From dba2d3c9759f9000acf2784b19a5dabbdf6b45f1 Mon Sep 17 00:00:00 2001 From: broadbot Date: Tue, 11 Jun 2024 14:51:12 +0000 Subject: [PATCH] [sherlock-build] generated from 1ed3827f734fcd2a318d5da3224d3dc124e26387 --- .../client/models/sherlock_role_v3.go | 9 ++ .../client/models/sherlock_role_v3_edit.go | 9 ++ .../role_assignments_client.go | 3 + .../roles/get_api_roles_v3_parameters.go | 93 +++++++++++++++++++ .../client/roles/roles_client.go | 3 + sherlock-typescript-client/README.md | 4 +- sherlock-typescript-client/package-lock.json | 4 +- sherlock-typescript-client/package.json | 2 +- .../src/apis/RoleAssignmentsApi.ts | 12 +-- .../src/apis/RolesApi.ts | 27 ++++-- .../src/models/SherlockRoleV3.ts | 24 +++++ .../src/models/SherlockRoleV3Edit.ts | 24 +++++ sherlock/docs/docs.go | 45 +++++++-- sherlock/docs/swagger.json | 45 +++++++-- sherlock/docs/swagger.yaml | 27 ++++++ 15 files changed, 302 insertions(+), 29 deletions(-) diff --git a/sherlock-go-client/client/models/sherlock_role_v3.go b/sherlock-go-client/client/models/sherlock_role_v3.go index 9aa4093e3..1ebb2d57e 100644 --- a/sherlock-go-client/client/models/sherlock_role_v3.go +++ b/sherlock-go-client/client/models/sherlock_role_v3.go @@ -42,6 +42,15 @@ type SherlockRoleV3 struct { // grants dev firecloud group GrantsDevFirecloudGroup string `json:"grantsDevFirecloudGroup,omitempty"` + // grants prod azure group + GrantsProdAzureGroup string `json:"grantsProdAzureGroup,omitempty"` + + // grants prod firecloud group + GrantsProdFirecloudGroup string `json:"grantsProdFirecloudGroup,omitempty"` + + // grants qa firecloud group + GrantsQaFirecloudGroup string `json:"grantsQaFirecloudGroup,omitempty"` + // grants sherlock super admin GrantsSherlockSuperAdmin bool `json:"grantsSherlockSuperAdmin,omitempty"` diff --git a/sherlock-go-client/client/models/sherlock_role_v3_edit.go b/sherlock-go-client/client/models/sherlock_role_v3_edit.go index 0d6eb47c6..3043935c0 100644 --- a/sherlock-go-client/client/models/sherlock_role_v3_edit.go +++ b/sherlock-go-client/client/models/sherlock_role_v3_edit.go @@ -29,6 +29,15 @@ type SherlockRoleV3Edit struct { // grants dev firecloud group GrantsDevFirecloudGroup string `json:"grantsDevFirecloudGroup,omitempty"` + // grants prod azure group + GrantsProdAzureGroup string `json:"grantsProdAzureGroup,omitempty"` + + // grants prod firecloud group + GrantsProdFirecloudGroup string `json:"grantsProdFirecloudGroup,omitempty"` + + // grants qa firecloud group + GrantsQaFirecloudGroup string `json:"grantsQaFirecloudGroup,omitempty"` + // grants sherlock super admin GrantsSherlockSuperAdmin bool `json:"grantsSherlockSuperAdmin,omitempty"` diff --git a/sherlock-go-client/client/role_assignments/role_assignments_client.go b/sherlock-go-client/client/role_assignments/role_assignments_client.go index 4026f54ad..0c7f690e9 100644 --- a/sherlock-go-client/client/role_assignments/role_assignments_client.go +++ b/sherlock-go-client/client/role_assignments/role_assignments_client.go @@ -48,6 +48,7 @@ type ClientService interface { Delete the RoleAssignment between a given Role and User. Non-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role's default break-glass duration in the future. +Propagation will be triggered after this operation. */ func (a *Client) DeleteAPIRoleAssignmentsV3RoleSelectorUserSelector(params *DeleteAPIRoleAssignmentsV3RoleSelectorUserSelectorParams, opts ...ClientOption) error { // TODO: Validate the params before sending @@ -162,6 +163,7 @@ func (a *Client) GetAPIRoleAssignmentsV3RoleSelectorUserSelector(params *GetAPIR Edit the RoleAssignment between a given Role and User. Non-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role's default break-glass duration in the future. +Propagation will be triggered after this operation. */ func (a *Client) PatchAPIRoleAssignmentsV3RoleSelectorUserSelector(params *PatchAPIRoleAssignmentsV3RoleSelectorUserSelectorParams, opts ...ClientOption) (*PatchAPIRoleAssignmentsV3RoleSelectorUserSelectorOK, error) { // TODO: Validate the params before sending @@ -203,6 +205,7 @@ func (a *Client) PatchAPIRoleAssignmentsV3RoleSelectorUserSelector(params *Patch Create the RoleAssignment between a given Role and User. Non-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role's default break-glass duration in the future. +Propagation will be triggered after this operation. */ func (a *Client) PostAPIRoleAssignmentsV3RoleSelectorUserSelector(params *PostAPIRoleAssignmentsV3RoleSelectorUserSelectorParams, opts ...ClientOption) (*PostAPIRoleAssignmentsV3RoleSelectorUserSelectorCreated, error) { // TODO: Validate the params before sending diff --git a/sherlock-go-client/client/roles/get_api_roles_v3_parameters.go b/sherlock-go-client/client/roles/get_api_roles_v3_parameters.go index c48f76313..d06e9f9c7 100644 --- a/sherlock-go-client/client/roles/get_api_roles_v3_parameters.go +++ b/sherlock-go-client/client/roles/get_api_roles_v3_parameters.go @@ -77,6 +77,15 @@ type GetAPIRolesV3Params struct { // GrantsDevFirecloudGroup. GrantsDevFirecloudGroup *string + // GrantsProdAzureGroup. + GrantsProdAzureGroup *string + + // GrantsProdFirecloudGroup. + GrantsProdFirecloudGroup *string + + // GrantsQaFirecloudGroup. + GrantsQaFirecloudGroup *string + // GrantsSherlockSuperAdmin. GrantsSherlockSuperAdmin *bool @@ -214,6 +223,39 @@ func (o *GetAPIRolesV3Params) SetGrantsDevFirecloudGroup(grantsDevFirecloudGroup o.GrantsDevFirecloudGroup = grantsDevFirecloudGroup } +// WithGrantsProdAzureGroup adds the grantsProdAzureGroup to the get API roles v3 params +func (o *GetAPIRolesV3Params) WithGrantsProdAzureGroup(grantsProdAzureGroup *string) *GetAPIRolesV3Params { + o.SetGrantsProdAzureGroup(grantsProdAzureGroup) + return o +} + +// SetGrantsProdAzureGroup adds the grantsProdAzureGroup to the get API roles v3 params +func (o *GetAPIRolesV3Params) SetGrantsProdAzureGroup(grantsProdAzureGroup *string) { + o.GrantsProdAzureGroup = grantsProdAzureGroup +} + +// WithGrantsProdFirecloudGroup adds the grantsProdFirecloudGroup to the get API roles v3 params +func (o *GetAPIRolesV3Params) WithGrantsProdFirecloudGroup(grantsProdFirecloudGroup *string) *GetAPIRolesV3Params { + o.SetGrantsProdFirecloudGroup(grantsProdFirecloudGroup) + return o +} + +// SetGrantsProdFirecloudGroup adds the grantsProdFirecloudGroup to the get API roles v3 params +func (o *GetAPIRolesV3Params) SetGrantsProdFirecloudGroup(grantsProdFirecloudGroup *string) { + o.GrantsProdFirecloudGroup = grantsProdFirecloudGroup +} + +// WithGrantsQaFirecloudGroup adds the grantsQaFirecloudGroup to the get API roles v3 params +func (o *GetAPIRolesV3Params) WithGrantsQaFirecloudGroup(grantsQaFirecloudGroup *string) *GetAPIRolesV3Params { + o.SetGrantsQaFirecloudGroup(grantsQaFirecloudGroup) + return o +} + +// SetGrantsQaFirecloudGroup adds the grantsQaFirecloudGroup to the get API roles v3 params +func (o *GetAPIRolesV3Params) SetGrantsQaFirecloudGroup(grantsQaFirecloudGroup *string) { + o.GrantsQaFirecloudGroup = grantsQaFirecloudGroup +} + // WithGrantsSherlockSuperAdmin adds the grantsSherlockSuperAdmin to the get API roles v3 params func (o *GetAPIRolesV3Params) WithGrantsSherlockSuperAdmin(grantsSherlockSuperAdmin *bool) *GetAPIRolesV3Params { o.SetGrantsSherlockSuperAdmin(grantsSherlockSuperAdmin) @@ -384,6 +426,57 @@ func (o *GetAPIRolesV3Params) WriteToRequest(r runtime.ClientRequest, reg strfmt } } + if o.GrantsProdAzureGroup != nil { + + // query param grantsProdAzureGroup + var qrGrantsProdAzureGroup string + + if o.GrantsProdAzureGroup != nil { + qrGrantsProdAzureGroup = *o.GrantsProdAzureGroup + } + qGrantsProdAzureGroup := qrGrantsProdAzureGroup + if qGrantsProdAzureGroup != "" { + + if err := r.SetQueryParam("grantsProdAzureGroup", qGrantsProdAzureGroup); err != nil { + return err + } + } + } + + if o.GrantsProdFirecloudGroup != nil { + + // query param grantsProdFirecloudGroup + var qrGrantsProdFirecloudGroup string + + if o.GrantsProdFirecloudGroup != nil { + qrGrantsProdFirecloudGroup = *o.GrantsProdFirecloudGroup + } + qGrantsProdFirecloudGroup := qrGrantsProdFirecloudGroup + if qGrantsProdFirecloudGroup != "" { + + if err := r.SetQueryParam("grantsProdFirecloudGroup", qGrantsProdFirecloudGroup); err != nil { + return err + } + } + } + + if o.GrantsQaFirecloudGroup != nil { + + // query param grantsQaFirecloudGroup + var qrGrantsQaFirecloudGroup string + + if o.GrantsQaFirecloudGroup != nil { + qrGrantsQaFirecloudGroup = *o.GrantsQaFirecloudGroup + } + qGrantsQaFirecloudGroup := qrGrantsQaFirecloudGroup + if qGrantsQaFirecloudGroup != "" { + + if err := r.SetQueryParam("grantsQaFirecloudGroup", qGrantsQaFirecloudGroup); err != nil { + return err + } + } + } + if o.GrantsSherlockSuperAdmin != nil { // query param grantsSherlockSuperAdmin diff --git a/sherlock-go-client/client/roles/roles_client.go b/sherlock-go-client/client/roles/roles_client.go index df988cd37..d336750ae 100644 --- a/sherlock-go-client/client/roles/roles_client.go +++ b/sherlock-go-client/client/roles/roles_client.go @@ -48,6 +48,7 @@ type ClientService interface { Delete an individual Role. Only super-admins may mutate Roles. +Propagation will NOT be triggered after this operation -- the grants will become un-managed by Sherlock and left as-is. Remove role assignments first to remove users from grants. */ func (a *Client) DeleteAPIRolesV3Selector(params *DeleteAPIRolesV3SelectorParams, opts ...ClientOption) (*DeleteAPIRolesV3SelectorOK, error) { // TODO: Validate the params before sending @@ -169,6 +170,7 @@ func (a *Client) GetAPIRolesV3Selector(params *GetAPIRolesV3SelectorParams, opts Edit an individual Role. Only super-admins may mutate Roles. +Propagation will be triggered after this operation. */ func (a *Client) PatchAPIRolesV3Selector(params *PatchAPIRolesV3SelectorParams, opts ...ClientOption) (*PatchAPIRolesV3SelectorOK, error) { // TODO: Validate the params before sending @@ -210,6 +212,7 @@ func (a *Client) PatchAPIRolesV3Selector(params *PatchAPIRolesV3SelectorParams, Create an individual Role with no one assigned to it. Only super-admins may mutate Roles. +Propagation will be triggered after this operation. */ func (a *Client) PostAPIRolesV3(params *PostAPIRolesV3Params, opts ...ClientOption) (*PostAPIRolesV3Created, error) { // TODO: Validate the params before sending diff --git a/sherlock-typescript-client/README.md b/sherlock-typescript-client/README.md index 5c3928782..2adff53d3 100644 --- a/sherlock-typescript-client/README.md +++ b/sherlock-typescript-client/README.md @@ -1,4 +1,4 @@ -## @sherlock-js-client/sherlock@v1.4.10 +## @sherlock-js-client/sherlock@v1.5.0 This generator creates TypeScript/JavaScript client that utilizes [Fetch API](https://fetch.spec.whatwg.org/). The generated Node module can be used in the following environments: @@ -36,7 +36,7 @@ navigate to the folder of your consuming project and run one of the following co _published:_ ``` -npm install @sherlock-js-client/sherlock@v1.4.10 --save +npm install @sherlock-js-client/sherlock@v1.5.0 --save ``` _unPublished (not recommended):_ diff --git a/sherlock-typescript-client/package-lock.json b/sherlock-typescript-client/package-lock.json index 6234fcc22..1ddbf3214 100644 --- a/sherlock-typescript-client/package-lock.json +++ b/sherlock-typescript-client/package-lock.json @@ -1,12 +1,12 @@ { "name": "@sherlock-js-client/sherlock", - "version": "v1.4.10", + "version": "v1.5.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "@sherlock-js-client/sherlock", - "version": "v1.4.10", + "version": "v1.5.0", "devDependencies": { "typescript": "^4.0 || ^5.0" } diff --git a/sherlock-typescript-client/package.json b/sherlock-typescript-client/package.json index 7e242e141..3a3abca24 100644 --- a/sherlock-typescript-client/package.json +++ b/sherlock-typescript-client/package.json @@ -1,6 +1,6 @@ { "name": "@sherlock-js-client/sherlock", - "version": "v1.4.10", + "version": "v1.5.0", "description": "OpenAPI client for @sherlock-js-client/sherlock", "author": "OpenAPI-Generator", "repository": { diff --git a/sherlock-typescript-client/src/apis/RoleAssignmentsApi.ts b/sherlock-typescript-client/src/apis/RoleAssignmentsApi.ts index 8c7b879ee..d67a71d4e 100644 --- a/sherlock-typescript-client/src/apis/RoleAssignmentsApi.ts +++ b/sherlock-typescript-client/src/apis/RoleAssignmentsApi.ts @@ -112,7 +112,7 @@ export class RoleAssignmentsApi extends runtime.BaseAPI { } /** - * Delete the RoleAssignment between a given Role and User. Non-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role\'s default break-glass duration in the future. + * Delete the RoleAssignment between a given Role and User. Non-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role\'s default break-glass duration in the future. Propagation will be triggered after this operation. * Delete a RoleAssignment */ async apiRoleAssignmentsV3RoleSelectorUserSelectorDeleteRaw(requestParameters: ApiRoleAssignmentsV3RoleSelectorUserSelectorDeleteRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> { @@ -145,7 +145,7 @@ export class RoleAssignmentsApi extends runtime.BaseAPI { } /** - * Delete the RoleAssignment between a given Role and User. Non-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role\'s default break-glass duration in the future. + * Delete the RoleAssignment between a given Role and User. Non-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role\'s default break-glass duration in the future. Propagation will be