From a436b7efaad7e28d05f4f6890af8c099854c5a6e Mon Sep 17 00:00:00 2001 From: AbiMano4688 Date: Tue, 31 Oct 2023 17:04:05 +0530 Subject: [PATCH] bulk account update --- .../cspm/CloudAccountsMicroService.json | 3226 +++++++++-------- .../cspm/consolidated_spec/all_endpoints.csv | 7 +- 2 files changed, 1800 insertions(+), 1433 deletions(-) diff --git a/openapi-specs/cspm/CloudAccountsMicroService.json b/openapi-specs/cspm/CloudAccountsMicroService.json index 296df6a82..653b92256 100644 --- a/openapi-specs/cspm/CloudAccountsMicroService.json +++ b/openapi-specs/cspm/CloudAccountsMicroService.json @@ -53,26 +53,33 @@ } ], "paths": { - "/cas/v1/features/cloud/{cloud_type}": { - "post": { + "/cas/api/v1/org/{id}/features": { + "put": { "tags": [ "Cloud Accounts (All)" ], - "summary": "Fetch Supported Features For Cloud Type", - "description": "Lists the features supported for the specified cloud type and account type. \n\n The response contains *supportedFeatures* key whose value contains supported feature names.\n\n **NOTE**: The supportedFeatures returns \"Cloud Visibility Compliance and Governance\" string by default. Do not explicitly pass this string as a feature in the request body param in any cloud account API(Like in Add AWS Cloud Account, Update AWS Cloud Account,Generate and Download the AWS CFT Template, etc).", - "operationId": "fetch-supported-features", + "summary": "Enable a Feature for Members", + "description": "Enable or disable the feature for a set of member accounts linked to an organization.", + "operationId": "save-Bulk-Cloud-Account-Feature", "parameters": [ { - "name": "cloud_type", + "name": "id", "in": "path", "required": true, "schema": { - "type": "string", - "enum": [ - "aws", - "azure", - "gcp" - ] + "type": "string" + } + }, + { + "name": "x-redlock-auth", + "in": "header", + "description": "x-redlock-auth token should be used for U2S API call", + "content": { + "*/*": { + "schema": { + "type": "string" + } + } } } ], @@ -80,69 +87,59 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/FeaturesAvailableRequest" + "$ref": "#/components/schemas/CloudAccountBulkFeatureRequest" } } }, "required": true }, "responses": { - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ApiError" - } - } - } - }, "429": { "description": "Rate Limit Exceeded", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiError" + "$ref": "#/components/schemas/RestAPIErrorResponse" } } } }, - "401": { - "description": "Unauthorized Access", + "200": { + "description": "Successfully saved/updated cloud account feature for the given member accounts", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiError" + "$ref": "#/components/schemas/SuccessResponse" } } } }, - "500": { - "description": "Failed with an Exception, Internal Error Occurred", + "400": { + "description": "Invalid Account Id/Member Ids cannot be empty or null/Member account list should be less than 500 in a single request/Feature {0} is not allowed/Invalid feature state {0} for feature {1}/Organisation Id {0} is not onboarded/AccountType of {0} is invalid, should be either of Organisation / Master Service Account / Tenant/Members account {0} do not belong to {1}/Compute features are not supported for {0}/Feature {0} is not present for given account,/For feature = {0}, parent feature state is {1}/Organisation / Master Service Account / Tenant Id {0} should not be part of memberIds list/AccountType of member account {0} is invalid. Member accountType should be of type {1}/", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiError" + "$ref": "#/components/schemas/RestAPIErrorResponse" } } } }, - "200": { - "description": "Features supported for the cloud type", + "404": { + "description": "Tenant not found", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/FeaturesAvailableResponse" + "$ref": "#/components/schemas/RestAPIErrorResponse" } } } }, - "425": { - "description": "Too Early to access the resource", + "401": { + "description": "Unauthorized Access", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiError" + "$ref": "#/components/schemas/RestAPIErrorResponse" } } } @@ -152,7 +149,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiError" + "$ref": "#/components/schemas/RestAPIErrorResponse" } } } @@ -162,17 +159,17 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiError" + "$ref": "#/components/schemas/RestAPIErrorResponse" } } } }, - "404": { - "description": "Not Found", + "425": { + "description": "Too Early to access the resource", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiError" + "$ref": "#/components/schemas/RestAPIErrorResponse" } } } @@ -186,27 +183,41 @@ ] } }, - "/cas/v1/aws_template": { + "/cas/v1/azure_template": { "post": { "tags": [ - "Cloud Accounts (AWS)" + "Cloud Accounts (Azure)" + ], + "summary": "Generate and Download the Terraform template (Azure)", + "description": "Generates the Azure Terraform template. The generated Terraform template includes the permissions based on selected features. The terraform template can be used to create an app registration and required roles on the Azure Portal.\n\n**Note**: This feature is available only for Prisma Commercial and Government stacks.", + "operationId": "generate-template-link", + "parameters": [ + { + "name": "x-redlock-auth", + "in": "header", + "description": "x-redlock-auth token should be used for U2S API call", + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + } + } ], - "summary": "Generate and Download the CFT Template (AWS)", - "description": "Generates the AWS CFT template. The Generated CFT template includes Prisma Cloud generated externalId and the permissions based on selected features.\n The CFT template can be used to create IAM role via AWS CloudFormation stack.", - "operationId": "generate-cft-template-aws", "requestBody": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AWSTemplateGenRequest" + "$ref": "#/components/schemas/AzureTemplateGenRequest" } } }, "required": true }, "responses": { - "400": { - "description": "Bad Request", + "401": { + "description": "Unauthorized Access", "content": { "application/json": { "schema": { @@ -215,8 +226,8 @@ } } }, - "429": { - "description": "Rate Limit Exceeded", + "500": { + "description": "Failed with an exception.", "content": { "application/json": { "schema": { @@ -228,18 +239,8 @@ "200": { "description": "Template Generated Successfully" }, - "401": { - "description": "Unauthorized Access", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ApiError" - } - } - } - }, - "425": { - "description": "Too Early to access the resource", + "403": { + "description": "Tenant License Expired", "content": { "application/json": { "schema": { @@ -258,8 +259,8 @@ } } }, - "500": { - "description": "Failed with an exception.", + "404": { + "description": "Not Found", "content": { "application/json": { "schema": { @@ -268,8 +269,8 @@ } } }, - "403": { - "description": "Tenant License Expired", + "429": { + "description": "Rate Limit Exceeded", "content": { "application/json": { "schema": { @@ -278,8 +279,8 @@ } } }, - "404": { - "description": "Not Found", + "400": { + "description": "Bad Request", "content": { "application/json": { "schema": { @@ -297,55 +298,68 @@ ] } }, - "/cas/v1/cloud/{cloudType}/deployment-type": { - "get": { + "/cas/v1/gcp_template": { + "post": { "tags": [ - "Cloud Accounts (OCI and Alibaba)" + "Cloud Accounts (GCP)" ], - "summary": "Get Cloud Account Deployment Types (Alibaba)", - "description": "List cloud account deployment types. Currently, this is applicable only for Alibaba cloud.", - "operationId": "getCloudDeploymentTypes", + "summary": "Generate and Download the Terraform Template (GCP)", + "description": "Generate the GCP Terraform template. The generated Terraform template includes the permissions based on selected features.", + "operationId": "generate-template-link-gcp-gcp", "parameters": [ { - "name": "cloudType", - "in": "path", - "required": true, - "schema": { - "type": "string", - "description": "Cloud Account Type", - "enum": [ - "alibaba-cloud" - ] + "name": "x-redlock-auth", + "in": "header", + "description": "x-redlock-auth token should be used for U2S API call", + "content": { + "*/*": { + "schema": { + "type": "string" + } + } } } ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/GCPTemplateGenRequest" + } + } + }, + "required": true + }, "responses": { "401": { "description": "Unauthorized Access", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/APIErrorObject" + "$ref": "#/components/schemas/ApiError" } } } }, - "403": { - "description": "Tenant License Expired", + "500": { + "description": "Failed with an exception.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/APIErrorObject" + "$ref": "#/components/schemas/ApiError" } } } }, - "425": { - "description": "Too Early to access the resource", + "200": { + "description": "Template Generated Successfully" + }, + "403": { + "description": "Tenant License Expired", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/APIErrorObject" + "$ref": "#/components/schemas/ApiError" } } } @@ -355,17 +369,17 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/APIErrorObject" + "$ref": "#/components/schemas/ApiError" } } } }, - "400": { - "description": "Bad Request", + "404": { + "description": "Not Found", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/APIErrorObject" + "$ref": "#/components/schemas/ApiError" } } } @@ -375,37 +389,17 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/APIErrorObject" - } - } - } - }, - "200": { - "description": "Successfully retrieved list of cloud deployment types", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/DeploymentTypeListResponse" - } - } - } - }, - "500": { - "description": "Failed with an Exception, Internal Error Occurred", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/APIErrorObject" + "$ref": "#/components/schemas/ApiError" } } } }, - "404": { - "description": "Tenant not found", + "400": { + "description": "Bad Request", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/APIErrorObject" + "$ref": "#/components/schemas/ApiError" } } } @@ -419,27 +413,57 @@ ] } }, - "/cas/v1/aws_template/presigned_url": { + "/cas/v1/features/cloud/{cloud_type}": { "post": { "tags": [ - "Cloud Accounts (AWS)" + "Cloud Accounts (All)" + ], + "summary": "Fetch Supported Features For Cloud Type", + "description": "Lists the features supported for the specified cloud type and account type. \n\n The response contains *supportedFeatures* key whose value contains supported feature names.