diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 00000000..75fac308 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +code_samples/java/** linguist-generated=true diff --git a/.github/vale-styles/config/vocabularies/Opentdf/accept.txt b/.github/vale-styles/config/vocabularies/Opentdf/accept.txt index 6062987e..30aa1dc6 100644 --- a/.github/vale-styles/config/vocabularies/Opentdf/accept.txt +++ b/.github/vale-styles/config/vocabularies/Opentdf/accept.txt @@ -21,4 +21,5 @@ assertation JavaScript Autoconfigure requester(?('s)) -rewrap(?(s)) \ No newline at end of file +rewrap(?(s)) +ABAC \ No newline at end of file diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 040ca34f..b17768d1 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -23,6 +23,8 @@ jobs: - name: Install dependencies run: npm ci + - name: Download latest OpenAPI specs + run: npm run update-vendored-yaml - name: Build website run: npm run build diff --git a/.github/workflows/docker-compose-test.yml b/.github/workflows/docker-compose-test.yml new file mode 100644 index 00000000..17afea1c --- /dev/null +++ b/.github/workflows/docker-compose-test.yml @@ -0,0 +1,96 @@ +name: Docker Compose Stack Test + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + workflow_dispatch: + +jobs: + test-stack: + runs-on: ubuntu-latest + timeout-minutes: 15 + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Add hosts entries + run: | + echo -e "127.0.0.1 platform.opentdf.local\n127.0.0.1 keycloak.opentdf.local" | sudo tee -a /etc/hosts + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Setup Docker's apt repository + run: | + # Add Docker's official GPG key: + sudo apt update + sudo apt install ca-certificates curl + sudo install -m 0755 -d /etc/apt/keyrings + sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc + sudo chmod a+r /etc/apt/keyrings/docker.asc + + # Add the repository to Apt sources: + sudo tee /etc/apt/sources.list.d/docker.sources </dev/null || echo "") + + if [ -n "$response" ]; then + http_code=$(echo "$response" | tail -n1) + body=$(echo "$response" | head -n1) + + echo "HTTP Code: $http_code" + echo "Response Body: $body" + + if [ "$http_code" = "200" ] && echo "$body" | grep -q '"status":"SERVING"'; then + echo "✓ Platform is ready!" + exit 0 + fi + fi + + sleep $interval + elapsed=$((elapsed + interval)) + done + + echo "✗ Timeout waiting for platform to become ready" + exit 1 + + - name: Show container logs on failure + if: failure() + working-directory: docs/getting-started + run: | + docker compose ps + docker compose logs diff --git a/.gitignore b/.gitignore index 71d35fc7..5654a4cc 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,29 @@ +# Generated content from OpenAPI specs +specs/ specs-processed/ -docs/OpenAPI-clients/ +docs/reference/OpenAPI-clients/ + +# Generated content (legacy - can be removed if no longer used) docs/SDK-Samples/ +# Remote Content - Generated by docusaurus-plugin-remote-content +# Specifications from opentdf/spec repo +/docs/reference/trusted-data-format/specifications/index.md +/docs/reference/trusted-data-format/specifications/**/*.md +/docs/reference/trusted-data-format/specifications/**/_category_.json +# CLI documentation from opentdf/otdfctl repo +/docs/explanation/platform-architecture/components/cli/ +# Platform configuration from opentdf/platform repo +/docs/how-to/getting-started/configuration.md +# Static images from opentdf/spec repo +/static/img/ecc_and_binding.svg +/static/img/nanotdf.svg +/static/img/symmetric_and_payload.svg +/static/img/filecontents.svg + # Dependencies /node_modules +node_modules # Production /build @@ -11,26 +31,24 @@ docs/SDK-Samples/ # Generated files .docusaurus .cache-loader -# Ignore all generated _category_.json files in docs/spec -/docs/spec/**/_category_.json +docs/.index.json +*.backup -# Misc -.DS_Store +# Environment files .env.local .env.development.local .env.test.local .env.production.local +# Logs npm-debug.log* yarn-debug.log* yarn-error.log* -node_modules -# Ignore Remote Content -/docs/spec/index.md -/docs/spec/**/*.md -/docs/components/cli/ -/docs/getting-started/configuration.md +# macOS +.DS_Store + + /.idea/ diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a79b0a26..eb5383a6 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,25 +1,455 @@ -# Contributing +# Contributing to OpenTDF Documentation -The information below is meant for documentation contributors. +> Thank you for your interest in improving OpenTDF documentation! This guide will help you contribute effectively. +## Table of Contents -## Prerequisites +- [Getting Started](#getting-started) +- [Types of Contributions](#types-of-contributions) +- [Development Setup](#development-setup) +- [Writing Guidelines](#writing-guidelines) +- [Contribution Workflow](#contribution-workflow) +- [Review Process](#review-process) +- [Community Guidelines](#community-guidelines) -- [Vale](https://vale.sh/docs/vale-cli/installation/) +## Getting Started +### Before You Begin -## Check spelling and grammar for your changes +1. **Check existing issues**: Look for [open documentation issues](https://github.com/opentdf/docs/issues) to see if someone's already working on what you want to improve +2. **Read our style guide**: Familiarize yourself with our [Style Guide](STYLE_GUIDE.md) +3. **Understand our structure**: Review how we organize content into four categories: + - 🚀 **Tutorials**: Learning-oriented, hands-on guides + - 📖 **How-To Guides**: Problem-solving, task-oriented instructions + - 💡 **Explanations**: Understanding-oriented, conceptual content + - 📚 **Reference**: Information-oriented, lookup material -Install the required vale packages -```shell -vale sync -``` +### What Makes a Good Contribution + +- **User-focused**: Addresses real user needs and pain points +- **Tested**: All instructions and code examples actually work +- **Clear**: Written in plain language appropriate for the audience +- **Complete**: Includes necessary context, prerequisites, and next steps +- **Consistent**: Follows our established style and formatting standards + +## Types of Contributions + +### 📝 Content Contributions + +**New Content:** + +- Tutorials for common use cases +- How-to guides for specific problems +- Explanations of complex concepts +- Missing reference documentation + +**Content Improvements:** + +- Fix outdated information +- Add missing steps or context +- Improve clarity and organization +- Add examples and code samples + +**Structure Improvements:** + +- Better organization within sections +- Improved navigation between related topics +- Cross-references and internal links + +### 🐛 Fixes and Updates + +**Quick Fixes:** + +- Typos and grammar errors +- Broken links +- Outdated screenshots +- Missing or incorrect code + +**Larger Updates:** + +- Rewrite unclear sections +- Update for new platform versions +- Reorganize confusing content +- Add missing prerequisites + +### 💡 Ideas and Suggestions + +**Discussion Topics:** + +- Content gaps you've noticed +- User experience improvements +- Structure and organization ideas +- Technical accuracy concerns + +## Development Setup + +### Prerequisites + +- **Node.js**: Version specified in `.nvmrc` file +- **npm**: For package management +- **Git**: For version control +- **Text editor**: With Markdown support recommended +- **[Vale](https://vale.sh/docs/vale-cli/installation/)**: For grammar and style checking + +### Local Development Setup + +1. **Fork and clone the repository:** + + ```bash + git clone https://github.com/YOUR-USERNAME/docs.git + cd docs + ``` + +2. **Install dependencies:** + + ```bash + nvm use # Use correct Node version + npm ci # Install exact versions from lock file + ``` + +3. **Set up Vale for grammar checking:** + + ```bash + vale sync # Install required Vale packages + ``` + +4. **Start development server:** + + ```bash + npm run start + ``` + + This opens your browser to `http://localhost:3000` with live reloading. + +5. **Build and test:** + + ```bash + npm run build # Test production build + npm run serve # Serve production build locally + ``` -Run vale on changed files: -```shell -git diff --name-only | xargs vale --glob='!blog/*' +### Project Structure + +```bash +docs/ +├── docs/ # Main documentation content +│ ├── tutorials/ # Learning-oriented guides +│ ├── how-to/ # Problem-solving guides +│ ├── explanation/ # Conceptual content +│ └── reference/ # Lookup information +├── src/ # Website source code +│ ├── components/ # React components +│ ├── css/ # Styling +│ └── pages/ # Custom pages (homepage, etc.) +├── static/ # Static assets +├── docusaurus.config.ts # Site configuration +└── sidebars.js # Navigation configuration ``` -## Verify changes on the Docusaurus server +### Working with Documentation + +**Creating new pages:** + +1. Add `.md` or `.mdx` files in appropriate `docs/` subdirectory +2. Include proper frontmatter (title, sidebar position, etc.) +3. Update navigation in `sidebars.js` if needed + +**Using MDX features:** + +- Import and use React components +- Include interactive examples +- Add custom styling when needed + +**Testing your changes:** + +- Always test locally before submitting +- Verify all links work +- Check responsive design on different screen sizes +- Test any code examples you include +- Run Vale for grammar and style checking: + + ```bash + git diff --name-only | xargs vale --glob='!blog/*' + ``` + +## Writing Guidelines + +### Content Standards + +**Follow our Style Guide**: See [STYLE_GUIDE.md](STYLE_GUIDE.md) for comprehensive guidelines on: + +- Voice and tone +- Formatting standards +- Code examples +- Technical writing best practices + +**Content Categories**: Make sure your content fits the right category: + +- **Tutorials**: Step-by-step learning experiences + - Have clear learning objectives + - Build skills progressively + - Include explanations of what's happening + - End with what the user has accomplished + +- **How-To Guides**: Task-oriented problem solving + - Start with a clear problem statement + - Provide efficient, direct solutions + - Include troubleshooting for common issues + - Focus on practical outcomes + +- **Explanations**: Conceptual understanding + - Explain the "why" behind concepts + - Provide context and background + - Use examples and analogies + - Connect to broader themes + +- **Reference**: Factual information + - Comprehensive and accurate + - Well-organized for lookup + - Include examples for complex items + - Cross-reference related information + +### Technical Standards + +**Code Examples:** + +- Always specify programming language for syntax highlighting +- Test all code examples to ensure they work +- Include necessary imports and setup +- Use realistic variable names and data +- Add comments explaining non-obvious parts + +**Links and References:** + +- Use relative paths for internal links: `[Getting Started](../tutorials/getting-started)` +- Test all external links regularly +- Use descriptive link text: "View the API reference" not "click here" + +**Images and Media:** + +- Use images sparingly - they become outdated quickly +- Provide alt text for accessibility +- Optimize file sizes for web +- Use consistent styling when possible + +## Contribution Workflow + +### 1. Planning Your Contribution + +**For small fixes** (typos, broken links, minor clarifications): + +- Create an issue or jump straight to a pull request +- No need for extensive planning + +**For larger changes** (new content, major rewrites): + +1. **Create an issue** describing what you want to do and why +2. **Discuss the approach** with maintainers before starting +3. **Break large changes** into smaller, reviewable chunks + +### 2. Making Changes + +1. **Create a feature branch:** + + ```bash + git checkout -b feature/improve-tutorial-xyz + ``` + +2. **Make your changes:** + - Follow the style guide + - Test your changes locally + - Keep commits focused and atomic + - Run Vale on your changes: + + ```bash + git diff --name-only | xargs vale --glob='!blog/*' + ``` + +3. **Commit your changes:** + + ```bash + git add . + git commit -m "docs: improve XYZ tutorial with clearer examples" + ``` + + **Commit Message Format:** + - `docs:` prefix for documentation changes + - Clear, concise description of what changed + - Use present tense: "add" not "added" + +4. **Push and create pull request:** + + ```bash + git push origin feature/improve-tutorial-xyz + ``` + +### 3. Pull Request Guidelines + +**PR Description should include:** + +- **What**: Clear description of changes made +- **Why**: Explanation of motivation and context +- **How**: Any relevant implementation details +- **Testing**: How you verified the changes work + +**PR Title Format:** + +- `docs: brief description of changes` +- Examples: + - `docs: add tutorial for TDF file encryption` + - `docs: fix broken links in API reference` + - `docs: improve clarity in platform architecture explanation` + +**Before submitting:** + +- [ ] Changes tested locally via `npm run start` +- [ ] All links work correctly +- [ ] Code examples are tested +- [ ] Style guide followed +- [ ] Vale checks passed +- [ ] Screenshots updated if needed + +### 4. Addressing Review Feedback + +- **Respond promptly** to reviewer comments +- **Ask questions** if feedback is unclear +- **Make requested changes** in new commits (don't squash during review) +- **Test again** after making changes +- **Thank reviewers** for their time and input + +## Review Process + +### What to Expect + +**Timeline:** + +- Simple fixes: Usually reviewed within 2-3 days +- Complex changes: May take 5-7 days depending on scope +- Reviews may require multiple rounds of feedback + +**Review Criteria:** + +- **Technical accuracy**: Does the information work correctly? +- **Style compliance**: Does it follow our style guide? +- **User value**: Does this help users accomplish their goals? +- **Completeness**: Is all necessary information included? + +### Types of Reviewers + +**Technical Reviewers**: Verify accuracy of technical content +**Content Reviewers**: Focus on clarity, style, and user experience +**Subject Matter Experts**: Review domain-specific content for accuracy + +### After Approval + +1. **Squash commits** if requested by reviewers +2. **Update PR title/description** if needed +3. **Merge** will be handled by maintainers +4. **Changes go live** automatically when merged to main branch + +## Community Guidelines + +### Code of Conduct + +We follow OpenTDF's Code of Conduct. In summary: + +- **Be respectful** and inclusive +- **Be collaborative** and helpful +- **Be patient** with newcomers +- **Focus on the work**, not personalities + +### Communication + +**GitHub Issues**: For bug reports, feature requests, and planning discussions +**GitHub Discussions**: For general questions and community conversation +**Pull Request Comments**: For specific feedback on changes + +### Getting Help + +**Stuck on something?** + +- Check existing documentation and issues first +- Ask specific questions in GitHub discussions +- Tag relevant maintainers in issues when appropriate +- Be patient - maintainers are often volunteers + +**Want to help others?** + +- Answer questions in discussions +- Review pull requests from other contributors +- Help triage and organize issues +- Share your expertise in your areas of knowledge + +## Quality Assurance + +### Grammar and Style Checking + +**Check spelling and grammar for your changes:** + +1. **Install Vale packages:** + + ```bash + vale sync + ``` + +2. **Run Vale on changed files:** + + ```bash + git diff --name-only | xargs vale --glob='!blog/*' + ``` + +3. **Address any issues** Vale identifies before submitting your PR + +### Verify Changes Locally + +**Always verify your changes on the Docusaurus server:** + +To verify the placement and style of your changes as well as ensure there are no breaking changes, follow the [local development instructions](#local-development-setup) for running the Docusaurus server locally. + +## Recognition + +We value all contributions to OpenTDF documentation! Contributors are recognized in: + +- **Release notes** for significant contributions +- **Contributors list** in the repository +- **Community highlights** in project communications +- **Maintainer consideration** for regular, high-quality contributors + +## Quick Reference + +### Common Tasks + +**Fix a typo:** + +1. Fork repo → make change → submit PR +2. No issue needed for obvious fixes + +**Add new tutorial:** + +1. Create issue to discuss scope and approach +2. Write content following tutorial guidelines +3. Test all steps thoroughly +4. Submit PR with comprehensive description + +**Update outdated content:** + +1. Create issue describing what's outdated and why +2. Update content and test changes +3. Submit PR explaining what was updated + +**Report a problem:** + +1. Check if issue already exists +2. Create detailed issue with steps to reproduce +3. Include environment info when relevant + +### Resources + +- [Style Guide](STYLE_GUIDE.md) - Writing and formatting standards +- [GitHub Issues](https://github.com/opentdf/docs/issues) - Bug reports and feature requests +- [OpenTDF Platform](https://github.com/opentdf/platform) - Main project repository +- [Live Documentation](https://docs.opentdf.io) - Current published docs + +--- -To verify the placement and style of your changes as well as ensure there are no breaking changes, follow the [instructions in the README](./README.md#local-development) for running the Docusaurus server locally. \ No newline at end of file +Thank you for contributing to OpenTDF documentation! Your efforts help developers and organizations implement data-centric security more effectively. diff --git a/README.md b/README.md index 357e476c..cfa72e42 100644 --- a/README.md +++ b/README.md @@ -1,26 +1,162 @@ -# Website +# OpenTDF Documentation + +> The official documentation website for OpenTDF - an open source toolkit for zero trust, data-centric security. + +## About This Repository + +This repository contains the source code for the [OpenTDF documentation website](https://docs.opentdf.io), built using [Docusaurus](https://docusaurus.io/). The documentation provides comprehensive guides, tutorials, and reference materials for developers and organizations implementing data-centric security with OpenTDF. + +## What is OpenTDF? + +OpenTDF is an open source system for implementing data-centric security that enables: + +- **Zero Trust Data Protection**: Cryptographically bind access control policies to data objects +- **Attribute-Based Access Control (ABAC)**: Fine-grained access decisions based on attributes and context +- **Policy Travels with Data**: Security controls remain attached wherever data goes +- **Trust Data Format (TDF)**: Open standard for self-protecting data + +## Documentation Structure + +Our documentation follows a user-needs approach with four main categories: + +- **🚀 Tutorials**: Step-by-step learning experiences for hands-on practice +- **📖 How-To Guides**: Problem-solving recipes for specific tasks and integrations +- **💡 Explanations**: Conceptual guides covering the "why" behind OpenTDF's design +- **📚 Reference**: Technical specifications, API docs, and lookup information + +## Contributing + +We welcome contributions to improve our documentation! Please see our [Contributing Guide](CONTRIBUTING.md) for guidelines on: + +- Writing and editing documentation +- Style and formatting standards +- Review and approval process +- Technical setup for contributors + +For style guidelines, please refer to our [Style Guide](STYLE_GUIDE.md). + +## Quick Links + +- **Live Documentation**: [docs.opentdf.io](https://docs.opentdf.io) +- **OpenTDF Platform**: [github.com/opentdf/platform](https://github.com/opentdf/platform) +- **TDF Format Spec**: [github.com/opentdf/spec](https://github.com/opentdf/spec) +- **OpenTDF Organization**: [github.com/opentdf](https://github.com/opentdf) +- **Community Discussions**: [GitHub Discussions](https://github.com/opentdf/platform/discussions) + +--- + +## Local Development This website is built using [Docusaurus](https://docusaurus.io/), a modern static website generator. -### Installation +### Prerequisites +Before you can run the documentation locally, you'll need Node.js and npm. We recommend using nvm (Node Version Manager) to manage Node.js versions. + +#### Option 1: Using nvm (Recommended) + +nvm allows you to install and switch between different Node.js versions easily. + +**Installation:** + +- **macOS/Linux**: Follow the installation instructions at [nvm GitHub repository](https://github.com/nvm-sh/nvm#installation-and-update) +- **Windows**: Install nvm-windows from [nvm-windows releases](https://github.com/coreybutler/nvm-windows#installation--upgrades) + +**Verify installation:** + +```bash +nvm --version # macOS/Linux +nvm version # Windows ``` -$ nvm use -$ npm ci -``` + +#### Option 2: Direct Node.js Installation + +If you prefer not to use nvm: + +1. **Visit [nodejs.org](https://nodejs.org/)** and download **Node.js version 22** (the version specified in our `.nvmrc` file) +2. **Follow the installation instructions** for your operating system +3. **Verify installation:** + + ```bash + node --version # Should show v22.x.x + npm --version # Should show npm version + ``` + +### Installation + +1. **Clone the repository:** + + ```bash + git clone https://github.com/opentdf/docs.git + cd docs + ``` + +2. **Use the correct Node.js version** (if using nvm): + + ```bash + nvm use # This reads the .nvmrc file and switches to Node.js v22 + ``` + + If you don't have Node.js v22 installed via nvm: + + ```bash + nvm install 22 + nvm use 22 + ``` + +3. **Install dependencies:** + + ```bash + npm ci # Installs exact versions from package-lock.json + ``` ### Local Development -``` -$ npm run start -``` + ```bash + npm run start + ``` This command starts a local development server and opens up a browser window. Most changes are reflected live without having to restart the server. ### Build + ```bash + npm run build + ``` + +This command generates static content into the `build` directory and can be served using any static contents hosting service. + +### Testing with Feature Branches + +The documentation site pulls content from multiple upstream repositories using Docusaurus remote content plugins. By default, content is fetched from the `main` branch of each repository. You can override this behavior using environment variables to test documentation changes from feature branches before they're merged. + +**Available Environment Variables:** + +- `PLATFORM_BRANCH` - Controls which branch to fetch from `opentdf/platform` (default: `main`) +- `SPEC_BRANCH` - Controls which branch to fetch from `opentdf/spec` (default: `main`) +- `OTDFCTL_BRANCH` - Controls which branch to fetch from `opentdf/otdfctl` (default: `main`) + +**Examples:** + +Test with all feature branches: +```bash +PLATFORM_BRANCH=jps-updates SPEC_BRANCH=jps-updates OTDFCTL_BRANCH=jps-updates npm run build ``` -$ npm run build + +Test with a single feature branch: +```bash +SPEC_BRANCH=feature-branch-name npm run build ``` -This command generates static content into the `build` directory and can be served using any static contents hosting service. +Test in development mode with feature branches: +```bash +PLATFORM_BRANCH=my-feature npm run start +``` + +**Use Cases:** + +- **Before merging PRs**: Test how documentation changes from upstream repos will look when integrated +- **Cross-repo changes**: When making coordinated changes across multiple repositories, test the full integration locally +- **Debugging**: Investigate issues with specific branches without affecting your local main branch + +**Note**: The branches must exist in the respective GitHub repositories and be accessible (public or you have access). diff --git a/STYLE_GUIDE.md b/STYLE_GUIDE.md new file mode 100644 index 00000000..bd8169cf --- /dev/null +++ b/STYLE_GUIDE.md @@ -0,0 +1,366 @@ +# OpenTDF Documentation Style Guide + +> Guidelines for writing clear, consistent, and user-friendly documentation for OpenTDF. + +## Table of Contents + +- [Writing Principles](#writing-principles) +- [Voice and Tone](#voice-and-tone) +- [Content Types](#content-types) +- [Formatting Guidelines](#formatting-guidelines) +- [Technical Writing Standards](#technical-writing-standards) +- [Code Examples](#code-examples) +- [Visual Elements](#visual-elements) +- [Accessibility](#accessibility) + +## Writing Principles + +### 1. User-Centered Approach +- **Start with user needs**: What is the user trying to accomplish? +- **Provide context**: Explain why something matters before diving into how +- **Be action-oriented**: Use active voice and clear imperatives +- **Test your content**: Verify that instructions actually work + +### 2. Clarity Over Cleverness +- **Write for scannable reading**: Use headers, bullet points, and short paragraphs +- **Choose simple words**: Use "help" instead of "facilitate", "use" instead of "utilize" +- **Be specific**: "Click the blue Save button" vs. "submit the form" +- **Define acronyms**: Always spell out acronyms on first use (e.g., "Trusted Data Format (TDF)") + +### 3. Consistency +- **Follow established patterns**: If one tutorial uses numbered steps, all should +- **Use consistent terminology**: Don't alternate between "encrypt" and "protect" +- **Maintain formatting standards**: Headers, code blocks, and links should be uniform + +## Voice and Tone + +### Voice (What We Sound Like) +- **Expert but approachable**: We know what we're talking about, but we're here to help +- **Direct and practical**: We focus on what users need to do +- **Inclusive**: We assume various skill levels and backgrounds + +### Tone (How We Adapt to Context) +- **Tutorials**: Encouraging and supportive ("Great job! Now let's...") +- **How-To Guides**: Direct and efficient ("To solve X, do Y") +- **Explanations**: Patient and thorough ("This concept is important because...") +- **Reference**: Factual and precise ("This parameter accepts string values") + +### Language Guidelines +- **Use second person ("you")** for instructions +- **Use first person plural ("we")** when referring to OpenTDF team/community +- **Avoid jargon** without explanation +- **Use active voice**: "The platform encrypts data" not "Data is encrypted by the platform" + +## Content Types + +Our documentation follows four content categories. Each has specific characteristics: + +### 🚀 Tutorials (Learning-Oriented) +**Purpose**: Teach concepts through guided practice +**Structure**: +- Clear learning objective +- Prerequisites listed upfront +- Numbered steps that build on each other +- Explanations of what's happening +- What the user should see/expect +- Next steps or related tutorials + +**Example opening**: +```markdown +# Your First TDF File + +In this tutorial, you'll create your first Trusted Data Format (TDF) file and learn how OpenTDF protects data with cryptographic policies. + +**What you'll learn:** +- How to encrypt a file using TDF +- How access policies work +- How to decrypt and access protected data + +**Prerequisites:** +- OpenTDF platform running locally +- Basic familiarity with command line +``` + +### 📖 How-To Guides (Problem-Oriented) +**Purpose**: Solve specific real-world problems +**Structure**: +- Problem statement (what this solves) +- Prerequisites (what you need) +- Step-by-step solution +- Troubleshooting common issues +- Related guides + +**Example opening**: +```markdown +# Integrate OpenTDF with Existing Applications + +This guide shows how to add data protection to an existing application without major architectural changes. + +**Solves:** Adding TDF encryption to legacy systems +**Prerequisites:** +- Existing application with file handling +- OpenTDF SDK for your language +``` + +### 💡 Explanations (Understanding-Oriented) +**Purpose**: Provide context and deepen understanding +**Structure**: +- What this concept is +- Why it matters +- How it fits into the bigger picture +- Examples and analogies +- Related concepts + +**Example opening**: +```markdown +# Data-Centric Security + +Data-centric security is a paradigm shift from traditional perimeter-based security models. Instead of protecting the network or application, data-centric security protects the data itself. + +## Why Traditional Security Falls Short + +In traditional models, once data crosses the security perimeter... +``` + +### 📚 Reference (Information-Oriented) +**Purpose**: Provide precise technical information +**Structure**: +- Overview of what's documented +- Organized by logical groups +- Comprehensive parameter/option lists +- Examples for each major item +- Cross-references to related items + +**Example structure**: +```markdown +# Policy Service API Reference + +## Authentication Endpoints + +### POST /auth/login +Authenticates a user and returns an access token. + +**Parameters:** +- `username` (string, required): User's login name +- `password` (string, required): User's password + +**Response:** 200 OK +```json +{ + "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", + "expires_in": 3600 +} +``` + +## Formatting Guidelines + +### Headers +```markdown +# Page Title (H1) - Only one per page +## Section Title (H2) - Main sections +### Subsection (H3) - Subsections within H2 +#### Detail Section (H4) - Only when necessary +``` + +### Lists +**Use bullet points for unordered items:** +```markdown +- First item +- Second item +- Third item +``` + +**Use numbers for sequential steps:** +```markdown +1. First, do this +2. Then, do this +3. Finally, do this +``` + +### Emphasis +- **Bold** for UI elements, important terms: "Click the **Save** button" +- *Italics* for emphasis or first use of terms: "The *policy* defines access rules" +- `Code formatting` for inline code, filenames, commands: "Edit the `config.yaml` file" + +### Links +```markdown +[Link text](URL) - External links +[Link text](../path/to/page) - Internal relative links +[Link text](/absolute/path) - Internal absolute links +``` + +### Callouts +Use for important information: + +```markdown +> **Note:** This is general information that's helpful to know. + +> **Warning:** This could cause problems if ignored. + +> **Tip:** This is a helpful suggestion or best practice. +``` + +## Technical Writing Standards + +### Code Examples + +#### Inline Code +Use backticks for: +- Commands: `npm install` +- File names: `config.yaml` +- Parameter names: `username` +- Short code snippets: `const data = await encrypt(file)` + +#### Code Blocks +Use fenced code blocks with language specification: + +```bash +# Shell commands +npm run start +``` + +```javascript +// JavaScript examples +const client = new TDFClient({ + clientId: 'your-client-id', + platformEndpoint: 'http://localhost:8080' +}); +``` + +```yaml +# Configuration files +version: '3.8' +services: + opentdf: + image: opentdf/platform +``` + +#### Code Block Guidelines +- **Always specify the language** for syntax highlighting +- **Include necessary imports** and context +- **Use realistic examples** (not just "foo", "bar") +- **Show complete, working examples** when possible +- **Add comments** to explain non-obvious parts + +### File Paths and Commands + +**File paths:** +- Use forward slashes: `docs/tutorials/getting-started.md` +- Use relative paths from project root: `src/pages/index.tsx` +- Use backticks: `src/components/Homepage/hero.tsx` + +**Commands:** +- Show the full command: `npm install @opentdf/client` +- Include relevant flags: `docker run -d --name opentdf opentdf/platform` +- Use $ for shell prompts sparingly: `$ npm run start` + +### API Documentation + +**Endpoints:** +```markdown +### POST /api/v1/encrypt + +Encrypts data using the specified policy. + +**Parameters:** +- `data` (string, required): The data to encrypt +- `policy` (object, required): Encryption policy + - `attributes` (array): List of attribute values + - `dissem` (array): List of authorized recipients + +**Example Request:** +```json +{ + "data": "sensitive information", + "policy": { + "attributes": ["classification:secret"], + "dissem": ["user1@example.com"] + } +} +``` + +**Response:** 200 OK +```json +{ + "tdf": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...", + "policy": { + "uuid": "550e8400-e29b-41d4-a716-446655440000" + } +} +``` +``` + +## Visual Elements + +### Screenshots +- Use screenshots sparingly - they become outdated quickly +- When necessary, crop to show only relevant parts +- Add clear captions explaining what the screenshot shows +- Use consistent browser/OS when possible + +### Diagrams +- Prefer simple text diagrams over complex images when possible +- Use mermaid diagrams for flowcharts: + +```mermaid +graph TD + A[User Request] --> B[Authorization Check] + B --> C{Authorized?} + C -->|Yes| D[Decrypt Data] + C -->|No| E[Access Denied] +``` + +### Tables +Keep tables simple and scannable: + +| Parameter | Type | Required | Description | +|-----------|------|----------|-------------| +| `username` | string | Yes | User login name | +| `password` | string | Yes | User password | +| `remember` | boolean | No | Remember login (default: false) | + +## Accessibility + +### Writing for Accessibility +- **Use descriptive link text**: "Download the installation guide" not "click here" +- **Provide alt text** for images: `![OpenTDF architecture diagram showing...](diagram.png)` +- **Use proper heading hierarchy** (don't skip from H1 to H3) +- **Write descriptive page titles** and headings + +### Technical Accessibility +- **Ensure good color contrast** in any visual elements +- **Don't rely solely on color** to convey information +- **Use semantic markup** (proper heading levels, lists, etc.) + +## Review Checklist + +Before submitting documentation changes: + +**Content:** +- [ ] Is the purpose clear from the title and first paragraph? +- [ ] Are prerequisites clearly stated? +- [ ] Do all steps work as written? +- [ ] Are code examples complete and tested? +- [ ] Is the content at the appropriate technical level? + +**Style:** +- [ ] Is the tone appropriate for the content type? +- [ ] Are headers in logical hierarchy? +- [ ] Are lists properly formatted? +- [ ] Are links working and descriptive? +- [ ] Is terminology consistent with other docs? + +**Technical:** +- [ ] Do code blocks specify languages? +- [ ] Are file paths correct? +- [ ] Are API examples accurate? +- [ ] Are there any broken internal links? + +## Getting Help + +- **Style questions**: Ask in GitHub discussions or documentation issues +- **Technical accuracy**: Tag subject matter experts in pull requests +- **Major changes**: Discuss in issues before implementing +- **Examples**: Look at existing documentation in the same category + +Remember: Good documentation serves the user, not the writer. When in doubt, choose clarity and usefulness over perfection. \ No newline at end of file diff --git a/code_samples/java/create-attribute.mdx b/code_samples/java/create-attribute.mdx new file mode 100644 index 00000000..523b1f76 --- /dev/null +++ b/code_samples/java/create-attribute.mdx @@ -0,0 +1,83 @@ +```java +package io.opentdf.platform; + +import com.connectrpc.ResponseMessageKt; +import io.opentdf.platform.policy.AttributeRuleTypeEnum; +import io.opentdf.platform.policy.Namespace; +import io.opentdf.platform.policy.attributes.CreateAttributeRequest; +import io.opentdf.platform.policy.attributes.CreateAttributeResponse; +import io.opentdf.platform.policy.namespaces.GetNamespaceRequest; +import io.opentdf.platform.sdk.*; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.util.Collections; + +import java.util.Arrays; +import java.util.Objects; + +public class CreateAttribute { + + private static final Logger logger = LogManager.getLogger(CreateAttribute.class); + + public static void main(String[] args) { + + String clientId = "opentdf"; + String clientSecret = "secret"; + String platformEndpoint = "localhost:8080"; + String namespaceName = "opentdf.io"; + + SDKBuilder builder = new SDKBuilder(); + + try (SDK sdk = + builder + .platformEndpoint(platformEndpoint) + .clientSecret(clientId, clientSecret) + .useInsecurePlaintextConnection(true) + .build()) { + + Namespace namespace = + ResponseMessageKt.getOrThrow( + sdk.getServices() + .namespaces() + .getNamespaceBlocking( + GetNamespaceRequest.newBuilder() + .setFqn("https://" + namespaceName) + .build(), + Collections.emptyMap()) + .execute()) + .getNamespace(); + + CreateAttributeRequest createAttributeRequest = + CreateAttributeRequest.newBuilder() + .setNamespaceId(namespace.getId()) + .setName("test-attribute") + .setRule( + AttributeRuleTypeEnum.forNumber( + AttributeRuleTypeEnum.ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF_VALUE)) + .addAllValues(Arrays.asList("test1", "test2")) + .build(); + + CreateAttributeResponse createAttributeResponse = + ResponseMessageKt.getOrThrow( + sdk.getServices() + .attributes() + .createAttributeBlocking(createAttributeRequest, Collections.emptyMap()) + .execute()); + + logger.info( + "Successfully created attribute with ID: {}", + createAttributeResponse.getAttribute().getId()); + } catch (Exception e) { + if (Objects.equals(e.getMessage(), "resource not found")) { + logger.error("Namespace '{}' not found", namespaceName, e); + } else if (Objects.equals(e.getMessage(), "resource unique field violation")) { + logger.error("Attribute already exists", e); + } else { + logger.error("Failed to create attribute", e); + } + } + } +} + +``` \ No newline at end of file diff --git a/code_samples/java/create-namespace.mdx b/code_samples/java/create-namespace.mdx new file mode 100644 index 00000000..e06886c8 --- /dev/null +++ b/code_samples/java/create-namespace.mdx @@ -0,0 +1,58 @@ +```java +package io.opentdf.platform; + +import com.connectrpc.ResponseMessageKt; +import io.opentdf.platform.policy.namespaces.CreateNamespaceRequest; +import io.opentdf.platform.policy.namespaces.CreateNamespaceResponse; +import io.opentdf.platform.sdk.*; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.util.Collections; +import java.util.Objects; + +public class CreateNamespace { + + private static final Logger logger = LogManager.getLogger(CreateNamespace.class); + + public static void main(String[] args) { + + String clientId = "opentdf"; + String clientSecret = "secret"; + String platformEndpoint = "localhost:8080"; + String namespaceName = "opentdf.io"; + + SDKBuilder builder = new SDKBuilder(); + + try (SDK sdk = + builder + .platformEndpoint(platformEndpoint) + .clientSecret(clientId, clientSecret) + .useInsecurePlaintextConnection(true) + .build()) { + + CreateNamespaceRequest createNamespaceRequest = + CreateNamespaceRequest.newBuilder().setName(namespaceName).build(); + + CreateNamespaceResponse createNamespaceResponse = + ResponseMessageKt.getOrThrow( + sdk.getServices() + .namespaces() + .createNamespaceBlocking(createNamespaceRequest, Collections.emptyMap()) + .execute()); + + logger.info( + "Successfully created namespace with ID: {}", + createNamespaceResponse.getNamespace().getId()); + + } catch (Exception e) { + if (Objects.equals(e.getMessage(), "resource unique field violation")) { + logger.error("Namespace '{}' already exists", namespaceName, e); + } else { + logger.error("Failed to create namespace", e); + } + } + } +} + +``` \ No newline at end of file diff --git a/code_samples/java/create-subject-condition-set.mdx b/code_samples/java/create-subject-condition-set.mdx new file mode 100644 index 00000000..e0a38419 --- /dev/null +++ b/code_samples/java/create-subject-condition-set.mdx @@ -0,0 +1,77 @@ +```java +package io.opentdf.platform; + +import com.connectrpc.ResponseMessageKt; +import io.opentdf.platform.policy.Condition; +import io.opentdf.platform.policy.ConditionBooleanTypeEnum; +import io.opentdf.platform.policy.ConditionGroup; +import io.opentdf.platform.policy.SubjectConditionSet; +import io.opentdf.platform.policy.SubjectMappingOperatorEnum; +import io.opentdf.platform.policy.SubjectSet; +import io.opentdf.platform.policy.subjectmapping.CreateSubjectConditionSetRequest; +import io.opentdf.platform.policy.subjectmapping.CreateSubjectConditionSetResponse; +import io.opentdf.platform.policy.subjectmapping.SubjectConditionSetCreate; +import io.opentdf.platform.sdk.*; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.util.Collections; + +public class CreateSubjectConditionSet { + + private static final Logger logger = LogManager.getLogger(CreateSubjectConditionSet.class); + + public static void main(String[] args) { + + String clientId = "opentdf"; + String clientSecret = "secret"; + String platformEndpoint = "localhost:8080"; + + SDKBuilder builder = new SDKBuilder(); + + try (SDK sdk = + builder + .platformEndpoint(platformEndpoint) + .clientSecret(clientId, clientSecret) + .useInsecurePlaintextConnection(true) + .build()) { + + SubjectSet.Builder subjectSetBuilder = + SubjectSet.newBuilder() + .addConditionGroups( + ConditionGroup.newBuilder() + .setBooleanOperator(ConditionBooleanTypeEnum.CONDITION_BOOLEAN_TYPE_ENUM_AND) + .addConditions( + Condition.newBuilder() + .setSubjectExternalSelectorValue(".myfield") + .setOperator( + SubjectMappingOperatorEnum.SUBJECT_MAPPING_OPERATOR_ENUM_IN) + .addSubjectExternalValues("myvalue"))); + + CreateSubjectConditionSetRequest createSubjectConditionSetRequest = + CreateSubjectConditionSetRequest.newBuilder() + .setSubjectConditionSet( + SubjectConditionSetCreate.newBuilder().addSubjectSets(subjectSetBuilder)) + .build(); + + CreateSubjectConditionSetResponse createSubjectConditionSetResponse = + ResponseMessageKt.getOrThrow( + sdk.getServices() + .subjectMappings() + .createSubjectConditionSetBlocking( + createSubjectConditionSetRequest, Collections.emptyMap()) + .execute()); + + SubjectConditionSet subjectConditionSet = + createSubjectConditionSetResponse.getSubjectConditionSet(); + + logger.info( + "Successfully created subject condition set with ID: {}", subjectConditionSet.getId()); + + } catch (Exception e) { + logger.error("Failed to create subject condition set", e); + } + } +} + +``` \ No newline at end of file diff --git a/code_samples/java/create-subject-mapping.mdx b/code_samples/java/create-subject-mapping.mdx new file mode 100644 index 00000000..9b05a827 --- /dev/null +++ b/code_samples/java/create-subject-mapping.mdx @@ -0,0 +1,149 @@ +```java +package io.opentdf.platform; + +import com.connectrpc.ResponseMessageKt; +import io.opentdf.platform.policy.Action; +import io.opentdf.platform.policy.Attribute; +import io.opentdf.platform.policy.Condition; +import io.opentdf.platform.policy.ConditionBooleanTypeEnum; +import io.opentdf.platform.policy.ConditionGroup; +import io.opentdf.platform.policy.Namespace; +import io.opentdf.platform.policy.SubjectConditionSet; +import io.opentdf.platform.policy.SubjectMapping; +import io.opentdf.platform.policy.SubjectMappingOperatorEnum; +import io.opentdf.platform.policy.SubjectSet; +import io.opentdf.platform.policy.attributes.GetAttributeRequest; +import io.opentdf.platform.policy.namespaces.GetNamespaceRequest; +import io.opentdf.platform.policy.subjectmapping.CreateSubjectConditionSetRequest; +import io.opentdf.platform.policy.subjectmapping.CreateSubjectConditionSetResponse; +import io.opentdf.platform.policy.subjectmapping.CreateSubjectMappingRequest; +import io.opentdf.platform.policy.subjectmapping.CreateSubjectMappingResponse; +import io.opentdf.platform.policy.subjectmapping.SubjectConditionSetCreate; +import io.opentdf.platform.sdk.SDK; +import io.opentdf.platform.sdk.SDKBuilder; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.util.Collections; +import java.util.Objects; + +public class CreateSubjectMapping { + + private static final Logger logger = LogManager.getLogger(CreateSubjectMapping.class); + + public static void main(String[] args) { + String clientId = "opentdf"; + String clientSecret = "secret"; + String platformEndpoint = "localhost:8080"; + String namespaceName = "opentdf.io"; + String attributeName = "test-attribute"; + + SDKBuilder builder = new SDKBuilder(); + try (SDK sdk = + builder + .platformEndpoint(platformEndpoint) + .clientSecret(clientId, clientSecret) + .useInsecurePlaintextConnection(true) + .build()) { + + Namespace namespace; + + try { + namespace = + ResponseMessageKt.getOrThrow( + sdk.getServices() + .namespaces() + .getNamespaceBlocking( + GetNamespaceRequest.newBuilder() + .setFqn("https://" + namespaceName) + .build(), + Collections.emptyMap()) + .execute()) + .getNamespace(); + } catch (Exception e) { + if (Objects.equals(e.getMessage(), "resource not found")) { + logger.error("Namespace '{}' not found", namespaceName, e); + } else { + logger.error("Failed to retrieve namespace '{}'", namespaceName, e); + } + return; + } + + Attribute attribute; + String attributeFqn = namespace.getFqn() + "/attr/" + attributeName; + + try { + GetAttributeRequest getAttributeRequest = + GetAttributeRequest.newBuilder().setFqn(attributeFqn).build(); + + attribute = + ResponseMessageKt.getOrThrow( + sdk.getServices() + .attributes() + .getAttributeBlocking(getAttributeRequest, Collections.emptyMap()) + .execute()) + .getAttribute(); + + } catch (Exception e) { + if (Objects.equals(e.getMessage(), "resource not found")) { + logger.error("Attribute '{}' not found", attributeFqn, e); + } else { + logger.error("Failed to retrieve attribute '{}'", attributeFqn, e); + } + return; + } + + CreateSubjectConditionSetRequest subjectConditionSetRequest = + CreateSubjectConditionSetRequest.newBuilder() + .setSubjectConditionSet( + SubjectConditionSetCreate.newBuilder() + .addSubjectSets( + SubjectSet.newBuilder() + .addConditionGroups( + ConditionGroup.newBuilder() + .setBooleanOperator( + ConditionBooleanTypeEnum.CONDITION_BOOLEAN_TYPE_ENUM_AND) + .addConditions( + Condition.newBuilder() + .setSubjectExternalSelectorValue(".myfield") + .setOperator( + SubjectMappingOperatorEnum + .SUBJECT_MAPPING_OPERATOR_ENUM_IN) + .addSubjectExternalValues("myvalue"))))) + .build(); + + CreateSubjectConditionSetResponse subjectConditionSetResponse = + ResponseMessageKt.getOrThrow( + sdk.getServices() + .subjectMappings() + .createSubjectConditionSetBlocking( + subjectConditionSetRequest, Collections.emptyMap()) + .execute()); + + SubjectConditionSet subjectConditionSet = + subjectConditionSetResponse.getSubjectConditionSet(); + + CreateSubjectMappingRequest request = + CreateSubjectMappingRequest.newBuilder() + .setAttributeValueId(attribute.getValues(0).getId()) + .addActions(Action.newBuilder().setName("read")) + .setExistingSubjectConditionSetId(subjectConditionSet.getId()) + .build(); + + CreateSubjectMappingResponse resp = + ResponseMessageKt.getOrThrow( + sdk.getServices() + .subjectMappings() + .createSubjectMappingBlocking(request, Collections.emptyMap()) + .execute()); + + SubjectMapping subjectMapping = resp.getSubjectMapping(); + + logger.info("Successfully created subject mapping with ID: {}", subjectMapping.getId()); + } catch (Exception e) { + logger.error("Failed to create subject mapping", e); + } + } +} + +``` \ No newline at end of file diff --git a/code_samples/java/decrypt-collection-example.mdx b/code_samples/java/decrypt-collection-example.mdx new file mode 100644 index 00000000..05731c6f --- /dev/null +++ b/code_samples/java/decrypt-collection-example.mdx @@ -0,0 +1,37 @@ +```java +package io.opentdf.platform; + +import io.opentdf.platform.sdk.Config; +import io.opentdf.platform.sdk.SDK; +import io.opentdf.platform.sdk.SDKBuilder; + +import java.io.FileInputStream; +import java.io.IOException; +import java.nio.ByteBuffer; + +public class DecryptCollectionExample { + public static void main(String[] args) throws IOException { + String clientId = "opentdf-sdk"; + String clientSecret = "secret"; + String platformEndpoint = "localhost:8080"; + + SDKBuilder builder = new SDKBuilder(); + SDK sdk = builder.platformEndpoint(platformEndpoint) + .clientSecret(clientId, clientSecret).useInsecurePlaintextConnection(true) + .build(); + + var kasInfo = new Config.KASInfo(); + kasInfo.URL = "http://localhost:8080/kas"; + + + // Convert String to InputStream + for (int i = 0; i < 50; i++) { + FileInputStream fis = new FileInputStream(String.format("out/my.