triggered after this operation. * Delete a RoleAssignment */ async apiRoleAssignmentsV3RoleSelectorUserSelectorDelete(requestParameters: ApiRoleAssignmentsV3RoleSelectorUserSelectorDeleteRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise { @@ -195,7 +195,7 @@ export class RoleAssignmentsApi extends runtime.BaseAPI { } /** - * Edit the RoleAssignment between a given Role and User. Non-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role\'s default break-glass duration in the future. + * Edit the RoleAssignment between a given Role and User. Non-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role\'s default break-glass duration in the future. Propagation will be triggered after this operation. * Edit a RoleAssignment */ async apiRoleAssignmentsV3RoleSelectorUserSelectorPatchRaw(requestParameters: ApiRoleAssignmentsV3RoleSelectorUserSelectorPatchRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> { @@ -238,7 +238,7 @@ export class RoleAssignmentsApi extends runtime.BaseAPI { } /** - * Edit the RoleAssignment between a given Role and User. Non-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role\'s default break-glass duration in the future. + * Edit the RoleAssignment between a given Role and User. Non-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role\'s default break-glass duration in the future. Propagation will be triggered after this operation. * Edit a RoleAssignment */ async apiRoleAssignmentsV3RoleSelectorUserSelectorPatch(requestParameters: ApiRoleAssignmentsV3RoleSelectorUserSelectorPatchRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise { @@ -247,7 +247,7 @@ export class RoleAssignmentsApi extends runtime.BaseAPI { } /** - * Create the RoleAssignment between a given Role and User. Non-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role\'s default break-glass duration in the future. + * Create the RoleAssignment between a given Role and User. Non-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role\'s default break-glass duration in the future. Propagation will be triggered after this operation. * Create a RoleAssignment */ async apiRoleAssignmentsV3RoleSelectorUserSelectorPostRaw(requestParameters: ApiRoleAssignmentsV3RoleSelectorUserSelectorPostRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> { @@ -290,7 +290,7 @@ export class RoleAssignmentsApi extends runtime.BaseAPI { } /** - * Create the RoleAssignment between a given Role and User. Non-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role\'s default break-glass duration in the future. + * Create the RoleAssignment between a given Role and User. Non-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role\'s default break-glass duration in the future. Propagation will be triggered after this operation. * Create a RoleAssignment */ async apiRoleAssignmentsV3RoleSelectorUserSelectorPost(requestParameters: ApiRoleAssignmentsV3RoleSelectorUserSelectorPostRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise { diff --git a/sherlock-typescript-client/src/apis/RolesApi.ts b/sherlock-typescript-client/src/apis/RolesApi.ts index 6b5698f01..243991d87 100644 --- a/sherlock-typescript-client/src/apis/RolesApi.ts +++ b/sherlock-typescript-client/src/apis/RolesApi.ts @@ -34,6 +34,9 @@ export interface ApiRolesV3GetRequest { defaultGlassBreakDuration?: string; grantsDevAzureGroup?: string; grantsDevFirecloudGroup?: string; + grantsProdAzureGroup?: string; + grantsProdFirecloudGroup?: string; + grantsQaFirecloudGroup?: string; grantsSherlockSuperAdmin?: boolean; id?: number; name?: string; @@ -92,6 +95,18 @@ export class RolesApi extends runtime.BaseAPI { queryParameters['grantsDevFirecloudGroup'] = requestParameters['grantsDevFirecloudGroup']; } + if (requestParameters['grantsProdAzureGroup'] != null) { + queryParameters['grantsProdAzureGroup'] = requestParameters['grantsProdAzureGroup']; + } + + if (requestParameters['grantsProdFirecloudGroup'] != null) { + queryParameters['grantsProdFirecloudGroup'] = requestParameters['grantsProdFirecloudGroup']; + } + + if (requestParameters['grantsQaFirecloudGroup'] != null) { + queryParameters['grantsQaFirecloudGroup'] = requestParameters['grantsQaFirecloudGroup']; + } + if (requestParameters['grantsSherlockSuperAdmin'] != null) { queryParameters['grantsSherlockSuperAdmin'] = requestParameters['grantsSherlockSuperAdmin']; } @@ -142,7 +157,7 @@ export class RolesApi extends runtime.BaseAPI { } /** - * Create an individual Role with no one assigned to it. Only