\n\n **NOTE**: The supportedFeatures returns \"Cloud Visibility Compliance and Governance\" string by default. Do not explicitly pass this string as a feature in the request body param in any cloud account API(Like in Add AWS Cloud Account, Update AWS Cloud Account,Generate and Download the AWS CFT Template, etc).", + "operationId": "fetch-supported-features", + "parameters": [ + { + "name": "cloud_type", + "in": "path", + "required": true, + "schema": { + "type": "string", + "enum": [ + "aws", + "azure", + "gcp", + "alibaba", + "oci", + "ibm" + ] + } + }, + { + "name": "x-redlock-auth", + "in": "header", + "description": "x-redlock-auth token should be used for U2S API call", + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + } + } ], - "summary": "Generate the CFT Template Link (AWS)", - "description": "Generates the AWS Cloudformation Stack Quick create link with S3 presigned CFT URL. The Generated CFT template will include Prisma Cloud generated externalId and the permissions based on selected features.\n\n The response contains *createStackLinkWithS3PresignedUrl* key whose value can be used to create IAM role via AWS CloudFormation stack.\n\n There are 2 ways to create IAM role:\n\n 1. [Manual] If you are logged into your AWS Management console, directly open the value of the *createStackLinkWithS3PresignedUrl* key on a new tab in the browser.\n 2. [Automation] Else, you can extract the actual S3 Presigned CFT URL from the *createStackLinkWithS3PresignedUrl* key by splitting at templateURL= and url decoding the last index of the split(i.e right part of the split). This extracted decoded link can be used to create or update the IAM role CloudFormation stack. \n\n **NOTE**: The *createStackLinkWithS3PresignedUrl* link is valid for 1hr", - "operationId": "generate-cft-template-link-aws", "requestBody": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AWSTemplateGenRequest" + "$ref": "#/components/schemas/FeaturesAvailableRequest" } } }, "required": true }, "responses": { - "400": { - "description": "Bad Request", + "401": { + "description": "Unauthorized Access", "content": { "application/json": { "schema": { @@ -448,8 +472,8 @@ } } }, - "429": { - "description": "Rate Limit Exceeded", + "425": { + "description": "Too Early to access the resource", "content": { "application/json": { "schema": { @@ -458,18 +482,18 @@ } } }, - "200": { - "description": "Template Generated Successfully", + "403": { + "description": "Tenant License Expired", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AWSCFTGenResponse" + "$ref": "#/components/schemas/ApiError" } } } }, - "401": { - "description": "Unauthorized Access", + "405": { + "description": "Wrong Http Method", "content": { "application/json": { "schema": { @@ -478,18 +502,18 @@ } } }, - "425": { - "description": "Too Early to access the resource", + "200": { + "description": "Features supported for the cloud type", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiError" + "$ref": "#/components/schemas/FeaturesAvailableResponse" } } } }, - "405": { - "description": "Wrong Http Method", + "404": { + "description": "Not Found", "content": { "application/json": { "schema": { @@ -498,8 +522,8 @@ } } }, - "500": { - "description": "Failed with an exception.", + "429": { + "description": "Rate Limit Exceeded", "content": { "application/json": { "schema": { @@ -508,8 +532,8 @@ } } }, - "403": { - "description": "Tenant License Expired", + "400": { + "description": "Bad Request", "content": { "application/json": { "schema": { @@ -518,8 +542,8 @@ } } }, - "404": { - "description": "Not Found", + "500": { + "description": "Failed with an Exception, Internal Error Occurred", "content": { "application/json": { "schema": { @@ -537,19 +561,33 @@ ] } }, - "/cas/v1/gcp_template": { + "/cas/v1/aws_template": { "post": { "tags": [ - "Cloud Accounts (GCP)" + "Cloud Accounts (AWS)" + ], + "summary": "Generate and Download the CFT Template (AWS)", + "description": "Generates the AWS CFT template. The Generated CFT template includes Prisma Cloud generated externalId and the permissions based on selected features.\n The CFT template can be used to create IAM role via AWS CloudFormation stack.", + "operationId": "generate-cft-template-aws", + "parameters": [ + { + "name": "x-redlock-auth", + "in": "header", + "description": "x-redlock-auth token should be used for U2S API call", + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + } + } ], - "summary": "Generate and Download the Terraform Template (GCP)", - "description": "Generate the GCP Terraform template. The generated Terraform template includes the permissions based on selected features.", - "operationId": "generate-template-link-gcp-gcp", "requestBody": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/GCPTemplateGenRequest" + "$ref": "#/components/schemas/AWSTemplateGenRequest" } } }, @@ -557,7 +595,10 @@ }, "responses": { "400": { - "description": "Bad Request", + "description": "Bad Request/Bad Request with accountType account, only valid cftType is account/Bad Request with accountType organization, cftType account is not valid/AccountType can be one of the following [account , organization]/AccountId is not valid Feature list is invalid /Invalid usage of customMemberRoleNameEnabled" + }, + "401": { + "description": "Unauthorized Access", "content": { "application/json": { "schema": { @@ -566,8 +607,8 @@ } } }, - "429": { - "description": "Rate Limit Exceeded", + "425": { + "description": "Too Early to access the resource", "content": { "application/json": { "schema": { @@ -576,11 +617,8 @@ } } }, - "200": { - "description": "Template Generated Successfully" - }, - "401": { - "description": "Unauthorized Access", + "500": { + "description": "Failed with an exception.", "content": { "application/json": { "schema": { @@ -589,8 +627,11 @@ } } }, - "405": { - "description": "Wrong Http Method", + "200": { + "description": "Template Generated Successfully" + }, + "403": { + "description": "Tenant License Expired", "content": { "application/json": { "schema": { @@ -599,8 +640,8 @@ } } }, - "500": { - "description": "Failed with an exception.", + "405": { + "description": "Wrong Http Method", "content": { "application/json": { "schema": { @@ -609,8 +650,8 @@ } } }, - "403": { - "description": "Tenant License Expired", + "404": { + "description": "Not Found", "content": { "application/json": { "schema": { @@ -619,8 +660,8 @@ } } }, - "404": { - "description": "Not Found", + "429": { + "description": "Rate Limit Exceeded", "content": { "application/json": { "schema": { @@ -638,19 +679,33 @@ ] } }, - "/cas/v1/azure_template": { + "/cas/v1/aws_template/presigned_url": { "post": { "tags": [ - "Cloud Accounts (Azure)" + "Cloud Accounts (AWS)" + ], + "summary": "Generate the CFT Template Link (AWS)", + "description": "Generates the AWS Cloudformation Stack Quick create link with S3 presigned CFT URL. The Generated CFT template will include Prisma Cloud generated externalId and the permissions based on selected features.\n\n The response contains *createStackLinkWithS3PresignedUrl* key whose value can be used to create IAM role via AWS CloudFormation stack.\n\n There are 2 ways to create IAM role:\n\n 1. [Manual] If you are logged into your AWS Management console, directly open the value of the *createStackLinkWithS3PresignedUrl* key on a new tab in the browser.\n 2. [Automation] Else, you can extract the actual S3 Presigned CFT URL from the *createStackLinkWithS3PresignedUrl* key by splitting at templateURL= and url decoding the last index of the split(i.e right part of the split). This extracted decoded link can be used to create or update the IAM role CloudFormation stack. \n\n **NOTE**: The *createStackLinkWithS3PresignedUrl* link is valid for 1hr", + "operationId": "generate-cft-template-link-aws", + "parameters": [ + { + "name": "x-redlock-auth", + "in": "header", + "description": "x-redlock-auth token should be used for U2S API call", + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + } + } ], - "summary": "Generate and Download the Terraform template (Azure)", - "description": "Generates the Azure Terraform template. The generated Terraform template includes the permissions based on selected features. The terraform template can be used to create an app registration and required roles on the Azure Portal.\n\n**Note**: This feature is available only for Prisma Commercial and Government stacks.", - "operationId": "generate-template-link", "requestBody": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AzureTemplateGenRequest" + "$ref": "#/components/schemas/AWSTemplateGenRequest" } } }, @@ -667,8 +722,8 @@ } } }, - "429": { - "description": "Rate Limit Exceeded", + "401": { + "description": "Unauthorized Access", "content": { "application/json": { "schema": { @@ -677,11 +732,8 @@ } } }, - "200": { - "description": "Template Generated Successfully" - }, - "401": { - "description": "Unauthorized Access", + "425": { + "description": "Too Early to access the resource", "content": { "application/json": { "schema": { @@ -690,8 +742,8 @@ } } }, - "405": { - "description": "Wrong Http Method", + "500": { + "description": "Failed with an exception.", "content": { "application/json": { "schema": { @@ -700,8 +752,8 @@ } } }, - "500": { - "description": "Failed with an exception.", + "403": { + "description": "Tenant License Expired", "content": { "application/json": { "schema": { @@ -710,8 +762,8 @@ } } }, - "403": { - "description": "Tenant License Expired", + "405": { + "description": "Wrong Http Method", "content": { "application/json": { "schema": { @@ -729,6 +781,26 @@ } } } + }, + "429": { + "description": "Rate Limit Exceeded", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiError" + } + } + } + }, + "200": { + "description": "Template Generated Successfully", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AWSCFTGenResponse" + } + } + } } }, "x-public": "true", @@ -738,60 +810,332 @@ } ] } - } - }, - "components": { - "schemas": { - "AccountGroupInfo": { - "type": "object", - "properties": { - "groupName": { - "type": "string" - }, - "lastModifiedBy": { - "type": "string" - }, - "groupId": { - "type": "string" + }, + "/cas/v1/cloud/{cloudType}/deployment-type": { + "get": { + "tags": [ + "Cloud Accounts (OCI and Alibaba)" + ], + "summary": "Get Cloud Account Deployment Types (Alibaba)", + "description": "List cloud account deployment types. Currently, this is applicable only for Alibaba cloud.", + "operationId": "getCloudDeploymentTypes", + "parameters": [ + { + "name": "cloudType", + "in": "path", + "required": true, + "schema": { + "type": "string", + "description": "Cloud Account Type", + "enum": [ + "alibaba-cloud" + ] + } }, - "autoCreated": { - "type": "boolean" + { + "name": "x-redlock-auth", + "in": "header", + "description": "x-redlock-auth token should be used for U2S API call", + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + } } - } - }, - "CloudAccountFeatureModel": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "mode": { - "type": "string" + ], + "responses": { + "403": { + "description": "Tenant License Expired", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/APIErrorObject" + } + } + } }, - "state": { - "type": "string" + "404": { + "description": "Tenant not found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/APIErrorObject" + } + } + } }, - "displayName": { - "type": "string" - } - } - }, - "IbmCloudAccount": { - "type": "object", - "properties": { - "id": { - "type": "integer", - "format": "int32" + "500": { + "description": "Failed with an Exception, Internal Error Occurred", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/APIErrorObject" + } + } + } }, - "parentId": { - "type": "integer", - "format": "int32" + "429": { + "description": "Rate Limit Exceeded", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/APIErrorObject" + } + } + } }, - "parentAccountId": { - "type": "string" + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/APIErrorObject" + } + } + } }, - "name": { - "type": "string" + "425": { + "description": "Too Early to access the resource", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/APIErrorObject" + } + } + } + }, + "200": { + "description": "Successfully retrieved list of cloud deployment types", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/DeploymentTypeListResponse" + } + } + } + }, + "401": { + "description": "Unauthorized Access", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/APIErrorObject" + } + } + } + }, + "405": { + "description": "Wrong Http Method", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/APIErrorObject" + } + } + } + } + }, + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + } + }, + "components": { + "schemas": { + "ApiError": { + "type": "object", + "properties": { + "status": { + "type": "string", + "enum": [ + "100 CONTINUE", + "101 SWITCHING_PROTOCOLS", + "102 PROCESSING", + "103 CHECKPOINT", + "200 OK", + "201 CREATED", + "202 ACCEPTED", + "203 NON_AUTHORITATIVE_INFORMATION", + "204 NO_CONTENT", + "205 RESET_CONTENT", + "206 PARTIAL_CONTENT", + "207 MULTI_STATUS", + "208 ALREADY_REPORTED", + "226 IM_USED", + "300 MULTIPLE_CHOICES", + "301 MOVED_PERMANENTLY", + "302 FOUND", + "302 MOVED_TEMPORARILY", + "303 SEE_OTHER", + "304 NOT_MODIFIED", + "305 USE_PROXY", + "307 TEMPORARY_REDIRECT", + "308 PERMANENT_REDIRECT", + "400 BAD_REQUEST", + "401 UNAUTHORIZED", + "402 PAYMENT_REQUIRED", + "403 FORBIDDEN", + "404 NOT_FOUND", + "405 METHOD_NOT_ALLOWED", + "406 NOT_ACCEPTABLE", + "407 PROXY_AUTHENTICATION_REQUIRED", + "408 REQUEST_TIMEOUT", + "409 CONFLICT", + "410 GONE", + "411 LENGTH_REQUIRED", + "412 PRECONDITION_FAILED", + "413 PAYLOAD_TOO_LARGE", + "413 REQUEST_ENTITY_TOO_LARGE", + "414 URI_TOO_LONG", + "414 REQUEST_URI_TOO_LONG", + "415 UNSUPPORTED_MEDIA_TYPE", + "416 REQUESTED_RANGE_NOT_SATISFIABLE", + "417 EXPECTATION_FAILED", + "418 I_AM_A_TEAPOT", + "419 INSUFFICIENT_SPACE_ON_RESOURCE", + "420 METHOD_FAILURE", + "421 DESTINATION_LOCKED", + "422 UNPROCESSABLE_ENTITY", + "423 LOCKED", + "424 FAILED_DEPENDENCY", + "425 TOO_EARLY", + "426 UPGRADE_REQUIRED", + "428 PRECONDITION_REQUIRED", + "429 TOO_MANY_REQUESTS", + "431 REQUEST_HEADER_FIELDS_TOO_LARGE", + "451 UNAVAILABLE_FOR_LEGAL_REASONS", + "500 INTERNAL_SERVER_ERROR", + "501 NOT_IMPLEMENTED", + "502 BAD_GATEWAY", + "503 SERVICE_UNAVAILABLE", + "504 GATEWAY_TIMEOUT", + "505 HTTP_VERSION_NOT_SUPPORTED", + "506 VARIANT_ALSO_NEGOTIATES", + "507 INSUFFICIENT_STORAGE", + "508 LOOP_DETECTED", + "509 BANDWIDTH_LIMIT_EXCEEDED", + "510 NOT_EXTENDED", + "511 NETWORK_AUTHENTICATION_REQUIRED" + ] + }, + "timestamp": { + "type": "string", + "format": "date-time" + }, + "message": { + "type": "string" + }, + "debugMessage": { + "type": "string" + } + } + }, + "IBMTemplateGenRequest": { + "type": "object", + "properties": { + "accountType": { + "type": "string" + } + } + }, + "ApiErrorResponse": { + "type": "object", + "properties": { + "error": { + "$ref": "#/components/schemas/NestedApiErrorResponse" + } + } + }, + "NestedApiErrorResponse": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "message": { + "type": "string" + }, + "target": { + "type": "string" + }, + "innerError": { + "$ref": "#/components/schemas/NestedInnerApiErrorResponse" + } + } + }, + "NestedInnerApiErrorResponse": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "supportedValues": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "AccountGroupInfo": { + "type": "object", + "properties": { + "groupName": { + "type": "string" + }, + "lastModifiedBy": { + "type": "string" + }, + "groupId": { + "type": "string" + }, + "autoCreated": { + "type": "boolean" + } + } + }, + "CloudAccountFeatureModel": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "mode": { + "type": "string" + }, + "state": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "defaultMemberState": { + "type": "string" + } + } + }, + "IbmCloudAccount": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int32" + }, + "parentId": { + "type": "integer", + "format": "int32" + }, + "parentAccountId": { + "type": "string" + }, + "name": { + "type": "string" }, "cloudType": { "type": "string", @@ -918,90 +1262,21 @@ } } }, - "ApiErrorResponse": { + "IbmPermissionCheckRequest": { "type": "object", "properties": { - "error": { - "$ref": "#/components/schemas/NestedApiErrorResponse" + "svcIdIamId": { + "type": "string" + }, + "apiKey": { + "type": "string" } } }, - "NestedApiErrorResponse": { + "APIErrorObject": { "type": "object", "properties": { "code": { - "type": "string" - }, - "message": { - "type": "string" - }, - "target": { - "type": "string" - }, - "innerError": { - "$ref": "#/components/schemas/NestedInnerApiErrorResponse" - } - } - }, - "NestedInnerApiErrorResponse": { - "type": "object", - "properties": { - "code": { - "type": "string" - }, - "supportedValues": { - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "CloudAccountFeaturePatchRequest": { - "type": "object", - "properties": { - "mode": { - "type": "string" - }, - "state": { - "type": "string" - } - } - }, - "SuccessResponse": { - "type": "object", - "properties": { - "code": { - "type": "integer", - "format": "int32" - }, - "message": { - "type": "string" - } - } - }, - "ErrorResponse": { - "type": "object", - "properties": { - "code": { - "type": "integer", - "format": "int32" - }, - "message": { - "type": "string" - }, - "timestamp": { - "type": "string" - }, - "details": { - "type": "string" - } - } - }, - "ApiError": { - "type": "object", - "properties": { - "status": { "type": "string", "enum": [ "100 CONTINUE", @@ -1074,211 +1349,300 @@ "511 NETWORK_AUTHENTICATION_REQUIRED" ] }, - "timestamp": { - "type": "string", - "format": "date-time" - }, "message": { "type": "string" }, - "debugMessage": { + "target": { "type": "string" + }, + "innererror": { + "type": "object", + "additionalProperties": { + "type": "object" + } + }, + "innerError": { + "type": "object", + "additionalProperties": { + "type": "object" + }, + "writeOnly": true } } }, - "IamToken": { + "RestAPIErrorResponse": { "type": "object", "properties": { - "exception": { - "type": "object", - "properties": { - "stackTrace": { - "type": "array", - "items": { - "type": "object", - "properties": { - "classLoaderName": { - "type": "string" - }, - "moduleName": { - "type": "string" - }, - "moduleVersion": { - "type": "string" - }, - "methodName": { - "type": "string" - }, - "fileName": { - "type": "string" - }, - "lineNumber": { - "type": "integer", - "format": "int32" - }, - "className": { - "type": "string" - }, - "nativeMethod": { - "type": "boolean" - } - } - } - }, - "message": { - "type": "string" - }, - "suppressed": { - "type": "array", - "items": { - "type": "object", - "properties": { - "stackTrace": { - "type": "array", - "items": { - "type": "object", - "properties": { - "classLoaderName": { - "type": "string" - }, - "moduleName": { - "type": "string" - }, - "moduleVersion": { - "type": "string" - }, - "methodName": { - "type": "string" - }, - "fileName": { - "type": "string" - }, - "lineNumber": { - "type": "integer", - "format": "int32" - }, - "className": { - "type": "string" - }, - "nativeMethod": { - "type": "boolean" - } - } - } - }, - "message": { - "type": "string" - }, - "localizedMessage": { - "type": "string" - } - } - } - }, - "localizedMessage": { - "type": "string" - } - } - }, - "accessToken": { - "type": "string" - }, - "refreshToken": { - "type": "string" - }, - "tokenType": { + "error": { + "$ref": "#/components/schemas/APIErrorObject" + } + } + }, + "AccountStatusMessage": { + "type": "object", + "properties": { + "message": { "type": "string" }, - "expiresIn": { - "type": "integer", - "format": "int64" - }, - "expiration": { - "type": "integer", - "format": "int64" - }, - "tokenValid": { + "staticMessage": { "type": "boolean" } } }, - "IbmAccessTokenResponse": { + "CloudAccountStatus": { "type": "object", "properties": { - "rawToken": { - "$ref": "#/components/schemas/IamToken" + "id": { + "type": "string" }, - "meta": { - "type": "object", - "additionalProperties": { - "type": "object" - } + "name": { + "type": "string" + }, + "status": { + "type": "string" + }, + "statusMessage": { + "$ref": "#/components/schemas/AccountStatusMessage" } } }, - "GCPTokenRequestV2": { + "PermissionCheckResponse": { "type": "object", "properties": { - "scopes": { + "status": { "type": "array", "items": { - "type": "string" + "$ref": "#/components/schemas/CloudAccountStatus" } } } }, - "GCPTokenResponseV2": { + "CloudAccountModel": { "type": "object", "properties": { - "rawAuthToken": { + "customerName": { "type": "string" }, - "expirationTime": { + "customerPrismaId": { "type": "integer", "format": "int64" }, - "meta": { - "type": "object", - "additionalProperties": { - "type": "object" - } - } - } - }, - "AwsCloudAccount": { - "type": "object", - "properties": { - "cloudAccount": { - "$ref": "#/components/schemas/CloudAccount" + "id": { + "type": "integer", + "format": "int32" }, - "roleArn": { + "accountId": { "type": "string" }, - "externalId": { + "name": { "type": "string" }, - "defaultAccountGroupId": { + "cloudType": { "type": "string" }, - "defaultAccountGroupName": { + "accountType": { "type": "string" }, - "memberRoleName": { + "deploymentType": { "type": "string" }, - "memberExternalId": { + "parentId": { "type": "string" }, - "hasMemberRole": { + "parentName": { + "type": "string" + }, + "enabled": { "type": "boolean" }, - "templateUrl": { + "deleted": { + "type": "boolean" + }, + "protectionMode": { "type": "string" }, - "memberTemplateUrl": { + "createdEpochMillis": { + "type": "integer", + "format": "int64" + }, + "createdBy": { "type": "string" }, - "eventbridgeRuleNamePrefix": { + "lastModifiedEpochMillis": { + "type": "integer", + "format": "int64" + }, + "lastModifiedBy": { + "type": "string" + }, + "owner": { + "type": "string" + }, + "deploymentTypeDescription": { + "type": "string" + }, + "hasConfigError": { + "type": "boolean" + }, + "storageScanEnabled": { + "type": "boolean" + }, + "addedOn": { + "type": "integer", + "format": "int64" + }, + "permissionStatusList": { + "type": "array", + "items": { + "$ref": "#/components/schemas/CloudAccountPermissionStatusApiRequest" + } + }, + "features": { + "uniqueItems": true, + "type": "array", + "items": { + "$ref": "#/components/schemas/FeatureDetails" + } + } + } + }, + "CloudAccountPermissionStatusApiRequest": { + "type": "object", + "properties": { + "subComponent": { + "type": "string" + }, + "component": { + "type": "string" + }, + "statusCode": { + "type": "string" + }, + "status": { + "type": "string" + }, + "error": { + "type": "string" + }, + "remediation": { + "type": "string" + }, + "statusTs": { + "type": "integer", + "format": "int64" + }, + "accountId": { + "type": "string" + } + } + }, + "FeatureDetails": { + "type": "object", + "properties": { + "featureName": { + "type": "string" + }, + "featureMode": { + "type": "string" + }, + "createdTs": { + "type": "integer", + "format": "int64" + }, + "featureState": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "defaultMemberState": { + "type": "string" + } + } + }, + "AlibabaAccessTokenResponse": { + "type": "object", + "properties": { + "rawToken": { + "$ref": "#/components/schemas/Credentials" + } + } + }, + "Credentials": { + "type": "object", + "properties": { + "accessKeyId": { + "type": "string" + }, + "secretAccessKey": { + "type": "string" + }, + "sessionToken": { + "type": "string" + }, + "expiration": { + "type": "string", + "format": "date-time" + } + } + }, + "OciCredentialsData": { + "type": "object", + "properties": { + "userName": { + "type": "string" + }, + "userOcid": { + "type": "string" + }, + "groupName": { + "type": "string" + }, + "policyName": { + "type": "string" + }, + "homeRegion": { + "type": "string" + }, + "privateKey": { + "type": "string" + }, + "fingerPrint": { + "type": "string" + }, + "tenancyId": { + "type": "string" + } + } + }, + "AzureCloudAccount": { + "type": "object", + "properties": { + "cloudAccount": { + "$ref": "#/components/schemas/CloudAccount" + }, + "tenantId": { + "type": "string" + }, + "servicePrincipalId": { + "type": "string" + }, + "clientId": { + "type": "string" + }, + "defaultAccountGroupId": { + "type": "string" + }, + "defaultAccountGroupName": { + "type": "string" + }, + "memberSyncEnabled": { + "type": "boolean" + }, + "templateUrl": { + "type": "string" + }, + "key": { "type": "string" }, "customerId": { @@ -1297,11 +1661,20 @@ "type": "string" } }, - "storageScanConfig": { - "$ref": "#/components/schemas/StorageScanConfig" + "monitorFlowLogs": { + "type": "boolean" }, - "storageUUID": { + "environmentType": { + "type": "string" + }, + "accountGroupMode": { "type": "string" + }, + "accountGroupInfos": { + "type": "array", + "items": { + "$ref": "#/components/schemas/AccountGroupInfo" + } } } }, @@ -1385,6 +1758,9 @@ "deploymentTypeDescription": { "type": "string" }, + "autoConsent": { + "type": "string" + }, "features": { "uniqueItems": true, "type": "array", @@ -1394,31 +1770,6 @@ } } }, - "FeatureDetails": { - "type": "object", - "properties": { - "featureName": { - "type": "string" - }, - "featureMode": { - "type": "string" - }, - "createdTs": { - "type": "integer", - "format": "int64" - }, - "lastUpdatedTs": { - "type": "integer", - "format": "int64" - }, - "featureState": { - "type": "string" - }, - "displayName": { - "type": "string" - } - } - }, "HierarchySelection": { "type": "object", "properties": { @@ -1451,236 +1802,11 @@ } } }, - "StorageScanConfig": { + "CloudAccountWithFeatureDetails": { "type": "object", "properties": { - "scanOption": { - "type": "string", - "enum": [ - "Realtime", - "Custom", - "Full", - "Historical" - ] - }, - "buckets": { - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string" - } - } - }, - "snsTopicArn": { - "type": "string" - } - } - }, - "AzureCloudAccount": { - "type": "object", - "properties": { - "cloudAccount": { - "$ref": "#/components/schemas/CloudAccount" - }, - "tenantId": { - "type": "string" - }, - "servicePrincipalId": { - "type": "string" - }, - "clientId": { - "type": "string" - }, - "defaultAccountGroupId": { - "type": "string" - }, - "defaultAccountGroupName": { - "type": "string" - }, - "memberSyncEnabled": { - "type": "boolean" - }, - "templateUrl": { - "type": "string" - }, - "key": { - "type": "string" - }, - "customerId": { - "type": "integer", - "format": "int32" - }, - "hierarchySelection": { - "type": "array", - "items": { - "$ref": "#/components/schemas/HierarchySelection" - } - }, - "groupIds": { - "type": "array", - "items": { - "type": "string" - } - }, - "monitorFlowLogs": { - "type": "boolean" - }, - "environmentType": { - "type": "string" - } - } - }, - "OciCredentialsData": { - "type": "object", - "properties": { - "userName": { - "type": "string" - }, - "userOcid": { - "type": "string" - }, - "groupName": { - "type": "string" - }, - "policyName": { - "type": "string" - }, - "homeRegion": { - "type": "string" - }, - "privateKey": { - "type": "string" - }, - "fingerPrint": { - "type": "string" - }, - "tenancyId": { - "type": "string" - } - } - }, - "CloudAccountModel": { - "type": "object", - "properties": { - "customerName": { - "type": "string" - }, - "customerPrismaId": { - "type": "integer", - "format": "int64" - }, - "id": { - "type": "integer", - "format": "int32" - }, - "accountId": { - "type": "string" - }, - "name": { - "type": "string" - }, - "cloudType": { - "type": "string" - }, - "accountType": { - "type": "string" - }, - "deploymentType": { - "type": "string" - }, - "parentId": { - "type": "string" - }, - "parentName": { - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "deleted": { - "type": "boolean" - }, - "protectionMode": { - "type": "string" - }, - "createdEpochMillis": { - "type": "integer", - "format": "int64" - }, - "createdBy": { - "type": "string" - }, - "lastModifiedEpochMillis": { - "type": "integer", - "format": "int64" - }, - "lastModifiedBy": { - "type": "string" - }, - "owner": { - "type": "string" - }, - "deploymentTypeDescription": { - "type": "string" - }, - "hasConfigError": { - "type": "boolean" - }, - "storageScanEnabled": { - "type": "boolean" - }, - "addedOn": { - "type": "integer", - "format": "int64" - }, - "permissionStatusList": { - "type": "array", - "items": { - "$ref": "#/components/schemas/CloudAccountPermissionStatusApiRequest" - } - }, - "features": { - "uniqueItems": true, - "type": "array", - "items": { - "$ref": "#/components/schemas/FeatureDetails" - } - } - } - }, - "CloudAccountPermissionStatusApiRequest": { - "type": "object", - "properties": { - "subComponent": { - "type": "string" - }, - "component": { - "type": "string" - }, - "statusCode": { - "type": "string" - }, - "status": { - "type": "string" - }, - "error": { - "type": "string" - }, - "remediation": { - "type": "string" - }, - "statusTs": { - "type": "integer", - "format": "int64" - } - } - }, - "CloudAccountFeature": { - "type": "object", - "properties": { - "accountId": { - "type": "string" + "accountId": { + "type": "string" }, "name": { "type": "string" @@ -1756,6 +1882,9 @@ "deploymentTypeDescription": { "type": "string" }, + "autoConsent": { + "type": "string" + }, "features": { "uniqueItems": true, "type": "array", @@ -1768,397 +1897,518 @@ } } }, - "CloudRegions": { - "type": "object", - "properties": { - "regions": { - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "FeaturesAvailableRequest": { - "required": [ - "accountType" - ], + "IamToken": { "type": "object", "properties": { - "accountType": { - "type": "string", - "description": "Cloud Account Type. Supported values based on cloud_type are given below. \n\n * account, organization - cloud_type: **aws**\n\n * account, organization, masterServiceAccount - cloud_type: **gcp**\n\n * account, tenant - cloud_type: **azure**", - "enum": [ - "account", - "organization", - "masterServiceAccount", - "tenant" - ] - }, - "deploymentType": { - "type": "string", - "description": "*Applicable only for cloud_type: **azure**.*\n\n * **azure** - Applicable for Prisma Commercial and Government stacks\n\n * **azure_gov** - Applicable for Prisma Commercial and Government stacks.