-
Notifications
You must be signed in to change notification settings - Fork 277
/
zms_schema.go
1241 lines (1108 loc) · 93.5 KB
/
zms_schema.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
//
// This file generated by rdl 1.4.12
//
package zms
import (
rdl "github.com/ardielle/ardielle-go/rdl"
)
var schema *rdl.Schema
func init() {
sb := rdl.NewSchemaBuilder("ZMS")
sb.Version(1)
sb.Namespace("com.yahoo.athenz.zms")
sb.Comment("Copyright 2016 Yahoo Inc. Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms. The Authorization Management Service (ZMS) Classes")
tSimpleName := rdl.NewStringTypeBuilder("SimpleName")
tSimpleName.Comment("Copyright 2016 Yahoo Inc. Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms. Common name types used by several API definitions A simple identifier, an element of compound name.")
tSimpleName.Pattern("[a-zA-Z0-9_][a-zA-Z0-9_-]*")
sb.AddType(tSimpleName.Build())
tCompoundName := rdl.NewStringTypeBuilder("CompoundName")
tCompoundName.Comment("A compound name. Most names in this API are compound names.")
tCompoundName.Pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*")
sb.AddType(tCompoundName.Build())
tDomainName := rdl.NewStringTypeBuilder("DomainName")
tDomainName.Comment("A domain name is the general qualifier prefix, as its uniqueness is managed.")
tDomainName.Pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*")
sb.AddType(tDomainName.Build())
tEntityName := rdl.NewStringTypeBuilder("EntityName")
tEntityName.Comment("An entity name is a short form of a resource name, including only the domain and entity.")
tEntityName.Pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*")
sb.AddType(tEntityName.Build())
tServiceName := rdl.NewStringTypeBuilder("ServiceName")
tServiceName.Comment("A service name will generally be a unique subdomain.")
tServiceName.Pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*")
sb.AddType(tServiceName.Build())
tLocationName := rdl.NewStringTypeBuilder("LocationName")
tLocationName.Comment("A location name is not yet defined, but will be a dotted name like everything else.")
tLocationName.Pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*")
sb.AddType(tLocationName.Build())
tActionName := rdl.NewStringTypeBuilder("ActionName")
tActionName.Comment("An action (operation) name.")
tActionName.Pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*")
sb.AddType(tActionName.Build())
tResourceName := rdl.NewStringTypeBuilder("ResourceName")
tResourceName.Comment("A resource name Note that the EntityName part is optional, that is, a domain name followed by a colon is valid resource name.")
tResourceName.Pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*(:([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*)?")
sb.AddType(tResourceName.Build())
tYBase64 := rdl.NewStringTypeBuilder("YBase64")
tYBase64.Comment("The Y-specific URL-safe Base64 variant.")
tYBase64.Pattern("[a-zA-Z0-9\\._-]+")
sb.AddType(tYBase64.Build())
tYEncoded := rdl.NewStringTypeBuilder("YEncoded")
tYEncoded.Comment("YEncoded includes ybase64 chars, as well as = and %. This can represent a user cookie and URL-encoded values.")
tYEncoded.Pattern("[a-zA-Z0-9\\._%=-]*")
sb.AddType(tYEncoded.Build())
tAuthorityName := rdl.NewStringTypeBuilder("AuthorityName")
tAuthorityName.Comment("Used as the prefix in a signed assertion. This uniquely identifies a signing authority. i.e. \"user\"")
tAuthorityName.Pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*")
sb.AddType(tAuthorityName.Build())
tSignedToken := rdl.NewStringTypeBuilder("SignedToken")
tSignedToken.Comment("A signed assertion if identity. i.e. the user cookie value. This token will only make sense to the authority that generated it, so it is beneficial to have something in the value that is cheaply recognized to quickly reject if it belongs to another authority. In addition to the YEncoded set our token includes ; to separate components and , to separate roles and : for IPv6 addresses")
tSignedToken.Pattern("[a-zA-Z0-9\\._%=:;,-]*")
sb.AddType(tSignedToken.Build())
tMemberName := rdl.NewStringTypeBuilder("MemberName")
tMemberName.Comment("Role Member name - could be one of three values, either *, DomainName.* or ResourceName")
tMemberName.Pattern("\\*|([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*\\.\\*|([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*(:([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*)?")
sb.AddType(tMemberName.Build())
tDomain := rdl.NewStructTypeBuilder("Struct", "Domain")
tDomain.Comment("A domain is an independent partition of users, roles, and resources. Its name represents the definition of a namespace; the only way a new namespace can be created, from the top, is by creating Domains. Administration of a domain is governed by the parent domain (using reverse-DNS namespaces). The top level domains are governed by the special \"sys.auth\" domain.")
tDomain.Field("name", "DomainName", false, nil, "the common name to be referred to, the symbolic id. It is immutable")
tDomain.Field("modified", "Timestamp", true, nil, "the last modification timestamp of any object or attribute in this domain")
tDomain.Field("id", "UUID", true, nil, "unique identifier of the domain. generated on create, never reused")
tDomain.Field("description", "String", true, nil, "description of the domain")
tDomain.Field("org", "ResourceName", true, nil, "a reference to an Organization")
tDomain.Field("enabled", "Bool", true, true, "Future use only, currently not used")
tDomain.Field("auditEnabled", "Bool", true, false, "Flag indicates whether or not domain modifications should be logged for SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for any API defining it.")
tDomain.Field("account", "String", true, nil, "associated cloud (i.e. aws) account id")
tDomain.Field("ypmId", "Int32", true, nil, "associated product id")
sb.AddType(tDomain.Build())
tRoleList := rdl.NewStructTypeBuilder("Struct", "RoleList")
tRoleList.Comment("The representation for an enumeration of roles in the namespace, with pagination.")
tRoleList.ArrayField("names", "EntityName", false, "list of role names")
tRoleList.Field("next", "String", true, nil, "if the response is a paginated list, this attribute specifies the value to be used in the next role list request as the value for the skip query parameter.")
sb.AddType(tRoleList.Build())
tRoleAuditLog := rdl.NewStructTypeBuilder("Struct", "RoleAuditLog")
tRoleAuditLog.Comment("An audit log entry for role membership change.")
tRoleAuditLog.Field("member", "MemberName", false, nil, "name of the role member")
tRoleAuditLog.Field("admin", "ResourceName", false, nil, "name of the principal executing the change")
tRoleAuditLog.Field("created", "Timestamp", false, nil, "timestamp of the entry")
tRoleAuditLog.Field("action", "String", false, nil, "log action - either add or delete")
tRoleAuditLog.Field("auditRef", "String", true, nil, "audit reference string for the change as supplied by admin")
sb.AddType(tRoleAuditLog.Build())
tRoleMember := rdl.NewStructTypeBuilder("Struct", "RoleMember")
tRoleMember.Field("memberName", "MemberName", false, nil, "name of the member")
tRoleMember.Field("expiration", "Timestamp", true, nil, "the expiration timestamp")
sb.AddType(tRoleMember.Build())
tRole := rdl.NewStructTypeBuilder("Struct", "Role")
tRole.Comment("The representation for a Role with set of members.")
tRole.Field("name", "ResourceName", false, nil, "name of the role")
tRole.Field("modified", "Timestamp", true, nil, "last modification timestamp of the role")
tRole.ArrayField("members", "MemberName", true, "an explicit list of members. Might be empty or null, if trust is set")
tRole.ArrayField("roleMembers", "RoleMember", true, "members with expiration")
tRole.Field("trust", "DomainName", true, nil, "a trusted domain to delegate membership decisions to")
tRole.ArrayField("auditLog", "RoleAuditLog", true, "an audit log for role membership changes")
sb.AddType(tRole.Build())
tRoles := rdl.NewStructTypeBuilder("Struct", "Roles")
tRoles.Comment("The representation for a list of roles with full details")
tRoles.ArrayField("list", "Role", false, "list of role objects")
sb.AddType(tRoles.Build())
tMembership := rdl.NewStructTypeBuilder("Struct", "Membership")
tMembership.Comment("The representation for a role membership.")
tMembership.Field("memberName", "MemberName", false, nil, "name of the member")
tMembership.Field("isMember", "Bool", true, true, "flag to indicate whether or the user is a member or not")
tMembership.Field("roleName", "ResourceName", true, nil, "name of the role")
tMembership.Field("expiration", "Timestamp", true, nil, "the expiration timestamp")
sb.AddType(tMembership.Build())
tDefaultAdmins := rdl.NewStructTypeBuilder("Struct", "DefaultAdmins")
tDefaultAdmins.Comment("The list of domain administrators.")
tDefaultAdmins.ArrayField("admins", "ResourceName", false, "list of domain administrators")
sb.AddType(tDefaultAdmins.Build())
tAssertionEffect := rdl.NewEnumTypeBuilder("Enum", "AssertionEffect")
tAssertionEffect.Comment("Every assertion can have the effect of ALLOW or DENY.")
