diff --git a/openapi-specs/cspm/PermissionGroupsMicroService.json b/openapi-specs/cspm/PermissionGroupsMicroService.json index a59a9ea7c..098ef5e3e 100644 --- a/openapi-specs/cspm/PermissionGroupsMicroService.json +++ b/openapi-specs/cspm/PermissionGroupsMicroService.json @@ -59,14 +59,28 @@ "url": "https://api.fr.prismacloud.io" } ], - "tags": [ + "security": [ + { + "CertAuth": [] + }, { - "description": "Permission groups enable you to restrict access to one or more features available on the Prisma Cloud administrative console. Permission group APIs allow you to retrieve, update or delete one or more existing permissions groups. You can also use these APIs to create a custom permission group and then you must attach it to a role and assign the role to a user.", - "name": "Permission Groups" + "ServiceJwt": [] }, + { + "UserJwt": [] + }, + { + "x-redlock-auth": [] + } + ], + "tags": [ { "name": "SSO", - "description": "On Prisma Cloud, you can enable single sign-on (SSO) using an Identity Provider (IdP) that supports Security Assertion Markup Language (SAML) or OpenID Connect (OIDC), such as Okta, Microsoft Active Directory Federation Services (ADFS), Azure Active Directory (AD), Google, or OneLogin. You can configure only one IdP for all the cloud accounts that Prisma Cloud monitors. Prisma Cloud System Administrators can use the following APIs to configure tenant SSO." + "description": "On Prisma Cloud, you can enable single sign-on (SSO) using an Identity Provider (IdP) that supports Security Assertion Markup Language (SAML) or OpenID Connect (OIDC), such as Okta, Microsoft Active Directory Federation Services (ADFS), Azure Active Directory (AD), Google, or OneLogin. Prisma Cloud System Administrators can use the following APIs to configure tenant SSO." + }, + { + "name": "Permission Groups", + "description": "Permission groups enable you to restrict access to one or more features available on the Prisma Cloud administrative console. Permission group APIs allow you to retrieve, update or delete one or more existing permissions groups. You can also use these APIs to create a custom permission group and then you must attach it to a role and assign the role to a user." } ], "paths": { @@ -82,7 +96,7 @@ { "name": "id", "in": "path", - "description": "PermissionGroupID", + "description": "Permission Group ID", "required": true, "schema": { "type": "string" @@ -296,6 +310,16 @@ "summary": "Update SAML Configuration", "description": "Used by System Admins to update the SAML Configuration for the tenancy", "operationId": "update-saml-config", + "parameters": [ + { + "name": "clientIp", + "in": "header", + "required": false, + "schema": { + "type": "string" + } + } + ], "requestBody": { "content": { "application/json": { @@ -354,6 +378,16 @@ "summary": "Create SAML Configuration", "description": "Used by System Admins to create the SAML Configuration for the tenancy", "operationId": "create-saml-config", + "parameters": [ + { + "name": "clientIp", + "in": "header", + "required": false, + "schema": { + "type": "string" + } + } + ], "requestBody": { "content": { "application/json": { @@ -865,7 +899,7 @@ { "name": "user_name", "in": "query", - "description": "User name of the tenant requesting the login URL.", + "description": "User name requesting the login URL.", "required": false, "schema": { "type": "string" @@ -874,7 +908,7 @@ { "name": "prisma_id", "in": "query", - "description": "PrismaId of the tenant requesting the login URL.", + "description": "Prisma ID for the tenant of the user requesting the login.", "required": false, "schema": { "type": "string" @@ -960,7 +994,7 @@ "description": "A mapping of operations and a boolean value representing whether the privilege to perform the operation needs to be granted." } }, - "description": "Collection of permitted features associated with the role. \n Refer to PermissionGroup API docs to get the entire list of PC features." + "description": "List of Prisma Cloud