super-admins may mutate Roles. + * Create an individual Role with no one assigned to it. Only super-admins may mutate Roles. Propagation will be triggered after this operation. * Create a Role */ async apiRolesV3PostRaw(requestParameters: ApiRolesV3PostRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> { @@ -171,7 +186,7 @@ export class RolesApi extends runtime.BaseAPI { } /** - * Create an individual Role with no one assigned to it. Only super-admins may mutate Roles. + * Create an individual Role with no one assigned to it. Only super-admins may mutate Roles. Propagation will be triggered after this operation. * Create a Role */ async apiRolesV3Post(requestParameters: ApiRolesV3PostRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise { @@ -180,7 +195,7 @@ export class RolesApi extends runtime.BaseAPI { } /** - * Delete an individual Role. Only super-admins may mutate Roles. + * Delete an individual Role. Only super-admins may mutate Roles. Propagation will NOT be triggered after this operation -- the grants will become un-managed by Sherlock and left as-is. Remove role assignments first to remove users from grants. * Delete a Role */ async apiRolesV3SelectorDeleteRaw(requestParameters: ApiRolesV3SelectorDeleteRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> { @@ -206,7 +221,7 @@ export class RolesApi extends runtime.BaseAPI { } /** - * Delete an individual Role. Only super-admins may mutate Roles. + * Delete an individual Role. Only super-admins may mutate Roles. Propagation will NOT be triggered after this operation -- the grants will become un-managed by Sherlock and left as-is. Remove role assignments first to remove users from grants. * Delete a Role */ async apiRolesV3SelectorDelete(requestParameters: ApiRolesV3SelectorDeleteRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise { @@ -250,7 +265,7 @@ export class RolesApi extends runtime.BaseAPI { } /** - * Edit an individual Role. Only super-admins may mutate Roles. + * Edit an individual Role. Only super-admins may mutate Roles. Propagation will be triggered after this operation. * Edit a Role */ async apiRolesV3SelectorPatchRaw(requestParameters: ApiRolesV3SelectorPatchRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> { @@ -286,7 +301,7 @@ export class RolesApi extends runtime.BaseAPI { } /** - * Edit an individual Role. Only super-admins may mutate Roles. + * Edit an individual Role. Only super-admins may mutate Roles. Propagation will be triggered after this operation. * Edit a Role */ async apiRolesV3SelectorPatch(requestParameters: ApiRolesV3SelectorPatchRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise { diff --git a/sherlock-typescript-client/src/models/SherlockRoleV3.ts b/sherlock-typescript-client/src/models/SherlockRoleV3.ts index 2cccb853e..11d7d1f74 100644 --- a/sherlock-typescript-client/src/models/SherlockRoleV3.ts +++ b/sherlock-typescript-client/src/models/SherlockRoleV3.ts @@ -68,6 +68,24 @@ export interface SherlockRoleV3 { * @memberof SherlockRoleV3 */ grantsDevFirecloudGroup?: string; + /** + * + * @type {string} + * @memberof SherlockRoleV3 + */ + grantsProdAzureGroup?: string; + /** + * + * @type {string} + * @memberof SherlockRoleV3 + */ + grantsProdFirecloudGroup?: string; + /** + * + * @type {string} + * @memberof SherlockRoleV3 + */ + grantsQaFirecloudGroup?: string; /** * * @type {boolean} @@ -124,6 +142,9 @@ export function SherlockRoleV3FromJSONTyped(json: any, ignoreDiscriminator: bool 'defaultGlassBreakDuration': json['defaultGlassBreakDuration'] == null ? undefined : json['defaultGlassBreakDuration'], 'grantsDevAzureGroup': json['grantsDevAzureGroup'] == null ? undefined : json['grantsDevAzureGroup'], 'grantsDevFirecloudGroup': json['grantsDevFirecloudGroup'] == null ? undefined : json['grantsDevFirecloudGroup'], + 'grantsProdAzureGroup': json['grantsProdAzureGroup'] == null ? undefined : json['grantsProdAzureGroup'], + 'grantsProdFirecloudGroup': json['grantsProdFirecloudGroup'] == null ? undefined : json['grantsProdFirecloudGroup'], + 'grantsQaFirecloudGroup': json['grantsQaFirecloudGroup'] == null ? undefined : json['grantsQaFirecloudGroup'], 'grantsSherlockSuperAdmin': json['grantsSherlockSuperAdmin'] == null ? undefined : json['grantsSherlockSuperAdmin'], 'id': json['id'] == null ? undefined : json['id'], 'name': json['name'] == null ? undefined : json['name'], @@ -145,6 +166,9 @@ export function SherlockRoleV3ToJSON(value?: SherlockRoleV3 | null): any { 'defaultGlassBreakDuration': value['defaultGlassBreakDuration'], 