tAssertionEffect.Element("ALLOW", "")
tAssertionEffect.Element("DENY", "")
sb.AddType(tAssertionEffect.Build())
tAssertion := rdl.NewStructTypeBuilder("Struct", "Assertion")
tAssertion.Comment("A representation for the encapsulation of an action to be performed on a resource by a principal.")
tAssertion.Field("role", "String", false, nil, "the subject of the assertion - a role")
tAssertion.Field("resource", "String", false, nil, "the object of the assertion. Must be in the local namespace. Can contain wildcards")
tAssertion.Field("action", "String", false, nil, "the predicate of the assertion. Can contain wildcards")
tAssertion.Field("effect", "AssertionEffect", true, ALLOW, "the effect of the assertion in the policy language")
tAssertion.Field("id", "Int64", true, nil, "assertion id - auto generated by server. Not required during put operations.")
sb.AddType(tAssertion.Build())
tPolicy := rdl.NewStructTypeBuilder("Struct", "Policy")
tPolicy.Comment("The representation for a Policy with set of assertions.")
tPolicy.Field("name", "ResourceName", false, nil, "name of the policy")
tPolicy.Field("modified", "Timestamp", true, nil, "last modification timestamp of this policy")
tPolicy.ArrayField("assertions", "Assertion", false, "list of defined assertions for this policy")
sb.AddType(tPolicy.Build())
tPolicies := rdl.NewStructTypeBuilder("Struct", "Policies")
tPolicies.Comment("The representation of list of policy objects")
tPolicies.ArrayField("list", "Policy", false, "list of policy objects")
sb.AddType(tPolicies.Build())
tTemplate := rdl.NewStructTypeBuilder("Struct", "Template")
tTemplate.Comment("Solution Template object defined on the server")
tTemplate.ArrayField("roles", "Role", false, "list of roles in the template")
tTemplate.ArrayField("policies", "Policy", false, "list of policies defined in this template")
sb.AddType(tTemplate.Build())
tTemplateList := rdl.NewStructTypeBuilder("Struct", "TemplateList")
tTemplateList.Comment("List of template names that is the base struct for server and domain templates")
tTemplateList.ArrayField("templateNames", "SimpleName", false, "list of template names")
sb.AddType(tTemplateList.Build())
tDomainTemplate := rdl.NewStructTypeBuilder("TemplateList", "DomainTemplate")
tDomainTemplate.Comment("solution template(s) to be applied to a domain")
sb.AddType(tDomainTemplate.Build())
tDomainTemplateList := rdl.NewStructTypeBuilder("TemplateList", "DomainTemplateList")
tDomainTemplateList.Comment("List of solution templates to be applied to a domain")
sb.AddType(tDomainTemplateList.Build())
tServerTemplateList := rdl.NewStructTypeBuilder("TemplateList", "ServerTemplateList")
tServerTemplateList.Comment("List of solution templates available in the server")
sb.AddType(tServerTemplateList.Build())
tDomainList := rdl.NewStructTypeBuilder("Struct", "DomainList")
tDomainList.Comment("A paginated list of domains.")
tDomainList.ArrayField("names", "DomainName", false, "list of domain names")
tDomainList.Field("next", "String", true, nil, "if the response is a paginated list, this attribute specifies the value to be used in the next domain list request as the value for the skip query parameter.")
sb.AddType(tDomainList.Build())
tDomainMeta := rdl.NewStructTypeBuilder("Struct", "DomainMeta")
tDomainMeta.Comment("Set of metadata attributes that all domains may have and can be changed.")
tDomainMeta.Field("description", "String", true, nil, "a description of the domain")
tDomainMeta.Field("org", "ResourceName", true, nil, "a reference to an Organization. (i.e. org:media)")
tDomainMeta.Field("enabled", "Bool", true, true, "Future use only, currently not used")
tDomainMeta.Field("auditEnabled", "Bool", true, false, "Flag indicates whether or not domain modifications should be logged for SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for any API defining it.")
tDomainMeta.Field("account", "String", true, nil, "associated cloud (i.e. aws) account id")
tDomainMeta.Field("ypmId", "Int32", true, nil, "associated product id")
sb.AddType(tDomainMeta.Build())
tTopLevelDomain := rdl.NewStructTypeBuilder("DomainMeta", "TopLevelDomain")
tTopLevelDomain.Comment("Top Level Domain object. The required attributes include the name of the domain and list of domain administrators.")
tTopLevelDomain.Field("name", "SimpleName", false, nil, "name of the domain")
tTopLevelDomain.ArrayField("adminUsers", "ResourceName", false, "list of domain administrators")
tTopLevelDomain.Field("templates", "DomainTemplateList", true, nil, "list of solution template names")
sb.AddType(tTopLevelDomain.Build())
tSubDomain := rdl.NewStructTypeBuilder("TopLevelDomain", "SubDomain")
tSubDomain.Comment("A Subdomain is a TopLevelDomain, except it has a parent.")
tSubDomain.Field("parent", "DomainName", false, nil, "name of the parent domain")
sb.AddType(tSubDomain.Build())
tUserDomain := rdl.NewStructTypeBuilder("DomainMeta", "UserDomain")
tUserDomain.Comment("A UserDomain is the user's own top level domain in user - e.g. user.hga")
tUserDomain.Field("name", "SimpleName", false, nil, "user id which will be the domain name")
tUserDomain.Field("templates", "DomainTemplateList", true, nil, "list of solution template names")
sb.AddType(tUserDomain.Build())
tDanglingPolicy := rdl.NewStructTypeBuilder("Struct", "DanglingPolicy")
tDanglingPolicy.Comment("A dangling policy where the assertion is referencing a role name that doesn't exist in the domain")
tDanglingPolicy.Field("policyName", "EntityName", false, nil, "")
tDanglingPolicy.Field("roleName", "EntityName", false, nil, "")
sb.AddType(tDanglingPolicy.Build())
tDomainDataCheck := rdl.NewStructTypeBuilder("Struct", "DomainDataCheck")
tDomainDataCheck.Comment("Domain data object representing the results of a check operation looking for dangling roles, policies and trust relationships that are set either on tenant or provider side only")
tDomainDataCheck.ArrayField("danglingRoles", "EntityName", true, "Names of roles not specified in any assertion. Might be empty or null if no dangling roles.")
tDomainDataCheck.ArrayField("danglingPolicies", "DanglingPolicy", true, "Policy+role tuples where role doesnt exist. Might be empty or null if no dangling policies.")
tDomainDataCheck.Field("policyCount", "Int32", false, nil, "total number of policies")
tDomainDataCheck.Field("assertionCount", "Int32", false, nil, "total number of assertions")
tDomainDataCheck.Field("roleWildCardCount", "Int32", false, nil, "total number of assertions containing roles as wildcards")
tDomainDataCheck.ArrayField("providersWithoutTrust", "ServiceName", true, "Service names (domain.service) that dont contain trust role if this is a tenant domain. Might be empty or null, if not a tenant or if all providers support this tenant.")
tDomainDataCheck.ArrayField("tenantsWithoutAssumeRole", "DomainName", true, "Names of Tenant domains that dont contain assume role assertions if this is a provider domain. Might be empty or null, if not a provider or if all tenants support use this provider.")
sb.AddType(tDomainDataCheck.Build())
tEntity := rdl.NewStructTypeBuilder("Struct", "Entity")
tEntity.Comment("An entity is a name and a structured value. some entity names/prefixes are reserved (i.e. \"role\", \"policy\", \"meta\", \"domain\", \"service\")")
tEntity.Field("name", "EntityName", false, nil, "name of the entity object")
tEntity.Field("value", "Struct", false, nil, "value of the entity")
sb.AddType(tEntity.Build())
tEntityList := rdl.NewStructTypeBuilder("Struct", "EntityList")
tEntityList.Comment("The representation for an enumeration of entities in the namespace")
tEntityList.ArrayField("names", "EntityName", false, "list of entity names")
sb.AddType(tEntityList.Build())
tPolicyList := rdl.NewStructTypeBuilder("Struct", "PolicyList")
tPolicyList.Comment("The representation for an enumeration of policies in the namespace, with pagination.")
tPolicyList.ArrayField("names", "EntityName", false, "list of policy names")
tPolicyList.Field("next", "String", true, nil, "if the response is a paginated list, this attribute specifies the value to be used in the next policy list request as the value for the skip query parameter.")
sb.AddType(tPolicyList.Build())
tPublicKeyEntry := rdl.NewStructTypeBuilder("Struct", "PublicKeyEntry")
tPublicKeyEntry.Comment("The representation of the public key in a service identity object.")
tPublicKeyEntry.Field("key", "String", false, nil, "the public key for the service")
tPublicKeyEntry.Field("id", "String", false, nil, "the key identifier (version or zone name)")
sb.AddType(tPublicKeyEntry.Build())
tServiceIdentity := rdl.NewStructTypeBuilder("Struct", "ServiceIdentity")
tServiceIdentity.Comment("The representation of the service identity object.")