Features" }, "PermissionGroupRequest": { "title": "Model used for permission group", @@ -1184,6 +1218,7 @@ "clientId", "idpAuthUri", "issuer", + "scopes", "tokenUri" ], "type": "object", @@ -1194,11 +1229,6 @@ "format": "uuid", "readOnly": true }, - "clientSecret": { - "type": "string", - "description": "Client ID secret from the Identity Provider(IdP).", - "writeOnly": true - }, "prismaId": { "type": "integer", "description": "Prisma ID of the tenant.", @@ -1209,10 +1239,25 @@ "type": "string", "description": "Client ID obtained after Identity Provider(IdP) configuration." }, + "clientSecret": { + "type": "string", + "description": "Secret for the client id", + "writeOnly": true + }, "issuer": { "type": "string", "description": "The identifier of the OpenID Connect(OIDC) provider." }, + "scopes": { + "type": "array", + "description": "Identifiers used to specify what access privileges are being requested.", + "example": "[openid, email, profile]", + "items": { + "type": "string", + "description": "Identifiers used to specify what access privileges are being requested.", + "example": "[openid, email, profile]" + } + }, "grantType": { "type": "string", "description": "Grant types are a way to specify how a client wants to interact with an Identity Provider(IdP).", @@ -1238,7 +1283,7 @@ }, "jwkSetUri": { "type": "string", - "description": "The URL of the Identity Provider(IdP) JSON Web Key Set document. This document contains signing keys that are used to validate the signatures from the provider." + "description": "The URL of the Identity Provider(IdP) JSON Web Key Set document.This document contains signing keys that are used to validate the signatures from the provider." }, "endSessionUri": { "type": "string", @@ -1252,6 +1297,22 @@ false ] }, + "isJitEnabled": { + "type": "boolean", + "description": "Is JIT enabled", + "enum": [ + true, + false + ] + }, + "jitRoleClaimName": { + "type": "string", + "description": "Token claim providing the name of Prisma Cloud role for user." + }, + "jitDefaultRoleId": { + "type": "string", + "description": "Default Prisma Cloud role to use for JIT when claim is missing or undefined." + }, "pcAuthUri": { "type": "string", "description": "Prisma Cloud endpoint URL to begin the authentication flow.", diff --git a/openapi-specs/cspm/ResourceExplorer.json b/openapi-specs/cspm/ResourceExplorer.json index 7f5025619..4b760694c 100644 --- a/openapi-specs/cspm/ResourceExplorer.json +++ b/openapi-specs/cspm/ResourceExplorer.json @@ -620,12 +620,55 @@ }, "info": { "contact": {}, - "description": "### Where Do I Find the RRN For My Resource?\n\nWhere Do I Find the RRN For My Resource?\\n\\nYou can find the RRN for a resource in the URL when you \nnavigate to **Data Inventory > {Total Objects} > {Object Name} > {Resource Name}**.\\nThe following is an example of such a URL. The RRN is in the URL query string.\n\n```\nhttps://app.prismacloud.io/investigate/details?resourceId=rrn:aws:storageBucket:us-east-1:123456789012:test-bucket \n``` \n\n### Account Representation\n\nIf the **regionId** and **resourceId** are not in the RRN, then the **cloudType** and **resourceType** fields\nin thr RRN are optional. In this siutation, the RRN identifies an account.\n\n\nFull RRN:\n```\nrrn:::us-west-1:12345678901:i-ABCDEFGH\n```\n\nAbridged RRN:\n``` \nrrn::::12345678901\n```\n", + "description": "### Where Do I Find the RRN For My Resource?\n\nWhere Do I Find the RRN For My Resource?\\n\\nYou can find the RRN for a resource in the URL when you \nnavigate to **Data Inventory > {Total Objects} > {Object Name} > {Resource Name}**.\\nThe following is an example of such a URL. The RRN is in the URL query string.\n\n```\nhttps://app.prismacloud.io/investigate/details?resourceId=rrn:aws:storageBucket:us-east-1:123456789012:test-bucket \n``` \n\n### Account Representation\n\nIf the **regionId** and **resourceId** are not in the RRN, then the **cloudType** and **resourceType** fields\nin thr RRN are optional. In this situation, the RRN identifies an account.