\n\n * **azure_china** - Applicable for Prisma China Stack.", - "enum": [ - "azure", - "azure_gov", - "azure_china" - ] - }, - "awsPartition": { - "type": "string", - "description": "*Applicable only for cloud_type: **aws** on Prisma Government Stack(**app.gov.prismacloud.io**) given if the Cloud account Global Deployment option is enabled*\n\n * **us-east-1** - AWS Commercial/Global account\n\n * **us-gov-west-1** - AWS GovCloud account.", - "enum": [ - "us-east-1", - "us-gov-west-1" - ] - }, - "rootSyncEnabled": { - "type": "boolean", - "description": "*Applicable only for accountType: **tenant***\n\n In order to onboard the *\\\"tenant\\\"* and its associated **management groups** and **subscriptions**, ```rootSyncEnabled``` must be set to ```true```" + "exception": { + "type": "object", + "properties": { + "stackTrace": { + "type": "array", + "items": { + "type": "object", + "properties": { + "classLoaderName": { + "type": "string" + }, + "moduleName": { + "type": "string" + }, + "moduleVersion": { + "type": "string" + }, + "methodName": { + "type": "string" + }, + "fileName": { + "type": "string" + }, + "lineNumber": { + "type": "integer", + "format": "int32" + }, + "className": { + "type": "string" + }, + "nativeMethod": { + "type": "boolean" + } + } + } + }, + "message": { + "type": "string" + }, + "suppressed": { + "type": "array", + "items": { + "type": "object", + "properties": { + "stackTrace": { + "type": "array", + "items": { + "type": "object", + "properties": { + "classLoaderName": { + "type": "string" + }, + "moduleName": { + "type": "string" + }, + "moduleVersion": { + "type": "string" + }, + "methodName": { + "type": "string" + }, + "fileName": { + "type": "string" + }, + "lineNumber": { + "type": "integer", + "format": "int32" + }, + "className": { + "type": "string" + }, + "nativeMethod": { + "type": "boolean" + } + } + } + }, + "message": { + "type": "string" + }, + "localizedMessage": { + "type": "string" + } + } + } + }, + "localizedMessage": { + "type": "string" + } + } + }, + "accessToken": { + "type": "string" + }, + "refreshToken": { + "type": "string" + }, + "tokenType": { + "type": "string" + }, + "expiresIn": { + "type": "integer", + "format": "int64" + }, + "expiration": { + "type": "integer", + "format": "int64" + }, + "tokenValid": { + "type": "boolean" } } }, - "FeaturesAvailableResponse": { + "IbmAccessTokenResponse": { "type": "object", "properties": { - "cloudType": { - "type": "string", - "description": "Cloud Type" + "rawToken": { + "$ref": "#/components/schemas/IamToken" }, - "deploymentType": { - "type": "string", - "description": "Cloud Account Deployment Type. global, gov, or china" + "meta": { + "type": "object", + "additionalProperties": { + "type": "object" + } + } + } + }, + "CloudRegions": { + "type": "object", + "properties": { + "regions": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "AwsCloudAccount": { + "type": "object", + "properties": { + "cloudAccount": { + "$ref": "#/components/schemas/CloudAccount" }, - "accountType": { - "type": "string", - "description": "Account Type" + "roleArn": { + "type": "string" }, - "licenseType": { + "externalId": { + "type": "string" + }, + "defaultAccountGroupId": { + "type": "string" + }, + "defaultAccountGroupName": { + "type": "string" + }, + "memberRoleName": { + "type": "string" + }, + "memberExternalId": { + "type": "string" + }, + "hasMemberRole": { + "type": "boolean" + }, + "templateUrl": { + "type": "string" + }, + "memberTemplateUrl": { + "type": "string" + }, + "eventbridgeRuleNamePrefix": { + "type": "string" + }, + "assumeRoleAccount": { "type": "string", - "description": "Customer License type." + "enum": [ + "REDLOCK", + "EVIDENT", + "US_GOV", + "CHINA", + "GLOBAL" + ] }, - "supportedFeatures": { + "customerId": { + "type": "integer", + "format": "int32" + }, + "hierarchySelection": { "type": "array", - "description": "List of supported feature names.", "items": { - "type": "string", - "description": "List of supported feature names." + "$ref": "#/components/schemas/HierarchySelection" } + }, + "groupIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "storageScanConfig": { + "$ref": "#/components/schemas/StorageScanConfig" + }, + "storageUUID": { + "type": "string" + }, + "accountGroupInfos": { + "type": "array", + "items": { + "$ref": "#/components/schemas/AccountGroupInfo" + } + }, + "customMemberRoleNameEnabled": { + "type": "boolean" + }, + "unifiedCftDisabled": { + "type": "boolean" + }, + "skipOverrideMemberRoleName": { + "type": "boolean" } } }, - "AWSTemplateGenRequest": { - "required": [ - "accountId", - "accountType" - ], + "StorageScanConfig": { "type": "object", "properties": { - "accountType": { + "scanOption": { "type": "string", - "description": "Cloud Account Type", "enum": [ - "account", - "organization" + "Realtime", + "Custom", + "Full", + "Historical" ] }, - "accountId": { - "type": "string", - "description": "Account Id" + "buckets": { + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string" + } + } }, - "awsPartition": { - "type": "string", - "description": "*Applicable only for Prisma Government Stack(**app.gov.prismacloud.io**) and given if the Cloud account Global Deployment option is enabled*\n\n * **us-east-1** - AWS Commercial/Global account\n\n * **us-gov-west-1** - AWS GovCloud account.", - "enum": [ - "us-east-1", - "us-gov-west-1" - ] + "snsTopicArn": { + "type": "string" + } + } + }, + "GCPTokenRequestV2": { + "type": "object", + "properties": { + "scopes": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "GCPTokenResponseV2": { + "type": "object", + "properties": { + "rawAuthToken": { + "type": "string" }, - "features": { - "uniqueItems": true, + "expirationTime": { + "type": "integer", + "format": "int64" + }, + "meta": { + "type": "object", + "additionalProperties": { + "type": "object" + } + } + } + }, + "CloudAccountBulkFeatureRequest": { + "required": [ + "features", + "memberIds" + ], + "type": "object", + "properties": { + "memberIds": { "type": "array", - "description": "Features for which the permissions should be generated and included in the template. \n\n To get a list of all the supported features, call **[Get Supported Features](/prisma-cloud/api/cspm/fetch-supported-features)** endpoint", - "example": [ - "Remediation" - ], + "description": "List of member ids for which the feature must be enabled or disabled.\n\nFor AWS, specify account ids\n\nFor Azure, specify subscription ids\n\nFor GCP, specify project ids", "items": { "type": "string", - "description": "Features for which the permissions should be generated and included in the template. \n\n To get a list of all the supported features, call **[Get Supported Features](/prisma-cloud/api/cspm/fetch-supported-features)** endpoint", - "example": "[\"Remediation\"]" + "description": "List of member ids for which the feature must be enabled or disabled.\n\nFor AWS, specify account ids\n\nFor Azure, specify subscription ids\n\nFor GCP, specify project ids" + } + }, + "features": { + "type": "array", + "description": "Features to be enabled or disabled. To get a list of all the supported features, see **[Fetch Supported Features endpoint](/prisma-cloud/api/cspm/fetch-supported-features)**.", + "items": { + "$ref": "#/components/schemas/CloudAccountFeatureModel" } } } }, - "AWSTokenRequest": { + "SuccessResponse": { + "type": "object", + "properties": { + "code": { + "type": "integer", + "format": "int32" + }, + "message": { + "type": "string" + } + } + }, + "OrgMember": { "type": "object", "properties": { - "durationInSeconds": { - "type": "integer", - "format": "int32" - }, - "shouldRefreshMaxSessionDuration": { - "type": "boolean" + "name": { + "type": "string" }, - "featureType": { - "type": "string", - "enum": [ - "AWS_S3_FLOWLOG_ACCOUNT_TOKEN", - "AWS_CLOUD_TRAIL", - "NONE" - ] + "parentId": { + "type": "string" }, - "accountOnboardingType": { + "type": { "type": "string", "enum": [ - "MONITORED", - "LOGGING" + "ACCOUNT", + "FOLDER", + "ORG" ] }, - "tenantName": { + "id": { "type": "string" + }, + "onboarded": { + "type": "boolean" } } }, - "AssumeRoleResult": { + "OrgMembersHierarchyResponse": { "type": "object", "properties": { - "sdkResponseMetadata": { - "$ref": "#/components/schemas/ResponseMetadata" - }, - "sdkHttpMetadata": { - "$ref": "#/components/schemas/SdkHttpMetadata" - }, - "credentials": { - "$ref": "#/components/schemas/Credentials" - }, - "assumedRoleUser": { - "$ref": "#/components/schemas/AssumedRoleUser" - }, - "packedPolicySize": { - "type": "integer", - "format": "int32" + "value": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OrgMember" + } }, - "sourceIdentity": { + "nextPageToken": { "type": "string" } } }, - "AssumedRoleUser": { + "AwsLoggingAccount": { "type": "object", "properties": { - "assumedRoleId": { + "accountId": { "type": "string" }, - "arn": { + "accountName": { "type": "string" - } - } - }, - "AwsTokenResponse": { - "type": "object", - "properties": { - "rawToken": { - "$ref": "#/components/schemas/AssumeRoleResult" }, - "meta": { + "loggingAccountBucketMap": { "type": "object", "additionalProperties": { - "type": "object" + "$ref": "#/components/schemas/AwsLoggingAccountBucket" } } } }, - "Credentials": { + "AwsLoggingAccountBucket": { "type": "object", "properties": { - "accessKeyId": { + "monitoredAccountId": { "type": "string" }, - "secretAccessKey": { + "bucketId": { + "type": "integer", + "format": "int32" + }, + "bucketName": { "type": "string" }, - "sessionToken": { + "bucketRegion": { "type": "string" }, - "expiration": { - "type": "string", - "format": "date-time" - } - } - }, - "ResponseMetadata": { - "type": "object", - "properties": { - "requestId": { + "bucketPathPrefix": { + "type": "string" + }, + "kmsKeyArn": { + "type": "string" + }, + "featureName": { "type": "string" } } }, - "SdkHttpMetadata": { + "AwsMonitoredAccount": { "type": "object", "properties": { - "httpHeaders": { - "type": "object", - "additionalProperties": { - "type": "string" - } + "accountId": { + "type": "string" }, - "httpStatusCode": { + "name": { + "type": "string" + }, + "accountTypeId": { "type": "integer", "format": "int32" }, - "allHttpHeaders": { - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string" - } - } - } - } - }, - "APIErrorObject": { - "type": "object", - "properties": { - "code": { + "cloudType": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "parentId": { + "type": "string" + }, + "storageScanEnabled": { + "type": "boolean" + }, + "addedOnTs": { + "type": "integer", + "format": "int64" + }, + "parentName": { + "type": "string" + }, + "accountType": { "type": "string", "enum": [ - "100 CONTINUE", - "101 SWITCHING_PROTOCOLS", - "102 PROCESSING", - "103 CHECKPOINT", - "200 OK", - "201 CREATED", - "202 ACCEPTED", - "203 NON_AUTHORITATIVE_INFORMATION", - "204 NO_CONTENT", - "205 RESET_CONTENT", - "206 PARTIAL_CONTENT", - "207 MULTI_STATUS", - "208 ALREADY_REPORTED", - "226 IM_USED", - "300 MULTIPLE_CHOICES", - "301 MOVED_PERMANENTLY", - "302 FOUND", - "302 MOVED_TEMPORARILY", - "303 SEE_OTHER", - "304 NOT_MODIFIED", - "305 USE_PROXY", - "307 TEMPORARY_REDIRECT", - "308 PERMANENT_REDIRECT", - "400 BAD_REQUEST", - "401 UNAUTHORIZED", - "402 PAYMENT_REQUIRED", - "403 FORBIDDEN", - "404 NOT_FOUND", - "405 METHOD_NOT_ALLOWED", - "406 NOT_ACCEPTABLE", - "407 PROXY_AUTHENTICATION_REQUIRED", - "408 REQUEST_TIMEOUT", - "409 CONFLICT", - "410 GONE", - "411 LENGTH_REQUIRED", - "412 PRECONDITION_FAILED", - "413 PAYLOAD_TOO_LARGE", - "413 REQUEST_ENTITY_TOO_LARGE", - "414 URI_TOO_LONG", - "414 REQUEST_URI_TOO_LONG", - "415 UNSUPPORTED_MEDIA_TYPE", - "416 REQUESTED_RANGE_NOT_SATISFIABLE", - "417 EXPECTATION_FAILED", - "418 I_AM_A_TEAPOT", - "419 INSUFFICIENT_SPACE_ON_RESOURCE", - "420 METHOD_FAILURE", - "421 DESTINATION_LOCKED", - "422 UNPROCESSABLE_ENTITY", - "423 LOCKED", - "424 FAILED_DEPENDENCY", - "425 TOO_EARLY", - "426 UPGRADE_REQUIRED", - "428 