tServiceIdentity.Field("name", "ServiceName", false, nil, "the full name of the service, i.e. \"sports.storage\"")
tServiceIdentity.ArrayField("publicKeys", "PublicKeyEntry", true, "array of public keys for key rotation")
tServiceIdentity.Field("providerEndpoint", "String", true, nil, "if present, then this service can provision tenants via this endpoint.")
tServiceIdentity.Field("modified", "Timestamp", true, nil, "the timestamp when this entry was last modified")
tServiceIdentity.Field("executable", "String", true, nil, "the path of the executable that runs the service")
tServiceIdentity.ArrayField("hosts", "String", true, "list of host names that this service can run on")
tServiceIdentity.Field("user", "String", true, nil, "local (unix) user name this service can run as")
tServiceIdentity.Field("group", "String", true, nil, "local (unix) group name this service can run as")
sb.AddType(tServiceIdentity.Build())
tServiceIdentities := rdl.NewStructTypeBuilder("Struct", "ServiceIdentities")
tServiceIdentities.Comment("The representation of list of services")
tServiceIdentities.ArrayField("list", "ServiceIdentity", false, "list of services")
sb.AddType(tServiceIdentities.Build())
tServiceIdentityList := rdl.NewStructTypeBuilder("Struct", "ServiceIdentityList")
tServiceIdentityList.Comment("The representation for an enumeration of services in the namespace, with pagination.")
tServiceIdentityList.ArrayField("names", "EntityName", false, "list of service names")
tServiceIdentityList.Field("next", "String", true, nil, "if the response is a paginated list, this attribute specifies the value to be used in the next service list request as the value for the skip query parameter.")
sb.AddType(tServiceIdentityList.Build())
tTenancy := rdl.NewStructTypeBuilder("Struct", "Tenancy")
tTenancy.Comment("A representation of tenant.")
tTenancy.Field("domain", "DomainName", false, nil, "the domain that is to get a tenancy")
tTenancy.Field("service", "ServiceName", false, nil, "the provider service on which the tenancy is to reside")
tTenancy.ArrayField("resourceGroups", "EntityName", true, "registered resource groups for this tenant")
sb.AddType(tTenancy.Build())
tTenancyResourceGroup := rdl.NewStructTypeBuilder("Struct", "TenancyResourceGroup")
tTenancyResourceGroup.Field("domain", "DomainName", false, nil, "the domain that is to get a tenancy")
tTenancyResourceGroup.Field("service", "ServiceName", false, nil, "the provider service on which the tenancy is to reside")
tTenancyResourceGroup.Field("resourceGroup", "EntityName", false, nil, "registered resource group for this tenant")
sb.AddType(tTenancyResourceGroup.Build())
tTenantRoleAction := rdl.NewStructTypeBuilder("Struct", "TenantRoleAction")
tTenantRoleAction.Comment("A representation of tenant role action.")
tTenantRoleAction.Field("role", "SimpleName", false, nil, "name of the role")
tTenantRoleAction.Field("action", "String", false, nil, "action value for the generated policy assertion")
sb.AddType(tTenantRoleAction.Build())
tTenantRoles := rdl.NewStructTypeBuilder("Struct", "TenantRoles")
tTenantRoles.Comment("A representation of tenant roles to be provisioned.")
tTenantRoles.Field("domain", "DomainName", false, nil, "name of the provider domain")
tTenantRoles.Field("service", "SimpleName", false, nil, "name of the provider service")
tTenantRoles.Field("tenant", "DomainName", false, nil, "name of the tenant domain")
tTenantRoles.ArrayField("roles", "TenantRoleAction", false, "the role/action pairs to provision")
sb.AddType(tTenantRoles.Build())
tTenantResourceGroupRoles := rdl.NewStructTypeBuilder("Struct", "TenantResourceGroupRoles")
tTenantResourceGroupRoles.Comment("A representation of tenant roles for resource groups to be provisioned.")
tTenantResourceGroupRoles.Field("domain", "DomainName", false, nil, "name of the provider domain")
tTenantResourceGroupRoles.Field("service", "SimpleName", false, nil, "name of the provider service")
tTenantResourceGroupRoles.Field("tenant", "DomainName", false, nil, "name of the tenant domain")
tTenantResourceGroupRoles.ArrayField("roles", "TenantRoleAction", false, "the role/action pairs to provision")
tTenantResourceGroupRoles.Field("resourceGroup", "EntityName", false, nil, "tenant resource group")
sb.AddType(tTenantResourceGroupRoles.Build())
tProviderResourceGroupRoles := rdl.NewStructTypeBuilder("Struct", "ProviderResourceGroupRoles")
tProviderResourceGroupRoles.Comment("A representation of provider roles to be provisioned.")
tProviderResourceGroupRoles.Field("domain", "DomainName", false, nil, "name of the provider domain")
tProviderResourceGroupRoles.Field("service", "SimpleName", false, nil, "name of the provider service")
tProviderResourceGroupRoles.Field("tenant", "DomainName", false, nil, "name of the tenant domain")
tProviderResourceGroupRoles.ArrayField("roles", "TenantRoleAction", false, "the role/action pairs to provision")
tProviderResourceGroupRoles.Field("resourceGroup", "EntityName", false, nil, "tenant resource group")
sb.AddType(tProviderResourceGroupRoles.Build())
tAccess := rdl.NewStructTypeBuilder("Struct", "Access")
tAccess.Comment("Access can be checked and returned as this resource.")
tAccess.Field("granted", "Bool", false, nil, "true (allowed) or false (denied)")
sb.AddType(tAccess.Build())
tResourceAccess := rdl.NewStructTypeBuilder("Struct", "ResourceAccess")
tResourceAccess.Field("principal", "EntityName", false, nil, "")
tResourceAccess.ArrayField("assertions", "Assertion", false, "")
sb.AddType(tResourceAccess.Build())
tResourceAccessList := rdl.NewStructTypeBuilder("Struct", "ResourceAccessList")
tResourceAccessList.ArrayField("resources", "ResourceAccess", false, "")
sb.AddType(tResourceAccessList.Build())
tDomainModified := rdl.NewStructTypeBuilder("Struct", "DomainModified")
tDomainModified.Comment("Tuple of domain-name and modification time-stamps. This object is returned when the caller has requested list of domains modified since a specific timestamp.")
tDomainModified.Field("name", "DomainName", false, nil, "name of the domain")
tDomainModified.Field("modified", "Int64", false, nil, "last modified timestamp of the domain")
sb.AddType(tDomainModified.Build())
tDomainModifiedList := rdl.NewStructTypeBuilder("Struct", "DomainModifiedList")
tDomainModifiedList.Comment("A list of {domain, modified-timestamp} tuples.")
tDomainModifiedList.ArrayField("nameModList", "DomainModified", false, "list of modified domains")
sb.AddType(tDomainModifiedList.Build())
tDomainPolicies := rdl.NewStructTypeBuilder("Struct", "DomainPolicies")
tDomainPolicies.Comment("We need to include the name of the domain in this struct since this data will be passed back to ZPU through ZTS so we need to sign not only the list of policies but also the corresponding domain name that the policies belong to.")
tDomainPolicies.Field("domain", "DomainName", false, nil, "name of the domain")
tDomainPolicies.ArrayField("policies", "Policy", false, "list of policies defined in this server")
sb.AddType(tDomainPolicies.Build())
tSignedPolicies := rdl.NewStructTypeBuilder("Struct", "SignedPolicies")
tSignedPolicies.Comment("A signed bulk transfer of policies. The data is signed with server's private key.")
tSignedPolicies.Field("contents", "DomainPolicies", false, nil, "list of policies defined in a domain")
tSignedPolicies.Field("signature", "String", false, nil, "signature generated based on the domain policies object")
tSignedPolicies.Field("keyId", "String", false, nil, "the identifier of the key used to generate the signature")
sb.AddType(tSignedPolicies.Build())
tDomainData := rdl.NewStructTypeBuilder("Struct", "DomainData")
tDomainData.Comment("A domain object that includes its roles, policies and services.")