%d_ciphertext", i)); + sdk.readNanoTDF(ByteBuffer.wrap(fis.readAllBytes()), System.out, Config.newNanoTDFReaderConfig()); + fis.close(); + } + + } +} + +``` \ No newline at end of file diff --git a/code_samples/java/decrypt-example.mdx b/code_samples/java/decrypt-example.mdx new file mode 100644 index 00000000..f1e70a97 --- /dev/null +++ b/code_samples/java/decrypt-example.mdx @@ -0,0 +1,64 @@ +```java +package io.opentdf.platform; + +import io.opentdf.platform.sdk.*; +import java.nio.file.StandardOpenOption; +import java.nio.channels.FileChannel; +import java.nio.file.Path; +import java.nio.file.Paths; +import com.nimbusds.jose.JOSEException; +import java.io.IOException; +import java.net.URISyntaxException; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.util.concurrent.ExecutionException; + +import javax.crypto.BadPaddingException; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; +import org.apache.commons.cli.*; +import org.apache.commons.codec.DecoderException; + +public class DecryptExample { + public static void main(String[] args) throws IOException, ParseException { + + // Create Options object + Options options = new Options(); + + // Add rewrap encapsulation algorithm option + options.addOption(Option.builder("A") + .longOpt("rewrap-encapsulation-algorithm") + .hasArg() + .desc("Key wrap response algorithm algorithm:parameters") + .build()); + + // Parse command line arguments + CommandLineParser parser = new DefaultParser(); + CommandLine cmd = parser.parse(options, args); + + // Get the rewrap encapsulation algorithm + String rewrapEncapsulationAlgorithm = cmd.getOptionValue("rewrap-encapsulation-algorithm", "rsa:2048"); + var sessionKeyType = KeyType.fromString(rewrapEncapsulationAlgorithm.toLowerCase()); + + + String clientId = "opentdf"; + String clientSecret = "secret"; + String platformEndpoint = "localhost:8080"; + + SDKBuilder builder = new SDKBuilder(); + SDK sdk = builder.platformEndpoint(platformEndpoint) + .clientSecret(clientId, clientSecret).useInsecurePlaintextConnection(true) + .build(); + + Path path = Paths.get("my.ciphertext"); + try (var in = FileChannel.open(path, StandardOpenOption.READ)) { + var reader = sdk.loadTDF(in, Config.newTDFReaderConfig(Config.WithSessionKeyType(sessionKeyType))); + reader.readPayload(System.out); + } + + // Print the rewrap encapsulation algorithm + System.out.println("Rewrap Encapsulation Algorithm: " + rewrapEncapsulationAlgorithm); + } +} +``` \ No newline at end of file diff --git a/code_samples/java/encrypt-collection-example.mdx b/code_samples/java/encrypt-collection-example.mdx new file mode 100644 index 00000000..c65e0578 --- /dev/null +++ b/code_samples/java/encrypt-collection-example.mdx @@ -0,0 +1,42 @@ +```java +package io.opentdf.platform; + +import io.opentdf.platform.sdk.Config; +import io.opentdf.platform.sdk.SDK; +import io.opentdf.platform.sdk.SDKBuilder; + +import java.io.FileOutputStream; +import java.io.IOException; +import java.nio.ByteBuffer; +import java.nio.charset.StandardCharsets; + +public class EncryptCollectionExample { + public static void main(String[] args) throws IOException { + String clientId = "opentdf-sdk"; + String clientSecret = "secret"; + String platformEndpoint = "localhost:8080"; + + SDKBuilder builder = new SDKBuilder(); + SDK sdk = builder.platformEndpoint(platformEndpoint) + .clientSecret(clientId, clientSecret).useInsecurePlaintextConnection(true) + .build(); + + var kasInfo = new Config.KASInfo(); + kasInfo.URL = "http://localhost:8080/kas"; + + var tdfConfig = Config.newNanoTDFConfig( + Config.withNanoKasInformation(kasInfo), + Config.witDataAttributes("https://example.com/attr/attr1/value/value1"), + Config.withCollection() + ); + + String str = "Hello, World!"; + + for (int i = 0; i < 50; i++) { + FileOutputStream fos = new FileOutputStream(String.format("out/my.%d_ciphertext", i)); + sdk.createNanoTDF(ByteBuffer.wrap(str.getBytes(StandardCharsets.UTF_8)), fos, tdfConfig); + } + } +} + +``` \ No newline at end of file diff --git a/code_samples/java/encrypt-example.mdx b/code_samples/java/encrypt-example.mdx new file mode 100644 index 00000000..f665a5a0 --- /dev/null +++ b/code_samples/java/encrypt-example.mdx @@ -0,0 +1,59 @@ +```java +package io.opentdf.platform; + +import io.opentdf.platform.sdk.*; +import java.io.ByteArrayInputStream; +import java.nio.charset.StandardCharsets; +import java.io.FileOutputStream; +import com.nimbusds.jose.JOSEException; +import org.apache.commons.cli.*; +import org.apache.commons.codec.DecoderException; +import java.io.IOException; +import java.util.concurrent.ExecutionException; + +public class EncryptExample { + public static void main(String[] args) throws IOException, ParseException { + // Create Options object + Options options = new Options(); + + // Add key encapsulation algorithm option + options.addOption(Option.builder("A") + .longOpt("key-encapsulation-algorithm") + .hasArg() + .desc("Key wrap algorithm algorithm:parameters") + .build()); + + // Parse command line arguments + CommandLineParser parser = new DefaultParser(); + CommandLine cmd = parser.parse(options, args); + + // Get the key encapsulation algorithm + String keyEncapsulationAlgorithm = cmd.getOptionValue("key-encapsulation-algorithm", "rsa:2048"); + + String clientId = "opentdf"; + String clientSecret = "secret"; + String platformEndpoint = "localhost:8080"; + + SDKBuilder builder = new SDKBuilder(); + SDK sdk = builder.platformEndpoint(platformEndpoint) + .clientSecret(clientId, clientSecret).useInsecurePlaintextConnection(true) + .build(); + + var kasInfo = new Config.KASInfo(); + kasInfo.URL = "http://localhost:8080/kas"; + + var wrappingKeyType = KeyType.fromString(keyEncapsulationAlgorithm.toLowerCase()); + var tdfConfig = Config.newTDFConfig(Config.withKasInformation(kasInfo), + Config.withDataAttributes("https://example.com/attr/color/value/red"), + Config.WithWrappingKeyAlg(wrappingKeyType)); + String str = "Hello, World!"; + + // Convert String to InputStream + var in = new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)); + + FileOutputStream fos = new FileOutputStream("my.ciphertext"); + + Manifest manifest = sdk.createTDF(in, fos, tdfConfig); + } +} +``` \ No newline at end of file diff --git a/code_samples/java/get-decisions.mdx b/code_samples/java/get-decisions.mdx new file mode 100644 index 00000000..583328ea --- /dev/null +++ b/code_samples/java/get-decisions.mdx @@ -0,0 +1,80 @@ +```java +package io.opentdf.platform; + +import com.connectrpc.ResponseMessageKt; +import io.opentdf.platform.authorization.DecisionRequest; +import io.opentdf.platform.authorization.DecisionResponse; +import io.opentdf.platform.authorization.Entity; +import io.opentdf.platform.authorization.EntityChain; +import io.opentdf.platform.authorization.GetDecisionsRequest; +import io.opentdf.platform.authorization.GetDecisionsResponse; +import io.opentdf.platform.authorization.ResourceAttribute; +import io.opentdf.platform.policy.Action; +import io.opentdf.platform.sdk.*; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.util.Collections; + +import java.util.List; +import java.util.stream.Collectors; + +public class GetDecisions { + + private static final Logger logger = LogManager.getLogger(GetDecisions.class); + + public static void main(String[] args) { + + String clientId = "opentdf"; + String clientSecret = "secret"; + String platformEndpoint = "localhost:8080"; + String namespaceName = "opentdf.io"; + + SDKBuilder builder = new SDKBuilder(); + + try (SDK sdk = + builder + .platformEndpoint(platformEndpoint) + .clientSecret(clientId, clientSecret) + .useInsecurePlaintextConnection(true) + .build()) { + + GetDecisionsRequest request = + GetDecisionsRequest.newBuilder() + .addDecisionRequests( + DecisionRequest.newBuilder() + .addEntityChains( + EntityChain.newBuilder() + .setId("ec1") + .addEntities( + Entity.newBuilder().setId("entity-1").setClientId("opentdf"))) + .addActions(Action.newBuilder().setName("read")) + .addResourceAttributes( + ResourceAttribute.newBuilder() + .setResourceAttributesId("resource-attribute-1") + .addAttributeValueFqns( + "https://" + namespaceName + "/attr/test/value/test1"))) + .build(); + + GetDecisionsResponse getDecisionsResponse = + ResponseMessageKt.getOrThrow( + sdk.getServices() + .authorization() + .getDecisionsBlocking(request, Collections.emptyMap()) + .execute()); + + List decisions = getDecisionsResponse.getDecisionResponsesList(); + + logger.info( + "Successfully retrieved decisions: [{}]", + decisions.stream() + .map(DecisionResponse::getDecision) + .map(DecisionResponse.Decision::toString) + .collect(Collectors.joining(", "))); + } catch (Exception e) { + logger.error("Failed to get decisions", e); + } + } +} + +``` \ No newline at end of file diff --git a/code_samples/java/get-entitlements.mdx b/code_samples/java/get-entitlements.mdx new file mode 100644 index 00000000..d11af9eb --- /dev/null +++ b/code_samples/java/get-entitlements.mdx @@ -0,0 +1,62 @@ +```java +package io.opentdf.platform; + +import com.connectrpc.ResponseMessageKt; +import io.opentdf.platform.authorization.Entity; +import io.opentdf.platform.authorization.EntityEntitlements; +import io.opentdf.platform.authorization.GetEntitlementsRequest; +import io.opentdf.platform.authorization.GetEntitlementsResponse; +import io.opentdf.platform.sdk.*; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.util.Collections; + +import java.util.List; +import java.util.stream.Collectors; + +public class GetEntitlements { + private static final Logger logger = LogManager.getLogger(GetEntitlements.class); + + public static void main(String[] args) { + + String clientId = "opentdf"; + String clientSecret = "secret"; + String platformEndpoint = "localhost:8080"; + + SDKBuilder builder = new SDKBuilder(); + + try (SDK sdk = + builder + .platformEndpoint(platformEndpoint) + .clientSecret(clientId, clientSecret) + .useInsecurePlaintextConnection(true) + .build()) { + + GetEntitlementsRequest request = + GetEntitlementsRequest.newBuilder() + .addEntities(Entity.newBuilder().setId("entity-1").setClientId("opentdf")) + .build(); + + GetEntitlementsResponse getEntitlementsResponse = + ResponseMessageKt.getOrThrow( + sdk.getServices() + .authorization() + .getEntitlementsBlocking(request, Collections.emptyMap()) + .execute()); + + List entitlements = getEntitlementsResponse.getEntitlementsList(); + + logger.info( + "Successfully retrieved entitlements: [{}]", + entitlements.stream() + .map(EntityEntitlements::getAttributeValueFqnsList) + .map(List::toString) + .collect(Collectors.joining(", "))); + } catch (Exception e) { + logger.error("Failed to get entitlements", e); + } + } +} + +``` \ No newline at end of file diff --git a/code_samples/java/get-manifest-information.mdx b/code_samples/java/get-manifest-information.mdx new file mode 100644 index 00000000..1eb99a3a --- /dev/null +++ b/code_samples/java/get-manifest-information.mdx @@ -0,0 +1,31 @@ +```java +package io.opentdf.platform; + +import io.opentdf.platform.sdk.Manifest; +import io.opentdf.platform.sdk.PolicyObject; +import io.opentdf.platform.sdk.SDK; + +import java.io.IOException; +import java.nio.channels.FileChannel; +import java.nio.file.Path; +import java.nio.file.StandardOpenOption; + +public class GetManifestInformation { + public static void main(String[] args) throws IOException { + if (args.length < 1) { + System.err.println("TDF file path must be provided as an argument."); + return; + } + + try (FileChannel tdfStream = FileChannel.open(Path.of(args[0]), StandardOpenOption.READ)) { + Manifest manifest = SDK.readManifest(tdfStream); + System.out.println("loaded a TDF with key access type: " + manifest.encryptionInformation.keyAccessType); + + PolicyObject policyObject = SDK.decodePolicyObject(manifest); + System.out.println("the policy has uuid: " + policyObject.uuid); + } + } +} + + +``` \ No newline at end of file diff --git a/code_samples/java/list-attributes.mdx b/code_samples/java/list-attributes.mdx new file mode 100644 index 00000000..0d34011b --- /dev/null +++ b/code_samples/java/list-attributes.mdx @@ -0,0 +1,57 @@ +```java +package io.opentdf.platform; + +import com.connectrpc.ResponseMessageKt; +import io.opentdf.platform.policy.Attribute; +import io.opentdf.platform.policy.attributes.ListAttributesRequest; +import io.opentdf.platform.policy.attributes.ListAttributesResponse; +import io.opentdf.platform.sdk.*; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.util.Collections; + +import java.util.List; +import java.util.stream.Collectors; + +public class ListAttributes { + private static final Logger logger = LogManager.getLogger(ListAttributes.class); + + public static void main(String[] args) { + + String clientId = "opentdf"; + String clientSecret = "secret"; + String platformEndpoint = "localhost:8080"; + String namespaceName = "opentdf.io"; + + SDKBuilder builder = new SDKBuilder(); + + try (SDK sdk = + builder + .platformEndpoint(platformEndpoint) + .clientSecret(clientId, clientSecret) + .useInsecurePlaintextConnection(true) + .build()) { + + ListAttributesRequest request = + ListAttributesRequest.newBuilder().setNamespace(namespaceName).build(); + + ListAttributesResponse listAttributesResponse = + ResponseMessageKt.getOrThrow( + sdk.getServices() + .attributes() + .listAttributesBlocking(request, Collections.emptyMap()) + .execute()); + + List attributes = listAttributesResponse.getAttributesList(); + + logger.info( + "Successfully retrieved attributes: [{}]", + attributes.stream().map(Attribute::getFqn).collect(Collectors.joining(", "))); + } catch (Exception e) { + logger.error("Failed to list attributes", e); + } + } +} + +``` \ No newline at end of file diff --git a/code_samples/java/list-namespaces.mdx b/code_samples/java/list-namespaces.mdx new file mode 100644 index 00000000..9b107860 --- /dev/null +++ b/code_samples/java/list-namespaces.mdx @@ -0,0 +1,54 @@ +```java +package io.opentdf.platform; + +import com.connectrpc.ResponseMessageKt; +import io.opentdf.platform.policy.Namespace; +import io.opentdf.platform.policy.namespaces.ListNamespacesRequest; +import io.opentdf.platform.policy.namespaces.ListNamespacesResponse; +import io.opentdf.platform.sdk.*; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.util.Collections; +import java.util.List; +import java.util.stream.Collectors; + +public class ListNamespaces { + private static final Logger logger = LogManager.getLogger(ListNamespaces.class); + + public static void main(String[] args) { + + String clientId = "opentdf"; + String clientSecret = "secret"; + String platformEndpoint = "localhost:8080"; + + SDKBuilder builder = new SDKBuilder(); + + try (SDK sdk = + builder + .platformEndpoint(platformEndpoint) + .clientSecret(clientId, clientSecret) + .useInsecurePlaintextConnection(true) + .build()) { + + ListNamespacesRequest request = ListNamespacesRequest.newBuilder().build(); + + ListNamespacesResponse listNamespacesResponse = + ResponseMessageKt.getOrThrow( + sdk.getServices() + .namespaces() + .listNamespacesBlocking(request, Collections.emptyMap()) + .execute()); + + List namespaces = listNamespacesResponse.getNamespacesList(); + + logger.info( + "Successfully retrieved namespaces: [{}]", + namespaces.stream().map(Namespace::getFqn).collect(Collectors.joining(", "))); + } catch (Exception e) { + logger.error("Failed to list namespaces", e); + } + } +} + +``` \ No newline at end of file diff --git a/code_samples/java/list-subject-mappings.mdx b/code_samples/java/list-subject-mappings.mdx new file mode 100644 index 00000000..69f37565 --- /dev/null +++ b/code_samples/java/list-subject-mappings.mdx @@ -0,0 +1,56 @@ +```java +package io.opentdf.platform; + +import com.connectrpc.ResponseMessageKt; +import io.opentdf.platform.policy.SubjectMapping; +import io.opentdf.platform.policy.subjectmapping.ListSubjectMappingsRequest; +import io.opentdf.platform.policy.subjectmapping.ListSubjectMappingsResponse; +import io.opentdf.platform.sdk.*; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.util.Collections; + +import java.util.List; +import java.util.stream.Collectors; + +public class ListSubjectMappings { + private static final Logger logger = LogManager.getLogger(ListSubjectMappings.class); + + public static void main(String[] args) { + + String clientId = "opentdf"; + String clientSecret = "secret"; + String platformEndpoint = "localhost:8080"; + + SDKBuilder builder = new SDKBuilder(); + + try (SDK sdk = + builder + .platformEndpoint(platformEndpoint) + .clientSecret(clientId, clientSecret) + .useInsecurePlaintextConnection(true) + .build()) { + + ListSubjectMappingsRequest listSubjectMappingsRequest = + ListSubjectMappingsRequest.newBuilder().build(); + + ListSubjectMappingsResponse listSubjectMappingsResponse = + ResponseMessageKt.getOrThrow( + sdk.getServices() + .subjectMappings() + .listSubjectMappingsBlocking(listSubjectMappingsRequest, Collections.emptyMap()) + .execute()); + + List subjectMappings = listSubjectMappingsResponse.getSubjectMappingsList(); + + logger.info( + "Successfully retrieved subject mappings: [{}]", + subjectMappings.stream().map(SubjectMapping::getId).collect(Collectors.joining(", "))); + } catch (Exception e) { + logger.error("Failed to list subject mappings", e); + } + } +} + +``` \ No newline at end of file diff --git a/code_samples/policy_code/create_attribute.mdx b/code_samples/policy_code/create_attribute.mdx index 5afc737f..1680efaf 100644 --- a/code_samples/policy_code/create_attribute.mdx +++ b/code_samples/policy_code/create_attribute.mdx @@ -65,44 +65,9 @@ func main() { -```java -package io.opentdf.platform; -import io.opentdf.platform.sdk.*; +import CreateAttributeExample from '@site/code_samples/java/create-attribute.mdx'; -import java.util.concurrent.ExecutionException; - -import io.opentdf.platform.policy.AttributeRuleTypeEnum; - -import io.opentdf.platform.policy.attributes.*; -import io.opentdf.platform.policy.Attribute; - -import java.util.Arrays; - -public class CreateAttribute { - public static void main(String[] args) throws ExecutionException, InterruptedException{ - - String clientId = "opentdf"; - String clientSecret = "secret"; - String platformEndpoint = "http://localhost:8080"; - - SDKBuilder builder = new SDKBuilder(); - SDK sdk = builder.platformEndpoint(platformEndpoint) - .clientSecret(clientId, clientSecret).useInsecurePlaintextConnection(true) - .build(); - - CreateAttributeRequest request = CreateAttributeRequest.newBuilder() - .setNamespaceId("877990d1-609b-42ab-a273-4253b8b321eb") - .setName("test") - .setRule(AttributeRuleTypeEnum.forNumber(AttributeRuleTypeEnum.ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF_VALUE)) - .addAllValues(Arrays.asList("test1", "test2")).build(); - - CreateAttributeResponse resp = sdk.getServices().attributes().createAttribute(request).get(); - - Attribute attribute = resp.getAttribute(); - - } -} -``` + @@ -112,4 +77,4 @@ public class CreateAttribute { - \ No newline at end of file + diff --git a/code_samples/policy_code/create_namespace.mdx b/code_samples/policy_code/create_namespace.mdx index 037b6b66..e3d70158 100644 --- a/code_samples/policy_code/create_namespace.mdx +++ b/code_samples/policy_code/create_namespace.mdx @@ -31,7 +31,7 @@ func main() { log.Fatal(err) } - // Create Namesapce + // Create Namespace namespace := &namespaces.CreateNamespaceRequest{ Name: "opentdf.io", } @@ -46,35 +46,9 @@ func main() { -```java -package io.opentdf.platform; -import io.opentdf.platform.sdk.*; +import CreateNamespaceExample from '@site/code_samples/java/create-namespace.mdx'; -import java.util.concurrent.ExecutionException; - -import io.opentdf.platform.policy.namespaces.