PRECONDITION_REQUIRED", - "429 TOO_MANY_REQUESTS", - "431 REQUEST_HEADER_FIELDS_TOO_LARGE", - "451 UNAVAILABLE_FOR_LEGAL_REASONS", - "500 INTERNAL_SERVER_ERROR", - "501 NOT_IMPLEMENTED", - "502 BAD_GATEWAY", - "503 SERVICE_UNAVAILABLE", - "504 GATEWAY_TIMEOUT", - "505 HTTP_VERSION_NOT_SUPPORTED", - "506 VARIANT_ALSO_NEGOTIATES", - "507 INSUFFICIENT_STORAGE", - "508 LOOP_DETECTED", - "509 BANDWIDTH_LIMIT_EXCEEDED", - "510 NOT_EXTENDED", - "511 NETWORK_AUTHENTICATION_REQUIRED" + "account", + "masterServiceAccount", + "compartment", + "management_group", + "organization", + "tenant", + "workspace_domain" ] }, - "message": { + "deleted": { + "type": "boolean" + }, + "protectionMode": { "type": "string" }, - "target": { + "deploymentType": { "type": "string" }, - "innererror": { - "type": "object", - "additionalProperties": { - "type": "object" - } + "customerName": { + "type": "string" }, - "innerError": { - "type": "object", - "additionalProperties": { - "type": "object" - }, - "writeOnly": true - } - } - }, - "RestAPIErrorResponse": { - "type": "object", - "properties": { - "error": { - "$ref": "#/components/schemas/APIErrorObject" - } - } - }, - "AccountStatusMessage": { - "type": "object", - "properties": { - "message": { + "customerPrismaId": { + "type": "integer", + "format": "int64" + }, + "createdEpochMillis": { + "type": "integer", + "format": "int64" + }, + "createdBy": { "type": "string" }, - "staticMessage": { - "type": "boolean" - } - } - }, - "CloudAccountStatus": { - "type": "object", - "properties": { - "id": { + "lastModifiedEpochMillis": { + "type": "integer", + "format": "int64" + }, + "lastModifiedBy": { "type": "string" }, - "name": { + "owner": { "type": "string" }, - "status": { + "deploymentTypeDescription": { "type": "string" }, - "statusMessage": { - "$ref": "#/components/schemas/AccountStatusMessage" - } - } - }, - "PermissionCheckResponse": { - "type": "object", - "properties": { - "status": { + "autoConsent": { + "type": "string" + }, + "features": { + "uniqueItems": true, "type": "array", "items": { - "$ref": "#/components/schemas/CloudAccountStatus" + "$ref": "#/components/schemas/FeatureDetails" + } + }, + "monitoredAccountId": { + "type": "integer", + "format": "int32" + }, + "awsLoggingAccounts": { + "type": "array", + "items": { + "$ref": "#/components/schemas/AwsLoggingAccount" + } + }, + "subscriptionUrl": { + "type": "string" + }, + "topicSubscriptionArnMap": { + "type": "object", + "additionalProperties": { + "type": "string" } + }, + "customerRedlockId": { + "type": "integer", + "format": "int32" } } }, @@ -2180,121 +2430,173 @@ } } }, - "ComponentStatusModel": { + "ErrorResponse": { "type": "object", "properties": { - "component": { - "type": "string" + "code": { + "type": "integer", + "format": "int32" }, - "status": { + "message": { "type": "string" }, - "message": { + "timestamp": { "type": "string" }, - "remediation": { + "details": { "type": "string" } } }, - "ComponentStatusUpdateRequest": { + "IbmCloudAccountResponse": { "type": "object", "properties": { - "statusList": { + "cloudAccount": { + "$ref": "#/components/schemas/CloudAccount" + }, + "customerId": { + "type": "integer", + "format": "int32" + }, + "svcIdIamId": { + "type": "string" + }, + "groupIds": { + "uniqueItems": true, "type": "array", "items": { - "$ref": "#/components/schemas/ComponentStatusModel" + "type": "string" } } } }, - "ComputeLimitStatusResponse": { + "AzureTemplateGenRequest": { + "required": [ + "accountType", + "tenantId" + ], "type": "object", "properties": { - "limit": { - "type": "integer", - "format": "int32" + "accountType": { + "type": "string", + "description": "Cloud account type. \n\n **account** = Azure Subscription \n\n**tenant** = Azure Tenant", + "enum": [ + "account", + "tenant" + ] }, - "isAccountImported": { - "type": "boolean" - } - } - }, - "GcpCloudAccountResponse": { - "type": "object", - "properties": { - "cloudAccount": { - "$ref": "#/components/schemas/CloudAccount" + "subscriptionId": { + "type": "string", + "description": "*Required field for accountType: **account***.\n\n Azure Subscription ID" }, - "hierarchySelection": { + "tenantId": { + "type": "string", + "description": "Azure Directory (Tenant) ID" + }, + "rootSyncEnabled": { + "type": "boolean", + "description": "*Applicable only for accountType: **tenant***\n\n In order to onboard the account type **tenant** and its associated **management groups** and **subscriptions**, ```rootSyncEnabled``` must be set to ```true```" + }, + "features": { "uniqueItems": true, "type": "array", + "description": "Features for which the permissions should be generated and included in the template. \n\n To get a list of all the supported features, call **[Get Supported Features](/prisma-cloud/api/cspm/fetch-supported-features)** endpoint", + "example": [ + "Remediation" + ], "items": { - "$ref": "#/components/schemas/HierarchySelection" + "type": "string", + "description": "Features for which the permissions should be generated and included in the template. \n\n To get a list of all the supported features, call **[Get Supported Features](/prisma-cloud/api/cspm/fetch-supported-features)** endpoint", + "example": "[\"Remediation\"]" } }, - "parentId": { - "type": "string" - }, - "customerId": { + "deploymentType": { + "type": "string", + "description": "*Applicable only for Prisma Commercial and Government stacks* \n\n**azure** = Commercial deployment type\n\n**azure_gov** = Government deployment type", + "enum": [ + "azure", + "azure_gov" + ] + } + } + }, + "GCPTokenRequest": { + "type": "object", + "properties": { + "tokenExpirationDurationInSeconds": { "type": "integer", "format": "int32" }, - "projectId": { - "type": "string" - }, - "serviceAccountEmail": { - "type": "string" - }, - "authenticationType": { + "serviceUrl": { "type": "string" - }, - "flowLogStorageBucket": { + } + } + }, + "GCPTokenResponse": { + "type": "object", + "properties": { + "rawToken": { "type": "string" }, - "compressionEnabled": { - "type": "boolean" - }, - "accountGroupCreationMode": { + "sessionToken": { "type": "string" }, - "dataflowEnabledProject": { - "type": "string" + "expirationTime": { + "type": "integer", + "format": "int64" }, - "credentials": { + "meta": { "type": "object", "additionalProperties": { "type": "object" } + } + } + }, + "PermissionsRequest": { + "type": "object", + "properties": { + "accountType": { + "type": "string" }, - "defaultAccountGroupId": { + "deploymentType": { "type": "string" }, - "groupIds": { - "type": "array", - "items": { - "type": "string" - } + "awsPartition": { + "type": "string" }, - "organizationName": { + "authenticationType": { "type": "string" } } }, - "IbmCloudAccountResponse": { + "AppCapabilityPermissionMapping": { "type": "object", "properties": { - "cloudAccount": { - "$ref": "#/components/schemas/CloudAccount" + "label": { + "type": "string" }, - "customerId": { - "type": "integer", - "format": "int32" + "feature": { + "type": "string" }, - "svcIdIamId": { + "mode": { "type": "string" }, - "groupIds": { + "permissions": { + "uniqueItems": true, + "type": "array", + "items": { + "type": "string" + } + }, + "roles": { + "uniqueItems": true, + "type": "array", + "items": { + "type": "string" + } + }, + "services": { "uniqueItems": true, "type": "array", "items": { @@ -2303,104 +2605,186 @@ } } }, - "AddComputeLimitRequest": { - "required": [ - "importedAccounts", - "limit" - ], + "AzureTokenRequest": { "type": "object", "properties": { - "limit": { - "minimum": 1, - "type": "integer", - "format": "int32" + "resource": { + "type": "string" + } + } + }, + "AzureTokenResponse": { + "type": "object", + "properties": { + "rawToken": { + "$ref": "#/components/schemas/IAuthenticationResultResponse" }, - "importedAccounts": { - "type": "array", - "items": { - "type": "string" + "meta": { + "type": "object", + "additionalProperties": { + "type": "object" } } } }, - "AwsLoggingAccountBucket": { + "IAuthenticationResultResponse": { "type": "object", "properties": { - "bucketName": { + "accessTokenType": { "type": "string" }, - "bucketRegion": { - "type": "string" + "expiresOn": { + "type": "integer", + "format": "int64" }, - "bucketPathPrefix": { + "idToken": { "type": "string" }, - "kmsKeyArn": { + "accessToken": { "type": "string" }, - "featureName": { - "type": "string" + "expiresAfter": { + "type": "integer", + "format": "int64" + }, + "expiresOnDate": { + "type": "string", + "format": "date-time" + }, + "multipleResourceRefreshToken": { + "type": "boolean" } } }, - "AwsLoggingAccountResponse": { + "ComputeLimitStatusResponse": { "type": "object", "properties": { - "loggingAccountId": { - "type": "string" + "limit": { + "type": "integer", + "format": "int32" }, - "loggingAccountName": { - "type": "string" + "isAccountImported": { + "type": "boolean" + } + } + }, + "GCPTemplateGenRequest": { + "required": [ + "accountType", + "authenticationType", + "orgId", + "projectId" + ], + "type": "object", + "properties": { + "accountType": { + "type": "string", + "description": "Cloud Account Type\n\n**account**: GCP Project\n\n**organization**: GCP Organization\n\n**masterServiceAccount**: Onboards all GCP projects that are accessible by the service account", + "enum": [ + "account", + "organization", + "masterServiceAccount" + ] }, - "roleArn": { - "type": "string" + "projectId": { + "type": "string", + "description": "ID of your GCP project that must be onboarded.\n\nApplicable only if `accountType` is **account** or **masterServiceAccount**." }, - "loggingAccountBucketMap": { + "orgId": { + "type": "string", + "description": "ID of the GCP organization to be onboarded.\n\nApplicable only if the `accountType` is **organization**" + }, + "flowLogBucket": { + "type": "string", + "description": "Cloud Storage Bucket name that stores the flow logs.\n\nRequired only if you want to enable flow logs and associate required permissions for the flow logs bucket" + }, + "authenticationType": { + "type": "string", + "description": "**service_account**: Service Account Key\n\n**Default value**: service_account\n\nAuthentication mode used by Prisma Cloud to authenticate with GCP.", + "enum": [ + "service_account" + ] + }, + "features": { + "uniqueItems": true, "type": "array", + "description": "Features for which the permissions should be generated and included in the template.\nTo get a list of all the supported features, see **[Get Supported Features](/prisma-cloud/api/cspm/fetch-supported-features)** endpoint", + "example": [ + "Remediation" + ], "items": { - "$ref": "#/components/schemas/AwsLoggingAccountBucket" + "type": "string", + "description": "Features for which the permissions should be generated and included in the template.