tDomainData.Field("name", "DomainName", false, nil, "name of the domain")
tDomainData.Field("account", "String", true, nil, "associated cloud (i.e. aws) account id")
tDomainData.Field("ypmId", "Int32", true, nil, "associated product id")
tDomainData.ArrayField("roles", "Role", false, "list of roles in the domain")
tDomainData.Field("policies", "SignedPolicies", false, nil, "list of policies in the domain signed with ZMS private key")
tDomainData.ArrayField("services", "ServiceIdentity", false, "list of services in the domain")
tDomainData.ArrayField("entities", "Entity", false, "list of entities in the domain")
tDomainData.Field("modified", "Timestamp", false, nil, "last modification timestamp")
sb.AddType(tDomainData.Build())
tSignedDomain := rdl.NewStructTypeBuilder("Struct", "SignedDomain")
tSignedDomain.Comment("A domain object signed with server's private key")
tSignedDomain.Field("domain", "DomainData", false, nil, "domain object with its roles, policies and services")
tSignedDomain.Field("signature", "String", false, nil, "signature generated based on the domain object")
tSignedDomain.Field("keyId", "String", false, nil, "the identifier of the key used to generate the signature")
sb.AddType(tSignedDomain.Build())
tSignedDomains := rdl.NewStructTypeBuilder("Struct", "SignedDomains")
tSignedDomains.Comment("A list of signed domain objects")
tSignedDomains.ArrayField("domains", "SignedDomain", false, "")
sb.AddType(tSignedDomains.Build())
tUserToken := rdl.NewStructTypeBuilder("Struct", "UserToken")
tUserToken.Comment("A user token generated based on user's credentials")
tUserToken.Field("token", "SignedToken", false, nil, "Signed user token identifying a specific authenticated user")
sb.AddType(tUserToken.Build())
tServicePrincipal := rdl.NewStructTypeBuilder("Struct", "ServicePrincipal")
tServicePrincipal.Comment("A service principal object identifying a given service.")
tServicePrincipal.Field("domain", "DomainName", false, nil, "name of the domain")
tServicePrincipal.Field("service", "EntityName", false, nil, "name of the service")
tServicePrincipal.Field("token", "SignedToken", false, nil, "service's signed token")
sb.AddType(tServicePrincipal.Build())
rGetDomain := rdl.NewResourceBuilder("Domain", "GET", "/domain/{domain}")
rGetDomain.Comment("Get info for the specified domain, by name. This request only returns the configured domain attributes and not any domain objects like roles, policies or service identities.")
rGetDomain.Input("domain", "DomainName", true, "", "", false, nil, "name of the domain")
rGetDomain.Auth("", "", true, "")
rGetDomain.Exception("BAD_REQUEST", "ResourceError", "")
rGetDomain.Exception("FORBIDDEN", "ResourceError", "")
rGetDomain.Exception("NOT_FOUND", "ResourceError", "")
rGetDomain.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rGetDomain.Build())
rGetDomainList := rdl.NewResourceBuilder("DomainList", "GET", "/domain")
rGetDomainList.Comment("Enumerate domains. Can be filtered by prefix and depth, and paginated. This operation can be expensive, as it may span multiple domains.")
rGetDomainList.Input("limit", "Int32", false, "limit", "", true, nil, "restrict the number of results in this call")
rGetDomainList.Input("skip", "String", false, "skip", "", true, nil, "restrict the set to those after the specified \"next\" token returned from a previous call")
rGetDomainList.Input("prefix", "String", false, "prefix", "", true, nil, "restrict to names that start with the prefix")
rGetDomainList.Input("depth", "Int32", false, "depth", "", true, nil, "restrict the depth of the name, specifying the number of '.' characters that can appear")
rGetDomainList.Input("account", "String", false, "account", "", true, nil, "restrict to domain names that have specified account name")
rGetDomainList.Input("productId", "Int32", false, "ypmid", "", true, nil, "restrict the domain names that have specified product id")
rGetDomainList.Input("roleMember", "ResourceName", false, "member", "", true, nil, "restrict the domain names where the specified user is in a role - see roleName")
rGetDomainList.Input("roleName", "ResourceName", false, "role", "", true, nil, "restrict the domain names where the specified user is in this role - see roleMember")
rGetDomainList.Input("modifiedSince", "String", false, "", "If-Modified-Since", false, nil, "This header specifies to the server to return any domains modified since this HTTP date")
rGetDomainList.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rGetDomainList.Build())
rPostTopLevelDomain := rdl.NewResourceBuilder("Domain", "POST", "/domain")
rPostTopLevelDomain.Comment("Create a new top level domain. This is a privileged action for the \"sys.auth\" administrators.")
rPostTopLevelDomain.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rPostTopLevelDomain.Input("detail", "TopLevelDomain", false, "", "", false, nil, "TopLevelDomain object to be created")
rPostTopLevelDomain.Auth("create", "sys.auth:domain", false, "")
rPostTopLevelDomain.Exception("BAD_REQUEST", "ResourceError", "")
rPostTopLevelDomain.Exception("FORBIDDEN", "ResourceError", "")
rPostTopLevelDomain.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rPostTopLevelDomain.Build())
rPostSubDomain := rdl.NewResourceBuilder("Domain", "POST", "/subdomain/{parent}")
rPostSubDomain.Comment("Create a new subdomain. The domain administrators of the {parent} domain have the privilege to create subdomains.")
rPostSubDomain.Input("parent", "DomainName", true, "", "", false, nil, "name of the parent domain")
rPostSubDomain.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rPostSubDomain.Input("detail", "SubDomain", false, "", "", false, nil, "Subdomain object to be created")
rPostSubDomain.Auth("create", "{parent}:domain", false, "")
rPostSubDomain.Exception("BAD_REQUEST", "ResourceError", "")
rPostSubDomain.Exception("FORBIDDEN", "ResourceError", "")
rPostSubDomain.Exception("NOT_FOUND", "ResourceError", "")
rPostSubDomain.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rPostSubDomain.Build())
rPostUserDomain := rdl.NewResourceBuilder("Domain", "POST", "/userdomain/{name}")
rPostUserDomain.Comment("Create a new user domain. The user domain will be created in the user top level domain and the user himself will be set as the administrator for this domain.")
rPostUserDomain.Input("name", "SimpleName", true, "", "", false, nil, "name of the domain which will be the user id")
rPostUserDomain.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rPostUserDomain.Input("detail", "UserDomain", false, "", "", false, nil, "UserDomain object to be created")
rPostUserDomain.Auth("create", "user.{name}:domain", false, "")
rPostUserDomain.Exception("BAD_REQUEST", "ResourceError", "")
rPostUserDomain.Exception("FORBIDDEN", "ResourceError", "")
rPostUserDomain.Exception("NOT_FOUND", "ResourceError", "")
rPostUserDomain.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rPostUserDomain.Build())
rDeleteTopLevelDomain := rdl.NewResourceBuilder("TopLevelDomain", "DELETE", "/domain/{name}")
rDeleteTopLevelDomain.Comment("Delete the specified domain. This is a privileged action for the \"sys.auth\" administrators. Upon successful completion of this delete request, the server will return NO_CONTENT status code without any data (no object will be returned).")
rDeleteTopLevelDomain.Input("name", "DomainName", true, "", "", false, nil, "name of the domain to be deleted")
rDeleteTopLevelDomain.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rDeleteTopLevelDomain.Auth("delete", "sys.auth:domain", false, "")
rDeleteTopLevelDomain.Expected("NO_CONTENT")
rDeleteTopLevelDomain.Exception("BAD_REQUEST", "ResourceError", "")
rDeleteTopLevelDomain.Exception("FORBIDDEN", "ResourceError", "")
rDeleteTopLevelDomain.Exception("NOT_FOUND", "ResourceError", "")
rDeleteTopLevelDomain.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rDeleteTopLevelDomain.Build())
rDeleteSubDomain := rdl.NewResourceBuilder("SubDomain", "DELETE", "/subdomain/{parent}/{name}")
rDeleteSubDomain.Comment("Delete the specified subdomain. Caller must have domain delete permissions in parent. Upon successful completion of this delete request, the server will return NO_CONTENT status code without any data (no object will be returned).")
rDeleteSubDomain.Input("parent", "DomainName", true, "", "", false, nil, "name of the parent domain")
rDeleteSubDomain.Input("name", "DomainName", true, "", "", false, nil, "name of the subdomain to be deleted")
rDeleteSubDomain.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rDeleteSubDomain.Auth("delete", "{parent}:domain", false, "")
rDeleteSubDomain.Expected("NO_CONTENT")
rDeleteSubDomain.Exception("BAD_REQUEST", "ResourceError", "")
rDeleteSubDomain.Exception("FORBIDDEN", "ResourceError", "")
rDeleteSubDomain.Exception("NOT_FOUND", "ResourceError", "")
rDeleteSubDomain.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rDeleteSubDomain.Build())
rDeleteUserDomain := rdl.NewResourceBuilder("UserDomain", "DELETE", "/userdomain/{name}")
rDeleteUserDomain.Comment("Delete the specified userdomain. Caller must have domain delete permissions in the domain. Upon successful completion of this delete request, the server will return NO_CONTENT status code without any data (no object will be returned).")
