - description: A bool representing whether or not to require MFA for requesting access to this resource. + description: + A bool representing whether or not to require MFA for requesting + access to this resource. example: False type: boolean require_mfa_to_connect: - description: A bool representing whether or not to require MFA to connect to this resource. + description: + A bool representing whether or not to require MFA to connect to + this resource. example: False type: boolean auto_approval: - description: A bool representing whether or not to automatically approve requests to this resource. + description: + A bool representing whether or not to automatically approve + requests to this resource. example: False type: boolean request_template_id: @@ -9443,7 +10454,9 @@ components: format: uuid type: string is_requestable: - description: A bool representing whether or not to allow access requests to this resource. + description: + A bool representing whether or not to allow access requests to this + resource. example: False type: boolean parent_resource_id: @@ -9462,7 +10475,9 @@ components: $ref: "#/components/schemas/RequestConfiguration" description: A list of configurations for requests to this resource. request_configuration_list: - description: A list of configurations for requests to this resource. Deprecated in favor of `request_configurations`. + description: + A list of configurations for requests to this resource. Deprecated + in favor of `request_configurations`. deprecated: true items: $ref: "#/components/schemas/RequestConfiguration" @@ -9475,7 +10490,9 @@ components: maxLength: 800 nullable: true risk_sensitivity: - description: The risk sensitivity level for the resource. When an override is set, this field will match that. + description: + The risk sensitivity level for the resource. When an override is + set, this field will match that. readOnly: true allOf: - $ref: "#/components/schemas/RiskSensitivityEnum" @@ -9483,7 +10500,11 @@ components: allOf: - $ref: "#/components/schemas/RiskSensitivityEnum" metadata: - description: JSON metadata about the remote resource. Only set for items linked to remote systems. See [this guide](https://docs.opal.dev/reference/end-system-objects) for details. + description: + JSON metadata about the remote resource. Only set for items linked + to remote systems. See [this + guide](https://docs.opal.dev/reference/end-system-objects) for + details. deprecated: true example: |- { @@ -9532,7 +10553,9 @@ components: example: arn:aws:sso:::permissionSet/asdf-32139302d201d32/ps-f03323201211e1b9 type: string account_id: - description: The ID of an AWS account to which this permission set is provisioned. + description: + The ID of an AWS account to which this permission set is + provisioned. example: 234234234234 type: string required: @@ -9600,22 +10623,34 @@ components: format: uuid type: string max_duration: - description: The maximum duration for which the resource can be requested (in minutes). Use -1 to set to indefinite. Deprecated in favor of `request_configurations`. + description: + The maximum duration for which the resource can be requested (in + minutes). Use -1 to set to indefinite. Deprecated in favor of + `request_configurations`. type: integer example: 120 deprecated: true recommended_duration: - description: The recommended duration for which the resource should be requested (in minutes). Will be the default value in a request. Use -1 to set to indefinite and 0 to unset. Deprecated in favor of `request_configurations`. + description: + The recommended duration for which the resource should be requested + (in minutes). Will be the default value in a request. Use -1 to set + to indefinite and 0 to unset. Deprecated in favor of + `request_configurations`. type: integer example: 120 deprecated: true require_manager_approval: - description: A bool representing whether or not access requests to the resource require manager approval. + description: + A bool representing whether or not access requests to the resource + require manager approval. example: False type: boolean deprecated: true require_support_ticket: - description: A bool representing whether or not access requests to the resource require an access ticket. Deprecated in favor of `request_configurations`. + description: + A bool representing whether or not access requests to the resource + require an access ticket. Deprecated in favor of + `request_configurations`. example: False type: boolean deprecated: true @@ -9626,20 +10661,30 @@ components: type: string deprecated: true require_mfa_to_approve: - description: A bool representing whether or not to require MFA for reviewers to approve requests for this resource. + description: + A bool representing whether or not to require MFA for reviewers to + approve requests for this resource. example: False type: boolean require_mfa_to_request: - description: A bool representing whether or not to require MFA for requesting access to this resource. Deprecated in favor of `request_configurations`. + description: + A bool representing whether or not to require MFA for requesting + access to this resource. Deprecated in favor of + `request_configurations`. example: False type: boolean deprecated: true require_mfa_to_connect: - description: A bool representing whether or not to require MFA to connect to this resource. + description: + A bool representing whether or not to require MFA to connect to + this resource. example: False type: boolean auto_approval: - description: A bool representing whether or not to automatically approve requests to this resource. Deprecated in favor of `request_configurations`. + description: + A bool representing whether or not to automatically approve + requests to this resource. Deprecated in favor of + `request_configurations`. example: False type: boolean deprecated: true @@ -9660,28 +10705,46 @@ components: format: uuid type: string request_template_id: - description: The ID of the associated request template. Deprecated in favor of `request_configurations`. + description: + The ID of the associated request template. Deprecated in favor of + `request_configurations`. example: 06851574-e50d-40ca-8c78-f72ae6ab4304 format: uuid type: string deprecated: true is_requestable: - description: A bool representing whether or not to allow access requests to this resource. Deprecated in favor of `request_configurations`. + description: + A bool representing whether or not to allow access requests to this + resource. Deprecated in favor of `request_configurations`. example: False type: boolean deprecated: true extensions_duration_in_minutes: - description: The duration for which access can be extended (in minutes). Deprecated, set the extension duration in the request_configuration you want it to apply to. + description: + The duration for which access can be extended (in minutes). + Deprecated, set the extension duration in the request_configuration + you want it to apply to. type: integer example: 120 deprecated: true + parent_resource_id: + description: The ID of the parent resource. + example: f454d283-ca67-4a8a-bdbb-df212eca5345 + format: uuid + type: string + nullable: true request_configurations: type: array items: $ref: "#/components/schemas/RequestConfiguration" - description: A list of configurations for requests to this resource. If not provided, the default request configuration will be used. + description: + A list of configurations for requests to this resource. If not + provided, the default request configuration will be used. request_configuration_list: - description: A list of configurations for requests to this resource. If not provided, the default request configuration will be used. Deprecated in favor of `request_configurations`. + description: + A list of configurations for requests to this resource. If not + provided, the default request configuration will be used. Deprecated + in favor of `request_configurations`. $ref: "#/components/schemas/CreateRequestConfigurationInfoList" deprecated: true example: @@ -9744,8 +10807,8 @@ components: properties: next: description: - The cursor with which to continue pagination if additional - result pages exist. + The cursor with which to continue pagination if additional result + pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw nullable: true type: string @@ -9882,8 +10945,8 @@ components: properties: next: description: - The cursor with which to continue pagination if additional - result pages exist. + The cursor with which to continue pagination if additional result + pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw nullable: true type: string @@ -10098,6 +11161,23 @@ components: - name - admin_owner_id - description + PaginatedAccessRulesList: + properties: + next: + description: The cursor with which to continue pagination if additional result pages exist. + example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw + type: string + previous: + description: The cursor used to retrieve the previous page of results. + example: cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ + type: string + results: + items: + $ref: "#/components/schemas/AccessRule" + type: array + required: + - results + type: object AccessRule: description: |- # Access Rule Object @@ -10105,7 +11185,7 @@ components: The `AccessRule` object is used to represent an access rule configuration. ### Usage Example - Get access rule configurations from the `GET Access Rule Configs` endpoint. + List access rules from the `GET /access-rules` endpoint, or retrieve a single access rule from the `GET /access-rules/{access_rule_id}` endpoint. properties: access_rule_id: description: The ID (group ID) of the access rule. @@ -10164,6 +11244,10 @@ components: type: array items: $ref: "#/components/schemas/TagSelector" + attribute_selectors: + type: array + items: + $ref: "#/components/schemas/UserAttributeSelector" required: - selectors TagSelector: @@ -10179,6 +11263,19 @@ components: - key - value - connection_id + UserAttributeSelector: + properties: + attribute: + type: string + enum: + - HR_IDP_STATUS + values: + type: array + items: + type: string + required: + - attribute + - values PaginatedOwnersList: example: next: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw @@ -10195,8 +11292,8 @@ components: properties: next: description: - The cursor with which to continue pagination if additional - result pages exist. + The cursor with which to continue pagination if additional result + pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw nullable: true type: string @@ -10237,7 +11334,9 @@ components: example: This owner represents the API team owners. type: string access_request_escalation_period: - description: The amount of time (in minutes) before the next reviewer is notified. Use 0 to remove escalation policy. + description: + The amount of time (in minutes) before the next reviewer is + notified. Use 0 to remove escalation policy. type: integer example: 120 reviewer_message_channel_id: @@ -10275,11 +11374,15 @@ components: example: This owner represents the API team owners. type: string access_request_escalation_period: - description: The amount of time (in minutes) before the next reviewer is notified. Use 0 to remove escalation policy. + description: + The amount of time (in minutes) before the next reviewer is + notified. Use 0 to remove escalation policy. type: integer example: 120 user_ids: - description: Users to add to the created owner. If setting a source_group_id this list must be empty. + description: + Users to add to the created owner. If setting a source_group_id + this list must be empty. example: - 7870617d-e72a-47f5-a84c-693817ab4567 - 1520617d-e72a-47f5-a84c-693817ab48ad2 @@ -10345,15 +11448,21 @@ components: example: This owner represents the API team owners. type: string access_request_escalation_period: - description: The amount of time (in minutes) before the next reviewer is notified. Use 0 to remove escalation policy. + description: + The amount of time (in minutes) before the next reviewer is + notified. Use 0 to remove escalation policy. example: 120 type: integer reviewer_message_channel_id: - description: The message channel id for the reviewer channel. Use "" to remove an existing message channel. + description: + The message channel id for the reviewer channel. Use "" to remove + an existing message channel. example: 37cb7e41-12ba-46da-92ff-030abe0450b1 type: string source_group_id: - description: Sync this owner's user list with a source group. Use "" to remove an existing source group. + description: + Sync this owner's user list with a source group. Use "" to remove + an existing source group. example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 format: uuid type: string @@ -10422,31 +11531,46 @@ components: description: The condition for the request configuration. $ref: "#/components/schemas/Condition" allow_requests: - description: A bool representing whether or not to allow requests for this resource. + description: + A bool representing whether or not to allow requests for this + resource. example: True type: boolean auto_approval: - description: A bool representing whether or not to automatically approve requests for this resource. + description: + A bool representing whether or not to automatically approve + requests for this resource. example: False type: boolean require_mfa_to_request: - description: A bool representing whether or not to require MFA for requesting access to this resource. + description: + A bool representing whether or not to require MFA for requesting + access to this resource. example: False type: boolean max_duration_minutes: - description: The maximum duration for which the resource can be requested (in minutes). + description: + The maximum duration for which the resource can be requested (in + minutes). type: integer example: 120 recommended_duration_minutes: - description: The recommended duration for which the resource should be requested (in minutes). -1 represents an indefinite duration. + description: + The recommended duration for which the resource should be requested + (in minutes). -1 represents an indefinite duration. type: integer example: 120 require_support_ticket: - description: A bool representing whether or not access requests to the resource require an access ticket. + description: + A bool representing whether or not access requests to the resource + require an access ticket. example: False type: boolean extensions_duration_in_minutes: - description: The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration. + description: + The duration for which access can be extended (in minutes). Set to + 0 to disable extensions. When > 0, extensions are enabled for the + specified duration. type: integer example: 120 request_template_id: @@ -10575,7 +11699,9 @@ components: example: private $ref: "#/components/schemas/VisibilityInfo" linked_audit_message_channel_ids: - description: The IDs of the audit message channels linked to the configuration template. + description: + The IDs of the audit message channels linked to the configuration + template. example: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 @@ -10584,7 +11710,9 @@ components: format: uuid type: array member_oncall_schedule_ids: - description: The IDs of the on-call schedules linked to the configuration template. + description: + The IDs of the on-call schedules linked to the configuration + template. example: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 @@ -10593,7 +11721,9 @@ components: format: uuid type: array break_glass_user_ids: - description: The IDs of the break glass users linked to the configuration template. + description: + The IDs of the break glass users linked to the configuration + template. example: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 @@ -10602,11 +11732,15 @@ components: format: uuid type: array require_mfa_to_approve: - description: A bool representing whether or not to require MFA for reviewers to approve requests for this configuration template. + description: + A bool representing whether or not to require MFA for reviewers to + approve requests for this configuration template. example: False type: boolean require_mfa_to_connect: - description: A bool representing whether or not to require MFA to connect to resources associated with this configuration template. + description: + A bool representing whether or not to require MFA to connect to + resources associated with this configuration template. example: False type: boolean name: @@ -10617,9 +11751,14 @@ components: type: array items: $ref: "#/components/schemas/RequestConfiguration" - description: The request configuration list of the configuration template. If not provided, the default request configuration will be used. + description: + The request configuration list of the configuration template. If + not provided, the default request configuration will be used. request_configuration_list: - description: The request configuration list of the configuration template. If not provided, the default request configuration will be used. Deprecated in favor of `request_configurations`. + description: + The request configuration list of the configuration template. If + not provided, the default request configuration will be used. + Deprecated in favor of `request_configurations`. $ref: "#/components/schemas/CreateRequestConfigurationInfoList" deprecated: true example: @@ -10660,7 +11799,9 @@ components: ticket_propagation: $ref: "#/components/schemas/TicketPropagationConfiguration" custom_request_notification: - description: Custom request notification sent upon request approval for this configuration template. + description: + Custom request notification sent upon request approval for this + configuration template. type: string maxLength: 800 nullable: true @@ -10710,7 +11851,9 @@ components: example: private $ref: "#/components/schemas/VisibilityInfo" linked_audit_message_channel_ids: - description: The IDs of the audit message channels linked to the configuration template. + description: + The IDs of the audit message channels linked to the configuration + template. example: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 @@ -10719,12 +11862,16 @@ components: format: uuid type: array request_configuration_id: - description: The ID of the request configuration linked to the configuration template. + description: + The ID of the request configuration linked to the configuration + template. example: 7c86c85d-0651-43e2-a748-d69d658418e8 format: uuid type: string member_oncall_schedule_ids: - description: The IDs of the on-call schedules linked to the configuration template. + description: + The IDs of the on-call schedules linked to the configuration + template. example: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 7c86c85d-0651-43e2-a748-d69d658418e8 @@ -10733,7 +11880,9 @@ components: format: uuid type: array break_glass_user_ids: - description: The IDs of the break glass users linked to the configuration template. + description: + The IDs of the break glass users linked to the configuration + template. example: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 @@ -10742,23 +11891,31 @@ components: format: uuid type: array require_mfa_to_approve: - description: A bool representing whether or not to require MFA for reviewers to approve requests for this configuration template. + description: + A bool representing whether or not to require MFA for reviewers to + approve requests for this configuration template. example: False type: boolean require_mfa_to_connect: - description: A bool representing whether or not to require MFA to connect to resources associated with this configuration template. + description: + A bool representing whether or not to require MFA to connect to + resources associated with this configuration template. example: False type: boolean ticket_propagation: $ref: "#/components/schemas/TicketPropagationConfiguration" custom_request_notification: - description: Custom request notification sent upon request approval for this configuration template. + description: + Custom request notification sent upon request approval for this + configuration template. type: string maxLength: 800 nullable: true example: "Check your email to register your account." TicketPropagationConfiguration: - description: Configuration for ticket propagation, when enabled, a ticket will be created for access changes related to the users in this resource. + description: + Configuration for ticket propagation, when enabled, a ticket will + be created for access changes related to the users in this resource. type: object properties: enabled_on_grant: @@ -10819,7 +11976,9 @@ components: example: private $ref: "#/components/schemas/VisibilityInfo" linked_audit_message_channel_ids: - description: The IDs of the audit message channels linked to the configuration template. + description: + The IDs of the audit message channels linked to the configuration + template. example: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 @@ -10833,7 +11992,9 @@ components: $ref: "#/components/schemas/RequestConfiguration" description: The request configuration list linked to the configuration template. request_configuration_list: - description: The request configuration list linked to the configuration template. Deprecated in favor of `request_configurations`. + description: + The request configuration list linked to the configuration + template. Deprecated in favor of `request_configurations`. $ref: "#/components/schemas/CreateRequestConfigurationInfoList" deprecated: true example: @@ -10872,7 +12033,9 @@ components: stage: 1 priority: 1 member_oncall_schedule_ids: - description: The IDs of the on-call schedules linked to the configuration template. + description: + The IDs of the on-call schedules linked to the configuration + template. example: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 7c86c85d-0651-43e2-a748-d69d658418e8 @@ -10881,7 +12044,9 @@ components: format: uuid type: array break_glass_user_ids: - description: The IDs of the break glass users linked to the configuration template. + description: + The IDs of the break glass users linked to the configuration + template. example: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 @@ -10890,17 +12055,23 @@ components: format: uuid type: array require_mfa_to_approve: - description: A bool representing whether or not to require MFA for reviewers to approve requests for this configuration template. + description: + A bool representing whether or not to require MFA for reviewers to + approve requests for this configuration template. example: False type: boolean require_mfa_to_connect: - description: A bool representing whether or not to require MFA to connect to resources associated with this configuration template. + description: + A bool representing whether or not to require MFA to connect to + resources associated with this configuration template. example: False type: boolean ticket_propagation: $ref: "#/components/schemas/TicketPropagationConfiguration" custom_request_notification: - description: Custom request notification sent upon request approval for this configuration template. + description: + Custom request notification sent upon request approval for this + configuration template. type: string maxLength: 800 nullable: true @@ -10944,7 +12115,9 @@ components: type: object properties: id: - description: The ID of the resource requested. Should not be specified if group_id is specified. + description: + The ID of the resource requested. Should not be specified if + group_id is specified. example: group283-ca87-4a8a-bdbb-df212eca5353 format: uuid type: string @@ -10953,7 +12126,10 @@ components: example: arn:aws:iam::490306337630:role/SupportUser type: string access_level_name: - description: The ID of the access level requested on the remote system. This field is deprecated and no longer required. We will populate based on the access_level_remote_id. + description: + The ID of the access level requested on the remote system. This + field is deprecated and no longer required. We will populate + based on the access_level_remote_id. example: arn:aws:iam::490306337630:role/SupportUser type: string deprecated: true @@ -10963,7 +12139,9 @@ components: type: object properties: id: - description: The ID of the group requested. Should not be specified if resource_id is specified. + description: + The ID of the group requested. Should not be specified if + resource_id is specified. example: f454d283-ca87-4a8a-bdbb-df212eca5353 format: uuid type: string @@ -10978,12 +12156,16 @@ components: required: - id target_user_id: - description: The ID of the user to be granted access. Should not be specified if target_group_id is specified. + description: + The ID of the user to be granted access. Should not be specified if + target_group_id is specified. example: userd283-ca87-4a8a-bdbb-df212eca5353 format: uuid type: string target_group_id: - description: The ID of the group the request is for. Should not be specified if target_user_id is specified. + description: + The ID of the group the request is for. Should not be specified if + target_user_id is specified. example: userd283-ca87-4a8a-bdbb-df212eca5353 format: uuid type: string @@ -11006,7 +12188,9 @@ components: - identifier - url duration_minutes: - description: The duration of the request in minutes. -1 represents an indefinite duration + description: + The duration of the request in minutes. -1 represents an indefinite + duration type: integer minimum: -1 custom_metadata: @@ -11161,8 +12345,8 @@ components: type: string next: description: - The cursor with which to continue pagination if additional - result pages exist. + The cursor with which to continue pagination if additional result + pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw nullable: true type: string @@ -11217,8 +12401,8 @@ components: type: string next: description: - The cursor with which to continue pagination if additional - result pages exist. + The cursor with which to continue pagination if additional result + pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw nullable: true type: string @@ -11273,8 +12457,8 @@ components: type: string next: description: - The cursor with which to continue pagination if additional - result pages exist. + The cursor with which to continue pagination if additional result + pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw nullable: true type: string @@ -11309,7 +12493,9 @@ components: type: object properties: target_ids: - description: The IDs of the entities that this permission applies to. If empty of missing, the permission will have untargeted scope. + description: + The IDs of the entities that this permission applies to. If empty + of missing, the permission will have untargeted scope. example: - a381e7a3-e5e0-4c48-b1d6-4ccb4c191bc1 - 8294e9c9-deb6-48e9-9c99-da2a1e04a87f @@ -11329,7 +12515,9 @@ components: - allow_all SyncTask: type: object - description: Represents a sync task that has been completed, either successfully or with errors. + description: + Represents a sync task that has been completed, either successfully + or with errors. properties: id: description: The ID of the sync task. @@ -11421,7 +12609,9 @@ components: items: $ref: "#/components/schemas/Delegation" next: - description: The cursor with which to continue pagination if additional result pages exist. + description: + The cursor with which to continue pagination if additional result + pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw nullable: true type: string @@ -11436,7 +12626,8 @@ components: type: integer CreateDelegationRequest: type: object - description: Request body for creating a new delegation of access review requests from one user to another. + description: Request body for creating a new delegation of access review + requests from one user to another. properties: delegator_user_id: description: The ID of the user delegating their access review requests. @@ -11474,6 +12665,161 @@ components: - READ_ONLY - FULL_ACCESS type: string + EventStreamConnectionTypeEnum: + description: The type of event stream connection. + enum: + - WEBHOOK + type: string + WebhookAuthTypeEnum: + description: The authentication type for webhook connections. + enum: + - NONE + - API_KEY + - HMAC + type: string + WebhookApiKeyLocationEnum: + description: Where the API key is placed in webhook requests. + enum: + - HEADER + - QUERY_PARAM + type: string + WebhookApiKeyCredential: + description: An API key credential for webhook authentication. + properties: + id: + description: The unique identifier for the credential. + format: uuid + type: string + name: + description: The name of the API key. + type: string + value: + description: The value of the API key. + type: string + location: + $ref: "#/components/schemas/WebhookApiKeyLocationEnum" + required: + - id + - name + - value + - location + type: object + WebhookHmacCredential: + description: An HMAC credential for webhook authentication. + properties: + id: + description: The unique identifier for the credential. + format: uuid + type: string + secret: + description: The HMAC secret value. + type: string + created_at: + description: When the credential was created. + format: date-time + type: string + required: + - id + - secret + - created_at + type: object + WebhookCredentials: + description: Authentication credentials for a webhook connection. + properties: + auth_type: + $ref: "#/components/schemas/WebhookAuthTypeEnum" + api_key_credentials: + description: API key credentials, present when auth_type is API_KEY. + items: + $ref: "#/components/schemas/WebhookApiKeyCredential" + type: array + hmac_credential_1: + description: Primary HMAC credential, present when auth_type is HMAC. + nullable: true + $ref: "#/components/schemas/WebhookHmacCredential" + hmac_credential_2: + description: Secondary HMAC credential for rotation, present when auth_type is HMAC. + nullable: true + $ref: "#/components/schemas/WebhookHmacCredential" + required: + - auth_type + type: object + EventStreamConnection: + description: The connection configuration for an event stream. + properties: + name: + description: The name of the connection. + type: string + connection_type: + $ref: "#/components/schemas/EventStreamConnectionTypeEnum" + enabled: + description: Whether the connection is enabled. + type: boolean + webhook_url: + description: The webhook URL, present when connection_type is WEBHOOK. + type: string + credentials: + $ref: "#/components/schemas/WebhookCredentials" + required: + - name + - connection_type + - enabled + type: object + EventStream: + description: An event streaming connection that publishes events to an external system. + properties: + event_stream_id: + description: The ID of the event stream. + format: uuid + type: string + connection: + $ref: "#/components/schemas/EventStreamConnection" + required: + - event_stream_id + - connection + type: object + EventStreamList: + description: A list of event streams. + properties: + event_streams: + items: + $ref: "#/components/schemas/EventStream" + type: array + required: + - event_streams + type: object + CreateEventStreamInfo: + description: Information needed to create an event stream. + properties: + name: + description: The name for the event stream. + type: string + connection_type: + $ref: "#/components/schemas/EventStreamConnectionTypeEnum" + webhook_url: + description: The webhook URL. Required when connection_type is WEBHOOK. + type: string + credentials: + $ref: "#/components/schemas/WebhookCredentials" + required: + - name + - connection_type + type: object + UpdateEventStreamInfo: + description: Information needed to update an event stream. + properties: + name: + description: Updated name for the event stream. + type: string + enabled: + description: Whether the event stream should be enabled. + type: boolean + webhook_url: + description: Updated webhook URL. + type: string + credentials: + $ref: "#/components/schemas/WebhookCredentials" + type: object Token: description: A first-party API token. example: @@ -11544,7 +12890,9 @@ components: access_level: READ_ONLY properties: next: - description: The cursor with which to continue pagination if additional result pages exist. + description: + The cursor with which to continue pagination if additional result + pages exist. example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw nullable: true type: string diff --git a/docs/AccessEntityFilters.md b/docs/AccessEntityFilters.md new file mode 100644 index 0000000..73e34e2 --- /dev/null +++ b/docs/AccessEntityFilters.md @@ -0,0 +1,40 @@ +# AccessEntityFilters + +Filters for matching entities by type, name, tag, IDs, connections, or access levels. Supports recursive logical composition via allOf/anyOf. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**entity_types** | **List[str]** | Filter by entity type. Only RESOURCE, GROUP, and USER are queryable via OpalQuery. | [optional] +**entity_item_types** | [**List[EntityItemTypeEnum]**](EntityItemTypeEnum.md) | Filter by entity item types. | [optional] +**entity_name** | [**EntityNameFilter**](EntityNameFilter.md) | | [optional] +**entity_tag** | [**EntityTagFilter**](EntityTagFilter.md) | | [optional] +**entity_ids** | **List[UUID]** | Filter by specific entity UUIDs. | [optional] +**imported_from_app** | **List[UUID]** | Filter by app IDs from which returned nodes will be imported from. | [optional] +**role_remote_ids** | **List[str]** | Filter by role remote IDs. Can only be applied within a hasAccessTo clause. | [optional] +**role_names** | **List[str]** | Filter by role display names (e.g. \"Admin\", \"Read\"). Can only be applied within a hasAccessTo clause. | [optional] +**all_of** | [**List[AccessEntityFilters]**](AccessEntityFilters.md) | A list of nested filters that must all match (logical AND). Each item has the same shape as this object — scalar fields like `entityTypes` or `entityTag`, and can further nest `allOf`, `anyOf`, or `not`. | [optional] +**any_of** | [**List[AccessEntityFilters]**](AccessEntityFilters.md) | A list of nested filters where at least one must match (logical OR). Each item has the same shape as this object. | [optional] +**var_not** | **object** | Excludes entities matching the embedded filter (logical NOT). Pass a filter object with the same shape as this one — typically a single scalar field, like `{not: {entityTypes: [\"RESOURCE\"]}}` to exclude resources. | [optional] + +## Example + +```python +from opal_security.models.access_entity_filters import AccessEntityFilters + +# TODO update the JSON string below +json = "{}" +# create an instance of AccessEntityFilters from a JSON string +access_entity_filters_instance = AccessEntityFilters.from_json(json) +# print the JSON string representation of the object +print(AccessEntityFilters.to_json()) + +# convert the object into a dict +access_entity_filters_dict = access_entity_filters_instance.to_dict() +# create an instance of AccessEntityFilters from a dict +access_entity_filters_from_dict = AccessEntityFilters.from_dict(access_entity_filters_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/AccessRelationshipFilters.md b/docs/AccessRelationshipFilters.md new file mode 100644 index 0000000..e301208 --- /dev/null +++ b/docs/AccessRelationshipFilters.md @@ -0,0 +1,31 @@ +# AccessRelationshipFilters + +Filters the returned nodes by the access edges connected to them. When `isAccessibleBy` and `hasAccessTo` are provided, the returned nodes must satisfy both edge constraints simultaneously. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**is_accessible_by** | [**AccessEntityFilters**](AccessEntityFilters.md) | Inbound-edge filter. The returned node must be accessible by at least one entity matching this filter. | [optional] +**has_access_to** | [**AccessEntityFilters**](AccessEntityFilters.md) | Outbound-edge filter. The returned node must have access to at least one entity matching this filter. | [optional] + +## Example + +```python +from opal_security.models.access_relationship_filters import AccessRelationshipFilters + +# TODO update the JSON string below +json = "{}" +# create an instance of AccessRelationshipFilters from a JSON string +access_relationship_filters_instance = AccessRelationshipFilters.from_json(json) +# print the JSON string representation of the object +print(AccessRelationshipFilters.to_json()) + +# convert the object into a dict +access_relationship_filters_dict = access_relationship_filters_instance.to_dict() +# create an instance of AccessRelationshipFilters from a dict +access_relationship_filters_from_dict = AccessRelationshipFilters.from_dict(access_relationship_filters_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/AccessRule.md b/docs/AccessRule.md index fd609da..ed45494 100644 --- a/docs/AccessRule.md +++ b/docs/AccessRule.md @@ -1,6 +1,6 @@ # AccessRule -# Access Rule Object ### Description The `AccessRule` object is used to represent an access rule configuration. ### Usage Example Get access rule configurations from the `GET Access Rule Configs` endpoint. +# Access Rule Object ### Description The `AccessRule` object is used to represent an access rule configuration. ### Usage Example List access rules from the `GET /access-rules` endpoint, or retrieve a single access rule from the `GET /access-rules/{access_rule_id}` endpoint. ## Properties diff --git a/docs/AccessRulesApi.md b/docs/AccessRulesApi.md index 34e92d3..964e471 100644 --- a/docs/AccessRulesApi.md +++ b/docs/AccessRulesApi.md @@ -6,6 +6,7 @@ Method | HTTP request | Description ------------- | ------------- | ------------- [**create_access_rule**](AccessRulesApi.md#create_access_rule) | **POST** /access-rules | [**get_access_rule**](AccessRulesApi.md#get_access_rule) | **GET** /access-rules/{access_rule_id} | +[**get_access_rules**](AccessRulesApi.md#get_access_rules) | **GET** /access-rules | [**update_access_rule**](AccessRulesApi.md#update_access_rule) | **PUT** /access-rules/{access_rule_id} | @@ -164,6 +165,85 @@ Name | Type | Description | Notes [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +# **get_access_rules** +> PaginatedAccessRulesList get_access_rules(cursor=cursor, page_size=page_size) + +Returns a list of access rules for your organization. + +### Example + +* Bearer Authentication (BearerAuth): + +```python +import opal_security +from opal_security.models.paginated_access_rules_list import PaginatedAccessRulesList +from opal_security.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to https://api.opal.dev/v1 +# See configuration.py for a list of all supported configuration parameters. +import opal_security as opal + +configuration = opal.Configuration( + host = "https://api.opal.dev/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure Bearer authorization: BearerAuth +configuration = opal.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with opal_security.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = opal_security.AccessRulesApi(api_client) + cursor = 'cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw' # str | The pagination cursor value. (optional) + page_size = 200 # int | Number of results to return per page. Default is 200. (optional) + + try: + api_response = api_instance.get_access_rules(cursor=cursor, page_size=page_size) + print("The response of AccessRulesApi->get_access_rules:\n") + pprint(api_response) + except Exception as e: + print("Exception when calling AccessRulesApi->get_access_rules: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **cursor** | **str**| The pagination cursor value. | [optional] + **page_size** | **int**| Number of results to return per page. Default is 200. | [optional] + +### Return type + +[**PaginatedAccessRulesList**](PaginatedAccessRulesList.md) + +### Authorization + +[BearerAuth](../README.md#BearerAuth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | One page of access rules for your organization. | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + # **update_access_rule** > AccessRule update_access_rule(access_rule_id, update_access_rule_info) diff --git a/docs/CreateEventStreamInfo.md b/docs/CreateEventStreamInfo.md new file mode 100644 index 0000000..dbb36ff --- /dev/null +++ b/docs/CreateEventStreamInfo.md @@ -0,0 +1,33 @@ +# CreateEventStreamInfo + +Information needed to create an event stream. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**name** | **str** | The name for the event stream. | +**connection_type** | [**EventStreamConnectionTypeEnum**](EventStreamConnectionTypeEnum.md) | | +**webhook_url** | **str** | The webhook URL. Required when connection_type is WEBHOOK. | [optional] +**credentials** | [**WebhookCredentials**](WebhookCredentials.md) | | [optional] + +## Example + +```python +from opal_security.models.create_event_stream_info import CreateEventStreamInfo + +# TODO update the JSON string below +json = "{}" +# create an instance of CreateEventStreamInfo from a JSON string +create_event_stream_info_instance = CreateEventStreamInfo.from_json(json) +# print the JSON string representation of the object +print(CreateEventStreamInfo.to_json()) + +# convert the object into a dict +create_event_stream_info_dict = create_event_stream_info_instance.to_dict() +# create an instance of CreateEventStreamInfo from a dict +create_event_stream_info_from_dict = CreateEventStreamInfo.from_dict(create_event_stream_info_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/EntityItemTypeEnum.md b/docs/EntityItemTypeEnum.md new file mode 100644 index 0000000..63e8d34 --- /dev/null +++ b/docs/EntityItemTypeEnum.md @@ -0,0 +1,177 @@ +# EntityItemTypeEnum + +Granular subtype of an entity. + +## Enum + +* `USER` (value: `'USER'`) + +* `SERVICE_USER` (value: `'SERVICE_USER'`) + +* `ACTIVE_DIRECTORY_GROUP` (value: `'ACTIVE_DIRECTORY_GROUP'`) + +* `AWS_SSO_GROUP` (value: `'AWS_SSO_GROUP'`) + +* `DUO_GROUP` (value: `'DUO_GROUP'`) + +* `GIT_HUB_TEAM` (value: `'GIT_HUB_TEAM'`) + +* `GIT_LAB_GROUP` (value: `'GIT_LAB_GROUP'`) + +* `GOOGLE_GROUPS_GROUP` (value: `'GOOGLE_GROUPS_GROUP'`) + +* `GOOGLE_GROUPS_GKE_GROUP` (value: `'GOOGLE_GROUPS_GKE_GROUP'`) + +* `LDAP_GROUP` (value: `'LDAP_GROUP'`) + +* `OKTA_GROUP` (value: `'OKTA_GROUP'`) + +* `OKTA_GROUP_RULE` (value: `'OKTA_GROUP_RULE'`) + +* `TAILSCALE_GROUP` (value: `'TAILSCALE_GROUP'`) + +* `TWINGATE_GROUP` (value: `'TWINGATE_GROUP'`) + +* `TWINGATE_GROUP_SYNCED` (value: `'TWINGATE_GROUP_SYNCED'`) + +* `OPAL_GROUP` (value: `'OPAL_GROUP'`) + +* `OPAL_ACCESS_RULE` (value: `'OPAL_ACCESS_RULE'`) + +* `AZURE_AD_SECURITY_GROUP` (value: `'AZURE_AD_SECURITY_GROUP'`) + +* `AZURE_AD_MICROSOFT_365_GROUP` (value: `'AZURE_AD_MICROSOFT_365_GROUP'`) + +* `CONNECTOR_GROUP` (value: `'CONNECTOR_GROUP'`) + +* `SNOWFLAKE_ROLE` (value: `'SNOWFLAKE_ROLE'`) + +* `WORKDAY_USER_SECURITY_GROUP` (value: `'WORKDAY_USER_SECURITY_GROUP'`) + +* `DATABRICKS_ACCOUNT_GROUP` (value: `'DATABRICKS_ACCOUNT_GROUP'`) + +* `AWS_IAM_ROLE` (value: `'AWS_IAM_ROLE'`) + +* `AWS_EC2_INSTANCE` (value: `'AWS_EC2_INSTANCE'`) + +* `AWS_EKS_CLUSTER` (value: `'AWS_EKS_CLUSTER'`) + +* `AWS_RDS_POSTGRES_INSTANCE` (value: `'AWS_RDS_POSTGRES_INSTANCE'`) + +* `AWS_RDS_POSTGRES_CLUSTER` (value: `'AWS_RDS_POSTGRES_CLUSTER'`) + +* `AWS_RDS_MYSQL_INSTANCE` (value: `'AWS_RDS_MYSQL_INSTANCE'`) + +* `AWS_RDS_MYSQL_CLUSTER` (value: `'AWS_RDS_MYSQL_CLUSTER'`) + +* `AWS_ACCOUNT` (value: `'AWS_ACCOUNT'`) + +* `AWS_SSO_PERMISSION_SET` (value: `'AWS_SSO_PERMISSION_SET'`) + +* `AZURE_MANAGEMENT_GROUP` (value: `'AZURE_MANAGEMENT_GROUP'`) + +* `AZURE_RESOURCE_GROUP` (value: `'AZURE_RESOURCE_GROUP'`) + +* `AZURE_SUBSCRIPTION` (value: `'AZURE_SUBSCRIPTION'`) + +* `AZURE_VIRTUAL_MACHINE` (value: `'AZURE_VIRTUAL_MACHINE'`) + +* `AZURE_STORAGE_ACCOUNT` (value: `'AZURE_STORAGE_ACCOUNT'`) + +* `AZURE_STORAGE_CONTAINER` (value: `'AZURE_STORAGE_CONTAINER'`) + +* `AZURE_SQL_SERVER` (value: `'AZURE_SQL_SERVER'`) + +* `AZURE_SQL_MANAGED_INSTANCE` (value: `'AZURE_SQL_MANAGED_INSTANCE'`) + +* `AZURE_SQL_DATABASE` (value: `'AZURE_SQL_DATABASE'`) + +* `AZURE_SQL_MANAGED_DATABASE` (value: `'AZURE_SQL_MANAGED_DATABASE'`) + +* `AZURE_USER_ASSIGNED_MANAGED_IDENTITY` (value: `'AZURE_USER_ASSIGNED_MANAGED_Identity'`) + +* `AZURE_ENTRA_ID_ROLE` (value: `'AZURE_ENTRA_ID_ROLE'`) + +* `AZURE_ENTERPRISE_APP` (value: `'AZURE_ENTERPRISE_APP'`) + +* `CUSTOM` (value: `'CUSTOM'`) + +* `CUSTOM_CONNECTOR` (value: `'CUSTOM_CONNECTOR'`) + +* `GCP_ORGANIZATION` (value: `'GCP_ORGANIZATION'`) + +* `GCP_BUCKET` (value: `'GCP_BUCKET'`) + +* `GCP_COMPUTE_INSTANCE` (value: `'GCP_COMPUTE_INSTANCE'`) + +* `GCP_BIG_QUERY_DATASET` (value: `'GCP_BIG_QUERY_DATASET'`) + +* `GCP_BIG_QUERY_TABLE` (value: `'GCP_BIG_QUERY_TABLE'`) + +* `GCP_FOLDER` (value: `'GCP_FOLDER'`) + +* `GCP_GKE_CLUSTER` (value: `'GCP_GKE_CLUSTER'`) + +* `GCP_PROJECT` (value: `'GCP_PROJECT'`) + +* `GCP_CLOUD_SQL_POSTGRES_INSTANCE` (value: `'GCP_CLOUD_SQL_POSTGRES_INSTANCE'`) + +* `GCP_CLOUD_SQL_MYSQL_INSTANCE` (value: `'GCP_CLOUD_SQL_MYSQL_INSTANCE'`) + +* `GCP_SERVICE_ACCOUNT` (value: `'GCP_SERVICE_ACCOUNT'`) + +* `GIT_HUB_REPO` (value: `'GIT_HUB_REPO'`) + +* `GIT_HUB_ORG_ROLE` (value: `'GIT_HUB_ORG_ROLE'`) + +* `GIT_LAB_PROJECT` (value: `'GIT_LAB_PROJECT'`) + +* `GOOGLE_WORKSPACE_ROLE` (value: `'GOOGLE_WORKSPACE_ROLE'`) + +* `MONGO_INSTANCE` (value: `'MONGO_INSTANCE'`) + +* `MONGO_ATLAS_INSTANCE` (value: `'MONGO_ATLAS_INSTANCE'`) + +* `OKTA_APP` (value: `'OKTA_APP'`) + +* `OKTA_ROLE` (value: `'OKTA_ROLE'`) + +* `OPAL_ROLE` (value: `'OPAL_ROLE'`) + +* `OPAL_SCOPED_ROLE` (value: `'OPAL_SCOPED_ROLE'`) + +* `PAGERDUTY_ROLE` (value: `'PAGERDUTY_ROLE'`) + +* `TAILSCALE_SSH` (value: `'TAILSCALE_SSH'`) + +* `TWINGATE_RESOURCE` (value: `'TWINGATE_RESOURCE'`) + +* `SALESFORCE_PERMISSION_SET` (value: `'SALESFORCE_PERMISSION_SET'`) + +* `SALESFORCE_PROFILE` (value: `'SALESFORCE_PROFILE'`) + +* `SALESFORCE_ROLE` (value: `'SALESFORCE_ROLE'`) + +* `SNOWFLAKE_DATABASE` (value: `'SNOWFLAKE_DATABASE'`) + +* `SNOWFLAKE_SCHEMA` (value: `'SNOWFLAKE_SCHEMA'`) + +* `SNOWFLAKE_TABLE` (value: `'SNOWFLAKE_TABLE'`) + +* `WORKDAY_ROLE` (value: `'WORKDAY_ROLE'`) + +* `MYSQL_INSTANCE` (value: `'MYSQL_INSTANCE'`) + +* `MARIADB_INSTANCE` (value: `'MARIADB_INSTANCE'`) + +* `POSTGRES_INSTANCE` (value: `'POSTGRES_INSTANCE'`) + +* `TELEPORT_ROLE` (value: `'TELEPORT_ROLE'`) + +* `DATABRICKS_ACCOUNT_SERVICE_PRINCIPAL` (value: `'DATABRICKS_ACCOUNT_SERVICE_PRINCIPAL'`) + +* `ILEVEL_ADVANCED_ROLE` (value: `'ILEVEL_ADVANCED_ROLE'`) + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/EntityNameFilter.md b/docs/EntityNameFilter.md new file mode 100644 index 0000000..0ed4f59 --- /dev/null +++ b/docs/EntityNameFilter.md @@ -0,0 +1,31 @@ +# EntityNameFilter + +Filters entities by name using a string match strategy. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**string_match_type** | [**StringMatchType**](StringMatchType.md) | | +**string** | **str** | The string value to match against the entity name. | + +## Example + +```python +from opal_security.models.entity_name_filter import EntityNameFilter + +# TODO update the JSON string below +json = "{}" +# create an instance of EntityNameFilter from a JSON string +entity_name_filter_instance = EntityNameFilter.from_json(json) +# print the JSON string representation of the object +print(EntityNameFilter.to_json()) + +# convert the object into a dict +entity_name_filter_dict = entity_name_filter_instance.to_dict() +# create an instance of EntityNameFilter from a dict +entity_name_filter_from_dict = EntityNameFilter.from_dict(entity_name_filter_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/EntityTagFilter.md b/docs/EntityTagFilter.md new file mode 100644 index 0000000..f481abb --- /dev/null +++ b/docs/EntityTagFilter.md @@ -0,0 +1,32 @@ +# EntityTagFilter + +Filters entities by a tag key/value pair, optionally scoped to a connection. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**key** | **str** | The tag key to filter by. | +**value** | **str** | The tag value to filter by. If omitted, matches any value for the given key. | [optional] +**connection_id** | **UUID** | If specified, filters by tags associated with this connection. | [optional] + +## Example + +```python +from opal_security.models.entity_tag_filter import EntityTagFilter + +# TODO update the JSON string below +json = "{}" +# create an instance of EntityTagFilter from a JSON string +entity_tag_filter_instance = EntityTagFilter.from_json(json) +# print the JSON string representation of the object +print(EntityTagFilter.to_json()) + +# convert the object into a dict +entity_tag_filter_dict = entity_tag_filter_instance.to_dict() +# create an instance of EntityTagFilter from a dict +entity_tag_filter_from_dict = EntityTagFilter.from_dict(entity_tag_filter_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/EventStream.md b/docs/EventStream.md new file mode 100644 index 0000000..9683400 --- /dev/null +++ b/docs/EventStream.md @@ -0,0 +1,31 @@ +# EventStream + +An event streaming connection that publishes events to an external system. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**event_stream_id** | **UUID** | The ID of the event stream. | +**connection** | [**EventStreamConnection**](EventStreamConnection.md) | | + +## Example + +```python +from opal_security.models.event_stream import EventStream + +# TODO update the JSON string below +json = "{}" +# create an instance of EventStream from a JSON string +event_stream_instance = EventStream.from_json(json) +# print the JSON string representation of the object +print(EventStream.to_json()) + +# convert the object into a dict +event_stream_dict = event_stream_instance.to_dict() +# create an instance of EventStream from a dict +event_stream_from_dict = EventStream.from_dict(event_stream_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/EventStreamConnection.md b/docs/EventStreamConnection.md new file mode 100644 index 0000000..a488ad4 --- /dev/null +++ b/docs/EventStreamConnection.md @@ -0,0 +1,34 @@ +# EventStreamConnection + +The connection configuration for an event stream. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**name** | **str** | The name of the connection. | +**connection_type** | [**EventStreamConnectionTypeEnum**](EventStreamConnectionTypeEnum.md) | | +**enabled** | **bool** | Whether the connection is enabled. | +**webhook_url** | **str** | The webhook URL, present when connection_type is WEBHOOK. | [optional] +**credentials** | [**WebhookCredentials**](WebhookCredentials.md) | | [optional] + +## Example + +```python +from opal_security.models.event_stream_connection import EventStreamConnection + +# TODO update the JSON string below +json = "{}" +# create an instance of EventStreamConnection from a JSON string +event_stream_connection_instance = EventStreamConnection.from_json(json) +# print the JSON string representation of the object +print(EventStreamConnection.to_json()) + +# convert the object into a dict +event_stream_connection_dict = event_stream_connection_instance.to_dict() +# create an instance of EventStreamConnection from a dict +event_stream_connection_from_dict = EventStreamConnection.from_dict(event_stream_connection_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/EventStreamConnectionTypeEnum.md b/docs/EventStreamConnectionTypeEnum.md new file mode 100644 index 0000000..cde8f30 --- /dev/null +++ b/docs/EventStreamConnectionTypeEnum.md @@ -0,0 +1,11 @@ +# EventStreamConnectionTypeEnum + +The type of event stream connection. + +## Enum + +* `WEBHOOK` (value: `'WEBHOOK'`) + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/EventStreamList.md b/docs/EventStreamList.md new file mode 100644 index 0000000..d3193a1 --- /dev/null +++ b/docs/EventStreamList.md @@ -0,0 +1,30 @@ +# EventStreamList + +A list of event streams. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**event_streams** | [**List[EventStream]**](EventStream.md) | | + +## Example + +```python +from opal_security.models.event_stream_list import EventStreamList + +# TODO update the JSON string below +json = "{}" +# create an instance of EventStreamList from a JSON string +event_stream_list_instance = EventStreamList.from_json(json) +# print the JSON string representation of the object +print(EventStreamList.to_json()) + +# convert the object into a dict +event_stream_list_dict = event_stream_list_instance.to_dict() +# create an instance of EventStreamList from a dict +event_stream_list_from_dict = EventStreamList.from_dict(event_stream_list_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/EventStreamsApi.md b/docs/EventStreamsApi.md new file mode 100644 index 0000000..ac3c82a --- /dev/null +++ b/docs/EventStreamsApi.md @@ -0,0 +1,329 @@ +# opal_security.EventStreamsApi + +All URIs are relative to *https://api.opal.dev/v1* + +Method | HTTP request | Description +------------- | ------------- | ------------- +[**create_event_stream**](EventStreamsApi.md#create_event_stream) | **POST** /event-streams | Create event stream +[**delete_event_stream**](EventStreamsApi.md#delete_event_stream) | **DELETE** /event-streams/{event_stream_id} | Delete event stream +[**get_event_streams**](EventStreamsApi.md#get_event_streams) | **GET** /event-streams | Get event streams +[**update_event_stream**](EventStreamsApi.md#update_event_stream) | **PUT** /event-streams/{event_stream_id} | Update event stream + + +# **create_event_stream** +> EventStream create_event_stream(create_event_stream_info) + +Create event stream + +Creates a new event streaming connection. + +### Example + +* Bearer Authentication (BearerAuth): + +```python +import opal_security +from opal_security.models.create_event_stream_info import CreateEventStreamInfo +from opal_security.models.event_stream import EventStream +from opal_security.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to https://api.opal.dev/v1 +# See configuration.py for a list of all supported configuration parameters. +import opal_security as opal + +configuration = opal.Configuration( + host = "https://api.opal.dev/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure Bearer authorization: BearerAuth +configuration = opal.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with opal_security.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = opal_security.EventStreamsApi(api_client) + create_event_stream_info = opal_security.CreateEventStreamInfo() # CreateEventStreamInfo | + + try: + # Create event stream + api_response = api_instance.create_event_stream(create_event_stream_info) + print("The response of EventStreamsApi->create_event_stream:\n") + pprint(api_response) + except Exception as e: + print("Exception when calling EventStreamsApi->create_event_stream: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **create_event_stream_info** | [**CreateEventStreamInfo**](CreateEventStreamInfo.md)| | + +### Return type + +[**EventStream**](EventStream.md) + +### Authorization + +[BearerAuth](../README.md#BearerAuth) + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | The event stream just created. Credentials are returned in clear text only on creation. | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **delete_event_stream** +> delete_event_stream(event_stream_id) + +Delete event stream + +Deletes an event streaming connection. + +### Example + +* Bearer Authentication (BearerAuth): + +```python +import opal_security +from opal_security.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to https://api.opal.dev/v1 +# See configuration.py for a list of all supported configuration parameters. +import opal_security as opal + +configuration = opal.Configuration( + host = "https://api.opal.dev/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure Bearer authorization: BearerAuth +configuration = opal.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with opal_security.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = opal_security.EventStreamsApi(api_client) + event_stream_id = UUID('4baf8423-db0a-4037-a4cf-f79c60cb67a5') # UUID | The ID of the event stream. + + try: + # Delete event stream + api_instance.delete_event_stream(event_stream_id) + except Exception as e: + print("Exception when calling EventStreamsApi->delete_event_stream: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **event_stream_id** | **UUID**| The ID of the event stream. | + +### Return type + +void (empty response body) + +### Authorization + +[BearerAuth](../README.md#BearerAuth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: Not defined + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | The event stream was successfully deleted. | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **get_event_streams** +> EventStreamList get_event_streams() + +Get event streams + +Returns a list of configured event streaming connections for your organization. + +### Example + +* Bearer Authentication (BearerAuth): + +```python +import opal_security +from opal_security.models.event_stream_list import EventStreamList +from opal_security.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to https://api.opal.dev/v1 +# See configuration.py for a list of all supported configuration parameters. +import opal_security as opal + +configuration = opal.Configuration( + host = "https://api.opal.dev/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure Bearer authorization: BearerAuth +configuration = opal.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with opal_security.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = opal_security.EventStreamsApi(api_client) + + try: + # Get event streams + api_response = api_instance.get_event_streams() + print("The response of EventStreamsApi->get_event_streams:\n") + pprint(api_response) + except Exception as e: + print("Exception when calling EventStreamsApi->get_event_streams: %s\n" % e) +``` + + + +### Parameters + +This endpoint does not need any parameter. + +### Return type + +[**EventStreamList**](EventStreamList.md) + +### Authorization + +[BearerAuth](../README.md#BearerAuth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | A list of event streams for your organization. | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **update_event_stream** +> EventStream update_event_stream(event_stream_id, update_event_stream_info) + +Update event stream + +Updates an existing event streaming connection. + +### Example + +* Bearer Authentication (BearerAuth): + +```python +import opal_security +from opal_security.models.event_stream import EventStream +from opal_security.models.update_event_stream_info import UpdateEventStreamInfo +from opal_security.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to https://api.opal.dev/v1 +# See configuration.py for a list of all supported configuration parameters. +import opal_security as opal + +configuration = opal.Configuration( + host = "https://api.opal.dev/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure Bearer authorization: BearerAuth +configuration = opal.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with opal_security.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = opal_security.EventStreamsApi(api_client) + event_stream_id = UUID('4baf8423-db0a-4037-a4cf-f79c60cb67a5') # UUID | The ID of the event stream. + update_event_stream_info = opal_security.UpdateEventStreamInfo() # UpdateEventStreamInfo | + + try: + # Update event stream + api_response = api_instance.update_event_stream(event_stream_id, update_event_stream_info) + print("The response of EventStreamsApi->update_event_stream:\n") + pprint(api_response) + except Exception as e: + print("Exception when calling EventStreamsApi->update_event_stream: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **event_stream_id** | **UUID**| The ID of the event stream. | + **update_event_stream_info** | [**UpdateEventStreamInfo**](UpdateEventStreamInfo.md)| | + +### Return type + +[**EventStream**](EventStream.md) + +### Authorization + +[BearerAuth](../README.md#BearerAuth) + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | The updated event stream. | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + diff --git a/docs/GroupRemoteInfo.md b/docs/GroupRemoteInfo.md index 9246310..0e9e896 100644 --- a/docs/GroupRemoteInfo.md +++ b/docs/GroupRemoteInfo.md @@ -9,6 +9,7 @@ Name | Type | Description | Notes **active_directory_group** | [**GroupRemoteInfoActiveDirectoryGroup**](GroupRemoteInfoActiveDirectoryGroup.md) | | [optional] **tailscale_group** | [**GroupRemoteInfoTailscaleGroup**](GroupRemoteInfoTailscaleGroup.md) | | [optional] **twingate_group** | [**GroupRemoteInfoTwingateGroup**](GroupRemoteInfoTwingateGroup.md) | | [optional] +**twingate_group_synced** | [**GroupRemoteInfoTwingateGroupSynced**](GroupRemoteInfoTwingateGroupSynced.md) | | [optional] **aws_sso_group** | [**GroupRemoteInfoAwsSsoGroup**](GroupRemoteInfoAwsSsoGroup.md) | | [optional] **databricks_account_group** | [**GroupRemoteInfoDatabricksAccountGroup**](GroupRemoteInfoDatabricksAccountGroup.md) | | [optional] **connector_group** | [**GroupRemoteInfoConnectorGroup**](GroupRemoteInfoConnectorGroup.md) | | [optional] @@ -29,6 +30,9 @@ Name | Type | Description | Notes **rootly_on_call_schedule** | [**GroupRemoteInfoRootlyOnCallSchedule**](GroupRemoteInfoRootlyOnCallSchedule.md) | | [optional] **devin_group** | [**GroupRemoteInfoDevinGroup**](GroupRemoteInfoDevinGroup.md) | | [optional] **clickhouse_role** | [**GroupRemoteInfoClickhouseRole**](GroupRemoteInfoClickhouseRole.md) | | [optional] +**grafana_team** | [**GroupRemoteInfoGrafanaTeam**](GroupRemoteInfoGrafanaTeam.md) | | [optional] +**zendesk_group** | [**GroupRemoteInfoZendeskGroup**](GroupRemoteInfoZendeskGroup.md) | | [optional] +**zendesk_organization** | [**GroupRemoteInfoZendeskOrganization**](GroupRemoteInfoZendeskOrganization.md) | | [optional] ## Example diff --git a/docs/GroupRemoteInfoGithubTeam.md b/docs/GroupRemoteInfoGithubTeam.md index dc5af6a..0403811 100644 --- a/docs/GroupRemoteInfoGithubTeam.md +++ b/docs/GroupRemoteInfoGithubTeam.md @@ -8,6 +8,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **team_id** | **str** | The id of the GitHub team. | [optional] **team_slug** | **str** | The slug of the GitHub team. | +**org_name** | **str** | GitHub team's org name, required only for Enterprise | [optional] ## Example diff --git a/docs/GroupRemoteInfoGrafanaTeam.md b/docs/GroupRemoteInfoGrafanaTeam.md new file mode 100644 index 0000000..97635c4 --- /dev/null +++ b/docs/GroupRemoteInfoGrafanaTeam.md @@ -0,0 +1,30 @@ +# GroupRemoteInfoGrafanaTeam + +Remote info for Grafana team. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**team_id** | **str** | The ID of the team. | + +## Example + +```python +from opal_security.models.group_remote_info_grafana_team import GroupRemoteInfoGrafanaTeam + +# TODO update the JSON string below +json = "{}" +# create an instance of GroupRemoteInfoGrafanaTeam from a JSON string +group_remote_info_grafana_team_instance = GroupRemoteInfoGrafanaTeam.from_json(json) +# print the JSON string representation of the object +print(GroupRemoteInfoGrafanaTeam.to_json()) + +# convert the object into a dict +group_remote_info_grafana_team_dict = group_remote_info_grafana_team_instance.to_dict() +# create an instance of GroupRemoteInfoGrafanaTeam from a dict +group_remote_info_grafana_team_from_dict = GroupRemoteInfoGrafanaTeam.from_dict(group_remote_info_grafana_team_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/GroupRemoteInfoTwingateGroupSynced.md b/docs/GroupRemoteInfoTwingateGroupSynced.md new file mode 100644 index 0000000..c836996 --- /dev/null +++ b/docs/GroupRemoteInfoTwingateGroupSynced.md @@ -0,0 +1,30 @@ +# GroupRemoteInfoTwingateGroupSynced + +Remote info for Twingate synced group. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**group_id** | **str** | The id of the Twingate synced group. | + +## Example + +```python +from opal_security.models.group_remote_info_twingate_group_synced import GroupRemoteInfoTwingateGroupSynced + +# TODO update the JSON string below +json = "{}" +# create an instance of GroupRemoteInfoTwingateGroupSynced from a JSON string +group_remote_info_twingate_group_synced_instance = GroupRemoteInfoTwingateGroupSynced.from_json(json) +# print the JSON string representation of the object +print(GroupRemoteInfoTwingateGroupSynced.to_json()) + +# convert the object into a dict +group_remote_info_twingate_group_synced_dict = group_remote_info_twingate_group_synced_instance.to_dict() +# create an instance of GroupRemoteInfoTwingateGroupSynced from a dict +group_remote_info_twingate_group_synced_from_dict = GroupRemoteInfoTwingateGroupSynced.from_dict(group_remote_info_twingate_group_synced_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/GroupRemoteInfoZendeskGroup.md b/docs/GroupRemoteInfoZendeskGroup.md new file mode 100644 index 0000000..aed0823 --- /dev/null +++ b/docs/GroupRemoteInfoZendeskGroup.md @@ -0,0 +1,30 @@ +# GroupRemoteInfoZendeskGroup + +Remote info for Zendesk group. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**group_id** | **str** | The ID of the Zendesk group. | + +## Example + +```python +from opal_security.models.group_remote_info_zendesk_group import GroupRemoteInfoZendeskGroup + +# TODO update the JSON string below +json = "{}" +# create an instance of GroupRemoteInfoZendeskGroup from a JSON string +group_remote_info_zendesk_group_instance = GroupRemoteInfoZendeskGroup.from_json(json) +# print the JSON string representation of the object +print(GroupRemoteInfoZendeskGroup.to_json()) + +# convert the object into a dict +group_remote_info_zendesk_group_dict = group_remote_info_zendesk_group_instance.to_dict() +# create an instance of GroupRemoteInfoZendeskGroup from a dict +group_remote_info_zendesk_group_from_dict = GroupRemoteInfoZendeskGroup.from_dict(group_remote_info_zendesk_group_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/GroupRemoteInfoZendeskOrganization.md b/docs/GroupRemoteInfoZendeskOrganization.md new file mode 100644 index 0000000..a5074dc --- /dev/null +++ b/docs/GroupRemoteInfoZendeskOrganization.md @@ -0,0 +1,30 @@ +# GroupRemoteInfoZendeskOrganization + +Remote info for Zendesk organization. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**organization_id** | **str** | The ID of the Zendesk organization. | + +## Example + +```python +from opal_security.models.group_remote_info_zendesk_organization import GroupRemoteInfoZendeskOrganization + +# TODO update the JSON string below +json = "{}" +# create an instance of GroupRemoteInfoZendeskOrganization from a JSON string +group_remote_info_zendesk_organization_instance = GroupRemoteInfoZendeskOrganization.from_json(json) +# print the JSON string representation of the object +print(GroupRemoteInfoZendeskOrganization.to_json()) + +# convert the object into a dict +group_remote_info_zendesk_organization_dict = group_remote_info_zendesk_organization_instance.to_dict() +# create an instance of GroupRemoteInfoZendeskOrganization from a dict +group_remote_info_zendesk_organization_from_dict = GroupRemoteInfoZendeskOrganization.from_dict(group_remote_info_zendesk_organization_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/GroupTypeEnum.md b/docs/GroupTypeEnum.md index 21cf51a..9d7670f 100644 --- a/docs/GroupTypeEnum.md +++ b/docs/GroupTypeEnum.md @@ -58,6 +58,12 @@ The type of the group. * `TWINGATE_GROUP` (value: `'TWINGATE_GROUP'`) +* `TWINGATE_GROUP_SYNCED` (value: `'TWINGATE_GROUP_SYNCED'`) + +* `ZENDESK_GROUP` (value: `'ZENDESK_GROUP'`) + +* `ZENDESK_ORGANIZATION` (value: `'ZENDESK_ORGANIZATION'`) + [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/docs/OpalNodeQuery.md b/docs/OpalNodeQuery.md new file mode 100644 index 0000000..7ed645d --- /dev/null +++ b/docs/OpalNodeQuery.md @@ -0,0 +1,33 @@ +# OpalNodeQuery + +Request body for a NODE-type OpalQuery. Returns entities (users, resources, groups) matching the given filters. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**type** | **str** | | +**query** | [**OpalNodeQueryBody**](OpalNodeQueryBody.md) | | [optional] +**first** | **int** | Maximum number of results to return. Defaults to 200. | [optional] +**after** | **str** | Cursor from a previous response to fetch the next page of results. | [optional] + +## Example + +```python +from opal_security.models.opal_node_query import OpalNodeQuery + +# TODO update the JSON string below +json = "{}" +# create an instance of OpalNodeQuery from a JSON string +opal_node_query_instance = OpalNodeQuery.from_json(json) +# print the JSON string representation of the object +print(OpalNodeQuery.to_json()) + +# convert the object into a dict +opal_node_query_dict = opal_node_query_instance.to_dict() +# create an instance of OpalNodeQuery from a dict +opal_node_query_from_dict = OpalNodeQuery.from_dict(opal_node_query_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/OpalNodeQueryBody.md b/docs/OpalNodeQueryBody.md new file mode 100644 index 0000000..1392680 --- /dev/null +++ b/docs/OpalNodeQueryBody.md @@ -0,0 +1,31 @@ +# OpalNodeQueryBody + +The filter body for a NODE-type OpalQuery. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**node_filters** | [**AccessEntityFilters**](AccessEntityFilters.md) | | [optional] +**access_filters** | [**AccessRelationshipFilters**](AccessRelationshipFilters.md) | | [optional] + +## Example + +```python +from opal_security.models.opal_node_query_body import OpalNodeQueryBody + +# TODO update the JSON string below +json = "{}" +# create an instance of OpalNodeQueryBody from a JSON string +opal_node_query_body_instance = OpalNodeQueryBody.from_json(json) +# print the JSON string representation of the object +print(OpalNodeQueryBody.to_json()) + +# convert the object into a dict +opal_node_query_body_dict = opal_node_query_body_instance.to_dict() +# create an instance of OpalNodeQueryBody from a dict +opal_node_query_body_from_dict = OpalNodeQueryBody.from_dict(opal_node_query_body_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/OpalNodeQueryResults.md b/docs/OpalNodeQueryResults.md new file mode 100644 index 0000000..4272577 --- /dev/null +++ b/docs/OpalNodeQueryResults.md @@ -0,0 +1,32 @@ +# OpalNodeQueryResults + +Paginated results of a NODE-type OpalQuery — one edge per matched entity (user, resource, or group). + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**type** | **str** | | +**edges** | [**List[OpalQueryResultEdge]**](OpalQueryResultEdge.md) | List of matched entities. | +**page_info** | [**PageInfo**](PageInfo.md) | | + +## Example + +```python +from opal_security.models.opal_node_query_results import OpalNodeQueryResults + +# TODO update the JSON string below +json = "{}" +# create an instance of OpalNodeQueryResults from a JSON string +opal_node_query_results_instance = OpalNodeQueryResults.from_json(json) +# print the JSON string representation of the object +print(OpalNodeQueryResults.to_json()) + +# convert the object into a dict +opal_node_query_results_dict = opal_node_query_results_instance.to_dict() +# create an instance of OpalNodeQueryResults from a dict +opal_node_query_results_from_dict = OpalNodeQueryResults.from_dict(opal_node_query_results_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/OpalQueriesApi.md b/docs/OpalQueriesApi.md new file mode 100644 index 0000000..3be1004 --- /dev/null +++ b/docs/OpalQueriesApi.md @@ -0,0 +1,90 @@ +# opal_security.OpalQueriesApi + +All URIs are relative to *https://api.opal.dev/v1* + +Method | HTTP request | Description +------------- | ------------- | ------------- +[**run_opal_query**](OpalQueriesApi.md#run_opal_query) | **POST** /queries/run | Run an ad-hoc OpalQuery + + +# **run_opal_query** +> OpalNodeQueryResults run_opal_query(body) + +Run an ad-hoc OpalQuery + +Runs an ad-hoc OpalQuery and returns the results. Currently supports NODE queries (users, resources, groups). This endpoint is only available to our OpalQuery beta group. Please contact Opal support if you'd like to be added to the beta. + +### Example + +* Bearer Authentication (BearerAuth): + +```python +import opal_security +from opal_security.models.opal_node_query import OpalNodeQuery +from opal_security.models.opal_node_query_results import OpalNodeQueryResults +from opal_security.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to https://api.opal.dev/v1 +# See configuration.py for a list of all supported configuration parameters. +import opal_security as opal + +configuration = opal.Configuration( + host = "https://api.opal.dev/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure Bearer authorization: BearerAuth +configuration = opal.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with opal_security.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = opal_security.OpalQueriesApi(api_client) + body = opal_security.OpalNodeQuery() # OpalNodeQuery | + + try: + # Run an ad-hoc OpalQuery + api_response = api_instance.run_opal_query(body) + print("The response of OpalQueriesApi->run_opal_query:\n") + pprint(api_response) + except Exception as e: + print("Exception when calling OpalQueriesApi->run_opal_query: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **body** | **OpalNodeQuery**| | + +### Return type + +[**OpalNodeQueryResults**](OpalNodeQueryResults.md) + +### Authorization + +[BearerAuth](../README.md#BearerAuth) + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | The results of the OpalQuery. | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + diff --git a/docs/OpalQueryResultEdge.md b/docs/OpalQueryResultEdge.md new file mode 100644 index 0000000..c51f4c2 --- /dev/null +++ b/docs/OpalQueryResultEdge.md @@ -0,0 +1,31 @@ +# OpalQueryResultEdge + +A single result edge from an OpalQuery, containing the matched entity and its pagination cursor. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**node** | [**OpalQueryResultNode**](OpalQueryResultNode.md) | | +**cursor** | **str** | Opaque cursor for this entity, used for pagination. | + +## Example + +```python +from opal_security.models.opal_query_result_edge import OpalQueryResultEdge + +# TODO update the JSON string below +json = "{}" +# create an instance of OpalQueryResultEdge from a JSON string +opal_query_result_edge_instance = OpalQueryResultEdge.from_json(json) +# print the JSON string representation of the object +print(OpalQueryResultEdge.to_json()) + +# convert the object into a dict +opal_query_result_edge_dict = opal_query_result_edge_instance.to_dict() +# create an instance of OpalQueryResultEdge from a dict +opal_query_result_edge_from_dict = OpalQueryResultEdge.from_dict(opal_query_result_edge_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/OpalQueryResultNode.md b/docs/OpalQueryResultNode.md new file mode 100644 index 0000000..32cf0e6 --- /dev/null +++ b/docs/OpalQueryResultNode.md @@ -0,0 +1,33 @@ +# OpalQueryResultNode + +A matched entity from an OpalQuery result. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**id** | **UUID** | The entity's unique identifier. | +**name** | **str** | The display name of the entity. | +**entity_type** | **str** | The top-level entity type. | +**entity_item_type** | [**EntityItemTypeEnum**](EntityItemTypeEnum.md) | | + +## Example + +```python +from opal_security.models.opal_query_result_node import OpalQueryResultNode + +# TODO update the JSON string below +json = "{}" +# create an instance of OpalQueryResultNode from a JSON string +opal_query_result_node_instance = OpalQueryResultNode.from_json(json) +# print the JSON string representation of the object +print(OpalQueryResultNode.to_json()) + +# convert the object into a dict +opal_query_result_node_dict = opal_query_result_node_instance.to_dict() +# create an instance of OpalQueryResultNode from a dict +opal_query_result_node_from_dict = OpalQueryResultNode.from_dict(opal_query_result_node_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/PaginatedAccessRulesList.md b/docs/PaginatedAccessRulesList.md new file mode 100644 index 0000000..26aa9b0 --- /dev/null +++ b/docs/PaginatedAccessRulesList.md @@ -0,0 +1,31 @@ +# PaginatedAccessRulesList + + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**next** | **str** | The cursor with which to continue pagination if additional result pages exist. | [optional] +**previous** | **str** | The cursor used to retrieve the previous page of results. | [optional] +**results** | [**List[AccessRule]**](AccessRule.md) | | + +## Example + +```python +from opal_security.models.paginated_access_rules_list import PaginatedAccessRulesList + +# TODO update the JSON string below +json = "{}" +# create an instance of PaginatedAccessRulesList from a JSON string +paginated_access_rules_list_instance = PaginatedAccessRulesList.from_json(json) +# print the JSON string representation of the object +print(PaginatedAccessRulesList.to_json()) + +# convert the object into a dict +paginated_access_rules_list_dict = paginated_access_rules_list_instance.to_dict() +# create an instance of PaginatedAccessRulesList from a dict +paginated_access_rules_list_from_dict = PaginatedAccessRulesList.from_dict(paginated_access_rules_list_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/ResourceRemoteInfo.md b/docs/ResourceRemoteInfo.md index b78ff34..0df523d 100644 --- a/docs/ResourceRemoteInfo.md +++ b/docs/ResourceRemoteInfo.md @@ -73,6 +73,10 @@ Name | Type | Description | Notes **datadog_role** | [**ResourceRemoteInfoDatadogRole**](ResourceRemoteInfoDatadogRole.md) | | [optional] **clickhouse_database** | [**ResourceRemoteInfoClickhouseDatabase**](ResourceRemoteInfoClickhouseDatabase.md) | | [optional] **clickhouse_table** | [**ResourceRemoteInfoClickhouseTable**](ResourceRemoteInfoClickhouseTable.md) | | [optional] +**grafana_folder** | [**ResourceRemoteInfoGrafanaFolder**](ResourceRemoteInfoGrafanaFolder.md) | | [optional] +**grafana_dashboard** | [**ResourceRemoteInfoGrafanaDashboard**](ResourceRemoteInfoGrafanaDashboard.md) | | [optional] +**grafana_role** | [**ResourceRemoteInfoGrafanaRole**](ResourceRemoteInfoGrafanaRole.md) | | [optional] +**zendesk_role** | [**ResourceRemoteInfoZendeskRole**](ResourceRemoteInfoZendeskRole.md) | | [optional] ## Example diff --git a/docs/ResourceRemoteInfoGithubOrgRole.md b/docs/ResourceRemoteInfoGithubOrgRole.md index 84d773f..309f2c7 100644 --- a/docs/ResourceRemoteInfoGithubOrgRole.md +++ b/docs/ResourceRemoteInfoGithubOrgRole.md @@ -7,6 +7,7 @@ Remote info for GitHub organization role. Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **role_id** | **str** | The id of the role. | +**org_name** | **str** | GitHub org role's org name, required only for Enterprise. | [optional] ## Example diff --git a/docs/ResourceRemoteInfoGithubRepo.md b/docs/ResourceRemoteInfoGithubRepo.md index 6c2fd3e..cfc5635 100644 --- a/docs/ResourceRemoteInfoGithubRepo.md +++ b/docs/ResourceRemoteInfoGithubRepo.md @@ -8,6 +8,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **repo_id** | **str** | The id of the repository. | [optional] **repo_name** | **str** | The name of the repository. | +**org_name** | **str** | GitHub repo's org name, required only for Enterprise. | [optional] ## Example diff --git a/docs/ResourceRemoteInfoGrafanaDashboard.md b/docs/ResourceRemoteInfoGrafanaDashboard.md new file mode 100644 index 0000000..e90f411 --- /dev/null +++ b/docs/ResourceRemoteInfoGrafanaDashboard.md @@ -0,0 +1,30 @@ +# ResourceRemoteInfoGrafanaDashboard + +Remote info for Grafana dashboard. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**dashboard_uid** | **str** | The UID of the Grafana dashboard. | + +## Example + +```python +from opal_security.models.resource_remote_info_grafana_dashboard import ResourceRemoteInfoGrafanaDashboard + +# TODO update the JSON string below +json = "{}" +# create an instance of ResourceRemoteInfoGrafanaDashboard from a JSON string +resource_remote_info_grafana_dashboard_instance = ResourceRemoteInfoGrafanaDashboard.from_json(json) +# print the JSON string representation of the object +print(ResourceRemoteInfoGrafanaDashboard.to_json()) + +# convert the object into a dict +resource_remote_info_grafana_dashboard_dict = resource_remote_info_grafana_dashboard_instance.to_dict() +# create an instance of ResourceRemoteInfoGrafanaDashboard from a dict +resource_remote_info_grafana_dashboard_from_dict = ResourceRemoteInfoGrafanaDashboard.from_dict(resource_remote_info_grafana_dashboard_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/ResourceRemoteInfoGrafanaFolder.md b/docs/ResourceRemoteInfoGrafanaFolder.md new file mode 100644 index 0000000..8ef59c6 --- /dev/null +++ b/docs/ResourceRemoteInfoGrafanaFolder.md @@ -0,0 +1,30 @@ +# ResourceRemoteInfoGrafanaFolder + +Remote info for Grafana folder. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**folder_uid** | **str** | The UID of the Grafana folder. | + +## Example + +```python +from opal_security.models.resource_remote_info_grafana_folder import ResourceRemoteInfoGrafanaFolder + +# TODO update the JSON string below +json = "{}" +# create an instance of ResourceRemoteInfoGrafanaFolder from a JSON string +resource_remote_info_grafana_folder_instance = ResourceRemoteInfoGrafanaFolder.from_json(json) +# print the JSON string representation of the object +print(ResourceRemoteInfoGrafanaFolder.to_json()) + +# convert the object into a dict +resource_remote_info_grafana_folder_dict = resource_remote_info_grafana_folder_instance.to_dict() +# create an instance of ResourceRemoteInfoGrafanaFolder from a dict +resource_remote_info_grafana_folder_from_dict = ResourceRemoteInfoGrafanaFolder.from_dict(resource_remote_info_grafana_folder_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/ResourceRemoteInfoGrafanaRole.md b/docs/ResourceRemoteInfoGrafanaRole.md new file mode 100644 index 0000000..6bda2fb --- /dev/null +++ b/docs/ResourceRemoteInfoGrafanaRole.md @@ -0,0 +1,30 @@ +# ResourceRemoteInfoGrafanaRole + +Remote info for Grafana role(fixed or custom). + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**role_uid** | **str** | The UID of the Grafana role. | + +## Example + +```python +from opal_security.models.resource_remote_info_grafana_role import ResourceRemoteInfoGrafanaRole + +# TODO update the JSON string below +json = "{}" +# create an instance of ResourceRemoteInfoGrafanaRole from a JSON string +resource_remote_info_grafana_role_instance = ResourceRemoteInfoGrafanaRole.from_json(json) +# print the JSON string representation of the object +print(ResourceRemoteInfoGrafanaRole.to_json()) + +# convert the object into a dict +resource_remote_info_grafana_role_dict = resource_remote_info_grafana_role_instance.to_dict() +# create an instance of ResourceRemoteInfoGrafanaRole from a dict +resource_remote_info_grafana_role_from_dict = ResourceRemoteInfoGrafanaRole.from_dict(resource_remote_info_grafana_role_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/ResourceRemoteInfoZendeskRole.md b/docs/ResourceRemoteInfoZendeskRole.md new file mode 100644 index 0000000..8ca41c9 --- /dev/null +++ b/docs/ResourceRemoteInfoZendeskRole.md @@ -0,0 +1,30 @@ +# ResourceRemoteInfoZendeskRole + +Remote info for Zendesk custom role. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**role_id** | **str** | The ID of the Zendesk custom role. | + +## Example + +```python +from opal_security.models.resource_remote_info_zendesk_role import ResourceRemoteInfoZendeskRole + +# TODO update the JSON string below +json = "{}" +# create an instance of ResourceRemoteInfoZendeskRole from a JSON string +resource_remote_info_zendesk_role_instance = ResourceRemoteInfoZendeskRole.from_json(json) +# print the JSON string representation of the object +print(ResourceRemoteInfoZendeskRole.to_json()) + +# convert the object into a dict +resource_remote_info_zendesk_role_dict = resource_remote_info_zendesk_role_instance.to_dict() +# create an instance of ResourceRemoteInfoZendeskRole from a dict +resource_remote_info_zendesk_role_from_dict = ResourceRemoteInfoZendeskRole.from_dict(resource_remote_info_zendesk_role_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/ResourceTypeEnum.md b/docs/ResourceTypeEnum.md index 485a8c5..1447f5c 100644 --- a/docs/ResourceTypeEnum.md +++ b/docs/ResourceTypeEnum.md @@ -172,6 +172,8 @@ The type of the resource. * `TWINGATE_RESOURCE` (value: `'TWINGATE_RESOURCE'`) +* `ZENDESK_ROLE` (value: `'ZENDESK_ROLE'`) + [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/docs/RuleDisjunction.md b/docs/RuleDisjunction.md index f478433..9c12b1b 100644 --- a/docs/RuleDisjunction.md +++ b/docs/RuleDisjunction.md @@ -6,6 +6,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **selectors** | [**List[TagSelector]**](TagSelector.md) | | +**attribute_selectors** | [**List[UserAttributeSelector]**](UserAttributeSelector.md) | | [optional] ## Example diff --git a/docs/StringMatchType.md b/docs/StringMatchType.md new file mode 100644 index 0000000..ab78865 --- /dev/null +++ b/docs/StringMatchType.md @@ -0,0 +1,17 @@ +# StringMatchType + +How to match a string value against entity names. + +## Enum + +* `CONTAINS` (value: `'CONTAINS'`) + +* `EQUALS` (value: `'EQUALS'`) + +* `STARTS_WITH` (value: `'STARTS_WITH'`) + +* `ENDS_WITH` (value: `'ENDS_WITH'`) + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/UpdateEventStreamInfo.md b/docs/UpdateEventStreamInfo.md new file mode 100644 index 0000000..405bd61 --- /dev/null +++ b/docs/UpdateEventStreamInfo.md @@ -0,0 +1,33 @@ +# UpdateEventStreamInfo + +Information needed to update an event stream. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**name** | **str** | Updated name for the event stream. | [optional] +**enabled** | **bool** | Whether the event stream should be enabled. | [optional] +**webhook_url** | **str** | Updated webhook URL. | [optional] +**credentials** | [**WebhookCredentials**](WebhookCredentials.md) | | [optional] + +## Example + +```python +from opal_security.models.update_event_stream_info import UpdateEventStreamInfo + +# TODO update the JSON string below +json = "{}" +# create an instance of UpdateEventStreamInfo from a JSON string +update_event_stream_info_instance = UpdateEventStreamInfo.from_json(json) +# print the JSON string representation of the object +print(UpdateEventStreamInfo.to_json()) + +# convert the object into a dict +update_event_stream_info_dict = update_event_stream_info_instance.to_dict() +# create an instance of UpdateEventStreamInfo from a dict +update_event_stream_info_from_dict = UpdateEventStreamInfo.from_dict(update_event_stream_info_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/UpdateGroupUserRequest.md b/docs/UpdateGroupUserRequest.md index 5d13bea..2986df4 100644 --- a/docs/UpdateGroupUserRequest.md +++ b/docs/UpdateGroupUserRequest.md @@ -5,7 +5,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**duration_minutes** | **int** | The updated duration for which the group can be accessed (in minutes). Use 0 for indefinite. | +**duration_minutes** | **int** | The updated duration for which the group can be accessed (in minutes). Use 0 for indefinite, or a negative value to revoke access. | **access_level_remote_id** | **str** | The updated remote ID of the access level granted to this user. | [optional] ## Example diff --git a/docs/UpdateResourceInfo.md b/docs/UpdateResourceInfo.md index c1fa4de..29865dd 100644 --- a/docs/UpdateResourceInfo.md +++ b/docs/UpdateResourceInfo.md @@ -26,6 +26,7 @@ Name | Type | Description | Notes **request_template_id** | **UUID** | The ID of the associated request template. Deprecated in favor of `request_configurations`. | [optional] **is_requestable** | **bool** | A bool representing whether or not to allow access requests to this resource. Deprecated in favor of `request_configurations`. | [optional] **extensions_duration_in_minutes** | **int** | The duration for which access can be extended (in minutes). Deprecated, set the extension duration in the request_configuration you want it to apply to. | [optional] +**parent_resource_id** | **UUID** | The ID of the parent resource. | [optional] **request_configurations** | [**List[RequestConfiguration]**](RequestConfiguration.md) | A list of configurations for requests to this resource. If not provided, the default request configuration will be used. | [optional] **request_configuration_list** | [**CreateRequestConfigurationInfoList**](CreateRequestConfigurationInfoList.md) | A list of configurations for requests to this resource. If not provided, the default request configuration will be used. Deprecated in favor of `request_configurations`. | [optional] diff --git a/docs/UserAttributeSelector.md b/docs/UserAttributeSelector.md new file mode 100644 index 0000000..02b3ad4 --- /dev/null +++ b/docs/UserAttributeSelector.md @@ -0,0 +1,30 @@ +# UserAttributeSelector + + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**attribute** | **str** | | +**values** | **List[str]** | | + +## Example + +```python +from opal_security.models.user_attribute_selector import UserAttributeSelector + +# TODO update the JSON string below +json = "{}" +# create an instance of UserAttributeSelector from a JSON string +user_attribute_selector_instance = UserAttributeSelector.from_json(json) +# print the JSON string representation of the object +print(UserAttributeSelector.to_json()) + +# convert the object into a dict +user_attribute_selector_dict = user_attribute_selector_instance.to_dict() +# create an instance of UserAttributeSelector from a dict +user_attribute_selector_from_dict = UserAttributeSelector.from_dict(user_attribute_selector_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/WebhookApiKeyCredential.md b/docs/WebhookApiKeyCredential.md new file mode 100644 index 0000000..6a7dea1 --- /dev/null +++ b/docs/WebhookApiKeyCredential.md @@ -0,0 +1,33 @@ +# WebhookApiKeyCredential + +An API key credential for webhook authentication. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**id** | **UUID** | The unique identifier for the credential. | +**name** | **str** | The name of the API key. | +**value** | **str** | The value of the API key. | +**location** | [**WebhookApiKeyLocationEnum**](WebhookApiKeyLocationEnum.md) | | + +## Example + +```python +from opal_security.models.webhook_api_key_credential import WebhookApiKeyCredential + +# TODO update the JSON string below +json = "{}" +# create an instance of WebhookApiKeyCredential from a JSON string +webhook_api_key_credential_instance = WebhookApiKeyCredential.from_json(json) +# print the JSON string representation of the object +print(WebhookApiKeyCredential.to_json()) + +# convert the object into a dict +webhook_api_key_credential_dict = webhook_api_key_credential_instance.to_dict() +# create an instance of WebhookApiKeyCredential from a dict +webhook_api_key_credential_from_dict = WebhookApiKeyCredential.from_dict(webhook_api_key_credential_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/WebhookApiKeyLocationEnum.md b/docs/WebhookApiKeyLocationEnum.md new file mode 100644 index 0000000..827d284 --- /dev/null +++ b/docs/WebhookApiKeyLocationEnum.md @@ -0,0 +1,13 @@ +# WebhookApiKeyLocationEnum + +Where the API key is placed in webhook requests. + +## Enum + +* `HEADER` (value: `'HEADER'`) + +* `QUERY_PARAM` (value: `'QUERY_PARAM'`) + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/WebhookAuthTypeEnum.md b/docs/WebhookAuthTypeEnum.md new file mode 100644 index 0000000..811e32c --- /dev/null +++ b/docs/WebhookAuthTypeEnum.md @@ -0,0 +1,15 @@ +# WebhookAuthTypeEnum + +The authentication type for webhook connections. + +## Enum + +* `NONE` (value: `'NONE'`) + +* `API_KEY` (value: `'API_KEY'`) + +* `HMAC` (value: `'HMAC'`) + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/WebhookCredentials.md b/docs/WebhookCredentials.md new file mode 100644 index 0000000..7f68259 --- /dev/null +++ b/docs/WebhookCredentials.md @@ -0,0 +1,33 @@ +# WebhookCredentials + +Authentication credentials for a webhook connection. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**auth_type** | [**WebhookAuthTypeEnum**](WebhookAuthTypeEnum.md) | | +**api_key_credentials** | [**List[WebhookApiKeyCredential]**](WebhookApiKeyCredential.md) | API key credentials, present when auth_type is API_KEY. | [optional] +**hmac_credential_1** | [**WebhookHmacCredential**](WebhookHmacCredential.md) | Primary HMAC credential, present when auth_type is HMAC. | [optional] +**hmac_credential_2** | [**WebhookHmacCredential**](WebhookHmacCredential.md) | Secondary HMAC credential for rotation, present when auth_type is HMAC. | [optional] + +## Example + +```python +from opal_security.models.webhook_credentials import WebhookCredentials + +# TODO update the JSON string below +json = "{}" +# create an instance of WebhookCredentials from a JSON string +webhook_credentials_instance = WebhookCredentials.from_json(json) +# print the JSON string representation of the object +print(WebhookCredentials.to_json()) + +# convert the object into a dict +webhook_credentials_dict = webhook_credentials_instance.to_dict() +# create an instance of WebhookCredentials from a dict +webhook_credentials_from_dict = WebhookCredentials.from_dict(webhook_credentials_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/docs/WebhookHmacCredential.md b/docs/WebhookHmacCredential.md new file mode 100644 index 0000000..17065a7 --- /dev/null +++ b/docs/WebhookHmacCredential.md @@ -0,0 +1,32 @@ +# WebhookHmacCredential + +An HMAC credential for webhook authentication. + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**id** | **UUID** | The unique identifier for the credential. | +**secret** | **str** | The HMAC secret value. | +**created_at** | **datetime** | When the credential was created. | + +## Example + +```python +from opal_security.models.webhook_hmac_credential import WebhookHmacCredential + +# TODO update the JSON string below +json = "{}" +# create an instance of WebhookHmacCredential from a JSON string +webhook_hmac_credential_instance = WebhookHmacCredential.from_json(json) +# print the JSON string representation of the object +print(WebhookHmacCredential.to_json()) + +# convert the object into a dict +webhook_hmac_credential_dict = webhook_hmac_credential_instance.to_dict() +# create an instance of WebhookHmacCredential from a dict +webhook_hmac_credential_from_dict = WebhookHmacCredential.from_dict(webhook_hmac_credential_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/opal_security/__init__.py b/opal_security/__init__.py index 5f39560..ca77872 100644 --- a/opal_security/__init__.py +++ b/opal_security/__init__.py @@ -24,6 +24,7 @@ "BundlesApi", "ConfigurationTemplatesApi", "DelegationsApi", + "EventStreamsApi", "EventsApi", "GroupBindingsApi", "GroupsApi", @@ -31,6 +32,7 @@ "MessageChannelsApi", "NonHumanIdentitiesApi", "OnCallSchedulesApi", + "OpalQueriesApi", "OwnersApi", "RequestsApi", "ResourcesApi", @@ -49,7 +51,9 @@ "ApiAttributeError", "ApiException", "Access", + "AccessEntityFilters", "AccessList", + "AccessRelationshipFilters", "AccessRule", "AddBundleGroupRequest", "AddBundleResourceRequest", @@ -76,6 +80,7 @@ "CreateBundleInfo", "CreateConfigurationTemplateInfo", "CreateDelegationRequest", + "CreateEventStreamInfo", "CreateGroupBindingInfo", "CreateGroupBindingInfoGroupsInner", "CreateGroupInfo", @@ -96,8 +101,15 @@ "CreateUARInfo", "Delegation", "DenyRequestRequest", + "EntityItemTypeEnum", + "EntityNameFilter", + "EntityTagFilter", "EntityTypeEnum", "Event", + "EventStream", + "EventStreamConnection", + "EventStreamConnectionTypeEnum", + "EventStreamList", "GetResourceUser200Response", "Group", "GroupAccessLevel", @@ -119,6 +131,7 @@ "GroupRemoteInfoGithubTeam", "GroupRemoteInfoGitlabGroup", "GroupRemoteInfoGoogleGroup", + "GroupRemoteInfoGrafanaTeam", "GroupRemoteInfoIncidentioOnCallSchedule", "GroupRemoteInfoLdapGroup", "GroupRemoteInfoOktaGroup", @@ -128,7 +141,10 @@ "GroupRemoteInfoSnowflakeRole", "GroupRemoteInfoTailscaleGroup", "GroupRemoteInfoTwingateGroup", + "GroupRemoteInfoTwingateGroupSynced", "GroupRemoteInfoWorkdayUserSecurityGroup", + "GroupRemoteInfoZendeskGroup", + "GroupRemoteInfoZendeskOrganization", "GroupResource", "GroupResourceList", "GroupTypeEnum", @@ -145,8 +161,14 @@ "OnCallScheduleIDList", "OnCallScheduleList", "OnCallScheduleProviderEnum", + "OpalNodeQuery", + "OpalNodeQueryBody", + "OpalNodeQueryResults", + "OpalQueryResultEdge", + "OpalQueryResultNode", "Owner", "PageInfo", + "PaginatedAccessRulesList", "PaginatedAssignedRequestList", "PaginatedBundleGroupList", "PaginatedBundleList", @@ -238,6 +260,9 @@ "ResourceRemoteInfoGithubRepo", "ResourceRemoteInfoGitlabProject", "ResourceRemoteInfoGoogleWorkspaceRole", + "ResourceRemoteInfoGrafanaDashboard", + "ResourceRemoteInfoGrafanaFolder", + "ResourceRemoteInfoGrafanaRole", "ResourceRemoteInfoIlevelAdvancedRole", "ResourceRemoteInfoNetsuiteRole", "ResourceRemoteInfoOktaApp", @@ -257,6 +282,7 @@ "ResourceRemoteInfoTeleportRole", "ResourceRemoteInfoTwingateResource", "ResourceRemoteInfoWorkdayRole", + "ResourceRemoteInfoZendeskRole", "ResourceTypeEnum", "ResourceUser", "ResourceUserAccessStatus", @@ -276,6 +302,7 @@ "ScopedRolePermissionList", "Session", "SessionsList", + "StringMatchType", "SubEvent", "SyncError", "SyncErrorList", @@ -293,6 +320,7 @@ "UARScope", "UpdateAccessRuleInfo", "UpdateConfigurationTemplateInfo", + "UpdateEventStreamInfo", "UpdateGroupBindingInfo", "UpdateGroupBindingInfoList", "UpdateGroupInfo", @@ -307,11 +335,17 @@ "UpdateResourceInfoList", "UpdateResourceUserRequest", "User", + "UserAttributeSelector", "UserHrIdpStatusEnum", "UserIDList", "UserList", "VisibilityInfo", "VisibilityTypeEnum", + "WebhookApiKeyCredential", + "WebhookApiKeyLocationEnum", + "WebhookAuthTypeEnum", + "WebhookCredentials", + "WebhookHmacCredential", ] # import apis into sdk package @@ -320,6 +354,7 @@ from opal_security.api.bundles_api import BundlesApi as BundlesApi from opal_security.api.configuration_templates_api import ConfigurationTemplatesApi as ConfigurationTemplatesApi from opal_security.api.delegations_api import DelegationsApi as DelegationsApi +from opal_security.api.event_streams_api import EventStreamsApi as EventStreamsApi from opal_security.api.events_api import EventsApi as EventsApi from opal_security.api.group_bindings_api import GroupBindingsApi as GroupBindingsApi from opal_security.api.groups_api import GroupsApi as GroupsApi @@ -327,6 +362,7 @@ from opal_security.api.message_channels_api import MessageChannelsApi as MessageChannelsApi from opal_security.api.non_human_identities_api import NonHumanIdentitiesApi as NonHumanIdentitiesApi from opal_security.api.on_call_schedules_api import OnCallSchedulesApi as OnCallSchedulesApi +from opal_security.api.opal_queries_api import OpalQueriesApi as OpalQueriesApi from opal_security.api.owners_api import OwnersApi as OwnersApi from opal_security.api.requests_api import RequestsApi as RequestsApi from opal_security.api.resources_api import ResourcesApi as ResourcesApi @@ -349,7 +385,9 @@ # import models into sdk package from opal_security.models.access import Access as Access +from opal_security.models.access_entity_filters import AccessEntityFilters as AccessEntityFilters from opal_security.models.access_list import AccessList as AccessList +from opal_security.models.access_relationship_filters import AccessRelationshipFilters as AccessRelationshipFilters from opal_security.models.access_rule import AccessRule as AccessRule from opal_security.models.add_bundle_group_request import AddBundleGroupRequest as AddBundleGroupRequest from opal_security.models.add_bundle_resource_request import AddBundleResourceRequest as AddBundleResourceRequest @@ -376,6 +414,7 @@ from opal_security.models.create_bundle_info import CreateBundleInfo as CreateBundleInfo from opal_security.models.create_configuration_template_info import CreateConfigurationTemplateInfo as CreateConfigurationTemplateInfo from opal_security.models.create_delegation_request import CreateDelegationRequest as CreateDelegationRequest +from opal_security.models.create_event_stream_info