\n\n\nFull RRN:\n```\nrrn:::us-west-1:12345678901:i-ABCDEFGH\n```\n\nAbridged RRN:\n``` \nrrn::::12345678901\n```\n", "title": "Prisma Cloud Resource Explorer API Overview", "version": "Latest" }, "openapi": "3.0.0", "paths": { + "/resource": { + "post": { + "deprecated": true, + "description": "\nReturns detailed information for the resource with the given **rrn**.\n:::info\n **Replacement  Endpoint: [Get Asset](/prisma-cloud/api/cspm/get-asset-details-by-id)**\n:::\n\r\n\r\nGenerally, the data field in the response object contains the raw JSON blob as is received from the \nsource cloud service provider API for the given resource.\n\nOnly the **rrn** parameter in the request body is used for this API. Ignore the **timelineItemId** and \n**findingType** fields for this API.\n\nAn example request body is:\n```\n{\n \"rrn\": \"rrn::storageBucket:us-east-1:123456789012:test-bucket\"\n}\n```\n", + "operationId": "get-resource", + "requestBody": { + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/ResourceExplorerRequest" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/ResourceMetaModel" + } + } + }, + "description": "successful operation" + }, + "400": { + "description": "bad_request / no_results / invalid_parameter_value" + }, + "404": { + "description": "not_found" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "summary": "Get Resource", + "tags": [ + "Resource Explorer" + ] + } + }, "/resource/alert": { "post": { "description": "Get a list of alerts associated with a given resource. \r\n\r\nOnly the **rrn** parameter in the request body is used for this API. Ignore the **timelineItemId** and \n**findingType** fields for this API.\n\nAn example request body is:\n```\n{\n \"rrn\": \"rrn::storageBucket:us-east-1:123456789012:test-bucket\"\n}\n```\n", @@ -817,6 +860,95 @@ ] } }, + "/resource/timeline": { + "post": { + "deprecated": true, + "description": "\n Returns a timeline of events and alerts for the given resource.\n:::info\n **Replacement  Endpoint: [Get Asset](/prisma-cloud/api/cspm/get-asset-details-by-id)**\n:::\n\n\r\n\r\nOnly the **rrn** parameter in the request body is used for this API. Ignore the **timelineItemId** and \n**findingType** fields for this API.\n\nAn example request body is:\n```json\n{\n \"\"rrn\": \"rrn::instance:us-east-1:i-xxxxxxxxxx\"\n}\n```\n", + "operationId": "get-timeline-for-resource", + "requestBody": { + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/ResourceExplorerRequest" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; charset=UTF-8": { + "schema": { + "items": { + "$ref": "#/components/schemas/ResourceTimelineItem" + }, + "type": "array" + } + } + }, + "description": "successful operation" + }, + "400": { + "description": "invalid_parameter_value" + }, + "404": { + "description": "not_found" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "summary": "Get Resource Timeline", + "tags": [ + "Resource Explorer" + ] + } + }, + "/resource/raw": { + "post": { + "deprecated": true, + "description": "Returns the raw metadata of the configuration of a resource at a given point in time.\n:::info\n **Replacement  Endpoint: [Get Asset](/prisma-cloud/api/cspm/get-asset-details-by-id)**\n:::\n\n\r\n\r\nGenerally, the response object contains the raw JSON blob as is received from the \nsource cloud service provider API.\n\nOnly the **rrn** parameter in the request body is used for this API. Ignore the **findingType** \nfield for this API.\n\nYou can find the **timelineItemId** for your resource from the timeline results that \n[Get Resource Timeline](/prisma-cloud/api/cspm/get-timeline-for-resource)\nreturns.