rDeleteUserDomain.Input("name", "SimpleName", true, "", "", false, nil, "name of the domain to be deleted which will be the user id")
rDeleteUserDomain.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rDeleteUserDomain.Auth("delete", "user.{name}:domain", false, "")
rDeleteUserDomain.Expected("NO_CONTENT")
rDeleteUserDomain.Exception("BAD_REQUEST", "ResourceError", "")
rDeleteUserDomain.Exception("FORBIDDEN", "ResourceError", "")
rDeleteUserDomain.Exception("NOT_FOUND", "ResourceError", "")
rDeleteUserDomain.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rDeleteUserDomain.Build())
rPutDomainMeta := rdl.NewResourceBuilder("Domain", "PUT", "/domain/{name}/meta")
rPutDomainMeta.Comment("Update the specified top level domain metadata. Note that entities in the domain are not affected. Caller must have update privileges on the domain itself.")
rPutDomainMeta.Input("name", "DomainName", true, "", "", false, nil, "name of the domain to be updated")
rPutDomainMeta.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rPutDomainMeta.Input("detail", "DomainMeta", false, "", "", false, nil, "DomainMeta object with updated attribute values")
rPutDomainMeta.Auth("update", "{name}:", false, "")
rPutDomainMeta.Expected("NO_CONTENT")
rPutDomainMeta.Exception("BAD_REQUEST", "ResourceError", "")
rPutDomainMeta.Exception("CONFLICT", "ResourceError", "")
rPutDomainMeta.Exception("FORBIDDEN", "ResourceError", "")
rPutDomainMeta.Exception("NOT_FOUND", "ResourceError", "")
rPutDomainMeta.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rPutDomainMeta.Build())
rPutDomainTemplate := rdl.NewResourceBuilder("DomainTemplate", "PUT", "/domain/{name}/template")
rPutDomainTemplate.Comment("Update the given domain by applying the roles and policies defined in the specified solution template(s). Caller must have UPDATE privileges on the domain itself.")
rPutDomainTemplate.Input("name", "DomainName", true, "", "", false, nil, "name of the domain to be updated")
rPutDomainTemplate.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rPutDomainTemplate.Input("template", "DomainTemplate", false, "", "", false, nil, "DomainTemplate object with solution template name(s)")
rPutDomainTemplate.Auth("update", "{name}:", false, "")
rPutDomainTemplate.Expected("NO_CONTENT")
rPutDomainTemplate.Exception("BAD_REQUEST", "ResourceError", "")
rPutDomainTemplate.Exception("CONFLICT", "ResourceError", "")
rPutDomainTemplate.Exception("FORBIDDEN", "ResourceError", "")
rPutDomainTemplate.Exception("NOT_FOUND", "ResourceError", "")
rPutDomainTemplate.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rPutDomainTemplate.Build())
rGetDomainTemplateList := rdl.NewResourceBuilder("DomainTemplateList", "GET", "/domain/{name}/template")
rGetDomainTemplateList.Comment("Get the list of solution templates applied to a domain")
rGetDomainTemplateList.Input("name", "DomainName", true, "", "", false, nil, "name of the domain")
rGetDomainTemplateList.Auth("", "", true, "")
rGetDomainTemplateList.Exception("BAD_REQUEST", "ResourceError", "")
rGetDomainTemplateList.Exception("NOT_FOUND", "ResourceError", "")
rGetDomainTemplateList.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rGetDomainTemplateList.Build())
rDeleteDomainTemplate := rdl.NewResourceBuilder("DomainTemplate", "DELETE", "/domain/{name}/template/{template}")
rDeleteDomainTemplate.Comment("Update the given domain by deleting the specified template from the domain template list. Cycles through the roles and policies defined in the template and deletes them. Caller must have delete privileges on the domain itself.")
rDeleteDomainTemplate.Input("name", "DomainName", true, "", "", false, nil, "name of the domain to be updated")
rDeleteDomainTemplate.Input("template", "SimpleName", true, "", "", false, nil, "name of the solution template")
rDeleteDomainTemplate.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rDeleteDomainTemplate.Auth("delete", "{name}:", false, "")
rDeleteDomainTemplate.Expected("NO_CONTENT")
rDeleteDomainTemplate.Exception("BAD_REQUEST", "ResourceError", "")
rDeleteDomainTemplate.Exception("CONFLICT", "ResourceError", "")
rDeleteDomainTemplate.Exception("FORBIDDEN", "ResourceError", "")
rDeleteDomainTemplate.Exception("NOT_FOUND", "ResourceError", "")
rDeleteDomainTemplate.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rDeleteDomainTemplate.Build())
rGetDomainDataCheck := rdl.NewResourceBuilder("DomainDataCheck", "GET", "/domain/{domainName}/check")
rGetDomainDataCheck.Comment("Carry out data check operation for the specified domain.")
rGetDomainDataCheck.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rGetDomainDataCheck.Auth("", "", true, "")
rGetDomainDataCheck.Exception("FORBIDDEN", "ResourceError", "")
rGetDomainDataCheck.Exception("NOT_FOUND", "ResourceError", "")
rGetDomainDataCheck.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rGetDomainDataCheck.Build())
rPutEntity := rdl.NewResourceBuilder("Entity", "PUT", "/domain/{domainName}/entity/{entityName}")
rPutEntity.Comment("Put an entity into the domain.")
rPutEntity.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rPutEntity.Input("entityName", "EntityName", true, "", "", false, nil, "name of entity")
rPutEntity.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rPutEntity.Input("entity", "Entity", false, "", "", false, nil, "Entity object to be added to the domain")
rPutEntity.Auth("update", "{domainName}:{entityName}", false, "")
rPutEntity.Expected("NO_CONTENT")
rPutEntity.Exception("BAD_REQUEST", "ResourceError", "")
rPutEntity.Exception("CONFLICT", "ResourceError", "")
rPutEntity.Exception("FORBIDDEN", "ResourceError", "")
rPutEntity.Exception("NOT_FOUND", "ResourceError", "")
rPutEntity.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rPutEntity.Build())
rGetEntity := rdl.NewResourceBuilder("Entity", "GET", "/domain/{domainName}/entity/{entityName}")
rGetEntity.Comment("Get a entity from a domain. open for all authenticated users to read")
rGetEntity.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rGetEntity.Input("entityName", "EntityName", true, "", "", false, nil, "name of entity")
rGetEntity.Auth("", "", true, "")
rGetEntity.Exception("BAD_REQUEST", "ResourceError", "")
rGetEntity.Exception("FORBIDDEN", "ResourceError", "")
rGetEntity.Exception("NOT_FOUND", "ResourceError", "")
rGetEntity.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rGetEntity.Build())
rDeleteEntity := rdl.NewResourceBuilder("Entity", "DELETE", "/domain/{domainName}/entity/{entityName}")
rDeleteEntity.Comment("Delete the entity from the domain. Upon successful completion of this delete request, the server will return NO_CONTENT status code without any data (no object will be returned).")
rDeleteEntity.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rDeleteEntity.Input("entityName", "EntityName", true, "", "", false, nil, "name of entity")
rDeleteEntity.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rDeleteEntity.Auth("delete", "{domainName}:{entityName}", false, "")
rDeleteEntity.Expected("NO_CONTENT")
rDeleteEntity.Exception("BAD_REQUEST", "ResourceError", "")
rDeleteEntity.Exception("CONFLICT", "ResourceError", "")
rDeleteEntity.Exception("FORBIDDEN", "ResourceError", "")
rDeleteEntity.Exception("NOT_FOUND", "ResourceError", "")
rDeleteEntity.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rDeleteEntity.Build())
rGetEntityList := rdl.NewResourceBuilder("EntityList", "GET", "/domain/{domainName}/entity")
rGetEntityList.Comment("Enumerate entities provisioned in this domain.")
rGetEntityList.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rGetEntityList.Auth("", "", true, "")
rGetEntityList.Exception("BAD_REQUEST", "ResourceError", "")
rGetEntityList.Exception("NOT_FOUND", "ResourceError", "")
rGetEntityList.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rGetEntityList.Build())
rGetRoleList := rdl.NewResourceBuilder("RoleList", "GET", "/domain/{domainName}/role")
rGetRoleList.Comment("Enumerate roles provisioned in this domain.")
rGetRoleList.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rGetRoleList.Input("limit", "Int32", false, "limit", "", true, nil, "restrict the number of results in this call")
rGetRoleList.Input("skip", "String", false, "skip", "", true, nil, "restrict the set to those after the specified \"next\" token returned from a previous call")
rGetRoleList.Auth("", "", true, "")
rGetRoleList.Exception("BAD_REQUEST", "ResourceError", "")
rGetRoleList.Exception("FORBIDDEN", "ResourceError", "")
rGetRoleList.Exception("NOT_FOUND", "ResourceError", "")
rGetRoleList.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rGetRoleList.Build())
rGetRoles := rdl.NewResourceBuilder("Roles", "GET", "/domain/{domainName}/roles")
rGetRoles.Comment("Get the list of all roles in a domain with optional flag whether or not include members")
rGetRoles.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rGetRoles.Input("members", "Bool", false, "members", "", true, false, "return list of members in the role")
rGetRoles.Auth("", "", true, "")
rGetRoles.Exception("BAD_REQUEST", "ResourceError", "")
rGetRoles.Exception("NOT_FOUND", "ResourceError", "")
rGetRoles.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rGetRoles.Build())
rGetRole := rdl.NewResourceBuilder("Role", "GET", "/domain/{domainName}/role/{roleName}")
rGetRole.Comment("Get the specified role in the domain.")