*; - -public class CreateNamespace { - public static void main(String[] args) throws ExecutionException, InterruptedException{ - - String clientId = "opentdf"; - String clientSecret = "secret"; - String platformEndpoint = "http://localhost:8080"; - - SDKBuilder builder = new SDKBuilder(); - SDK sdk = builder.platformEndpoint(platformEndpoint) - .clientSecret(clientId, clientSecret).useInsecurePlaintextConnection(true) - .build(); - - CreateNamespaceRequest request = CreateNamespaceRequest.newBuilder().setName("mynamespace.com").build(); - - CreateNamespaceResponse resp = sdk.getServices().namespaces().createNamespace(request).get(); - - System.out.println(resp.getNamespace().getName()); - - } -} -``` + @@ -84,4 +58,4 @@ public class CreateNamespace { - \ No newline at end of file + diff --git a/code_samples/policy_code/create_subject_condition_set.mdx b/code_samples/policy_code/create_subject_condition_set.mdx index 04fb78c3..3cb88b34 100644 --- a/code_samples/policy_code/create_subject_condition_set.mdx +++ b/code_samples/policy_code/create_subject_condition_set.mdx @@ -34,7 +34,7 @@ func main() { // Create Subject Condition Set - coditionset := &subjectmapping.CreateSubjectConditionSetRequest{ + conditionset := &subjectmapping.CreateSubjectConditionSetRequest{ SubjectConditionSet: &subjectmapping.SubjectConditionSetCreate{ SubjectSets: []*policy.SubjectSet{ { @@ -55,7 +55,7 @@ func main() { }, } - log, err := client.SubjectMapping.CreateSubjectConditionSet(context.Background(), coditionset) + resp, err := client.SubjectMapping.CreateSubjectConditionSet(context.Background(), conditionset) if err != nil { log.Fatal(err) } @@ -67,55 +67,9 @@ func main() { -```java -package io.opentdf.platform; -import io.opentdf.platform.sdk.*; +import CreateSubjectConditionSetExample from '@site/code_samples/java/create-subject-condition-set.mdx'; -import java.util.concurrent.ExecutionException; - -import io.opentdf.platform.policy.subjectmapping.*; -import io.opentdf.platform.policy.SubjectMapping; -import io.opentdf.platform.policy.SubjectConditionSet; -import io.opentdf.platform.policy.SubjectSet; -import io.opentdf.platform.policy.ConditionGroup; -import io.opentdf.platform.policy.Condition; -import io.opentdf.platform.policy.ConditionBooleanTypeEnum; -import io.opentdf.platform.policy.SubjectMappingOperatorEnum; - - -public class CreateSubjectConditionSet { - public static void main(String[] args) throws ExecutionException, InterruptedException{ - - String clientId = "opentdf"; - String clientSecret = "secret"; - String platformEndpoint = "http://localhost:8080"; - - SDKBuilder builder = new SDKBuilder(); - SDK sdk = builder.platformEndpoint(platformEndpoint) - .clientSecret(clientId, clientSecret).useInsecurePlaintextConnection(true) - .build(); - - var subjectset = SubjectSet.newBuilder().addConditionGroups(ConditionGroup.newBuilder() - .setBooleanOperator(ConditionBooleanTypeEnum.CONDITION_BOOLEAN_TYPE_ENUM_AND) - .addConditions(Condition.newBuilder() - .setSubjectExternalSelectorValue(".myfield") - .setOperator(SubjectMappingOperatorEnum.SUBJECT_MAPPING_OPERATOR_ENUM_IN) - .addSubjectExternalValues("myvalue") - )); - - CreateSubjectConditionSetRequest request = CreateSubjectConditionSetRequest.newBuilder() - .setSubjectConditionSet( - SubjectConditionSetCreate.newBuilder().addSubjectSets(subjectset)) - .build(); - - CreateSubjectConditionSetResponse resp = sdk.getServices().subjectMappings().createSubjectConditionSet(request).get(); - - SubjectConditionSet scs = resp.getSubjectConditionSet(); - - System.out.println(scs.getId()); - } -} -``` + @@ -125,4 +79,4 @@ public class CreateSubjectConditionSet { - \ No newline at end of file + diff --git a/code_samples/policy_code/create_subject_mapping.mdx b/code_samples/policy_code/create_subject_mapping.mdx index 7ca9f255..685cd7e3 100644 --- a/code_samples/policy_code/create_subject_mapping.mdx +++ b/code_samples/policy_code/create_subject_mapping.mdx @@ -55,42 +55,9 @@ func main() { -```java -package io.opentdf.platform; -import io.opentdf.platform.sdk.*; +import CreateSubjectMappingExample from '@site/code_samples/java/create-subject-mapping.mdx'; -import java.util.concurrent.ExecutionException; - -import io.opentdf.platform.policy.subjectmapping.*; -import io.opentdf.platform.policy.SubjectMapping; -import io.opentdf.platform.policy.Action; - -public class CreateSubjectMapping { - public static void main(String[] args) throws ExecutionException, InterruptedException{ - - String clientId = "opentdf"; - String clientSecret = "secret"; - String platformEndpoint = "http://localhost:8080"; - - SDKBuilder builder = new SDKBuilder(); - SDK sdk = builder.platformEndpoint(platformEndpoint) - .clientSecret(clientId, clientSecret).useInsecurePlaintextConnection(true) - .build(); - - CreateSubjectMappingRequest request = CreateSubjectMappingRequest.newBuilder() - .setAttributeValueId("33c47777-f3b6-492d-bcd2-5329e0aab642") - .addActions(Action.newBuilder().setStandard(Action.StandardAction.STANDARD_ACTION_DECRYPT)) - .setExistingSubjectConditionSetId("9009fde8-d22b-4dfb-a456-f9ce6943244a") - .build(); - - CreateSubjectMappingResponse resp = sdk.getServices().subjectMappings().createSubjectMapping(request).get(); - - SubjectMapping sm = resp.getSubjectMapping(); - - System.out.println(sm.getId()); - } -} -``` + @@ -100,4 +67,4 @@ public class CreateSubjectMapping { - \ No newline at end of file + diff --git a/code_samples/policy_code/list_attributes.mdx b/code_samples/policy_code/list_attributes.mdx index 66591c60..23c224f5 100644 --- a/code_samples/policy_code/list_attributes.mdx +++ b/code_samples/policy_code/list_attributes.mdx @@ -50,42 +50,9 @@ func main() { -```java -package io.opentdf.platform; -import io.opentdf.platform.sdk.*; +import ListAttributesExample from '@site/code_samples/java/list-attributes.mdx'; -import java.util.concurrent.ExecutionException; - -import io.opentdf.platform.policy.AttributeRuleTypeEnum; - -import io.opentdf.platform.policy.attributes.*; -import io.opentdf.platform.policy.Attribute; - -import java.util.List; - -public class ListAttributes { - public static void main(String[] args) throws ExecutionException, InterruptedException{ - - String clientId = "opentdf"; - String clientSecret = "secret"; - String platformEndpoint = "http://localhost:8080"; - - SDKBuilder builder = new SDKBuilder(); - SDK sdk = builder.platformEndpoint(platformEndpoint) - .clientSecret(clientId, clientSecret).useInsecurePlaintextConnection(true) - .build(); - - ListAttributesRequest request = ListAttributesRequest.newBuilder() - .setNamespace("mynamespace.com").build(); - - ListAttributesResponse resp = sdk.getServices().attributes().listAttributes(request).get(); - - List attributes = resp.getAttributesList(); - - System.out.println(resp.getAttributesCount()); - } -} -``` + @@ -95,4 +62,4 @@ public class ListAttributes { - \ No newline at end of file + diff --git a/code_samples/policy_code/list_namespaces.mdx b/code_samples/policy_code/list_namespaces.mdx index fcb3ccb8..827d05c6 100644 --- a/code_samples/policy_code/list_namespaces.mdx +++ b/code_samples/policy_code/list_namespaces.mdx @@ -45,35 +45,9 @@ func main() { -```java -package io.opentdf.platform; -import io.opentdf.platform.sdk.*; +import ListNamespacesExample from '@site/code_samples/java/list-namespaces.mdx'; -import java.util.concurrent.ExecutionException; - -import io.opentdf.platform.policy.namespaces.*; -import io.opentdf.platform.policy.Namespace; - -public class ListNamespaces { - public static void main(String[] args) throws ExecutionException, InterruptedException{ - - String clientId = "opentdf"; - String clientSecret = "secret"; - String platformEndpoint = "http://localhost:8080"; - - SDKBuilder builder = new SDKBuilder(); - SDK sdk = builder.platformEndpoint(platformEndpoint) - .clientSecret(clientId, clientSecret).useInsecurePlaintextConnection(true) - .build(); - - ListNamespacesRequest request = ListNamespacesRequest.newBuilder().build(); - - ListNamespacesResponse resp = sdk.getServices().namespaces().listNamespaces(request).get(); - - java.util.List namespaces = resp.getNamespacesList(); - } -} -``` + @@ -83,4 +57,4 @@ public class ListNamespaces { - \ No newline at end of file + diff --git a/code_samples/policy_code/list_subject_mapping.mdx b/code_samples/policy_code/list_subject_mapping.mdx index a2d7fea3..44150cf6 100644 --- a/code_samples/policy_code/list_subject_mapping.mdx +++ b/code_samples/policy_code/list_subject_mapping.mdx @@ -48,40 +48,9 @@ func main() { -```java -package io.opentdf.platform; -import io.opentdf.platform.sdk.*; +import ListSubjectMappingsExample from '@site/code_samples/java/list-subject-mappings.mdx'; -import java.util.concurrent.ExecutionException; - -import io.opentdf.platform.policy.subjectmapping.*; -import io.opentdf.platform.policy.SubjectMapping; - -import java.util.List; - -public class ListSubjectMappings { - public static void main(String[] args) throws ExecutionException, InterruptedException{ - - String clientId = "opentdf"; - String clientSecret = "secret"; - String platformEndpoint = "http://localhost:8080"; - - SDKBuilder builder = new SDKBuilder(); - SDK sdk = builder.platformEndpoint(platformEndpoint) - .clientSecret(clientId, clientSecret).useInsecurePlaintextConnection(true) - .build(); - - ListSubjectMappingsRequest request = ListSubjectMappingsRequest.newBuilder().build(); - - ListSubjectMappingsResponse resp = sdk.getServices().subjectMappings().listSubjectMappings(request).get(); - - List sms = resp.getSubjectMappingsList(); - - System.out.println(sms.size()); - System.out.println(sms.get(0).getId()); - } -} -``` + @@ -91,4 +60,4 @@ public class ListSubjectMappings { - \ No newline at end of file + diff --git a/code_samples/tdf/encryption_nanotdf.mdx b/code_samples/tdf/encryption_nanotdf.mdx deleted file mode 100644 index e2ddf950..00000000 --- a/code_samples/tdf/encryption_nanotdf.mdx +++ /dev/null @@ -1,44 +0,0 @@ -import Tabs from '@theme/Tabs'; -import TabItem from '@theme/TabItem'; - -
-Encrypting / Decrypting zTDF - - -```typescript -import { AuthProviders, NanoTDFClient } from '@opentdf/sdk'; - -// Configuration Options -const kasEndpoint = "https://kas.example.com"; - -// Authentication options (vary by middleware) -const oidcOrigin = "https://idp.example.com"; -const clientId = "applicationNameFromIdP"; -const refreshToken = "userRefreshTokenValueFromIdP"; - -// AuthProviders are middlewares that add `Authorization` or other bearer tokens to requests. -// These include The `refresh` provider can be handed a refresh and optional access token. -const authProvider = await AuthProviders.refreshAuthProvider({ - clientId, - exchange: 'refresh', - refreshToken, - oidcOrigin, -}); - -const client = new NanoTDFClient({ - authProvider, - kasEndpoint, -}); - -// ABAC -client.dataAttributes = ["http://example.com/attr/classification/value/secret"] - -// encrypt -const cipherText = await client.encrypt(plainText); - -// decrypt -const clearText = await client.decrypt(cipherText); -``` - - -
diff --git a/docs/OpenAPI-clients/authorization/v1/authorization-authorization-service-get-decisions-by-token.api.mdx b/docs/OpenAPI-clients/authorization/v1/authorization-authorization-service-get-decisions-by-token.api.mdx new file mode 100644 index 00000000..0db3b152 --- /dev/null +++ b/docs/OpenAPI-clients/authorization/v1/authorization-authorization-service-get-decisions-by-token.api.mdx @@ -0,0 +1,71 @@ +--- +id: authorization-authorization-service-get-decisions-by-token +title: "GetDecisionsByToken" +description: "GetDecisionsByToken" +sidebar_label: "GetDecisionsByToken" +hide_title: true +hide_table_of_contents: true +api: eJzlWW1vIjkS/isl35cZqXmd3TuF+3DHJplVpNvMKCEr7QaETHdBe9LYjO2GsBH//VR2d9NA8xI2cze6k4ICdrneXK56yn5hlk8M6zyyX1vQTW2stPiDW6EkGwRMzVC7HzcR6zBenq5vEN+jnosQ6z+jvcJQGKGk+WnZU08oWcBmXPMpWtQk6IVJPkXWYVFGeIdfUzTW1HlIrExdRCxgQrIO+5qiXrKARWhCLWZOrQ77GSWphRGkqYhASIi45SNukAXMhDFOOeu8MLuckRhjtZATFjArbEIDjv3JHFer4LjGxnIZcX1E7yucaQxJzKaemV4lJgfWbVuFMp3S9t33urdX3burYfeyd/Ppdvhwe//5+vLm4831FQt2Zq+uL+9++9yrmOnddW/vf7npscFJloepsWp6nt179qdguZfLSZq5+S29jgt3q07iP0XLKUrqoUbSqmvrBkMlI3PYG3dkh0FpDWT0oMbw0LsEK6YIRsgQ4UGKZ8CZCuO+hNbF35q1ZqvWbPWazY77+70Ov6TGwghhrNUUmk03v0ECVvUlXFxcXNRa7dqHVq/9ofPjRefHi99ByDBJjZhjvcIpj0xIixPUNOf9M1g7aG3jWOkpt3SgpP3rD9+7nefuqeRSHdnRWyVrEifcijmpmTEja3lmOnALjpH/pdGoJHVZFG6zhX2Z0855kqKBhbBxiduU3GCsSBKI+RxBloU63tnCvgQbcwuhSqWFsdILrl1KI7dvuxOsIs8F2acvD4dGKTLWB8b7pxwNH9r/Nz56XVglfISJqT/h8vWZiRadJc2Z/Hp5ftlBiZbq+/F6jbMYp6h5AiIiZ4PVPHwScgIjtAtECdpzBO43fqbk+bX8TGmnGPplYQ9bamMEm4Ge48p7dvs4HFSITkeqQ+xaq8UotVg1dLOzL8d1yrkMecFmKI5U3AplitW/UhR9/Cp3UuiOKlxr7o6FxanZVXG11rFgPnQxOhwT+9VqELB8N936drNJ/zb9e5+GIRrSJlTSorREwmezRIQOyDa+GKJ72dVPjb5gSBs20wSLrfBS1t4oiT5i0h5WKK2wy8uYC4e392+SJxyGRDk8eAQ8JThKdx4oo1GMZWeA3FoZOK8Pkf1K5AtgvWCfLj6HVblKSfw0du3DptMytPhn8eQuNWklNEYEiLLBAZ2CTfEFaP++gXyVbmUDi+EBHaNNE8XBaHhlNxVkWeQYAg9YXsbKni3GgiNHqcBv5dXZ4JDvpt31FBi0MFqCQT1HDe+yE7SIFWREsCCAoTFUOkJnHpfA00hYwDlK+75qc5/5dJaga7RblH1a9Waz+eGHZrPVNgSvC/gUcYs1giHkg3QW7ZqRDVaZsZ46YEZG9B80wwORqlOd25RRBIxHkSBjePJ5Y0OPoJRtR6iZZwImVtpCeZJOQ7WUMU8MbnO6tzoNLWHAVIqvKSZLEBF5c7wEvk5tDokWUtf8oQjZ8ins+jT3KkW6Enx2pH3K8zqXYPlT5gBfiMqhUoxtM+vFCPlkGXHtS0pX15c397vZqBi+ur79rfz78/WdTz0BU6NETFxtPaU07lb78vq925wIY6mZKBGDzhtQH90PdzeQhWd5K6626vfrNuXaH4jChQ5wcsiZQoaRoAZwpeAnNYJ3ZbVGy80KjWHrfV8SLu0mIsRjxO33vs/JUz1s3NCRLn3ZLmLU/L342oJ3VItrBm2t9R4iHAvpJZRK9FipzohrKFa1S6va1avyRQGEKlG6ozGCf/Rln9ybJtZ0+rIGIzWCmBuYoZ4KS6Zt6m0VYXZppsJm/iyO2ZZMb0BZafId8eaw4Bb1lOunUlCUpUcoxUHR/BTh7ZJw4s7dvn0j6zYFfAsD+vKlL/ubSLTPOgB9hmGrzwKarQKMGdFa7Yw2TzLZ/FaCyIhKp9bRPdJgbO2s02gsFot6VnbqSk8aa9pGscN91peDvlwFb6Z++0T1jwptfwOfvanQY5ZSZnciyzk5Jx6uG65yTq14BTgtva5WK1fJxjxN7G7zdq210m/XuoUqqkSiZZQjlR2OVSojQjd5NQy5DDFxKD6VT1ItpOtu5zwR0ZDrSTol7cgQHiVC4hCfQ8TILVgzDBhPNPJoOcRnYSxVN5czjPOsP91s3Z4N8TnmqfHNw5iLBKMhtRNKencSv5HSfl6ldqjGQ83lBJ2WgiyaukLidLWoJU/cFJ9zkfBRQoSEVIaJcg1yKim1UIT5lmVQBSKM5TY1QK4MYBGLMCbIlSYR3Z85oJJO/aUblefHiVKTBOt6FtYvVYSDnYG6h/7G8Enl3mxhIohwjgltam3MQ7rkQYoRyDjsqiQkXMtJIkxch65cQmr2LC2tSVTIE/EH5VoZAVVjd1UY44Y9984T9QgtF4kZHJiCscAkCkDpEuvR0nEME4HS1j2gI/LjYexnKxCUx8YVTixQ+khIrpde2CidVMmqPq1Wp7gfSNPs9lZdKmm5kMZ1GXokrObatScic0Dud54oOfF4msM/SR1/V+vZjdA4P7lxNXbfd5nUSx1Ctg8zrawapeN6Vy43ktWlkhJDC3lyOd0kt8JrotGmOiutGcMOUAUznUYj9AMUCaGaNiIVmsZENVy4mcZfiKxWAD2eNSlZJtzsq6seV6doY0XPszNlXHBwG7MOa8xbDXeR2NgACHTz5lpC/xSb6oR12Mss4ZaC4lpGMyWkXe2ctBzofpqh7F19hHwFPNz9KwCThjFwU1icz9ZdfMdesTnXgtKMC9ptiT7ZZ3l/d3blrvcMhqkWdsk6jwNKYmNVbna27dw0gBRA7RskNm9RzJPDptyVjOxqs9rDG4yKE2Lx2ZKhQrpOXbuT6p3/SAIClt8E8+1ndeeQziN7eaFLkQedrFY07K9GaVsiYchTUXXX8bIugIffwis1pXeEY4/vWeZgjC68Tlem6n7rVcJLt1P/LRWK+7/DChzhkj0+n2nEd/Z0ep4jD76Pn+mY/9VXxDfzcP4a+6eCt/q58k1Z5m+SZ8bB2S+Kr3Fz+XXzTD3L74FniPYPhGc5/vQHwrdiX/nkt2Y+WAMAKt+rgMXII9Su3nkp3TDEWdnineaOuBR45/On+x5brf4NE1aLcA== +sidebar_class_name: "post api-method" +info_path: authorization +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetDecisionsByToken + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/authorization/v1/authorization-authorization-service-get-decisions.api.mdx b/docs/OpenAPI-clients/authorization/v1/authorization-authorization-service-get-decisions.api.mdx new file mode 100644 index 00000000..62c79668 --- /dev/null +++ b/docs/OpenAPI-clients/authorization/v1/authorization-authorization-service-get-decisions.api.mdx @@ -0,0 +1,71 @@ +--- +id: authorization-authorization-service-get-decisions +title: "GetDecisions" +description: "GetDecisions" +sidebar_label: "GetDecisions" +hide_title: true +hide_table_of_contents: true +api: eJztGl1v2zjyrxC8lxZQ7Nh3T76HWzfxFjncuoGTFChsw6Cksc2NRLokFccb6L8fhpRkSpadj7b3cslDkAyHM8PhfFNP1LCVpoMp/dojw8yspeJ/McOloPOAyg0o+89VTAeU+cudGvINqAceQeczmEuIuOZSaBpQBd8z0OaTjHd08EQjKQwIg3+yzSbhkd3b/VNLgTAdrSFl+JfZbYAOqAz/hMjQgG4USmI4aFyNCw4TR117O5hSbEcDyg2k+nlKLDJW0lcQkAK+LOlg+tQgFWXayNTboY3iYkUDarhJEFBgBDQGHSm+sUoe0EvYKIiYgZjmeQs26pAriPGOCuA8D5rstWEiZiq2AhQkKtgJlsGBuCCyFHnd3A7Hl8PJ5WJ4cXv1Zby4G99cjy6ufr8aXdLgYPVydDH5dn3bsnI7GY5v/ri6pXP/eJ5s/gEr8DyfNy+Lx6e0yw+P+RkEmi/EJMt4TLggMTMsZBpoHlDBUjhF0K7nAU3BMNzna7aCBc8YWKQABRgaf3cBXDBzIPJ+iWgwJNwRDeoBFPkAwnCzI9u1JAUS2fIkIQoiqWKwx2OCsCzmhsADCPOx7XIfWbpJwDp8Dz201zk/P//7P87Pe32NHr+UKmWGDmjMDJwZ7nSQbeLDYxTAtmPsl04co0D6Hx4jYSEkrV5dnqnACCiLY46HYcl17UKPWcsDSzLLo64IuXFEiF5LZYi/iN7QzmXJEg1NSjdGZZEhRpJM8O8ZJDvCY9TmckcYUaBlpiIgW27WpOK6p08qk/W9cGjj39HjtgoyFMSFTbyn4jojJohh91YBJe0ytuYYUhDrYs3462LtD/o/bNaQgmIJ4TFZSkWMYtE9FysSgtkCCFLkJ8JEjCrcSOFigxW4fuNvTwwJ48WO0v8d5LnY4VabJ86DwtZadFFZfcgFUztnjmG2ahO3/caNyuC4YeJqU8kXUhi8V+u1KuRGMWXdnbOE/wUxSUFrtgLCEilWzj4Z+Q3FIWbNSp8IQROzBmLhcmn/PiTSqafIUo+1FOmALSkySjgIc3XSihzOgjdycQVt8iootnHb1wPNjH762uHRgNDclUTl3j3w3WreaDWvCHEjF9UsVYwb7uZIGRVICDspYsetKFgssv6RCg5SxpNhHCvQJzONxVuwAvEg4YhKEUVsdslAkzTThoSoH1MTs0nPl7YmU4vMClJp4MK63J1KTontUBfOPReZSmpCHK7WBWkyapEl06DGz9R0iLNwhV3eBq0zrSi2cctOpyO7XmOSHYQPC/oZhe7bEx02ASupdrU4VcKO9wYXw9vR5y+Tb42moALf3H369+ji1geNxl+vJl/Gf4zGjU7AOdvrapDrEflwDUpLQdz2j0QqMkbwWIqz+pJflFSJ/VACW568shSy1a1cEgWJLWWvR1bD4+vRAdPdInL1T45G4Kq1oTGKh5l5XaHRdMEmrdMZrsRfsGqDTXcBrQBfMVP8/v1Ftdo+v1R1X0lmYTPOYomEfHVPmhK/VumJXPGIJSTMonun//1ZSAiYMdD2jSSMzCp2M0rzk2qoCXlZnzG8TsSRa09IsZl8BkOqsYiVS+gtKBulLQZW02eEXErySYbkg8L+XINAkwp3VZGN9kMg6n2cCbSyYcIjeA65/5Gs2QOQsgsntSEOBouZ6Fftg/5n9WePfEDVnGkwZ72PJIYlF46Dp+yllIOQKVLt6nu7+u27yk0BiWQi1UBBTP41EzPxNBOzsmuY0QGZFqAyxSJsdnS8MKMzkc/EPMAtfsPhk+IFEYh6M7rH5FDD8rOeww9l+FvRc3akWpW8ZiIPDij3T1AuM4rDZXiBR+iWJzl0b5/eweqVFQNpV3dXiFPpHx27oDGja2M2etDtbrfbjidIF7G7Sym71ofd7x6K55/5Bdz7L+JechZgHGf81WvwDl63o19K6377vl/ODxeqHCD6nu+PMF/k/Xme+3ndFsM2xtssa4Nl//zcDS5rHX0WRa7k+ulzUY/127KK50Cn04mf2xYnS5NaYMI6RcnURsDiFtoT45uS2XEhqjmJF8SOyOIi0fsI+H0E/D4Cfh8Bv4+AXzECLhORbyoVrEnsdg2kXNz3pseD0uXo4urmMBpV4MvR+Jv///Vo4kJPQGWY8BV76ZPfYWvj7z96zQnXtifxkIlfo3NB7iZXpDDP9p6jUsIbmo5ShXYQwKq+o2pG/u/7jAnoLDF6MBNnJJQhWTNNNqBSbvBodbmNxFmK0Ck3hT4rN2vwdAfwhUbdIW1GtsyASpm694zC5x6D4CdZs5cw73vMkbptL37V6eoMfsUBymbMr0SL9mLfvrUVjMc6oDLIFOuNAFEgeV5r8ao+paVJ2uN2qxtu9kg/Ln7/heI/y7T/C3T2U5k+d1KM7JblkWau7HqOd3Mviau57ediWLIsMYdd20gpqX5ezxbJuLUE9csbIc1iKTMRY1lTpsGIiQgSW75n4l7ILWZWLh5YwuMFU6ssRenwICxOuIAFPEYAsd2wJxhQlihg8W4Bjxw74YDaYKGtSp1b031ftoDHNcu06xqWjCcQL7CPkMKpE+mFUrl1mZmFXC4UEyuwUnI8UWoziJXVgBIssUvsgfGEhQkiYomySKTtjDOBMQVNy/Uq87bqQRtmMk1QlQHZrnm0xlorS2J87rAVSpYSW51hXp6upFwl0FGbqHMhY5gfADqu5rdvR21305xHxvAACV7q2ZJFOHkEtJHy9elQJI6j6VXC9bpDhmJHcCrUutXbk8ioeNTCtIJpGMlgy+qLf2M10YnBMJ7o+YklsuSQxAGOzfekw52l6J41O66SQ/Tnzfj91bHl1XEfhYp72ChpZJgtO0Oxq0WpCykERIaUweXlR7I7nCQKTKaKnFoQHJByYBY5AFpCJNNuLCPdXcmuNTfd/RuinVUVHiu6kyIS1hvq2gd+KZi1xG8DN9KOyTbMrOmAdh963VoxQAPq2j9t5yb4wDegT5uEGbSDkYg3kguTHzhXWdR+2YC4vfydlDvI3eQ/AdFZtCZMV4csVzvWpNdOpAemOEYWa6dNji6+F6H+cDXPcQahIcoUvlENpvOAYoSf7L9rLCRs/y5x6n1iON0PiPb+4U9tTo5b8nnzM5qpG4f4DVL50cq09tVJw/EKj/TDmXM7vG3/Kwlfyv1oq/55witoI5n6G7fP4OAl2V/cP+3WoJl//tyOi9pe1qbHHsn2YrY9fU3L5TmSzjFhLaXf0TYNvG65qA1QTlH0oYfxDX0kZVZxbvLU9KYahUq7Bh4NmjYXdg7jntmdo02RctCQZB5Qa/qDKX16wlHXnUryHMHfM1CFFZdegf/lAV0Di0FZXd3DrgiVIMzZLcqwv9iDUgcvwu0YRhFszEncuRcwrr/c4KgwLD4NTm0dRBXbYrnBtk6DxbcL9p0TYU80YWKV2bxMHU38+S/8eLjr +sidebar_class_name: "post api-method" +info_path: authorization +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetDecisions + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/authorization/v1/authorization-authorization-service-get-entitlements.api.mdx b/docs/OpenAPI-clients/authorization/v1/authorization-authorization-service-get-entitlements.api.mdx new file mode 100644 index 00000000..e41f63b0 --- /dev/null +++ b/docs/OpenAPI-clients/authorization/v1/authorization-authorization-service-get-entitlements.api.mdx @@ -0,0 +1,71 @@ +--- +id: authorization-authorization-service-get-entitlements +title: "GetEntitlements" +description: "GetEntitlements" +sidebar_label: "GetEntitlements" +hide_title: true +hide_table_of_contents: true +api: eJztWd1v2zgS/1cI3sseoNibPupps1m318NdEuSjwCE2BIoaW9xSpMoPO97A//thSEmWLNVtFrv7tH1w7SFn+ON8c/JKHdtYmj7TT5fkyrtSG/Ebc0IrukqorsGEHx8LmlLWX54NNj+A2QoOsw/gFsoJJ6EC5SxNqIEvHqz7WRd7mr5SrpUD5fArq2speGCf/2q1QprlJVQMv7l9DTSlOv8VuKMJrQ2CcQIsrgIe0nxvdjJj2J4mVDio7JQEreB2TdPn1xNZXDLRcCBwmraU5Bsg4mp3kHVGqA09JHTLpJ9YSeham4o5mtJcKGb2uLeA3G+m4LKiEKgbJu96pzrj4XA4t4oiLTeiDkZM6bVWjgllCVOEmVw4w8yeWDCCSfEbFKQCa9kGCJNabchOuJIw8hPCIa5kjkRxOVjiSiCBrtfh+1jIjCK4kR7RCYSBAv2sIa4OydgQApRDVxtr7igS92SiODmopZ6e1UicOs1bp6uB2SPlW2aHFwfKiuiwLe+R+LfX/E6vmQa3ZtKO0IUcs49S19qQaDnSZgWSw16rIp7mmCqYKcJmO/Sa1t4Dl4nECYeBigl5VRQGrD3nomFfxpqNp9C16hQB8RY6LFlSeetIjvpxA5in8vpoB5gmMBuotIPrEHJPRp6DHbdmMTwzb+QAxHh1COT0oAks3oK5YdWki7fH4J5M4ab+4Ufq8NBO4tRpXpxNJGF9cIgfpY9AWh1WpyF8XnIQMzQ61CVUYJgkoggO6wzjn4XakBzcDkCRpkwSpgpiwNZaWcBA58zBRpv9IE+1tGSEAZSvEPn11ePiw+39/7Knm4e7xfXH9x8Xv9DkSH54+vnfi+vHPmlx8+nj/e3Nfxc3j3TVV0wMtq/mlskAvVuQH+7AWK1IZP8n0YbcIPlGq4vhEu07e1vYTyVKYR0GTqMoKLpoR3bL9SCrfiX3GrDaGw5XzhmRewf2fLVp92esYwilJ6Ed4RNm7fdf1Pe0Isdc3x7QiclC9s/WKKiv/PtTxG+zwxWReiM4kyT3/DMEDR7vQnLA7I1+6DRhZNkdt6Q0ocpLyXKEEepHQjHLX+uqNlBisdvCvwQYZni5710y11oCUz0tIlvG+3xZ2TGO8mMdr0ZqZlgFDgxiM+C8UYSRtZeStL4AvVaTXDSbLJF6B4Z0R/QuPL5UT9Unvet9dLS36bthQsgbcEOAGPch+xtSaQPHaoULTJHu5h1eEtx6qZZq8cKqWkJKPkxJzXUeEgeTggP5IdeuJAZqAxYURoq3aGKmSCgXpCklKPd1qZZdzC1pSp4bmijw15LC5ZImYVOv0sSlXOc/QcQ102azpEt1SE7Z332VPYAdCViqVdgfb05TEsR1GsFAa2AuaelcbdP5vJWhwM1xZ/i4nIeIip/tJb6f4x2iWQVAB3pANzkWhiYa2jQdIvzdjz/if0NvePCcx5r9Rz572rfVG54+E1L25zNf3PMXJ7tYD04ekGei77RutExno7qprW/rN6O/kJY7hmxXtPWa/ImR2chDt+/CszVhIPaidGipe1iDAcVhyNyPpkYABkY6n+92u1kvImNsrLVuIiNnpg3SXqyfYnn3J2LhWmrToDFQ9NDETwzV8DxaMy/dOCIXxmjzx8Uj18VkO9vgDnMVpV221l4VOFBp+zPOFAcJ2Cl69VnpHdZLobZMiiJjZuPR5KE2skIKBRm8cIAiMBwFJpRJA6zYZ/AibIiWGkwlLD5EswKUgNjSNl0MvJTMY++Ej0omJBRZbYBrFQMB5eXaxHXtXabXmWFqAwGlwBtVwW0DVgdGMRmW2JaJWFQTWjDHMqlD1vMKR0boH9iyBgUMzfEYH2jOW4KqTMiuFLwkttReFvgWwshQviLB4hhnzxutNxJmpuaza13AakSYYcppHpZTtjltkArYgkSjXqwZx2gE9JH2aTqGJLBv3Uhhyxm5UnuCj5BJ1h6P1Lx58WIywNhHMfgG7MN/CJqYFeCYkHZ1ZomsBcgiwVbiKDrfB4lx5jGLUwLc/m03/nskMTGSOJaQxg610U7nfj27UvtBibnWSgF3pE0u33+lwBGRxOY1mrERmJK2X+GRgJ7AdTUvNLfzjZ4Hd7Pzf+C2i66sxOntoc2E/fPG49kKXKlxuFvr0OvWzJU0pfPt5RyGOy2YLRgbBqj4/k/pay2ZQ09YqKLWQrnDKLzawnlbg3r85T1pOcjT/X8SYj0vCbPdNdvVWXDqMiLaMiMwtwRPPT0xZvgm2Y9XDwd8vFvg3uATNn1eJRRz/P1xKN0gHA6VnwdT4RPfb4Kin1Gi56PC+1PMYyD1p43D8eEbZKOY4Qyqf8Bo0tNfPI5eBtQwIukoq94zevqhfIQ11RE+t8urbzwVm/5ZqLXujzUGf14YeRIqB0zUG91eYsZBl61Y0KOKlxv790BIp28HLw69TSiU4+NgLLr+MwpPhv3kKqHBGdNn+vqaMwtPRh4OSP7iwTR+1fop/joktARWgAmu9Bn2TfoC5S4eEcLR0qP2Ay0TOa44h9qd3bvqRfDd7QMOdPLmLy1V6E2oYTtsAdgu6rAZNgYbI+2VSqY2PtRKGmXiv/8DjIRM6g== +sidebar_class_name: "post api-method" +info_path: authorization +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetEntitlements + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/authorization/v1/authorization.info.mdx b/docs/OpenAPI-clients/authorization/v1/authorization.info.mdx new file mode 100644 index 00000000..0c3ed2c2 --- /dev/null +++ b/docs/OpenAPI-clients/authorization/v1/authorization.info.mdx @@ -0,0 +1,41 @@ +--- +id: authorization +title: "authorization" +description: "" +sidebar_label: "authorization" +hide_title: true +custom_edit_url: null +--- + +import ApiLogo from "@theme/ApiLogo"; +import Heading from "@theme/Heading"; +import SchemaTabs from "@theme/SchemaTabs"; +import TabItem from "@theme/TabItem"; +import Export from "@theme/ApiExplorer/Export"; + + + + + + + + + + + + + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` + \ No newline at end of file diff --git a/docs/OpenAPI-clients/authorization/v1/sidebar.ts b/docs/OpenAPI-clients/authorization/v1/sidebar.ts new file mode 100644 index 00000000..60d8e5e9 --- /dev/null +++ b/docs/OpenAPI-clients/authorization/v1/sidebar.ts @@ -0,0 +1,32 @@ +import type { SidebarsConfig } from "@docusaurus/plugin-content-docs"; + +const sidebar: SidebarsConfig = { + apisidebar: [ + { + type: "category", + label: "V1 Authorization", + items: [ + { + type: "doc", + id: "authorization-authorization-service-get-decisions", + label: "GetDecisions", + className: "api-method post", + }, + { + type: "doc", + id: "authorization-authorization-service-get-decisions-by-token", + label: "GetDecisionsByToken", + className: "api-method post", + }, + { + type: "doc", + id: "authorization-authorization-service-get-entitlements", + label: "GetEntitlements", + className: "api-method post", + }, + ], + }, + ], +}; + +export default sidebar.apisidebar; diff --git a/docs/OpenAPI-clients/authorization/v2/authorization-v-2-authorization-service-get-decision-bulk.api.mdx b/docs/OpenAPI-clients/authorization/v2/authorization-v-2-authorization-service-get-decision-bulk.api.mdx new file mode 100644 index 00000000..0f43be19 --- /dev/null +++ b/docs/OpenAPI-clients/authorization/v2/authorization-v-2-authorization-service-get-decision-bulk.api.mdx @@ -0,0 +1,71 @@ +--- +id: authorization-v-2-authorization-service-get-decision-bulk +title: "GetDecisionBulk" +description: "GetDecisionBulk" +sidebar_label: "GetDecisionBulk" +hide_title: true +hide_table_of_contents: true +api: eJzlGmtvI7fxrxAskMrAWrLd9otgX+vYusBBznZt3QWBbSjU7kjimUuuSa5sxdF/L4bc965kXXItEvQ+3J043OG8OC/OK7Vsbujwjn46IqepXSjNf2GWK0kfAqoS0O7HRUSHlFXB/eVRv7b/FvSSh9D/Duw5hNxwJb9NxSMNaMI0i8GCxnNeqWQx0CE9U1JCaPevtbIqVGL/E2j8iAaUSzqkC2ARaBpQDU8p1xDRodUpBNSEC4gZHb5Su0oQk0zjqdtpuRVvoAaZxnR4d/gQ0AhMqHnieB3Sc5hxCcQugCz9bqJm7meGjSQZNhrQUElj6fBwvQ5a/Ix5DCq1+x9Mi5PdKa8h2Uio9bsCwiWJDV2vH7y0wNhvVbTCg0IlLUiL/2VJInjodDX4bBDXa5siNf0MoUWlaVS+5WAQGmUavfHYTeULpjVbIasWYvM2JpCW29VFhP/OOGj3Rca9h014CWwyzyTxm0icGkumQIrNEZkpTWo2SnKyuZyjkBuEKQlXM2eSXSSeLRiXHdSFbr1JmFtFi1ESiNIkVho8qRwMYTIizJJYGUsOD+5lAci5SLRa8ggit3MK9hlAkkP36/AA1RuqVNrhvfz555/v5YKZnl1w08/x7JFvviG1lb7hv0Bvj7wjBxthxyeOGIfyXnYIqCGWZAExaCbQGRRqNlZn0s3FlG+b8KglpgJIuNeX1Sx85HJeMJ3Zr2Ndg0mUNEDXAc2J/xLL26TgUDCefZERna00yU0NRGS6IqObW+K3kFhF8KaoPLQpo3VAl0ykHZCAzpSOmaVDOuWS6RXujWCazrvYYlHEkUAmriunonNcr9+CthguvetdvviAXq0pMQ7Sble834Narx+UrzbPyjB2nAYx4+I0ijQYs9XUcN+EZRurp9Yh9ZNr2DtOTw3oS+fTN5+MeybO8VdPLVfrJxYYH9BD/5FuVcgszJVe1e5Cvha0qMmiJz07HY++u7r5afLx8vZ6dHbx/mJ0ToNy+fbjt9+PzsbVpdHlp4ubq8sPo8sxfagKbeTc6kaznjFhoMnw9Yj0rkEbJYn/fA997iUuXyq5XwfRql3kXmTzTXEHrpvflH6/ZkqVSNFhSRrm3FjQEN2AUakO4RPe//dPcpuqy68mOvts4vzGZPaEBMRc/gBybhd0eFhxHKnmLcOYpUKsyFPKhI+QaJt5WlMeQ/JjiDuGGKtwlUuSCGbxAJIowcNVQJ4XoIFweS9dSCEhM5Bhy1Cw0BrCTGZpiQYDEleI4XIuIA/frVg9cAABMUhbi9tVVbwlmqputgi/Q1VWPUIt2vuFVv4RhmAMcUDS+/7H8R7KhIcLwg1x0cIqEmpgFkiZq/jkoBeqONEc5dCZJezdS4+3mRS0wv7nZ1tG/M/PthLs/yzh/POz3XYqgpuHuYzXaQVNoqpq3P2w833ONVvF4Nc67OKZ20WW9I6bJoKwScbgpNteItB86W9IbvhaxdmNcR/+1TRy1pqJff/jOCCa2QVoYhdMkoQZZ0BcOiRTFa3uZZuQwoYw7uOtlcRAkT+6q3ty4oAdBjNVSgCTtZvXyWtVgi1BuVi3TSUBZaEXUynSbKUpRu+3UDZORNyQ4ujd0/owNVbFWzMYv6NdcSUaMCo2Mpt8dy2t8YsdlmQskxHTUZXdYm3LkZuj8O349PL89OZ8cno2vri6bATjJvR8dHbz0/W4AzK+Ob28/XDRiMsV2qoMFssduQzf6kk6/Md3ILHBABFJU+4iTsQsmzLvI+QbSZjPvwIag2X4XVWyxdpbbtA76+jU1lIgvzhhbS9UgvBGYXFgQC9Bk152wZ8XeQSIyDMXgmgIlY58QGWSsDTilsASpN3rUu4LixMBriVziKnrYf/g4OBvfz84ODwy6OWKgB8xC/vYAkAZpEnUZiNb7GKjBG1hI9v0P2RDsCmIzlou5ynbscm1bLYWX3qtm4JQiUdCzEJpzDxK4Bs5YhPTrdVpaDEBSCV/SkGs8ubEirAyQUJHSYpTS/ykMNm3clO8kB7ZV6mGmbWaT1Pr86NaWVyAfJbVLpCZsx41I8XOLId8/+9LExCThgtMBu1CGe/Ayfj8fdDocByVHY57yWdF3hMUQus3CSni20ZMXs5MCCSIR46gavzrz55kZ5ekun58gihrECZED0UcEPy7z81HzXt7e7vnXYhlB7WVPYNcGe7DL6hbOpRXdeRNtf8f1C//nVriD1XSVxjMSf2y0nrEXbK56WIb0uu+1K4CZ5u1Qmuiz91XQGP2cuFN//Dg4MBZR/57HaABzLgQbCrgair43KXI77/oBjUZrDmYCv6JKg5AC9jkYv7xBS4m8yInJ+SA/Por6VUXj08QVe5aNniVilupOoLNRLe4LeGG9JrXyWt0r1qOgCaurE8QO+o/O4zL+b0kvA99srA2McPB4Bhvo0lYCO8GaioGxxG+TDg7cxf13cDhHxy7f941XPufSPIV0Vcetz6kwvL8jmWVT2d76KL6nJEVONtLo6YSz5iv9ipvHR71oHxhcFXjP+8lOey77kKWxmmYgQYZAumx0Cq9dy/Jkd/hSbmX5G99EiMziSj7OAZZJxczkrVlooCECwgfDSmVlXnVYVWXpGpwTo+GWW4wBRKCWM3nc3QOfYf+UlkY+kYSxxaRa4ckoF1MkJZMU/FY+Dl0gi0yi06RCUiaYO6FXgRx5N/dS89n38WON1srlc3dly8/MC+G6z7sqOnCum0HH0ZLk/kCS7jINY3iVM8QZRr/kAnmxTWXZoSR/KjjUcMIA3LqeMTsKvFlSm7F70qhkfHuWsG+loCXateO9JyrKPRVbYQZFylCbyLOANvWt0fX9SaPe79wia8LdM7PHx0c+LfJWhaeOvn4R9qv+/RZOfq3vX0yIa5Bx9xiXV9Ns4WYJAWgVXEquQTJ3SWeCYa9n8gxI+dkLtSUiY7rgEupsKTn8Q4ikKu9jhZPWUvkBvN73nbzpCU3qF0ToCIB+6o9xlwYVVEXa+1OnQdkgtvSdjkfnV3ctvstxfL56PKn6u/r0Y1vrpT2XOYyv60UyPFUIufvCP3Xo+tqSw29aObRMbvDHXO+dHL2WvqdiUBnknpe6mV76dvMISeFybczPRnxJY/SzguyY1jPrGlXqirRIfcWW0PATuidK4xgxtAuWw5vpLXSX8/dhfi+3XFpqw0dqexkplIZYR6TX4uQyRCE81+pfJTq2U/yuARtwvQ8xZcdpyMWCS5hAi8hQOQ+KBEGlAkNLFpN4IX76Oo8mHFSjdAP+o5kpn14WbDUeLc5Y1xANMHOqZJenIhvqrSHq9RO1GyimZyDo5IjR0iWA3NpQUsmHIgtGXcJDVLMLJsI5YJKKrFbj+HMd2dbc0TjBRagzKaGoCjz5yGzUKnA0Q7/LJTGWa2qZuRurtRcQF8nYf9MRfDQWuj7LqcxbN6pmzoFpySCJQhU6v6MhegpAW2EZBjaJHF8K50LbhZ9cipX+JDV/WnlG6FCJvgv2cgKPvLlbxJV8m+dJPoRWMaFedgCIjMOIgowNyhRT1cOo58V6HufjtvfNuM/5gRGK7FX0rqMCBuqesqtZtp1YnkmgFzuTCg5z6oe8i8kB5+D8nblFIyfB8P1rD3SRtKvhN5MD26kbZrO+qey3hzJZ95y57I7S+4LT4kGm2rp1ZghHBZBI/QLaAmhigeRCs1grgbO3MzgL7htv3g/Zlk/NvOE9SeE5rhhDHahcF4xUS69Thi2muhgp/HFQRufb4z72cVUCzqkr3lfaSSjRHFp161LOPLuklwlIMfn78tO1MebH8q+aC6MHNp3pr/wdC+Z5uiBnD03T/RxIAsJbejazQIaCFONwxXDu4eAYiS4KacDMwq7p/vuugf1GpNxtUZXNVHKR7XuarNWjQuX3cSqG/PXbe3GKsuRo/L2NkeDqpBybKdYde9Z5SNj/gBY8QaVRvpdZyfcd2vv8k8eHGnb+qLl4Vu7VxWMmBhyOVO1iqBhqy37QvllQ61DujxEXtDcY+Y4zUZS27ZcQ1KoxMKLRRvkriBwNv6aXZu73aZ+adA67CGgzpCHd/T1FZ/0PmqxXuPyUwo6s8ncxvHXOsgnZVEXETcIiLoL4cpgK+3dZInrHimz9jpLj7DaPhac26KzpN2P3u282jBv7aRiH+LbHyOqckcriyu/OA1DSOzWvQ8VR3h9dYvvvtNsJtiNMA6pZs+YSbFnz4h/kvJ9f1x7pYLJeepSDupx4p//AIo2XQ8= +sidebar_class_name: "post api-method" +info_path: authorization-v-2 +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetDecisionBulk + + + + + + + + + 0 && this.entities.size() <= 10\n```\n\n","type":"object","properties":{"ephemeralId":{"type":"string","title":"ephemeral_id","description":"ephemeral id for tracking between request and response"},"entities":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"claims":{"title":"claims","description":"used by ERS claims mode","type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true}},"title":"claims","required":["claims"]},{"properties":{"clientId":{"type":"string","title":"client_id"}},"title":"client_id","required":["clientId"]},{"properties":{"emailAddress":{"type":"string","title":"email_address"}},"title":"email_address","required":["emailAddress"]},{"properties":{"userName":{"type":"string","title":"user_name"}},"title":"user_name","required":["userName"]}],"properties":{"ephemeralId":{"type":"string","title":"ephemeral_id","description":"ephemeral id for tracking between request and response"},"category":{"title":"category","type":"string","enum":["CATEGORY_UNSPECIFIED","CATEGORY_SUBJECT","CATEGORY_ENVIRONMENT"]}},"title":"Entity","additionalProperties":false,"description":"PE (Person Entity) or NPE (Non-Person Entity)"},"title":"entities"}},"additionalProperties":false}},"title":"entity_chain","required":["entityChain"]},{"properties":{"registeredResourceValueFqn":{"type":"string","title":"registered_resource_value_fqn","minLength":1,"format":"uri","description":"fully qualified name of the registered resource value stored in platform policy, where in\n this case the resource acts as and represents a single entity for authorization/entitlement decisioning"}},"title":"registered_resource_value_fqn","required":["registeredResourceValueFqn"]},{"properties":{"token":{"title":"token","description":"access token (JWT), which is used to create an entity chain (comprising one or more entities)\ntoken must be provided:\n```\nhas(this.jwt) && this.jwt.size() > 0\n```\n\n","type":"object","properties":{"ephemeralId":{"type":"string","title":"ephemeral_id","description":"ephemeral id for tracking between request and response"},"jwt":{"type":"string","title":"jwt","description":"the token"}},"required":["jwt"],"additionalProperties":false}},"title":"token","required":["token"]},{"properties":{"withRequestToken":{"title":"with_request_token","description":"derive the entity from the request's authorization access token JWT, rather than passing in the body\nwith_request_token must be true when set:\n```\nthis == true\n```\n\n","type":"boolean"}},"title":"with_request_token","required":["withRequestToken"]}],"additionalProperties":false},"action":{"title":"action","description":"name on action is required","type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"resources":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"attributeValues":{"title":"attribute_values","description":"a set of attribute value FQNs, such as those on a TDF, between 1 and 20 in count\nif provided, resource.attribute_values must be between 1 and 20 in count with all valid FQNs:\n```\nthis.fqns.size() > 0 && this.fqns.size() <= 20 && this.fqns.all(item, item.isUri())\n```\n\n","type":"object","properties":{"fqns":{"type":"array","items":{"type":"string"},"title":"fqns"}},"additionalProperties":false}},"title":"attribute_values","required":["attributeValues"]},{"properties":{"registeredResourceValueFqn":{"type":"string","title":"registered_resource_value_fqn","minLength":1,"format":"uri","description":"fully qualified name of the registered resource value stored in platform policy"}},"title":"registered_resource_value_fqn","required":["registeredResourceValueFqn"]}],"properties":{"ephemeralId":{"type":"string","title":"ephemeral_id","description":"ephemeral id for tracking between request and response"}},"title":"Resource","additionalProperties":false,"description":"Either a set of attribute values (such as those on a TDF) or a registered resource value"},"title":"resources","maxItems":1000,"minItems":1},"fulfillableObligationFqns":{"type":"array","items":{"type":"string","description":"if provided, fulfillable_obligation_fqns must be between 1 and 50 in count with all valid FQNs:\n```\nthis.size() == 0 || (this.size() <= 50 && this.all(item, item.isUri()))\n```\n\n"},"title":"fulfillable_obligation_fqns","description":"obligations (fully qualified values) the requester is capable of fulfilling\n i.e. https:///obl//value/\nif provided, fulfillable_obligation_fqns must be between 1 and 50 in count with all valid FQNs:\n```\nthis.size() == 0 || (this.size() <= 50 && this.all(item, item.isUri()))\n```\n\n"}},"title":"GetDecisionMultiResourceRequest","required":["entityIdentifier","action"],"additionalProperties":false,"description":"Can the identified entity/entities access?\n 1. one entity reference (actor)\n 2. one action\n 3. multiple resources\n\n If entitled, checks obligation policy: fulfillable obligations must satisfy all triggered.\n\n Note: this is a more performant bulk request for multiple resource decisions, up to 1000 per request\naction.name must be provided:\n```\nhas(this.action.name)\n```\n\n"},"title":"decision_requests","maxItems":200,"minItems":1}},"title":"GetDecisionBulkRequest","additionalProperties":false,"description":"Is access allowed?\n 1. Multiplexing of a Decision request\n This is a more performant bulk request for complex decisioning (i.e. multiple entity chains or actions on\n multiple resources)"}}},"required":true}} +> + + + +/obl//value/"}},"title":"ResourceDecision","additionalProperties":false},"title":"resource_decisions","description":"individual resource decisions"}},"title":"GetDecisionMultiResourceResponse","additionalProperties":false},"title":"decision_responses"}},"title":"GetDecisionBulkResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/authorization/v2/authorization-v-2-authorization-service-get-decision-multi-resource.api.mdx b/docs/OpenAPI-clients/authorization/v2/authorization-v-2-authorization-service-get-decision-multi-resource.api.mdx new file mode 100644 index 00000000..2866abf1 --- /dev/null +++ b/docs/OpenAPI-clients/authorization/v2/authorization-v-2-authorization-service-get-decision-multi-resource.api.mdx @@ -0,0 +1,71 @@ +--- +id: authorization-v-2-authorization-service-get-decision-multi-resource +title: "GetDecisionMultiResource" +description: "GetDecisionMultiResource" +sidebar_label: "GetDecisionMultiResource" +hide_title: true +hide_table_of_contents: true +api: eJzlGmtvGzfyrxA8oCcDa0lO774Ice5cWylcNLLPVlIUtqBSuyOJCZdck1w5qqv/fhhy37uSnWvu0OL6oY5muMPhvGfIJ2rZytDRHf3wipyldq00/5VZriSdBVQloN2Py4iOKKui+5tX/dr6W9AbHkL/e7AXEHLDlXyXCstvwKhUh0ADmjDNYrCgccMnKlkMdETPlZQQ2uNrrawKlTj+ABq/pgHlko7oGlgEmgZUw0PKNUR0ZHUKATXhGmJGR0/UbhOkJNN44VZabsUzpEGmMR3dncwCGoEJNU/coUf0ApZcArFrIBu/mqil+5lRI0lGjQY0VNJYOjrZ7YLWeaY8BpXa43emdZKXc14jspdR61cFhEsSG7rbzby0wNjvVLTFjUIlLUiL/2RJInjolDb4aJDWU5sjtfgIoUWlabQCy8EgFqTldnsZ4d8lB+2+yHj2uDkvkU2WmSR+EYlTY8kCSLE4IkulSc3ESJTZEZcrFE2DMSXhaukMqYvF8zXjsoO70MGbjDko6llJIEqTWGnwrHIwhMmIMEtiZSw5Gd7LApGfItFqwyOI3MoF2EcASU7cr5MhKiVUqbSje/nLL7/cyzUzPbvmpp/TOSLffENqkL7hv0LviLwhw72416eOGUfyXnYIqCGWZA0xaCbQlws1G6sz6eZiypfNedQSU4Ek3OvLahZ+4nJVHDqzOnd0DSZR0gDdBTRnvrI105pt0TUsxKbL8vYpOBSMZ19kTGeQJrupgYgstmR8c0v8EhKrCJ4Vlcc2ZbQL6IaJtAMT0KXSMbN0RBdcMr3FtREs0lXXsVgUcWSQievKrhjSdrvnsK0DlzHxLgfOMBY1JcZB2sOK92tQ6/WNcmhzr4xix24QMy7OokiDMQdNDdfNWbawumsdU9+5Rr1j99SAnrhIvH9nXDN34bq6awmt71hQnGFc/SN5VcgsrJTe1nwhhwUtbrKcR8/PpuPvr25+nr+f3F6Pzy/fXo4vaFCCb99/98P4fFoFjScfLm+uJu/GkymdVYU2dmF1r1kvmTDQPPD1mPSuQRslif/8CGPuBMETJY/rKFq1izyK7PcUt+Gu+U0Z92umVMkUHZakYcWNBQ1RXsN8QP9/+yAPqbr8aq6zz+YubsyXD8hAzOWPIFd2TUcnlcCRat4yjGUqxJY8pEz4DIm2mRcj5TYk34a4bYixCqFckkQwixuQRAkebgPyuAYNhMt76VIKCZmBjFpGgoXWEGYyS0s0GJAIIYbLlYA8fbdy9cAhBMQgbS1vV1XxnGiqujkg/A5VWfUJatneA1r1RxiCMcQhSe+Hn6ZHKBMergk3xGULq0iogVkgZa3ii4NeqOJEc5RDZ5VwdC893WZR0Er7Hx9tmfE/PtpKsv+zpPOPj/bQrohububqVKcVNImqqnH17MX+nGu2SsHDOuzikdv1jT/DtGkiiJtnB5x320sEmm+8h+SGr1WceYz78K+mUbPWTOyHn6YB0cyuQRO7ZpIkzDgD4tIRWahoey/bjBQ2hHkfvVYSA0X96Fz39NQhOwxmoZQAJmue13nWqgRbgnK57pBKAspCL6ZSpBmkKUYft1A2TkTckGLrl5f1YWqsig9WMH5Fu09KNGBWbFQ2+epaWeOBHZZkLJMR01H1uAXswJb7s/Dt9GxycXZzMT87n15eTRrJuIm9GJ/f/Hw97cBMb84mt+8uG3m5wlv1gAW4o5bhByNJR/z4HiTOByAiacpdxomYZQvmY4R8pgjz9VdAY7AMv6tKtoA9FwZ9sI7ObK0E8sA5a0ehEoUehc2BAb0BTXqZgz+u8wwQkUcuBNEQKh35hMokYWnELYENSHvUpdzPLE4EuInKCZauJ/3hcPjt34bDk1cGo1yR8CNm4Rgbd5RBmkTtY2TArmOUqAPHyBb9D48h2AJEZy+XnylbsS+07LcW33rtmoJQiSdCzFpprDxK5DM1YpPSrdVpaLEASCV/SEFs8+HElrCyQMJASYpdS/qkMNnnalN0SE/sq3TDzFrNF6n19VGtLS5QvspqN8jMWY9akmJlVkO+/dfEBMSk4RqLQbtWxgdwMr14GzQmHK/KCce95Mui7gkKofWbjBT5bS8lL2cmBDLEI8dQNf/1lw+yc0pShb8+RZI1DBOihyIOCP6/z817zXtHRy+vu5DKC9RWzgxyZbgPv6Bv6VBeNZA31f5/0L/8d3qJP1RLXzlgZW7+BVFszF2xuc+xDel1O7XrwNl+rdCa6PPwFdCYfb70pn8yHA6ddeS/dwEawJILwRYCrhaCr1yJ/PaLPKh5wFqAqdCfq2IDtIB9IebvXxBisihyekqG5LffSK8KfH2KpPLQsieqVMJKNRDsZ7p12hJvSK/pTl6jR9V2BDRxbX2C1FH/2WZcru4l4X3ok7W1iRkNBq/RG03CQngzUAsxeB3hfYKzM+eobwaO/uC1+/OmEdr/RJKviH7f3VTW+XSOhy6r1xlZg3O4NWoq8Zz5bq9y1+FJD8obBtc1/uNekpO+my5kZZyGJWiQIZAeC63SR/eSvPIrPCv3knzbJzEeJhHlHMfg0cnlkmRjmSgg4RrCT4aUysqi6qiqS1I1OKdHwyw3WAIJQazmqxUGh74jP1EWRn6QxHFE5MYhCWiXE6Qli1R8KuIcBsEWm8WkyAQkTbD2wiiCNPLv7qU/Z9/ljmdHK5XFNRPYNW8PfRXmoq4LOq+GQ/zTKAlTpxZ/z/c1bs+YENegY26xM6wWakLMkwLR6lmU3IDkzgyWguH0IHIcyBVZCbVgokOgCEqFJT1PdxCB3B51DAnKajT3jC+qSvekztyxXppCixT+VadUuTCqoi5g7VmPR2SCO9C4X4zPL2/bHXsBvhhPfq7+vh7f+Pa8NMIyG/5nxWROpxJ7f0fyuB5fV4cy6IdZTMD6AFes+MbJ2Wvpd6aSzjLnotTL4eapWYXMC5Nv1woy4hsepZ0O8sLEkFnTM2X7zlnbkqHhtMLIWGulv14QCfEKs8Orqj27VHa+VKmMMFXldhsyGYJwASaVn6R69E8sXA6eM71KcXjvhMgiwSXM4XMIELkPSoIBZUIDi7Zz+MyNRam7EGNQePMIA5UfOmXqgc9rlhof15aMC4jmOBxT0osT6S2U9niV2rlazjWTK3BccjwRsuXQXFrQkgmHYhvGXc5Cjpllc6FcqE4lDmQx7/kBXOuBx3SNPQazqSEoyvwGwKxVKvD23k/+0zhrR9SS3K2UWgno6yTsn6sIZi1A3w+yjGGrTt3UOTgjEWxAoFKPlyzEUAZoIySj0GaJ43XYSnCz7pMzucW7iu5PK98IFTLBf81eJeA9Tj52rrJ/6yTRj8AyLszsAIosOYgowEahJL3YOor+Orjvgy4uf96M/5iX7K3aTUnLuDRuZqYX3Gqm3bCNZwLI5c6EkqussCX/RHZw4p9PpBZg/EMdhGcdcJtIv5IbMz24t0aLdNk/k/X+N3+MlAeXlx/JfeE50WBTLb0aM4KjIqqHHoCWEKp4EKnQDFZq4MzNDP6Cy46LK0KWjdyySFifEu99EBaDXSt8WpYoV30nDMcKdPCil2aDA4T9NNQ/M0u1oCP6lA8TxjJKFJd213LLsQ+g5CoBOb14W44f3t/8WA7DcvHk2L5zhrU/wIZpjjHJWXhzR58ZsiTRxu7csy0DYarxRn10Nwso5oab8iFXxuG+h1iNl0+1QUa1jMmf4tzV3tI0vC1zw2oM8762c4/dyiclpes2n35UMeWzjALq7ivKS6T8gqcSCiqD0rvOSaefxt3ln8wca4fmXuXmB6cTFYqYdpaqVq03rLNlSCi97KHhiG5O8CRo4DFz58yeCR6w3hq1QjMWPlu0Ou6qdmfVT5nH3L3sbSYN9u86C6iz4dEdfXrCK5z3Wux2CH5IQWfmmJs3/toF+XtG1E3EDSKi7ha48vyQ9m6yMvOIlDV2/WyfYHv48WZum86yXr71y/arPbms7VSsQ3rHUyRVrmiVdOUXZ2EIiT24dlYJhtdXt3jPt8hebronayOq2SOWVezRH8RfQfg5L8KeqGBylbr6g3qa+N+/AXofiOk= +sidebar_class_name: "post api-method" +info_path: authorization-v-2 +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetDecisionMultiResource + + + + + + + + + 0 && this.entities.size() <= 10\n```\n\n","type":"object","properties":{"ephemeralId":{"type":"string","title":"ephemeral_id","description":"ephemeral id for tracking between request and response"},"entities":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"claims":{"title":"claims","description":"used by ERS claims mode","type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true}},"title":"claims","required":["claims"]},{"properties":{"clientId":{"type":"string","title":"client_id"}},"title":"client_id","required":["clientId"]},{"properties":{"emailAddress":{"type":"string","title":"email_address"}},"title":"email_address","required":["emailAddress"]},{"properties":{"userName":{"type":"string","title":"user_name"}},"title":"user_name","required":["userName"]}],"properties":{"ephemeralId":{"type":"string","title":"ephemeral_id","description":"ephemeral id for tracking between request and response"},"category":{"title":"category","type":"string","enum":["CATEGORY_UNSPECIFIED","CATEGORY_SUBJECT","CATEGORY_ENVIRONMENT"]}},"title":"Entity","additionalProperties":false,"description":"PE (Person Entity) or NPE (Non-Person Entity)"},"title":"entities"}},"additionalProperties":false}},"title":"entity_chain","required":["entityChain"]},{"properties":{"registeredResourceValueFqn":{"type":"string","title":"registered_resource_value_fqn","minLength":1,"format":"uri","description":"fully qualified name of the registered resource value stored in platform policy, where in\n this case the resource acts as and represents a single entity for authorization/entitlement decisioning"}},"title":"registered_resource_value_fqn","required":["registeredResourceValueFqn"]},{"properties":{"token":{"title":"token","description":"access token (JWT), which is used to create an entity chain (comprising one or more entities)\ntoken must be provided:\n```\nhas(this.jwt) && this.jwt.size() > 0\n```\n\n","type":"object","properties":{"ephemeralId":{"type":"string","title":"ephemeral_id","description":"ephemeral id for tracking between request and response"},"jwt":{"type":"string","title":"jwt","description":"the token"}},"required":["jwt"],"additionalProperties":false}},"title":"token","required":["token"]},{"properties":{"withRequestToken":{"title":"with_request_token","description":"derive the entity from the request's authorization access token JWT, rather than passing in the body\nwith_request_token must be true when set:\n```\nthis == true\n```\n\n","type":"boolean"}},"title":"with_request_token","required":["withRequestToken"]}],"additionalProperties":false},"action":{"title":"action","description":"name on action is required","type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"resources":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"attributeValues":{"title":"attribute_values","description":"a set of attribute value FQNs, such as those on a TDF, between 1 and 20 in count\nif provided, resource.attribute_values must be between 1 and 20 in count with all valid FQNs:\n```\nthis.fqns.size() > 0 && this.fqns.size() <= 20 && this.fqns.all(item, item.isUri())\n```\n\n","type":"object","properties":{"fqns":{"type":"array","items":{"type":"string"},"title":"fqns"}},"additionalProperties":false}},"title":"attribute_values","required":["attributeValues"]},{"properties":{"registeredResourceValueFqn":{"type":"string","title":"registered_resource_value_fqn","minLength":1,"format":"uri","description":"fully qualified name of the registered resource value stored in platform policy"}},"title":"registered_resource_value_fqn","required":["registeredResourceValueFqn"]}],"properties":{"ephemeralId":{"type":"string","title":"ephemeral_id","description":"ephemeral id for tracking between request and response"}},"title":"Resource","additionalProperties":false,"description":"Either a set of attribute values (such as those on a TDF) or a registered resource value"},"title":"resources","maxItems":1000,"minItems":1},"fulfillableObligationFqns":{"type":"array","items":{"type":"string","description":"if provided, fulfillable_obligation_fqns must be between 1 and 50 in count with all valid FQNs:\n```\nthis.size() == 0 || (this.size() <= 50 && this.all(item, item.isUri()))\n```\n\n"},"title":"fulfillable_obligation_fqns","description":"obligations (fully qualified values) the requester is capable of fulfilling\n i.e. https:///obl//value/\nif provided, fulfillable_obligation_fqns must be between 1 and 50 in count with all valid FQNs:\n```\nthis.size() == 0 || (this.size() <= 50 && this.all(item, item.isUri()))\n```\n\n"}},"title":"GetDecisionMultiResourceRequest","required":["entityIdentifier","action"],"additionalProperties":false,"description":"Can the identified entity/entities access?\n 1. one entity reference (actor)\n 2. one action\n 3. multiple resources\n\n If entitled, checks obligation policy: fulfillable obligations must satisfy all triggered.