'grantsDevAzureGroup': value['grantsDevAzureGroup'], 'grantsDevFirecloudGroup': value['grantsDevFirecloudGroup'], + 'grantsProdAzureGroup': value['grantsProdAzureGroup'], + 'grantsProdFirecloudGroup': value['grantsProdFirecloudGroup'], + 'grantsQaFirecloudGroup': value['grantsQaFirecloudGroup'], 'grantsSherlockSuperAdmin': value['grantsSherlockSuperAdmin'], 'id': value['id'], 'name': value['name'], diff --git a/sherlock-typescript-client/src/models/SherlockRoleV3Edit.ts b/sherlock-typescript-client/src/models/SherlockRoleV3Edit.ts index 2354b6caf..9036da049 100644 --- a/sherlock-typescript-client/src/models/SherlockRoleV3Edit.ts +++ b/sherlock-typescript-client/src/models/SherlockRoleV3Edit.ts @@ -43,6 +43,24 @@ export interface SherlockRoleV3Edit { * @memberof SherlockRoleV3Edit */ grantsDevFirecloudGroup?: string; + /** + * + * @type {string} + * @memberof SherlockRoleV3Edit + */ + grantsProdAzureGroup?: string; + /** + * + * @type {string} + * @memberof SherlockRoleV3Edit + */ + grantsProdFirecloudGroup?: string; + /** + * + * @type {string} + * @memberof SherlockRoleV3Edit + */ + grantsQaFirecloudGroup?: string; /** * * @type {boolean} @@ -84,6 +102,9 @@ export function SherlockRoleV3EditFromJSONTyped(json: any, ignoreDiscriminator: 'defaultGlassBreakDuration': json['defaultGlassBreakDuration'] == null ? undefined : json['defaultGlassBreakDuration'], 'grantsDevAzureGroup': json['grantsDevAzureGroup'] == null ? undefined : json['grantsDevAzureGroup'], 'grantsDevFirecloudGroup': json['grantsDevFirecloudGroup'] == null ? undefined : json['grantsDevFirecloudGroup'], + 'grantsProdAzureGroup': json['grantsProdAzureGroup'] == null ? undefined : json['grantsProdAzureGroup'], + 'grantsProdFirecloudGroup': json['grantsProdFirecloudGroup'] == null ? undefined : json['grantsProdFirecloudGroup'], + 'grantsQaFirecloudGroup': json['grantsQaFirecloudGroup'] == null ? undefined : json['grantsQaFirecloudGroup'], 'grantsSherlockSuperAdmin': json['grantsSherlockSuperAdmin'] == null ? undefined : json['grantsSherlockSuperAdmin'], 'name': json['name'] == null ? undefined : json['name'], 'suspendNonSuitableUsers': json['suspendNonSuitableUsers'] == null ? undefined : json['suspendNonSuitableUsers'], @@ -100,6 +121,9 @@ export function SherlockRoleV3EditToJSON(value?: SherlockRoleV3Edit | null): any 'defaultGlassBreakDuration': value['defaultGlassBreakDuration'], 'grantsDevAzureGroup': value['grantsDevAzureGroup'], 'grantsDevFirecloudGroup': value['grantsDevFirecloudGroup'], + 'grantsProdAzureGroup': value['grantsProdAzureGroup'], + 'grantsProdFirecloudGroup': value['grantsProdFirecloudGroup'], + 'grantsQaFirecloudGroup': value['grantsQaFirecloudGroup'], 'grantsSherlockSuperAdmin': value['grantsSherlockSuperAdmin'], 'name': value['name'], 'suspendNonSuitableUsers': value['suspendNonSuitableUsers'], diff --git a/sherlock/docs/docs.go b/sherlock/docs/docs.go index bb8f70085..0a5c5036e 100644 --- a/sherlock/docs/docs.go +++ b/sherlock/docs/docs.go @@ -6736,7 +6736,7 @@ const docTemplate = `{ } }, "post": { - "description": "Create the RoleAssignment between a given Role and User.\nNon-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role's default break-glass duration in the future.", + "description": "Create the RoleAssignment between a given Role and User.\nNon-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role's default break-glass duration in the future.\nPropagation will be triggered after this operation.", "produces": [ "application/json" ], @@ -6815,7 +6815,7 @@ const docTemplate = `{ } }, "delete": { - "description": "Delete the RoleAssignment between a given Role and User.\nNon-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role's default break-glass duration in the future.", + "description": "Delete the RoleAssignment between a given Role and User.\nNon-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role's default break-glass duration in the future.\nPropagation will be triggered after this operation.", "produces": [ "application/json" ], @@ -6879,7 +6879,7 @@ const docTemplate = `{ } }, "patch": { - "description": "Edit the RoleAssignment between a given Role and User.\nNon-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role's default break-glass duration in the future.", + "description": "Edit the RoleAssignment between a given Role and User.\nNon-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role's default break-glass duration in the future.