import CreateEventStreamInfo as CreateEventStreamInfo from opal_security.models.create_group_binding_info import CreateGroupBindingInfo as CreateGroupBindingInfo from opal_security.models.create_group_binding_info_groups_inner import CreateGroupBindingInfoGroupsInner as CreateGroupBindingInfoGroupsInner from opal_security.models.create_group_info import CreateGroupInfo as CreateGroupInfo @@ -396,8 +435,15 @@ from opal_security.models.create_uar_info import CreateUARInfo as CreateUARInfo from opal_security.models.delegation import Delegation as Delegation from opal_security.models.deny_request_request import DenyRequestRequest as DenyRequestRequest +from opal_security.models.entity_item_type_enum import EntityItemTypeEnum as EntityItemTypeEnum +from opal_security.models.entity_name_filter import EntityNameFilter as EntityNameFilter +from opal_security.models.entity_tag_filter import EntityTagFilter as EntityTagFilter from opal_security.models.entity_type_enum import EntityTypeEnum as EntityTypeEnum from opal_security.models.event import Event as Event +from opal_security.models.event_stream import EventStream as EventStream +from opal_security.models.event_stream_connection import EventStreamConnection as EventStreamConnection +from opal_security.models.event_stream_connection_type_enum import EventStreamConnectionTypeEnum as EventStreamConnectionTypeEnum +from opal_security.models.event_stream_list import EventStreamList as EventStreamList from opal_security.models.get_resource_user200_response import GetResourceUser200Response as GetResourceUser200Response from opal_security.models.group import Group as Group from opal_security.models.group_access_level import GroupAccessLevel as GroupAccessLevel @@ -419,6 +465,7 @@ from opal_security.models.group_remote_info_github_team import GroupRemoteInfoGithubTeam as GroupRemoteInfoGithubTeam from opal_security.models.group_remote_info_gitlab_group import GroupRemoteInfoGitlabGroup as GroupRemoteInfoGitlabGroup from opal_security.models.group_remote_info_google_group import GroupRemoteInfoGoogleGroup as GroupRemoteInfoGoogleGroup +from opal_security.models.group_remote_info_grafana_team import GroupRemoteInfoGrafanaTeam as GroupRemoteInfoGrafanaTeam from opal_security.models.group_remote_info_incidentio_on_call_schedule import GroupRemoteInfoIncidentioOnCallSchedule as GroupRemoteInfoIncidentioOnCallSchedule from opal_security.models.group_remote_info_ldap_group import GroupRemoteInfoLdapGroup as GroupRemoteInfoLdapGroup from opal_security.models.group_remote_info_okta_group import GroupRemoteInfoOktaGroup as GroupRemoteInfoOktaGroup @@ -428,7 +475,10 @@ from opal_security.models.group_remote_info_snowflake_role import GroupRemoteInfoSnowflakeRole as GroupRemoteInfoSnowflakeRole from opal_security.models.group_remote_info_tailscale_group import GroupRemoteInfoTailscaleGroup as GroupRemoteInfoTailscaleGroup from opal_security.models.group_remote_info_twingate_group import GroupRemoteInfoTwingateGroup as GroupRemoteInfoTwingateGroup +from opal_security.models.group_remote_info_twingate_group_synced import GroupRemoteInfoTwingateGroupSynced as GroupRemoteInfoTwingateGroupSynced from opal_security.models.group_remote_info_workday_user_security_group import GroupRemoteInfoWorkdayUserSecurityGroup as GroupRemoteInfoWorkdayUserSecurityGroup +from opal_security.models.group_remote_info_zendesk_group import GroupRemoteInfoZendeskGroup as GroupRemoteInfoZendeskGroup +from opal_security.models.group_remote_info_zendesk_organization import GroupRemoteInfoZendeskOrganization as GroupRemoteInfoZendeskOrganization from opal_security.models.group_resource import GroupResource as GroupResource from opal_security.models.group_resource_list import GroupResourceList as GroupResourceList from opal_security.models.group_type_enum import GroupTypeEnum as GroupTypeEnum @@ -445,8 +495,14 @@ from opal_security.models.on_call_schedule_id_list import OnCallScheduleIDList as OnCallScheduleIDList from opal_security.models.on_call_schedule_list import OnCallScheduleList as OnCallScheduleList from opal_security.models.on_call_schedule_provider_enum import OnCallScheduleProviderEnum as OnCallScheduleProviderEnum +from opal_security.models.opal_node_query import OpalNodeQuery as OpalNodeQuery +from opal_security.models.opal_node_query_body import OpalNodeQueryBody as OpalNodeQueryBody +from opal_security.models.opal_node_query_results import OpalNodeQueryResults as OpalNodeQueryResults +from opal_security.models.opal_query_result_edge import OpalQueryResultEdge as OpalQueryResultEdge +from opal_security.models.opal_query_result_node import OpalQueryResultNode as OpalQueryResultNode from opal_security.models.owner import Owner as Owner from opal_security.models.page_info import PageInfo as PageInfo +from opal_security.models.paginated_access_rules_list import PaginatedAccessRulesList as PaginatedAccessRulesList from opal_security.models.paginated_assigned_request_list import PaginatedAssignedRequestList as PaginatedAssignedRequestList from opal_security.models.paginated_bundle_group_list import PaginatedBundleGroupList as PaginatedBundleGroupList from opal_security.models.paginated_bundle_list import PaginatedBundleList as PaginatedBundleList @@ -538,6 +594,9 @@ from opal_security.models.resource_remote_info_github_repo import ResourceRemoteInfoGithubRepo as ResourceRemoteInfoGithubRepo from opal_security.models.resource_remote_info_gitlab_project import ResourceRemoteInfoGitlabProject as ResourceRemoteInfoGitlabProject from opal_security.models.resource_remote_info_google_workspace_role import ResourceRemoteInfoGoogleWorkspaceRole as ResourceRemoteInfoGoogleWorkspaceRole +from opal_security.models.resource_remote_info_grafana_dashboard import ResourceRemoteInfoGrafanaDashboard as ResourceRemoteInfoGrafanaDashboard +from opal_security.models.resource_remote_info_grafana_folder import ResourceRemoteInfoGrafanaFolder as ResourceRemoteInfoGrafanaFolder +from opal_security.models.resource_remote_info_grafana_role import ResourceRemoteInfoGrafanaRole as ResourceRemoteInfoGrafanaRole from opal_security.models.resource_remote_info_ilevel_advanced_role import ResourceRemoteInfoIlevelAdvancedRole as ResourceRemoteInfoIlevelAdvancedRole from opal_security.models.resource_remote_info_netsuite_role import ResourceRemoteInfoNetsuiteRole as ResourceRemoteInfoNetsuiteRole from opal_security.models.resource_remote_info_okta_app import ResourceRemoteInfoOktaApp as ResourceRemoteInfoOktaApp @@ -557,6 +616,7 @@ from opal_security.models.resource_remote_info_teleport_role import ResourceRemoteInfoTeleportRole as ResourceRemoteInfoTeleportRole from opal_security.models.resource_remote_info_twingate_resource import ResourceRemoteInfoTwingateResource as ResourceRemoteInfoTwingateResource from opal_security.models.resource_remote_info_workday_role import ResourceRemoteInfoWorkdayRole as ResourceRemoteInfoWorkdayRole +from opal_security.models.resource_remote_info_zendesk_role import ResourceRemoteInfoZendeskRole as ResourceRemoteInfoZendeskRole from opal_security.models.resource_type_enum import ResourceTypeEnum as ResourceTypeEnum from opal_security.models.resource_user import ResourceUser as ResourceUser from opal_security.models.resource_user_access_status import ResourceUserAccessStatus as ResourceUserAccessStatus @@ -576,6 +636,7 @@ from opal_security.models.scoped_role_permission_list import ScopedRolePermissionList as ScopedRolePermissionList from opal_security.models.session import Session as Session from opal_security.models.sessions_list import SessionsList as SessionsList +from opal_security.models.string_match_type import StringMatchType as StringMatchType from opal_security.models.sub_event import SubEvent as SubEvent from opal_security.models.sync_error import SyncError as SyncError from opal_security.models.sync_error_list import SyncErrorList as SyncErrorList @@ -593,6 +654,7 @@ from opal_security.models.uar_scope import UARScope as UARScope from opal_security.models.update_access_rule_info import UpdateAccessRuleInfo as UpdateAccessRuleInfo from opal_security.models.update_configuration_template_info import UpdateConfigurationTemplateInfo as UpdateConfigurationTemplateInfo +from opal_security.models.update_event_stream_info import UpdateEventStreamInfo as UpdateEventStreamInfo from opal_security.models.update_group_binding_info import UpdateGroupBindingInfo as UpdateGroupBindingInfo from opal_security.models.update_group_binding_info_list import UpdateGroupBindingInfoList as UpdateGroupBindingInfoList from opal_security.models.update_group_info import UpdateGroupInfo as UpdateGroupInfo @@ -607,9 +669,15 @@ from opal_security.models.update_resource_info_list import UpdateResourceInfoList as UpdateResourceInfoList from opal_security.models.update_resource_user_request import UpdateResourceUserRequest as UpdateResourceUserRequest from opal_security.models.user import User as User +from opal_security.models.user_attribute_selector import UserAttributeSelector as UserAttributeSelector from opal_security.models.user_hr_idp_status_enum import UserHrIdpStatusEnum as UserHrIdpStatusEnum from opal_security.models.user_id_list import UserIDList as UserIDList from opal_security.models.user_list import UserList as UserList from opal_security.models.visibility_info import VisibilityInfo as VisibilityInfo from opal_security.models.visibility_type_enum import VisibilityTypeEnum as VisibilityTypeEnum +from opal_security.models.webhook_api_key_credential import WebhookApiKeyCredential as WebhookApiKeyCredential +from opal_security.models.webhook_api_key_location_enum import WebhookApiKeyLocationEnum as WebhookApiKeyLocationEnum +from opal_security.models.webhook_auth_type_enum import WebhookAuthTypeEnum as WebhookAuthTypeEnum +from opal_security.models.webhook_credentials import WebhookCredentials as WebhookCredentials +from opal_security.models.webhook_hmac_credential import WebhookHmacCredential as WebhookHmacCredential diff --git a/opal_security/api/__init__.py b/opal_security/api/__init__.py index 5ae2d2d..27c0e8e 100644 --- a/opal_security/api/__init__.py +++ b/opal_security/api/__init__.py @@ -6,6 +6,7 @@ from opal_security.api.bundles_api import BundlesApi from opal_security.api.configuration_templates_api import ConfigurationTemplatesApi from opal_security.api.delegations_api import DelegationsApi +from opal_security.api.event_streams_api import EventStreamsApi from opal_security.api.events_api import EventsApi from opal_security.api.group_bindings_api import GroupBindingsApi from opal_security.api.groups_api import GroupsApi @@ -13,6 +14,7 @@ from opal_security.api.message_channels_api import MessageChannelsApi from opal_security.api.non_human_identities_api import NonHumanIdentitiesApi from opal_security.api.on_call_schedules_api import OnCallSchedulesApi +from opal_security.api.opal_queries_api import OpalQueriesApi from opal_security.api.owners_api import OwnersApi from opal_security.api.requests_api import RequestsApi from opal_security.api.resources_api import ResourcesApi diff --git a/opal_security/api/access_rules_api.py b/opal_security/api/access_rules_api.py index 6d6936a..5033d3f 100644 --- a/opal_security/api/access_rules_api.py +++ b/opal_security/api/access_rules_api.py @@ -17,10 +17,12 @@ from typing import Any, Dict, List, Optional, Tuple, Union from typing_extensions import Annotated -from pydantic import Field +from pydantic import Field, StrictInt, StrictStr +from typing import Optional from typing_extensions import Annotated from uuid import UUID from opal_security.models.access_rule import AccessRule +from opal_security.models.paginated_access_rules_list import PaginatedAccessRulesList from opal_security.models.update_access_rule_info import UpdateAccessRuleInfo from opal_security.api_client import ApiClient, RequestSerialized @@ -576,6 +578,286 @@ def _get_access_rule_serialize( + @validate_call + def get_access_rules( + self, + cursor: Annotated[Optional[StrictStr], Field(description="The pagination cursor value.")] = None, + page_size: Annotated[Optional[StrictInt], Field(description="Number of results to return per page. Default is 200.")] = None, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> PaginatedAccessRulesList: + """get_access_rules + + Returns a list of access rules for your organization. + + :param cursor: The pagination cursor value. + :type cursor: str + :param page_size: Number of results to return per page. Default is 200. + :type page_size: int + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._get_access_rules_serialize( + cursor=cursor, + page_size=page_size, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "PaginatedAccessRulesList", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ).data + + + @validate_call + def get_access_rules_with_http_info( + self, + cursor: Annotated[Optional[StrictStr], Field(description="The pagination cursor value.")] = None, + page_size: Annotated[Optional[StrictInt], Field(description="Number of results to return per page. Default is 200.")] = None, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> ApiResponse[PaginatedAccessRulesList]: + """get_access_rules + + Returns a list of access rules for your organization. + + :param cursor: The pagination cursor value. + :type cursor: str + :param page_size: Number of results to return per page. Default is 200. + :type page_size: int + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._get_access_rules_serialize( + cursor=cursor, + page_size=page_size, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "PaginatedAccessRulesList", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ) + + + @validate_call + def get_access_rules_without_preload_content( + self, + cursor: Annotated[Optional[StrictStr], Field(description="The pagination cursor value.")] = None, + page_size: Annotated[Optional[StrictInt], Field(description="Number of results to return per page. Default is 200.")] = None, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> RESTResponseType: + """get_access_rules + + Returns a list of access rules for your organization. + + :param cursor: The pagination cursor value. + :type cursor: str + :param page_size: Number of results to return per page. Default is 200. + :type page_size: int + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._get_access_rules_serialize( + cursor=cursor, + page_size=page_size, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "PaginatedAccessRulesList", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + return response_data.response + + + def _get_access_rules_serialize( + self, + cursor, + page_size, + _request_auth, + _content_type, + _headers, + _host_index, + ) -> RequestSerialized: + + _host = None + + _collection_formats: Dict[str, str] = { + } + + _path_params: Dict[str, str] = {} + _query_params: List[Tuple[str, str]] = [] + _header_params: Dict[str, Optional[str]] = _headers or {} + _form_params: List[Tuple[str, str]] = [] + _files: Dict[ + str, Union[str, bytes, List[str], List[bytes], List[Tuple[str, bytes]]] + ] = {} + _body_params: Optional[bytes] = None + + # process the path parameters + # process the query parameters + if cursor is not None: + + _query_params.append(('cursor', cursor)) + + if page_size is not None: + + _query_params.append(('page_size', page_size)) + + # process the header parameters + # process the form parameters + # process the body parameter + + + # set the HTTP header `Accept` + if 'Accept' not in _header_params: + _header_params['Accept'] = self.api_client.select_header_accept( + [ + 'application/json' + ] + ) + + + # authentication setting + _auth_settings: List[str] = [ + 'BearerAuth' + ] + + return self.api_client.param_serialize( + method='GET', + resource_path='/access-rules', + path_params=_path_params, + query_params=_query_params, + header_params=_header_params, + body=_body_params, + post_params=_form_params, + files=_files, + auth_settings=_auth_settings, + collection_formats=_collection_formats, + _host=_host, + _request_auth=_request_auth + ) + + + + @validate_call def update_access_rule( self, diff --git a/opal_security/api/event_streams_api.py b/opal_security/api/event_streams_api.py new file mode 100644 index 0000000..639fa4c --- /dev/null +++ b/opal_security/api/event_streams_api.py @@ -0,0 +1,1106 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + +import warnings +from pydantic import validate_call, Field, StrictFloat, StrictStr, StrictInt +from typing import Any, Dict, List, Optional, Tuple, Union +from typing_extensions import Annotated + +from pydantic import Field +from typing_extensions import Annotated +from uuid import UUID +from opal_security.models.create_event_stream_info import CreateEventStreamInfo +from opal_security.models.event_stream import EventStream +from opal_security.models.event_stream_list import EventStreamList +from opal_security.models.update_event_stream_info import UpdateEventStreamInfo + +from opal_security.api_client import ApiClient, RequestSerialized +from opal_security.api_response import ApiResponse +from opal_security.rest import RESTResponseType + + +class EventStreamsApi: + """NOTE: This class is auto generated by OpenAPI Generator + Ref: https://openapi-generator.tech + + Do not edit the class manually. + """ + + def __init__(self, api_client=None) -> None: + if api_client is None: + api_client = ApiClient.get_default() + self.api_client = api_client + + + @validate_call + def create_event_stream( + self, + create_event_stream_info: CreateEventStreamInfo, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> EventStream: + """Create event stream + + Creates a new event streaming connection. + + :param create_event_stream_info: (required) + :type create_event_stream_info: CreateEventStreamInfo + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._create_event_stream_serialize( + create_event_stream_info=create_event_stream_info, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "EventStream", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ).data + + + @validate_call + def create_event_stream_with_http_info( + self, + create_event_stream_info: CreateEventStreamInfo, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> ApiResponse[EventStream]: + """Create event stream + + Creates a new event streaming connection. + + :param create_event_stream_info: (required) + :type create_event_stream_info: CreateEventStreamInfo + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._create_event_stream_serialize( + create_event_stream_info=create_event_stream_info, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "EventStream", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ) + + + @validate_call + def create_event_stream_without_preload_content( + self, + create_event_stream_info: CreateEventStreamInfo, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> RESTResponseType: + """Create event stream + + Creates a new event streaming connection. + + :param create_event_stream_info: (required) + :type create_event_stream_info: CreateEventStreamInfo + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._create_event_stream_serialize( + create_event_stream_info=create_event_stream_info, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "EventStream", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + return response_data.response + + + def _create_event_stream_serialize( + self, + create_event_stream_info, + _request_auth, + _content_type, + _headers, + _host_index, + ) -> RequestSerialized: + + _host = None + + _collection_formats: Dict[str, str] = { + } + + _path_params: Dict[str, str] = {} + _query_params: List[Tuple[str, str]] = [] + _header_params: Dict[str, Optional[str]] = _headers or {} + _form_params: List[Tuple[str, str]] = [] + _files: Dict[ + str, Union[str, bytes, List[str], List[bytes], List[Tuple[str, bytes]]] + ] = {} + _body_params: Optional[bytes] = None + + # process the path parameters + # process the query parameters + # process the header parameters + # process the form parameters + # process the body parameter + if create_event_stream_info is not None: + _body_params = create_event_stream_info + + + # set the HTTP header `Accept` + if 'Accept' not in _header_params: + _header_params['Accept'] = self.api_client.select_header_accept( + [ + 'application/json' + ] + ) + + # set the HTTP header `Content-Type` + if _content_type: + _header_params['Content-Type'] = _content_type + else: + _default_content_type = ( + self.api_client.select_header_content_type( + [ + 'application/json' + ] + ) + ) + if _default_content_type is not None: + _header_params['Content-Type'] = _default_content_type + + # authentication setting + _auth_settings: List[str] = [ + 'BearerAuth' + ] + + return self.api_client.param_serialize( + method='POST', + resource_path='/event-streams', + path_params=_path_params, + query_params=_query_params, + header_params=_header_params, + body=_body_params, + post_params=_form_params, + files=_files, + auth_settings=_auth_settings, + collection_formats=_collection_formats, + _host=_host, + _request_auth=_request_auth + ) + + + + + @validate_call + def delete_event_stream( + self, + event_stream_id: Annotated[UUID, Field(description="The ID of the event stream.")], + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> None: + """Delete event stream + + Deletes an event streaming connection. + + :param event_stream_id: The ID of the event stream. (required) + :type event_stream_id: UUID + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._delete_event_stream_serialize( + event_stream_id=event_stream_id, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': None, + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ).data + + + @validate_call + def delete_event_stream_with_http_info( + self, + event_stream_id: Annotated[UUID, Field(description="The ID of the event stream.")], + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> ApiResponse[None]: + """Delete event stream + + Deletes an event streaming connection. + + :param event_stream_id: The ID of the event stream. (required) + :type event_stream_id: UUID + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._delete_event_stream_serialize( + event_stream_id=event_stream_id, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': None, + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ) + + + @validate_call + def delete_event_stream_without_preload_content( + self, + event_stream_id: Annotated[UUID, Field(description="The ID of the event stream.")], + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> RESTResponseType: + """Delete event stream + + Deletes an event streaming connection. + + :param event_stream_id: The ID of the event stream. (required) + :type event_stream_id: UUID + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._delete_event_stream_serialize( + event_stream_id=event_stream_id, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': None, + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + return response_data.response + + + def _delete_event_stream_serialize( + self, + event_stream_id, + _request_auth, + _content_type, + _headers, + _host_index, + ) -> RequestSerialized: + + _host = None + + _collection_formats: Dict[str, str] = { + } + + _path_params: Dict[str, str] = {} + _query_params: List[Tuple[str, str]] = [] + _header_params: Dict[str, Optional[str]] = _headers or {} + _form_params: List[Tuple[str, str]] = [] + _files: Dict[ + str, Union[str, bytes, List[str], List[bytes], List[Tuple[str, bytes]]] + ] = {} + _body_params: Optional[bytes] = None + + # process the path parameters + if event_stream_id is not None: + _path_params['event_stream_id'] = event_stream_id + # process the query parameters + # process the header parameters + # process the form parameters + # process the body parameter + + + + + # authentication setting + _auth_settings: List[str] = [ + 'BearerAuth' + ] + + return self.api_client.param_serialize( + method='DELETE', + resource_path='/event-streams/{event_stream_id}', + path_params=_path_params, + query_params=_query_params, + header_params=_header_params, + body=_body_params, + post_params=_form_params, + files=_files, + auth_settings=_auth_settings, + collection_formats=_collection_formats, + _host=_host, + _request_auth=_request_auth + ) + + + + + @validate_call + def get_event_streams( + self, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> EventStreamList: + """Get event streams + + Returns a list of configured event streaming connections for your organization. + + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._get_event_streams_serialize( + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "EventStreamList", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ).data + + + @validate_call + def get_event_streams_with_http_info( + self, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> ApiResponse[EventStreamList]: + """Get event streams + + Returns a list of configured event streaming connections for your organization. + + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._get_event_streams_serialize( + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "EventStreamList", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ) + + + @validate_call + def get_event_streams_without_preload_content( + self, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> RESTResponseType: + """Get event streams + + Returns a list of configured event streaming connections for your organization. + + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._get_event_streams_serialize( + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "EventStreamList", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + return response_data.response + + + def _get_event_streams_serialize( + self, + _request_auth, + _content_type, + _headers, + _host_index, + ) -> RequestSerialized: + + _host = None + + _collection_formats: Dict[str, str] = { + } + + _path_params: Dict[str, str] = {} + _query_params: List[Tuple[str, str]] = [] + _header_params: Dict[str, Optional[str]] = _headers or {} + _form_params: List[Tuple[str, str]] = [] + _files: Dict[ + str, Union[str, bytes, List[str], List[bytes], List[Tuple[str, bytes]]] + ] = {} + _body_params: Optional[bytes] = None + + # process the path parameters + # process the query parameters + # process the header parameters + # process the form parameters + # process the body parameter + + + # set the HTTP header `Accept` + if 'Accept' not in _header_params: + _header_params['Accept'] = self.api_client.select_header_accept( + [ + 'application/json' + ] + ) + + + # authentication setting + _auth_settings: List[str] = [ + 'BearerAuth' + ] + + return self.api_client.param_serialize( + method='GET', + resource_path='/event-streams', + path_params=_path_params, + query_params=_query_params, + header_params=_header_params, + body=_body_params, + post_params=_form_params, + files=_files, + auth_settings=_auth_settings, + collection_formats=_collection_formats, + _host=_host, + _request_auth=_request_auth + ) + + + + + @validate_call + def update_event_stream( + self, + event_stream_id: Annotated[UUID, Field(description="The ID of the event stream.")], + update_event_stream_info: UpdateEventStreamInfo, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> EventStream: + """Update event stream + + Updates an existing event streaming connection. + + :param event_stream_id: The ID of the event stream. (required) + :type event_stream_id: UUID + :param update_event_stream_info: (required) + :type update_event_stream_info: UpdateEventStreamInfo + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._update_event_stream_serialize( + event_stream_id=event_stream_id, + update_event_stream_info=update_event_stream_info, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "EventStream", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ).data + + + @validate_call + def update_event_stream_with_http_info( + self, + event_stream_id: Annotated[UUID, Field(description="The ID of the event stream.")], + update_event_stream_info: UpdateEventStreamInfo, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> ApiResponse[EventStream]: + """Update event stream + + Updates an existing event streaming connection. + + :param event_stream_id: The ID of the event stream. (required) + :type event_stream_id: UUID + :param update_event_stream_info: (required) + :type update_event_stream_info: UpdateEventStreamInfo + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._update_event_stream_serialize( + event_stream_id=event_stream_id, + update_event_stream_info=update_event_stream_info, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "EventStream", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ) + + + @validate_call + def update_event_stream_without_preload_content( + self, + event_stream_id: Annotated[UUID, Field(description="The ID of the event stream.")], + update_event_stream_info: UpdateEventStreamInfo, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> RESTResponseType: + """Update event stream + + Updates an existing event streaming connection. + + :param event_stream_id: The ID of the event stream. (required) + :type event_stream_id: UUID + :param update_event_stream_info: (required) + :type update_event_stream_info: UpdateEventStreamInfo + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._update_event_stream_serialize( + event_stream_id=event_stream_id, + update_event_stream_info=update_event_stream_info, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "EventStream", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + return response_data.response + + + def _update_event_stream_serialize( + self, + event_stream_id, + update_event_stream_info, + _request_auth, + _content_type, + _headers, + _host_index, + ) -> RequestSerialized: + + _host = None + + _collection_formats: Dict[str, str] = { + } + + _path_params: Dict[str, str] = {} + _query_params: List[Tuple[str, str]] = [] + _header_params: Dict[str, Optional[str]] = _headers or {} + _form_params: List[Tuple[str, str]] = [] + _files: Dict[ + str, Union[str, bytes, List[str], List[bytes], List[Tuple[str, bytes]]] + ] = {} + _body_params: Optional[bytes] = None + + # process the path parameters + if event_stream_id is not None: + _path_params['event_stream_id'] = event_stream_id + # process the query parameters + # process the header parameters + # process the form parameters + # process the body parameter + if update_event_stream_info is not None: + _body_params = update_event_stream_info + + + # set the HTTP header `Accept` + if 'Accept' not in _header_params: + _header_params['Accept'] = self.api_client.select_header_accept( + [ + 'application/json' + ] + ) + + # set the HTTP header `Content-Type` + if _content_type: + _header_params['Content-Type'] = _content_type + else: + _default_content_type = ( + self.api_client.select_header_content_type( + [ + 'application/json' + ] + ) + ) + if _default_content_type is not None: + _header_params['Content-Type'] = _default_content_type + + # authentication setting + _auth_settings: List[str] = [ + 'BearerAuth' + ] + + return self.api_client.param_serialize( + method='PUT', + resource_path='/event-streams/{event_stream_id}', + path_params=_path_params, + query_params=_query_params, + header_params=_header_params, + body=_body_params, + post_params=_form_params, + files=_files, + auth_settings=_auth_settings, + collection_formats=_collection_formats, + _host=_host, + _request_auth=_request_auth + ) + + diff --git a/opal_security/api/opal_queries_api.py b/opal_security/api/opal_queries_api.py new file mode 100644 index 0000000..e5bb1df --- /dev/null +++ b/opal_security/api/opal_queries_api.py @@ -0,0 +1,312 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + +import warnings +from pydantic import validate_call, Field, StrictFloat, StrictStr, StrictInt +from typing import Any, Dict, List, Optional, Tuple, Union +from typing_extensions import Annotated + +from opal_security.models.opal_node_query import OpalNodeQuery +from opal_security.models.opal_node_query_results import OpalNodeQueryResults + +from opal_security.api_client import ApiClient, RequestSerialized +from opal_security.api_response import ApiResponse +from opal_security.rest import RESTResponseType + + +class OpalQueriesApi: + """NOTE: This class is auto generated by OpenAPI Generator + Ref: https://openapi-generator.tech + + Do not edit the class manually. + """ + + def __init__(self, api_client=None) -> None: + if api_client is None: + api_client = ApiClient.get_default() + self.api_client = api_client + + + @validate_call + def run_opal_query( + self, + body: OpalNodeQuery, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> OpalNodeQueryResults: + """Run an ad-hoc OpalQuery + + Runs an ad-hoc OpalQuery and returns the results. Currently supports NODE queries (users, resources, groups). This endpoint is only available to our OpalQuery beta group. Please contact Opal support if you'd like to be added to the beta. + + :param body: (required) + :type body: OpalNodeQuery + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._run_opal_query_serialize( + body=body, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "OpalNodeQueryResults", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ).data + + + @validate_call + def run_opal_query_with_http_info( + self, + body: OpalNodeQuery, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> ApiResponse[OpalNodeQueryResults]: + """Run an ad-hoc OpalQuery + + Runs an ad-hoc OpalQuery and returns the results. Currently supports NODE queries (users, resources, groups). This endpoint is only available to our OpalQuery beta group. Please contact Opal support if you'd like to be added to the beta. + + :param body: (required) + :type body: OpalNodeQuery + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._run_opal_query_serialize( + body=body, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "OpalNodeQueryResults", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ) + + + @validate_call + def run_opal_query_without_preload_content( + self, + body: OpalNodeQuery, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[ + Annotated[StrictFloat, Field(gt=0)], + Annotated[StrictFloat, Field(gt=0)] + ] + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> RESTResponseType: + """Run an ad-hoc OpalQuery + + Runs an ad-hoc OpalQuery and returns the results. Currently supports NODE queries (users, resources, groups). This endpoint is only available to our OpalQuery beta group. Please contact Opal support if you'd like to be added to the beta. + + :param body: (required) + :type body: OpalNodeQuery + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._run_opal_query_serialize( + body=body, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index + ) + + _response_types_map: Dict[str, Optional[str]] = { + '200': "OpalNodeQueryResults", + } + response_data = self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + return response_data.response + + + def _run_opal_query_serialize( + self, + body, + _request_auth, + _content_type, + _headers, + _host_index, + ) -> RequestSerialized: + + _host = None + + _collection_formats: Dict[str, str] = { + } + + _path_params: Dict[str, str] = {} + _query_params: List[Tuple[str, str]] = [] + _header_params: Dict[str, Optional[str]] = _headers or {} + _form_params: List[Tuple[str, str]] = [] + _files: Dict[ + str, Union[str, bytes, List[str], List[bytes], List[Tuple[str, bytes]]] + ] = {} + _body_params: Optional[bytes] = None + + # process the path parameters + # process the query parameters + # process the header parameters + # process the form parameters + # process the body parameter + if body is not None: + _body_params = body + + + # set the HTTP header `Accept` + if 'Accept' not in _header_params: + _header_params['Accept'] = self.api_client.select_header_accept( + [ + 'application/json' + ] + ) + + # set the HTTP header `Content-Type` + if _content_type: + _header_params['Content-Type'] = _content_type + else: + _default_content_type = ( + self.api_client.select_header_content_type( + [ + 'application/json' + ] + ) + ) + if _default_content_type is not None: + _header_params['Content-Type'] = _default_content_type + + # authentication setting + _auth_settings: List[str] = [ + 'BearerAuth' + ] + + return self.api_client.param_serialize( + method='POST', + resource_path='/queries/run', + path_params=_path_params, + query_params=_query_params, + header_params=_header_params, + body=_body_params, + post_params=_form_params, + files=_files, + auth_settings=_auth_settings, + collection_formats=_collection_formats, + _host=_host, + _request_auth=_request_auth + ) + + diff --git a/opal_security/models/__init__.py b/opal_security/models/__init__.py index 306be3e..2b2f8cd 100644 --- a/opal_security/models/__init__.py +++ b/opal_security/models/__init__.py @@ -15,7 +15,9 @@ # import models into model package from opal_security.models.access import Access +from opal_security.models.access_entity_filters import AccessEntityFilters from opal_security.models.access_list import AccessList +from opal_security.models.access_relationship_filters import AccessRelationshipFilters from opal_security.models.access_rule import AccessRule from opal_security.models.add_bundle_group_request import AddBundleGroupRequest from opal_security.models.add_bundle_resource_request import AddBundleResourceRequest @@ -42,6 +44,7 @@ from opal_security.models.create_bundle_info import CreateBundleInfo from opal_security.models.create_configuration_template_info import CreateConfigurationTemplateInfo from opal_security.models.create_delegation_request import CreateDelegationRequest +from opal_security.models.create_event_stream_info import CreateEventStreamInfo from opal_security.models.create_group_binding_info import CreateGroupBindingInfo from opal_security.models.create_group_binding_info_groups_inner import CreateGroupBindingInfoGroupsInner from opal_security.models.create_group_info import CreateGroupInfo @@ -62,8 +65,15 @@ from opal_security.models.create_uar_info import CreateUARInfo from opal_security.models.delegation import Delegation from opal_security.models.deny_request_request import DenyRequestRequest +from opal_security.models.entity_item_type_enum import EntityItemTypeEnum +from opal_security.models.entity_name_filter import EntityNameFilter +from opal_security.models.entity_tag_filter import EntityTagFilter from opal_security.models.entity_type_enum import EntityTypeEnum from opal_security.models.event import Event +from opal_security.models.event_stream import EventStream +from opal_security.models.event_stream_connection import EventStreamConnection +from opal_security.models.event_stream_connection_type_enum import EventStreamConnectionTypeEnum +from opal_security.models.event_stream_list import EventStreamList from opal_security.models.get_resource_user200_response import GetResourceUser200Response from opal_security.models.group import Group from opal_security.models.group_access_level import GroupAccessLevel @@ -85,6 +95,7 @@ from opal_security.models.group_remote_info_github_team import GroupRemoteInfoGithubTeam from opal_security.models.group_remote_info_gitlab_group import GroupRemoteInfoGitlabGroup from opal_security.models.group_remote_info_google_group import GroupRemoteInfoGoogleGroup +from opal_security.models.group_remote_info_grafana_team import GroupRemoteInfoGrafanaTeam from opal_security.models.group_remote_info_incidentio_on_call_schedule import GroupRemoteInfoIncidentioOnCallSchedule from opal_security.models.group_remote_info_ldap_group import GroupRemoteInfoLdapGroup from opal_security.models.group_remote_info_okta_group import GroupRemoteInfoOktaGroup @@ -94,7 +105,10 @@ from opal_security.models.group_remote_info_snowflake_role import GroupRemoteInfoSnowflakeRole from opal_security.models.group_remote_info_tailscale_group import GroupRemoteInfoTailscaleGroup from opal_security.models.group_remote_info_twingate_group import GroupRemoteInfoTwingateGroup +from opal_security.models.group_remote_info_twingate_group_synced import GroupRemoteInfoTwingateGroupSynced from opal_security.models.group_remote_info_workday_user_security_group import GroupRemoteInfoWorkdayUserSecurityGroup +from opal_security.models.group_remote_info_zendesk_group import GroupRemoteInfoZendeskGroup +from opal_security.models.group_remote_info_zendesk_organization import GroupRemoteInfoZendeskOrganization from opal_security.models.group_resource import GroupResource from opal_security.models.group_resource_list import GroupResourceList from opal_security.models.group_type_enum import GroupTypeEnum @@ -111,8 +125,14 @@ from opal_security.models.on_call_schedule_id_list import OnCallScheduleIDList from opal_security.models.on_call_schedule_list import OnCallScheduleList from opal_security.models.on_call_schedule_provider_enum import OnCallScheduleProviderEnum +from opal_security.models.opal_node_query import OpalNodeQuery +from opal_security.models.opal_node_query_body import OpalNodeQueryBody +from opal_security.models.opal_node_query_results import OpalNodeQueryResults +from opal_security.models.opal_query_result_edge import OpalQueryResultEdge +from opal_security.models.opal_query_result_node import OpalQueryResultNode from opal_security.models.owner import Owner from opal_security.models.page_info import PageInfo +from opal_security.models.paginated_access_rules_list import PaginatedAccessRulesList from opal_security.models.paginated_assigned_request_list import PaginatedAssignedRequestList from opal_security.models.paginated_bundle_group_list import PaginatedBundleGroupList from opal_security.models.paginated_bundle_list import PaginatedBundleList @@ -204,6 +224,9 @@ from opal_security.models.resource_remote_info_github_repo import ResourceRemoteInfoGithubRepo from opal_security.models.resource_remote_info_gitlab_project import ResourceRemoteInfoGitlabProject from opal_security.models.resource_remote_info_google_workspace_role import ResourceRemoteInfoGoogleWorkspaceRole +from opal_security.models.resource_remote_info_grafana_dashboard import ResourceRemoteInfoGrafanaDashboard +from opal_security.models.resource_remote_info_grafana_folder import ResourceRemoteInfoGrafanaFolder +from opal_security.models.resource_remote_info_grafana_role import ResourceRemoteInfoGrafanaRole from opal_security.models.resource_remote_info_ilevel_advanced_role import ResourceRemoteInfoIlevelAdvancedRole from opal_security.models.resource_remote_info_netsuite_role import ResourceRemoteInfoNetsuiteRole from opal_security.models.resource_remote_info_okta_app import ResourceRemoteInfoOktaApp @@ -223,6 +246,7 @@ from opal_security.models.resource_remote_info_teleport_role import ResourceRemoteInfoTeleportRole from opal_security.models.resource_remote_info_twingate_resource import ResourceRemoteInfoTwingateResource from opal_security.models.resource_remote_info_workday_role import ResourceRemoteInfoWorkdayRole +from opal_security.models.resource_remote_info_zendesk_role import ResourceRemoteInfoZendeskRole from opal_security.models.resource_type_enum import ResourceTypeEnum from opal_security.models.resource_user import ResourceUser from opal_security.models.resource_user_access_status import ResourceUserAccessStatus @@ -242,6 +266,7 @@ from opal_security.models.scoped_role_permission_list import ScopedRolePermissionList from opal_security.models.session import Session from opal_security.models.sessions_list import SessionsList +from opal_security.models.string_match_type import StringMatchType from opal_security.models.sub_event import SubEvent from opal_security.models.sync_error import SyncError from opal_security.models.sync_error_list import SyncErrorList @@ -259,6 +284,7 @@ from opal_security.models.uar_scope import UARScope from opal_security.models.update_access_rule_info import UpdateAccessRuleInfo from opal_security.models.update_configuration_template_info import UpdateConfigurationTemplateInfo +from opal_security.models.update_event_stream_info import UpdateEventStreamInfo from opal_security.models.update_group_binding_info import UpdateGroupBindingInfo from opal_security.models.update_group_binding_info_list import UpdateGroupBindingInfoList from opal_security.models.update_group_info import UpdateGroupInfo @@ -273,9 +299,15 @@ from opal_security.models.update_resource_info_list import UpdateResourceInfoList from opal_security.models.update_resource_user_request import UpdateResourceUserRequest from opal_security.models.user import User +from opal_security.models.user_attribute_selector import UserAttributeSelector from opal_security.models.user_hr_idp_status_enum import UserHrIdpStatusEnum from opal_security.models.user_id_list import UserIDList from opal_security.models.user_list import UserList from opal_security.models.visibility_info import VisibilityInfo from opal_security.models.visibility_type_enum import VisibilityTypeEnum +from opal_security.models.webhook_api_key_credential import WebhookApiKeyCredential +from opal_security.models.webhook_api_key_location_enum import WebhookApiKeyLocationEnum +from opal_security.models.webhook_auth_type_enum import WebhookAuthTypeEnum +from opal_security.models.webhook_credentials import WebhookCredentials +from opal_security.models.webhook_hmac_credential import WebhookHmacCredential diff --git a/opal_security/models/access_entity_filters.py b/opal_security/models/access_entity_filters.py new file mode 100644 index 0000000..95f78e5 --- /dev/null +++ b/opal_security/models/access_entity_filters.py @@ -0,0 +1,158 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr, field_validator +from typing import Any, ClassVar, Dict, List, Optional +from uuid import UUID +from opal_security.models.entity_item_type_enum import EntityItemTypeEnum +from opal_security.models.entity_name_filter import EntityNameFilter +from opal_security.models.entity_tag_filter import EntityTagFilter +from typing import Optional, Set +from typing_extensions import Self + +class AccessEntityFilters(BaseModel): + """ + Filters for matching entities by type, name, tag, IDs, connections, or access levels. Supports recursive logical composition via allOf/anyOf. + """ # noqa: E501 + entity_types: Optional[List[StrictStr]] = Field(default=None, description="Filter by entity type. Only RESOURCE, GROUP, and USER are queryable via OpalQuery.", alias="entityTypes") + entity_item_types: Optional[List[EntityItemTypeEnum]] = Field(default=None, description="Filter by entity item types.", alias="entityItemTypes") + entity_name: Optional[EntityNameFilter] = Field(default=None, alias="entityName") + entity_tag: Optional[EntityTagFilter] = Field(default=None, alias="entityTag") + entity_ids: Optional[List[UUID]] = Field(default=None, description="Filter by specific entity UUIDs.", alias="entityIDs") + imported_from_app: Optional[List[UUID]] = Field(default=None, description="Filter by app IDs from which returned nodes will be imported from.", alias="importedFromApp") + role_remote_ids: Optional[List[StrictStr]] = Field(default=None, description="Filter by role remote IDs. Can only be applied within a hasAccessTo clause.", alias="roleRemoteIds") + role_names: Optional[List[StrictStr]] = Field(default=None, description="Filter by role display names (e.g. \"Admin\", \"Read\"). Can only be applied within a hasAccessTo clause.", alias="roleNames") + all_of: Optional[List[AccessEntityFilters]] = Field(default=None, description="A list of nested filters that must all match (logical AND). Each item has the same shape as this object — scalar fields like `entityTypes` or `entityTag`, and can further nest `allOf`, `anyOf`, or `not`. ", alias="allOf") + any_of: Optional[List[AccessEntityFilters]] = Field(default=None, description="A list of nested filters where at least one must match (logical OR). Each item has the same shape as this object. ", alias="anyOf") + var_not: Optional[Dict[str, Any]] = Field(default=None, description="Excludes entities matching the embedded filter (logical NOT). Pass a filter object with the same shape as this one — typically a single scalar field, like `{not: {entityTypes: [\"RESOURCE\"]}}` to exclude resources. ", alias="not") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["entityTypes", "entityItemTypes", "entityName", "entityTag", "entityIDs", "importedFromApp", "roleRemoteIds", "roleNames", "allOf", "anyOf", "not"] + + @field_validator('entity_types') + def entity_types_validate_enum(cls, value): + """Validates the enum""" + if value is None: + return value + + for i in value: + if i not in set(['RESOURCE', 'GROUP', 'USER']): + raise ValueError("each list item must be one of ('RESOURCE', 'GROUP', 'USER')") + return value + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of AccessEntityFilters from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of entity_name + if self.entity_name: + _dict['entityName'] = self.entity_name.to_dict() + # override the default output from pydantic by calling `to_dict()` of entity_tag + if self.entity_tag: + _dict['entityTag'] = self.entity_tag.to_dict() + # override the default output from pydantic by calling `to_dict()` of each item in all_of (list) + _items = [] + if self.all_of: + for _item_all_of in self.all_of: + if _item_all_of: + _items.append(_item_all_of.to_dict()) + _dict['allOf'] = _items + # override the default output from pydantic by calling `to_dict()` of each item in any_of (list) + _items = [] + if self.any_of: + for _item_any_of in self.any_of: + if _item_any_of: + _items.append(_item_any_of.to_dict()) + _dict['anyOf'] = _items + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of AccessEntityFilters from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "entityTypes": obj.get("entityTypes"), + "entityItemTypes": obj.get("entityItemTypes"), + "entityName": EntityNameFilter.from_dict(obj["entityName"]) if obj.get("entityName") is not None else None, + "entityTag": EntityTagFilter.from_dict(obj["entityTag"]) if obj.get("entityTag") is not None else None, + "entityIDs": obj.get("entityIDs"), + "importedFromApp": obj.get("importedFromApp"), + "roleRemoteIds": obj.get("roleRemoteIds"), + "roleNames": obj.get("roleNames"), + "allOf": [AccessEntityFilters.from_dict(_item) for _item in obj["allOf"]] if obj.get("allOf") is not None else None, + "anyOf": [AccessEntityFilters.from_dict(_item) for _item in obj["anyOf"]] if obj.get("anyOf") is not None else None, + "not": obj.get("not") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + +# TODO: Rewrite to not use raise_errors +AccessEntityFilters.model_rebuild(raise_errors=False) + diff --git a/opal_security/models/access_relationship_filters.py b/opal_security/models/access_relationship_filters.py new file mode 100644 index 0000000..e0e038e --- /dev/null +++ b/opal_security/models/access_relationship_filters.py @@ -0,0 +1,110 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field +from typing import Any, ClassVar, Dict, List, Optional +from opal_security.models.access_entity_filters import AccessEntityFilters +from typing import Optional, Set +from typing_extensions import Self + +class AccessRelationshipFilters(BaseModel): + """ + Filters the returned nodes by the access edges connected to them. When `isAccessibleBy` and `hasAccessTo` are provided, the returned nodes must satisfy both edge constraints simultaneously. + """ # noqa: E501 + is_accessible_by: Optional[AccessEntityFilters] = Field(default=None, description="Inbound-edge filter. The returned node must be accessible by at least one entity matching this filter.", alias="isAccessibleBy") + has_access_to: Optional[AccessEntityFilters] = Field(default=None, description="Outbound-edge filter. The returned node must have access to at least one entity matching this filter.", alias="hasAccessTo") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["isAccessibleBy", "hasAccessTo"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of AccessRelationshipFilters from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of is_accessible_by + if self.is_accessible_by: + _dict['isAccessibleBy'] = self.is_accessible_by.to_dict() + # override the default output from pydantic by calling `to_dict()` of has_access_to + if self.has_access_to: + _dict['hasAccessTo'] = self.has_access_to.to_dict() + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of AccessRelationshipFilters from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "isAccessibleBy": AccessEntityFilters.from_dict(obj["isAccessibleBy"]) if obj.get("isAccessibleBy") is not None else None, + "hasAccessTo": AccessEntityFilters.from_dict(obj["hasAccessTo"]) if obj.get("hasAccessTo") is not None else None + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/access_rule.py b/opal_security/models/access_rule.py index 74438db..6be2da2 100644 --- a/opal_security/models/access_rule.py +++ b/opal_security/models/access_rule.py @@ -27,7 +27,7 @@ class AccessRule(BaseModel): """ - # Access Rule Object ### Description The `AccessRule` object is used to represent an access rule configuration. ### Usage Example Get access rule configurations from the `GET Access Rule Configs` endpoint. + # Access Rule Object ### Description The `AccessRule` object is used to represent an access rule configuration. ### Usage Example List access rules from the `GET /access-rules` endpoint, or retrieve a single access rule from the `GET /access-rules/{access_rule_id}` endpoint. """ # noqa: E501 access_rule_id: UUID = Field(description="The ID (group ID) of the access rule.") name: StrictStr = Field(description="The name of the access rule.") diff --git a/opal_security/models/create_event_stream_info.py b/opal_security/models/create_event_stream_info.py new file mode 100644 index 0000000..3e114dd --- /dev/null +++ b/opal_security/models/create_event_stream_info.py @@ -0,0 +1,112 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr +from typing import Any, ClassVar, Dict, List, Optional +from opal_security.models.event_stream_connection_type_enum import EventStreamConnectionTypeEnum +from opal_security.models.webhook_credentials import WebhookCredentials +from typing import Optional, Set +from typing_extensions import Self + +class CreateEventStreamInfo(BaseModel): + """ + Information needed to create an event stream. + """ # noqa: E501 + name: StrictStr = Field(description="The name for the event stream.") + connection_type: EventStreamConnectionTypeEnum + webhook_url: Optional[StrictStr] = Field(default=None, description="The webhook URL. Required when connection_type is WEBHOOK.") + credentials: Optional[WebhookCredentials] = None + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["name", "connection_type", "webhook_url", "credentials"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of CreateEventStreamInfo from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of credentials + if self.credentials: + _dict['credentials'] = self.credentials.to_dict() + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of CreateEventStreamInfo from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "name": obj.get("name"), + "connection_type": obj.get("connection_type"), + "webhook_url": obj.get("webhook_url"), + "credentials": WebhookCredentials.from_dict(obj["credentials"]) if obj.get("credentials") is not None else None + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/entity_item_type_enum.py b/opal_security/models/entity_item_type_enum.py new file mode 100644 index 0000000..417c0a9 --- /dev/null +++ b/opal_security/models/entity_item_type_enum.py @@ -0,0 +1,120 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import json +from enum import Enum +from typing_extensions import Self + + +class EntityItemTypeEnum(str, Enum): + """ + Granular subtype of an entity. + """ + + """ + allowed enum values + """ + USER = 'USER' + SERVICE_USER = 'SERVICE_USER' + ACTIVE_DIRECTORY_GROUP = 'ACTIVE_DIRECTORY_GROUP' + AWS_SSO_GROUP = 'AWS_SSO_GROUP' + DUO_GROUP = 'DUO_GROUP' + GIT_HUB_TEAM = 'GIT_HUB_TEAM' + GIT_LAB_GROUP = 'GIT_LAB_GROUP' + GOOGLE_GROUPS_GROUP = 'GOOGLE_GROUPS_GROUP' + GOOGLE_GROUPS_GKE_GROUP = 'GOOGLE_GROUPS_GKE_GROUP' + LDAP_GROUP = 'LDAP_GROUP' + OKTA_GROUP = 'OKTA_GROUP' + OKTA_GROUP_RULE = 'OKTA_GROUP_RULE' + TAILSCALE_GROUP = 'TAILSCALE_GROUP' + TWINGATE_GROUP = 'TWINGATE_GROUP' + TWINGATE_GROUP_SYNCED = 'TWINGATE_GROUP_SYNCED' + OPAL_GROUP = 'OPAL_GROUP' + OPAL_ACCESS_RULE = 'OPAL_ACCESS_RULE' + AZURE_AD_SECURITY_GROUP = 'AZURE_AD_SECURITY_GROUP' + AZURE_AD_MICROSOFT_365_GROUP = 'AZURE_AD_MICROSOFT_365_GROUP' + CONNECTOR_GROUP = 'CONNECTOR_GROUP' + SNOWFLAKE_ROLE = 'SNOWFLAKE_ROLE' + WORKDAY_USER_SECURITY_GROUP = 'WORKDAY_USER_SECURITY_GROUP' + DATABRICKS_ACCOUNT_GROUP = 'DATABRICKS_ACCOUNT_GROUP' + AWS_IAM_ROLE = 'AWS_IAM_ROLE' + AWS_EC2_INSTANCE = 'AWS_EC2_INSTANCE' + AWS_EKS_CLUSTER = 'AWS_EKS_CLUSTER' + AWS_RDS_POSTGRES_INSTANCE = 'AWS_RDS_POSTGRES_INSTANCE' + AWS_RDS_POSTGRES_CLUSTER = 'AWS_RDS_POSTGRES_CLUSTER' + AWS_RDS_MYSQL_INSTANCE = 'AWS_RDS_MYSQL_INSTANCE' + AWS_RDS_MYSQL_CLUSTER = 'AWS_RDS_MYSQL_CLUSTER' + AWS_ACCOUNT = 'AWS_ACCOUNT' + AWS_SSO_PERMISSION_SET = 'AWS_SSO_PERMISSION_SET' + AZURE_MANAGEMENT_GROUP = 'AZURE_MANAGEMENT_GROUP' + AZURE_RESOURCE_GROUP = 'AZURE_RESOURCE_GROUP' + AZURE_SUBSCRIPTION = 'AZURE_SUBSCRIPTION' + AZURE_VIRTUAL_MACHINE = 'AZURE_VIRTUAL_MACHINE' + AZURE_STORAGE_ACCOUNT = 'AZURE_STORAGE_ACCOUNT' + AZURE_STORAGE_CONTAINER = 'AZURE_STORAGE_CONTAINER' + AZURE_SQL_SERVER = 'AZURE_SQL_SERVER' + AZURE_SQL_MANAGED_INSTANCE = 'AZURE_SQL_MANAGED_INSTANCE' + AZURE_SQL_DATABASE = 'AZURE_SQL_DATABASE' + AZURE_SQL_MANAGED_DATABASE = 'AZURE_SQL_MANAGED_DATABASE' + AZURE_USER_ASSIGNED_MANAGED_IDENTITY = 'AZURE_USER_ASSIGNED_MANAGED_Identity' + AZURE_ENTRA_ID_ROLE = 'AZURE_ENTRA_ID_ROLE' + AZURE_ENTERPRISE_APP = 'AZURE_ENTERPRISE_APP' + CUSTOM = 'CUSTOM' + CUSTOM_CONNECTOR = 'CUSTOM_CONNECTOR' + GCP_ORGANIZATION = 'GCP_ORGANIZATION' + GCP_BUCKET = 'GCP_BUCKET' + GCP_COMPUTE_INSTANCE = 'GCP_COMPUTE_INSTANCE' + GCP_BIG_QUERY_DATASET = 'GCP_BIG_QUERY_DATASET' + GCP_BIG_QUERY_TABLE = 'GCP_BIG_QUERY_TABLE' + GCP_FOLDER = 'GCP_FOLDER' + GCP_GKE_CLUSTER = 'GCP_GKE_CLUSTER' + GCP_PROJECT = 'GCP_PROJECT' + GCP_CLOUD_SQL_POSTGRES_INSTANCE = 'GCP_CLOUD_SQL_POSTGRES_INSTANCE' + GCP_CLOUD_SQL_MYSQL_INSTANCE = 'GCP_CLOUD_SQL_MYSQL_INSTANCE' + GCP_SERVICE_ACCOUNT = 'GCP_SERVICE_ACCOUNT' + GIT_HUB_REPO = 'GIT_HUB_REPO' + GIT_HUB_ORG_ROLE = 'GIT_HUB_ORG_ROLE' + GIT_LAB_PROJECT = 'GIT_LAB_PROJECT' + GOOGLE_WORKSPACE_ROLE = 'GOOGLE_WORKSPACE_ROLE' + MONGO_INSTANCE = 'MONGO_INSTANCE' + MONGO_ATLAS_INSTANCE = 'MONGO_ATLAS_INSTANCE' + OKTA_APP = 'OKTA_APP' + OKTA_ROLE = 'OKTA_ROLE' + OPAL_ROLE = 'OPAL_ROLE' + OPAL_SCOPED_ROLE = 'OPAL_SCOPED_ROLE' + PAGERDUTY_ROLE = 'PAGERDUTY_ROLE' + TAILSCALE_SSH = 'TAILSCALE_SSH' + TWINGATE_RESOURCE = 'TWINGATE_RESOURCE' + SALESFORCE_PERMISSION_SET = 'SALESFORCE_PERMISSION_SET' + SALESFORCE_PROFILE = 'SALESFORCE_PROFILE' + SALESFORCE_ROLE = 'SALESFORCE_ROLE' + SNOWFLAKE_DATABASE = 'SNOWFLAKE_DATABASE' + SNOWFLAKE_SCHEMA = 'SNOWFLAKE_SCHEMA' + SNOWFLAKE_TABLE = 'SNOWFLAKE_TABLE' + WORKDAY_ROLE = 'WORKDAY_ROLE' + MYSQL_INSTANCE = 'MYSQL_INSTANCE' + MARIADB_INSTANCE = 'MARIADB_INSTANCE' + POSTGRES_INSTANCE = 'POSTGRES_INSTANCE' + TELEPORT_ROLE = 'TELEPORT_ROLE' + DATABRICKS_ACCOUNT_SERVICE_PRINCIPAL = 'DATABRICKS_ACCOUNT_SERVICE_PRINCIPAL' + ILEVEL_ADVANCED_ROLE = 'ILEVEL_ADVANCED_ROLE' + + @classmethod + def from_json(cls, json_str: str) -> Self: + """Create an instance of EntityItemTypeEnum from a JSON string""" + return cls(json.loads(json_str)) + + diff --git a/opal_security/models/entity_name_filter.py b/opal_security/models/entity_name_filter.py new file mode 100644 index 0000000..f81c3d2 --- /dev/null +++ b/opal_security/models/entity_name_filter.py @@ -0,0 +1,104 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr +from typing import Any, ClassVar, Dict, List +from opal_security.models.string_match_type import StringMatchType +from typing import Optional, Set +from typing_extensions import Self + +class EntityNameFilter(BaseModel): + """ + Filters entities by name using a string match strategy. + """ # noqa: E501 + string_match_type: StringMatchType = Field(alias="stringMatchType") + string: StrictStr = Field(description="The string value to match against the entity name.") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["stringMatchType", "string"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of EntityNameFilter from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of EntityNameFilter from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "stringMatchType": obj.get("stringMatchType"), + "string": obj.get("string") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/entity_tag_filter.py b/opal_security/models/entity_tag_filter.py new file mode 100644 index 0000000..a2716e4 --- /dev/null +++ b/opal_security/models/entity_tag_filter.py @@ -0,0 +1,106 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr +from typing import Any, ClassVar, Dict, List, Optional +from uuid import UUID +from typing import Optional, Set +from typing_extensions import Self + +class EntityTagFilter(BaseModel): + """ + Filters entities by a tag key/value pair, optionally scoped to a connection. + """ # noqa: E501 + key: StrictStr = Field(description="The tag key to filter by.") + value: Optional[StrictStr] = Field(default=None, description="The tag value to filter by. If omitted, matches any value for the given key.") + connection_id: Optional[UUID] = Field(default=None, description="If specified, filters by tags associated with this connection.", alias="connectionId") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["key", "value", "connectionId"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of EntityTagFilter from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of EntityTagFilter from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "key": obj.get("key"), + "value": obj.get("value"), + "connectionId": obj.get("connectionId") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/event_stream.py b/opal_security/models/event_stream.py new file mode 100644 index 0000000..1ca78ed --- /dev/null +++ b/opal_security/models/event_stream.py @@ -0,0 +1,108 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field +from typing import Any, ClassVar, Dict, List +from uuid import UUID +from opal_security.models.event_stream_connection import EventStreamConnection +from typing import Optional, Set +from typing_extensions import Self + +class EventStream(BaseModel): + """ + An event streaming connection that publishes events to an external system. + """ # noqa: E501 + event_stream_id: UUID = Field(description="The ID of the event stream.") + connection: EventStreamConnection + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["event_stream_id", "connection"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of EventStream from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of connection + if self.connection: + _dict['connection'] = self.connection.to_dict() + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of EventStream from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "event_stream_id": obj.get("event_stream_id"), + "connection": EventStreamConnection.from_dict(obj["connection"]) if obj.get("connection") is not None else None + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/event_stream_connection.py b/opal_security/models/event_stream_connection.py new file mode 100644 index 0000000..2d88a5a --- /dev/null +++ b/opal_security/models/event_stream_connection.py @@ -0,0 +1,114 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictBool, StrictStr +from typing import Any, ClassVar, Dict, List, Optional +from opal_security.models.event_stream_connection_type_enum import EventStreamConnectionTypeEnum +from opal_security.models.webhook_credentials import WebhookCredentials +from typing import Optional, Set +from typing_extensions import Self + +class EventStreamConnection(BaseModel): + """ + The connection configuration for an event stream. + """ # noqa: E501 + name: StrictStr = Field(description="The name of the connection.") + connection_type: EventStreamConnectionTypeEnum + enabled: StrictBool = Field(description="Whether the connection is enabled.") + webhook_url: Optional[StrictStr] = Field(default=None, description="The webhook URL, present when connection_type is WEBHOOK.") + credentials: Optional[WebhookCredentials] = None + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["name", "connection_type", "enabled", "webhook_url", "credentials"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of EventStreamConnection from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of credentials + if self.credentials: + _dict['credentials'] = self.credentials.to_dict() + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of EventStreamConnection from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "name": obj.get("name"), + "connection_type": obj.get("connection_type"), + "enabled": obj.get("enabled"), + "webhook_url": obj.get("webhook_url"), + "credentials": WebhookCredentials.from_dict(obj["credentials"]) if obj.get("credentials") is not None else None + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/event_stream_connection_type_enum.py b/opal_security/models/event_stream_connection_type_enum.py new file mode 100644 index 0000000..7da7f49 --- /dev/null +++ b/opal_security/models/event_stream_connection_type_enum.py @@ -0,0 +1,37 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import json +from enum import Enum +from typing_extensions import Self + + +class EventStreamConnectionTypeEnum(str, Enum): + """ + The type of event stream connection. + """ + + """ + allowed enum values + """ + WEBHOOK = 'WEBHOOK' + + @classmethod + def from_json(cls, json_str: str) -> Self: + """Create an instance of EventStreamConnectionTypeEnum from a JSON string""" + return cls(json.loads(json_str)) + + diff --git a/opal_security/models/event_stream_list.py b/opal_security/models/event_stream_list.py new file mode 100644 index 0000000..fd74be9 --- /dev/null +++ b/opal_security/models/event_stream_list.py @@ -0,0 +1,109 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict +from typing import Any, ClassVar, Dict, List +from opal_security.models.event_stream import EventStream +from typing import Optional, Set +from typing_extensions import Self + +class EventStreamList(BaseModel): + """ + A list of event streams. + """ # noqa: E501 + event_streams: List[EventStream] + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["event_streams"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of EventStreamList from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of each item in event_streams (list) + _items = [] + if self.event_streams: + for _item_event_streams in self.event_streams: + if _item_event_streams: + _items.append(_item_event_streams.to_dict()) + _dict['event_streams'] = _items + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of EventStreamList from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "event_streams": [EventStream.from_dict(_item) for _item in obj["event_streams"]] if obj.get("event_streams") is not None else None + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/group_remote_info.py b/opal_security/models/group_remote_info.py index db3c0c7..13b6284 100644 --- a/opal_security/models/group_remote_info.py +++ b/opal_security/models/group_remote_info.py @@ -33,6 +33,7 @@ from opal_security.models.group_remote_info_github_team import GroupRemoteInfoGithubTeam from opal_security.models.group_remote_info_gitlab_group import GroupRemoteInfoGitlabGroup from opal_security.models.group_remote_info_google_group import GroupRemoteInfoGoogleGroup +from opal_security.models.group_remote_info_grafana_team import GroupRemoteInfoGrafanaTeam from opal_security.models.group_remote_info_incidentio_on_call_schedule import GroupRemoteInfoIncidentioOnCallSchedule from opal_security.models.group_remote_info_ldap_group import GroupRemoteInfoLdapGroup from opal_security.models.group_remote_info_okta_group import GroupRemoteInfoOktaGroup @@ -42,7 +43,10 @@ from opal_security.models.group_remote_info_snowflake_role import GroupRemoteInfoSnowflakeRole from opal_security.models.group_remote_info_tailscale_group import GroupRemoteInfoTailscaleGroup from opal_security.models.group_remote_info_twingate_group import GroupRemoteInfoTwingateGroup +from opal_security.models.group_remote_info_twingate_group_synced import GroupRemoteInfoTwingateGroupSynced from opal_security.models.group_remote_info_workday_user_security_group import GroupRemoteInfoWorkdayUserSecurityGroup +from opal_security.models.group_remote_info_zendesk_group import GroupRemoteInfoZendeskGroup +from opal_security.models.group_remote_info_zendesk_organization import GroupRemoteInfoZendeskOrganization from typing import Optional, Set from typing_extensions import Self @@ -53,6 +57,7 @@ class GroupRemoteInfo(BaseModel): active_directory_group: Optional[GroupRemoteInfoActiveDirectoryGroup] = None tailscale_group: Optional[GroupRemoteInfoTailscaleGroup] = None twingate_group: Optional[GroupRemoteInfoTwingateGroup] = None + twingate_group_synced: Optional[GroupRemoteInfoTwingateGroupSynced] = None aws_sso_group: Optional[GroupRemoteInfoAwsSsoGroup] = None databricks_account_group: Optional[GroupRemoteInfoDatabricksAccountGroup] = None connector_group: Optional[GroupRemoteInfoConnectorGroup] = None @@ -73,8 +78,11 @@ class GroupRemoteInfo(BaseModel): rootly_on_call_schedule: Optional[GroupRemoteInfoRootlyOnCallSchedule] = None devin_group: Optional[GroupRemoteInfoDevinGroup] = None clickhouse_role: Optional[GroupRemoteInfoClickhouseRole] = None + grafana_team: Optional[GroupRemoteInfoGrafanaTeam] = None + zendesk_group: Optional[GroupRemoteInfoZendeskGroup] = None + zendesk_organization: Optional[GroupRemoteInfoZendeskOrganization] = None additional_properties: Dict[str, Any] = {} - __properties: ClassVar[List[str]] = ["active_directory_group", "tailscale_group", "twingate_group", "aws_sso_group", "databricks_account_group", "connector_group", "github_team", "github_enterprise_team", "gitlab_group", "google_group", "ldap_group", "okta_group", "duo_group", "azure_ad_security_group", "azure_ad_microsoft_365_group", "snowflake_role", "okta_group_rule", "workday_user_security_group", "pagerduty_on_call_schedule", "incidentio_on_call_schedule", "rootly_on_call_schedule", "devin_group", "clickhouse_role"] + __properties: ClassVar[List[str]] = ["active_directory_group", "tailscale_group", "twingate_group", "twingate_group_synced", "aws_sso_group", "databricks_account_group", "connector_group", "github_team", "github_enterprise_team", "gitlab_group", "google_group", "ldap_group", "okta_group", "duo_group", "azure_ad_security_group", "azure_ad_microsoft_365_group", "snowflake_role", "okta_group_rule", "workday_user_security_group", "pagerduty_on_call_schedule", "incidentio_on_call_schedule", "rootly_on_call_schedule", "devin_group", "clickhouse_role", "grafana_team", "zendesk_group", "zendesk_organization"] model_config = ConfigDict( populate_by_name=True, @@ -126,6 +134,9 @@ def to_dict(self) -> Dict[str, Any]: # override the default output from pydantic by calling `to_dict()` of twingate_group if self.twingate_group: _dict['twingate_group'] = self.twingate_group.to_dict() + # override the default output from pydantic by calling `to_dict()` of twingate_group_synced + if self.twingate_group_synced: + _dict['twingate_group_synced'] = self.twingate_group_synced.to_dict() # override the default output from pydantic by calling `to_dict()` of aws_sso_group if self.aws_sso_group: _dict['aws_sso_group'] = self.aws_sso_group.to_dict() @@ -186,6 +197,15 @@ def to_dict(self) -> Dict[str, Any]: # override the default output from pydantic by calling `to_dict()` of clickhouse_role if self.clickhouse_role: _dict['clickhouse_role'] = self.clickhouse_role.to_dict() + # override the default output from pydantic by calling `to_dict()` of grafana_team + if self.grafana_team: + _dict['grafana_team'] = self.grafana_team.to_dict() + # override the default output from pydantic by calling `to_dict()` of zendesk_group + if self.zendesk_group: + _dict['zendesk_group'] = self.zendesk_group.to_dict() + # override the default output from pydantic by calling `to_dict()` of zendesk_organization + if self.zendesk_organization: + _dict['zendesk_organization'] = self.zendesk_organization.to_dict() # puts key-value pairs in additional_properties in the top level if self.additional_properties is not None: for _key, _value in self.additional_properties.items(): @@ -206,6 +226,7 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: "active_directory_group": GroupRemoteInfoActiveDirectoryGroup.from_dict(obj["active_directory_group"]) if obj.get("active_directory_group") is not None else None, "tailscale_group": GroupRemoteInfoTailscaleGroup.from_dict(obj["tailscale_group"]) if obj.get("tailscale_group") is not None else None, "twingate_group": GroupRemoteInfoTwingateGroup.from_dict(obj["twingate_group"]) if obj.get("twingate_group") is not None else None, + "twingate_group_synced": GroupRemoteInfoTwingateGroupSynced.from_dict(obj["twingate_group_synced"]) if obj.get("twingate_group_synced") is not None else None, "aws_sso_group": GroupRemoteInfoAwsSsoGroup.from_dict(obj["aws_sso_group"]) if obj.get("aws_sso_group") is not None else None, "databricks_account_group": GroupRemoteInfoDatabricksAccountGroup.from_dict(obj["databricks_account_group"]) if obj.get("databricks_account_group") is not None else None, "connector_group": GroupRemoteInfoConnectorGroup.from_dict(obj["connector_group"]) if obj.get("connector_group") is not None else None, @@ -225,7 +246,10 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: "incidentio_on_call_schedule": GroupRemoteInfoIncidentioOnCallSchedule.from_dict(obj["incidentio_on_call_schedule"]) if obj.get("incidentio_on_call_schedule") is not None else None, "rootly_on_call_schedule": GroupRemoteInfoRootlyOnCallSchedule.from_dict(obj["rootly_on_call_schedule"]) if obj.get("rootly_on_call_schedule") is not None else None, "devin_group": GroupRemoteInfoDevinGroup.from_dict(obj["devin_group"]) if obj.get("devin_group") is not None else None, - "clickhouse_role": GroupRemoteInfoClickhouseRole.from_dict(obj["clickhouse_role"]) if obj.get("clickhouse_role") is not None else None + "clickhouse_role": GroupRemoteInfoClickhouseRole.from_dict(obj["clickhouse_role"]) if obj.get("clickhouse_role") is not None else None, + "grafana_team": GroupRemoteInfoGrafanaTeam.from_dict(obj["grafana_team"]) if obj.get("grafana_team") is not None else None, + "zendesk_group": GroupRemoteInfoZendeskGroup.from_dict(obj["zendesk_group"]) if obj.get("zendesk_group") is not None else None, + "zendesk_organization": GroupRemoteInfoZendeskOrganization.from_dict(obj["zendesk_organization"]) if obj.get("zendesk_organization") is not None else None }) # store additional fields in additional_properties for _key in obj.keys(): diff --git a/opal_security/models/group_remote_info_github_team.py b/opal_security/models/group_remote_info_github_team.py index 47570c3..f6c2d42 100644 --- a/opal_security/models/group_remote_info_github_team.py +++ b/opal_security/models/group_remote_info_github_team.py @@ -29,8 +29,9 @@ class GroupRemoteInfoGithubTeam(BaseModel): """ # noqa: E501 team_id: Optional[StrictStr] = Field(default=None, description="The id of the GitHub team.") team_slug: StrictStr = Field(description="The slug of the GitHub team.") + org_name: Optional[StrictStr] = Field(default=None, description="GitHub team's org name, required only for Enterprise") additional_properties: Dict[str, Any] = {} - __properties: ClassVar[List[str]] = ["team_id", "team_slug"] + __properties: ClassVar[List[str]] = ["team_id", "team_slug", "org_name"] model_config = ConfigDict( populate_by_name=True, @@ -91,7 +92,8 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: _obj = cls.model_validate({ "team_id": obj.get("team_id"), - "team_slug": obj.get("team_slug") + "team_slug": obj.get("team_slug"), + "org_name": obj.get("org_name") }) # store additional fields in additional_properties for _key in obj.keys(): diff --git a/opal_security/models/group_remote_info_grafana_team.py b/opal_security/models/group_remote_info_grafana_team.py new file mode 100644 index 0000000..45f2d8f --- /dev/null +++ b/opal_security/models/group_remote_info_grafana_team.py @@ -0,0 +1,101 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr +from typing import Any, ClassVar, Dict, List +from typing import Optional, Set +from typing_extensions import Self + +class GroupRemoteInfoGrafanaTeam(BaseModel): + """ + Remote info for Grafana team. + """ # noqa: E501 + team_id: StrictStr = Field(description="The ID of the team.") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["team_id"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of GroupRemoteInfoGrafanaTeam from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of GroupRemoteInfoGrafanaTeam from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "team_id": obj.get("team_id") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/group_remote_info_twingate_group_synced.py b/opal_security/models/group_remote_info_twingate_group_synced.py new file mode 100644 index 0000000..6d1f275 --- /dev/null +++ b/opal_security/models/group_remote_info_twingate_group_synced.py @@ -0,0 +1,101 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr +from typing import Any, ClassVar, Dict, List +from typing import Optional, Set +from typing_extensions import Self + +class GroupRemoteInfoTwingateGroupSynced(BaseModel): + """ + Remote info for Twingate synced group. + """ # noqa: E501 + group_id: StrictStr = Field(description="The id of the Twingate synced group.") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["group_id"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of GroupRemoteInfoTwingateGroupSynced from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of GroupRemoteInfoTwingateGroupSynced from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "group_id": obj.get("group_id") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/group_remote_info_zendesk_group.py b/opal_security/models/group_remote_info_zendesk_group.py new file mode 100644 index 0000000..0b152e5 --- /dev/null +++ b/opal_security/models/group_remote_info_zendesk_group.py @@ -0,0 +1,101 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr +from typing import Any, ClassVar, Dict, List +from typing import Optional, Set +from typing_extensions import Self + +class GroupRemoteInfoZendeskGroup(BaseModel): + """ + Remote info for Zendesk group. + """ # noqa: E501 + group_id: StrictStr = Field(description="The ID of the Zendesk group.") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["group_id"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of GroupRemoteInfoZendeskGroup from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of GroupRemoteInfoZendeskGroup from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "group_id": obj.get("group_id") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/group_remote_info_zendesk_organization.py b/opal_security/models/group_remote_info_zendesk_organization.py new file mode 100644 index 0000000..2cce76d --- /dev/null +++ b/opal_security/models/group_remote_info_zendesk_organization.py @@ -0,0 +1,101 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr +from typing import Any, ClassVar, Dict, List +from typing import Optional, Set +from typing_extensions import Self + +class GroupRemoteInfoZendeskOrganization(BaseModel): + """ + Remote info for Zendesk organization. + """ # noqa: E501 + organization_id: StrictStr = Field(description="The ID of the Zendesk organization.") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["organization_id"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of GroupRemoteInfoZendeskOrganization from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of GroupRemoteInfoZendeskOrganization from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "organization_id": obj.get("organization_id") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/group_type_enum.py b/opal_security/models/group_type_enum.py index 2ebd21e..87aa985 100644 --- a/opal_security/models/group_type_enum.py +++ b/opal_security/models/group_type_enum.py @@ -54,6 +54,9 @@ class GroupTypeEnum(str, Enum): GRAFANA_TEAM = 'GRAFANA_TEAM' CLICKHOUSE_ROLE = 'CLICKHOUSE_ROLE' TWINGATE_GROUP = 'TWINGATE_GROUP' + TWINGATE_GROUP_SYNCED = 'TWINGATE_GROUP_SYNCED' + ZENDESK_GROUP = 'ZENDESK_GROUP' + ZENDESK_ORGANIZATION = 'ZENDESK_ORGANIZATION' @classmethod def from_json(cls, json_str: str) -> Self: diff --git a/opal_security/models/opal_node_query.py b/opal_security/models/opal_node_query.py new file mode 100644 index 0000000..35b278b --- /dev/null +++ b/opal_security/models/opal_node_query.py @@ -0,0 +1,118 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictInt, StrictStr, field_validator +from typing import Any, ClassVar, Dict, List, Optional +from opal_security.models.opal_node_query_body import OpalNodeQueryBody +from typing import Optional, Set +from typing_extensions import Self + +class OpalNodeQuery(BaseModel): + """ + Request body for a NODE-type OpalQuery. Returns entities (users, resources, groups) matching the given filters. + """ # noqa: E501 + type: StrictStr + query: Optional[OpalNodeQueryBody] = None + first: Optional[StrictInt] = Field(default=None, description="Maximum number of results to return. Defaults to 200.") + after: Optional[StrictStr] = Field(default=None, description="Cursor from a previous response to fetch the next page of results.") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["type", "query", "first", "after"] + + @field_validator('type') + def type_validate_enum(cls, value): + """Validates the enum""" + if value not in set(['NODE']): + raise ValueError("must be one of enum values ('NODE')") + return value + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of OpalNodeQuery from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of query + if self.query: + _dict['query'] = self.query.to_dict() + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of OpalNodeQuery from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "type": obj.get("type"), + "query": OpalNodeQueryBody.from_dict(obj["query"]) if obj.get("query") is not None else None, + "first": obj.get("first"), + "after": obj.get("after") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/opal_node_query_body.py b/opal_security/models/opal_node_query_body.py new file mode 100644 index 0000000..78bf789 --- /dev/null +++ b/opal_security/models/opal_node_query_body.py @@ -0,0 +1,111 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field +from typing import Any, ClassVar, Dict, List, Optional +from opal_security.models.access_entity_filters import AccessEntityFilters +from opal_security.models.access_relationship_filters import AccessRelationshipFilters +from typing import Optional, Set +from typing_extensions import Self + +class OpalNodeQueryBody(BaseModel): + """ + The filter body for a NODE-type OpalQuery. + """ # noqa: E501 + node_filters: Optional[AccessEntityFilters] = Field(default=None, alias="nodeFilters") + access_filters: Optional[AccessRelationshipFilters] = Field(default=None, alias="accessFilters") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["nodeFilters", "accessFilters"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of OpalNodeQueryBody from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of node_filters + if self.node_filters: + _dict['nodeFilters'] = self.node_filters.to_dict() + # override the default output from pydantic by calling `to_dict()` of access_filters + if self.access_filters: + _dict['accessFilters'] = self.access_filters.to_dict() + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of OpalNodeQueryBody from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "nodeFilters": AccessEntityFilters.from_dict(obj["nodeFilters"]) if obj.get("nodeFilters") is not None else None, + "accessFilters": AccessRelationshipFilters.from_dict(obj["accessFilters"]) if obj.get("accessFilters") is not None else None + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/opal_node_query_results.py b/opal_security/models/opal_node_query_results.py new file mode 100644 index 0000000..83aed17 --- /dev/null +++ b/opal_security/models/opal_node_query_results.py @@ -0,0 +1,124 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr, field_validator +from typing import Any, ClassVar, Dict, List +from opal_security.models.opal_query_result_edge import OpalQueryResultEdge +from opal_security.models.page_info import PageInfo +from typing import Optional, Set +from typing_extensions import Self + +class OpalNodeQueryResults(BaseModel): + """ + Paginated results of a NODE-type OpalQuery — one edge per matched entity (user, resource, or group). + """ # noqa: E501 + type: StrictStr + edges: List[OpalQueryResultEdge] = Field(description="List of matched entities.") + page_info: PageInfo = Field(alias="pageInfo") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["type", "edges", "pageInfo"] + + @field_validator('type') + def type_validate_enum(cls, value): + """Validates the enum""" + if value not in set(['NODE']): + raise ValueError("must be one of enum values ('NODE')") + return value + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of OpalNodeQueryResults from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of each item in edges (list) + _items = [] + if self.edges: + for _item_edges in self.edges: + if _item_edges: + _items.append(_item_edges.to_dict()) + _dict['edges'] = _items + # override the default output from pydantic by calling `to_dict()` of page_info + if self.page_info: + _dict['pageInfo'] = self.page_info.to_dict() + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of OpalNodeQueryResults from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "type": obj.get("type"), + "edges": [OpalQueryResultEdge.from_dict(_item) for _item in obj["edges"]] if obj.get("edges") is not None else None, + "pageInfo": PageInfo.from_dict(obj["pageInfo"]) if obj.get("pageInfo") is not None else None + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/opal_query_result_edge.py b/opal_security/models/opal_query_result_edge.py new file mode 100644 index 0000000..79dcad9 --- /dev/null +++ b/opal_security/models/opal_query_result_edge.py @@ -0,0 +1,107 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr +from typing import Any, ClassVar, Dict, List +from opal_security.models.opal_query_result_node import OpalQueryResultNode +from typing import Optional, Set +from typing_extensions import Self + +class OpalQueryResultEdge(BaseModel): + """ + A single result edge from an OpalQuery, containing the matched entity and its pagination cursor. + """ # noqa: E501 + node: OpalQueryResultNode + cursor: StrictStr = Field(description="Opaque cursor for this entity, used for pagination.") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["node", "cursor"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of OpalQueryResultEdge from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of node + if self.node: + _dict['node'] = self.node.to_dict() + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of OpalQueryResultEdge from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "node": OpalQueryResultNode.from_dict(obj["node"]) if obj.get("node") is not None else None, + "cursor": obj.get("cursor") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/opal_query_result_node.py b/opal_security/models/opal_query_result_node.py new file mode 100644 index 0000000..f0c734f --- /dev/null +++ b/opal_security/models/opal_query_result_node.py @@ -0,0 +1,116 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr, field_validator +from typing import Any, ClassVar, Dict, List +from uuid import UUID +from opal_security.models.entity_item_type_enum import EntityItemTypeEnum +from typing import Optional, Set +from typing_extensions import Self + +class OpalQueryResultNode(BaseModel): + """ + A matched entity from an OpalQuery result. + """ # noqa: E501 + id: UUID = Field(description="The entity's unique identifier.") + name: StrictStr = Field(description="The display name of the entity.") + entity_type: StrictStr = Field(description="The top-level entity type.", alias="entityType") + entity_item_type: EntityItemTypeEnum = Field(alias="entityItemType") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["id", "name", "entityType", "entityItemType"] + + @field_validator('entity_type') + def entity_type_validate_enum(cls, value): + """Validates the enum""" + if value not in set(['USER', 'GROUP', 'RESOURCE']): + raise ValueError("must be one of enum values ('USER', 'GROUP', 'RESOURCE')") + return value + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of OpalQueryResultNode from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of OpalQueryResultNode from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "id": obj.get("id"), + "name": obj.get("name"), + "entityType": obj.get("entityType"), + "entityItemType": obj.get("entityItemType") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/paginated_access_rules_list.py b/opal_security/models/paginated_access_rules_list.py new file mode 100644 index 0000000..ab3e28c --- /dev/null +++ b/opal_security/models/paginated_access_rules_list.py @@ -0,0 +1,113 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr +from typing import Any, ClassVar, Dict, List, Optional +from opal_security.models.access_rule import AccessRule +from typing import Optional, Set +from typing_extensions import Self + +class PaginatedAccessRulesList(BaseModel): + """ + PaginatedAccessRulesList + """ # noqa: E501 + next: Optional[StrictStr] = Field(default=None, description="The cursor with which to continue pagination if additional result pages exist.") + previous: Optional[StrictStr] = Field(default=None, description="The cursor used to retrieve the previous page of results.") + results: List[AccessRule] + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["next", "previous", "results"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of PaginatedAccessRulesList from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of each item in results (list) + _items = [] + if self.results: + for _item_results in self.results: + if _item_results: + _items.append(_item_results.to_dict()) + _dict['results'] = _items + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of PaginatedAccessRulesList from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "next": obj.get("next"), + "previous": obj.get("previous"), + "results": [AccessRule.from_dict(_item) for _item in obj["results"]] if obj.get("results") is not None else None + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/resource_remote_info.py b/opal_security/models/resource_remote_info.py index dea3112..964cb11 100644 --- a/opal_security/models/resource_remote_info.py +++ b/opal_security/models/resource_remote_info.py @@ -68,6 +68,9 @@ from opal_security.models.resource_remote_info_github_repo import ResourceRemoteInfoGithubRepo from opal_security.models.resource_remote_info_gitlab_project import ResourceRemoteInfoGitlabProject from opal_security.models.resource_remote_info_google_workspace_role import ResourceRemoteInfoGoogleWorkspaceRole +from opal_security.models.resource_remote_info_grafana_dashboard import ResourceRemoteInfoGrafanaDashboard +from opal_security.models.resource_remote_info_grafana_folder import ResourceRemoteInfoGrafanaFolder +from opal_security.models.resource_remote_info_grafana_role import ResourceRemoteInfoGrafanaRole from opal_security.models.resource_remote_info_ilevel_advanced_role import ResourceRemoteInfoIlevelAdvancedRole from opal_security.models.resource_remote_info_netsuite_role import ResourceRemoteInfoNetsuiteRole from opal_security.models.resource_remote_info_okta_app import ResourceRemoteInfoOktaApp @@ -87,6 +90,7 @@ from opal_security.models.resource_remote_info_teleport_role import ResourceRemoteInfoTeleportRole from opal_security.models.resource_remote_info_twingate_resource import ResourceRemoteInfoTwingateResource from opal_security.models.resource_remote_info_workday_role import ResourceRemoteInfoWorkdayRole +from opal_security.models.resource_remote_info_zendesk_role import ResourceRemoteInfoZendeskRole from typing import Optional, Set from typing_extensions import Self @@ -161,8 +165,12 @@ class ResourceRemoteInfo(BaseModel): datadog_role: Optional[ResourceRemoteInfoDatadogRole] = None clickhouse_database: Optional[ResourceRemoteInfoClickhouseDatabase] = None clickhouse_table: Optional[ResourceRemoteInfoClickhouseTable] = None + grafana_folder: Optional[ResourceRemoteInfoGrafanaFolder] = None + grafana_dashboard: Optional[ResourceRemoteInfoGrafanaDashboard] = None + grafana_role: Optional[ResourceRemoteInfoGrafanaRole] = None + zendesk_role: Optional[ResourceRemoteInfoZendeskRole] = None additional_properties: Dict[str, Any] = {} - __properties: ClassVar[List[str]] = ["databricks_account_service_principal", "azure_subscription", "azure_resource_group", "azure_management_group", "azure_virtual_machine", "azure_storage_account", "azure_storage_container", "azure_sql_server", "azure_sql_database", "azure_sql_managed_instance", "azure_sql_managed_database", "azure_user_assigned_managed_identity", "azure_enterprise_app", "azure_entra_id_role", "aws_organizational_unit", "aws_account", "aws_permission_set", "aws_iam_role", "aws_ec2_instance", "aws_rds_cluster", "aws_rds_instance", "aws_eks_cluster", "custom_connector", "gcp_organization", "gcp_bucket", "gcp_compute_instance", "gcp_big_query_dataset", "gcp_big_query_table", "gcp_folder", "gcp_gke_cluster", "gcp_project", "gcp_sql_instance", "gcp_service_account", "google_workspace_role", "github_repo", "github_org_role", "github_org", "github_enterprise_role", "gitlab_project", "okta_app", "okta_standard_role", "okta_custom_role", "snowflake_database", "snowflake_schema", "snowflake_table", "ilevel_advanced_role", "tailscale_ssh", "twingate_resource", "pagerduty_role", "workday_role", "salesforce_permission_set", "salesforce_profile", "salesforce_role", "teleport_role", "datastax_astra_role", "coupa_role", "cursor_organization", "openai_platform_project", "openai_platform_service_account", "anthropic_workspace", "oracle_fusion_role", "devin_organization", "devin_role", "netsuite_role", "datadog_role", "clickhouse_database", "clickhouse_table"] + __properties: ClassVar[List[str]] = ["databricks_account_service_principal", "azure_subscription", "azure_resource_group", "azure_management_group", "azure_virtual_machine", "azure_storage_account", "azure_storage_container", "azure_sql_server", "azure_sql_database", "azure_sql_managed_instance", "azure_sql_managed_database", "azure_user_assigned_managed_identity", "azure_enterprise_app", "azure_entra_id_role", "aws_organizational_unit", "aws_account", "aws_permission_set", "aws_iam_role", "aws_ec2_instance", "aws_rds_cluster", "aws_rds_instance", "aws_eks_cluster", "custom_connector", "gcp_organization", "gcp_bucket", "gcp_compute_instance", "gcp_big_query_dataset", "gcp_big_query_table", "gcp_folder", "gcp_gke_cluster", "gcp_project", "gcp_sql_instance", "gcp_service_account", "google_workspace_role", "github_repo", "github_org_role", "github_org", "github_enterprise_role", "gitlab_project", "okta_app", "okta_standard_role", "okta_custom_role", "snowflake_database", "snowflake_schema", "snowflake_table", "ilevel_advanced_role", "tailscale_ssh", "twingate_resource", "pagerduty_role", "workday_role", "salesforce_permission_set", "salesforce_profile", "salesforce_role", "teleport_role", "datastax_astra_role", "coupa_role", "cursor_organization", "openai_platform_project", "openai_platform_service_account", "anthropic_workspace", "oracle_fusion_role", "devin_organization", "devin_role", "netsuite_role", "datadog_role", "clickhouse_database", "clickhouse_table", "grafana_folder", "grafana_dashboard", "grafana_role", "zendesk_role"] model_config = ConfigDict( populate_by_name=True, @@ -406,6 +414,18 @@ def to_dict(self) -> Dict[str, Any]: # override the default output from pydantic by calling `to_dict()` of clickhouse_table if self.clickhouse_table: _dict['clickhouse_table'] = self.clickhouse_table.to_dict() + # override the default output from pydantic by calling `to_dict()` of grafana_folder + if self.grafana_folder: + _dict['grafana_folder'] = self.grafana_folder.to_dict() + # override the default output from pydantic by calling `to_dict()` of grafana_dashboard + if self.grafana_dashboard: + _dict['grafana_dashboard'] = self.grafana_dashboard.to_dict() + # override the default output from pydantic by calling `to_dict()` of grafana_role + if self.grafana_role: + _dict['grafana_role'] = self.grafana_role.to_dict() + # override the default output from pydantic by calling `to_dict()` of zendesk_role + if self.zendesk_role: + _dict['zendesk_role'] = self.zendesk_role.to_dict() # puts key-value pairs in additional_properties in the top level if self.additional_properties is not None: for _key, _value in self.additional_properties.items(): @@ -489,7 +509,11 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: "netsuite_role": ResourceRemoteInfoNetsuiteRole.from_dict(obj["netsuite_role"]) if obj.get("netsuite_role") is not None else None, "datadog_role": ResourceRemoteInfoDatadogRole.from_dict(obj["datadog_role"]) if obj.get("datadog_role") is not None else None, "clickhouse_database": ResourceRemoteInfoClickhouseDatabase.from_dict(obj["clickhouse_database"]) if obj.get("clickhouse_database") is not None else None, - "clickhouse_table": ResourceRemoteInfoClickhouseTable.from_dict(obj["clickhouse_table"]) if obj.get("clickhouse_table") is not None else None + "clickhouse_table": ResourceRemoteInfoClickhouseTable.from_dict(obj["clickhouse_table"]) if obj.get("clickhouse_table") is not None else None, + "grafana_folder": ResourceRemoteInfoGrafanaFolder.from_dict(obj["grafana_folder"]) if obj.get("grafana_folder") is not None else None, + "grafana_dashboard": ResourceRemoteInfoGrafanaDashboard.from_dict(obj["grafana_dashboard"]) if obj.get("grafana_dashboard") is not None else None, + "grafana_role": ResourceRemoteInfoGrafanaRole.from_dict(obj["grafana_role"]) if obj.get("grafana_role") is not None else None, + "zendesk_role": ResourceRemoteInfoZendeskRole.from_dict(obj["zendesk_role"]) if obj.get("zendesk_role") is not None else None }) # store additional fields in additional_properties for _key in obj.keys(): diff --git a/opal_security/models/resource_remote_info_github_org_role.py b/opal_security/models/resource_remote_info_github_org_role.py index 302a4ac..c6cf3a0 100644 --- a/opal_security/models/resource_remote_info_github_org_role.py +++ b/opal_security/models/resource_remote_info_github_org_role.py @@ -19,7 +19,7 @@ import json from pydantic import BaseModel, ConfigDict, Field, StrictStr -from typing import Any, ClassVar, Dict, List +from typing import Any, ClassVar, Dict, List, Optional from typing import Optional, Set from typing_extensions import Self @@ -28,8 +28,9 @@ class ResourceRemoteInfoGithubOrgRole(BaseModel): Remote info for GitHub organization role. """ # noqa: E501 role_id: StrictStr = Field(description="The id of the role.") + org_name: Optional[StrictStr] = Field(default=None, description="GitHub org role's org name, required only for Enterprise.") additional_properties: Dict[str, Any] = {} - __properties: ClassVar[List[str]] = ["role_id"] + __properties: ClassVar[List[str]] = ["role_id", "org_name"] model_config = ConfigDict( populate_by_name=True, @@ -89,7 +90,8 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: return cls.model_validate(obj) _obj = cls.model_validate({ - "role_id": obj.get("role_id") + "role_id": obj.get("role_id"), + "org_name": obj.get("org_name") }) # store additional fields in additional_properties for _key in obj.keys(): diff --git a/opal_security/models/resource_remote_info_github_repo.py b/opal_security/models/resource_remote_info_github_repo.py index 2c600c9..a969f0a 100644 --- a/opal_security/models/resource_remote_info_github_repo.py +++ b/opal_security/models/resource_remote_info_github_repo.py @@ -29,8 +29,9 @@ class ResourceRemoteInfoGithubRepo(BaseModel): """ # noqa: E501 repo_id: Optional[StrictStr] = Field(default=None, description="The id of the repository.") repo_name: StrictStr = Field(description="The name of the repository.") + org_name: Optional[StrictStr] = Field(default=None, description="GitHub repo's org name, required only for Enterprise.") additional_properties: Dict[str, Any] = {} - __properties: ClassVar[List[str]] = ["repo_id", "repo_name"] + __properties: ClassVar[List[str]] = ["repo_id", "repo_name", "org_name"] model_config = ConfigDict( populate_by_name=True, @@ -91,7 +92,8 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: _obj = cls.model_validate({ "repo_id": obj.get("repo_id"), - "repo_name": obj.get("repo_name") + "repo_name": obj.get("repo_name"), + "org_name": obj.get("org_name") }) # store additional fields in additional_properties for _key in obj.keys(): diff --git a/opal_security/models/resource_remote_info_grafana_dashboard.py b/opal_security/models/resource_remote_info_grafana_dashboard.py new file mode 100644 index 0000000..79c0e9d --- /dev/null +++ b/opal_security/models/resource_remote_info_grafana_dashboard.py @@ -0,0 +1,101 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr +from typing import Any, ClassVar, Dict, List +from typing import Optional, Set +from typing_extensions import Self + +class ResourceRemoteInfoGrafanaDashboard(BaseModel): + """ + Remote info for Grafana dashboard. + """ # noqa: E501 + dashboard_uid: StrictStr = Field(description="The UID of the Grafana dashboard.") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["dashboard_uid"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of ResourceRemoteInfoGrafanaDashboard from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of ResourceRemoteInfoGrafanaDashboard from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "dashboard_uid": obj.get("dashboard_uid") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/resource_remote_info_grafana_folder.py b/opal_security/models/resource_remote_info_grafana_folder.py new file mode 100644 index 0000000..355a492 --- /dev/null +++ b/opal_security/models/resource_remote_info_grafana_folder.py @@ -0,0 +1,101 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr +from typing import Any, ClassVar, Dict, List +from typing import Optional, Set +from typing_extensions import Self + +class ResourceRemoteInfoGrafanaFolder(BaseModel): + """ + Remote info for Grafana folder. + """ # noqa: E501 + folder_uid: StrictStr = Field(description="The UID of the Grafana folder.") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["folder_uid"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of ResourceRemoteInfoGrafanaFolder from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of ResourceRemoteInfoGrafanaFolder from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "folder_uid": obj.get("folder_uid") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/resource_remote_info_grafana_role.py b/opal_security/models/resource_remote_info_grafana_role.py new file mode 100644 index 0000000..4855d49 --- /dev/null +++ b/opal_security/models/resource_remote_info_grafana_role.py @@ -0,0 +1,101 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr +from typing import Any, ClassVar, Dict, List +from typing import Optional, Set +from typing_extensions import Self + +class ResourceRemoteInfoGrafanaRole(BaseModel): + """ + Remote info for Grafana role(fixed or custom). + """ # noqa: E501 + role_uid: StrictStr = Field(description="The UID of the Grafana role.") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["role_uid"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of ResourceRemoteInfoGrafanaRole from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of ResourceRemoteInfoGrafanaRole from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "role_uid": obj.get("role_uid") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/resource_remote_info_zendesk_role.py b/opal_security/models/resource_remote_info_zendesk_role.py new file mode 100644 index 0000000..db546d1 --- /dev/null +++ b/opal_security/models/resource_remote_info_zendesk_role.py @@ -0,0 +1,101 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr +from typing import Any, ClassVar, Dict, List +from typing import Optional, Set +from typing_extensions import Self + +class ResourceRemoteInfoZendeskRole(BaseModel): + """ + Remote info for Zendesk custom role. + """ # noqa: E501 + role_id: StrictStr = Field(description="The ID of the Zendesk custom role.") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["role_id"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of ResourceRemoteInfoZendeskRole from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of ResourceRemoteInfoZendeskRole from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "role_id": obj.get("role_id") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/resource_type_enum.py b/opal_security/models/resource_type_enum.py index 558c7c6..7d71717 100644 --- a/opal_security/models/resource_type_enum.py +++ b/opal_security/models/resource_type_enum.py @@ -111,6 +111,7 @@ class ResourceTypeEnum(str, Enum): CLICKHOUSE_DATABASE = 'CLICKHOUSE_DATABASE' CLICKHOUSE_TABLE = 'CLICKHOUSE_TABLE' TWINGATE_RESOURCE = 'TWINGATE_RESOURCE' + ZENDESK_ROLE = 'ZENDESK_ROLE' @classmethod def from_json(cls, json_str: str) -> Self: diff --git a/opal_security/models/rule_disjunction.py b/opal_security/models/rule_disjunction.py index 7bf3367..1a20b22 100644 --- a/opal_security/models/rule_disjunction.py +++ b/opal_security/models/rule_disjunction.py @@ -19,8 +19,9 @@ import json from pydantic import BaseModel, ConfigDict -from typing import Any, ClassVar, Dict, List +from typing import Any, ClassVar, Dict, List, Optional from opal_security.models.tag_selector import TagSelector +from opal_security.models.user_attribute_selector import UserAttributeSelector from typing import Optional, Set from typing_extensions import Self @@ -29,8 +30,9 @@ class RuleDisjunction(BaseModel): RuleDisjunction """ # noqa: E501 selectors: List[TagSelector] + attribute_selectors: Optional[List[UserAttributeSelector]] = None additional_properties: Dict[str, Any] = {} - __properties: ClassVar[List[str]] = ["selectors"] + __properties: ClassVar[List[str]] = ["selectors", "attribute_selectors"] model_config = ConfigDict( populate_by_name=True, @@ -80,6 +82,13 @@ def to_dict(self) -> Dict[str, Any]: if _item_selectors: _items.append(_item_selectors.to_dict()) _dict['selectors'] = _items + # override the default output from pydantic by calling `to_dict()` of each item in attribute_selectors (list) + _items = [] + if self.attribute_selectors: + for _item_attribute_selectors in self.attribute_selectors: + if _item_attribute_selectors: + _items.append(_item_attribute_selectors.to_dict()) + _dict['attribute_selectors'] = _items # puts key-value pairs in additional_properties in the top level if self.additional_properties is not None: for _key, _value in self.additional_properties.items(): @@ -97,7 +106,8 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: return cls.model_validate(obj) _obj = cls.model_validate({ - "selectors": [TagSelector.from_dict(_item) for _item in obj["selectors"]] if obj.get("selectors") is not None else None + "selectors": [TagSelector.from_dict(_item) for _item in obj["selectors"]] if obj.get("selectors") is not None else None, + "attribute_selectors": [UserAttributeSelector.from_dict(_item) for _item in obj["attribute_selectors"]] if obj.get("attribute_selectors") is not None else None }) # store additional fields in additional_properties for _key in obj.keys(): diff --git a/opal_security/models/string_match_type.py b/opal_security/models/string_match_type.py new file mode 100644 index 0000000..30af2a4 --- /dev/null +++ b/opal_security/models/string_match_type.py @@ -0,0 +1,40 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import json +from enum import Enum +from typing_extensions import Self + + +class StringMatchType(str, Enum): + """ + How to match a string value against entity names. + """ + + """ + allowed enum values + """ + CONTAINS = 'CONTAINS' + EQUALS = 'EQUALS' + STARTS_WITH = 'STARTS_WITH' + ENDS_WITH = 'ENDS_WITH' + + @classmethod + def from_json(cls, json_str: str) -> Self: + """Create an instance of StringMatchType from a JSON string""" + return cls(json.loads(json_str)) + + diff --git a/opal_security/models/update_event_stream_info.py b/opal_security/models/update_event_stream_info.py new file mode 100644 index 0000000..99d8715 --- /dev/null +++ b/opal_security/models/update_event_stream_info.py @@ -0,0 +1,111 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictBool, StrictStr +from typing import Any, ClassVar, Dict, List, Optional +from opal_security.models.webhook_credentials import WebhookCredentials +from typing import Optional, Set +from typing_extensions import Self + +class UpdateEventStreamInfo(BaseModel): + """ + Information needed to update an event stream. + """ # noqa: E501 + name: Optional[StrictStr] = Field(default=None, description="Updated name for the event stream.") + enabled: Optional[StrictBool] = Field(default=None, description="Whether the event stream should be enabled.") + webhook_url: Optional[StrictStr] = Field(default=None, description="Updated webhook URL.") + credentials: Optional[WebhookCredentials] = None + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["name", "enabled", "webhook_url", "credentials"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of UpdateEventStreamInfo from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of credentials + if self.credentials: + _dict['credentials'] = self.credentials.to_dict() + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of UpdateEventStreamInfo from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "name": obj.get("name"), + "enabled": obj.get("enabled"), + "webhook_url": obj.get("webhook_url"), + "credentials": WebhookCredentials.from_dict(obj["credentials"]) if obj.get("credentials") is not None else None + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/update_group_user_request.py b/opal_security/models/update_group_user_request.py index 64c99f0..0d13b8e 100644 --- a/opal_security/models/update_group_user_request.py +++ b/opal_security/models/update_group_user_request.py @@ -28,7 +28,7 @@ class UpdateGroupUserRequest(BaseModel): """ UpdateGroupUserRequest """ # noqa: E501 - duration_minutes: Annotated[int, Field(le=525960, strict=True)] = Field(description="The updated duration for which the group can be accessed (in minutes). Use 0 for indefinite.") + duration_minutes: Annotated[int, Field(le=525960, strict=True)] = Field(description="The updated duration for which the group can be accessed (in minutes). Use 0 for indefinite, or a negative value to revoke access.") access_level_remote_id: Optional[StrictStr] = Field(default=None, description="The updated remote ID of the access level granted to this user.") additional_properties: Dict[str, Any] = {} __properties: ClassVar[List[str]] = ["duration_minutes", "access_level_remote_id"] diff --git a/opal_security/models/update_resource_info.py b/opal_security/models/update_resource_info.py index 22774f5..6c46b86 100644 --- a/opal_security/models/update_resource_info.py +++ b/opal_security/models/update_resource_info.py @@ -53,10 +53,11 @@ class UpdateResourceInfo(BaseModel): request_template_id: Optional[UUID] = Field(default=None, description="The ID of the associated request template. Deprecated in favor of `request_configurations`.") is_requestable: Optional[StrictBool] = Field(default=None, description="A bool representing whether or not to allow access requests to this resource. Deprecated in favor of `request_configurations`.") extensions_duration_in_minutes: Optional[StrictInt] = Field(default=None, description="The duration for which access can be extended (in minutes). Deprecated, set the extension duration in the request_configuration you want it to apply to.") + parent_resource_id: Optional[UUID] = Field(default=None, description="The ID of the parent resource.") request_configurations: Optional[List[RequestConfiguration]] = Field(default=None, description="A list of configurations for requests to this resource. If not provided, the default request configuration will be used.") request_configuration_list: Optional[CreateRequestConfigurationInfoList] = Field(default=None, description="A list of configurations for requests to this resource. If not provided, the default request configuration will be used. Deprecated in favor of `request_configurations`.") additional_properties: Dict[str, Any] = {} - __properties: ClassVar[List[str]] = ["resource_id", "name", "description", "admin_owner_id", "max_duration", "recommended_duration", "require_manager_approval", "require_support_ticket", "folder_id", "require_mfa_to_approve", "require_mfa_to_request", "require_mfa_to_connect", "auto_approval", "ticket_propagation", "custom_request_notification", "risk_sensitivity_override", "configuration_template_id", "request_template_id", "is_requestable", "extensions_duration_in_minutes", "request_configurations", "request_configuration_list"] + __properties: ClassVar[List[str]] = ["resource_id", "name", "description", "admin_owner_id", "max_duration", "recommended_duration", "require_manager_approval", "require_support_ticket", "folder_id", "require_mfa_to_approve", "require_mfa_to_request", "require_mfa_to_connect", "auto_approval", "ticket_propagation", "custom_request_notification", "risk_sensitivity_override", "configuration_template_id", "request_template_id", "is_requestable", "extensions_duration_in_minutes", "parent_resource_id", "request_configurations", "request_configuration_list"] model_config = ConfigDict( populate_by_name=True, @@ -149,6 +150,7 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: "request_template_id": obj.get("request_template_id"), "is_requestable": obj.get("is_requestable"), "extensions_duration_in_minutes": obj.get("extensions_duration_in_minutes"), + "parent_resource_id": obj.get("parent_resource_id"), "request_configurations": [RequestConfiguration.from_dict(_item) for _item in obj["request_configurations"]] if obj.get("request_configurations") is not None else None, "request_configuration_list": CreateRequestConfigurationInfoList.from_dict(obj["request_configuration_list"]) if obj.get("request_configuration_list") is not None else None }) diff --git a/opal_security/models/user_attribute_selector.py b/opal_security/models/user_attribute_selector.py new file mode 100644 index 0000000..3b30b16 --- /dev/null +++ b/opal_security/models/user_attribute_selector.py @@ -0,0 +1,110 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, StrictStr, field_validator +from typing import Any, ClassVar, Dict, List +from typing import Optional, Set +from typing_extensions import Self + +class UserAttributeSelector(BaseModel): + """ + UserAttributeSelector + """ # noqa: E501 + attribute: StrictStr + values: List[StrictStr] + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["attribute", "values"] + + @field_validator('attribute') + def attribute_validate_enum(cls, value): + """Validates the enum""" + if value not in set(['HR_IDP_STATUS']): + raise ValueError("must be one of enum values ('HR_IDP_STATUS')") + return value + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of UserAttributeSelector from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of UserAttributeSelector from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "attribute": obj.get("attribute"), + "values": obj.get("values") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/webhook_api_key_credential.py b/opal_security/models/webhook_api_key_credential.py new file mode 100644 index 0000000..1218188 --- /dev/null +++ b/opal_security/models/webhook_api_key_credential.py @@ -0,0 +1,109 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field, StrictStr +from typing import Any, ClassVar, Dict, List +from uuid import UUID +from opal_security.models.webhook_api_key_location_enum import WebhookApiKeyLocationEnum +from typing import Optional, Set +from typing_extensions import Self + +class WebhookApiKeyCredential(BaseModel): + """ + An API key credential for webhook authentication. + """ # noqa: E501 + id: UUID = Field(description="The unique identifier for the credential.") + name: StrictStr = Field(description="The name of the API key.") + value: StrictStr = Field(description="The value of the API key.") + location: WebhookApiKeyLocationEnum + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["id", "name", "value", "location"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of WebhookApiKeyCredential from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of WebhookApiKeyCredential from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "id": obj.get("id"), + "name": obj.get("name"), + "value": obj.get("value"), + "location": obj.get("location") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/webhook_api_key_location_enum.py b/opal_security/models/webhook_api_key_location_enum.py new file mode 100644 index 0000000..3640f27 --- /dev/null +++ b/opal_security/models/webhook_api_key_location_enum.py @@ -0,0 +1,38 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import json +from enum import Enum +from typing_extensions import Self + + +class WebhookApiKeyLocationEnum(str, Enum): + """ + Where the API key is placed in webhook requests. + """ + + """ + allowed enum values + """ + HEADER = 'HEADER' + QUERY_PARAM = 'QUERY_PARAM' + + @classmethod + def from_json(cls, json_str: str) -> Self: + """Create an instance of WebhookApiKeyLocationEnum from a JSON string""" + return cls(json.loads(json_str)) + + diff --git a/opal_security/models/webhook_auth_type_enum.py b/opal_security/models/webhook_auth_type_enum.py new file mode 100644 index 0000000..d3075d5 --- /dev/null +++ b/opal_security/models/webhook_auth_type_enum.py @@ -0,0 +1,39 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import json +from enum import Enum +from typing_extensions import Self + + +class WebhookAuthTypeEnum(str, Enum): + """ + The authentication type for webhook connections. + """ + + """ + allowed enum values + """ + NONE = 'NONE' + API_KEY = 'API_KEY' + HMAC = 'HMAC' + + @classmethod + def from_json(cls, json_str: str) -> Self: + """Create an instance of WebhookAuthTypeEnum from a JSON string""" + return cls(json.loads(json_str)) + + diff --git a/opal_security/models/webhook_credentials.py b/opal_security/models/webhook_credentials.py new file mode 100644 index 0000000..60c0d25 --- /dev/null +++ b/opal_security/models/webhook_credentials.py @@ -0,0 +1,123 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from pydantic import BaseModel, ConfigDict, Field +from typing import Any, ClassVar, Dict, List, Optional +from opal_security.models.webhook_api_key_credential import WebhookApiKeyCredential +from opal_security.models.webhook_auth_type_enum import WebhookAuthTypeEnum +from opal_security.models.webhook_hmac_credential import WebhookHmacCredential +from typing import Optional, Set +from typing_extensions import Self + +class WebhookCredentials(BaseModel): + """ + Authentication credentials for a webhook connection. + """ # noqa: E501 + auth_type: WebhookAuthTypeEnum + api_key_credentials: Optional[List[WebhookApiKeyCredential]] = Field(default=None, description="API key credentials, present when auth_type is API_KEY.") + hmac_credential_1: Optional[WebhookHmacCredential] = Field(default=None, description="Primary HMAC credential, present when auth_type is HMAC.") + hmac_credential_2: Optional[WebhookHmacCredential] = Field(default=None, description="Secondary HMAC credential for rotation, present when auth_type is HMAC.") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["auth_type", "api_key_credentials", "hmac_credential_1", "hmac_credential_2"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of WebhookCredentials from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of each item in api_key_credentials (list) + _items = [] + if self.api_key_credentials: + for _item_api_key_credentials in self.api_key_credentials: + if _item_api_key_credentials: + _items.append(_item_api_key_credentials.to_dict()) + _dict['api_key_credentials'] = _items + # override the default output from pydantic by calling `to_dict()` of hmac_credential_1 + if self.hmac_credential_1: + _dict['hmac_credential_1'] = self.hmac_credential_1.to_dict() + # override the default output from pydantic by calling `to_dict()` of hmac_credential_2 + if self.hmac_credential_2: + _dict['hmac_credential_2'] = self.hmac_credential_2.to_dict() + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of WebhookCredentials from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "auth_type": obj.get("auth_type"), + "api_key_credentials": [WebhookApiKeyCredential.from_dict(_item) for _item in obj["api_key_credentials"]] if obj.get("api_key_credentials") is not None else None, + "hmac_credential_1": WebhookHmacCredential.from_dict(obj["hmac_credential_1"]) if obj.get("hmac_credential_1") is not None else None, + "hmac_credential_2": WebhookHmacCredential.from_dict(obj["hmac_credential_2"]) if obj.get("hmac_credential_2") is not None else None + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/opal_security/models/webhook_hmac_credential.py b/opal_security/models/webhook_hmac_credential.py new file mode 100644 index 0000000..0f08a54 --- /dev/null +++ b/opal_security/models/webhook_hmac_credential.py @@ -0,0 +1,107 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + +from datetime import datetime +from pydantic import BaseModel, ConfigDict, Field, StrictStr +from typing import Any, ClassVar, Dict, List +from uuid import UUID +from typing import Optional, Set +from typing_extensions import Self + +class WebhookHmacCredential(BaseModel): + """ + An HMAC credential for webhook authentication. + """ # noqa: E501 + id: UUID = Field(description="The unique identifier for the credential.") + secret: StrictStr = Field(description="The HMAC secret value.") + created_at: datetime = Field(description="When the credential was created.") + additional_properties: Dict[str, Any] = {} + __properties: ClassVar[List[str]] = ["id", "secret", "created_at"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of WebhookHmacCredential from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + * Fields in `self.additional_properties` are added to the output dict. + """ + excluded_fields: Set[str] = set([ + "additional_properties", + ]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # puts key-value pairs in additional_properties in the top level + if self.additional_properties is not None: + for _key, _value in self.additional_properties.items(): + _dict[_key] = _value + + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of WebhookHmacCredential from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({ + "id": obj.get("id"), + "secret": obj.get("secret"), + "created_at": obj.get("created_at") + }) + # store additional fields in additional_properties + for _key in obj.keys(): + if _key not in cls.__properties: + _obj.additional_properties[_key] = obj.get(_key) + + return _obj + + diff --git a/pyproject.toml b/pyproject.toml index 4bed9f2..bfd1432 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [project] name = "opal_security" -dynamic = ["version"] +version = "1.0.0" description = "Opal API" authors = [ {name = "Opal Team",email = "hello@opal.dev"}, @@ -32,7 +32,7 @@ mypy = ">= 1.5" [build-system] -requires = ["setuptools", "setuptools_scm"] +requires = ["setuptools"] build-backend = "setuptools.build_meta" [tool.pylint.'MESSAGES CONTROL'] diff --git a/test/test_access_entity_filters.py b/test/test_access_entity_filters.py new file mode 100644 index 0000000..ba27123 --- /dev/null +++ b/test/test_access_entity_filters.py @@ -0,0 +1,149 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.access_entity_filters import AccessEntityFilters + +class TestAccessEntityFilters(unittest.TestCase): + """AccessEntityFilters unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> AccessEntityFilters: + """Test AccessEntityFilters + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `AccessEntityFilters` + """ + model = AccessEntityFilters() + if include_optional: + return AccessEntityFilters( + entity_types = [ + 'RESOURCE' + ], + entity_item_types = [ + 'OPAL_ROLE' + ], + entity_name = opal_security.models.entity_name_filter.EntityNameFilter( + string_match_type = 'CONTAINS', + string = 'engineering', ), + entity_tag = opal_security.models.entity_tag_filter.EntityTagFilter( + key = 'team', + value = 'platform', + connection_id = '', ), + entity_ids = [ + '' + ], + imported_from_app = [ + '' + ], + role_remote_ids = [ + '' + ], + role_names = [ + '' + ], + all_of = [ + opal_security.models.access_entity_filters.AccessEntityFilters( + entity_types = [ + 'RESOURCE' + ], + entity_item_types = [ + 'OPAL_ROLE' + ], + entity_name = opal_security.models.entity_name_filter.EntityNameFilter( + string_match_type = 'CONTAINS', + string = 'engineering', ), + entity_tag = opal_security.models.entity_tag_filter.EntityTagFilter( + key = 'team', + value = 'platform', + connection_id = '', ), + entity_ids = [ + '' + ], + imported_from_app = [ + '' + ], + role_remote_ids = [ + '' + ], + role_names = [ + '' + ], + all_of = [ + opal_security.models.access_entity_filters.AccessEntityFilters( + any_of = [ + + ], + not = opal_security.models.not.not(), ) + ], + any_of = [ + + ], + not = opal_security.models.not.not(), ) + ], + any_of = [ + opal_security.models.access_entity_filters.AccessEntityFilters( + entity_types = [ + 'RESOURCE' + ], + entity_item_types = [ + 'OPAL_ROLE' + ], + entity_name = opal_security.models.entity_name_filter.EntityNameFilter( + string_match_type = 'CONTAINS', + string = 'engineering', ), + entity_tag = opal_security.models.entity_tag_filter.EntityTagFilter( + key = 'team', + value = 'platform', + connection_id = '', ), + entity_ids = [ + '' + ], + imported_from_app = [ + '' + ], + role_remote_ids = [ + '' + ], + role_names = [ + '' + ], + all_of = [ + opal_security.models.access_entity_filters.AccessEntityFilters( + not = opal_security.models.not.not(), ) + ], + not = opal_security.models.not.not(), ) + ], + var_not = opal_security.models.not.not() + ) + else: + return AccessEntityFilters( + ) + """ + + def testAccessEntityFilters(self): + """Test AccessEntityFilters""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_access_relationship_filters.py b/test/test_access_relationship_filters.py new file mode 100644 index 0000000..f8538b9 --- /dev/null +++ b/test/test_access_relationship_filters.py @@ -0,0 +1,125 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.access_relationship_filters import AccessRelationshipFilters + +class TestAccessRelationshipFilters(unittest.TestCase): + """AccessRelationshipFilters unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> AccessRelationshipFilters: + """Test AccessRelationshipFilters + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `AccessRelationshipFilters` + """ + model = AccessRelationshipFilters() + if include_optional: + return AccessRelationshipFilters( + is_accessible_by = opal_security.models.access_entity_filters.AccessEntityFilters( + entity_types = [ + 'RESOURCE' + ], + entity_item_types = [ + 'OPAL_ROLE' + ], + entity_name = opal_security.models.entity_name_filter.EntityNameFilter( + string_match_type = 'CONTAINS', + string = 'engineering', ), + entity_tag = opal_security.models.entity_tag_filter.EntityTagFilter( + key = 'team', + value = 'platform', + connection_id = '', ), + entity_ids = [ + '' + ], + imported_from_app = [ + '' + ], + role_remote_ids = [ + '' + ], + role_names = [ + '' + ], + all_of = [ + opal_security.models.access_entity_filters.AccessEntityFilters( + any_of = [ + + ], + not = opal_security.models.not.not(), ) + ], + any_of = [ + + ], + not = opal_security.models.not.not(), ), + has_access_to = opal_security.models.access_entity_filters.AccessEntityFilters( + entity_types = [ + 'RESOURCE' + ], + entity_item_types = [ + 'OPAL_ROLE' + ], + entity_name = opal_security.models.entity_name_filter.EntityNameFilter( + string_match_type = 'CONTAINS', + string = 'engineering', ), + entity_tag = opal_security.models.entity_tag_filter.EntityTagFilter( + key = 'team', + value = 'platform', + connection_id = '', ), + entity_ids = [ + '' + ], + imported_from_app = [ + '' + ], + role_remote_ids = [ + '' + ], + role_names = [ + '' + ], + all_of = [ + opal_security.models.access_entity_filters.AccessEntityFilters( + any_of = [ + + ], + not = opal_security.models.not.not(), ) + ], + any_of = [ + + ], + not = opal_security.models.not.not(), ) + ) + else: + return AccessRelationshipFilters( + ) + """ + + def testAccessRelationshipFilters(self): + """Test AccessRelationshipFilters""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_create_event_stream_info.py b/test/test_create_event_stream_info.py new file mode 100644 index 0000000..292e307 --- /dev/null +++ b/test/test_create_event_stream_info.py @@ -0,0 +1,67 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.create_event_stream_info import CreateEventStreamInfo + +class TestCreateEventStreamInfo(unittest.TestCase): + """CreateEventStreamInfo unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> CreateEventStreamInfo: + """Test CreateEventStreamInfo + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `CreateEventStreamInfo` + """ + model = CreateEventStreamInfo() + if include_optional: + return CreateEventStreamInfo( + name = '', + connection_type = 'WEBHOOK', + webhook_url = '', + credentials = opal_security.models.webhook_credentials.WebhookCredentials( + auth_type = 'NONE', + api_key_credentials = [ + opal_security.models.webhook_api_key_credential.WebhookApiKeyCredential( + id = '', + name = '', + value = '', + location = 'HEADER', ) + ], + hmac_credential_1 = null, + hmac_credential_2 = null, ) + ) + else: + return CreateEventStreamInfo( + name = '', + connection_type = 'WEBHOOK', + ) + """ + + def testCreateEventStreamInfo(self): + """Test CreateEventStreamInfo""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_entity_item_type_enum.py b/test/test_entity_item_type_enum.py new file mode 100644 index 0000000..2ee92e7 --- /dev/null +++ b/test/test_entity_item_type_enum.py @@ -0,0 +1,34 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.entity_item_type_enum import EntityItemTypeEnum + +class TestEntityItemTypeEnum(unittest.TestCase): + """EntityItemTypeEnum unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def testEntityItemTypeEnum(self): + """Test EntityItemTypeEnum""" + # inst = EntityItemTypeEnum() + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_entity_name_filter.py b/test/test_entity_name_filter.py new file mode 100644 index 0000000..63a172d --- /dev/null +++ b/test/test_entity_name_filter.py @@ -0,0 +1,55 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.entity_name_filter import EntityNameFilter + +class TestEntityNameFilter(unittest.TestCase): + """EntityNameFilter unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> EntityNameFilter: + """Test EntityNameFilter + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `EntityNameFilter` + """ + model = EntityNameFilter() + if include_optional: + return EntityNameFilter( + string_match_type = 'CONTAINS', + string = 'engineering' + ) + else: + return EntityNameFilter( + string_match_type = 'CONTAINS', + string = 'engineering', + ) + """ + + def testEntityNameFilter(self): + """Test EntityNameFilter""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_entity_tag_filter.py b/test/test_entity_tag_filter.py new file mode 100644 index 0000000..4fcdc4d --- /dev/null +++ b/test/test_entity_tag_filter.py @@ -0,0 +1,55 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.entity_tag_filter import EntityTagFilter + +class TestEntityTagFilter(unittest.TestCase): + """EntityTagFilter unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> EntityTagFilter: + """Test EntityTagFilter + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `EntityTagFilter` + """ + model = EntityTagFilter() + if include_optional: + return EntityTagFilter( + key = 'team', + value = 'platform', + connection_id = '' + ) + else: + return EntityTagFilter( + key = 'team', + ) + """ + + def testEntityTagFilter(self): + """Test EntityTagFilter""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_event_stream.py b/test/test_event_stream.py new file mode 100644 index 0000000..7fc81ee --- /dev/null +++ b/test/test_event_stream.py @@ -0,0 +1,85 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.event_stream import EventStream + +class TestEventStream(unittest.TestCase): + """EventStream unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> EventStream: + """Test EventStream + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `EventStream` + """ + model = EventStream() + if include_optional: + return EventStream( + event_stream_id = '', + connection = opal_security.models.event_stream_connection.EventStreamConnection( + name = '', + connection_type = 'WEBHOOK', + enabled = True, + webhook_url = '', + credentials = opal_security.models.webhook_credentials.WebhookCredentials( + auth_type = 'NONE', + api_key_credentials = [ + opal_security.models.webhook_api_key_credential.WebhookApiKeyCredential( + id = '', + name = '', + value = '', + location = 'HEADER', ) + ], + hmac_credential_1 = null, + hmac_credential_2 = null, ), ) + ) + else: + return EventStream( + event_stream_id = '', + connection = opal_security.models.event_stream_connection.EventStreamConnection( + name = '', + connection_type = 'WEBHOOK', + enabled = True, + webhook_url = '', + credentials = opal_security.models.webhook_credentials.WebhookCredentials( + auth_type = 'NONE', + api_key_credentials = [ + opal_security.models.webhook_api_key_credential.WebhookApiKeyCredential( + id = '', + name = '', + value = '', + location = 'HEADER', ) + ], + hmac_credential_1 = null, + hmac_credential_2 = null, ), ), + ) + """ + + def testEventStream(self): + """Test EventStream""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_event_stream_connection.py b/test/test_event_stream_connection.py new file mode 100644 index 0000000..ed83190 --- /dev/null +++ b/test/test_event_stream_connection.py @@ -0,0 +1,69 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.event_stream_connection import EventStreamConnection + +class TestEventStreamConnection(unittest.TestCase): + """EventStreamConnection unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> EventStreamConnection: + """Test EventStreamConnection + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `EventStreamConnection` + """ + model = EventStreamConnection() + if include_optional: + return EventStreamConnection( + name = '', + connection_type = 'WEBHOOK', + enabled = True, + webhook_url = '', + credentials = opal_security.models.webhook_credentials.WebhookCredentials( + auth_type = 'NONE', + api_key_credentials = [ + opal_security.models.webhook_api_key_credential.WebhookApiKeyCredential( + id = '', + name = '', + value = '', + location = 'HEADER', ) + ], + hmac_credential_1 = null, + hmac_credential_2 = null, ) + ) + else: + return EventStreamConnection( + name = '', + connection_type = 'WEBHOOK', + enabled = True, + ) + """ + + def testEventStreamConnection(self): + """Test EventStreamConnection""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_event_stream_connection_type_enum.py b/test/test_event_stream_connection_type_enum.py new file mode 100644 index 0000000..af5c0db --- /dev/null +++ b/test/test_event_stream_connection_type_enum.py @@ -0,0 +1,34 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.event_stream_connection_type_enum import EventStreamConnectionTypeEnum + +class TestEventStreamConnectionTypeEnum(unittest.TestCase): + """EventStreamConnectionTypeEnum unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def testEventStreamConnectionTypeEnum(self): + """Test EventStreamConnectionTypeEnum""" + # inst = EventStreamConnectionTypeEnum() + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_event_stream_list.py b/test/test_event_stream_list.py new file mode 100644 index 0000000..22c6f71 --- /dev/null +++ b/test/test_event_stream_list.py @@ -0,0 +1,91 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.event_stream_list import EventStreamList + +class TestEventStreamList(unittest.TestCase): + """EventStreamList unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> EventStreamList: + """Test EventStreamList + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `EventStreamList` + """ + model = EventStreamList() + if include_optional: + return EventStreamList( + event_streams = [ + opal_security.models.event_stream.EventStream( + event_stream_id = '', + connection = opal_security.models.event_stream_connection.EventStreamConnection( + name = '', + connection_type = 'WEBHOOK', + enabled = True, + webhook_url = '', + credentials = opal_security.models.webhook_credentials.WebhookCredentials( + auth_type = 'NONE', + api_key_credentials = [ + opal_security.models.webhook_api_key_credential.WebhookApiKeyCredential( + id = '', + name = '', + value = '', + location = 'HEADER', ) + ], + hmac_credential_1 = null, + hmac_credential_2 = null, ), ), ) + ] + ) + else: + return EventStreamList( + event_streams = [ + opal_security.models.event_stream.EventStream( + event_stream_id = '', + connection = opal_security.models.event_stream_connection.EventStreamConnection( + name = '', + connection_type = 'WEBHOOK', + enabled = True, + webhook_url = '', + credentials = opal_security.models.webhook_credentials.WebhookCredentials( + auth_type = 'NONE', + api_key_credentials = [ + opal_security.models.webhook_api_key_credential.WebhookApiKeyCredential( + id = '', + name = '', + value = '', + location = 'HEADER', ) + ], + hmac_credential_1 = null, + hmac_credential_2 = null, ), ), ) + ], + ) + """ + + def testEventStreamList(self): + """Test EventStreamList""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_event_streams_api.py b/test/test_event_streams_api.py new file mode 100644 index 0000000..0130c44 --- /dev/null +++ b/test/test_event_streams_api.py @@ -0,0 +1,60 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.api.event_streams_api import EventStreamsApi + + +class TestEventStreamsApi(unittest.TestCase): + """EventStreamsApi unit test stubs""" + + def setUp(self) -> None: + self.api = EventStreamsApi() + + def tearDown(self) -> None: + pass + + def test_create_event_stream(self) -> None: + """Test case for create_event_stream + + Create event stream + """ + pass + + def test_delete_event_stream(self) -> None: + """Test case for delete_event_stream + + Delete event stream + """ + pass + + def test_get_event_streams(self) -> None: + """Test case for get_event_streams + + Get event streams + """ + pass + + def test_update_event_stream(self) -> None: + """Test case for update_event_stream + + Update event stream + """ + pass + + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_group_remote_info_grafana_team.py b/test/test_group_remote_info_grafana_team.py new file mode 100644 index 0000000..4b968b7 --- /dev/null +++ b/test/test_group_remote_info_grafana_team.py @@ -0,0 +1,53 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.group_remote_info_grafana_team import GroupRemoteInfoGrafanaTeam + +class TestGroupRemoteInfoGrafanaTeam(unittest.TestCase): + """GroupRemoteInfoGrafanaTeam unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> GroupRemoteInfoGrafanaTeam: + """Test GroupRemoteInfoGrafanaTeam + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `GroupRemoteInfoGrafanaTeam` + """ + model = GroupRemoteInfoGrafanaTeam() + if include_optional: + return GroupRemoteInfoGrafanaTeam( + team_id = '2323' + ) + else: + return GroupRemoteInfoGrafanaTeam( + team_id = '2323', + ) + """ + + def testGroupRemoteInfoGrafanaTeam(self): + """Test GroupRemoteInfoGrafanaTeam""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_group_remote_info_twingate_group_synced.py b/test/test_group_remote_info_twingate_group_synced.py new file mode 100644 index 0000000..2699e00 --- /dev/null +++ b/test/test_group_remote_info_twingate_group_synced.py @@ -0,0 +1,53 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.group_remote_info_twingate_group_synced import GroupRemoteInfoTwingateGroupSynced + +class TestGroupRemoteInfoTwingateGroupSynced(unittest.TestCase): + """GroupRemoteInfoTwingateGroupSynced unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> GroupRemoteInfoTwingateGroupSynced: + """Test GroupRemoteInfoTwingateGroupSynced + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `GroupRemoteInfoTwingateGroupSynced` + """ + model = GroupRemoteInfoTwingateGroupSynced() + if include_optional: + return GroupRemoteInfoTwingateGroupSynced( + group_id = 'R3JvdXA6MTIzNA==' + ) + else: + return GroupRemoteInfoTwingateGroupSynced( + group_id = 'R3JvdXA6MTIzNA==', + ) + """ + + def testGroupRemoteInfoTwingateGroupSynced(self): + """Test GroupRemoteInfoTwingateGroupSynced""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_group_remote_info_zendesk_group.py b/test/test_group_remote_info_zendesk_group.py new file mode 100644 index 0000000..d37216a --- /dev/null +++ b/test/test_group_remote_info_zendesk_group.py @@ -0,0 +1,53 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.group_remote_info_zendesk_group import GroupRemoteInfoZendeskGroup + +class TestGroupRemoteInfoZendeskGroup(unittest.TestCase): + """GroupRemoteInfoZendeskGroup unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> GroupRemoteInfoZendeskGroup: + """Test GroupRemoteInfoZendeskGroup + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `GroupRemoteInfoZendeskGroup` + """ + model = GroupRemoteInfoZendeskGroup() + if include_optional: + return GroupRemoteInfoZendeskGroup( + group_id = '12345' + ) + else: + return GroupRemoteInfoZendeskGroup( + group_id = '12345', + ) + """ + + def testGroupRemoteInfoZendeskGroup(self): + """Test GroupRemoteInfoZendeskGroup""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_group_remote_info_zendesk_organization.py b/test/test_group_remote_info_zendesk_organization.py new file mode 100644 index 0000000..cee293c --- /dev/null +++ b/test/test_group_remote_info_zendesk_organization.py @@ -0,0 +1,53 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.group_remote_info_zendesk_organization import GroupRemoteInfoZendeskOrganization + +class TestGroupRemoteInfoZendeskOrganization(unittest.TestCase): + """GroupRemoteInfoZendeskOrganization unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> GroupRemoteInfoZendeskOrganization: + """Test GroupRemoteInfoZendeskOrganization + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `GroupRemoteInfoZendeskOrganization` + """ + model = GroupRemoteInfoZendeskOrganization() + if include_optional: + return GroupRemoteInfoZendeskOrganization( + organization_id = '67890' + ) + else: + return GroupRemoteInfoZendeskOrganization( + organization_id = '67890', + ) + """ + + def testGroupRemoteInfoZendeskOrganization(self): + """Test GroupRemoteInfoZendeskOrganization""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_opal_node_query.py b/test/test_opal_node_query.py new file mode 100644 index 0000000..019fd28 --- /dev/null +++ b/test/test_opal_node_query.py @@ -0,0 +1,96 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.opal_node_query import OpalNodeQuery + +class TestOpalNodeQuery(unittest.TestCase): + """OpalNodeQuery unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> OpalNodeQuery: + """Test OpalNodeQuery + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `OpalNodeQuery` + """ + model = OpalNodeQuery() + if include_optional: + return OpalNodeQuery( + type = 'NODE', + query = opal_security.models.opal_node_query_body.OpalNodeQueryBody( + node_filters = opal_security.models.access_entity_filters.AccessEntityFilters( + entity_types = [ + 'RESOURCE' + ], + entity_item_types = [ + 'OPAL_ROLE' + ], + entity_name = opal_security.models.entity_name_filter.EntityNameFilter( + string_match_type = 'CONTAINS', + string = 'engineering', ), + entity_tag = opal_security.models.entity_tag_filter.EntityTagFilter( + key = 'team', + value = 'platform', + connection_id = '', ), + entity_ids = [ + '' + ], + imported_from_app = [ + '' + ], + role_remote_ids = [ + '' + ], + role_names = [ + '' + ], + all_of = [ + opal_security.models.access_entity_filters.AccessEntityFilters( + any_of = [ + + ], + not = opal_security.models.not.not(), ) + ], + any_of = [ + + ], + not = opal_security.models.not.not(), ), + access_filters = opal_security.models.access_relationship_filters.AccessRelationshipFilters( + is_accessible_by = null, + has_access_to = null, ), ), + first = 200, + after = '29827fb8-f2dd-4e80-9576-28e31e9934ac' + ) + else: + return OpalNodeQuery( + type = 'NODE', + ) + """ + + def testOpalNodeQuery(self): + """Test OpalNodeQuery""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_opal_node_query_body.py b/test/test_opal_node_query_body.py new file mode 100644 index 0000000..1fd3ea2 --- /dev/null +++ b/test/test_opal_node_query_body.py @@ -0,0 +1,91 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.opal_node_query_body import OpalNodeQueryBody + +class TestOpalNodeQueryBody(unittest.TestCase): + """OpalNodeQueryBody unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> OpalNodeQueryBody: + """Test OpalNodeQueryBody + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `OpalNodeQueryBody` + """ + model = OpalNodeQueryBody() + if include_optional: + return OpalNodeQueryBody( + node_filters = opal_security.models.access_entity_filters.AccessEntityFilters( + entity_types = [ + 'RESOURCE' + ], + entity_item_types = [ + 'OPAL_ROLE' + ], + entity_name = opal_security.models.entity_name_filter.EntityNameFilter( + string_match_type = 'CONTAINS', + string = 'engineering', ), + entity_tag = opal_security.models.entity_tag_filter.EntityTagFilter( + key = 'team', + value = 'platform', + connection_id = '', ), + entity_ids = [ + '' + ], + imported_from_app = [ + '' + ], + role_remote_ids = [ + '' + ], + role_names = [ + '' + ], + all_of = [ + opal_security.models.access_entity_filters.AccessEntityFilters( + any_of = [ + + ], + not = opal_security.models.not.not(), ) + ], + any_of = [ + + ], + not = opal_security.models.not.not(), ), + access_filters = opal_security.models.access_relationship_filters.AccessRelationshipFilters( + is_accessible_by = null, + has_access_to = null, ) + ) + else: + return OpalNodeQueryBody( + ) + """ + + def testOpalNodeQueryBody(self): + """Test OpalNodeQueryBody""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_opal_node_query_results.py b/test/test_opal_node_query_results.py new file mode 100644 index 0000000..4aa0560 --- /dev/null +++ b/test/test_opal_node_query_results.py @@ -0,0 +1,81 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.opal_node_query_results import OpalNodeQueryResults + +class TestOpalNodeQueryResults(unittest.TestCase): + """OpalNodeQueryResults unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> OpalNodeQueryResults: + """Test OpalNodeQueryResults + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `OpalNodeQueryResults` + """ + model = OpalNodeQueryResults() + if include_optional: + return OpalNodeQueryResults( + type = 'NODE', + edges = [ + opal_security.models.opal_query_result_edge.OpalQueryResultEdge( + node = opal_security.models.opal_query_result_node.OpalQueryResultNode( + id = '', + name = '', + entity_type = 'USER', + entity_item_type = 'OPAL_ROLE', ), + cursor = '', ) + ], + page_info = opal_security.models.page_info.PageInfo( + has_next_page = True, + end_cursor = '', + has_previous_page = True, + start_cursor = '', ) + ) + else: + return OpalNodeQueryResults( + type = 'NODE', + edges = [ + opal_security.models.opal_query_result_edge.OpalQueryResultEdge( + node = opal_security.models.opal_query_result_node.OpalQueryResultNode( + id = '', + name = '', + entity_type = 'USER', + entity_item_type = 'OPAL_ROLE', ), + cursor = '', ) + ], + page_info = opal_security.models.page_info.PageInfo( + has_next_page = True, + end_cursor = '', + has_previous_page = True, + start_cursor = '', ), + ) + """ + + def testOpalNodeQueryResults(self): + """Test OpalNodeQueryResults""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_opal_queries_api.py b/test/test_opal_queries_api.py new file mode 100644 index 0000000..180c210 --- /dev/null +++ b/test/test_opal_queries_api.py @@ -0,0 +1,39 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.api.opal_queries_api import OpalQueriesApi + + +class TestOpalQueriesApi(unittest.TestCase): + """OpalQueriesApi unit test stubs""" + + def setUp(self) -> None: + self.api = OpalQueriesApi() + + def tearDown(self) -> None: + pass + + def test_run_opal_query(self) -> None: + """Test case for run_opal_query + + Run an ad-hoc OpalQuery + """ + pass + + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_opal_query_result_edge.py b/test/test_opal_query_result_edge.py new file mode 100644 index 0000000..9a34c9c --- /dev/null +++ b/test/test_opal_query_result_edge.py @@ -0,0 +1,63 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.opal_query_result_edge import OpalQueryResultEdge + +class TestOpalQueryResultEdge(unittest.TestCase): + """OpalQueryResultEdge unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> OpalQueryResultEdge: + """Test OpalQueryResultEdge + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `OpalQueryResultEdge` + """ + model = OpalQueryResultEdge() + if include_optional: + return OpalQueryResultEdge( + node = opal_security.models.opal_query_result_node.OpalQueryResultNode( + id = '', + name = '', + entity_type = 'USER', + entity_item_type = 'OPAL_ROLE', ), + cursor = '' + ) + else: + return OpalQueryResultEdge( + node = opal_security.models.opal_query_result_node.OpalQueryResultNode( + id = '', + name = '', + entity_type = 'USER', + entity_item_type = 'OPAL_ROLE', ), + cursor = '', + ) + """ + + def testOpalQueryResultEdge(self): + """Test OpalQueryResultEdge""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_opal_query_result_node.py b/test/test_opal_query_result_node.py new file mode 100644 index 0000000..5a42277 --- /dev/null +++ b/test/test_opal_query_result_node.py @@ -0,0 +1,59 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.opal_query_result_node import OpalQueryResultNode + +class TestOpalQueryResultNode(unittest.TestCase): + """OpalQueryResultNode unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> OpalQueryResultNode: + """Test OpalQueryResultNode + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `OpalQueryResultNode` + """ + model = OpalQueryResultNode() + if include_optional: + return OpalQueryResultNode( + id = '', + name = '', + entity_type = 'USER', + entity_item_type = 'OPAL_ROLE' + ) + else: + return OpalQueryResultNode( + id = '', + name = '', + entity_type = 'USER', + entity_item_type = 'OPAL_ROLE', + ) + """ + + def testOpalQueryResultNode(self): + """Test OpalQueryResultNode""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_paginated_access_rules_list.py b/test/test_paginated_access_rules_list.py new file mode 100644 index 0000000..91f6c80 --- /dev/null +++ b/test/test_paginated_access_rules_list.py @@ -0,0 +1,125 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.paginated_access_rules_list import PaginatedAccessRulesList + +class TestPaginatedAccessRulesList(unittest.TestCase): + """PaginatedAccessRulesList unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> PaginatedAccessRulesList: + """Test PaginatedAccessRulesList + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `PaginatedAccessRulesList` + """ + model = PaginatedAccessRulesList() + if include_optional: + return PaginatedAccessRulesList( + next = 'cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw', + previous = 'cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ', + results = [ + opal_security.models.access_rule.AccessRule( + access_rule_id = '7c86c85d-0651-43e2-a748-d69d658418e8', + name = 'Platform Engineering', + description = 'This access rule represents all platform engineers in the company.', + admin_owner_id = '7c86c85d-0651-43e2-a748-d69d658418e8', + status = 'ACTIVE', + rule_clauses = opal_security.models.rule_clauses.RuleClauses( + when = opal_security.models.rule_conjunction.RuleConjunction( + clauses = [ + opal_security.models.rule_disjunction.RuleDisjunction( + selectors = [ + opal_security.models.tag_selector.TagSelector( + key = '', + value = '', + connection_id = '', ) + ], + attribute_selectors = [ + opal_security.models.user_attribute_selector.UserAttributeSelector( + attribute = 'HR_IDP_STATUS', + values = [ + '' + ], ) + ], ) + ], ), + unless = opal_security.models.rule_conjunction.RuleConjunction( + clauses = [ + opal_security.models.rule_disjunction.RuleDisjunction( + selectors = [ + opal_security.models.tag_selector.TagSelector( + key = '', + value = '', + connection_id = '', ) + ], ) + ], ), ), ) + ] + ) + else: + return PaginatedAccessRulesList( + results = [ + opal_security.models.access_rule.AccessRule( + access_rule_id = '7c86c85d-0651-43e2-a748-d69d658418e8', + name = 'Platform Engineering', + description = 'This access rule represents all platform engineers in the company.', + admin_owner_id = '7c86c85d-0651-43e2-a748-d69d658418e8', + status = 'ACTIVE', + rule_clauses = opal_security.models.rule_clauses.RuleClauses( + when = opal_security.models.rule_conjunction.RuleConjunction( + clauses = [ + opal_security.models.rule_disjunction.RuleDisjunction( + selectors = [ + opal_security.models.tag_selector.TagSelector( + key = '', + value = '', + connection_id = '', ) + ], + attribute_selectors = [ + opal_security.models.user_attribute_selector.UserAttributeSelector( + attribute = 'HR_IDP_STATUS', + values = [ + '' + ], ) + ], ) + ], ), + unless = opal_security.models.rule_conjunction.RuleConjunction( + clauses = [ + opal_security.models.rule_disjunction.RuleDisjunction( + selectors = [ + opal_security.models.tag_selector.TagSelector( + key = '', + value = '', + connection_id = '', ) + ], ) + ], ), ), ) + ], + ) + """ + + def testPaginatedAccessRulesList(self): + """Test PaginatedAccessRulesList""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_resource_remote_info_grafana_dashboard.py b/test/test_resource_remote_info_grafana_dashboard.py new file mode 100644 index 0000000..918ada9 --- /dev/null +++ b/test/test_resource_remote_info_grafana_dashboard.py @@ -0,0 +1,53 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.resource_remote_info_grafana_dashboard import ResourceRemoteInfoGrafanaDashboard + +class TestResourceRemoteInfoGrafanaDashboard(unittest.TestCase): + """ResourceRemoteInfoGrafanaDashboard unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> ResourceRemoteInfoGrafanaDashboard: + """Test ResourceRemoteInfoGrafanaDashboard + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `ResourceRemoteInfoGrafanaDashboard` + """ + model = ResourceRemoteInfoGrafanaDashboard() + if include_optional: + return ResourceRemoteInfoGrafanaDashboard( + dashboard_uid = 'dddRTXX' + ) + else: + return ResourceRemoteInfoGrafanaDashboard( + dashboard_uid = 'dddRTXX', + ) + """ + + def testResourceRemoteInfoGrafanaDashboard(self): + """Test ResourceRemoteInfoGrafanaDashboard""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_resource_remote_info_grafana_folder.py b/test/test_resource_remote_info_grafana_folder.py new file mode 100644 index 0000000..84161ff --- /dev/null +++ b/test/test_resource_remote_info_grafana_folder.py @@ -0,0 +1,53 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.resource_remote_info_grafana_folder import ResourceRemoteInfoGrafanaFolder + +class TestResourceRemoteInfoGrafanaFolder(unittest.TestCase): + """ResourceRemoteInfoGrafanaFolder unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> ResourceRemoteInfoGrafanaFolder: + """Test ResourceRemoteInfoGrafanaFolder + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `ResourceRemoteInfoGrafanaFolder` + """ + model = ResourceRemoteInfoGrafanaFolder() + if include_optional: + return ResourceRemoteInfoGrafanaFolder( + folder_uid = 'fffRTXX' + ) + else: + return ResourceRemoteInfoGrafanaFolder( + folder_uid = 'fffRTXX', + ) + """ + + def testResourceRemoteInfoGrafanaFolder(self): + """Test ResourceRemoteInfoGrafanaFolder""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_resource_remote_info_grafana_role.py b/test/test_resource_remote_info_grafana_role.py new file mode 100644 index 0000000..b2a2454 --- /dev/null +++ b/test/test_resource_remote_info_grafana_role.py @@ -0,0 +1,53 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.resource_remote_info_grafana_role import ResourceRemoteInfoGrafanaRole + +class TestResourceRemoteInfoGrafanaRole(unittest.TestCase): + """ResourceRemoteInfoGrafanaRole unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> ResourceRemoteInfoGrafanaRole: + """Test ResourceRemoteInfoGrafanaRole + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `ResourceRemoteInfoGrafanaRole` + """ + model = ResourceRemoteInfoGrafanaRole() + if include_optional: + return ResourceRemoteInfoGrafanaRole( + role_uid = 'rrfRTXX' + ) + else: + return ResourceRemoteInfoGrafanaRole( + role_uid = 'rrfRTXX', + ) + """ + + def testResourceRemoteInfoGrafanaRole(self): + """Test ResourceRemoteInfoGrafanaRole""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_resource_remote_info_zendesk_role.py b/test/test_resource_remote_info_zendesk_role.py new file mode 100644 index 0000000..13de001 --- /dev/null +++ b/test/test_resource_remote_info_zendesk_role.py @@ -0,0 +1,53 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.resource_remote_info_zendesk_role import ResourceRemoteInfoZendeskRole + +class TestResourceRemoteInfoZendeskRole(unittest.TestCase): + """ResourceRemoteInfoZendeskRole unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> ResourceRemoteInfoZendeskRole: + """Test ResourceRemoteInfoZendeskRole + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `ResourceRemoteInfoZendeskRole` + """ + model = ResourceRemoteInfoZendeskRole() + if include_optional: + return ResourceRemoteInfoZendeskRole( + role_id = '12345' + ) + else: + return ResourceRemoteInfoZendeskRole( + role_id = '12345', + ) + """ + + def testResourceRemoteInfoZendeskRole(self): + """Test ResourceRemoteInfoZendeskRole""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_string_match_type.py b/test/test_string_match_type.py new file mode 100644 index 0000000..2eeae3b --- /dev/null +++ b/test/test_string_match_type.py @@ -0,0 +1,34 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.string_match_type import StringMatchType + +class TestStringMatchType(unittest.TestCase): + """StringMatchType unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def testStringMatchType(self): + """Test StringMatchType""" + # inst = StringMatchType() + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_update_event_stream_info.py b/test/test_update_event_stream_info.py new file mode 100644 index 0000000..36523e0 --- /dev/null +++ b/test/test_update_event_stream_info.py @@ -0,0 +1,65 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.update_event_stream_info import UpdateEventStreamInfo + +class TestUpdateEventStreamInfo(unittest.TestCase): + """UpdateEventStreamInfo unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> UpdateEventStreamInfo: + """Test UpdateEventStreamInfo + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `UpdateEventStreamInfo` + """ + model = UpdateEventStreamInfo() + if include_optional: + return UpdateEventStreamInfo( + name = '', + enabled = True, + webhook_url = '', + credentials = opal_security.models.webhook_credentials.WebhookCredentials( + auth_type = 'NONE', + api_key_credentials = [ + opal_security.models.webhook_api_key_credential.WebhookApiKeyCredential( + id = '', + name = '', + value = '', + location = 'HEADER', ) + ], + hmac_credential_1 = null, + hmac_credential_2 = null, ) + ) + else: + return UpdateEventStreamInfo( + ) + """ + + def testUpdateEventStreamInfo(self): + """Test UpdateEventStreamInfo""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_user_attribute_selector.py b/test/test_user_attribute_selector.py new file mode 100644 index 0000000..f9ed22c --- /dev/null +++ b/test/test_user_attribute_selector.py @@ -0,0 +1,59 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.user_attribute_selector import UserAttributeSelector + +class TestUserAttributeSelector(unittest.TestCase): + """UserAttributeSelector unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> UserAttributeSelector: + """Test UserAttributeSelector + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `UserAttributeSelector` + """ + model = UserAttributeSelector() + if include_optional: + return UserAttributeSelector( + attribute = 'HR_IDP_STATUS', + values = [ + '' + ] + ) + else: + return UserAttributeSelector( + attribute = 'HR_IDP_STATUS', + values = [ + '' + ], + ) + """ + + def testUserAttributeSelector(self): + """Test UserAttributeSelector""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_webhook_api_key_credential.py b/test/test_webhook_api_key_credential.py new file mode 100644 index 0000000..7d69e4b --- /dev/null +++ b/test/test_webhook_api_key_credential.py @@ -0,0 +1,59 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.webhook_api_key_credential import WebhookApiKeyCredential + +class TestWebhookApiKeyCredential(unittest.TestCase): + """WebhookApiKeyCredential unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> WebhookApiKeyCredential: + """Test WebhookApiKeyCredential + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `WebhookApiKeyCredential` + """ + model = WebhookApiKeyCredential() + if include_optional: + return WebhookApiKeyCredential( + id = '', + name = '', + value = '', + location = 'HEADER' + ) + else: + return WebhookApiKeyCredential( + id = '', + name = '', + value = '', + location = 'HEADER', + ) + """ + + def testWebhookApiKeyCredential(self): + """Test WebhookApiKeyCredential""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_webhook_api_key_location_enum.py b/test/test_webhook_api_key_location_enum.py new file mode 100644 index 0000000..64e2884 --- /dev/null +++ b/test/test_webhook_api_key_location_enum.py @@ -0,0 +1,34 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.webhook_api_key_location_enum import WebhookApiKeyLocationEnum + +class TestWebhookApiKeyLocationEnum(unittest.TestCase): + """WebhookApiKeyLocationEnum unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def testWebhookApiKeyLocationEnum(self): + """Test WebhookApiKeyLocationEnum""" + # inst = WebhookApiKeyLocationEnum() + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_webhook_auth_type_enum.py b/test/test_webhook_auth_type_enum.py new file mode 100644 index 0000000..8aa26f9 --- /dev/null +++ b/test/test_webhook_auth_type_enum.py @@ -0,0 +1,34 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.webhook_auth_type_enum import WebhookAuthTypeEnum + +class TestWebhookAuthTypeEnum(unittest.TestCase): + """WebhookAuthTypeEnum unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def testWebhookAuthTypeEnum(self): + """Test WebhookAuthTypeEnum""" + # inst = WebhookAuthTypeEnum() + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_webhook_credentials.py b/test/test_webhook_credentials.py new file mode 100644 index 0000000..f821284 --- /dev/null +++ b/test/test_webhook_credentials.py @@ -0,0 +1,68 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.webhook_credentials import WebhookCredentials + +class TestWebhookCredentials(unittest.TestCase): + """WebhookCredentials unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> WebhookCredentials: + """Test WebhookCredentials + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `WebhookCredentials` + """ + model = WebhookCredentials() + if include_optional: + return WebhookCredentials( + auth_type = 'NONE', + api_key_credentials = [ + opal_security.models.webhook_api_key_credential.WebhookApiKeyCredential( + id = '', + name = '', + value = '', + location = 'HEADER', ) + ], + hmac_credential_1 = opal_security.models.webhook_hmac_credential.WebhookHmacCredential( + id = '', + secret = '', + created_at = datetime.datetime.strptime('2013-10-20 19:20:30.00', '%Y-%m-%d %H:%M:%S.%f'), ), + hmac_credential_2 = opal_security.models.webhook_hmac_credential.WebhookHmacCredential( + id = '', + secret = '', + created_at = datetime.datetime.strptime('2013-10-20 19:20:30.00', '%Y-%m-%d %H:%M:%S.%f'), ) + ) + else: + return WebhookCredentials( + auth_type = 'NONE', + ) + """ + + def testWebhookCredentials(self): + """Test WebhookCredentials""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/test/test_webhook_hmac_credential.py b/test/test_webhook_hmac_credential.py new file mode 100644 index 0000000..cad0881 --- /dev/null +++ b/test/test_webhook_hmac_credential.py @@ -0,0 +1,57 @@ +# coding: utf-8 + +""" + Opal API + + The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. + + The version of the OpenAPI document: 1.0 + Contact: hello@opal.dev + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +from opal_security.models.webhook_hmac_credential import WebhookHmacCredential + +class TestWebhookHmacCredential(unittest.TestCase): + """WebhookHmacCredential unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional) -> WebhookHmacCredential: + """Test WebhookHmacCredential + include_optional is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `WebhookHmacCredential` + """ + model = WebhookHmacCredential() + if include_optional: + return WebhookHmacCredential( + id = '', + secret = '', + created_at = datetime.datetime.strptime('2013-10-20 19:20:30.00', '%Y-%m-%d %H:%M:%S.%f') + ) + else: + return WebhookHmacCredential( + id = '', + secret = '', + created_at = datetime.datetime.strptime('2013-10-20 19:20:30.00', '%Y-%m-%d %H:%M:%S.%f'), + ) + """ + + def testWebhookHmacCredential(self): + """Test WebhookHmacCredential""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main()