\n\n Note: this is a more performant bulk request for multiple resource decisions, up to 1000 per request\naction.name must be provided:\n```\nhas(this.action.name)\n```\n\n"}}},"required":true}} +> + + + +/obl//value/"}},"title":"ResourceDecision","additionalProperties":false},"title":"resource_decisions","description":"individual resource decisions"}},"title":"GetDecisionMultiResourceResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/authorization/v2/authorization-v-2-authorization-service-get-decision.api.mdx b/docs/OpenAPI-clients/authorization/v2/authorization-v-2-authorization-service-get-decision.api.mdx new file mode 100644 index 00000000..6e8813b7 --- /dev/null +++ b/docs/OpenAPI-clients/authorization/v2/authorization-v-2-authorization-service-get-decision.api.mdx @@ -0,0 +1,71 @@ +--- +id: authorization-v-2-authorization-service-get-decision +title: "GetDecision" +description: "GetDecision" +sidebar_label: "GetDecision" +hide_title: true +hide_table_of_contents: true +api: eJzlGmtvGzfyrxB7QM8G1pKd9r4Ice5cWykctLbPVlIUlqFSuyMtEy65JrlyVFf//TDkPrgPyUrbO7S4fqgjDndmOO8Z8jkwdKmD0X3w4RU5y00iFfuFGiZF8BAGMgNlf1zGwSigPniwejVo7L8DtWIRDL4DcwER04giDDKqaAoGFNJ4DgRNIRgF51IIiMzRjZJGRpIffQBVfMBEMAoSoDGoIAwUPOZMQRyMjMohDHSUQEqD0XNg1hliEnk6tzsNM/wF1CDyNBjdnzyEQQw6Uiyz5xwFF7BgAohJgKzcbiIX9meBjWQFtiAMIim0CUYnm03YOc+EpSBzc/SD7pxkf84bSLYyatyukDBBUh1sNg9OWqDNtzJeI6FICgPC4D9plnEWWT0NP2rE9dzlSM4/QmRQaQoVbxhohIIwzKwvY/y7YKDsFwXPDjZjNbDNMhXEbSJprg2ZA6k2x2QhFWlYFYkL02FiiaJpMSYFXC+sIfWxeJ5QJnq4i+x6mzG7inqWAohUJJUKHKsMNKEiJtSQVGpDTo6nogKUp8iUXLEYYrtzDuYJQJAT++vkGJUSyVyY0VT8/PPPU5FQfWASpgclnkPy1VeksTLQ7Bc4OCRvyPFW2OtTy4xFORU9AmqJJUsgBUU5um+lZm1UId1STOW2GYs7YqqAhDl9GUWjT0wsq0MXVmePrkBnUmgINmFQMu+RpkrRNbqGgVT3Wd42BUecsuKLgulipc1uriEm8zUZ394Rt4WkMoYXReWgbRltwmBFed4DCYOFVCk1wSiYM0HVGvfGMM+XfceiccyQQcpvPKoY0jabl6CdA9cx8b5cfMBY1JYYA2F2K97tQa03CZWrbVoFxh5qkFLGz+JYgdY7TQ33zWix0afahDQpN7D3UM81qCsbibdTxj0zG659qvVqk2KF8QHj6p/JqyJqYCnVuuEL5VrY4abIecH52WT83fXtT7P3V3c34/PLt5fjiyCsl+/ef/tufD7xl8ZXHy5vr69+GF9NggdfaGMbVrea9YJyDe0D34zJwQ0oLQVxnx9izL3C5SspjpqgwLeLMops9xRLcNP+po77DVPyMkWPJSlYMm1AQXwLWuYqgg/o/28fxS5V11/NVPHZzMaN2eIRGUiZ+B7E0iTB6MQLHLliHcNY5JyvyWNOucuQaJtlMVKTISUZYskQbSSuMkEyTg0SIJnkLFqH5CkBBYSJqbAphURUQ4GtQEEjownVhaVlCjQIXCGaiSWHMn13cvXQAjikIEwjb/uqeEk0vm52CL9HVUZ+gka2dwud+iOKQGtigeTg3Y+TQ5QJixLCNLHZwkgSKaAGSF2ruOLgIJJpphjKobdKOJwKh7ddFHTS/scnU2f8j0/GS/Z/lXT+8cnsoorgNjFbp1qtoEn4qsbdD3v7c6lZH4Nb67GLJ2aSW3eGSdtEEDYrDjjrt5cYFFs5DykNX8m08Bj74d91q2ZtmNi7HychUdQkoIhJqCAZ1daAmLBI5jJeT0WXkcqGMO+j1wqioaofreuenlpgj8HMpeRARcPzes/qS7AjKJvrdqkkDGjkxFSLtFhpi9HFLZSNFRHTpCK9f1kf5drIdGcF43Z0+6RMAWbFVmVT7m6UNW6xx5K0oSKmKvaPW63tILk9C99Nzq4uzm4vZmfnk8vrq1YybkMvxue3P91MeiCT27Orux8uW3nZ480/YLXcU8uwnZGkJ358BwJHAhCTPGc248TU0Dl1MUK8UIS5+isMUjAUv/MlW629FAZdsI7PTKMEcosz2o1CNQg9CpsDDWoFihwUDv6UlBkgJk+Mc6Igkip2CZUKQvOYGQIrEOawT7mfaZpxsEOUEyxdTwbHx8dff3N8fPJKY5SrEn5MDRxh444yyLO4e4xise8YNWjHMYpN/8NjcDoH3tvLlWcqdmwLLdutxbVem7YgZOaQEJ1IhZVHDXyhRmxjujMqjwwWALlgjznwdTmcWBNaF0gYKElFtcZPKpN9qTZFh3TIfGVXa/tHRGqMYvPcuMqo0RBXIFdfdVtjau1GLki1s6ge3/77SodE51GCZaBJpHahm0wu3oat2carerYxFWxRVTxhJa5Bm5Eqs23F5CRMOUeGWGwZ8jPfYPEoeucj/vrrU0TZgFDOD3DUEBL8/4Dp94odHB7uX3Ehlj3GF/W0oFSG/fALOpYe5fkhvK32/4PO5b/TRfypmvkvC1ZjZmvKbV6syUG/B9tGm25XAZrtIucLxjmdc7iec7a0de3bLzL+NruN2ODhn8mKACpvW3T4xxdEhyIAnJ6SY/Lrr+TAX3x9iqjKqLAlIHgRwffh7Ux3TlvDNTloe4LTz6HfQ4AithfPEDtqsyDGxHIqCBvAgCTGZHo0HL5GR9IZjeDNUM758HWMlwDWaqyPvRla/MPX9s+bVlT+C0neE713h1R0KL1jnEv/2qFqRKq0urubaavwnLoGzbuecFSG9aWAbfT+ORXkZGAHAkXlpWABCkQE5IBGRqrDqSCv3A7H1VSQr93vkjk8MrlckGKGEockSiD6pEmtpCIQjnwdEt/QrP40NUxjvcI5MYotl+jig6lwhAc2Cr84nvA2NzSyad/AuUrGxi8bA14dH+OfVlmVWzm5u7I/4gaqHC755U5c3zG2G3gHwADoz7n2H6+UeWPflFClpD903vLbDq1A59zsaEEvxueXd93es1q+GF/95P++Gd+6RrM2hTpF/LbiqMTjBaTfEVFvxjf+eAGr+cJhSgtYspWVc+l5vyu+fklV1whjhWZf+HhjNb+gqMSOY42VkuqPc6sIL8Z6LNzvBIU0s4XMRYzRtLShiIoIuJ105OKTkE/u4t4miRlVyxxHwlajNOZMwAw+RwCx/aBGGAaUK6DxegafmTZoAhmolGmU1ywGwSD2wvkMPic0127AsqCMQzzDkYsUTpyIby6Vg8vczORipqhYguWS4YmQLQtmwoASlFsQXVFmgytyTA2dcWmDVy5wzIcB2o11Os8GJgnWr9TkmqAoy7myTmTO8U7YzZPztCh15YLcL6VcchioLBqcyxgeOgsDNx7Rmi57ddPk4IzEsAKOSj1a0AjDCqCNkAJDlyWGlyxLznQyIGdijRPw/k+9b7iMKGe/FHfdeDtQDjN99u+sJAYxGMq4ftgBIgsGPA6xLq1Rz9cWo7tkHLgAiNtfNuM/59Vtp7yQwlAmtJ3EqDkziio7wmGFAEq5Uy7Fsqi8yL+QHZwjl3OOOWj3/APXi+6qi2Tg5alCD/YFyzxfDM5Es7cqn7iUwWX/I9kvHCcKTK6EU2OBcFRF2MgtoCVEMh3GMtLDpRxac9PDv+G2o+riiRaDnCISNmeP/suiFEwi8VlSJm15mFHsUoPhXq+Uhk1cbpLmnijligej4LlsR8ciziQTZtNxvrELk+Q6AzG5eFs3sO9vv6/HKaUQSujAmnzieF5RxTDyWDtuU3Txv0gFXejGPvnREOUKb2NH9w9hgBngtn4EVHC47RFP69VMoxX2C4fyGcd94x1Gy6cKZ/MjlfOojX0oVT9HqB20/WzAh9RX+tWqnXXXFxDl5YDn8P6QrWdS5qY59+UHFt+OztfbiBljIRvTtpaVdawDRVK8PBsFqxNkDw01pZb54t1Y0wobCCoJG/hs0HqYbU6tdT4Xxn6/35O8IGwQeggDa36j++D5GSf37xXfbHD5MQdVWFJpmfhrE5bP2NAEYqYREPe3Ud6rs+DgtqjJDkldkDaP8wnWu9/slWZljWJ/0vvRa7y0a1Cq9iG+owmiqnd0aq76i7Mogszs3Pvgha6b6zu83pkXD/bsS6VRoOgT1j30yR3ETZ7dkA/XngNOxTK3BULgcOJ//wEP28PF +sidebar_class_name: "post api-method" +info_path: authorization-v-2 +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetDecision + + + + + + + + + 0 && this.entities.size() <= 10\n```\n\n","type":"object","properties":{"ephemeralId":{"type":"string","title":"ephemeral_id","description":"ephemeral id for tracking between request and response"},"entities":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"claims":{"title":"claims","description":"used by ERS claims mode","type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true}},"title":"claims","required":["claims"]},{"properties":{"clientId":{"type":"string","title":"client_id"}},"title":"client_id","required":["clientId"]},{"properties":{"emailAddress":{"type":"string","title":"email_address"}},"title":"email_address","required":["emailAddress"]},{"properties":{"userName":{"type":"string","title":"user_name"}},"title":"user_name","required":["userName"]}],"properties":{"ephemeralId":{"type":"string","title":"ephemeral_id","description":"ephemeral id for tracking between request and response"},"category":{"title":"category","type":"string","enum":["CATEGORY_UNSPECIFIED","CATEGORY_SUBJECT","CATEGORY_ENVIRONMENT"]}},"title":"Entity","additionalProperties":false,"description":"PE (Person Entity) or NPE (Non-Person Entity)"},"title":"entities"}},"additionalProperties":false}},"title":"entity_chain","required":["entityChain"]},{"properties":{"registeredResourceValueFqn":{"type":"string","title":"registered_resource_value_fqn","minLength":1,"format":"uri","description":"fully qualified name of the registered resource value stored in platform policy, where in\n this case the resource acts as and represents a single entity for authorization/entitlement decisioning"}},"title":"registered_resource_value_fqn","required":["registeredResourceValueFqn"]},{"properties":{"token":{"title":"token","description":"access token (JWT), which is used to create an entity chain (comprising one or more entities)\ntoken must be provided:\n```\nhas(this.jwt) && this.jwt.size() > 0\n```\n\n","type":"object","properties":{"ephemeralId":{"type":"string","title":"ephemeral_id","description":"ephemeral id for tracking between request and response"},"jwt":{"type":"string","title":"jwt","description":"the token"}},"required":["jwt"],"additionalProperties":false}},"title":"token","required":["token"]},{"properties":{"withRequestToken":{"title":"with_request_token","description":"derive the entity from the request's authorization access token JWT, rather than passing in the body\nwith_request_token must be true when set:\n```\nthis == true\n```\n\n","type":"boolean"}},"title":"with_request_token","required":["withRequestToken"]}],"additionalProperties":false},"action":{"title":"action","description":"name on action is required","type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"resource":{"title":"resource","type":"object","oneOf":[{"properties":{"attributeValues":{"title":"attribute_values","description":"a set of attribute value FQNs, such as those on a TDF, between 1 and 20 in count\nif provided, resource.attribute_values must be between 1 and 20 in count with all valid FQNs:\n```\nthis.fqns.size() > 0 && this.fqns.size() <= 20 && this.fqns.all(item, item.isUri())\n```\n\n","type":"object","properties":{"fqns":{"type":"array","items":{"type":"string"},"title":"fqns"}},"additionalProperties":false}},"title":"attribute_values","required":["attributeValues"]},{"properties":{"registeredResourceValueFqn":{"type":"string","title":"registered_resource_value_fqn","minLength":1,"format":"uri","description":"fully qualified name of the registered resource value stored in platform policy"}},"title":"registered_resource_value_fqn","required":["registeredResourceValueFqn"]}],"properties":{"ephemeralId":{"type":"string","title":"ephemeral_id","description":"ephemeral id for tracking between request and response"}},"additionalProperties":false,"description":"Either a set of attribute values (such as those on a TDF) or a registered resource value"},"fulfillableObligationFqns":{"type":"array","items":{"type":"string","description":"if provided, fulfillable_obligation_fqns must be between 1 and 50 in count with all valid FQNs:\n```\nthis.size() == 0 || (this.size() <= 50 && this.all(item, item.isUri()))\n```\n\n"},"title":"fulfillable_obligation_fqns","description":"obligations (fully qualified values) the requester is capable of fulfilling\n i.e. https:///obl//value/\nif provided, fulfillable_obligation_fqns must be between 1 and 50 in count with all valid FQNs:\n```\nthis.size() == 0 || (this.size() <= 50 && this.all(item, item.isUri()))\n```\n\n"}},"title":"GetDecisionRequest","required":["entityIdentifier","action","resource"],"additionalProperties":false,"description":"Can the identified entity/entities access?\n 1. one entity reference (actor)\n 2. one action\n 3. one resource\n\n If entitled, checks obligation policy: fulfillable obligations must satisfy all triggered.\naction.name must be provided:\n```\nhas(this.action.name)\n```\n\n"}}},"required":true}} +> + + + +/obl//value/"}},"additionalProperties":false}},"title":"GetDecisionResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/authorization/v2/authorization-v-2-authorization-service-get-entitlements.api.mdx b/docs/OpenAPI-clients/authorization/v2/authorization-v-2-authorization-service-get-entitlements.api.mdx new file mode 100644 index 00000000..9cf39a95 --- /dev/null +++ b/docs/OpenAPI-clients/authorization/v2/authorization-v-2-authorization-service-get-entitlements.api.mdx @@ -0,0 +1,71 @@ +--- +id: authorization-v-2-authorization-service-get-entitlements +title: "GetEntitlements" +description: "GetEntitlements" +sidebar_label: "GetEntitlements" +hide_title: true +hide_table_of_contents: true +api: eJzVGmtvI7fxrxAskNjAWrav/SQ0bRVbd3WQ+Fxbd0FgC8poOdLybpfcI7nyKYb+ezHk7mpflh0gKNL74hOHnBnOezj7xB2sLR/f849v2KRwiTbyN3BSKz6PuM7R+B9Xgo85NMGjzZtRa/8dmo2McfQO3VQ56VLMUDnLI56DgQwdGqLzxBVkyMf8QiuFsTu5MdrpWKcnH9FYohtxqfiYJwgCDY+4wS+FNCj42JkCI27jBDPg4yfutjlhUkW29Ds91cOoURUZH9+fzyMu0MZG5v6uY36JK6mQuQTZJuxmeuV/lthYXmLjEY+1so6Pz3e7qHefmcxQF+7kJ9u7yes5byF5llEXdkVMKpZZvtvNg7TQuu+12BKhWCuHytF/Ic9TGXtdnX6yhOupz5FefsLYkdIMKd9JtARF0uj2StDflUTjT5Q8B9hC7oFdlkGxsIllhXVsiazeLNhKmwANBsMExpLEL9WaBNNhSyt8v/JmNMTgRQJSDfAW+/UuW36VtKwVMm1Ypg0GViRaBkowcCzT1rHzswdVA6o75EZvpEDhdy7RPSIqdu5/nZ+RSmJdKDd+UL/++uuDSsAeuUTaUYXnmH3zDWutjKz8DY+O2T/Y2bOwv3/nmfEoH9SAgDpiyRPM0EBKDlwr2TpTSrcSU7VtIUVPTDWQyaAtZyD+LNW6vnRpc/7qBm2ulUW+i3jFfIM0GANbcgyHmR2yu+cUHKcgyxMl0+VKl93ComDLLZve3rGwhWVa4IuiCtCujHYR30BaDEAivtImA8fHfCkVmC3tFbgs1kPXAiEkMQjpTYMqBbTd7iVo78L7iHhfLc4pEnUlJlG5w4oPe0jrbULVapdWiXGAGmYg04kQBq09aGq0bwHlxibVNqRNuYV9gHph0Vz7OPw8Zdqz8MG6SXW/2qZYY5xTVP0zeVUMDtfabFu+UK1FPW7KjMcvJrPpu/e3vyw+XN/dTC+u3l5NL3m0X7778P0P04tZc2l6/fHq9v31T9PrGZ83heYT/PZZs15BarF74ZspO7pBY7Vi4fgxxdxrWr7W6qQN4k27qKLI857iCe66Z/Zxv2VKjUwxYEkG19I6NChu0erCxPiR/P/tF3VI1ftTC1MeW/i4sVh9IQYyqX5EtXYJH583AkdhZM8wVkWabtmXAtKQH8k2q1JkT4ZVZJgnw6zTtCoVy1NwRIDlOpXxNmKPCRpkUj0on1JYDBZLbCUKiJ1lYEtLyw1aqtwYMCvVOsUqeZOVtmrA0+fydlMVL4mmqZsDwh9QldOfsZXtw0Kv+ohjtJZ5IDv64efZMclExgmTlvls4TSLDYJDtq9UQnFwFOssN5LkMFglHD+ogLdbFPTS/qdHt8/4nx5dI9n/v6TzT4/uEFUCd4n5KtVrhUyiqWraPX+1P1eabWIIawN28ShdchvuMOuaCMEW5QUXw/Yi0MhN8JDK8I3OSo/xB7+1bT9gLRP74edZxAy4BA1zCSiWg/UGJJVHstRi+6D6jNQ2RHmfvFYxi3X96F33u+88cMBgllqnCKrleYN3bUqwJyif6w6pJPJnLsgpMEFl5Qb/LdGAiZNtwzYqbjq8xM1zi6Q+2NWAzgN9VneO5KIGXWEUgzSt+gURgp8Nkck5I5eFQyaoQ/JXsIzospoSM0WKNiIvzWENTqr1g2JCPwbNVPtkDGmFWirrEARF4MAAadLqFNNtaBZ9+HUJOAonQhqMXbqtOeQRV0WawpKk0C3oOq1yqYrBfNVovQ6rqCvLn0vOcjSZdC5EO2K80YIFEqd1h3MEsdPmOGJL4w3TCwiaOCAO4iXbr+UeRPH2P9f2n2Sc7Fo7HAchnbPJzVVDnd/aWOf4LUvAsiXFHGF0nqOIfNCRnmODsc4yVCLwXFh8UOwdussy0TC5aqcxadlnpR/JCXbdZwO/EEKZjxFvzs7oT1tWd4X349Dg/2Ftc/UQ8juaoD9T1C9VfYNmUml6oCKqWa+4KY8tcjSL2kRaiX/YiPehOvRdL6XEks4f0mIW1unsYLsUdvSfZHKDVIJ32qhqd6uHCosDacs6UAKMaMqgXjtA8vmS/242ub6c3F4uJhezq/fXncq/C72cXtz+cjMbgMxuJ9d3P111moAGb80L1ssDjZM8aMADZvsOFb1AomBFIX15K8DBEoJpqhc6vtDsRTxDB3SuKdl67SUDC5WhmLhWvxUWF9AvefYgSt/0EmHRbNCwo7KaeEyqclOwR5mmPtAZEap3UAwKIR3DDSp3PKTcr5DlKfo323OKVeejs7Ozv/7t7Oz8jaXkUHcXAhye0BshyaDIRf8a5eLQNfagA9coN/0Pr5HCEtNBr67uVO44EF+esZYQb3bPFiM20YbanD3whYa0i+nOmSJ2Ppcp+aWgCqJMwlsG+zTmS5aa6h4/q0226YUTH/9+Xys+UWUCb/Y7oJiDz9jsvKvY+mLj3Xsa6EwAfgdvzZOhrmNrucGKz4hlkOeUtxDiZKj4IPmC2ldgVa1yP+89KlQMHqzJykz4kgS83aygSF2/rpgao80fV1XE9Jw5YMhNl1LaLVa6UIJcqcoHMagYQ1FaqFAq0YhiA6kUCzDrgq7sIwGIVCpc4NcYUYQqtkYYcUgNgtgu8Ku0YcJDhaGlomwhUEkMOaFs9vFrAoUNmWoFMkWxoNylVRAn4VtqE+C6cAu9WhhQa/RcSroRseXBUjk0ClIPgg3IUFhHFCNgkWpfuxWKmjNScMiPvVHPLKH3EnCFZSTK6jXAJrpI6SU/eEWRlTalV+x+rfU6xZHJ49GFFjjvLYxCnrEW1oO66TggE7jBlJR6soLYmzPZCCsx9FmS9DS2TqVNRmyitlQNDx9tnEl1DKn8rZxQ0JtO1YI22b/zkhgJdCBTOz8AYiuJqYjoEWSPehnaoPA0PArhk7a/bMZ/zgf3rqoutHIglfUpzSylM2B8LpSlACq5Q6rVOgRvYP8idkJXGNAt0YaRHa2Xr3l9JKNGOir14KeOy2I1mqhtK1BVY8kquLz+Sv5E4CS0tEGNJcIxS5zL7fj0NA4LZAmxzk6Fju3pWp96c7Onf6FtJ/VzIZQZsYyE7SKuOxHO0CWaRsq59v1uDvQyyk9fNWE+7eMLpUkYLxcm5WP+VD2DTpXItVRu13PCaQiX7H2Oanb5dv9w+uH2x4jZgtKLrYVRQUfe9JPA9waMpAjk7blLMeSBMiX0oTs/rrUYF4be0sf384hTJrjdD3BLDp8bwHZmnq02sdkMVEO4+9YUreNbpdM1I1bwrJ0fcu+HSXtH7Q59mpD9QKZe9c3Doeejsk+XaqWbRWrXKHqKJO7LAf+Yb84pLJBdZeDFUo7n+0bTQlILxOFXR8qWylfNxgeyYJ/3r/sCgkc9YvOIe4sZ3/OnJ+pePph0t6PlLwWaUvmVMdGvXVR9NUBaE9ISQAyXTI0hPz+6LTuxY7avudtX+ozbw59IVJbg9fh60q+j1/qwoUWp3kf4TmaEar+jVy7tT0ziGHN3cO+8EXFu3t9Ri7ssv4/wo+ExN/BIJQs8houE6jvMg2jtiaeg1oXP7TzgpH//BUlcgGM= +sidebar_class_name: "post api-method" +info_path: authorization-v-2 +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetEntitlements + + + + + + + + + 0 && this.entities.size() <= 10\n```\n\n","type":"object","properties":{"ephemeralId":{"type":"string","title":"ephemeral_id","description":"ephemeral id for tracking between request and response"},"entities":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"claims":{"title":"claims","description":"used by ERS claims mode","type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true}},"title":"claims","required":["claims"]},{"properties":{"clientId":{"type":"string","title":"client_id"}},"title":"client_id","required":["clientId"]},{"properties":{"emailAddress":{"type":"string","title":"email_address"}},"title":"email_address","required":["emailAddress"]},{"properties":{"userName":{"type":"string","title":"user_name"}},"title":"user_name","required":["userName"]}],"properties":{"ephemeralId":{"type":"string","title":"ephemeral_id","description":"ephemeral id for tracking between request and response"},"category":{"title":"category","type":"string","enum":["CATEGORY_UNSPECIFIED","CATEGORY_SUBJECT","CATEGORY_ENVIRONMENT"]}},"title":"Entity","additionalProperties":false,"description":"PE (Person Entity) or NPE (Non-Person Entity)"},"title":"entities"}},"additionalProperties":false}},"title":"entity_chain","required":["entityChain"]},{"properties":{"registeredResourceValueFqn":{"type":"string","title":"registered_resource_value_fqn","minLength":1,"format":"uri","description":"fully qualified name of the registered resource value stored in platform policy, where in\n this case the resource acts as and represents a single entity for authorization/entitlement decisioning"}},"title":"registered_resource_value_fqn","required":["registeredResourceValueFqn"]},{"properties":{"token":{"title":"token","description":"access token (JWT), which is used to create an entity chain (comprising one or more entities)\ntoken must be provided:\n```\nhas(this.jwt) && this.jwt.size() > 0\n```\n\n","type":"object","properties":{"ephemeralId":{"type":"string","title":"ephemeral_id","description":"ephemeral id for tracking between request and response"},"jwt":{"type":"string","title":"jwt","description":"the token"}},"required":["jwt"],"additionalProperties":false}},"title":"token","required":["token"]},{"properties":{"withRequestToken":{"title":"with_request_token","description":"derive the entity from the request's authorization access token JWT, rather than passing in the body\nwith_request_token must be true when set:\n```\nthis == true\n```\n\n","type":"boolean"}},"title":"with_request_token","required":["withRequestToken"]}],"additionalProperties":false},"withComprehensiveHierarchy":{"type":"boolean","title":"with_comprehensive_hierarchy","description":"optional parameter to return all entitled values for attribute definitions with hierarchy rules, propagating\n down the hierarchical values instead of returning solely the value that is directly entitled","nullable":true}},"title":"GetEntitlementsRequest","required":["entityIdentifier"],"additionalProperties":false,"description":"What is permitted to the identified entity/entities (actor), broken down as permitted actions on attribute value FQNs?\n\n Note: the v1 API parameter 'scope' has been dropped, and it is recommended to use\n GetDecision if the resource is known"}}},"required":true}} +> + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/authorization/v2/authorization-v-2.info.mdx b/docs/OpenAPI-clients/authorization/v2/authorization-v-2.info.mdx new file mode 100644 index 00000000..cf9aaf33 --- /dev/null +++ b/docs/OpenAPI-clients/authorization/v2/authorization-v-2.info.mdx @@ -0,0 +1,41 @@ +--- +id: authorization-v-2 +title: "authorization.v2" +description: "" +sidebar_label: "authorization.v2" +hide_title: true +custom_edit_url: null +--- + +import ApiLogo from "@theme/ApiLogo"; +import Heading from "@theme/Heading"; +import SchemaTabs from "@theme/SchemaTabs"; +import TabItem from "@theme/TabItem"; +import Export from "@theme/ApiExplorer/Export"; + + + + + + + + + + + + + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` + \ No newline at end of file diff --git a/docs/OpenAPI-clients/authorization/v2/sidebar.ts b/docs/OpenAPI-clients/authorization/v2/sidebar.ts new file mode 100644 index 00000000..5e384512 --- /dev/null +++ b/docs/OpenAPI-clients/authorization/v2/sidebar.ts @@ -0,0 +1,38 @@ +import type { SidebarsConfig } from "@docusaurus/plugin-content-docs"; + +const sidebar: SidebarsConfig = { + apisidebar: [ + { + type: "category", + label: "V2 Authorization", + items: [ + { + type: "doc", + id: "authorization-v-2-authorization-service-get-decision", + label: "GetDecision", + className: "api-method post", + }, + { + type: "doc", + id: "authorization-v-2-authorization-service-get-decision-multi-resource", + label: "GetDecisionMultiResource", + className: "api-method post", + }, + { + type: "doc", + id: "authorization-v-2-authorization-service-get-decision-bulk", + label: "GetDecisionBulk", + className: "api-method post", + }, + { + type: "doc", + id: "authorization-v-2-authorization-service-get-entitlements", + label: "GetEntitlements", + className: "api-method post", + }, + ], + }, + ], +}; + +export default sidebar.apisidebar; diff --git a/docs/OpenAPI-clients/entityresolution/v1/entityresolution-entity-resolution-service-create-entity-chain-from-jwt.api.mdx b/docs/OpenAPI-clients/entityresolution/v1/entityresolution-entity-resolution-service-create-entity-chain-from-jwt.api.mdx new file mode 100644 index 00000000..82652cc5 --- /dev/null +++ b/docs/OpenAPI-clients/entityresolution/v1/entityresolution-entity-resolution-service-create-entity-chain-from-jwt.api.mdx @@ -0,0 +1,71 @@ +--- +id: entityresolution-entity-resolution-service-create-entity-chain-from-jwt +title: "CreateEntityChainFromJwt" +description: "Deprecated: use v2 CreateEntityChainsFromTokens instead" +sidebar_label: "CreateEntityChainFromJwt" +hide_title: true +hide_table_of_contents: true +api: eJztWN1v2zYQ/1cI7mUDFKfNo56Wpm6RYkuCfBQYHMM4i2eLCUWqJOXEM/S/D0dKsWS57scKDAPql0TH492P901uuIel4+mEf3zNxtpLv2bX6IyqvDSaTxMu0GVWluEz5W+xtJiBR5GyyiFbnbAzi+Ax7j3LQWr3zpri1jyidkxq5xEET7gp0QJJORc85RjY7YumUdy/VX2DdiUzHA2kk/APT54n3OKnCp1/Y8SapxueGe1Re/oXylLJLGg7fnAEfMNdlmMB9J9fl8hTbuYPmJGc0hI2L9GF1QC8wwfWwponXHos3Jf3S9Hhcd5KveQJ99IrIkgyRd+kWOZYoAXFpGALY5m3kD1KvWRz9E+ImjUHZaAFs+hKox3yOuEPT/6Qrodgpb4ynyMLJ+R1veUMzuIJByEkMYK66pxpAcphh7uxUFfA57x0HZEfFr2LcfwMRakwZe/RtzGZhcCK5omRBeEXbDIPv3u9udf3Dbp7nrIJfUY2uOcJfc2b3z2/19N7XfOaTkH2lRYFT72tMBCikYNDT169oj99jDdVlqFzPPlRYYed/PlfBF8A3ObMV4I1Gi8XPJ1sdmBnCmSzo4HaUJIvJWtY3T1xnfAVqGrPSsIXxhbgecrnUoNdE6/AebXcB3d/zIYYqQ+t7hr5zGgfwhc0AzuX3oJdM4dWgpJ/o2AFOgdLZKCMXrIn6XMG7HeCw3wOnkVxc3Qs5C/RzSL8PxQy6iXmix23MT5pidM6GTpCovbnB6Mo8syk2FHUUnd1NRL3aaucN0XP7ZHyJbfjs0ftZMywdu+W+DNqvjNqvqVIx7ocpFLdiJ5jbVVgc1wbLaI2D1qAFYG53zde/N0LmUjcEzBYgFSnQlgqvQdCNPDNoGHchW70iyFi1WUmLDlWVM6zOdnH92Duyuui7WHag9liYTyehZS7s+oQ7Mg6i+k5q6zqgRiu9oHsKtqDpXJoL6DYG+KtGuKZaWLqKt9S+0pfJO7TVh1uR2G9p6QalI9AmtbT/7DR0bS7NHbdq1MtLRlgQF0VhPzs9Hb8/vL6r9ndxc3V+Oz83fn4LU+25Ju7Nx/GZ7dd0vji4/n15cWf44tbPu0aJibbt01RV2P26xVaZ3QzQ/3GjGUXRL4w+qi/xLvB3jb2IYIwnnwbjFNKJko3i4quDexqHCx8cTUeKF3P4pj3laNl46Lvmy2v0VdWd4tAO2JaUwRyac1KChTNwNmMlz2gzZQZFqSgrzB/vm6mzdaSXba2H0bm+PWaxtE6TqTJUNzJAXFt/kVmUDLDhnufopOOou0AHJrZAirlh3Pu2Fpjf9yUmxmxt/hgdEu4iGrjZwtTaUG3zzabMtAZKqS8rvSjNk8UhlKvQEkxA7usCkJHBwGhpMYZPmeIImzYCkw4KIsg1jN8ls5TKS/RFtLR2DATqCXGAuRMZTMSkkPlfCAuQCoUM7r+Gh3jjeTNjY3rpvIzs5hZ0EsMKCWdiGCFZak9Wg0qLMEKpIK5IkYBHmbKhL5Saah8Tn4OV+zh9fs2tlNfOUamTNhTLrOcudxUSlDnAs3IZCxMMpR2k6UxS4UjW2ajMyNwOiCMKA+bMWCfb3bzWeAKFTn1aAEZFVCkGGkHiSEkSVVmqaTLR+xUr+nZYP/Wzh5lsmY+oVrhUHsSQ1nZhX8TLDES6EEqNz2wxBYSlUioAm5Fz9dBYkyNUZzpiP0r3gh+DpDDAXJbshs/lNZ4M68Wo1O97pd0ozVmnrXF5euPFHZEJDYU8OjGRmDKcu9Llx4fZ5FAkZCZ4liYzB0vzXEIN3f8C7EdWXrKotAKpSwUwpAIPjf0QlWa8G5Rgs95yo93H6waQtZ0RId2hdaFuy2NZinflAo8uX2sRWmk9vUgl5pmxC5L1Ldv37F2B7u7/iNhrspyBu7lTO3qKERwHuGtwEoqJCEsdzXGct5U9uFqXdNc5TCrLE0X6WSacCro19t3tQZh911sEoevbWiHV6iXHJjWVOsWpncz27HdwBB0ELTxQsdXryk7yPwFhOYSxs7PDwK70jovgf/iubJJSo/PniwvNYGq4vweY2Ky71zdqJgmPHgpnfDNZg4O76yqayJ/qtA2Bm8dSF91wnMEgTZY+RHXTRKj9ke3hOelwAybMI3fccdplmHpD/JOO3F+dXlDQ+i8eUUtQofmFp6oEcJT9E5zQQr3GaJtuAK9rELH4FEm/f4BkILoeQ== +sidebar_class_name: "post api-method" +info_path: entityresolution +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +Deprecated: use v2 CreateEntityChainsFromTokens instead + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/entityresolution/v1/entityresolution-entity-resolution-service-resolve-entities.api.mdx b/docs/OpenAPI-clients/entityresolution/v1/entityresolution-entity-resolution-service-resolve-entities.api.mdx new file mode 100644 index 00000000..8f16bd74 --- /dev/null +++ b/docs/OpenAPI-clients/entityresolution/v1/entityresolution-entity-resolution-service-resolve-entities.api.mdx @@ -0,0 +1,71 @@ +--- +id: entityresolution-entity-resolution-service-resolve-entities +title: "ResolveEntities" +description: "Deprecated: use v2 ResolveEntities instead" +sidebar_label: "ResolveEntities" +hide_title: true +hide_table_of_contents: true +api: eJztWd1v4zYS/1cI3ksP0DpNHv3UNOstUtwli3wscIgMdySOLXYpUiUpJ67h//0wJGVLlte7e+i9NS+RhuTMcOY3HxpvuYeV49MX/umSzbSXfsMe0BnVemk0n2dcoCutbMLrlL/HxmIJHsWUtQ7Z+ipuX2M4LNExqZ1HEDzjpkELdPBW8CnHwN3umU+iuIO0R7RrWeLkiCHPuMU/WnT+ZyM2fLrlpdEetadHaBolyyDk4ndHKm65KyusgZ78pkE+5ab4HUvPM95YUikwnW6jQuk57QRrYcMzLj3W7hQHo/F+yacv2yNepQKZTkiv6EiiZF9RIq7uBTlvpV7xXcbXoNoTKxlfGluD51NeSA12Q3sFFu3qlLoghCTbgPrYk+pti7vdudVjt98Y7UFqx0AzsIX0FuyGObQSlPwTBavROVghA2X0ir1KXzFgP5E6zFfgWWRXoGO+QhboZhmex0wmnJQb2ZFAIC0KAmsiznfZ2BEStSfAjS13YEl7FlIcCeqox7ISx1PSWudNPXB7pHzN7fjmUTsZAdudPRD/Rs3/iJrTyi1BuZF2KdsFrktjWfQc67ICK3BjtIjSPGgBVoTNboiazt8DyETiCcBgDVJdC2HRuXMQDfsWkDYeq2703hAxqzITlhyrW+dZQfbxAzWP+fW1Heh0QmeLtfF4E0Lu2apzasetixiei9aqgRLj1aEix4JO6NI6tHdQn4R4J4b2LDRt6gs/UIdC9xxPSWvl2UQS1gdC2lH6CKT5bn4cwuc5BzZDp2NTYY0WFJMiANZbKD9LvWIF+ldEzVKZZKAFs+gaox1SoFO9Xhm7GeSpjpaNdEDd1qT5zfXT7Jf7h/8snu8eP85ubj/czt7z7EB+fP7519nNU580u/t0+3B/9+/Z3ROf9w0Tg+2LueVkgH6csR8+onVGp87kn8xYdkfkO6PfDZd4H+xdYe9rcNRVPERbfZ9GszeoG4VT9gt6JkXDwHsri9ajCx4pTBGMD0qWyH4ojK+YpY7JofYoWOvIXaBZCDmWwjHX21zne61zPmUviSYFveUcL3OehU29WI1LhSl+wqjXxNhVznO9y46PX33xeFB1xCDX81zv+I4MeABzqABEiNAKML768Uf6N7TTY1uWMc/8la3a5qEzZWDyXX3bkN3Q5d/F6DRatr3GMJ3QrVKcUsr+vS7Q9in7qr2nFMYoBN0nRYV6hG+p0qO2/bdP1Bf8dgCjY8DERkMtS1AqVkHBQvfAXitZVqwETYUEpa/Q5prRfTIGLN6DnqL+9JT0pkeLZWudXFPRtG3pI8+MIhdyzZR0nkpXoLoJu2aNNaIt0e6pTDqGbw2WFDHeUCljh4LnMNdsDVaC9nS+cKjLsAh60y0wqQVBDUPrgdYaO8l1rtlThezXx/u7gyEClELwdjaSLm4Jykx6OXllzErhpLHGm6JdTsL+2EgNbP0YLn5k7GiN1qJgAjx0ZimNdtJ5SgtmyZYSlXC5Ti6ooSEDfMFPbsJuNXOmRqZAr1pYoctYJz3XrJarKjYDbdMYS+YsNuRB8OSfoQkm7IOxLOWBjEmyVrqVXh0EMCU/kwn3NyJz9VMckMlzzSJMJ8HiAj1I5aIHwR8bHyzuOz3y+AoT5EJDSE1OMHl3jVj7qsOtv8G1nUs63ybtzjg3nuhXlUO8LZqQNXYZN1aupAZ1/nuj27U4W9VTJ0fF3Zo63DAVdD6upMNUeL6KHVfGzcIeJdKzdTL1Ef+/QtmvfyPdhtWwWaRdo8J47B1a3uacwuPae3uZ82l8C1F7mfPdoE6OGV99G+OrIeOryPhQP0N6WEKr/LhMzigx/XVFsjTiZF+cgjpMebTxi6VptaDRTtfolaBLVEjgbPVnbV4JUFKvQUmxALtqa9KOLgJCSY0LfCsRRThwYJhxUBZBbBb4Jp2n6t+graWjL9qFQC0x9sbOtLYkJhW0zgfiEqRCsaDZktHR3sSvCFmLxi6tX5jlwoJeYdBS0o3qkHKCrh6tBhWWYA1SQaFoI6XahTKhFWk1tL4iN4f51Xi29RS/9HzrGJkyS1nYVaZVgvIo1RLd1qlMmSV7SVnDNuXkxgicjwgTyhLpC/WUb4YaXDOBa1Tk1HdLKCnzhuLVfeOOVZLUAK+UdNWEXesNzeROH+2dUaZMn84UghRqxIbyTV/9x2CJScrd8zNLsWyFEn9gXWwCxzg8mcQqSdu/DuO/ZxsnZhtfLlTXejPI3zdGayw965LLt18pnIiaWPSt1dGNieGUVd43bnpxUUYCIaE09YUwpbtYmYsAN3fxD9r2bpjFQyIMgeArQ7PgxoRPrwZ8xaf84ng0fGFjEeIZd2jXaF3orGliMOXbRoEnl8+0aIzUfjeKo1R+2H2D+un9B9adYM8P/8qYa8uK+pTuPt3qJKC3iqqFTrJQEZLHEmMqT1l9vLrbUQfuqBOmj97pyzzjlMwfDmPspOFwDP0ymCMfgTyhv586IsTJsv25Z/+74jCfHA4cv4M3sRlOrfoCRrOh/uJhWDOghqHKnjLfUf5emsEg9AgPIweTzmjjdfj6kiKeIFVDuJ6OMse/IwyY9H5H+L6fNZL1PL55wo6k77WIzW1C9MupG3SYnmc8YGz6wrfbAhw+W7XbEfmPFm2CSwc/ettlvEIQaANCPuMmpR/U/t0T6XJw4Kh9IIPHE9dliY0/u3fei9CP94802SnSTy516C24hVe6CbxGH6SpYxgSEm3Lu56cT3nkSX//BfU9Z5A= +sidebar_class_name: "post api-method" +info_path: entityresolution +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +Deprecated: use v2 ResolveEntities instead + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/entityresolution/v1/entityresolution.info.mdx b/docs/OpenAPI-clients/entityresolution/v1/entityresolution.info.mdx new file mode 100644 index 00000000..048b0765 --- /dev/null +++ b/docs/OpenAPI-clients/entityresolution/v1/entityresolution.info.mdx @@ -0,0 +1,41 @@ +--- +id: entityresolution +title: "entityresolution" +description: "" +sidebar_label: "entityresolution" +hide_title: true +custom_edit_url: null +--- + +import ApiLogo from "@theme/ApiLogo"; +import Heading from "@theme/Heading"; +import SchemaTabs from "@theme/SchemaTabs"; +import TabItem from "@theme/TabItem"; +import Export from "@theme/ApiExplorer/Export"; + + + + + + + + + + + + + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` + \ No newline at end of file diff --git a/docs/OpenAPI-clients/entityresolution/v1/sidebar.ts b/docs/OpenAPI-clients/entityresolution/v1/sidebar.ts new file mode 100644 index 00000000..4253c0fa --- /dev/null +++ b/docs/OpenAPI-clients/entityresolution/v1/sidebar.ts @@ -0,0 +1,26 @@ +import type { SidebarsConfig } from "@docusaurus/plugin-content-docs"; + +const sidebar: SidebarsConfig = { + apisidebar: [ + { + type: "category", + label: "V1 Entity Resolution", + items: [ + { + type: "doc", + id: "entityresolution-entity-resolution-service-resolve-entities", + label: "ResolveEntities", + className: "api-method post", + }, + { + type: "doc", + id: "entityresolution-entity-resolution-service-create-entity-chain-from-jwt", + label: "CreateEntityChainFromJwt", + className: "api-method post", + }, + ], + }, + ], +}; + +export default sidebar.apisidebar; diff --git a/docs/OpenAPI-clients/entityresolution/v2/entityresolution-v-2-entity-resolution-service-create-entity-chains-from-tokens.api.mdx b/docs/OpenAPI-clients/entityresolution/v2/entityresolution-v-2-entity-resolution-service-create-entity-chains-from-tokens.api.mdx new file mode 100644 index 00000000..ae82f169 --- /dev/null +++ b/docs/OpenAPI-clients/entityresolution/v2/entityresolution-v-2-entity-resolution-service-create-entity-chains-from-tokens.api.mdx @@ -0,0 +1,71 @@ +--- +id: entityresolution-v-2-entity-resolution-service-create-entity-chains-from-tokens +title: "CreateEntityChainsFromTokens" +description: "CreateEntityChainsFromTokens" +sidebar_label: "CreateEntityChainsFromTokens" +hide_title: true +hide_table_of_contents: true +api: eJzVGF1v2zjyrxBcYJEAitP0Udg7XDZ1Dl3sJtnE6eHgGi5Njiy2FKmQlBPX8H8/DCnZkuU4CdCHXh6SiDOc7y/Oino2dzQd00/vyVB76ZfkFpxRlZdG00lCTQmW4cdHQVMKAcVuMAaL94N4bXvrDuxCchhcWGAeIvQiZ1K7S2uKkfkG2tGElsyyAjxYZL+imhVAU3phtAbuT26s8YYbdfIJrENREio1TWkOTIClCbXwUEkLgqbeVpBQx3MoGE1X1C9LpKSrYhYwvfTqBdKgq4Km47NJQgU4bmUZ1E/pB8ikBuJzIIuITUwWPmtqpKyp0YRyo52n6dl6nfT0GckCTOVP/nI9TV4veYfIs4L6iJUQqUnh6Ho9idYC5383YomMuNEetMd/WVkqyYOHT786pLXqS2RmX4F7dJrFePASXIBGX27xmLVsiQp6KNzL96HMoQDLFMbWBtl5K/W8pf4GbSpFT/ENkEhBMmOJt4x/k3pOZuAfATSpdSdMC2LBlUY7oOuEfn30h7gieJdZMC8qTdfrLWYI6U5IjsPtSUKZEBLvMnXT0jxjykGLQG3HNZJwprIc3mRUo+E6C0nUNS/z3spZ5eETU1VNsua4AU0XEbarKSMOPMb6BpMETHL595VLiKt4TpgjPjcOiNGEkdGHy2Rj87Ng7ffvMAa5qbT/rGWGubKQAkRCGj0Hu4KQonKezOB5SuRR+pwwpVAgKYJA6Wf95cuXz9rn0g2yB+0GTn6Ho2PyT/KO/Por6Z3/9g8k2YEwpY7QxAnB3wPp7q08Oj6uKX9GBx+OZqTyCrfVgdZyf7iIAXUoWlr4e5zXDr1dt0+wHHVFtTCXzoMFcVs7IuBePuhDGbG9NW38FyWYZg9onkLqP0HPfU7Ts4RmxhbM05RWVvbCK6uUWpKHiimZSRAEq2VTWbdsNmFSx57zBk+lJqViHhmQ0ijJl510fEnMtq0OGGKCdfPnqVctBRtR6cGI2WU8lD4HS55LbEeO9if1MTF461mv0I7pm/K1y30DId4QbJRSgA36C2mxj4bJQkEB2jtyBE8lWIkfTB13lD80VdxGy73NLpEgYTqKsCQcqQbRgPE81nty9Md/RscYeTFCA58BXa/Xu5NILOLBaSFm3r97h3+6PO8qzsG5ODP8iE4MLXv8v/bjoIP8Ma2PKyaLTserT3bFrRwIMluS4e0diSikMAJeLPYRuqeox5zYY71NPZxJzewScQXMqvk+tfaHbwivZ9tEA+0p3K539eGelsCVBO0POz7ioNe7jJrTXV41xT3coGBSnQthMQsOhRriTVmN2ObahXQ5d6jv4V45sFdhPn+eM+JMwxDf5ro97XLcUPzJukZCOfMwN3bZyYXmLOlJU7+E6MX5aPjv69v/Tu+v7m6GFx8vPw4/0GR7fHf/+x/Di1H7aHj16ePt9dVfw6sRnbSNFov126ryzZAc3YB1RtfP0tCGrvD4yuiTLqjdgjZVpC9BKI9vE+O86ZYWFPMgyM0wWPjqZthjupzyWH9f365qN70w+a1DqchYpXy/lQytNfbHNRKOxW9PlMITK0oFYVWgjZ9mptICXzhNwHCmOSjA0K30N20e45M9zOhTZucVNvMQ10woqWEKTxxAhAtbggllygITyyk8SefDngBsIR0+vacCtIRYZuq5Dp5yVjkfDjMmFYhpaYEbHc2J9GbGRrip/NRkU8v0HIKUEjVCsQJYag9WMxVAbMGkYjOFiIJ5NlUmVJlKs8rn6G7MoWCArjtGOY6pzFeOoCkT8phLnhOXm0oJfNeEOaMq6onWZGQ8N2auYGBLPrgwAia9gwGGWgHOsfle3+yGrIAFKHTqScY41gjAGCE1hb5IEhNprqTLB+RcLwkWs71XW3eU4UzJ7yBCOjjQvhmO2uLfBUsMBHgmlZscAJFMghIJJvmW9GwZKMZGMogdE9FfsZn4Kdtzb/Q02mNJwKBgdia9ZXZJHFhZG6CxO1NGz+uHL/kXikN8zjyJ5GY4VeNmAs/rR1SfyKDVa2o/hN3VrMoG57r7hGqWW01xeb1K4UaUxIKvrI5urAmmJPe+dOnpKY8HGAncFKfCcHc6N6ch3NzpL4h2YqG0gKEVShkO27ES9qf3Z5eMBfjc4OKyNOFdUDJ8ndLTN+wxT19g4cAumiVmZRVN6ap5nQ61KI3Uft1L0mEsp+S6BD36cLl9z97f/rndrjTGaqCDkBp5VGXBrMQKFeJ9l2PsE3XL6EPXYSnogFcWO3M6niQUO8Xtdk1YS9he8413Zplt8oRV2ibLJp091njvIiouS8bNnUnYmR5aS2ypr7FWZ6Y90OxxZ8/kaLJ64ZvSxRkmOAZFwUJ/bNa1h33dobipCx6ePPpIaiQaYmBVR9r4LRtzHKYO8Z8kNPg+HdPVasYc3Fu1XuPxQwW2dmMTFvi1TpotM3pBSIcAsX/UaS2F6dFtPdoek+2I2NXyGywPr9TrQkspOvb1rF/Hr7MI73Da4CG9kxGS2mL0BqPtjXPOofQHcSetcnJzfYez76zep4cnY0ote8ThhD1GRUzQLy7c8GxFFdPzKnRxGmniz/8ArQoKBg== +sidebar_class_name: "post api-method" +info_path: entityresolution-v-2 +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +CreateEntityChainsFromTokens + + + + + + + + + 0 && this.fqns.size() <= 20 && this.fqns.all(item, item.isUri())\n```\n\n","type":"object","properties":{"fqns":{"type":"array","items":{"type":"string"},"title":"fqns"}},"additionalProperties":false}},"title":"attribute_values","required":["attributeValues"]},{"properties":{"registeredResourceValueFqn":{"type":"string","title":"registered_resource_value_fqn","minLength":1,"format":"uri","description":"fully qualified name of the registered resource value stored in platform policy"}},"title":"registered_resource_value_fqn","required":["registeredResourceValueFqn"]}],"properties":{"ephemeralId":{"type":"string","title":"ephemeral_id","description":"ephemeral id for tracking between request and response"}},"title":"Resource","additionalProperties":false,"description":"Either a set of attribute values (such as those on a TDF) or a registered resource value"},"title":"resources","description":"resources to consider for direct entitlements (experimental)"}},"title":"CreateEntityChainsFromTokensRequest","additionalProperties":false,"description":"Create an entity chain for each token (JWT) in the request."}}},"required":true}} +> + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/entityresolution/v2/entityresolution-v-2-entity-resolution-service-resolve-entities.api.mdx b/docs/OpenAPI-clients/entityresolution/v2/entityresolution-v-2-entity-resolution-service-resolve-entities.api.mdx new file mode 100644 index 00000000..df5d939a --- /dev/null +++ b/docs/OpenAPI-clients/entityresolution/v2/entityresolution-v-2-entity-resolution-service-resolve-entities.api.mdx @@ -0,0 +1,71 @@ +--- +id: entityresolution-v-2-entity-resolution-service-resolve-entities +title: "ResolveEntities" +description: "ResolveEntities" +sidebar_label: "ResolveEntities" +hide_title: true +hide_table_of_contents: true +api: eJzNGF1v4zbyrwx4L1tAcbr7qKdLs94ixTUJkuwCh8RwaXEssUuRWpJy4hr+74chKVuyvN6k6MPlJfJwON9fnA3zvHQsf2RfPsBUe+nXcIfOqNZLo9ksY6ZBy+nHlWA5w4BidxiT1YdJvLa/dY92JQucBMgKw7FExzLWcMtr9GiJ44ZpXiPL2aXRGgt/dmuNN4VRZ1/QOuKeMalZzirkAi3LmMVvrbQoWO5tixlzRYU1Z/mG+XVDlHRbLwKml179gDTqtmb54/tZxgS6wsomaJyzj7iUGsFXCKuIDWYZfiZq0CRqLGOF0c6z/P12m430eZA1mtaf/e5Gmrxe8gGR7wrqI1YGUkPt2HY7i9ZC538xYk2MCqM9ak+fvGmULIJTz/90RGszlsgs/sTCk9MshUDwYL6JAZC+Eya3lq9JRY+1O0bBaLxZBo8PaRWKy3QjaZ0gh5q2DgUs1jC9u4eIArURSOY6KWw83QnkvJW6ZNuMrbhqj5xkbGlszT3L2UJqbteEK3DRlsfU4kJIEpCr2x5XCs3t9kenI4X3sf3YAWcUU4cWk6g9ZeJY9D1JwplLwYaMOughr0TxCDesuVQXQlh07hTHgDfnCbHPdXgy5DygfoR769Beh4z6PmfCmYe063PdQ4ccdxRnlB8HujYV1mi5Om3cHVq05DBMd4cgBSyNBW958VXqEhbonxE1pJwErgVYdI3RDinGCu6xNHY9yIUOlo2kSbWLXV48TH+9ufvv/PP1/e308urT1fQjy/bg+8+//Da9fOiDptdfru5urn+fXj+wWd9osYp/N6yXXDk8VPh2Cu9u0TqjU+/4CYyFawJfG302PGL9uNj3hFrqq1g43vfFOWged9FwhyHUkZm9SexEGzg49FTcOzrgDZVTacFiY9Gh9qFKugnbknDDBhQA0YchhD78/DP9G/K6b4sixv4/WYDXd0P53lKNh+SMlaXUPwr7Dut01EfRQvBbU4fGlAKejQrim0Q+7ttNr7Hs2qhSjErJsK32ILsesIMsjFHIdR8UBeoBXlPzR4PEH1+oy/yxjyUHHMRa81oWXKk1EHEBoRfBcyWLCgquYYGA0ldonzSQPhlwiHrQV5SfvpLc9GmxaK2TK6TjtvCRZkbJyJ80KOlCmAeom8AFTTCiLdDuoCAd4EuDhUdBWRASQ2OafBw+aVhxK7n2dH/hUBfhkOt1dwBSCwpqdMA1oLXGTp70k4aHCuG3+5vrg6QKFbKzkXQRJQgz6UVeaUypcBJGrkW7nAT82JYHtr4Pih8YO1qjtShAcM87s9DQJp2nwmyWsJSohHvSyQU1b8gA3/GTm8CVBmdqBMV12fISXQYd9ycNtSwrTz50bdMY6+PgwkFzT/4ZmmACn4wFfOF1o5CGtycNSStd7hmAkl/JhDuNyFw7SiiAk8mfNMQwnQSLC/RcKhc9yP2h8bklFGK2CB4vMYXcs/RVSN1g8k6N2M6qvdavcG3nks63SboTzo03+o1in2/zJlQN8ry0WPjQGRTW5Oq/X/6491YuWo8hrj5906eq4A55HmJhvvymQ2ErXluD9wPojmS62299Hw/1e1tTTq+4vn1iBAgD2nhITQxcG0xCAd9IXTp4RwXASrrB1aBdR4vPsW/yQ7YRB/o4EPpcLChJqkMeowFk2NhOa344UKznB22bnZwo0vh1mkXo+wKXvFV+3N2nVOX+ud5e0KPmSACmChHe6dr4+dK0WtDQ0w2CBdcFKqTm3Oqv2jzHx/OKKynm3JZtCiOBXCipcY4vBaIIF/YEM8aVRS7Wc3yRLvi4QVtLR4/guUAtMT4fnGltQUQq3jofgEsuFYp5Y7EwOpqT6C1CCaQ3YOvnZjm3XJcYpJSkUR3qV5DVo9VchSO+4lLxhSJEqttzZcIE1Wre+opcTW0mGGDoDipHznPfOiBTZqmku8q0SlBRpsak2zr1PLOEx1SCbFNMLo3A2QgwoUSo0TleHvXNUIILELhCRU49W/KCynjohJAojEWSNCCXSrpqAhd6DfRIOXq1d0eZgiv5F1V+LYDinchQee6Lfx8sMUmNYHbiKPbAMC/sSS/WgWJ8IE5iyyX0H4fx/+ez+9BVl0Z7LnWYVrhdSG+5XYNDK5MBOrtzZXQZ+yKHf5M4qZ6m9uniCobgaVE0JnKq613o9aBQdWumrri8XqVwI0pi0bdWRzcmgjlU3jcuPz8vIoAioTD1uTCFOy/NeQg3d/4vQjsbllJ6/2xHU9d4w1ejrwwtChsTXmsN9xXL2fkb9obnY6oO7apbGrZWsZxtGsU9Rc1Ui8ZI7bejVJzGogk3DeqHj5+guwGf7/6TgWuLiuamziTd6SQkQBWlD5PtQsWoPuQYu0FqDOPTbVjCOZrM6V2dP84yRv3gbr+WSxIO12qPg73YQZ6kBOpXn5gl27CA3K+H+u+c4Rqnf7Jfseygsy0V46XpbyKOOG9kbRIu7VZztnpPGUwhUPPQANNmdOzZAZGdvh5fPHlEhvkqeHyTQunxLStolo1YzjIWnJs/ss1mwR1+tmq7JfC3Fm3yU+d3+rXNurUtuUZIRwfi+OzV27Kyd3dpWfAT7Dc4Q8W+4vr0jrpzd3DW61m/jt9gszzgtMMjemcPRGqPMZpv9jcuigIbfxJ31isRtzf3tJpapAV12OjmzPJnmjH4c1TENLvhOsA2rHuBsJxFmvT3P/eOzt8= +sidebar_class_name: "post api-method" +info_path: entityresolution-v-2 +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +ResolveEntities + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/entityresolution/v2/entityresolution-v-2.info.mdx b/docs/OpenAPI-clients/entityresolution/v2/entityresolution-v-2.info.mdx new file mode 100644 index 00000000..92ed3753 --- /dev/null +++ b/docs/OpenAPI-clients/entityresolution/v2/entityresolution-v-2.info.mdx @@ -0,0 +1,41 @@ +--- +id: entityresolution-v-2 +title: "entityresolution.v2" +description: "" +sidebar_label: "entityresolution.v2" +hide_title: true +custom_edit_url: null +--- + +import ApiLogo from "@theme/ApiLogo"; +import Heading from "@theme/Heading"; +import SchemaTabs from "@theme/SchemaTabs"; +import TabItem from "@theme/TabItem"; +import Export from "@theme/ApiExplorer/Export"; + + + + + + + + + + + + + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` + \ No newline at end of file diff --git a/docs/OpenAPI-clients/entityresolution/v2/sidebar.ts b/docs/OpenAPI-clients/entityresolution/v2/sidebar.ts new file mode 100644 index 00000000..f9dba388 --- /dev/null +++ b/docs/OpenAPI-clients/entityresolution/v2/sidebar.ts @@ -0,0 +1,26 @@ +import type { SidebarsConfig } from "@docusaurus/plugin-content-docs"; + +const sidebar: SidebarsConfig = { + apisidebar: [ + { + type: "category", + label: "V2 Entity Resolution", + items: [ + { + type: "doc", + id: "entityresolution-v-2-entity-resolution-service-resolve-entities", + label: "ResolveEntities", + className: "api-method post", + }, + { + type: "doc", + id: "entityresolution-v-2-entity-resolution-service-create-entity-chains-from-tokens", + label: "CreateEntityChainsFromTokens", + className: "api-method post", + }, + ], + }, + ], +}; + +export default sidebar.apisidebar; diff --git a/docs/OpenAPI-clients/index.md b/docs/OpenAPI-clients/index.md new file mode 100644 index 00000000..5068773f --- /dev/null +++ b/docs/OpenAPI-clients/index.md @@ -0,0 +1,9 @@ +--- +title: OpenAPI Clients +sidebar_position: 7 +--- +# OpenAPI Clients + +OpenAPI client examples are available for platform endpoints. + +Expand each section in the navigation panel to access the OpenAPI documentation for each service. diff --git a/docs/OpenAPI-clients/kas/kas-access-service-legacy-public-key.api.mdx b/docs/OpenAPI-clients/kas/kas-access-service-legacy-public-key.api.mdx new file mode 100644 index 00000000..f89530a8 --- /dev/null +++ b/docs/OpenAPI-clients/kas/kas-access-service-legacy-public-key.api.mdx @@ -0,0 +1,75 @@ +--- +id: kas-access-service-legacy-public-key +title: "LegacyPublicKey" +description: "Endpoint intended for gRPC Gateway's REST endpoint to provide v1 compatibility with older TDF clients" +sidebar_label: "LegacyPublicKey" +hide_title: true +hide_table_of_contents: true +api: eJztVk1z2zYQ/Ss76CHtDCMlOfJUjaNm0qaOx3Lag+NhlsSSRAwCLLCUrWj43zsLSrZsuU6n5x48trGffO/tAlvF2ESVX6prjOoqU5piFUzPxjuVq6XTvTeOwTgmp0lD7QM052cn8A6ZbnDzIsL5cnUBtPdkD33wa6MJ1q+h8l2PbEpjDW/gxnAL3moKcPH2F6isIcfxs/vs4KI18T6JieA8Q6DKd9194SESGAeObgD73poKpc+YQR+opgDcEqzf3Kf58cXZUFpT/UabFz+BcZEJ9SzVK4c6t8ZxbhrnA8H52UlxvlydfTxdLYvVxeL07eL8bXG6+H2pMuV7CqnUe61yQWq2qCqKcUVhbSqafaAGq81dLZWpHgN2xBQE261y2JHKFdrGB8NtpzJlBN+/BgriHquWOlT5VvGmF8/IwbhGZYoN24eh43iVqUCx9y5SlJg3r17Jr4fUrYbUospU5YU8FpcD1OZfo/htn6n9MOGfAfueAnQUIzaUCPky+X6Z7Tgk+HX18RQC9YEiOU6VJs9V8vwD7UBfhN/kOIVP0afPE744ex8zKAeGyMZaMdWDTV42wZ88AJ3+7KBFERD0Fp0IsiQI1Pk16dkBpI33jaVZHzz7cqhnBx2qcRxHAaDGwfIxuMsQfPgP0PryK1Us+giiKTYTgZXX9BQBdItdbynNp/Nc1H5wWqaU3NDJYYWuIktaZWpw187fuKSsNVqjCwzN0El38iGorXFU0G1FpFPAfcJMoQ2EelPQrYksmukpdCZG412hyZkUECj6IVSSpMUhcjqs0VjSRS/MOW0SPpnC0ofJ7gcufF0EdA2lLo18kbSVzLJXgkObTLhGY7G04qiRsbA+CXhwOHBLjgVf0sdrSoQXGXmIIFBmcNOaqoXY+sFqYR8dCGSwFnLB13C5Iz/01ezEa7o6OpipMVM7rX9/OBagaU1WSH1ZY2VcAyQa2U/LcUvGwdI11sR2Bgu3ET0/HXoQY32F1nwjLTIHGTBJI1vvsP1VQmKmidHYePWMCWpDVmcgM3SXutykjNNyTihM7t+X8WR9DNWYqQT7UyDWPnTIKlelcRg2U7FyaJ6qhXqSF9qzg6ocBpJR/WfrY6pOvGM0TlYFYCgNBwwbiBTMDoA97mi9a6Y7C+FnaQe4RYYpXUkx4ZTOfZ3+Pk7y3L5ZuI2S1vf2E+8cVQz75fLvPylFTJ0E4iG4icZdwhxa5j7m83k1HYgSKt/Nta/ivPHzJLc4/0HcXj7c3WkRpkHg1svl11DiHblVuZpfY5Sfok9XX3Gd7r5IYb2/+IZgVa62vUUWrvfvifFogJbTqoOPPTl5G+wj4NP5hwziULWA8e5D9tZZkm3rozS1xmBkeyQtPq447fDdOj+2julWjVQNwfBG5ZdXsptqn4S440deSI/blrIU4vTP+rUIuPeRO0z7f3ftHz8PHiTZ3l8j/z+4pgfXbvaZblm4Nk6ATVra7rR3uaPjkfquMpXUkF+q7bbESJ+CHUc5np5aokltoshEq7xGGylTEvjwcbZbWEqJKva6ElWMmWoJNYWUaQqUt2DPB1FHTwHJcjdB75YXahz/BuKfEF4= +sidebar_class_name: "get api-method" +info_path: kas +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +Endpoint intended for gRPC Gateway's REST endpoint to provide v1 compatibility with older TDF clients + + This endpoint is not recommended for use in new applications, prefer the v2 endpoint ('PublicKey') instead. + + buf:lint:ignore RPC_RESPONSE_STANDARD_NAME + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/kas/kas-access-service-public-key.api.mdx b/docs/OpenAPI-clients/kas/kas-access-service-public-key.api.mdx new file mode 100644 index 00000000..1003b5e2 --- /dev/null +++ b/docs/OpenAPI-clients/kas/kas-access-service-public-key.api.mdx @@ -0,0 +1,71 @@ +--- +id: kas-access-service-public-key +title: "PublicKey" +description: "PublicKey" +sidebar_label: "PublicKey" +hide_title: true +hide_table_of_contents: true +api: eJytVlFv4zYM/isC9+pLbn3004quNwwbsMO191QEASPRtq6y5EmU2yzwfx8oJ23StN0dsCcnIvmR/EiR2gFjm6C+g3tMsKogDBSRbfC/G6jlcHGpNaV0Q3G0mhaf88ZZ/QdtoYIBI/bEFAVgBx57ghrQtSFa7nqowHqo4e9MUdST7qhHqHfA20E0E0frW6iALbtT02mqngCbnn8cSoyOQcYfhxhhmlYVREpD8ImS6F58/CgfQ0lHOwhPUMNNLhRBBTp4Js+igsPgrC5ULr8l0dud+wybb6QluyEK8WxnL8MTye+ENyut72kLUwX31rynLOJpev7/VMYv++ygAjTGSrjoPh9F06BLNE1ibKjB7PicgOsYQ/z/0tfB0GvJ0CP2g6PSrj7wugnZG2la8rmXQ41ekyMDFWR/78ODL1Uf0VmzxtjmXqKTRNA462lNj5rIFINnwArQRUKzXdOjTSx1HSj2NiUb/NqQt8UgUgo5agHpMCcuhw1aR2Y9RNLBz3QK3ibEWR4yr0OzjuhbKlFayUjCKmLrmaJHV0Q4onW4caJokHHtQmmy7DFzR56FXyoEnJbjtiOVGDknJVRW6qGzulOpC9kZtSGFXgllakSXSYVG3bUhtI4WcdCLq2BodXawkCbrKSVsX63NaQSXytBITor6oUFtfatIekTtEc5Dsl5d+9bZ1C3Upd+qnN4wPbJxQaOz/5BR6I1K5FlguKOTfG4KEwtDjNal1Tsi1VhyplIhHkFvtgVRO0ueCwuz+n+38Sx9SdVUQaH9NRKbEHtkqGFjPcbt7GyT29d8vX5bOWaSq/q29GWproJntD5JU2DcWI4YtypRtHsCDryjC75VD5Y7heoXCUdxh6xmuA2lwlM5D035fQ6yOBpJ+zoMMXDY5GZx6bcnI+oqeE+a1WG4fH9KxWKOJBLn6Ocy7gFr1TEPqV4u9XwgnaBDvzRBp2UblqXd0vInUfsQaYgkrVVGGUyHSXjs73gn9sRdkNXZUukI5A5qWN5jWo4X8lkfze0KEsXxsD9zdFDDbnDI0gjX3gzBep7Obtf1PAfVXwP5218/qYOF+vrlz0qlrDuF6SnLg3RReroLSeIaMVoZLfO6eeFxHvD7WX8uncpaTKRztLyF+m4lg6sJpUsP+wbTWdjilmKa/4w/S3cPIXGPZTns9/QxlyfmTzeA6ZElKesFoZC22/N8t/c7XkAFL7heVVByr+9gt9tgoq/RTZMczy8CqYCxSUgx+61XgRievmj2dxdA3hZv6M8Plu/RHE/0Vs91EVanCjpCQ7HENhvIY2w4Rj/bs4Ly1IS/Xd/CNP0LBCp3ww== +sidebar_class_name: "get api-method" +info_path: kas +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +PublicKey + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/kas/kas-access-service-rewrap.api.mdx b/docs/OpenAPI-clients/kas/kas-access-service-rewrap.api.mdx new file mode 100644 index 00000000..320d441d --- /dev/null +++ b/docs/OpenAPI-clients/kas/kas-access-service-rewrap.api.mdx @@ -0,0 +1,71 @@ +--- +id: kas-access-service-rewrap +title: "Rewrap" +description: "Rewrap" +sidebar_label: "Rewrap" +hide_title: true +hide_table_of_contents: true +api: eJztWVFvGzcS/isD3sPZwEpu8yigwPliB03d1G7sNIezDJVajrSsuOSW5MrZM/TfDzPkyitLdhJc7q15yZrkDGc+znwzpB5ElMsgJrdiJYO4K4Rr0MuonX2rxIQGx6dliSFco1/rEsfv8d7LRhTC458thvhPpzoxeRClsxFtpE/ZNEaXrOTkj+AsjYWywlrSV+waFBPh5n9gGUUhGk9bRo2B1+mlRfU+6b5xK7QDmRC9tktRiKij4QFePcumzCKvL4TCUHrdkAFiIk7hp483kJbCvINYIZxduSs4OsPa2RCTv+AWcOWdW/CHCwFD0M4eQ+P1WkaEFXZTC2Sa9qgmcGruZRemFn5DTytB6cUCPdoSw2RqYQTr7+HI4FKW3fEEPgQMgJ90iNou4ebsDYQGS0jAgLYwADRJv4KjeWtWvewH24NDJ5Ahgsa76CCg19Lo/6ACGeCn68tfnmgUm80jbDsaRCGkUpogkOZqcBgLaQI+BbPfNjrwrAWOFJa+ayJIq8DjCC3/ecwurrALsHAeSqPRRpAcS2JD1viMpJhE3yIPhMbZkALh1Xff0X+7u1+3Sb74VuFWY5RKxoMre7S2a54D6mG7dC1Ni6IQzuLlQkxut0pta4zYFIO/6zn64UiO7cHI3DmD0g6HpPeyGw5sjT1sGQN79/QMf/+NzPwdPDYeA9oYQILqrKx1KY3pgJQrYGfgvtJlBaW0MEdAHSv0UwvkTwESkh/0leynr2w3fXosWx/0Gmm6LWPSWYDzIKcWjA6Rso1HwxhOKZpVW6LfjoKmpGmwjKiAAz2Cs0jzscKAUwtr6bW0keTngbKPJqXt+gnQVlF8YABpAb13fjy1Uws3FaZU2QKRiIDitcdI52xiY8Zi8xTLMxIl5WoCP3OqQx8vsNBo1NTCO6fQUzbm8IY24OMqbdnAtVatNHCBXeLbPkdDayJTWr/PNl3QRh27j142DaoL7F4iyrR2dp8Wz1bYiUIsnK9lpEjrIu7R5gHPgrZLg5CUQVaWefGgkysZhnuSr1/hYGbgq3ZudPkZB/PaWcOLs4O7Dl2cXv89ADYV1uilgSwCSQSyfVfn7yABs0P2b5yH89ejuQyoYFsjAxytsJuRUT9MBZaj7OxUHE8tXDYpIydwXjex47h6f32alfyb+HEoviP7IaRilXkzOmjQk11w/vrsRzZWLj1izaxqFfQsTNXtKewpvyh4Ey/mgvUinrxwts4rvyQ4UiHLEqAVhclCM10cDA5dE2/r2IskAw7EwU5d2GHCQuiIdfg8zzfO6LKjluZ5l9OamVZ73l7xzMAlqGUsK6rjBHcSHGsFC+9qHsqV90C/kEQx8LK3Z0nkYGmffdSxSluLhEJr4ldh8FiGdtFgDnyRLnjBUxjOaRRqDEEuqTCg7XuAhdQGiequEo+myRBlbMMPU0HTUzG18GNbSzvyKJWcG4SB+kzorKn1BKCkUj7sWnqjHvuG2zx2RxVx18WVDF/GjE9y5bO0mFuQRUuFMrmfSRBy54MK7nWs2J2eYxJHHkanQV/ryPi8djZKbVNwnJ1fHFK5T2Bk9hCofZeGkO0ic0ftwV890V890Tfsid71rY0MwZVaDsJXB7g4vYTEZXCE4+W4gD46wc2NXqbCuls/38kOypQbg0W9YM3H5Tw4OolMx9sGi9OqrlOehAlMxb9GPSmPLh93nIpkJMcTwTXY6M2vv3D5XPXNyyXH2Mv1hEp7uu/MUkgeKi1vn6kph4T/D+XlYtchbhGYl17sDdKKPWbk4Z7Ic2XYtkocQX0APHOP5pCnE+opEY5CotvjAvoyAke5RhzvkN5zfeVX3W05KilTUoPF+iDhv+eQGGze1+bDGtMNGGVZcfC3VmGGIoXqDhqXFvv0aNCzgLaMqPN6qa00/envuJ/6hP/ZdzJUGkPbhr30lf0FoNk2JQMAcot2uHcaLb1riUAzin4ADPlG7xxwevV2B4rcNa5f0cxj8zi1cE5Y7rvcc0TY0b/1pwdexq0HBx5F0i5fjR5L9QZQFu/0BoF79L5ga5t6DI4ifgtRuJB0ZnsvHue56flG7x2lU3gotfGTrBuD/BBoXZwtXGsVPQeibWsaLKUt0SARWGtX1t3TnUDbtTRazaRftkTCfPhSGW1xhp9KRMUCjwoLIQ11f92MH8IoWjjV091NodUs4DG41pekpJJtiDyYeswZ3Q6cTSdD+ubOp3nXxplbzLy0S2Qr6X7BtYGntY3orTQ8JddSG2pByWIZ5cw4flVqrWxjRYycbiB7bQKVx0R/QFAWuRUIlWuNom6Aqqlt61yo3QJul84tDY59U45fO4V3ewNcQXNXfehsnr5mKlyjoUMdLWRJkYbDvnzfJG3h3C6NDtUYTm1Hd6/DogMZ48r+OZHjljsGztSh+Ynxxwqj1CbcvTCV3kK4yXlUnd9i0xU39xG0/PNhnGb3+8TcbB4A8bGp11b6Lm02b5eH9nqhb9y8NPv0qLbdvLQg/VxHL303fKrtcZfG2WXPsf8gcxJLJXXzXM15PFfXfSXjQYHO58BPw/N2MT61u1T32llLJa0nly93KV0B2RKPsfX5ST0rnEAVYxMmJydlGqBIKF19olwZTpbuhMMtnPyNlo12O0wmwr1WcvtrQ42xcopv6fxk3chYiYk4Wclwsn514vt1AT09J/A9o/VGTMRDY2Sk4z+3qnHaxs3+xTaxH1w2aOlVppeAD+9/LiC0ZUWv6r1v/eyYI7lK9nBfPTf5teHJjonWM8Pvz242dB8JdC/QsROT27tCELG/f3y+zxY+9wvJIAOotgyvX/SzzlN/yd7+CUisvycxgrWWXEusrHEI/Y7sNlsifooEheZGiKF+yKdymzddv2IuZzV3hWCkJrfi4YEewD54s9nQ8J8t+ux0DyL9tSlEhVKh56Oka2xKKLRxdEMmbJN9vyDSZTBJUEvYxBfX3g2C6+ry+kYUYp5/06q5Wgov78kReZ+gcwwFHzSPPQgj7bJl9hZJJ/37L8JAxtI= +sidebar_class_name: "post api-method" +info_path: kas +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +Rewrap + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/kas/kas.info.mdx b/docs/OpenAPI-clients/kas/kas.info.mdx new file mode 100644 index 00000000..321d9123 --- /dev/null +++ b/docs/OpenAPI-clients/kas/kas.info.mdx @@ -0,0 +1,41 @@ +--- +id: kas +title: "kas" +description: "" +sidebar_label: "kas" +hide_title: true +custom_edit_url: null +--- + +import ApiLogo from "@theme/ApiLogo"; +import Heading from "@theme/Heading"; +import SchemaTabs from "@theme/SchemaTabs"; +import TabItem from "@theme/TabItem"; +import Export from "@theme/ApiExplorer/Export"; + + + + + + + + + + + + + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` + \ No newline at end of file diff --git a/docs/OpenAPI-clients/kas/sidebar.ts b/docs/OpenAPI-clients/kas/sidebar.ts new file mode 100644 index 00000000..9a3728ac --- /dev/null +++ b/docs/OpenAPI-clients/kas/sidebar.ts @@ -0,0 +1,32 @@ +import type { SidebarsConfig } from "@docusaurus/plugin-content-docs"; + +const sidebar: SidebarsConfig = { + apisidebar: [ + { + type: "category", + label: "kas", + items: [ + { + type: "doc", + id: "kas-access-service-public-key", + label: "PublicKey", + className: "api-method get", + }, + { + type: "doc", + id: "kas-access-service-legacy-public-key", + label: "LegacyPublicKey", + className: "api-method get", + }, + { + type: "doc", + id: "kas-access-service-rewrap", + label: "Rewrap", + className: "api-method post", + }, + ], + }, + ], +}; + +export default sidebar.apisidebar; diff --git a/docs/OpenAPI-clients/policy/actions/policy-actions-action-service-create-action.api.mdx b/docs/OpenAPI-clients/policy/actions/policy-actions-action-service-create-action.api.mdx new file mode 100644 index 00000000..848a5477 --- /dev/null +++ b/docs/OpenAPI-clients/policy/actions/policy-actions-action-service-create-action.