\nPropagation will be triggered after this operation.", "produces": [ "application/json" ], @@ -6995,6 +6995,21 @@ const docTemplate = `{ "name": "grantsDevFirecloudGroup", "in": "query" }, + { + "type": "string", + "name": "grantsProdAzureGroup", + "in": "query" + }, + { + "type": "string", + "name": "grantsProdFirecloudGroup", + "in": "query" + }, + { + "type": "string", + "name": "grantsQaFirecloudGroup", + "in": "query" + }, { "type": "boolean", "name": "grantsSherlockSuperAdmin", @@ -7083,7 +7098,7 @@ const docTemplate = `{ } }, "post": { - "description": "Create an individual Role with no one assigned to it.\nOnly super-admins may mutate Roles.", + "description": "Create an individual Role with no one assigned to it.\nOnly super-admins may mutate Roles.\nPropagation will be triggered after this operation.", "produces": [ "application/json" ], @@ -7213,7 +7228,7 @@ const docTemplate = `{ } }, "delete": { - "description": "Delete an individual Role.\nOnly super-admins may mutate Roles.", + "description": "Delete an individual Role.\nOnly super-admins may mutate Roles.\nPropagation will NOT be triggered after this operation -- the grants will become un-managed by Sherlock and left as-is. Remove role assignments first to remove users from grants.", "produces": [ "application/json" ], @@ -7276,7 +7291,7 @@ const docTemplate = `{ } }, "patch": { - "description": "Edit an individual Role.\nOnly super-admins may mutate Roles.", + "description": "Edit an individual Role.\nOnly super-admins may mutate Roles.\nPropagation will be triggered after this operation.", "produces": [ "application/json" ], @@ -9860,6 +9875,15 @@ const docTemplate = `{ "grantsDevFirecloudGroup": { "type": "string" }, + "grantsProdAzureGroup": { + "type": "string" + }, + "grantsProdFirecloudGroup": { + "type": "string" + }, + "grantsQaFirecloudGroup": { + "type": "string" + }, "grantsSherlockSuperAdmin": { "type": "boolean" }, @@ -9893,6 +9917,15 @@ const docTemplate = `{ "grantsDevFirecloudGroup": { "type": "string" }, + "grantsProdAzureGroup": { + "type": "string" + }, + "grantsProdFirecloudGroup": { + "type": "string" + }, + "grantsQaFirecloudGroup": { + "type": "string" + }, "grantsSherlockSuperAdmin": { "type": "boolean" }, diff --git a/sherlock/docs/swagger.json b/sherlock/docs/swagger.json index 015a65597..fc2bb9d57 100644 --- a/sherlock/docs/swagger.json +++ b/sherlock/docs/swagger.json @@ -6732,7 +6732,7 @@ } }, "post": { - "description": "Create the RoleAssignment between a given Role and User.\nNon-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role's default break-glass duration in the future.", + "description": "Create the RoleAssignment between a given Role and User.\nNon-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role's default break-glass duration in the future.\nPropagation will be triggered after this operation.", "produces": [ "application/json" ], @@ -6811,7 +6811,7 @@ } }, "delete": { - "description": "Delete the RoleAssignment between a given Role and User.\nNon-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role's default break-glass duration in the future.", + "description": "Delete the RoleAssignment between a given Role and User.\nNon-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role's default break-glass duration in the future.\nPropagation will be triggered after this operation.", "produces": [ "application/json" ], @@ -6875,7 +6875,7 @@ } }, "patch": { - "description": "Edit the RoleAssignment between a given Role and User.\nNon-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role's default break-glass duration in the future.", + "description": "Edit the RoleAssignment between a given Role and User.\nNon-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role's default break-glass duration in the future.\nPropagation will be triggered after this operation.", "produces": [ "application/json" ], @@ -6991,6 +6991,21 @@ "name": "grantsDevFirecloudGroup", "in": "query" }, + { + "type": "string", + "name": "grantsProdAzureGroup", + "in": "query" + }, + { + "type": "string", + "name": "grantsProdFirecloudGroup", + "in": "query" + }, + { + "type": "string", + "name": "grantsQaFirecloudGroup", + "in": "query" + }, { "type": "boolean", "name": "grantsSherlockSuperAdmin", @@ -7079,7 +7094,7 @@ } }, "post": { - "description": "Create an individual Role with no one assigned to it.\nOnly super-admins may mutate Roles.", + "description": "Create an individual Role with no one assigned to it.\nOnly super-admins may mutate Roles.