diff --git a/CHANGES.md b/CHANGES.md index a5502459..ca79b806 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,7 @@ This document describes the relevant changes between releases of the API model. ## 0.0.374 May 23 2024 - Add `CreationTimestamp` and `LastUpdateTimestamp` to `RolePolicyBinding` type +- Add `access_transparecy` Service and it's resources ## 0.0.373 May 13 2024 - Add `subnet_resource_id` to `Azure` resource diff --git a/model/access_transparency/v1/access_protection_resource.model b/model/access_transparency/v1/access_protection_resource.model new file mode 100644 index 00000000..d9c914ef --- /dev/null +++ b/model/access_transparency/v1/access_protection_resource.model @@ -0,0 +1,36 @@ +/* +Copyright (c) 2024 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Manages the Access Protection resource. +resource AccessProtection { + // Retrieves an Access Protection by organization/cluster/subscription query param. + method Get { + // Check status by Subscription. + @http(name = "subscriptionId") + in SubscriptionId String + + // Check status by Cluter. + @http(name = "clusterId") + in ClusterId String + + // Check status by Organization. + @http(name = "organizationId") + in OrganizationId String + + // AccessProtection status response. + out Body AccessProtection + } +} diff --git a/model/access_transparency/v1/access_protection_type.model b/model/access_transparency/v1/access_protection_type.model new file mode 100644 index 00000000..82ede95c --- /dev/null +++ b/model/access_transparency/v1/access_protection_type.model @@ -0,0 +1,20 @@ +/* +Copyright (c) 2024 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Representation of an access protection. +struct AccessProtection { + Enabled boolean +} diff --git a/model/access_transparency/v1/access_request_post_request_type.model b/model/access_transparency/v1/access_request_post_request_type.model new file mode 100644 index 00000000..307571f1 --- /dev/null +++ b/model/access_transparency/v1/access_request_post_request_type.model @@ -0,0 +1,39 @@ +/* +Copyright (c) 2024 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Representation of an access request post request. +struct AccessRequestPostRequest { + // Justification of the Access Request. + Justification String + + // Support case ID linking to JIRA ticket. + SupportCaseId String + + // Internal support case id linking to jira ticket. + InternalSupportCaseId String + + // Subscription from which the Access Request belongs to. + SubscriptionId String + + // Cluster from which the Access Request belongs to. + ClusterId String + + // How long the access will last after it's been approved. + Duration String + + // How long the Access Request can be in pending state waiting for a customer decision. + Deadline String +} diff --git a/model/access_transparency/v1/access_request_resource.model b/model/access_transparency/v1/access_request_resource.model new file mode 100644 index 00000000..abd5bc56 --- /dev/null +++ b/model/access_transparency/v1/access_request_resource.model @@ -0,0 +1,28 @@ +/* +Copyright (c) 2024 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Manages a specific access request. +resource AccessRequest { + // Retrieves the details of the access request. + method Get { + out Body AccessRequest + } + + // Reference to the resource that manages the collection of decisions. + locator Decisions { + target Decisions + } +} diff --git a/model/access_transparency/v1/access_request_state.model b/model/access_transparency/v1/access_request_state.model new file mode 100644 index 00000000..0c4f0672 --- /dev/null +++ b/model/access_transparency/v1/access_request_state.model @@ -0,0 +1,30 @@ +/* +Copyright (c) 2024 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Possible states to an access request status. +enum AccessRequestState { + @json(name = "Pending") + Pending + + @json(name = "Approved") + Approved + + @json(name = "Expired") + Expired + + @json(name = "Denied") + Denied +} diff --git a/model/access_transparency/v1/access_request_status.type b/model/access_transparency/v1/access_request_status.type new file mode 100644 index 00000000..65b093f6 --- /dev/null +++ b/model/access_transparency/v1/access_request_status.type @@ -0,0 +1,25 @@ +/* +Copyright (c) 2024 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Representation of an access request status. +struct AccessRequestStatus { + // Current state of the Access Request. + State AccessRequestState + + // Date and time when the access request will expire, using the + // format defined in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt). + ExpiresAt Date +} diff --git a/model/access_transparency/v1/access_request_type.model b/model/access_transparency/v1/access_request_type.model new file mode 100644 index 00000000..022eae3e --- /dev/null +++ b/model/access_transparency/v1/access_request_type.model @@ -0,0 +1,63 @@ +/* +Copyright (c) 2024 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Representation of an access request. +class AccessRequest { + // Date and time when the access request was initially created, using the + // format defined in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt). + CreatedAt Date + + // Date and time when the access request was lastly updated, using the + // format defined in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt). + UpdatedAt Date + + // Decisions attached to the Access Request. + Decisions []Decision + + // Justification of the Access Request. + Justification String + + // User that requested the Access. + RequestedBy String + + // Support case ID linking to JIRA ticket. + SupportCaseId String + + // Internal support case id linking to jira ticket. + InternalSupportCaseId String + + // Organization from which the Access Request belongs to. + OrganizationId String + + // Subscription from which the Access Request belongs to. + SubscriptionId String + + // Cluster from which the Access Request belongs to. + ClusterId String + + // How long the access will last after it's been approved. + Duration String + + // How long the Access Request can be in pending state waiting for a customer decision. + Deadline String + + // Date and time for the deadline that the Access Request needs to be decided, using the + // format defined in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt). + DeadlineAt Date + + // Access Request status. + Status AccessRequestStatus +} diff --git a/model/access_transparency/v1/access_requests_resource.model b/model/access_transparency/v1/access_requests_resource.model new file mode 100644 index 00000000..573bb8f1 --- /dev/null +++ b/model/access_transparency/v1/access_requests_resource.model @@ -0,0 +1,79 @@ +/* +Copyright (c) 2024 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Manages the collection of access requests. +resource AccessRequests { + // Retrieves the list of access requests. + method List { + // Index of the requested page, where one corresponds to the first page. + in out Page Integer = 1 + + // Maximum number of items that will be contained in the returned page. + in out Size Integer = 100 + + // Search criteria. + // + // The syntax of this parameter is similar to the syntax of the _where_ clause of an + // SQL statement, but using the names of the attributes of the access request instead of + // the names of the columns of a table. For example, in order to retrieve all the + // access requests with a requested_by starting with `my` the value should be: + // + // ```sql + // requested_by like 'my%' + // ``` + // + // If the parameter isn't provided, or if the value is empty, then all the access requests + // that the user has permission to see will be returned. + in Search String + + // Order criteria. + // + // The syntax of this parameter is similar to the syntax of the _order by_ clause of + // a SQL statement, but using the names of the attributes of the access request instead of + // the names of the columns of a table. For example, in order to sort the access requests + // descending by created_at the value should be: + // + // ```sql + // created_at desc + // ``` + // + // If the parameter isn't provided, or if the value is empty, then the order of the + // results is undefined. + in Order String + + // Total number of items of the collection that match the search criteria, + // regardless of the size of the page. + out Total Integer + + // Retrieved list of access requests. + out Items []AccessRequest + } + + // Create a new access request and add it to the collection of access requests. + method Post { + // Input to include new access request. + in Body AccessRequestPostRequest + + // Newly access request. + out Body AccessRequest + } + + // Returns a reference to the service that manages a specific access request. + locator AccessRequest { + target AccessRequest + variable ID + } +} diff --git a/model/access_transparency/v1/decision_decision_type.model b/model/access_transparency/v1/decision_decision_type.model new file mode 100644 index 00000000..be449f2b --- /dev/null +++ b/model/access_transparency/v1/decision_decision_type.model @@ -0,0 +1,27 @@ +/* +Copyright (c) 2024 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Possible decisions to a decision status. +enum DecisionDecision { + @json(name = "Approved") + Approved + + @json(name = "Expired") + Expired + + @json(name = "Denied") + Denied +} diff --git a/model/access_transparency/v1/decision_resource.model b/model/access_transparency/v1/decision_resource.model new file mode 100644 index 00000000..d0d8fddc --- /dev/null +++ b/model/access_transparency/v1/decision_resource.model @@ -0,0 +1,23 @@ +/* +Copyright (c) 2024 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Manages a specific decision. +resource Decision { + // Retrieves the details of the decision. + method Get { + out Body Decision + } +} diff --git a/model/access_transparency/v1/decision_type.model b/model/access_transparency/v1/decision_type.model new file mode 100644 index 00000000..dca4f16a --- /dev/null +++ b/model/access_transparency/v1/decision_type.model @@ -0,0 +1,35 @@ +/* +Copyright (c) 2024 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Representation of an decision. +class Decision { + // Date and time when the decision was initially created, using the + // format defined in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt). + CreatedAt Date + + // Date and time when the decision was lastly updated, using the + // format defined in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt). + UpdatedAt Date + + // State of the decision. + Decision DecisionDecision + + // Justification of the decision. + Justification String + + // User that decided. + DecidedBy String +} diff --git a/model/access_transparency/v1/decisions_resource.model b/model/access_transparency/v1/decisions_resource.model new file mode 100644 index 00000000..c37fa6de --- /dev/null +++ b/model/access_transparency/v1/decisions_resource.model @@ -0,0 +1,76 @@ +/* +Copyright (c) 2024 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Manages a collection of decisions attached to an access request. +resource Decisions { + // Retrieves the list of decisions. + method List { + // Index of the requested page, where one corresponds to the first page. + in out Page Integer = 1 + + // Maximum number of items that will be contained in the returned page. + in out Size Integer = 100 + + // Search criteria. + // + // The syntax of this parameter is similar to the syntax of the _where_ clause of an + // SQL statement, but using the names of the attributes of the decision instead of + // the names of the columns of a table. For example, in order to retrieve all the + // decisions with a decided_by starting with `my` the value should be: + // + // ```sql + // decided_by like 'my%' + // ``` + // + // If the parameter isn't provided, or if the value is empty, then all the decisions + // that the user has permission to see will be returned. + in Search String + + // Order criteria. + // + // The syntax of this parameter is similar to the syntax of the _order by_ clause of + // a SQL statement, but using the names of the attributes of the decision instead of + // the names of the columns of a table. For example, in order to sort the decisions + // descending by created_at the value should be: + // + // ```sql + // created_at desc + // ``` + // + // If the parameter isn't provided, or if the value is empty, then the order of the + // results is undefined. + in Order String + + // Total number of items of the collection that match the search criteria, + // regardless of the size of the page. + out Total Integer + + // Retrieved list of decisions. + out Items []Decision + } + + // Create a new decision and add it to the collection of decisions of an access request. + method Add { + // Description of the decision addition. + in out Body Decision + } + + // Returns a reference to the service that manages a specific decision. + locator Decision { + target Decision + variable ID + } +} diff --git a/model/access_transparency/v1/root_resource.model b/model/access_transparency/v1/root_resource.model new file mode 100644 index 00000000..ea4eef10 --- /dev/null +++ b/model/access_transparency/v1/root_resource.model @@ -0,0 +1,29 @@ +/* +Copyright (c) 2024 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Root of the tree of resources of the Access Transparency Management. +resource Root { + // Reference to the resource that manages the Access Protection resource. + locator AccessProtection { + target AccessProtection + } + + // Reference to the resource that manages the collection of Access Requests. + locator AccessRequests { + target AccessRequests + } + +}