rGetRole.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rGetRole.Input("roleName", "EntityName", true, "", "", false, nil, "name of the role to be retrieved")
rGetRole.Input("auditLog", "Bool", false, "auditLog", "", true, false, "flag to indicate whether or not to return role audit log")
rGetRole.Input("expand", "Bool", false, "expand", "", true, false, "expand delegated trust roles and return trusted members")
rGetRole.Auth("", "", true, "")
rGetRole.Exception("BAD_REQUEST", "ResourceError", "")
rGetRole.Exception("FORBIDDEN", "ResourceError", "")
rGetRole.Exception("NOT_FOUND", "ResourceError", "")
rGetRole.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rGetRole.Build())
rPutRole := rdl.NewResourceBuilder("Role", "PUT", "/domain/{domainName}/role/{roleName}")
rPutRole.Comment("Create/update the specified role.")
rPutRole.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rPutRole.Input("roleName", "EntityName", true, "", "", false, nil, "name of the role to be added/updated")
rPutRole.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rPutRole.Input("role", "Role", false, "", "", false, nil, "Role object to be added/updated in the domain")
rPutRole.Auth("update", "{domainName}:role.{roleName}", false, "")
rPutRole.Expected("NO_CONTENT")
rPutRole.Exception("BAD_REQUEST", "ResourceError", "")
rPutRole.Exception("CONFLICT", "ResourceError", "")
rPutRole.Exception("FORBIDDEN", "ResourceError", "")
rPutRole.Exception("NOT_FOUND", "ResourceError", "")
rPutRole.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rPutRole.Build())
rDeleteRole := rdl.NewResourceBuilder("Role", "DELETE", "/domain/{domainName}/role/{roleName}")
rDeleteRole.Comment("Delete the specified role. Upon successful completion of this delete request, the server will return NO_CONTENT status code without any data (no object will be returned).")
rDeleteRole.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rDeleteRole.Input("roleName", "EntityName", true, "", "", false, nil, "name of the role to be deleted")
rDeleteRole.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rDeleteRole.Auth("delete", "{domainName}:role.{roleName}", false, "")
rDeleteRole.Expected("NO_CONTENT")
rDeleteRole.Exception("BAD_REQUEST", "ResourceError", "")
rDeleteRole.Exception("CONFLICT", "ResourceError", "")
rDeleteRole.Exception("FORBIDDEN", "ResourceError", "")
rDeleteRole.Exception("NOT_FOUND", "ResourceError", "")
rDeleteRole.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rDeleteRole.Build())
rGetMembership := rdl.NewResourceBuilder("Membership", "GET", "/domain/{domainName}/role/{roleName}/member/{memberName}")
rGetMembership.Comment("Get the membership status for a specified user in a role.")
rGetMembership.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rGetMembership.Input("roleName", "EntityName", true, "", "", false, nil, "name of the role")
rGetMembership.Input("memberName", "MemberName", true, "", "", false, nil, "user name to be checked for membership")
rGetMembership.Auth("", "", true, "")
rGetMembership.Exception("BAD_REQUEST", "ResourceError", "")
rGetMembership.Exception("FORBIDDEN", "ResourceError", "")
rGetMembership.Exception("NOT_FOUND", "ResourceError", "")
rGetMembership.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rGetMembership.Build())
rPutMembership := rdl.NewResourceBuilder("Membership", "PUT", "/domain/{domainName}/role/{roleName}/member/{memberName}")
rPutMembership.Comment("Add the specified user to the role's member list.")
rPutMembership.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rPutMembership.Input("roleName", "EntityName", true, "", "", false, nil, "name of the role")
rPutMembership.Input("memberName", "MemberName", true, "", "", false, nil, "name of the user to be added as a member")
rPutMembership.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rPutMembership.Input("membership", "Membership", false, "", "", false, nil, "Membership object (must contain role/member names as specified in the URI)")
rPutMembership.Auth("update", "{domainName}:role.{roleName}", false, "")
rPutMembership.Expected("NO_CONTENT")
rPutMembership.Exception("BAD_REQUEST", "ResourceError", "")
rPutMembership.Exception("CONFLICT", "ResourceError", "")
rPutMembership.Exception("FORBIDDEN", "ResourceError", "")
rPutMembership.Exception("NOT_FOUND", "ResourceError", "")
rPutMembership.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rPutMembership.Build())
rDeleteMembership := rdl.NewResourceBuilder("Membership", "DELETE", "/domain/{domainName}/role/{roleName}/member/{memberName}")
rDeleteMembership.Comment("Delete the specified role membership. Upon successful completion of this delete request, the server will return NO_CONTENT status code without any data (no object will be returned).")
rDeleteMembership.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rDeleteMembership.Input("roleName", "EntityName", true, "", "", false, nil, "name of the role")
rDeleteMembership.Input("memberName", "MemberName", true, "", "", false, nil, "name of the user to be removed as a member")
rDeleteMembership.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rDeleteMembership.Auth("update", "{domainName}:role.{roleName}", false, "")
rDeleteMembership.Expected("NO_CONTENT")
rDeleteMembership.Exception("BAD_REQUEST", "ResourceError", "")
rDeleteMembership.Exception("CONFLICT", "ResourceError", "")
rDeleteMembership.Exception("FORBIDDEN", "ResourceError", "")
rDeleteMembership.Exception("NOT_FOUND", "ResourceError", "")
rDeleteMembership.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rDeleteMembership.Build())
rPutDefaultAdmins := rdl.NewResourceBuilder("DefaultAdmins", "PUT", "/domain/{domainName}/admins")
rPutDefaultAdmins.Comment("Verify and, if necessary, fix domain roles and policies to make sure the given set of users have administrative access to the domain. This request is only restricted to \"sys.auth\" domain administrators and can be used when the domain administrators incorrectly have blocked their own access to their domains.")
rPutDefaultAdmins.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rPutDefaultAdmins.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rPutDefaultAdmins.Input("defaultAdmins", "DefaultAdmins", false, "", "", false, nil, "list of domain administrators")
rPutDefaultAdmins.Auth("update", "sys.auth:domain", false, "")
rPutDefaultAdmins.Expected("NO_CONTENT")
rPutDefaultAdmins.Exception("BAD_REQUEST", "ResourceError", "")
rPutDefaultAdmins.Exception("FORBIDDEN", "ResourceError", "")
rPutDefaultAdmins.Exception("NOT_FOUND", "ResourceError", "")
rPutDefaultAdmins.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rPutDefaultAdmins.Build())
rGetPolicyList := rdl.NewResourceBuilder("PolicyList", "GET", "/domain/{domainName}/policy")
rGetPolicyList.Comment("List policies provisioned in this namespace.")
rGetPolicyList.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rGetPolicyList.Input("limit", "Int32", false, "limit", "", true, nil, "restrict the number of results in this call")
rGetPolicyList.Input("skip", "String", false, "skip", "", true, nil, "restrict the set to those after the specified \"next\" token returned from a previous call")
rGetPolicyList.Auth("", "", true, "")
rGetPolicyList.Exception("BAD_REQUEST", "ResourceError", "")
rGetPolicyList.Exception("FORBIDDEN", "ResourceError", "")
rGetPolicyList.Exception("NOT_FOUND", "ResourceError", "")
rGetPolicyList.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rGetPolicyList.Build())
rGetPolicies := rdl.NewResourceBuilder("Policies", "GET", "/domain/{domainName}/policies")
rGetPolicies.Comment("List policies provisioned in this namespace.")
rGetPolicies.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rGetPolicies.Input("assertions", "Bool", false, "assertions", "", true, false, "return list of assertions in the policy")
rGetPolicies.Auth("", "", true, "")
rGetPolicies.Exception("BAD_REQUEST", "ResourceError", "")
rGetPolicies.Exception("NOT_FOUND", "ResourceError", "")
rGetPolicies.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rGetPolicies.Build())
rGetPolicy := rdl.NewResourceBuilder("Policy", "GET", "/domain/{domainName}/policy/{policyName}")
rGetPolicy.Comment("Read the specified policy.")
rGetPolicy.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rGetPolicy.Input("policyName", "EntityName", true, "", "", false, nil, "name of the policy to be retrieved")
rGetPolicy.Auth("", "", true, "")
rGetPolicy.Exception("BAD_REQUEST", "ResourceError", "")
rGetPolicy.Exception("FORBIDDEN", "ResourceError", "")
rGetPolicy.Exception("NOT_FOUND", "ResourceError", "")
rGetPolicy.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rGetPolicy.Build())
rPutPolicy := rdl.NewResourceBuilder("Policy", "PUT", "/domain/{domainName}/policy/{policyName}")
rPutPolicy.Comment("Create or update the specified policy.")