\nTo get a list of all the supported features, see **[Get Supported Features](/prisma-cloud/api/cspm/fetch-supported-features)** endpoint", + "example": "[\"Remediation\"]" } } } }, - "CloudAccountFeatureSaveRequest": { + "FeaturesAvailableRequest": { "required": [ - "featureName" + "accountType" ], "type": "object", "properties": { - "featureName": { - "type": "string" + "accountType": { + "type": "string", + "description": "Cloud Account Type. Supported values based on cloud_type are given below. \n\n * account, organization - cloud_type: **aws**\n\n * account, organization, masterServiceAccount - cloud_type: **gcp**\n\n * account, tenant - cloud_type: **azure**", + "enum": [ + "account", + "organization", + "masterServiceAccount", + "tenant" + ] }, - "mode": { - "type": "string" + "deploymentType": { + "type": "string", + "description": "*Applicable only for cloud_type: **azure**.*\n\n * **azure** - Applicable for Prisma Commercial and Government stacks\n\n * **azure_gov** - Applicable for Prisma Commercial and Government stacks.\n\n * **azure_china** - Applicable for Prisma China Stack.", + "enum": [ + "azure", + "azure_gov", + "azure_china" + ] }, - "state": { - "type": "string" + "awsPartition": { + "type": "string", + "description": "*Applicable only for cloud_type: **aws** on Prisma Government Stack(**app.gov.prismacloud.io**) given if the Cloud account Global Deployment option is enabled*\n\n * **us-east-1** - AWS Commercial/Global account\n\n * **us-gov-west-1** - AWS GovCloud account.", + "enum": [ + "us-east-1", + "us-gov-west-1" + ] + }, + "rootSyncEnabled": { + "type": "boolean", + "description": "*Applicable only for accountType: **tenant***\n\n In order to onboard the *\\\"tenant\\\"* and its associated **management groups** and **subscriptions**, ```rootSyncEnabled``` must be set to ```true```" } } }, - "AccountGroup": { + "FeaturesAvailableResponse": { "type": "object", "properties": { - "id": { - "type": "string" - }, - "name": { - "type": "string" + "cloudType": { + "type": "string", + "description": "Cloud Type" }, - "description": { - "type": "string" + "deploymentType": { + "type": "string", + "description": "Cloud Account Deployment Type. global, gov, or china" }, - "lastModifiedBy": { - "type": "string" + "accountType": { + "type": "string", + "description": "Account Type" }, - "lastModifiedTs": { - "type": "integer", - "format": "int64" + "licenseType": { + "type": "string", + "description": "Customer License type." }, - "autoCreated": { - "type": "boolean" + "supportedFeatures": { + "type": "array", + "description": "List of supported feature names.", + "items": { + "type": "string", + "description": "List of supported feature names." + } } } }, @@ -2447,373 +2831,240 @@ }, "policyName": { "type": "string" - } - } - }, - "AzureTokenRequest": { - "type": "object", - "properties": { - "resource": { - "type": "string" - } - } - }, - "AzureTokenResponse": { - "type": "object", - "properties": { - "rawToken": { - "$ref": "#/components/schemas/IAuthenticationResultResponse" }, - "meta": { - "type": "object", - "additionalProperties": { - "type": "object" - } + "autoConsent": { + "type": "string" } } }, - "IAuthenticationResultResponse": { + "AccountGroup": { "type": "object", "properties": { - "accessTokenType": { + "id": { "type": "string" }, - "expiresOn": { - "type": "integer", - "format": "int64" + "name": { + "type": "string" }, - "idToken": { + "description": { "type": "string" }, - "accessToken": { + "lastModifiedBy": { "type": "string" }, - "expiresAfter": { + "lastModifiedTs": { "type": "integer", "format": "int64" }, - "expiresOnDate": { - "type": "string", - "format": "date-time" - }, - "multipleResourceRefreshToken": { + "autoCreated": { "type": "boolean" } } }, - "PermissionsRequest": { + "AWSTokenRequest": { "type": "object", "properties": { - "accountType": { - "type": "string" + "durationInSeconds": { + "type": "integer", + "format": "int32" }, - "deploymentType": { + "shouldRefreshMaxSessionDuration": { + "type": "boolean" + }, + "featureType": { + "type": "string", + "enum": [ + "AWS_S3_FLOWLOG_ACCOUNT_TOKEN", + "AWS_CLOUD_TRAIL", + "NONE" + ] + }, + "accountOnboardingType": { + "type": "string", + "enum": [ + "MONITORED", + "LOGGING" + ] + }, + "tenantName": { "type": "string" + } + } + }, + "AssumeRoleResult": { + "type": "object", + "properties": { + "sdkResponseMetadata": { + "$ref": "#/components/schemas/ResponseMetadata" + }, + "sdkHttpMetadata": { + "$ref": "#/components/schemas/SdkHttpMetadata" + }, + "credentials": { + "$ref": "#/components/schemas/Credentials" + }, + "assumedRoleUser": { + "$ref": "#/components/schemas/AssumedRoleUser" }, - "awsPartition": { - "type": "string" + "packedPolicySize": { + "type": "integer", + "format": "int32" }, - "authenticationType": { + "sourceIdentity": { "type": "string" } } }, - "AppCapabilityPermissionMapping": { + "AssumedRoleUser": { "type": "object", "properties": { - "label": { - "type": "string" - }, - "feature": { + "assumedRoleId": { "type": "string" }, - "mode": { + "arn": { "type": "string" - }, - "permissions": { - "uniqueItems": true, - "type": "array", - "items": { - "type": "string" - } - }, - "roles": { - "uniqueItems": true, - "type": "array", - "items": { - "type": "string" - } - }, - "services": { - "uniqueItems": true, - "type": "array", - "items": { - "type": "string" - } } } }, - "DeploymentTypeListResponse": { + "AwsTokenResponse": { "type": "object", "properties": { - "value": { - "type": "array", - "items": { - "$ref": "#/components/schemas/DeploymentTypeResponse" + "rawToken": { + "$ref": "#/components/schemas/AssumeRoleResult" + }, + "meta": { + "type": "object", + "additionalProperties": { + "type": "object" } } } }, - "DeploymentTypeResponse": { + "ResponseMetadata": { "type": "object", "properties": { - "deploymentType": { - "type": "string" - }, - "displayName": { + "requestId": { "type": "string" } } }, - "AwsLoggingAccount": { + "SdkHttpMetadata": { "type": "object", "properties": { - "accountId": { - "type": "string" + "httpHeaders": { + "type": "object", + "additionalProperties": { + "type": "string" + } }, - "accountName": { - "type": "string" + "httpStatusCode": { + "type": "integer", + "format": "int32" }, - "loggingAccountBucketMap": { + "allHttpHeaders": { "type": "object", "additionalProperties": { - "$ref": "#/components/schemas/AwsLoggingAccountBucket" + "type": "array", + "items": { + "type": "string" + } } } } }, - "AWSCFTGenResponse": { - "type": "object", - "properties": { - "createStackLinkWithS3PresignedUrl": { - "type": "string", - "description": "AWS Cloudformation Stack Quick Create link." - }, - "externalId": { - "type": "string" - } - } - }, - "CloudAccountIdentity": { + "AwsLoggingAccountResponse": { "type": "object", "properties": { - "accountId": { - "type": "string" - }, - "name": { + "loggingAccountId": { "type": "string" }, - "cloudType": { - "type": "string", - "enum": [ - "all", - "aws", - "azure", - "gcp", - "alibaba_cloud", - "oci", - "other", - "ibm" - ] - }, - "parentAccountId": { + "loggingAccountName": { "type": "string" }, - "parentName": { + "roleArn": { "type": "string" }, - "isOnboarded": { - "type": "boolean" - }, - "id": { - "type": "integer", - "format": "int32", - "writeOnly": true - } - } - }, - "CloudAccountMetadataPage": { - "type": "object", - "properties": { - "cloudAccounts": { + "loggingAccountBucketMap": { "type": "array", "items": { - "$ref": "#/components/schemas/CloudAccountIdentity" + "$ref": "#/components/schemas/AwsLoggingAccountBucket" } } } }, - "GCPTemplateGenRequest": { + "AWSTemplateGenRequest": { "required": [ - "accountType", - "authenticationType", - "orgId", - "projectId" + "accountId", + "accountType" ], "type": "object", "properties": { "accountType": { "type": "string", - "description": "Cloud Account Type\n\n**account**: GCP Project\n\n**organization**: GCP Organization\n\n**masterServiceAccount**: Onboards all GCP projects that are accessible by the service account", + "description": "Cloud Account Type", "enum": [ "account", - "organization", - "masterServiceAccount" + "organization" ] }, - "projectId": { - "type": "string", - "description": "ID of your GCP project that must be onboarded.\n\nApplicable only if `accountType` is **account** or **masterServiceAccount**." - }, - "orgId": { - "type": "string", - "description": "ID of the GCP organization to be onboarded.\n\nApplicable only if the `accountType` is **organization**" - }, - "flowLogBucket": { + "accountId": { "type": "string", - "description": "Cloud Storage Bucket name that stores the flow logs.\n\nRequired only if you want to enable flow logs and associate required permissions for the flow logs bucket" + "description": "Account Id" }, - "authenticationType": { + "awsPartition": { "type": "string", - "description": "**service_account**: Service Account Key\n\n**Default value**: service_account\n\nAuthentication mode used by Prisma Cloud to authenticate with GCP.", + "description": "*Applicable only for Prisma Government Stack(**app.gov.prismacloud.io**) and given if the Cloud account Global Deployment option is enabled*\n\n * **us-east-1** - AWS Commercial/Global account\n\n * **us-gov-west-1** - AWS GovCloud account.", "enum": [ - "service_account" + "us-east-1", + "us-gov-west-1" ] }, "features": { "uniqueItems": true, "type": "array", - "description": "Features for which the permissions should be generated and included in the template.\nTo get a list of all the supported features, see **[Get Supported Features](/prisma-cloud/api/cspm/fetch-supported-features)** endpoint", + "description": "Features for which the permissions should be generated and included in the template. \n\n To get a list of all the supported features, call **[Get Supported Features](/prisma-cloud/api/cspm/fetch-supported-features)** endpoint", "example": [ "Remediation" ], "items": { "type": "string", - "description": "Features for which the permissions should be generated and included in the template.