From c9afa836e6da2ba8f73cdfd072d70545e95c9524 Mon Sep 17 00:00:00 2001 From: dvoet Date: Thu, 11 Jun 2020 09:25:32 -0400 Subject: [PATCH] CA-853 upgrade swagger (#436) --- project/Dependencies.scala | 2 +- src/main/resources/swagger/api-docs.yaml | 2926 +++++++++-------- .../workbench/sam/api/SwaggerRoutes.scala | 42 +- 3 files changed, 1645 insertions(+), 1325 deletions(-) diff --git a/project/Dependencies.scala b/project/Dependencies.scala index b73f73f84..af34b5c3a 100644 --- a/project/Dependencies.scala +++ b/project/Dependencies.scala @@ -38,7 +38,7 @@ object Dependencies { val logbackClassic: ModuleID = "ch.qos.logback" % "logback-classic" % "1.2.2" val ravenLogback: ModuleID = "com.getsentry.raven" % "raven-logback" % "7.8.6" val scalaLogging: ModuleID = "com.typesafe.scala-logging" %% "scala-logging" % scalaLoggingV - val swaggerUi: ModuleID = "org.webjars" % "swagger-ui" % "2.2.5" + val swaggerUi: ModuleID = "org.webjars" % "swagger-ui" % "3.25.0" val ficus: ModuleID = "com.iheart" %% "ficus" % "1.4.0" val akkaActor: ModuleID = "com.typesafe.akka" %% "akka-actor" % akkaV diff --git a/src/main/resources/swagger/api-docs.yaml b/src/main/resources/swagger/api-docs.yaml index a8abff2a2..3738ce8e7 100755 --- a/src/main/resources/swagger/api-docs.yaml +++ b/src/main/resources/swagger/api-docs.yaml @@ -1,1875 +1,2197 @@ -swagger: '2.0' - +openapi: 3.0.1 info: title: Sam description: | Workbench identity and access management. - version: "0.1" + termsOfService: https://github.com/broadinstitute/sam license: name: BSD url: http://opensource.org/licenses/BSD-3-Clause - termsOfService: https://github.com/broadinstitute/sam - -basePath: / - -produces: - - application/json - + version: "0.1" +servers: + - url: / security: - googleoauth: - openid - email - profile - -securityDefinitions: - googleoauth: - type: oauth2 - authorizationUrl: 'https://accounts.google.com/o/oauth2/auth' - flow: implicit - scopes: - openid: open id authorization - email: email authorization - profile: profile authorization - -########################################################################################## -## PATHS -########################################################################################## paths: - /api/admin/user/{userId}: get: + tags: + - Admin summary: gets the registration status of the user, by user id + operationId: adminGetUserStatus parameters: - - in: path + - name: userId + in: path description: User ID to check the status of - name: userId required: true - type: string - operationId: adminGetUserStatus - tags: - - Admin + schema: + type: string responses: 200: description: status of specified user - schema: - $ref: '#/definitions/UserStatus' - + content: + application/json: + schema: + $ref: '#/components/schemas/UserStatus' /api/admin/user/email/{email}: get: + tags: + - Admin summary: gets the registration status of the user, by email + operationId: adminGetUserByEmail parameters: - - in: path + - name: email + in: path description: Email address of user to check - name: email required: true - type: string - operationId: adminGetUserByEmail - tags: - - Admin + schema: + type: string responses: 200: description: status of specified user - schema: - $ref: '#/definitions/UserStatus' - + content: + application/json: + schema: + $ref: '#/components/schemas/UserStatus' /api/admin/user/{userId}/disable: put: + tags: + - Admin summary: disables the specified user + operationId: disableUser parameters: - - in: path + - name: userId + in: path description: User ID to disable - name: userId required: true - type: string - operationId: disableUser - tags: - - Admin + schema: + type: string responses: 200: description: status of specified user - schema: - $ref: '#/definitions/UserStatus' - + content: + application/json: + schema: + $ref: '#/components/schemas/UserStatus' /api/admin/user/{userId}/enable: put: + tags: + - Admin summary: enables the specified user + operationId: enableUser parameters: - - in: path + - name: userId + in: path description: User ID to enable - name: userId required: true - type: string - operationId: enableUser - tags: - - Admin + schema: + type: string responses: 200: description: status of specified user - schema: - $ref: '#/definitions/UserStatus' - + content: + application/json: + schema: + $ref: '#/components/schemas/UserStatus' /api/admin/user/{userId}/petServiceAccount: delete: + tags: + - Admin summary: deletes a user's pet service account + operationId: deletePet + parameters: + - name: userId + in: path + description: User ID whose pet to delete + required: true + schema: + type: string responses: 204: description: Successfully deleted pet service account + content: {} 403: description: You do not have admin privileges + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' - parameters: - - in: path - description: User ID whose pet to delete - name: userId - required: true - type: string - operationId: deletePet - tags: - - Admin - + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' /api/admin/user/{userId}/petServiceAccount/{project}: delete: + tags: + - Admin summary: deletes a user's pet service account for a project + operationId: deletePetPerProject + parameters: + - name: userId + in: path + description: User ID whose pet to delete + required: true + schema: + type: string + - name: project + in: path + description: Google project of the pet + required: true + schema: + type: string responses: 204: description: Successfully deleted pet service account for a project + content: {} 403: description: You do not have admin privileges + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' - parameters: - - in: path - description: User ID whose pet to delete - name: userId - required: true - type: string - - in: path - description: Google project of the pet - name: project - required: true - type: string - operationId: deletePetPerProject - tags: - - Admin - + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' /api/initializeResourceTypes: put: - summary: TEMPORARY FOR MIGRATION - Initializes resource types and attendent roles and actions + tags: + - Admin + summary: TEMPORARY FOR MIGRATION - Initializes resource types and attendent + roles and actions + operationId: initializeResourceTypes responses: 204: description: Successfully initialized resource types + content: {} 403: description: You do not have admin privileges + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' - operationId: initializeResourceTypes - tags: - - Admin - + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' /api/config/v1/resourceTypes: get: + tags: + - Config + summary: Lists available resource types + operationId: listResourceTypes responses: 200: description: Success - schema: - type: array - items: - $ref: '#/definitions/ResourceType' + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/ResourceType' 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' - summary: Lists available resource types - operationId: listResourceTypes - tags: - - Config - + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' /api/groups/v1: get: - summary: Show all the groups the requesting user belongs to and their policy membership in each group + tags: + - Group + summary: Show all the groups the requesting user belongs to and their policy + membership in each group + operationId: listGroupMemberships responses: 200: description: Managed Group memberships - schema: - type: array - items: - $ref: '#/definitions/ManagedGroupMembershipEntry' + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/ManagedGroupMembershipEntry' 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' - operationId: listGroupMemberships - tags: - - Group - + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' /api/groups/v1/{groupName}: get: + tags: + - Group summary: Show email address of the group + operationId: getGroup + parameters: + - name: groupName + in: path + description: Name of group + required: true + schema: + type: string responses: 200: description: Group found - schema: - description: Email address for the group - type: string + content: + application/json: + schema: + type: string + description: Email address for the group 404: - description: Group could not be found or you do not have the required permissions on this group + description: Group could not be found or you do not have the required permissions + on this group + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' - parameters: - - in: path - description: Name of group - name: groupName - required: true - type: string - operationId: getGroup + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + post: tags: - Group - post: summary: Create a new group + operationId: postGroup + parameters: + - name: groupName + in: path + description: Name of group + required: true + schema: + type: string responses: 201: description: Group created + content: {} 409: description: Group already exists + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' - parameters: - - in: path - description: Name of group - name: groupName - required: true - type: string - operationId: postGroup + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + delete: tags: - Group - delete: summary: Delete group + operationId: deleteGroup + parameters: + - name: groupName + in: path + description: Name of group + required: true + schema: + type: string responses: 204: description: Group deleted + content: {} 404: - description: Group could not be found or you do not have the required permissions on this group + description: Group could not be found or you do not have the required permissions + on this group + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' - parameters: - - in: path - description: Name of group - name: groupName - required: true - type: string - operationId: deleteGroup - tags: - - Group - + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' /api/groups/v1/{groupName}/requestAccess: post: + tags: + - Group summary: Request access to a managed group + operationId: requestAccess + parameters: + - name: groupName + in: path + description: Name of group + required: true + schema: + type: string responses: 204: description: Request sent + content: {} 404: - description: Group could not be found or you do not have the required permissions on this group + description: Group could not be found or you do not have the required permissions + on this group + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + /api/groups/v1/{groupName}/accessInstructions: + get: + tags: + - Group + summary: gets the access instructions for a managed group + operationId: getAccessInstructions parameters: - - in: path + - name: groupName + in: path description: Name of group - name: groupName required: true - type: string - operationId: requestAccess - tags: - - Group - - /api/groups/v1/{groupName}/accessInstructions: - put: - summary: sets the access instructions for a managed group - responses: - 204: - description: Successfully set access instructions - 500: - description: Internal Server Error schema: - $ref: '#/definitions/ErrorReport' - parameters: - - in: path - description: Name of group - name: groupName - required: true - type: string - operationId: setAccessInstructions - tags: - - Group - get: - summary: gets the access instructions for a managed group + type: string responses: 200: description: Access instructions for this group - schema: - type: string + content: + application/json: + schema: + type: string 204: description: No access instructions found for this group + content: {} 404: - description: Group could not be found or you do not have the required permissions on this group + description: Group could not be found or you do not have the required permissions + on this group + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' - parameters: - - in: path - description: Name of group - name: groupName - required: true - type: string - operationId: getAccessInstructions + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + put: tags: - - Group - + - Group + summary: sets the access instructions for a managed group + operationId: setAccessInstructions + parameters: + - name: groupName + in: path + description: Name of group + required: true + schema: + type: string + responses: + 204: + description: Successfully set access instructions + content: {} + 500: + description: Internal Server Error + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' /api/groups/v1/{groupName}/{policyName}: get: - summary: 'Get email addresses for members of the "admin" policy' + tags: + - Group + summary: Get email addresses for members of the "admin" policy + operationId: GetGroupAdminEmails + parameters: + - name: groupName + in: path + description: Name of group + required: true + schema: + type: string + - name: policyName + in: path + description: Name of policy + required: true + schema: + type: string + enum: + - member + - admin responses: 200: - description: 'Email addresses in the "admin" policy' - schema: - $ref: '#/definitions/ArrayOfEmails' + description: Email addresses in the "admin" policy + content: + application/json: + schema: + $ref: '#/components/schemas/ArrayOfEmails' 404: - description: Group could not be found or you do not have the required permissions on this group + description: Group could not be found or you do not have the required permissions + on this group + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + put: + tags: + - Group + summary: Overwrite email addresses of members of the "admin" policy + operationId: OverwriteGroupAdminEmails parameters: - - in: path + - name: groupName + in: path description: Name of group - name: groupName required: true - type: string - - in: path + schema: + type: string + - name: policyName + in: path description: Name of policy - name: policyName required: true - type: string - enum: ["member", "admin"] - operationId: GetGroupAdminEmails - tags: - - Group - put: - summary: 'Overwrite email addresses of members of the "admin" policy' + schema: + type: string + enum: + - member + - admin + requestBody: + description: The list of emails + content: + '*/*': + schema: + $ref: '#/components/schemas/ArrayOfEmails' + required: true responses: 201: description: Policy successfully updated + content: {} 404: - description: Group does not exist or you are not a member of the policy for the group + description: Group does not exist or you are not a member of the policy + for the group + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + x-codegen-request-body-name: emailAddresses + /api/groups/v1/{groupName}/{policyName}/{email}: + put: + tags: + - Group + summary: Add email to the policy + operationId: AddEmailToGroup parameters: - - in: path + - name: groupName + in: path description: Name of group - name: groupName required: true - type: string - - in: path + schema: + type: string + - name: policyName + in: path description: Name of policy - name: policyName required: true - type: string - enum: ["member", "admin"] - - in: body - description: The list of emails - name: emailAddresses + schema: + type: string + enum: + - member + - admin + - name: email + in: path + description: Email address required: true schema: - $ref: '#/definitions/ArrayOfEmails' - operationId: OverwriteGroupAdminEmails - tags: - - Group - - /api/groups/v1/{groupName}/{policyName}/{email}: - put: - summary: Add email to the policy + type: string responses: 204: description: Email successfully added + content: {} 400: description: Email is invalid + content: {} 403: description: You do not have permission to alter this policy + content: {} 404: - description: Group does not exist, policy does not exist, or subject with specified email was not found + description: Group does not exist, policy does not exist, or subject with + specified email was not found + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + delete: + tags: + - Group + summary: Remove email from the policy + operationId: RemoveEmailFromGroup parameters: - - in: path + - name: groupName + in: path description: Name of group - name: groupName required: true - type: string - - in: path + schema: + type: string + - name: policyName + in: path description: Name of policy - name: policyName required: true - type: string - enum: ["member", "admin"] - - in: path + schema: + type: string + enum: + - member + - admin + - name: email + in: path description: Email address - name: email required: true - type: string - operationId: AddEmailToGroup - tags: - - Group - delete: - summary: Remove email from the policy + schema: + type: string responses: 204: description: Email successfully removed + content: {} 403: description: You do not have permission to alter this policy + content: {} 404: description: Group does not exist or policy does not exist + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' - parameters: - - in: path - description: Name of group - name: groupName - required: true - type: string - - in: path - description: Name of policy - name: policyName - required: true - type: string - enum: ["member", "admin"] - - in: path - description: Email address - name: email - required: true - type: string - operationId: RemoveEmailFromGroup - tags: - - Group - + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' /api/google/v1/petServiceAccount/{project}/{userEmail}: get: - summary: gets a key for the user's pet service account, get_pet_private_key action on cloud-extension/google required - responses: - 200: - description: 'json format key for a pet service account, see https://cloud.google.com/iam/docs/creating-managing-service-account-keys' + tags: + - Google + summary: gets a key for the user's pet service account, get_pet_private_key + action on cloud-extension/google required + operationId: getUserPetServiceAccountKey + parameters: + - name: project + in: path + description: Google project of the pet + required: true schema: type: string - 404: - description: 'user does not exist or caller does not have any access to cloud-extension/google resource' + - name: userEmail + in: path + description: User's email address + required: true schema: - $ref: '#/definitions/ErrorReport' + type: string + responses: + 200: + description: json format key for a pet service account, see https://cloud.google.com/iam/docs/creating-managing-service-account-keys + content: + application/json: + schema: + type: string 403: - description: 'caller has some access to cloud-extension/google but not to the get_pet_private_key action' - schema: - $ref: '#/definitions/ErrorReport' + description: caller has some access to cloud-extension/google but not to + the get_pet_private_key action + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + 404: + description: user does not exist or caller does not have any access to cloud-extension/google + resource + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' - parameters: - - in: path - description: Google project of the pet - name: project - required: true - type: string - - in: path - description: User's email address - name: userEmail - required: true - type: string - operationId: getUserPetServiceAccountKey - tags: - - Google - + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' /api/google/v1/user/petServiceAccount/{project}: get: + tags: + - Google summary: gets the pet service account for the specified user - responses: - 200: - description: 'user pet service account' + operationId: getPetServiceAccount + parameters: + - name: project + in: path + description: Google project of the pet + required: true schema: type: string + responses: + 200: + description: user pet service account + content: + application/json: + schema: + type: string 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' - parameters: - - in: path - description: Google project of the pet - name: project - required: true - type: string - operationId: getPetServiceAccount - tags: - - Google - + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' /api/google/v1/user/petServiceAccount/key: get: + tags: + - Google summary: gets a key for an arbitrary pet service account for the user + operationId: getArbitraryPetServiceAccountKey responses: 200: - description: 'json format key for a pet service account, see https://cloud.google.com/iam/docs/creating-managing-service-account-keys' + description: json format key for a pet service account, see https://cloud.google.com/iam/docs/creating-managing-service-account-keys + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' - operationId: getArbitraryPetServiceAccountKey - tags: - - Google - + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' /api/google/v1/user/petServiceAccount/token: post: + tags: + - Google summary: gets a token for an arbitrary pet service account for the user + operationId: getArbitraryPetServiceAccountToken + requestBody: + description: Scopes for the token + content: + '*/*': + schema: + $ref: '#/components/schemas/ArrayOfScopes' + required: true responses: 200: - description: 'an access token for the users pet service account' - schema: - type: string + description: an access token for the users pet service account + content: + application/json: + schema: + type: string 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' - parameters: - - in: body - description: Scopes for the token - name: scopes - required: true - schema: - $ref: '#/definitions/ArrayOfScopes' - operationId: getArbitraryPetServiceAccountToken - tags: - - Google - + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + x-codegen-request-body-name: scopes /api/google/v1/user/petServiceAccount/{project}/key: get: + tags: + - Google summary: gets a key for the user's pet service account + operationId: getPetServiceAccountKey + parameters: + - name: project + in: path + description: Google project of the pet + required: true + schema: + type: string responses: 200: - description: 'json format key for a pet service account, see https://cloud.google.com/iam/docs/creating-managing-service-account-keys' + description: json format key for a pet service account, see https://cloud.google.com/iam/docs/creating-managing-service-account-keys + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' - parameters: - - in: path - description: Google project of the pet - name: project - required: true - type: string - operationId: getPetServiceAccountKey - tags: - - Google - + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' /api/google/v1/user/petServiceAccount/{project}/key/{keyId}: delete: + tags: + - Google summary: removes an existing key for the user's pet service account - responses: - 204: - description: 'user pet service account' - 500: - description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' + operationId: removePetServiceAccountKey parameters: - - in: path + - name: project + in: path description: Google project of the pet - name: project required: true - type: string - - in: path - description: key ID for the key to remove, private_key_id field of json key from get request - name: keyId + schema: + type: string + - name: keyId + in: path + description: key ID for the key to remove, private_key_id field of json key + from get request required: true - type: string - operationId: removePetServiceAccountKey - tags: - - Google - - /api/google/v1/user/petServiceAccount/{project}/token: - post: - summary: gets a token for the user's pet service account - responses: - 200: - description: 'an access token for the users pet service account' schema: type: string + responses: + 204: + description: user pet service account + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + /api/google/v1/user/petServiceAccount/{project}/token: + post: + tags: + - Google + summary: gets a token for the user's pet service account + operationId: getPetServiceAccountToken parameters: - - in: path + - name: project + in: path description: Google project of the pet - name: project - required: true - type: string - - in: body - description: Scopes for the token - name: scopes required: true schema: - $ref: '#/definitions/ArrayOfScopes' - operationId: getPetServiceAccountToken - tags: - - Google - - /api/google/v1/user/proxyGroup/{email}: - get: - summary: gets the proxy group email for the specified user + type: string + requestBody: + description: Scopes for the token + content: + '*/*': + schema: + $ref: '#/components/schemas/ArrayOfScopes' + required: true responses: 200: - description: 'user proxy group' - schema: - type: string - 404: - description: 'user not found' + description: an access token for the users pet service account + content: + application/json: + schema: + type: string 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + x-codegen-request-body-name: scopes + /api/google/v1/user/proxyGroup/{email}: + get: + tags: + - Google + summary: gets the proxy group email for the specified user + operationId: getProxyGroup parameters: - - in: path + - name: email + in: path description: User email whose proxy group to retrieve - name: email required: true - type: string - operationId: getProxyGroup - tags: - - Google - - /api/google/v1/resource/{resourceTypeName}/{resourceId}/{policyName}/sync: - post: - summary: Synchronize a policy's membership with google group. Once called all further membership changes will by automatically synchronized + schema: + type: string responses: 200: - description: Successfully synchronized membership - schema: - $ref: '#/definitions/SyncReport' + description: user proxy group + content: + application/json: + schema: + type: string + 404: + description: user not found + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + /api/google/v1/resource/{resourceTypeName}/{resourceId}/{policyName}/sync: + get: + tags: + - Google + summary: Gets the synchronization state (last synchronized date and email) for + the group. + operationId: syncStatus parameters: - - in: path + - name: resourceTypeName + in: path description: Type of resource - name: resourceTypeName required: true - type: string - - in: path + schema: + type: string + - name: resourceId + in: path description: Id of resource - name: resourceId required: true - type: string - - in: path - description: Name of policy to synchronize - name: policyName + schema: + type: string + - name: policyName + in: path + description: Name of policy to get synchronization state for required: true - type: string - operationId: syncPolicy - tags: - - Google - - get: - summary: Gets the synchronization state (last synchronized date and email) for the group. + schema: + type: string responses: 200: description: Success - schema: - $ref: '#/definitions/SyncStatus' + content: + application/json: + schema: + $ref: '#/components/schemas/SyncStatus' 204: description: Group is not synchronized to Google + content: {} 404: description: Group not found + content: {} + post: + tags: + - Google + summary: Synchronize a policy's membership with google group. Once called all + further membership changes will by automatically synchronized + operationId: syncPolicy parameters: - - in: path + - name: resourceTypeName + in: path description: Type of resource - name: resourceTypeName required: true - type: string - - in: path + schema: + type: string + - name: resourceId + in: path description: Id of resource - name: resourceId required: true - type: string - - in: path - description: Name of policy to get synchronization state for - name: policyName + schema: + type: string + - name: policyName + in: path + description: Name of policy to synchronize required: true - type: string - operationId: syncStatus - tags: - - Google - + schema: + type: string + responses: + 200: + description: Successfully synchronized membership + content: + application/json: + schema: + $ref: '#/components/schemas/SyncReport' + 500: + description: Internal Server Error + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' /api/resources/v1/{resourceTypeName}: get: + tags: + - Resources summary: List resources and policies for this resource for the caller - responses: - 200: - description: Success - schema: - type: array - items: - $ref: '#/definitions/ResourceAndAccessPolicy' + operationId: listResourcesAndPolicies parameters: - - in: path + - name: resourceTypeName + in: path description: Type of the resource - name: resourceTypeName required: true - type: string - operationId: listResourcesAndPolicies + schema: + type: string + responses: + 200: + description: Success + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/ResourceAndAccessPolicy' + post: tags: - Resources - post: - summary: Create a new resource, cannot be used when