rPutPolicy.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rPutPolicy.Input("policyName", "EntityName", true, "", "", false, nil, "name of the policy to be added/updated")
rPutPolicy.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rPutPolicy.Input("policy", "Policy", false, "", "", false, nil, "Policy object to be added or updated in the domain")
rPutPolicy.Auth("update", "{domainName}:policy.{policyName}", false, "")
rPutPolicy.Expected("NO_CONTENT")
rPutPolicy.Exception("BAD_REQUEST", "ResourceError", "")
rPutPolicy.Exception("CONFLICT", "ResourceError", "")
rPutPolicy.Exception("FORBIDDEN", "ResourceError", "")
rPutPolicy.Exception("NOT_FOUND", "ResourceError", "")
rPutPolicy.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rPutPolicy.Build())
rDeletePolicy := rdl.NewResourceBuilder("Policy", "DELETE", "/domain/{domainName}/policy/{policyName}")
rDeletePolicy.Comment("Delete the specified policy. Upon successful completion of this delete request, the server will return NO_CONTENT status code without any data (no object will be returned).")
rDeletePolicy.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rDeletePolicy.Input("policyName", "EntityName", true, "", "", false, nil, "name of the policy to be deleted")
rDeletePolicy.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rDeletePolicy.Auth("delete", "{domainName}:policy.{policyName}", false, "")
rDeletePolicy.Expected("NO_CONTENT")
rDeletePolicy.Exception("BAD_REQUEST", "ResourceError", "")
rDeletePolicy.Exception("CONFLICT", "ResourceError", "")
rDeletePolicy.Exception("FORBIDDEN", "ResourceError", "")
rDeletePolicy.Exception("NOT_FOUND", "ResourceError", "")
rDeletePolicy.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rDeletePolicy.Build())
rGetAssertion := rdl.NewResourceBuilder("Assertion", "GET", "/domain/{domainName}/policy/{policyName}/assertion/{assertionId}")
rGetAssertion.Comment("Get the assertion details with specified id in the given policy")
rGetAssertion.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rGetAssertion.Input("policyName", "EntityName", true, "", "", false, nil, "name of the policy")
rGetAssertion.Input("assertionId", "Int64", true, "", "", false, nil, "assertion id")
rGetAssertion.Auth("", "", true, "")
rGetAssertion.Exception("BAD_REQUEST", "ResourceError", "")
rGetAssertion.Exception("FORBIDDEN", "ResourceError", "")
rGetAssertion.Exception("NOT_FOUND", "ResourceError", "")
rGetAssertion.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rGetAssertion.Build())
rPutAssertion := rdl.NewResourceBuilder("Assertion", "PUT", "/domain/{domainName}/policy/{policyName}/assertion")
rPutAssertion.Comment("Add the specified assertion to the given policy")
rPutAssertion.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rPutAssertion.Input("policyName", "EntityName", true, "", "", false, nil, "name of the policy")
rPutAssertion.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rPutAssertion.Input("assertion", "Assertion", false, "", "", false, nil, "Assertion object to be added to the given policy")
rPutAssertion.Auth("update", "{domainName}:policy.{policyName}", false, "")
rPutAssertion.Exception("BAD_REQUEST", "ResourceError", "")
rPutAssertion.Exception("CONFLICT", "ResourceError", "")
rPutAssertion.Exception("FORBIDDEN", "ResourceError", "")
rPutAssertion.Exception("NOT_FOUND", "ResourceError", "")
rPutAssertion.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rPutAssertion.Build())
rDeleteAssertion := rdl.NewResourceBuilder("Assertion", "DELETE", "/domain/{domainName}/policy/{policyName}/assertion/{assertionId}")
rDeleteAssertion.Comment("Delete the specified policy assertion. Upon successful completion of this delete request, the server will return NO_CONTENT status code without any data (no object will be returned).")
rDeleteAssertion.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rDeleteAssertion.Input("policyName", "EntityName", true, "", "", false, nil, "name of the policy")
rDeleteAssertion.Input("assertionId", "Int64", true, "", "", false, nil, "assertion id")
rDeleteAssertion.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rDeleteAssertion.Auth("update", "{domainName}:policy.{policyName}", false, "")
rDeleteAssertion.Expected("NO_CONTENT")
rDeleteAssertion.Exception("BAD_REQUEST", "ResourceError", "")
rDeleteAssertion.Exception("CONFLICT", "ResourceError", "")
rDeleteAssertion.Exception("FORBIDDEN", "ResourceError", "")
rDeleteAssertion.Exception("NOT_FOUND", "ResourceError", "")
rDeleteAssertion.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rDeleteAssertion.Build())
rPutServiceIdentity := rdl.NewResourceBuilder("ServiceIdentity", "PUT", "/domain/{domain}/service/{service}")
rPutServiceIdentity.Comment("Register the specified ServiceIdentity in the specified domain")
rPutServiceIdentity.Input("domain", "DomainName", true, "", "", false, nil, "name of the domain")
rPutServiceIdentity.Input("service", "SimpleName", true, "", "", false, nil, "name of the service")
rPutServiceIdentity.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rPutServiceIdentity.Input("detail", "ServiceIdentity", false, "", "", false, nil, "ServiceIdentity object to be added/updated in the domain")
rPutServiceIdentity.Auth("update", "{domain}:service", false, "")
rPutServiceIdentity.Expected("NO_CONTENT")
rPutServiceIdentity.Exception("BAD_REQUEST", "ResourceError", "")
rPutServiceIdentity.Exception("CONFLICT", "ResourceError", "")
rPutServiceIdentity.Exception("FORBIDDEN", "ResourceError", "")
rPutServiceIdentity.Exception("NOT_FOUND", "ResourceError", "")
rPutServiceIdentity.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rPutServiceIdentity.Build())
rGetServiceIdentity := rdl.NewResourceBuilder("ServiceIdentity", "GET", "/domain/{domain}/service/{service}")
rGetServiceIdentity.Comment("Get info for the specified ServiceIdentity.")
rGetServiceIdentity.Input("domain", "DomainName", true, "", "", false, nil, "name of the domain")
rGetServiceIdentity.Input("service", "SimpleName", true, "", "", false, nil, "name of the service to be retrieved")
rGetServiceIdentity.Auth("", "", true, "")
rGetServiceIdentity.Exception("BAD_REQUEST", "ResourceError", "")
rGetServiceIdentity.Exception("FORBIDDEN", "ResourceError", "")
rGetServiceIdentity.Exception("NOT_FOUND", "ResourceError", "")
rGetServiceIdentity.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rGetServiceIdentity.Build())
rDeleteServiceIdentity := rdl.NewResourceBuilder("ServiceIdentity", "DELETE", "/domain/{domain}/service/{service}")
rDeleteServiceIdentity.Comment("Delete the specified ServiceIdentity. Upon successful completion of this delete request, the server will return NO_CONTENT status code without any data (no object will be returned).")
rDeleteServiceIdentity.Input("domain", "DomainName", true, "", "", false, nil, "name of the domain")
rDeleteServiceIdentity.Input("service", "SimpleName", true, "", "", false, nil, "name of the service to be deleted")
rDeleteServiceIdentity.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rDeleteServiceIdentity.Auth("delete", "{domain}:service", false, "")
rDeleteServiceIdentity.Expected("NO_CONTENT")
rDeleteServiceIdentity.Exception("BAD_REQUEST", "ResourceError", "")
rDeleteServiceIdentity.Exception("CONFLICT", "ResourceError", "")
rDeleteServiceIdentity.Exception("FORBIDDEN", "ResourceError", "")
rDeleteServiceIdentity.Exception("NOT_FOUND", "ResourceError", "")
rDeleteServiceIdentity.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rDeleteServiceIdentity.Build())
rGetServiceIdentities := rdl.NewResourceBuilder("ServiceIdentities", "GET", "/domain/{domainName}/services")
rGetServiceIdentities.Comment("Retrieve list of service identities")
rGetServiceIdentities.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rGetServiceIdentities.Input("publickeys", "Bool", false, "publickeys", "", true, false, "return list of public keys in the service")
rGetServiceIdentities.Input("hosts", "Bool", false, "hosts", "", true, false, "return list of hosts in the service")
rGetServiceIdentities.Auth("", "", true, "")
rGetServiceIdentities.Exception("BAD_REQUEST", "ResourceError", "")
rGetServiceIdentities.Exception("NOT_FOUND", "ResourceError", "")
rGetServiceIdentities.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rGetServiceIdentities.Build())
rGetServiceIdentityList := rdl.NewResourceBuilder("ServiceIdentityList", "GET", "/domain/{domainName}/service")
rGetServiceIdentityList.Comment("Enumerate services provisioned in this domain.")