\nTo get a list of all the supported features, see **[Get Supported Features](/prisma-cloud/api/cspm/fetch-supported-features)** endpoint", + "description": "Features for which the permissions should be generated and included in the template. \n\n To get a list of all the supported features, call **[Get Supported Features](/prisma-cloud/api/cspm/fetch-supported-features)** endpoint", "example": "[\"Remediation\"]" } - } - } - }, - "AwsMonitoredAccount": { - "type": "object", - "properties": { - "accountId": { - "type": "string" - }, - "name": { - "type": "string" - }, - "accountTypeId": { - "type": "integer", - "format": "int32" - }, - "cloudType": { - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "parentId": { - "type": "string" - }, - "storageScanEnabled": { - "type": "boolean" - }, - "addedOnTs": { - "type": "integer", - "format": "int64" - }, - "parentName": { - "type": "string" - }, - "accountType": { - "type": "string", - "enum": [ - "account", - "masterServiceAccount", - "compartment", - "management_group", - "organization", - "tenant", - "workspace_domain" - ] - }, - "deleted": { - "type": "boolean" - }, - "protectionMode": { - "type": "string" - }, - "deploymentType": { - "type": "string" - }, - "customerName": { - "type": "string" - }, - "customerPrismaId": { - "type": "integer", - "format": "int64" - }, - "createdEpochMillis": { - "type": "integer", - "format": "int64" - }, - "createdBy": { - "type": "string" - }, - "lastModifiedEpochMillis": { - "type": "integer", - "format": "int64" - }, - "lastModifiedBy": { - "type": "string" - }, - "owner": { - "type": "string" - }, - "deploymentTypeDescription": { - "type": "string" - }, - "features": { - "uniqueItems": true, - "type": "array", - "items": { - "$ref": "#/components/schemas/FeatureDetails" - } }, - "monitoredAccountId": { + "customMemberRoleNameEnabled": { + "type": "boolean", + "description": "Applicable only when accountType is organization the default is `false`. However, if given as true, the user has to provide a memberRole name" + }, + "cftType": { + "type": "string", + "description": "Specify which type of cft you want to download", + "enum": [ + "org_member", + "org_management", + "org_management_member", + "account" + ] + } + } + }, + "AddComputeLimitRequest": { + "required": [ + "importedAccounts", + "limit" + ], + "type": "object", + "properties": { + "limit": { + "minimum": 1, "type": "integer", "format": "int32" }, - "awsLoggingAccounts": { + "importedAccounts": { "type": "array", "items": { - "$ref": "#/components/schemas/AwsLoggingAccount" - } - }, - "subscriptionUrl": { - "type": "string" - }, - "topicSubscriptionArnMap": { - "type": "object", - "additionalProperties": { "type": "string" } - }, - "customerRedlockId": { - "type": "integer", - "format": "int32" } } }, @@ -2861,6 +3112,96 @@ } } }, + "CloudAccountFeaturePatchRequest": { + "type": "object", + "properties": { + "mode": { + "type": "string" + }, + "state": { + "type": "string" + } + } + }, + "AWSCFTGenResponse": { + "type": "object", + "properties": { + "createStackLinkWithS3PresignedUrl": { + "type": "string", + "description": "AWS Cloudformation Stack Quick Create link." + }, + "externalId": { + "type": "string" + } + } + }, + "GcpCloudAccountResponse": { + "type": "object", + "properties": { + "cloudAccount": { + "$ref": "#/components/schemas/CloudAccount" + }, + "hierarchySelection": { + "uniqueItems": true, + "type": "array", + "items": { + "$ref": "#/components/schemas/HierarchySelection" + } + }, + "parentId": { + "type": "string" + }, + "customerId": { + "type": "integer", + "format": "int32" + }, + "projectId": { + "type": "string" + }, + "serviceAccountEmail": { + "type": "string" + }, + "authenticationType": { + "type": "string" + }, + "flowLogStorageBucket": { + "type": "string" + }, + "compressionEnabled": { + "type": "boolean" + }, + "accountGroupCreationMode": { + "type": "string" + }, + "dataflowEnabledProject": { + "type": "string" + }, + "credentials": { + "type": "object", + "additionalProperties": { + "type": "object" + } + }, + "defaultAccountGroupId": { + "type": "string" + }, + "groupIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "organizationName": { + "type": "string" + }, + "accountGroupInfos": { + "type": "array", + "items": { + "$ref": "#/components/schemas/AccountGroupInfo" + } + } + } + }, "CloudAccountSecret": { "type": "object", "properties": { @@ -2890,94 +3231,119 @@ } } }, - "IBMTemplateGenRequest": { + "DeploymentTypeListResponse": { "type": "object", "properties": { - "accountType": { - "type": "string" + "value": { + "type": "array", + "items": { + "$ref": "#/components/schemas/DeploymentTypeResponse" + } } } }, - "GCPTokenRequest": { + "DeploymentTypeResponse": { "type": "object", "properties": { - "tokenExpirationDurationInSeconds": { - "type": "integer", - "format": "int32" + "deploymentType": { + "type": "string" }, - "serviceUrl": { + "displayName": { "type": "string" } } }, - "GCPTokenResponse": { + "CloudAccountIdentity": { "type": "object", "properties": { - "rawToken": { + "accountId": { "type": "string" }, - "sessionToken": { + "name": { "type": "string" }, - "expirationTime": { - "type": "integer", - "format": "int64" + "cloudType": { + "type": "string", + "enum": [ + "all", + "aws", + "azure", + "gcp", + "alibaba_cloud", + "oci", + "other", + "ibm" + ] }, - "meta": { - "type": "object", - "additionalProperties": { - "type": "object" + "parentAccountId": { + "type": "string" + }, + "parentName": { + "type": "string" + }, + "isOnboarded": { + "type": "boolean" + }, + "id": { + "type": "integer", + "format": "int32", + "writeOnly": true + } + } + }, + "CloudAccountMetadataPage": { + "type": "object", + "properties": { + "cloudAccounts": { + "type": "array", + "items": { + "$ref": "#/components/schemas/CloudAccountIdentity" } } } }, - "AzureTemplateGenRequest": { + "CloudAccountFeatureSaveRequest": { "required": [ - "accountType", - "tenantId" + "featureName" ], "type": "object", "properties": { - "accountType": { - "type": "string", - "description": "Cloud account type. \n\n **account** = Azure Subscription \n\n**tenant** = Azure Tenant", - "enum": [ - "account", - "tenant" - ] + "featureName": { + "type": "string" }, - "subscriptionId": { - "type": "string", - "description": "*Required field for accountType: **account***.\n\n Azure Subscription ID" + "mode": { + "type": "string" }, - "tenantId": { - "type": "string", - "description": "Azure Directory (Tenant) ID" + "state": { + "type": "string" + } + } + }, + "ComponentStatusModel": { + "type": "object", + "properties": { + "component": { + "type": "string" }, - "rootSyncEnabled": { - "type": "boolean", - "description": "*Applicable only for accountType: **tenant***\n\n In order to onboard the account type **tenant** and its associated **management groups** and **subscriptions**, ```rootSyncEnabled``` must be set to ```true```" + "status": { + "type": "string" }, - "features": { - "uniqueItems": true, + "message": { + "type": "string" + }, + "remediation": { + "type": "string" + } + } + }, + "ComponentStatusUpdateRequest": { + "type": "object", + "properties": { + "statusList": { "type": "array", - "description": "Features for which the permissions should be generated and included in the template. \n\n To get a list of all the supported features, call **[Get Supported Features](/prisma-cloud/api/cspm/fetch-supported-features)** endpoint", - "example": [ - "Remediation" - ], "items": { - "type": "string", - "description": "Features for which the permissions should be generated and included in the template. \n\n To get a list of all the supported features, call **[Get Supported Features](/prisma-cloud/api/cspm/fetch-supported-features)** endpoint", - "example": "[\"Remediation\"]" + "$ref": "#/components/schemas/ComponentStatusModel" } - }, - "deploymentType": { - "type": "string", - "description": "*Applicable only for Prisma Commercial and Government stacks* \n\n**azure** = Commercial deployment type\n\n**azure_gov** = Government deployment type", - "enum": [ - "azure", - "azure_gov" - ] } } } diff --git a/openapi-specs/cspm/consolidated_spec/all_endpoints.csv b/openapi-specs/cspm/consolidated_spec/all_endpoints.csv index 2d93e18ca..14665da08 100644 --- a/openapi-specs/cspm/consolidated_spec/all_endpoints.csv +++ b/openapi-specs/cspm/consolidated_spec/all_endpoints.csv @@ -139,12 +139,13 @@ "put","/cloud/{cloud_type}/{id}","Update Cloud Account (OCI and Alibaba)","update-cloud-account","Cloud Accounts (OCI and Alibaba)","Monolith" "post","/cloud/status/{cloud_type}","Get Cloud Account Status (OCI and Alibaba)","get-cloud-account-status","Cloud Accounts (OCI and Alibaba)","Monolith" "post","/cloud/oci/terraform","Generate Zipped Terraform Script (OCI)","generateterraformscript","Cloud Accounts (OCI and Alibaba)","Monolith" +"put","/cas/api/v1/org/{id}/features","Enable a Feature for Members","save-Bulk-Cloud-Account-Feature","Cloud Accounts (All)","CloudAccountsMicroService.json" +"post","/cas/v1/azure_template","Generate and Download the Terraform template (Azure)","generate-template-link","Cloud Accounts (Azure)","CloudAccountsMicroService.json" +"post","/cas/v1/gcp_template","Generate and Download the Terraform Template (GCP)","generate-template-link-gcp-gcp","Cloud Accounts (GCP)","CloudAccountsMicroService.json" "post","/cas/v1/features/cloud/{cloud_type}","Fetch Supported Features For Cloud Type","fetch-supported-features","Cloud Accounts (All)","CloudAccountsMicroService.json" "post","/cas/v1/aws_template","Generate and Download the CFT Template (AWS)","generate-cft-template-aws","Cloud Accounts (AWS)","CloudAccountsMicroService.json" -"get","/cas/v1/cloud/{cloudType}/deployment-type","Get Cloud Account Deployment Types (Alibaba)","getCloudDeploymentTypes","Cloud Accounts (OCI and Alibaba)","CloudAccountsMicroService.json" "post","/cas/v1/aws_template/presigned_url","Generate the CFT Template Link (AWS)","generate-cft-template-link-aws","Cloud Accounts (AWS)","CloudAccountsMicroService.json" -"post","/cas/v1/gcp_template","Generate and Download the Terraform Template (GCP)","generate-template-link-gcp-gcp","Cloud Accounts (GCP)","CloudAccountsMicroService.json" -"post","/cas/v1/azure_template","Generate and Download the Terraform template (Azure)","generate-template-link","Cloud Accounts (Azure)","CloudAccountsMicroService.json" +"get","/cas/v1/cloud/{cloudType}/deployment-type","Get Cloud Account Deployment Types (Alibaba)","getCloudDeploymentTypes","Cloud Accounts (OCI and Alibaba)","CloudAccountsMicroService.json" "get","/entitlement/api/v1/collection/{id}","Get Collection by ID","get-collection-by-id","Collections","Monolith" "put","/entitlement/api/v1/collection/{id}","Update Collection","update-collection-by-id","Collections","Monolith" "delete","/entitlement/api/v1/collection/{id}","Delete Collection","delete-collection-by-id","Collections","Monolith"