resource type allows both authorization domains and id reuse + summary: Create a new resource, cannot be used when resource type allows both + authorization domains and id reuse + operationId: createResource + parameters: + - name: resourceTypeName + in: path + description: Type of resource to create + required: true + schema: + type: string + requestBody: + description: The details of the resource + content: + '*/*': + schema: + $ref: '#/components/schemas/CreateResourceRequest' + required: true responses: 201: description: Successfully created resource, returning resource information + content: {} 204: description: Successfully created resource + content: {} 400: - description: Invalid policies, invalid auth domain, or resource type allows id reuse - schema: - $ref: '#/definitions/ErrorReport' + description: Invalid policies, invalid auth domain, or resource type allows + id reuse + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' 409: description: Resource already exists - schema: - $ref: '#/definitions/ErrorReport' + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' - parameters: - - in: path - description: Type of resource to create - name: resourceTypeName - required: true - type: string - - in: body - description: The details of the resource - name: resourceCreate - required: true - schema: - $ref: '#/definitions/CreateResourceRequest' - operationId: createResource + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + x-codegen-request-body-name: resourceCreate + /api/resources/v1/{resourceTypeName}/{resourceId}: + post: tags: - Resources - - /api/resources/v1/{resourceTypeName}/{resourceId}: - delete: - summary: Delete a resource - responses: - 204: - description: Successfully deleted resource - 403: - description: You do not have permission to perform this action on the resource - 404: - description: Resource type does not exist or you are not a member of any policy on the resource + summary: Create a new resource with default owner policy + operationId: createResourceWithDefaults parameters: - - in: path - description: Type of the resource - name: resourceTypeName + - name: resourceTypeName + in: path + description: Type of resource to create required: true - type: string - - in: path - description: Id of the resource - name: resourceId + schema: + type: string + - name: resourceId + in: path + description: Id of resource to create, must be unique for all resources of + given type required: true - type: string - operationId: deleteResource - tags: - - Resources - post: - summary: Create a new resource with default owner policy + schema: + type: string responses: 204: description: Successfully created resource + content: {} 409: description: Resource already exists - schema: - $ref: '#/definitions/ErrorReport' + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + delete: + tags: + - Resources + summary: Delete a resource + operationId: deleteResource parameters: - - in: path - description: Type of resource to create - name: resourceTypeName + - name: resourceTypeName + in: path + description: Type of the resource required: true - type: string - - in: path - description: Id of resource to create, must be unique for all resources of given type - name: resourceId + schema: + type: string + - name: resourceId + in: path + description: Id of the resource required: true - type: string - operationId: createResourceWithDefaults - tags: - - Resources - + schema: + type: string + responses: + 204: + description: Successfully deleted resource + content: {} + 403: + description: You do not have permission to perform this action on the resource + content: {} + 404: + description: Resource type does not exist or you are not a member of any + policy on the resource + content: {} /api/resources/v1/{resourceTypeName}/{resourceId}/actions: get: + tags: + - Resources summary: List the actions the user has on the given resource + operationId: resourceActions + parameters: + - name: resourceTypeName + in: path + description: Type of resource + required: true + schema: + type: string + - name: resourceId + in: path + description: Id of resource + required: true + schema: + type: string responses: 200: - description: List of actions the user has on the given resource. Empty if the user has no actions or the resource does not exist - schema: - type: array - items: - type: string + description: List of actions the user has on the given resource. Empty if + the user has no actions or the resource does not exist + content: + application/json: + schema: + type: array + items: + type: string 404: description: Resource type does not exist + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + /api/resources/v1/{resourceTypeName}/{resourceId}/authDomain: + get: + tags: + - Resources + summary: List the groups in the Auth Domain for a resource + operationId: getAuthDomain parameters: - - in: path + - name: resourceTypeName + in: path description: Type of resource - name: resourceTypeName required: true - type: string - - in: path + schema: + type: string + - name: resourceId + in: path description: Id of resource - name: resourceId required: true - type: string - operationId: resourceActions - tags: - - Resources - - /api/resources/v1/{resourceTypeName}/{resourceId}/authDomain: - get: - summary: List the groups in the Auth Domain for a resource + schema: + type: string responses: 200: - description: List of groups that compose the Auth Domain for this resource. Empty if an Auth Domain has not been set - schema: - type: array - items: - type: string + description: List of groups that compose the Auth Domain for this resource. + Empty if an Auth Domain has not been set + content: + application/json: + schema: + type: array + items: + type: string 403: description: You do not have permission to perform this action on the resource + content: {} 404: - description: Resource type or resource does not exist or you are not a member of any policy on the resource + description: Resource type or resource does not exist or you are not a member + of any policy on the resource + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + /api/resources/v1/{resourceTypeName}/{resourceId}/allUsers: + get: + tags: + - Resources + summary: List all of the members of a resource + operationId: getAllResourceUsers parameters: - - in: path + - name: resourceTypeName + in: path description: Type of resource - name: resourceTypeName required: true - type: string - - in: path + schema: + type: string + - name: resourceId + in: path description: Id of resource - name: resourceId required: true - type: string - operationId: getAuthDomain - tags: - - Resources - - /api/resources/v1/{resourceTypeName}/{resourceId}/allUsers: - get: - summary: List all of the members of a resource + schema: + type: string responses: 200: description: List of users in all policies on this resource - schema: - type: array - items: - type: string + content: + application/json: + schema: + type: array + items: + type: string 403: description: You do not have permission to perform this action on the resource + content: {} 404: - description: Resource type or resource does not exist or you are not a member of any policy on the resource + description: Resource type or resource does not exist or you are not a member + of any policy on the resource + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' - parameters: - - in: path - description: Type of resource - name: resourceTypeName - required: true - type: string - - in: path - description: Id of resource - name: resourceId - required: true - type: string - operationId: getAllResourceUsers - tags: - - Resources - + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' /api/resources/v1/{resourceTypeName}/{resourceId}/policies: get: + tags: + - Resources summary: List the policies for a resource + operationId: listResourcePolicies + parameters: + - name: resourceTypeName + in: path + description: Type of resource + required: true + schema: + type: string + - name: resourceId + in: path + description: Id of resource + required: true + schema: + type: string responses: 200: description: Policies successfully listed - schema: - type: array - items: - $ref: '#/definitions/AccessPolicyResponseEntry' + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/AccessPolicyResponseEntry' 403: description: You do not have permission to perform this action on the resource + content: {} 404: - description: Resource type does not exist or you are not a member of any policy on the resource + description: Resource type does not exist or you are not a member of any + policy on the resource + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + /api/resources/v1/{resourceTypeName}/{resourceId}/policies/{policyName}: + get: + tags: + - Resources + summary: Gets a policy on a resource + operationId: getPolicy parameters: - - in: path + - name: resourceTypeName + in: path description: Type of resource - name: resourceTypeName required: true - type: string - - in: path + schema: + type: string + - name: resourceId + in: path description: Id of resource - name: resourceId required: true - type: string - operationId: listResourcePolicies - tags: - - Resources - - /api/resources/v1/{resourceTypeName}/{resourceId}/policies/{policyName}: - get: - summary: Gets a policy on a resource + schema: + type: string + - name: policyName + in: path + description: Name of the policy + required: true + schema: + type: string responses: 200: description: Policy information - schema: - $ref: '#/definitions/AccessPolicyMembership' + content: + application/json: + schema: + $ref: '#/components/schemas/AccessPolicyMembership' 403: description: You do not have permission to perform this action on the resource + content: {} 404: - description: Resource type does not exist or you are not a member of any policy on the resource or the policy does not exist + description: Resource type does not exist or you are not a member of any + policy on the resource or the policy does not exist + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + put: + tags: + - Resources + summary: Overwrite a policy on a resource + operationId: overwritePolicy parameters: - - in: path + - name: resourceTypeName + in: path description: Type of resource - name: resourceTypeName required: true - type: string - - in: path + schema: + type: string + - name: resourceId + in: path description: Id of resource - name: resourceId required: true - type: string - - in: path + schema: + type: string + - name: policyName + in: path description: Name of the policy - name: policyName required: true - type: string - operationId: getPolicy - tags: - - Resources - put: - summary: Overwrite a policy on a resource + schema: + type: string + requestBody: + description: The details of the policy + content: + '*/*': + schema: + $ref: '#/components/schemas/AccessPolicyMembership' + required: true responses: 201: description: Policy successfully created/updated + content: {} 403: description: You do not have permission to perform this action on the resource + content: {} 404: - description: Resource type does not exist or you are not a member of any policy on the resource + description: Resource type does not exist or you are not a member of any + policy on the resource + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + x-codegen-request-body-name: policyCreate + /api/resources/v1/{resourceTypeName}/{resourceId}/policies/{policyName}/memberEmails: + put: + tags: + - Resources + summary: Overwrite the membership of a policy + operationId: overwritePolicyMembers parameters: - - in: path + - name: resourceTypeName + in: path description: Type of resource - name: resourceTypeName required: true - type: string - - in: path + schema: + type: string + - name: resourceId + in: path description: Id of resource - name: resourceId required: true - type: string - - in: path + schema: + type: string + - name: policyName + in: path description: Name of the policy - name: policyName - required: true - type: string - - in: body - description: The details of the policy - name: policyCreate required: true schema: - $ref: '#/definitions/AccessPolicyMembership' - operationId: overwritePolicy - tags: - - Resources - - /api/resources/v1/{resourceTypeName}/{resourceId}/policies/{policyName}/memberEmails: - put: - summary: Overwrite the membership of a policy + type: string + requestBody: + description: List of member emails to be on the policy + content: + '*/*': + schema: + $ref: '#/components/schemas/ArrayOfEmails' + required: true responses: 204: description: Successfully overwrite membership + content: {} 400: description: email is not found + content: {} 403: description: You do not have permission to alter this policy + content: {} 404: - description: Resource type does not exist, you are not a member of any policy on the resource, or a member was not found + description: Resource type does not exist, you are not a member of any policy + on the resource, or a member was not found + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + x-codegen-request-body-name: memberEmails + /api/resources/v1/{resourceTypeName}/{resourceId}/policies/{policyName}/memberEmails/{email}: + put: + tags: + - Resources + summary: Add a user to a policy + operationId: addUserToPolicy parameters: - - in: path + - name: resourceTypeName + in: path description: Type of resource - name: resourceTypeName required: true - type: string - - in: path + schema: + type: string + - name: resourceId + in: path description: Id of resource - name: resourceId required: true - type: string - - in: path + schema: + type: string + - name: policyName + in: path description: Name of the policy - name: policyName required: true - type: string - - in: body - description: List of member emails to be on the policy - name: memberEmails + schema: + type: string + - name: email + in: path + description: Email of user to be added required: true schema: - $ref: '#/definitions/ArrayOfEmails' - operationId: overwritePolicyMembers - tags: - - Resources - - /api/resources/v1/{resourceTypeName}/{resourceId}/policies/{policyName}/memberEmails/{email}: - put: - summary: Add a user to a policy + type: string responses: 204: description: Successfully added a user to the policy + content: {} 400: description: email is not found + content: {} 403: description: You do not have permission to alter this policy + content: {} 404: - description: Resource type does not exist, you are not a member of any policy on the resource, or user was not found + description: Resource type does not exist, you are not a member of any policy + on the resource, or user was not found + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + delete: + tags: + - Resources + summary: Remove a user from a policy + operationId: removeUserFromPolicy parameters: - - in: path + - name: resourceTypeName + in: path description: Type of resource - name: resourceTypeName required: true - type: string - - in: path + schema: + type: string + - name: resourceId + in: path description: Id of resource - name: resourceId required: true - type: string - - in: path + schema: + type: string + - name: policyName + in: path description: Name of the policy - name: policyName required: true - type: string - - in: path - description: Email of user to be added - name: email + schema: + type: string + - name: email + in: path + description: Email of user to be removed required: true - type: string - operationId: addUserToPolicy - tags: - - Resources - delete: - summary: Remove a user from a policy + schema: + type: string responses: 204: description: Successfully removed a user from the policy + content: {} 400: description: email is not found + content: {} 403: description: You do not have permission to alter this policy + content: {} 404: - description: Resource type does not exist, you are not a member of any policy on the resource, or user was not found + description: Resource type does not exist, you are not a member of any policy + on the resource, or user was not found + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + /api/resources/v1/{resourceTypeName}/{resourceId}/policies/{policyName}/public: + get: + tags: + - Resources + summary: Get the public flag on a policy + operationId: getPolicyPublic parameters: - - in: path + - name: resourceTypeName + in: path description: Type of resource - name: resourceTypeName required: true - type: string - - in: path + schema: + type: string + - name: resourceId + in: path description: Id of resource - name: resourceId required: true - type: string - - in: path + schema: + type: string + - name: policyName + in: path description: Name of the policy - name: policyName required: true - type: string - - in: path - description: Email of user to be removed - name: email - required: true - type: string - operationId: removeUserFromPolicy - tags: - - Resources - - /api/resources/v1/{resourceTypeName}/{resourceId}/policies/{policyName}/public: - get: - summary: Get the public flag on a policy + schema: + type: string responses: 200: description: True if the policy is public, false if the policy is private - schema: - type: boolean + content: + application/json: + schema: + type: boolean 403: description: You do not have permission to read this policy + content: {} 404: description: Resource type, resource, or policy do not exist + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + put: + tags: + - Resources + summary: Set the public flag on a policy + operationId: setPolicyPublic parameters: - - in: path + - name: resourceTypeName + in: path description: Type of resource - name: resourceTypeName required: true - type: string - - in: path + schema: + type: string + - name: resourceId + in: path description: Id of resource - name: resourceId required: true - type: string - - in: path + schema: + type: string + - name: policyName + in: path description: Name of the policy - name: policyName required: true - type: string - operationId: getPolicyPublic - tags: - - Resources - put: - summary: Set the public flag on a policy + schema: + type: string + requestBody: + description: true to make the policy public, false to make it private + content: + '*/*': + schema: + type: boolean + required: true responses: 204: description: Successfully added a user to the policy + content: {} 403: description: You do not have permission to alter this policy + content: {} 404: - description: Resource type does not exist, you are not a member of any policy on the resource, or user is not permitted to set the public flag on resources of this type + description: Resource type does not exist, you are not a member of any policy + on the resource, or user is not permitted to set the public flag on resources + of this type + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' - parameters: - - in: path - description: Type of resource - name: resourceTypeName - required: true - type: string - - in: path - description: Id of resource - name: resourceId - required: true - type: string - - in: path - description: Name of the policy - name: policyName - required: true - type: string - - in: body - description: true to make the policy public, false to make it private - name: public - required: true - schema: - type: boolean - operationId: setPolicyPublic - tags: - - Resources - - + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + x-codegen-request-body-name: public /api/resources/v1/{resourceTypeName}/{resourceId}/roles: get: + tags: + - Resources summary: Query for the list of roles that the requesting user has on the resource - responses: - 200: - description: The list of roles that the requesting user has on the resource. Empty if resource does not exist or user has no role on that resource. - schema: - type: array - items: - type: string - 404: - description: Resource type does not exist - 500: - description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' + operationId: resourceRoles parameters: - - in: path + - name: resourceTypeName + in: path description: Type of resource to query - name: resourceTypeName required: true - type: string - - in: path + schema: + type: string + - name: resourceId + in: path description: Id of resource to query - name: resourceId required: true - type: string - operationId: resourceRoles - tags: - - Resources - - /api/resources/v1/{resourceTypeName}/{resourceId}/action/{action}: - get: - summary: Query if requesting user may perform the action + schema: + type: string responses: 200: - description: true if the user may perform the action, false if they may not or the resource does not exist - schema: - type: boolean + description: The list of roles that the requesting user has on the resource. + Empty if resource does not exist or user has no role on that resource. + content: + application/json: + schema: + type: array + items: + type: string + 404: + description: Resource type does not exist + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + /api/resources/v1/{resourceTypeName}/{resourceId}/action/{action}: + get: + tags: + - Resources + summary: Query if requesting user may perform the action + operationId: resourcePermission parameters: - - in: path + - name: resourceTypeName + in: path description: Type of resource to query - name: resourceTypeName required: true - type: string - - in: path + schema: + type: string + - name: resourceId + in: path description: Id of resource to query - name: resourceId required: true - type: string - - in: path + schema: + type: string + - name: action + in: path description: Action to perform - name: action required: true - type: string - operationId: resourcePermission - tags: - - Resources - - /api/resources/v1/{resourceTypeName}/{resourceId}/action/{action}/userEmail/{userEmail}: - get: - summary: Query if the given user may perform the action + schema: + type: string responses: 200: - description: true if the user may perform the action, false if they may not or the resource does not exist - schema: - type: boolean - 403: - description: You do not have permission to check user action permission + description: true if the user may perform the action, false if they may + not or the resource does not exist + content: + application/json: + schema: + type: boolean 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + /api/resources/v1/{resourceTypeName}/{resourceId}/action/{action}/userEmail/{userEmail}: + get: + tags: + - Resources + summary: Query if the given user may perform the action + operationId: resourceAction parameters: - - in: path + - name: resourceTypeName + in: path description: Type of resource to query - name: resourceTypeName required: true - type: string - - in: path + schema: + type: string + - name: resourceId + in: path description: Id of resource to query - name: resourceId required: true - type: string - - in: path + schema: + type: string + - name: action + in: path description: Action to perform - name: action required: true - type: string - - in: path + schema: + type: string + - name: userEmail + in: path description: User Email address to check - name: userEmail required: true - type: string - operationId: resourceAction - tags: - - Resources - + schema: + type: string + responses: + 200: + description: true if the user may perform the action, false if they may + not or the resource does not exist + content: + application/json: + schema: + type: boolean + 403: + description: You do not have permission to check user action permission + content: {} + 500: + description: Internal Server Error + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' /api/users/v1/{email}: get: + tags: + - Users summary: Query for the user's subject IDs + operationId: getUserIds + parameters: + - name: email + in: path + description: Email of the user + required: true + schema: + type: string responses: 200: description: user details - schema: - $ref: '#/definitions/UserIdInfo' + content: + application/json: + schema: + $ref: '#/components/schemas/UserIdInfo' 204: description: the email is recognized as a group, not a user + content: {} 404: description: User not found + content: {} 500: description: Internal Server Error - schema: - $ref: '#/definitions/ErrorReport' - parameters: - - in: path - description: Email of the user - name: email - required: true - type: string - operationId: getUserIds - tags: - - Users - + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' /api/users/v1/invite/{inviteeEmail}: post: + tags: + - Users summary: create current user in the system using login credentials + operationId: inviteUser parameters: - - in: path + - name: inviteeEmail + in: path description: email for the user you want to invite - name: inviteeEmail required: true - type: string + schema: + type: string responses: 201: - description: 'user successfully created' - schema: - $ref: '#/definitions/UserStatusDetails' + description: user successfully created + content: + application/json: + schema: + $ref: '#/components/schemas/UserStatusDetails' 409: description: user already exists - schema: - $ref: '#/definitions/ErrorReport' - operationId: inviteUser - tags: - - Users - + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' /register/user/v1: get: + tags: + - Users summary: gets the registration status of the logged in user + operationId: getUserStatus + parameters: + - name: userDetailsOnly + in: query + description: when set to true does not check the various enabled status of + the user + schema: + type: string responses: 200: - description: 'user exists' - schema: - $ref: '#/definitions/UserStatus' + description: user exists + content: + application/json: + schema: + $ref: '#/components/schemas/UserStatus' 404: description: user not found - schema: - $ref: '#/definitions/ErrorReport' - parameters: - - in: query - description: when set to true does not check the various enabled status of the user - name: userDetailsOnly - required: false - type: string - operationId: getUserStatus + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' + post: tags: - Users - post: summary: create current user in the system using login credentials + operationId: createUser responses: 201: - description: 'user successfully created' - schema: - $ref: '#/definitions/UserStatus' + description: user successfully created + content: + application/json: + schema: + $ref: '#/components/schemas/UserStatus' 409: description: user already exists - schema: - $ref: '#/definitions/ErrorReport' - operationId: createUser - tags: - - Users - + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' /register/user/v2/self: post: + tags: + - Users summary: create current user in the system using login credentials + operationId: createUserV2 responses: 201: - description: 'user successfully created' - schema: - $ref: '#/definitions/UserStatus' + description: user successfully created + content: + application/json: + schema: + $ref: '#/components/schemas/UserStatus' 409: description: user already exists - schema: - $ref: '#/definitions/ErrorReport' - operationId: createUserV2 - tags: - - Users - + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' /register/user/v2/self/info: get: + tags: + - Users summary: gets the registration status info of the logged in user + operationId: getUserStatusInfo responses: 200: - description: 'user exists' - schema: - $ref: '#/definitions/UserStatusInfo' + description: user exists + content: + application/json: + schema: + $ref: '#/components/schemas/UserStatusInfo' 404: description: user not found - schema: - $ref: '#/definitions/ErrorReport' - operationId: getUserStatusInfo - tags: - - Users - + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' /register/user/v2/self/diagnostics: get: + tags: + - Users summary: gets the various enabled statuses of the logged in user + operationId: getUserStatusDiagnostics responses: 200: - description: 'user exists' - schema: - $ref: '#/definitions/UserStatusDiagnostics' + description: user exists + content: + application/json: + schema: + $ref: '#/components/schemas/UserStatusDiagnostics' 404: description: user not found - schema: - $ref: '#/definitions/ErrorReport' - operationId: getUserStatusDiagnostics - tags: - - Users - + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorReport' /status: get: + tags: + - Status summary: gets system status + operationId: getSystemStatus responses: 200: - description: 'system ok' - schema: - $ref: '#/definitions/SystemStatus' + description: system ok + content: + application/json: + schema: + $ref: '#/components/schemas/SystemStatus' 500: - description: 'one or more subsystems