rGetServiceIdentityList.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
rGetServiceIdentityList.Input("limit", "Int32", false, "limit", "", true, nil, "restrict the number of results in this call")
rGetServiceIdentityList.Input("skip", "String", false, "skip", "", true, nil, "restrict the set to those after the specified \"next\" token returned from a previous call")
rGetServiceIdentityList.Auth("", "", true, "")
rGetServiceIdentityList.Exception("BAD_REQUEST", "ResourceError", "")
rGetServiceIdentityList.Exception("FORBIDDEN", "ResourceError", "")
rGetServiceIdentityList.Exception("NOT_FOUND", "ResourceError", "")
rGetServiceIdentityList.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rGetServiceIdentityList.Build())
rGetPublicKeyEntry := rdl.NewResourceBuilder("PublicKeyEntry", "GET", "/domain/{domain}/service/{service}/publickey/{id}")
rGetPublicKeyEntry.Comment("Retrieve the specified public key from the service.")
rGetPublicKeyEntry.Input("domain", "DomainName", true, "", "", false, nil, "name of the domain")
rGetPublicKeyEntry.Input("service", "SimpleName", true, "", "", false, nil, "name of the service")
rGetPublicKeyEntry.Input("id", "String", true, "", "", false, nil, "the identifier of the public key to be retrieved")
rGetPublicKeyEntry.Auth("", "", true, "")
rGetPublicKeyEntry.Exception("BAD_REQUEST", "ResourceError", "")
rGetPublicKeyEntry.Exception("FORBIDDEN", "ResourceError", "")
rGetPublicKeyEntry.Exception("NOT_FOUND", "ResourceError", "")
rGetPublicKeyEntry.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rGetPublicKeyEntry.Build())
rPutPublicKeyEntry := rdl.NewResourceBuilder("PublicKeyEntry", "PUT", "/domain/{domain}/service/{service}/publickey/{id}")
rPutPublicKeyEntry.Comment("Add the specified public key to the service.")
rPutPublicKeyEntry.Input("domain", "DomainName", true, "", "", false, nil, "name of the domain")
rPutPublicKeyEntry.Input("service", "SimpleName", true, "", "", false, nil, "name of the service")
rPutPublicKeyEntry.Input("id", "String", true, "", "", false, nil, "the identifier of the public key to be added")
rPutPublicKeyEntry.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rPutPublicKeyEntry.Input("publicKeyEntry", "PublicKeyEntry", false, "", "", false, nil, "PublicKeyEntry object to be added/updated in the service")
rPutPublicKeyEntry.Auth("update", "{domain}:service.{service}", false, "")
rPutPublicKeyEntry.Expected("NO_CONTENT")
rPutPublicKeyEntry.Exception("BAD_REQUEST", "ResourceError", "")
rPutPublicKeyEntry.Exception("CONFLICT", "ResourceError", "")
rPutPublicKeyEntry.Exception("FORBIDDEN", "ResourceError", "")
rPutPublicKeyEntry.Exception("NOT_FOUND", "ResourceError", "")
rPutPublicKeyEntry.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rPutPublicKeyEntry.Build())
rDeletePublicKeyEntry := rdl.NewResourceBuilder("PublicKeyEntry", "DELETE", "/domain/{domain}/service/{service}/publickey/{id}")
rDeletePublicKeyEntry.Comment("Remove the specified public key from the service. Upon successful completion of this delete request, the server will return NO_CONTENT status code without any data (no object will be returned).")
rDeletePublicKeyEntry.Input("domain", "DomainName", true, "", "", false, nil, "name of the domain")
rDeletePublicKeyEntry.Input("service", "SimpleName", true, "", "", false, nil, "name of the service")
rDeletePublicKeyEntry.Input("id", "String", true, "", "", false, nil, "the identifier of the public key to be deleted")
rDeletePublicKeyEntry.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rDeletePublicKeyEntry.Auth("update", "{domain}:service.{service}", false, "")
rDeletePublicKeyEntry.Expected("NO_CONTENT")
rDeletePublicKeyEntry.Exception("BAD_REQUEST", "ResourceError", "")
rDeletePublicKeyEntry.Exception("CONFLICT", "ResourceError", "")
rDeletePublicKeyEntry.Exception("FORBIDDEN", "ResourceError", "")
rDeletePublicKeyEntry.Exception("NOT_FOUND", "ResourceError", "")
rDeletePublicKeyEntry.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rDeletePublicKeyEntry.Build())
rPutTenancy := rdl.NewResourceBuilder("Tenancy", "PUT", "/domain/{domain}/tenancy/{service}")
rPutTenancy.Comment("Add a tenant for the specified service.")
rPutTenancy.Input("domain", "DomainName", true, "", "", false, nil, "name of the tenant domain")
rPutTenancy.Input("service", "ServiceName", true, "", "", false, nil, "name of the provider service")
rPutTenancy.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rPutTenancy.Input("detail", "Tenancy", false, "", "", false, nil, "tenancy object")
rPutTenancy.Auth("update", "{domain}:tenancy", false, "")
rPutTenancy.Expected("NO_CONTENT")
rPutTenancy.Exception("BAD_REQUEST", "ResourceError", "")
rPutTenancy.Exception("CONFLICT", "ResourceError", "")
rPutTenancy.Exception("FORBIDDEN", "ResourceError", "")
rPutTenancy.Exception("NOT_FOUND", "ResourceError", "")
rPutTenancy.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rPutTenancy.Build())
rGetTenancy := rdl.NewResourceBuilder("Tenancy", "GET", "/domain/{domain}/tenancy/{service}")
rGetTenancy.Comment("Retrieve the specified tenant.")
rGetTenancy.Input("domain", "DomainName", true, "", "", false, nil, "name of the tenant domain")
rGetTenancy.Input("service", "ServiceName", true, "", "", false, nil, "name of the provider service")
rGetTenancy.Auth("", "", true, "")
rGetTenancy.Exception("BAD_REQUEST", "ResourceError", "")
rGetTenancy.Exception("FORBIDDEN", "ResourceError", "")
rGetTenancy.Exception("NOT_FOUND", "ResourceError", "")
rGetTenancy.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rGetTenancy.Build())
rDeleteTenancy := rdl.NewResourceBuilder("Tenancy", "DELETE", "/domain/{domain}/tenancy/{service}")
rDeleteTenancy.Comment("Delete the tenant from the specified service. Upon successful completion of this delete request, the server will return NO_CONTENT status code without any data (no object will be returned).")
rDeleteTenancy.Input("domain", "DomainName", true, "", "", false, nil, "name of the tenant domain")
rDeleteTenancy.Input("service", "ServiceName", true, "", "", false, nil, "name of the provider service")
rDeleteTenancy.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rDeleteTenancy.Auth("delete", "{domain}:tenancy", false, "")
rDeleteTenancy.Expected("NO_CONTENT")
rDeleteTenancy.Exception("BAD_REQUEST", "ResourceError", "")
rDeleteTenancy.Exception("CONFLICT", "ResourceError", "")
rDeleteTenancy.Exception("FORBIDDEN", "ResourceError", "")
rDeleteTenancy.Exception("NOT_FOUND", "ResourceError", "")
rDeleteTenancy.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rDeleteTenancy.Build())
rPutTenancyResourceGroup := rdl.NewResourceBuilder("TenancyResourceGroup", "PUT", "/domain/{domain}/tenancy/{service}/resourceGroup/{resourceGroup}")
rPutTenancyResourceGroup.Comment("Add a new resource group for the tenant for the specified service.")
rPutTenancyResourceGroup.Input("domain", "DomainName", true, "", "", false, nil, "name of the tenant domain")
rPutTenancyResourceGroup.Input("service", "ServiceName", true, "", "", false, nil, "name of the provider service")
rPutTenancyResourceGroup.Input("resourceGroup", "EntityName", true, "", "", false, nil, "tenant resource group")
rPutTenancyResourceGroup.Input("auditRef", "String", false, "", "Y-Audit-Ref", false, nil, "Audit param required(not empty) if domain auditEnabled is true.")
rPutTenancyResourceGroup.Input("detail", "TenancyResourceGroup", false, "", "", false, nil, "tenancy resource group object")
rPutTenancyResourceGroup.Auth("update", "{domain}:tenancy.{service}", false, "")
rPutTenancyResourceGroup.Expected("NO_CONTENT")
rPutTenancyResourceGroup.Exception("BAD_REQUEST", "ResourceError", "")
rPutTenancyResourceGroup.Exception("CONFLICT", "ResourceError", "")
rPutTenancyResourceGroup.Exception("FORBIDDEN", "ResourceError", "")
rPutTenancyResourceGroup.Exception("NOT_FOUND", "ResourceError", "")
rPutTenancyResourceGroup.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(rPutTenancyResourceGroup.Build())
rDeleteTenancyResourceGroup := rdl.NewResourceBuilder("TenancyResourceGroup", "DELETE", "/domain/{domain}/tenancy/{service}/resourceGroup/{resourceGroup}")