\nPropagation will be triggered after this operation.", "produces": [ "application/json" ], @@ -7209,7 +7224,7 @@ } }, "delete": { - "description": "Delete an individual Role.\nOnly super-admins may mutate Roles.", + "description": "Delete an individual Role.\nOnly super-admins may mutate Roles.\nPropagation will NOT be triggered after this operation -- the grants will become un-managed by Sherlock and left as-is. Remove role assignments first to remove users from grants.", "produces": [ "application/json" ], @@ -7272,7 +7287,7 @@ } }, "patch": { - "description": "Edit an individual Role.\nOnly super-admins may mutate Roles.", + "description": "Edit an individual Role.\nOnly super-admins may mutate Roles.\nPropagation will be triggered after this operation.", "produces": [ "application/json" ], @@ -9856,6 +9871,15 @@ "grantsDevFirecloudGroup": { "type": "string" }, + "grantsProdAzureGroup": { + "type": "string" + }, + "grantsProdFirecloudGroup": { + "type": "string" + }, + "grantsQaFirecloudGroup": { + "type": "string" + }, "grantsSherlockSuperAdmin": { "type": "boolean" }, @@ -9889,6 +9913,15 @@ "grantsDevFirecloudGroup": { "type": "string" }, + "grantsProdAzureGroup": { + "type": "string" + }, + "grantsProdFirecloudGroup": { + "type": "string" + }, + "grantsQaFirecloudGroup": { + "type": "string" + }, "grantsSherlockSuperAdmin": { "type": "boolean" }, diff --git a/sherlock/docs/swagger.yaml b/sherlock/docs/swagger.yaml index c728f00a4..39b7beaca 100644 --- a/sherlock/docs/swagger.yaml +++ b/sherlock/docs/swagger.yaml @@ -1598,6 +1598,12 @@ definitions: type: string grantsDevFirecloudGroup: type: string + grantsProdAzureGroup: + type: string + grantsProdFirecloudGroup: + type: string + grantsQaFirecloudGroup: + type: string grantsSherlockSuperAdmin: type: boolean id: @@ -1620,6 +1626,12 @@ definitions: type: string grantsDevFirecloudGroup: type: string + grantsProdAzureGroup: + type: string + grantsProdFirecloudGroup: + type: string + grantsQaFirecloudGroup: + type: string grantsSherlockSuperAdmin: type: boolean name: @@ -6259,6 +6271,7 @@ paths: description: |- Delete the RoleAssignment between a given Role and User. Non-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role's default break-glass duration in the future. + Propagation will be triggered after this operation. parameters: - description: The selector of the Role, which can be either the numeric ID or the name @@ -6357,6 +6370,7 @@ paths: description: |- Edit the RoleAssignment between a given Role and User. Non-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role's default break-glass duration in the future. + Propagation will be triggered after this operation. parameters: - description: The selector of the Role, which can be either the numeric ID or the name @@ -6415,6 +6429,7 @@ paths: description: |- Create the RoleAssignment between a given Role and User. Non-super-admins may only mutate RoleAssignments for themselves, only for roles they can break-glass into, and only with an expiry no further than the role's default break-glass duration in the future. + Propagation will be triggered after this operation. parameters: - description: The selector of the Role, which can be either the numeric ID or the name @@ -6489,6 +6504,15 @@ paths: - in: query name: grantsDevFirecloudGroup type: string + - in: query + name: grantsProdAzureGroup + type: string + - in: query + name: grantsProdFirecloudGroup + type: string + - in: query + name: grantsQaFirecloudGroup + type: string - in: query name: grantsSherlockSuperAdmin type: boolean @@ -6553,6 +6577,7 @@ paths: description: |- Create an individual Role with no one assigned to it. Only super-admins may mutate Roles. + Propagation will be triggered after this operation. parameters: - description: The initial fields the Role should have set in: body @@ -6599,6 +6624,7 @@ paths: description: |- Delete an individual Role. Only super-admins may mutate Roles. + Propagation will NOT be triggered after this operation -- the grants will become un-managed by Sherlock and left as-is. Remove role assignments first to remove users from grants. parameters: - description: The selector of the Role, which can be either the numeric ID or the name @@ -6687,6 +6713,7 @@ paths: description: |- Edit an individual Role. Only super-admins may mutate Roles. + Propagation will be triggered after this operation. parameters: - description: The selector of the Role, which can be either the numeric ID or the name