\n\nAn example request body is:\n```json\n{\n \"rrn\": \"rrn::instance:us-east-1:i-xxxxxxxxxx\",\n \"timelineItemId\": \"xxxxxxxxxxxxxx\"\n}\n```\n", + "operationId": "get-resource-raw", + "requestBody": { + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/ResourceExplorerRequest" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; charset=UTF-8": { + "schema": { + "type": "object" + } + } + }, + "description": "successful operation" + }, + "400": { + "description": "invalid_parameter_value" + }, + "404": { + "description": "not_found" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "summary": "Get Resource (Raw)", + "tags": [ + "Resource Explorer" + ] + } + }, "/resource/external_integration": { "post": { "description": "Returns a list of external ingestion integrations for the specified resource.", @@ -909,7 +1041,7 @@ ], "tags": [ { - "description": "### Where Do I Find the RRN For My Resource?\n\nWhere Do I Find the RRN For My Resource?\\n\\nYou can find the RRN for a resource in the URL when you \nnavigate to **Data Inventory > {Total Objects} > {Object Name} > {Resource Name}**.\\nThe following is an example of such a URL. The RRN is in the URL query string.\n\n```\nhttps://app.prismacloud.io/investigate/details?resourceId=rrn:aws:storageBucket:us-east-1:123456789012:test-bucket \n``` \n\n### Account Representation\n\nIf the **regionId** and **resourceId** are not in the RRN, then the **cloudType** and **resourceType** fields\nin thr RRN are optional. In this siutation, the RRN identifies an account.\n\n\nFull RRN:\n```\nrrn:::us-west-1:12345678901:i-ABCDEFGH\n```\n\nAbridged RRN:\n``` \nrrn::::12345678901\n```\n", + "description": "### Where Do I Find the RRN For My Resource?\n\nWhere Do I Find the RRN For My Resource?\\n\\nYou can find the RRN for a resource in the URL when you \nnavigate to **Data Inventory > {Total Objects} > {Object Name} > {Resource Name}**.\\nThe following is an example of such a URL. The RRN is in the URL query string.\n\n```\nhttps://app.prismacloud.io/investigate/details?resourceId=rrn:aws:storageBucket:us-east-1:123456789012:test-bucket \n``` \n\n### Account Representation\n\nIf the **regionId** and **resourceId** are not in the RRN, then the **cloudType** and **resourceType** fields\nin thr RRN are optional. In this situation, the RRN identifies an account.\n\n\nFull RRN:\n```\nrrn:::us-west-1:12345678901:i-ABCDEFGH\n```\n\nAbridged RRN:\n``` \nrrn::::12345678901\n```\n", "name": "Resource Explorer" } ] diff --git a/openapi-specs/cspm/consolidated_spec/all_endpoints.csv b/openapi-specs/cspm/consolidated_spec/all_endpoints.csv index f39dd4862..1eb0041e8 100644 --- a/openapi-specs/cspm/consolidated_spec/all_endpoints.csv +++ b/openapi-specs/cspm/consolidated_spec/all_endpoints.csv @@ -392,10 +392,13 @@ "get","/report/{id}/{lastScheduled}/download","Download Historical Report","download-historical-by-id","Reports","Monolith" "get","/filter/report/suggest","Get Report Overview Filters and Options","get-report-filters-and-options","Reports","Monolith" "post","/filter/report/suggest","List Report Overview Filter Autocomplete Suggestions","get-report-posture-filter-options","Reports","Monolith" +"post","/resource","Get Resource","get-resource","Resource Explorer","Monolith" "post","/resource/alert","Get Alerts for Resource","get-alerts-for-resource","Resource Explorer","Monolith" "post","/resource/network","Get Resource Network Settings","get-network-for-resource","Resource Explorer","Monolith" "get","/resource/external_finding","List Host Findings For Alert","get-host-findings-for-alert","Resource Explorer","Monolith" "post","/resource/external_finding","List Host Findings","get-host-findings","Resource Explorer","Monolith" +"post","/resource/timeline","Get Resource Timeline","get-timeline-for-resource","Resource Explorer","Monolith" +"post","/resource/raw","Get Resource (Raw)","get-resource-raw","Resource Explorer","Monolith" "post","/resource/external_integration","Get External Ingest Integrations for the resource","get-external-integrations-for-resource","Resource Explorer","Monolith" "get","/v1/resource_list","Get Resource Lists","get-all-resource-list-for-customer","Resource Lists","Monolith" "post","/v1/resource_list","Add Resource List","add-resource-list","Resource Lists","Monolith"