down' - schema: - $ref: '#/definitions/SystemStatus' - operationId: getSystemStatus - tags: - - Status - security: [] # no security + description: one or more subsystems down + content: + application/json: + schema: + $ref: '#/components/schemas/SystemStatus' /version: get: tags: - Version - operationId: samVersion summary: Returns the currently deployed version of this service. + operationId: samVersion responses: 200: description: OK - schema: - $ref: '#/definitions/SamVersion' - security: [] - -########################################################################################## -## DEFINITIONS -########################################################################################## -definitions: - - AccessPolicyResponseEntry: - description: '' - required: - - policyName - - policy - properties: - policyName: - type: string - policy: - $ref: '#/definitions/AccessPolicyMembership' - - AccessPolicyMembership: - description: '' - required: - - memberEmails - - actions - - roles - properties: - memberEmails: - type: array - items: - type: string - actions: - type: array - items: - type: string - roles: - type: array - items: - type: string - - ArrayOfEmails: - description: An array of email addresses - type: array - items: - type: string - example: - - person@company.com - - group_name@company.com - - foo@bar.com - - ArrayOfScopes: - description: An array of scopes - type: array - items: - type: string - example: - - https://www.googleapis.com/auth/userinfo.email - - https://www.googleapis.com/auth/userinfo.profile - - CreateResourceRequest: - description: information to create a resource - required: - - resourceId - - policies - properties: - resourceId: - type: string - description: id of the resource to create - policies: - type: array - items: - $ref: '#/definitions/AccessPolicyMembership' - description: map of initial policies to create - authDomain: - type: array - items: - type: string - returnResource: - type: boolean - default: false - description: return created resource information with 201 response code - - Enabled: - description: the status of the user's account - required: - - ldap - - allUsersGroup - - google - properties: - ldap: - type: boolean - description: true if the user is enabled in ldap - allUsersGroup: - type: boolean - description: true if the user is in the all users group - google: - type: boolean - description: true if the user is in their proxy group - - ErrorReport: - description: '' - required: - - source - - message - - causes - - stackTrace - properties: - source: - type: string - description: service causing error - message: - type: string - description: what went wrong - exceptionClass: - type: string - description: class of exception thrown - statusCode: - type: integer - description: HTTP status code - causes: - type: array - description: errors triggering this one - items: - $ref: '#/definitions/ErrorReport' - stackTrace: - type: array - description: stack trace - items: - $ref: '#/definitions/StackTraceElement' - - ManagedGroupMembershipEntry: - type: object - description: 'specification of a managed group with an access policy and the email associated with the managed group' - required: - - groupName - - role - - groupEmail - properties: - groupName: - type: string - description: The name of the managed group - role: - type: string - description: User's role in the group - groupEmail: - type: string - description: The email address associated with the group - - ResourceAndAccessPolicy: - type: object - description: 'specification of a resource with an access policy' - required: - - resourceId - - accessPolicyName - properties: - resourceId: - type: string - description: The id of the resource - accessPolicyName: - type: string - description: User's policy for the resource - authDomainGroups: - type: array - items: - type: string - missingAuthDomainGroups: - type: array - items: - type: string - public: - type: boolean - description: the policy is public when this is true - - ResourceRole: - type: object - description: 'specification of a role for a resource' - required: - - roleName - - actions - properties: - roleName: - type: string - description: The name of the role - actions: - type: array - items: - type: string - description: List of actions that can be performed by members of this role - - ResourceType: - type: object - description: 'specification of a type of resource' - required: - - name - - actions - - roles - - ownerRoleName - properties: - name: - type: string - description: The name of the resource type - actions: - type: array - items: - type: string - description: List of actions that can be performed on a resource of this type - roles: - type: array - description: List of roles that may exist on a resource of this type - items: - $ref: '#/definitions/ResourceRole' - ownerRoleName: - type: string - description: The name of the role that can perform administrative functions on a resource of this type - - SamVersion: - type: object - properties: - version: - type: string - - StackTraceElement: - description: '' - required: - - className - - methodName - - fileName - - lineNumber - properties: - className: - type: string - description: class name - methodName: - type: string - description: method name - fileName: - type: string - description: source file name - lineNumber: - type: integer - description: line number - - SubsystemStatus: - description: status of a subsystem Sam depends on - properties: - ok: - type: boolean - description: whether this system is up or down from Sam's point of view - messages: - type: array - items: - type: string - - SyncReport: - description: results of an attempt to synchronize a group - type: object - additionalProperties: + content: + application/json: + schema: + $ref: '#/components/schemas/SamVersion' +components: + schemas: + AccessPolicyResponseEntry: + required: + - policy + - policyName + type: object + properties: + policyName: + type: string + policy: + $ref: '#/components/schemas/AccessPolicyMembership' + description: "" + AccessPolicyMembership: + required: + - actions + - memberEmails + - roles + type: object + properties: + memberEmails: + type: array + items: + type: string + actions: + type: array + items: + type: string + roles: + type: array + items: + type: string + description: "" + ArrayOfEmails: type: array + description: An array of email addresses + example: + - person@company.com + - group_name@company.com + - foo@bar.com items: -# this really should be the line below but the code gen does not include the import for SyncReportItem so it does not compile -# $ref: '#/definitions/SyncReportItem' - properties: - operation: - type: string - email: - type: string - errorReport: - $ref: '#/definitions/ErrorReport' - - SyncStatus: - description: status of group synchronization - required: - - lastSyncDate - - email - properties: - lastSyncDate: - type: string - email: - type: string - - SystemStatus: - description: status of each aubsystem Sam depends on - type: object - required: - - ok - - systems - properties: - ok: - type: boolean - description: true if everything is ok, false if anything is amiss - systems: - type: object - description: Map[String, SubsystemStatus] - - UserIdInfo: - description: '' - required: - - userSubjectId - - userEmail - properties: - userSubjectId: - type: string - description: user id - userEmail: - type: string - description: user email - googleSubjectId: - type: string - description: google subject id - - UserInfo: - description: the user's details - required: - - userSubjectId - - userEmail - properties: - userSubjectId: type: string - description: user id - userEmail: - type: string - description: user email - - UserStatus: - description: '' - required: - - userInfo - - enabled - properties: - userInfo: - $ref: '#/definitions/UserInfo' - enabled: - $ref: '#/definitions/Enabled' - description: the status of the user's account - - UserStatusInfo: - description: '' - required: - - userSubjectId - - userEmail - - enabled - properties: - userSubjectId: - type: string - description: user id - userEmail: - type: string - description: user email - enabled: - type: boolean - description: true if the user is enabled in ldap - - UserStatusDetails: - description: '' - required: - - userSubjectId - - userEmail - properties: - userSubjectId: - type: string - description: user id - userEmail: + ArrayOfScopes: + type: array + description: An array of scopes + example: + - https://www.googleapis.com/auth/userinfo.email + - https://www.googleapis.com/auth/userinfo.profile + items: type: string - description: user email - - UserStatusDiagnostics: - description: '' - required: - - enabled - - inAllUsersGroup - - inGoogleProxyGroup - properties: - enabled: - type: boolean - description: true if the user is enabled in ldap - inAllUsersGroup: - type: boolean - description: true if the user is in the all users group - inGoogleProxyGroup: - type: boolean - description: true if the user is in their proxy group + CreateResourceRequest: + required: + - policies + - resourceId + type: object + properties: + resourceId: + type: string + description: id of the resource to create + policies: + type: array + description: map of initial policies to create + items: + $ref: '#/components/schemas/AccessPolicyMembership' + authDomain: + type: array + items: + type: string + returnResource: + type: boolean + description: return created resource information with 201 response code + default: false + description: information to create a resource + Enabled: + required: + - allUsersGroup + - google + - ldap + type: object + properties: + ldap: + type: boolean + description: true if the user is enabled in ldap + allUsersGroup: + type: boolean + description: true if the user is in the all users group + google: + type: boolean + description: true if the user is in their proxy group + description: the status of the user's account + ErrorReport: + required: + - causes + - message + - source + - stackTrace + type: object + properties: + source: + type: string + description: service causing error + message: + type: string + description: what went wrong + exceptionClass: + type: string + description: class of exception thrown + statusCode: + type: integer + description: HTTP status code + causes: + type: array + description: errors triggering this one + items: + $ref: '#/components/schemas/ErrorReport' + stackTrace: + type: array + description: stack trace + items: + $ref: '#/components/schemas/StackTraceElement' + description: "" + ManagedGroupMembershipEntry: + required: + - groupEmail + - groupName + - role + type: object + properties: + groupName: + type: string + description: The name of the managed group + role: + type: string + description: User's role in the group + groupEmail: + type: string + description: The email address associated with the group + description: specification of a managed group with an access policy and the + email associated with the managed group + ResourceAndAccessPolicy: + required: + - accessPolicyName + - resourceId + type: object + properties: + resourceId: + type: string + description: The id of the resource + accessPolicyName: + type: string + description: User's policy for the resource + authDomainGroups: + type: array + items: + type: string + missingAuthDomainGroups: + type: array + items: + type: string + public: + type: boolean + description: the policy is public when this is true + description: specification of a resource with an access policy + ResourceRole: + required: + - actions + - roleName + type: object + properties: + roleName: + type: string + description: The name of the role + actions: + type: array + description: List of actions that can be performed by members of this role + items: + type: string + description: specification of a role for a resource + ResourceType: + required: + - actions + - name + - ownerRoleName + - roles + type: object + properties: + name: + type: string + description: The name of the resource type + actions: + type: array + description: List of actions that can be performed on a resource of this + type + items: + type: string + roles: + type: array + description: List of roles that may exist on a resource of this type + items: + $ref: '#/components/schemas/ResourceRole' + ownerRoleName: + type: string + description: The name of the role that can perform administrative functions + on a resource of this type + description: specification of a type of resource + SamVersion: + type: object + properties: + version: + type: string + StackTraceElement: + required: + - className + - fileName + - lineNumber + - methodName + type: object + properties: + className: + type: string + description: class name + methodName: + type: string + description: method name + fileName: + type: string + description: source file name + lineNumber: + type: integer + description: line number + description: "" + SubsystemStatus: + type: object + properties: + ok: + type: boolean + description: whether this system is up or down from Sam's point of view + messages: + type: array + items: + type: string + description: status of a subsystem Sam depends on + SyncReport: + type: object + additionalProperties: + type: array + items: + type: object + properties: + operation: + type: string + email: + type: string + errorReport: + $ref: '#/components/schemas/ErrorReport' + description: results of an attempt to synchronize a group + SyncStatus: + required: + - email + - lastSyncDate + type: object + properties: + lastSyncDate: + type: string + email: + type: string + description: status of group synchronization + SystemStatus: + required: + - ok + - systems + type: object + properties: + ok: + type: boolean + description: true if everything is ok, false if anything is amiss + systems: + type: object + properties: {} + description: Map[String, SubsystemStatus] + description: status of each aubsystem Sam depends on + UserIdInfo: + required: + - userEmail + - userSubjectId + type: object + properties: + userSubjectId: + type: string + description: user id + userEmail: + type: string + description: user email + googleSubjectId: + type: string + description: google subject id + description: "" + UserInfo: + required: + - userEmail + - userSubjectId + type: object + properties: + userSubjectId: + type: string + description: user id + userEmail: + type: string + description: user email + description: the user's details + UserStatus: + required: + - enabled + - userInfo + type: object + properties: + userInfo: + $ref: '#/components/schemas/UserInfo' + enabled: + $ref: '#/components/schemas/Enabled' + description: "" + UserStatusInfo: + required: + - enabled + - userEmail + - userSubjectId + type: object + properties: + userSubjectId: + type: string + description: user id + userEmail: + type: string + description: user email + enabled: + type: boolean + description: true if the user is enabled in ldap + description: "" + UserStatusDetails: + required: + - userEmail + - userSubjectId + type: object + properties: + userSubjectId: + type: string + description: user id + userEmail: + type: string + description: user email + description: "" + UserStatusDiagnostics: + required: + - enabled + - inAllUsersGroup + - inGoogleProxyGroup + type: object + properties: + enabled: + type: boolean + description: true if the user is enabled in ldap + inAllUsersGroup: + type: boolean + description: true if the user is in the all users group + inGoogleProxyGroup: + type: boolean + description: true if the user is in their proxy group + description: "" + securitySchemes: + googleoauth: + type: oauth2 + flows: + implicit: + authorizationUrl: https://accounts.google.com/o/oauth2/auth + scopes: + openid: open id authorization + email: email authorization + profile: profile authorization diff --git a/src/main/scala/org/broadinstitute/dsde/workbench/sam/api/SwaggerRoutes.scala b/src/main/scala/org/broadinstitute/dsde/workbench/sam/api/SwaggerRoutes.scala index 13918173b..15727f814 100644 --- a/src/main/scala/org/broadinstitute/dsde/workbench/sam/api/SwaggerRoutes.scala +++ b/src/main/scala/org/broadinstitute/dsde/workbench/sam/api/SwaggerRoutes.scala @@ -1,31 +1,23 @@ package org.broadinstitute.dsde.workbench.sam.api -import akka.http.scaladsl.model.StatusCodes import akka.http.scaladsl.server import akka.http.scaladsl.server.Directives._ import akka.stream.scaladsl.Flow import akka.util.ByteString import org.broadinstitute.dsde.workbench.sam.config.SwaggerConfig -import scala.language.postfixOps - /** * Created by dvoet on 7/18/17. */ trait SwaggerRoutes { - private val swaggerUiPath = "META-INF/resources/webjars/swagger-ui/2.2.5" + private val swaggerUiPath = "META-INF/resources/webjars/swagger-ui/3.25.0" val swaggerConfig: SwaggerConfig val swaggerRoutes: server.Route = { path("") { get { - parameter("url") { urlparam => - extractUri { uri => - redirect(uri.withRawQueryString(""), StatusCodes.MovedPermanently) - } - } ~ - serveIndex() + serveIndex } } ~ path("api-docs.yaml") { @@ -36,36 +28,42 @@ trait SwaggerRoutes { // We have to be explicit about the paths here since we're matching at the root URL and we don't // want to catch all paths lest we circumvent Spray's not-found and method-not-allowed error // messages. - (pathSuffixTest("o2c.html") | pathSuffixTest("swagger-ui.js") - | pathPrefixTest("css" /) | pathPrefixTest("fonts" /) | pathPrefixTest("images" /) - | pathPrefixTest("lang" /) | pathPrefixTest("lib" /)) { + (pathPrefixTest("swagger-ui") | pathPrefixTest("oauth2") | pathSuffixTest("js") + | pathSuffixTest("css") | pathPrefixTest("favicon")) { get { getFromResourceDirectory(swaggerUiPath) } } } - private def serveIndex(): server.Route = { + private val serveIndex: server.Route = { val swaggerOptions = """ | validatorUrl: null, | apisSorter: "alpha", - | operationsSorter: "alpha", + | operationsSorter: "alpha" """.stripMargin mapResponseEntity { entityFromJar => entityFromJar.transformDataBytes(Flow.fromFunction[ByteString, ByteString] { original: ByteString => ByteString( original.utf8String - .replace("your-client-id", swaggerConfig.googleClientId) - .replace("your-realms", swaggerConfig.realm) - .replace("your-app-name", swaggerConfig.realm) - .replace("scopeSeparator: \",\"", "scopeSeparator: \" \"") - .replace("jsonEditor: false,", "jsonEditor: false," + swaggerOptions) - .replace("url = \"http://petstore.swagger.io/v2/swagger.json\";", "url = '/api-docs.yaml';")) + .replace("""url: "https://petstore.swagger.io/v2/swagger.json"""", "url: '/api-docs.yaml'") + .replace("""layout: "StandaloneLayout"""", s"""layout: "StandaloneLayout", $swaggerOptions""") + .replace("window.ui = ui", s"""ui.initOAuth({ + | clientId: "${swaggerConfig.googleClientId}", + | clientSecret: "${swaggerConfig.realm}", + | realm: "${swaggerConfig.realm}", + | appName: "${swaggerConfig.realm}", + | scopeSeparator: " ", + | additionalQueryStringParams: {} + | }) + | window.ui = ui + | """.stripMargin) + ) }) } { - getFromResource(swaggerUiPath + "/index.html") + getFromResource(s"$swaggerUiPath/index.html") } }