Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OCM-8260 | feat: include access transparency service #941

Merged
merged 2 commits into from
May 27, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGES.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ This document describes the relevant changes between releases of the API model.

## 0.0.374 May 23 2024
- Add `CreationTimestamp` and `LastUpdateTimestamp` to `RolePolicyBinding` type
- Add `access_transparecy` Service and it's resources

## 0.0.373 May 13 2024
- Add `subnet_resource_id` to `Azure` resource
Expand Down
36 changes: 36 additions & 0 deletions model/access_transparency/v1/access_protection_resource.model
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
/*
Copyright (c) 2024 Red Hat, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// Manages the Access Protection resource.
resource AccessProtection {
// Retrieves an Access Protection by organization/cluster/subscription query param.
method Get {
// Check status by Subscription.
@http(name = "subscriptionId")
in SubscriptionId String

// Check status by Cluter.
@http(name = "clusterId")
in ClusterId String

// Check status by Organization.
@http(name = "organizationId")
in OrganizationId String

// AccessProtection status response.
out Body AccessProtection
}
}
20 changes: 20 additions & 0 deletions model/access_transparency/v1/access_protection_type.model
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
/*
Copyright (c) 2024 Red Hat, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// Representation of an access protection.
struct AccessProtection {
Enabled boolean
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
/*
Copyright (c) 2024 Red Hat, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// Representation of an access request post request.
struct AccessRequestPostRequest {
// Justification of the Access Request.
Justification String

// Support case ID linking to JIRA ticket.
SupportCaseId String

// Internal support case id linking to jira ticket.
InternalSupportCaseId String

// Subscription from which the Access Request belongs to.
SubscriptionId String

// Cluster from which the Access Request belongs to.
ClusterId String

// How long the access will last after it's been approved.
Duration String

// How long the Access Request can be in pending state waiting for a customer decision.
Deadline String
}
28 changes: 28 additions & 0 deletions model/access_transparency/v1/access_request_resource.model
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
/*
Copyright (c) 2024 Red Hat, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// Manages a specific access request.
resource AccessRequest {
// Retrieves the details of the access request.
method Get {
out Body AccessRequest
}

// Reference to the resource that manages the collection of decisions.
locator Decisions {
target Decisions
}
}
30 changes: 30 additions & 0 deletions model/access_transparency/v1/access_request_state.model
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
/*
Copyright (c) 2024 Red Hat, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// Possible states to an access request status.
enum AccessRequestState {
@json(name = "Pending")
Pending

@json(name = "Approved")
Approved

@json(name = "Expired")
Expired

@json(name = "Denied")
Denied
}
25 changes: 25 additions & 0 deletions model/access_transparency/v1/access_request_status.type
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
/*
Copyright (c) 2024 Red Hat, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// Representation of an access request status.
struct AccessRequestStatus {
// Current state of the Access Request.
State AccessRequestState

// Date and time when the access request will expire, using the
// format defined in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt).
ExpiresAt Date
}
63 changes: 63 additions & 0 deletions model/access_transparency/v1/access_request_type.model
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
/*
Copyright (c) 2024 Red Hat, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// Representation of an access request.
class AccessRequest {
// Date and time when the access request was initially created, using the
// format defined in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt).
CreatedAt Date

// Date and time when the access request was lastly updated, using the
// format defined in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt).
UpdatedAt Date

// Decisions attached to the Access Request.
Decisions []Decision

// Justification of the Access Request.
Justification String

// User that requested the Access.
RequestedBy String

// Support case ID linking to JIRA ticket.
SupportCaseId String

// Internal support case id linking to jira ticket.
InternalSupportCaseId String

// Organization from which the Access Request belongs to.
OrganizationId String

// Subscription from which the Access Request belongs to.
SubscriptionId String

// Cluster from which the Access Request belongs to.
ClusterId String

// How long the access will last after it's been approved.
Duration String

// How long the Access Request can be in pending state waiting for a customer decision.
Deadline String

// Date and time for the deadline that the Access Request needs to be decided, using the
// format defined in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt).
DeadlineAt Date

// Access Request status.
Status AccessRequestStatus
}
79 changes: 79 additions & 0 deletions model/access_transparency/v1/access_requests_resource.model
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
/*
Copyright (c) 2024 Red Hat, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// Manages the collection of access requests.
resource AccessRequests {
// Retrieves the list of access requests.
method List {
// Index of the requested page, where one corresponds to the first page.
in out Page Integer = 1

// Maximum number of items that will be contained in the returned page.
in out Size Integer = 100

// Search criteria.
//
// The syntax of this parameter is similar to the syntax of the _where_ clause of an
// SQL statement, but using the names of the attributes of the access request instead of
// the names of the columns of a table. For example, in order to retrieve all the
// access requests with a requested_by starting with `my` the value should be:
//
// ```sql
// requested_by like 'my%'
// ```
//
// If the parameter isn't provided, or if the value is empty, then all the access requests
// that the user has permission to see will be returned.
in Search String

// Order criteria.
//
// The syntax of this parameter is similar to the syntax of the _order by_ clause of
// a SQL statement, but using the names of the attributes of the access request instead of
// the names of the columns of a table. For example, in order to sort the access requests
// descending by created_at the value should be:
//
// ```sql
// created_at desc
// ```
//
// If the parameter isn't provided, or if the value is empty, then the order of the
// results is undefined.
in Order String

// Total number of items of the collection that match the search criteria,
// regardless of the size of the page.
out Total Integer

// Retrieved list of access requests.
out Items []AccessRequest
}

// Create a new access request and add it to the collection of access requests.
method Post {
// Input to include new access request.
in Body AccessRequestPostRequest

// Newly access request.
out Body AccessRequest
}

// Returns a reference to the service that manages a specific access request.
locator AccessRequest {
target AccessRequest
variable ID
}
}
27 changes: 27 additions & 0 deletions model/access_transparency/v1/decision_decision_type.model
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
/*
Copyright (c) 2024 Red Hat, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// Possible decisions to a decision status.
enum DecisionDecision {
@json(name = "Approved")
Approved

@json(name = "Expired")
Expired

@json(name = "Denied")
Denied
}
23 changes: 23 additions & 0 deletions model/access_transparency/v1/decision_resource.model
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
/*
Copyright (c) 2024 Red Hat, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// Manages a specific decision.
resource Decision {
// Retrieves the details of the decision.
method Get {
out Body Decision
}
}
Loading
Loading