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-actions-action-service-create-action +title: "CreateAction" +description: "CreateAction" +sidebar_label: "CreateAction" +hide_title: true +hide_table_of_contents: true +api: eJzFWG1vI7cR/isEWyB3xUq2L+mH7pdUtZ3CQHI2bF+B1lZ1I3KkZY5L7vFFtmLovxdDrqSVVta5QND6i7Wc4bzzmSFfeIC55+UDv7FaiSUbiaCs8XxccNugA/q6krzkTaIPIdOHme8O3UIJHJ47hIB5jRe8AQc1BnQk+YUbqJGX/NwagyIMbpwNVlg9+Ac6nzcow0teIUh0vOAOv0blUPIyuIgF96LCGnj5wsOyIUkm1tPEGVTQ3xCNJta8fDgbF1yiF041yciSX+BMGWShQrbI3MzO0mcrjTWtNF5wYY0PvDxbrYqeP/eqRhvD4Bff8+Ttlu8IedXQkLkKpgyrPV+txjla6MPfrFySImFNQBPoJzSNViKl8ORXT7Je+hbZ6a8oAiXNUcKDQk/U7OOGywenzLxjd6IXvIbnn9HMQ8XLD3/+ft/y2zaRjyaXBqNdrI4+sCkyMAx0U4GJNTolWNZRMNDaPikzZ9WyqdB4BkayaCQ6L6xDz6YxMGMDA5+CMlPOB2Yd0+ADExU4EAHdkN1XyHywDiWDjv4npTXpN9bVoNVvKFmwTNsndEyAx2H5aD5//vxoQqX8sIYgKvTvvvv3Awx+Gw3+dTr4y/jdj+X2azIY/6lDe//jH79730p4NHxV8BoDSAg56m38Nmv7MbtOP4CK7niGNExR+0OZXOtoOQoOUqos9WZHxGvJXYCOSJbvmmZb01greLV6TfQMtEcib8q8AxC3uWB3DvpDLqjxUYH79mShDJjBJ3YefbD1XqJDxTZGryM+fDQs7WxP/F0AI8Gta8Qz5VN1+dg01gWUQ74iV3ZRKS34xhqfQ/nh9JT+7Rp4F4VA7zN+/B6nMpt4iM8avJ4ltN3dIVJYjiW75eijTuNQQEDJu4nccHdz1y6OCRx31fs2uN3S36wdUVn0zG1xnN/djz5ejG4vJqPz+6vrj5NPH+9uLs+vfrq6vOBFj3pxeX77z5v7A5T729HHu1+u7vm4617Htq6Dm+UxIe6ui0oei67qu/l3NNRYUbIYlSQop7Kcgk9H7k3A+21QOV5HIp0cOQrd3e3iBELP5C2JeQxsumQe3QIde4cmqLBkT5VlLVPGV4fCOonJPQL6KFVguEAT3h9K7jPUjcY0iJzReTkbnp6efv/D6enZhzSLzAirAy+5hIADaoMUg9jIvhvt4iE3tqQjbrRM/0M3/o9I7ivrAusSvwHq+5LugosiUAONRn2NqJdMSYrmbMmAOfQ2OrEPxVv5G1TeAZnNIPlfGDIya+wHw9p0CjAswBfkr7eiDOHHVa0S/kucQdShj/KXzln3+2G8sPIgAHSLy9gwmdloJBXVGhkFGIE6gWc0X4x9ypP1ArSSE3DzWJN15AhIrQxO8FkgyrRhK7DgoB2CXE7wWflARdegq5WnCXki0SjM6JgzO8HnCqLPmD0DpVFOCMWtyeEkedPURqlJxTCxs4kDM8dkpSKPyKxEViagy6NPNLAApWGqiZEKZKJt6qTRQAwVJTh3it5cn6c+CNEzCmXBniolKqr0qGU7d1LIWDobNAE8zK2daxy6RgzPrcRxb2GYEdd7mB/MzV4pMokL1JTUwQwEjbJINcJaCX2TlGGXZq6Vr4ZsZJYs+le2dvZoK9rpleZjjyaQGBqIu+bfpUgMJQZQ2o+PkNhMoZZFGqQ3oqfLJFFohSYMM5AQ+7fLOFP3Q7UqWkg6EMQNOE6VAbfMyqZxfkjX4dOaBrNX8StfJvdGSGsCqHTHYOCmKjhwqSuoNgDruIO2Zp5hDNhfyRwWKlhD5xTzVSStt7fIvpBhB5jbPKQr5jTOhiOz3EWp9g66Bpe3u5R2ZEschuhMTmMrsGRVCI0vT05EXqBKELY+kVb4k7k9SeXmT/5AbANHExmVFrS9oUXC/hS+gewaQ2Xzg0Ga8RugyyE/OfZ+cLInI3fl/HgQneYlf2k0BCqQSyMbq0xY9U7dZcZHdt2gub/4ia13sE+3PxfMR1HRhXHt/Zo6TLVeZVsX4BRBTirgfY0Z+Nse0Keu0mXco4hOhSUvH8YFJ+i/3V7PWwu31+tt7Xenuc04kIKtzMx2x5vdOPaiQF60bx8lX5zRIaJE1GA6avfCvSNhc9YCPgcKk0p32JSGlzabD0dfg3ixq2Bc8BTf8oG/vNCY+8np1YqWv0Z0bajWoaevVbF+QaECkMoTQR7u+50HD/5u/d7wnm2Hs103vuDy+HNRi06c013m7arfpm/nkWdH04aP5A3uSdSWozdNbHeMhMAmHOUdd87kzfUd3YWm7VtRnUYN7uCJOjo8ZUfymJbOQFqjijTzmFofzzLp7z/TGRaY +sidebar_class_name: "post api-method" +info_path: policy-actions +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +CreateAction + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/actions/policy-actions-action-service-delete-action.api.mdx b/docs/OpenAPI-clients/policy/actions/policy-actions-action-service-delete-action.api.mdx new file mode 100644 index 00000000..0df25dff --- /dev/null +++ b/docs/OpenAPI-clients/policy/actions/policy-actions-action-service-delete-action.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-actions-action-service-delete-action +title: "DeleteAction" +description: "DeleteAction" +sidebar_label: "DeleteAction" +hide_title: true +hide_table_of_contents: true +api: eJy9V1tvI7cO/iuCzksLjJ1kL+k581Q3SYsAp7tB7D3AQWAYtMTxqKuRZnVx4gb+7wWlsT2OHe8uUDQvzogUxetH8pkHWHhePvA7q5VYsZEIyhrPpwW3LTqgr1vJS94m+hAyfZj5xuiWSuDwGjUGzGe84C04aDCgI8nP3ECDvORX1hgUYXDnbLDC6sH/0Pl8QRle8hpBouMFd/glKoeSl8FFLLgXNTbAy2ceVi1JMrGZJ86ggv6KaDSx4eXDxbTgEr1wqk1KlvwaK2WQhRrZMnMzW6XPThprO2m84MIaH3h5sV4XB/ZMVIM2hsHv/sCSb9d8T8iriobMVTBlWOP5ej3N3kIffrFyRQ8JawKaQP9C22olUgjP/vAk6/lQIzv/A0WgoDkKeFDoiapkj8cHp8yip7WSvOCVdQ0EXvIY0/e+1vebIK7Xu3v9PLnPevOCg5SKTkDf9XSoQHt8KfUq+mAbZo1elUyStC5u4wBGgpOsS1CmPDM2MB/b1rqAcsjXpMl+bqUD31rjs9Vvzs/pZ//NcRQCvc9Z8Hf4Nqt4jM8a/Filmtm/IZLZpyLScRzmTutQQHgRhy33zh0Pm8Mppfj+875zblKgE7E9O/FkcaBuV418PBl9uB7dX89GV5Pbjx9mnz6M726ubn+9vbnmxQH1+ubq/v93kyOUyf3ow/j32wmf9s3r6dY3cHs8pbr57nzfN/M3NASPKBmlPxWkhABz8MjXRQcRrwtM9HXBGwxA9/qe3Z4VX8kj4ZAUGIX+7e5wBuFA5R2JeQxsvmIe3RId+wFNUGHFHmvLOib2qLRmDoV1EpN5YBhEqQLDJZrw47HgPkHTakzt5ILq5WJ4fn7+9t35+cWb1FG2iCEh4IDAjHwQW3loRnd4zIwd6YQZHdM/aIaGOWp/rKo3NnUcrwHe69myBB3TG/uOsG0WwnxtXWB9IlXDd8DqOLgoAguWRaO+RNQrpiR5s1oxYA69jU4ge1ShZttXd/LZNmX7VbgdB75DkZHpAJzi1IVTgGEBPuOJTpIh/PRT64T/EiuIOhyi/I1z1v19GC+sPAoA/eQyNswqG42kpNogowAjUCfwjOazsY95PlqCVnIGbhEb0o4MAamVwRk+CUSZLuwEFhy0Q5CrGT4pHyjpWnSN8jTnzCQahRkdc2Rn+FRD9BmzK1Aa5YxQ3JrsTpI3T22UmlQMM1vNHJgFJi0VWURqJbIyAZ0BnUiwBKVhromREmSmbeqk0UAMNQU4d4qD6WxSI/MBQvSMXFmwx1qJmjI9asnmmPMjNizVBk0ADwtrFxqHrhXDKytxenAwzIjrPSyOxuZFKjKJS9QU1EEFQpkFQ8oR1kk4VEkZdmMWWvl6yEZmxaJ/5WrvjrYCtPoTJQMjmUcTSAzNen31x8kTQ4kBlPbTEyRWKdSyYNb1RM9XSaLQCk0YZiAh9q+ncaa+dNW66CDpiBO34DhXBtwqPzaPi2NvHa/WNJi9il95JXgxFVoTQBmfwN3NVXDgUldQnQM2fgdtzSLDGLCfSR0WathA5xx9nrLpvNsFDoUMe8DcxSEtCvNYDUdmtYdSm01iAy7fblK6kTVxGKIzOYydwJLVIbS+PDsT+YAyQdjmTFrhzxb2LKWbP/sXsQ0cTWSUWtD1hg4J96e2vQ2uwVDbvPalEb2FUPOSn53aAs9eyMhdOa+A0Wle8udWQ6AEuTGytcqE9UHV3WR8ZB9bNJPrX9nmBvt0/9+C+ShqBn5r/YY6TLleZ12X4BRBTkrgly9m4O96wCF1nVYqjyI6FVa8fJgWnKD/frdkdRpuhkb+toJ/v68u3w3e/3Tx0+Dd+8s3g/nbSgzeiP9cvq0uL6GCS6oCZSrbn3D2XXngCDKkW2JLvrwgCRSLBlIb6lbQFx7fk7Att4BPgTylTJq2XCr7HNCHk2s9L/YfmBY8ubh84M/PNOl+cnq9puMvEV3nrY336WtdbFZhygGpPBHk8dbf21z5D5vl8Ue2m8/2zfiMq9N7fwdQnNM68+1Pf9t7e9v63ktbPpI3mJCoHcfBQLG7MRIC23CSd9ory7uPY1qH5t3S36Rpgzt4pKYOj9mQPKmlMkhnz1yDWcTU/XiWSX9/Aah5S4w= +sidebar_class_name: "post api-method" +info_path: policy-actions +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +DeleteAction + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/actions/policy-actions-action-service-get-action.api.mdx b/docs/OpenAPI-clients/policy/actions/policy-actions-action-service-get-action.api.mdx new file mode 100644 index 00000000..7a07d330 --- /dev/null +++ b/docs/OpenAPI-clients/policy/actions/policy-actions-action-service-get-action.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-actions-action-service-get-action +title: "GetAction" +description: "GetAction" +sidebar_label: "GetAction" +hide_title: true +hide_table_of_contents: true +api: eJztPWtzGrmWf0XVu1Wx5wJ+5HETdmpmCWEyvnFsF+DUzgYvEd0H0LiROpLaCZPiv28dSd10NxhwkskmXs2XiaXTep73Q3wKNJ2ooPk2uBAxC+ekFWomuAquaoFIQFL86yQKmkFi+hvU9jcsXA/kDQuh8RK0bQhqQUIlnYEGicN+CjidQdAM2oJzCHX9QgotQhHX34BU9gPGg2YwBRqBDGqBhPcpkxAFTS1TqAUqnMKMBs1PgZ4nOBJPZyMDqZmOtwwNPJ0FzbdHV7UgAhVKlphFNoMXMGYciJ4CubHQRIzNn240krjRgloQCq500DxaLGor++mzGYhU11+rlZ3svvLSILcuVFuoGmGczFSwWFzZ0wKln4tojhOFgmvgGv9JkyRmobm/gz8VjvVpdUVi9CeEOqgFgsP52NxXIvHeNQOFcCwqQCstGZ8U1s+ioBaMhZxRHTSDNGVRsFhUupf3+RYbrvAMy3PYE719FtNfC2b04ynwiZ4GzePHD6vnZNGPICyZpUqTERDKCY2TKeXpDCQLiR25Rmgciw+MT8h0nkyBK0J5RFIegVShkKDIKNWEC02oMgc/ZlJpIiSJqdIknFJJQw2yQfpTIEoLCRGhhfk/sDjG+TmeTMz+gohoQWLxASQJqYJGc8DfvXs34HrKVGNGdTgFtffgf97S+l+t+n8f1p9d7f3aXP41rF/9VOjb//XfH+y7EQa8dOLuqIpnbpquEFcyoJxYuxZ5glpAo4hhC40vClczprGCBY5fJkrToBLBlb3A48ND/F/5QnppGIJSlnw+DynLaGJP2MC5jdCM5eyKzWGqtJhtwjUHsUqFiYSQaigjeA5dPHDXuAbRlaY8ojIq7iFv2zBlbWW5jq8FvX7r7EWr+2LYavdPzs+Gl2e9i0775LeTzougttL7otPu/nHRX9PT77bOeq9P+sFVcXuFtRU3mDcbrLozvyhv8yVwlDIQEWQfyNoiqumIKggWtd1Yw6IWzEBT/K54snnbKn5UsEICLqCli1+7xiHVK0tedhEFmozmRIG8AUn2gGum5+TDVBAHZHmBhFDICMz2kCmlEdMEboDr/XWX+5HOkhiMVD5CAjpqHB4ePnx0eHh0bARzznEjqqGOYgHPIE2i1W24xnXbWHZt2IYD+obbiOkIYrWOHWR7chC3ca3bseWGxqmZo3wQIrGDEDUVUpNiJ1LDBt5YHamnZRpqZPYpZ+9TiOeERXia4zmhRIISqQxRPugpyWddjk9ylL3jvC2eyR/Kibu9kHKi6bXZr0rNGb6mScL4pHhGVEo6R81Fw2ztod+RvHHdWks2SjW8Mcdd5NdZz9DeRHUbKGtbGQwxn5MZTRIjP/+D0GvaJIMAhW7H7tH8L4YZcL38cBBspfg7c6nJRi6V72vtZr98NY4RqoSGpSmWjdX15j2ZVvsVV3O3s9lRuauwJmVVpoRKbWiggBZGITaNqkZUmiRIs6M5WW65lerpGep0AyQGOoqBjCFytgyuafyeb1oSduOthprdQFXfuFldrW3GNUQwpmmsSco1iwl8RGWH6Rg7DFBZmo+EiIFyL7+8/Lp38qsWTCTl+m8WNalkm4Cwe0VURpEEpZAvUvKq1SOMoz4bwoBfdk+WpiO5oTGLyGX3lOxBY9KokQdTrRPVPDiIYCYaoZgdPNgnY4G2JESIfoWDUDBBoaQapEPDafanHV1pKrUxOYFH9iyrhmpuYtaMGEcDijKemau1W4Cxg0dExVRNQd1mZJpd/No8OCham8t/DwaDQf3q02HtydGiZHPuYU/jjh/t/7TXfIv//Mf+r3sHjZ+qpmstSNJRzMJXMC9SvW0cXsN8g1nUNNeH5zOlN2j0x5olMZBrmJOEMqnuYhjScAolu8y1VKe3KzNz2Jtb3jnjliEwwRuknUqJN55IGINEB8FN7pTajPfXMP8Cqklgo3mL3SVPytOjZ8e1YMZ41nBU3fHHx4fPSKt31jgizpBH9nnReU2A30AsEqiRVKU0jud4n9eb6fbaKBCFBTzcMn3LsSLnvMn4EQNJxkISRG68DSOw44lxJwkjQZyJfHhVMGgRYnWCay4+IAFOhGR6OiO49owuS1S99GwS4KGIIGoMOOkLS9I1VLQUaqxz5CDvpKLN48NHT9+ZhXZ7rTrqRBH5IK0a7jSUdxA2FYTJ8eMn8sjCdtoV0JrxSM2EBGJxTGWz0AjlGVWEA+B6NvgKXrV6w4vL56cn7eGrzh/D1unLYefs8nXFZ3AbVLfXGuJutoA8Onz2ZANIpz3sddoXx4+fdI+2gz18+mgXsMfHR92jsufiFVUXOWO5kwhc8pcBJy3DYgo0b/irmAGhSomQGdUiE3rm6sap1FOQGZqGuc6ZEwCS9xaxXHIxZXyo5GKyjWtcTBJmQm9UuB1Edd/XVBU3msqY1JcyXjEeguG1NFYCEU+ClgxukLExWvjy/5UY/XZSdI3sXKy50yKSuEbjpNuEbLXAqnV9gzAFz6RpHRo8qmKLcXxbZdAZmK9avSbZOznrd7pnrdMa6fyX/ddazTrzXp5fdtudYf+Pi07Vc1noycasNGcTIBUg9r76Irl5TdXlZmXymqrhOoUSjwLROzsHwBgaer5Jz5gjn6Pk4JgFYiwMracUCSsWfKJQT3dHv1WryKVbyZ7NG2+/o9bpy/PuSf/3qpxYthckQ7nRyYJlY6c9RNa/0vbw6aOVtsfHR8FK1K5nzX2ILDPOlq8aO2oeeBXbFaRt3Nmg28nmyagarnGV4L2evNiAKgWa7jG0Pl8ZxN4SoSnPayRMdeZX1KhJqii4DM80ChRi0Of6as6djBhwcmk1NRMDW7KF3MLawdFRHrotZjPBiXeEeEfI3+wIKemOMLdU6YjyTurjCk2TLkyY0nJeVAKdb+R23dPQjYVyZg4sHZwNcqmAZKRuyAtoZHmgl4NeDno5uEEOIsWsUBQeiBRCt0H+rS7Lu4VOdvLllAdEt4zlxiTEdY0x2eLugjeT6bnobXjZ62XvN5C97QLS7krrSLjD0FBudVFdIUqEYEk/nKIXAJmPTJXegc19ll6cR1xJlqQi07hkYJu/b/8Mu4kRPxukUr/fPXl+2e8Mu5enmWG86tS7Fax1ejo8/20jxNkfWyB+P+l0W932738YS9ygx2fz0CBkMkxjKvf2C+f7xmUL7IYPbgU+BPV9+858CMqHoHwIyoegfAjKh6B8CMqHoHwIyrvevOvtPrvefAjKu8G8G+xHDkHlzqkNIajvL7neS2Yvmb1k3hYUW5XKxaohLze93Px+5WbJ5sSoylZ78yavTdy2Th9E+I69Hz6I4IMIPojggwg+iOCDCD6I4IMIPojgXRXeVXGfXRU+iOCdId4Z8iMHEcymf6gAws7PZy3TV3ulT4rJrG6w4SwbrbpgB0AcgI9geLXAqwUVtcC+QGoU92/zqJ1/oMvL83v2QNdd3mncvWZjCyGDnO1Cqe5kC6RvvzTxGJEmxdXahq/6yOJm7peDreOBpbrCzFWDXlLsMEtF/pjfVK4FfK7ZgsOG1r4w9kqmZd0+VY18mLJwmvu2LCYNOElAlksivZHjmeJ3yBSrEd8i2Toq2uwqXCkTzEjE6RLkJRKPIlQWaDkioYhjsD9/gIRV/UoNeMEpYZ6TJzSjTUuOOFijpAZ1y1pMxfVZYdFftitF9ug1zVSytuBaini5iw5GggyYgWp3O/t4AAOujMxJ8V1899xqxs4cRykehn1Lv/KIrwpKPl7nkC2yPjGK2cTEGP5mPW7rO7rftMLbP47rH8f1YuY7FTP+cVyfVOSTinxSkU8q8klFPqnIJxX5pCKfVOSTinz00EcPf/TooU8q8o4Q7wi5V0lF/nFcLwe9HPSP45Z9Of5xXC9774/s/YEfx/3ih2F3C3ksw8hFDC20fr1Mpt0LyLVkkwnIb7b1lXSuZddXz+fyv8m+xnHjf5Pd/ya7l5j3L2z/dX+T/f8i/dbEKD/qL4mgllJv8c+tlBwz4HqzJWRhrDFUjHfeQTnqwvsUlG67HZa5I67zbslzv4s4UsQm15oRXQzR6EhLgUrGaTxmcYyRl6IPIztozwY9G7yHbDBb9XlOCH2r5O5sl+RK8c4Zh56OPB3dfzr63J868TTkacjTUO7l2Y18ilUHPvzqqef7pJ7tLlj3YkBbcAvVg9L1ZC8OhFn/UMHqTaGtIyFVpiSktzqiqfaxlSemvpDdAK8W+nyVKky33B58SbQp36st5foKA33BGG5HnY8aJKdxD7CMTMg321zI2cWB+3Co3Je5Y6BSa0MyAGOmUjJmEEf2wQ2CjggyjqnWwCEiHUt+XfRoKuDamrN7Kg2nhKoBJ2MpZoRFFwenL1oX+8bFnKBXUMiSbzlrW4dOgDPbgTM4W5EaV7zxqz7Uy+f/6rT7w9eti4uTs5fD84tOt9U/765Lyt0Me3K2FeTsvL8L2MnZsH1+1m+dnPVMWl3lVt/sGt/INztj/MT2HS02XLpT8krw1dOOmdJ4tKGYJVQyJbi99WU4V4LC4ius7EiSeO5K+AacbEGynfBmwEn24sl+Lbt2m7CKc+dIUopmZYRV9WRvIpYCEt7Nn/PTgLdIPiXWojGOxYr2VxbFmPycP01DqDarXu75QU5WBuDBgMfCJi//Qn7OFvQL+Tl7uSU7SncHv1Q8Qxk/qWKAK3k7X0Nmrmu4kdwcUJHsTLY+DaVQuTNrOfttxNc+P3txYkIQz8/PTzuts1t/V3ITZOtsG8R5txzaaJd4dgUtqodzt+tvFYp38bbzqdQqtlbPmiRS3LAIorXXOJxYAbORPPPymyUGFkqMlyswGm/r7AWJxYSF5UyPXCreLefq1p27FQRrWI8CvYqd3nb02u99sx13CW7fSe/zQW4f5PZc0XPFH5orZqtuZak8XzHqXU4TWk1Kw+RX14fvEc2YdpqZ000wo9uWZRSeR/RE6InwvhJh+SHRuxGj+zZ7AKhJWuRCxCycY6ETm5hnyTKYHug9tY+LpwXCy1NRBtzaxv9w1ImwoZiNGF8p4t36wGllWYpEkt3gWgzmxWDKWJ2b0aUTFk/kJWjLmbqgEsHVtnDZYmHu3Dw+g/hRXkxHSmNOu/J9UwaR4NM0Zl8Hfyqb3qjCKczoLu7CaK3eUCQHLvRwLFIeIRlkClWIRWCx0blSboruUc/kpkJ4SOUkNSkmuBEaxYzDED6GJiMFn7zKB8Q6fwk0mg/hI1PGijOXqfB1hWEEnLlyaVe/Ch+nNFVW1RtTFkM0ROWv4JqhI1NLgbptqodiPJSUT8Cs0tQe4LJMN+PW6WG66A1lMXqSccVU02EslLI9qZ7iPVsFc6V4w9TOaqpTRfAos7fq1FSkcWSKplGspLPMqTkmbydCTGJoyCRstEUEVysNDSsjlKKTtXdTNZgjsE83yPqYhgYvEUeIG2F1SYyTDp/ETE0bpMXnJFW3fFr4Bh1IMfsLSQzLqd3DEYjxxeX3zEk0ItCUxepqQ5d19daIkIWhnUPDZlc1LOtD8O1orLNy59JRbUp7ztk5sgRb0BXBKJ2sm2s9tWqZboh1YO9qDM7UrCsjjuSIaUmlkWPMHUB27hRLoVwZPPlP4xQzNVJ2uBFY55hpd2U3q4M0CqLE3UMihRajdNxo8XnVt8mRw2XMZfctmS/sSiToVHJ7jW7AJskq60PbgJiArwREIlQHE3Fg0E0d/BuC1WXJRxssMk5YtoJ0rubNQE9FhGl9QhmUoJiEFxwkRmY0nFrWsPBYjMRCOCgOYDUIZezfVMZBM/iUxFQjanR4lAjG9WKF3jqWM5LzBHj/xW8k+wLr5fANMxOPyPed9TYMlk/tQm+oZMhsbIpiZUbL8h33X+1dLNCWVBCmkul50Hx7VQuQ6bt8wucimrsVZlZm8HBMnz4eP3lUf/zPo3/WHz1+clwfPRyH9ePw2ZOH4ydP6Jg+QfzHN29K2ZKlc1w5CNyIewanGdwcmSInofSMGgFkDdLSfZU+z6kM8w7xmBi3j0AZardX+TbYdJVBrTD6VS0wh9t8G3z6hEbxpYwXC2x+n4J055SdO/61qAVToBFIc/sRM3HEaL1i8mkpbYO9rjPw98lSiyzvAYsfc5qqXyDRhSKuv8nfDHJMKQjQ87H71LvN12czEKmuv1bVmXI4HK/et09BZBArSsTyCyznS/RG2KsCNV6c99BzMhKRqQydGQ0jkPQDCnL6wW7E6pP2lRNs+xTElE9SI/ECOyb+97/CpYw4 +sidebar_class_name: "post api-method" +info_path: policy-actions +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetAction + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"Subject Mappings driving entitlement to the action"}},"title":"GetActionResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/actions/policy-actions-action-service-list-actions.api.mdx b/docs/OpenAPI-clients/policy/actions/policy-actions-action-service-list-actions.api.mdx new file mode 100644 index 00000000..0907943b --- /dev/null +++ b/docs/OpenAPI-clients/policy/actions/policy-actions-action-service-list-actions.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-actions-action-service-list-actions +title: "ListActions" +description: "ListActions" +sidebar_label: "ListActions" +hide_title: true +hide_table_of_contents: true +api: eJztWd1vIjkS/1cs38uutgNk9p54OjbJriLtTKLArHTKIGTsato7brvHHyQs4n9flW2goQnJnkb3lLwEXOX6dP3KLtbUs4Wjw0d6b5TkKzLiXhrt6LSgpgHL8NutoEPaRHqPJXov8Y3BLiWH3u/S+e3OgjbMsho8WBS8pprVQIf0ymgN3F/cW+MNN+riD7BOGk0LKjUd0gqYAEsLauFbkBYEHXoboKCOV1AzOlxTv2pQkg71PHJ66dUrokGHmg4fL6cFFeC4lQ1aSYf0GkqpgfgKyDJxE1PGr1kaabI0WlButPN0eLnZFB1/JrIGE/zFR9fx5O2WHwh50VCfuAoiNakd3WymKVrg/C9GrFARN9qD9viRNY2SPGaw/6dDWeuuRWb+J3CPSbOYby/BIbVhC6lZsmC9s7a1emzlXfzAMFjnJStZS98yQGoPi4OYJI6ClsbWzCeWnz+8qPGLJmPwxBvCjS7lIlgQREDJgvIkyiKyJNrEhC6lAPFFk4/sWdahznQHHkPaKOZRaRZEmBYEdGksB0HmK+LSaXd0U1BTlg7O+5FZ/okj18lsEMcm082moEwImVjvWyEtmXKA5K3eVjE+pMNBX9m7OS66uOAao11K2ofBAP8d2j0OnINzqTy+x6HL2DL2TAtmRWsDs5atsLw81O6UIKPhroxocyiSB+dN3drhvJV60cpS5uhWXWOBM59D3+Hex+txuzhFcDhU79quZBG7tTMqi465GcfoeDL6dD16uJ6Nria3d59mnz+N72+ubn+9vbmmRYd6fXP18N/7yQnK5GH0afzxdkKnbfdatrUd3C1PEXEOXZTiXHRl183fQGNfAUFCkALrTjDP5swB1lUC15cFRvqmoDV4hvvakd2tvYZB3AIaMPLt3XlxxnzH5D0pQkWGArDkB9Be+hV5qgzJTORJKkUscGMFRPeYJiwI6QksQfsfTyX3mdWNgtiHL7GgLnuDweDnfw8Glx9iK94hiGAeLrANYAxCI7pu5MVTbuxJZ9zITP9HNxSbgzpZ1buOkDheQrGXT8uSqRB1HAbCZMQlrjLWkzbxFZw9ljT2NvDYfIKW3wKoFZECo1muCCMWnAmWA3mSviI7rXv5ZHdk21WYwPs8aB8bMtIkwSfmKaeTM008+xoDsJWdMXa2K2n0N61dHWPlO+q+o+476r6j7jvqfi/UzZi1Kd7ywHqlmoK1oP3d6++QzDl763skPxpAkL05JG9GrIDnt2hFtjervGKKB5UrwFckP2rz8+ynrJ0Yu33YuS+a3NRNrB7QRBsNxELNsGJKD5Zkp9GFlAnjmTprcOJ41dQJshFugvY4MMCkWyBKOv8/v9HSQ+vVR1osqOh99y12Y62x3+8lxo042Q/aWKONn5UmaIEYs22UnGkOKvbSoL9q85TGO0umpJgxuwg1WoeOMKGkhhk8cwARN+wFFpQpC0ysZvAsnY8zJbC1dDimmQnQElKzTIU+g+eKBZdaeMmkAjHDpm50CifKmxub6CbgsZxZphcQrZToEZoVyXgubJpjBM2WTCo2V8iIeDFTJr53g2bBV5j6dHHoDJcmFRDnmQ+OYCgL8lRJXiHwBSXIHBJchJpEqMRz9LgwZqGgZxveuzICpp2FXmrAzuGJPpGbI2QiApagMKkXJeNSLwjgGSFZQtckqcmNXijpqh4Z6RUJ7oWtrT3KcKbkXyDirMRhwUkdR1Vt88cxEj0BnknlpmdIpJSgRIGFvhc9X0WJXEnQvpf6CrK/fowT9ThUmyJ3qBNB3BX/XGpmV0nZPCxO6TpdrXF88iIQpInmEfgZ7ZnULvZ6O5feMhsvCTIHYBt3poxeJIBk5D9oDvEV23bSObg0JMT1PMrsCum1EC/nIc4556HsjfTqoCNuB6FbcHm7S3FHssSCD1anNGaBQ1J537hhv8/TAp4Ebuq+MNz1F6Yfj5vr/wvZLixe0PFosXxVyEjY1nc4f67BVybNrOPsq2G+okPaPzfC7h+KSFe0NL8OVtEhXW+ngzdaNEZqv+nU3E1CR3LXgJ5c/7qfJ35++L0gLvCKMLfzfUvtxZNeJVOXzEoEnDSEPdKYYD93gC51E+fBDniw0q/o8HFaUAT+h/2EOFvYnfDmqexgP9gcYJSlLs3B/eQggp0AoAN58j6ky8t4zzHO1yzqyHPzw0AfCNjVmIdnjwGSOt64rUoWYxofz/4SQYsD+dOCxsAOH+l6jY+dz1ZtNrj8LYDNMdrGHL9tiu30HjMvpEOCOH37aw3b6Q8P+eH2I9nf3A69+Aqr8z9VZFCiFF+0b1f9Nn0HPzAcaNrxobyLCYrac3QuEfsdI86h8Wd5p61avL8b44t4nn+nqOMNg1r2hI2cPSVH0mU9Hv64tqaK6UWIHY8mmfj3N45+VYY= +sidebar_class_name: "post api-method" +info_path: policy-actions +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +ListActions + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/actions/policy-actions-action-service-update-action.api.mdx b/docs/OpenAPI-clients/policy/actions/policy-actions-action-service-update-action.api.mdx new file mode 100644 index 00000000..2549f99b --- /dev/null +++ b/docs/OpenAPI-clients/policy/actions/policy-actions-action-service-update-action.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-actions-action-service-update-action +title: "UpdateAction" +description: "UpdateAction" +sidebar_label: "UpdateAction" +hide_title: true +hide_table_of_contents: true +api: eJzFWHtvI7cR/yoEWyC+YiXb93AaAUGq2EpxwPkBWy7a2qpuxJ3VMscl90iubJ2j714MuSutHpYdIGj9j7Wc4XBe/M0Mn7iHqeO9O35llBRz1hdeGu34KOGmRAv09THlPV4GehcivRv5btDOpMDubZmCx7jGE16ChQI9WpL8xDUUyHv81GiNwneurPFGGNX5B1oXN0jNezxHSNHyhFv8WkmLKe95W2HCncixAN574n5ekiRdFZPA6aVXL4hGXRW8d3c8SniKTlhZBiV7/AwzqZH5HNkscjOThc9aGitraTzhwmjnee94sUi27BnKAk3lO+duy5LXa74m5FlFfeRKmNSscHyxGEVvofM/m3ROBwmjPWpPP6EslRQhhIe/OpL1tK2RmfyKwlPQLAXcS3RElWmLx3kr9bSltUx5wjNjC/C8x6sqfK9rfd0EcZHUDnteXKAnvIDHT6inPue9tx/ebQq8DD9A3Wt2WjlvClbnIjNazXvMYqlAoAuOwkfpvNTTmofRCfe6v/pgReU8myADzUCVOeiqQCsFi8olDJQyDyQhn5c5asdAp6zSKVonjEXHJpVn2ngG8cRMWueZsUyB80zkYEF4tF02zJE5byymbWXYg1SKztfkRSW/Ycq8Yco8oGUCHHZ79/rz58/32slveOBz6d6wH39kR+y33xh9dQvwIkd38N1/7qDzrd/591Hnh9HBT73V17gz+kuL9uanP3/3phZ6rykuBXpIwcd0qGOxXNv0/6kpCqNZi74/gxRMULldmdYcVXMkHNJUxuBerYl4Ll9moCokA9Y1NHWGsFrwYvGc6AyUw5YDIn79jDnMpLG73DGuAst40vAkW9rVSMPPB8P+WX/YH99enfWHg/Hg4vZ8fHtxczU4/fjLx8EZT3azDP45HFw8S70eXH3qnw74iKxqtGvj7nXEgWfdGWzedNl5bR4rYE7ZGK1MWWYsQ+lztM1lM5bdeNAp2CaPXfdeswso0IXddAs3Raxf1C5fkPLr8B4WXGm0izF/e3RE/9bVvKmEQOciEP8R8BY12sVnNF5moWyt7xDBlH1ZWXNsw3dpUZBLeDt0S+6VO+6axRFVmfXjXe37dm4u1/Yc+Xya3gz7F2f967Nx/3T48fJiI0M3qWeD0+t/XQ13UIbX/Yub84/D9cxs6dY2cLk8otL1u0vOupl/R00dCqaMKhDVRErlCTh8ddF5GQT355GwSAr0fXt3vTgGv6XyisQcejaZM4d2hpYdoPbSz9lDbljNFEuERWFsisE8qlVVKj3DGWr/ZldwH6EoFYaO7pjuy3H36Ojo3fujo+O3oalbFm26pB3qJ8gH9Z1dN6Ne3GXGirTHjAYI/ndm/B9LjsuN9axNfKH6bEq68bYSnnqASsuvFao5kyl5M5szYBadqaygtsHnbHnqSv6qLrdv4bIj/x2K9HXTp4BmdTgFaObhC/Lni0+E8P1HLQL+p5hBpfw2yg+sDYX1D8J4YdKdANBOLm38ODOVTimpGmQUoAWqAJ6V/qLNQxxRZqBkOgY7rQrSjgyBVEmNY3wUiGnYsBKYcFAWIZ2PQzNKSVeiLaSjUWOcopYY0TFGdoyPOVQuYnYGUmE6JhQ3OrqT5E2MjXRT+bHJxhb0FIOWkiwitQJZao9WgwokmIFUMFHEGDoZZUIlrTRUPqcAx0qxNSDFxhV85Ri5MmEPuRQ5ZXql0rp1JpexcDdoeLqbGjNV2LWl6J6aFEdbC92IuM7BdGdsNlKRpThDRUHtZCCoG0fKEVZL2FZJajbQUyVd3mV9PWeVe2Zra48yom7AqcV3qD2JoZ6+rf5N8EQ3RQ9SudEeEsskqjQJs8BS9GQeJAolUftuBBJifzmNI3XTVYukhqQdTlyC40RqsPN42KSa7jpr920Njdmz+BWn8s3pQHuQYUxiYCfSW7ChKsjaAY3fQRk9jTAG7G+kDvM5NNA5qee3sF6P49tCui1gruMQZvVJlXX7er6GUs0w34DL600KO6ImFn1ldQxjLbDHcu9L1zs8FHGBMkGY4jA1wh1OzWFIN3f4J2LrWOrIKLWgrg01ErbP23hEKdDnJr68hK6+BBqM+eG+h5jDDRmxKsdXmMoq3uNPpQJPCTLQaWmk9outWzeI+MguS9TDs19Ys4PdXn9KmKtETjNvY31D7YZcz6OuM7CSICck8OaJEfjrGrBNXYRXDYeistLPee9ulHCC/uvVO0etYdM08ncZ/PVDdvK+8+H74+877z+cvO1M3mWi81b8cPIuOzmBDE540xGu7km781u2Dos9Y+HLo92CwDcz7TZqPV5b3iZv1Y9VPT47JgkU8AJCratV3gjrmoTlnfb46CkcMsz2IdxPddbc7X2+48n6AaOEhzj27vjTE7XTt1YtFrT8tUJbh6QJMX0tkubJixItlY4I6e7+ovVCxQ+aR6I3bNUErpvxBef73/dqFOScZqbXH/2689Ze5dZOWvKRvM6QRK04trqW1Y6+EFj6vbyj1t2/uryhmWtSP+4VoaXhFh6oc4CHaEhsB8NdC2uUzXpahRLLo0z6+y+AsKI1 +sidebar_class_name: "post api-method" +info_path: policy-actions +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +UpdateAction + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/actions/policy-actions.info.mdx b/docs/OpenAPI-clients/policy/actions/policy-actions.info.mdx new file mode 100644 index 00000000..6a016c6b --- /dev/null +++ b/docs/OpenAPI-clients/policy/actions/policy-actions.info.mdx @@ -0,0 +1,41 @@ +--- +id: policy-actions +title: "policy.actions" +description: "" +sidebar_label: "policy.actions" +hide_title: true +custom_edit_url: null +--- + +import ApiLogo from "@theme/ApiLogo"; +import Heading from "@theme/Heading"; +import SchemaTabs from "@theme/SchemaTabs"; +import TabItem from "@theme/TabItem"; +import Export from "@theme/ApiExplorer/Export"; + + + + + + + + + + + + + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/actions/sidebar.ts b/docs/OpenAPI-clients/policy/actions/sidebar.ts new file mode 100644 index 00000000..5db9bab9 --- /dev/null +++ b/docs/OpenAPI-clients/policy/actions/sidebar.ts @@ -0,0 +1,7 @@ +import type { SidebarsConfig } from "@docusaurus/plugin-content-docs"; + +const sidebar: SidebarsConfig = { + apisidebar: [], +}; + +export default sidebar.apisidebar; diff --git a/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-assign-key-access-server-to-attribute.api.mdx b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-assign-key-access-server-to-attribute.api.mdx new file mode 100644 index 00000000..62294572 --- /dev/null +++ b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-assign-key-access-server-to-attribute.api.mdx @@ -0,0 +1,75 @@ +--- +id: policy-attributes-attributes-service-assign-key-access-server-to-attribute +title: "AssignKeyAccessServerToAttribute" +description: "Deprecated: utilize AssignPublicKeyToAttribute" +sidebar_label: "AssignKeyAccessServerToAttribute" +hide_title: true +hide_table_of_contents: true +api: eJztV0tvGzcQ/isEe2mBlRTn4bR7qpu4QJEWMWynF8MQZslZLWMuueFD9lbQfy+GXMmSJdsy2kMP9UVecvjN6+PMcMEDzDwvr/iZ1Ur07CQEp6oY0PPrgkv0wqkuKGt4yT9i51BAQFmyGJRWfyE78V7NzFmstBKfsL+0awBecNuhAzr8m+Ql75KGMaw1jO+VXaCbK4HjDPcJ+xMh0KdldNugHThoMaAjsxfcQIu85B+sMSjC6MzZYIXVoz/ReTK74IpsbxAkOl5wh9+icih5GVzEgnvRYAu8XPDQd4RkYlslyaCCfgYaTWx5eXW0J1S1MshCg2yepZmt0+eAxroBjRdcWOMDL4+Wy2LHn0vVoo1h9Iff8eRwy7dAHjU0ZKmCKcNaz5fL6xwt9OEXK3tSJKwJaAL9C12nlUjZnXz1hLXYtchWX1EESpojLgSFPp1dpfNBotPJwfa1zPQG+ykkqanPYg+dOF/ltDhUMRFybaUPTpnZRtzudSvCrK1rIfCSx5i+H1G+LPjNtj9Pa9nx62XalgUHKRWtgz7bcLMG7ZG2V4qeu1TnOcn8ScB/VgxWKpZk1/YVTAu+s8bnHL1+9Yp+trVdxGR6viz/DQr+z7TniMFfRsLMgadZuEwEklhD1GGXJqfOWffvkURYifviinfQdhpT3zQ2TGsbjaR+OfQDLsAI1KkgRXNj7G3uQ3PQSk7BzWJL1pEjILUyOMU7gSjTgXvAgoN2CLKf4p3ygdjfoWuVp34ylWhUOuDQ2+gEgTQQfUiLNSiNckqpsCaHk/Aq6/K+jWFq66kDM8NkpSKPyKy0rUxAZ0CnLZiD0lBpEpQQYKptuorRQAwNmqByune64GWDzAcI0TMKZcFuGyUa5hsbtWQVMjCMQsbmoCNSh7yaWTvTOHadGH+wEq93FsbE/ha9h9ne3GxbcMIkzlFTUkc1CGVmDIkjbEDYNUkZdmpmWvlmzE5Mz6J/5OjGGW0FUAGUDIxkHk0gGOqpm+ZfpEiMJQZQ2l8/scVqhVoWzLoN6KpPiEIrNCFFIYs/T+O8+zBUy4KnsO8L4royVMqA67OyKs726dp/W1Nlf7Rw5NFrO1UfrAmgjCdSgKtUcOB65tGpIQCruIO2ZsZuVWgYsJ/JHBYaCCzDVejzNEPrw8y1CzLeqI5DHtJAVsV6fGL6rcq1mthWxeVwl9KJbInDEJ3JaRwAS9aE0PlyMhF5gZggbDuRVvjJzE4S3fzkOxIbOSqrRK1UyqiR5kq4LraDBS2GxuZxO7X0DkLDSz45YPqeHDB95/6RR+/oNC/5otMQiDCnRnZWmbDcuYWnuV6yzx2ay4+/stUJ9uX894L5KBoGfh2N1e44cb/JbszBKSpBidAPNeZGMPSE3d1lGmU9iuhU6Hl5dV1wagXn98PtYOFzk8FWV+dvavjxXX38dvTu/dH70dt3x69H1ZtajF6Ln47f1MfHUMMx39uqDztKCVamtpszyU4ad4JNwRoeKCWfH9HdJSq0kFrf8Lw4INNbqBuj/8ufgUPFCHgXKLnKkE2JPIuBnleHPA558bzZ1wVPhCmv+GJRgccvTi+XtPwtohtyv+ISfS2L1YOKGC2Vpw25f7TZDML3q/HoB/aYhzfYP/16HMov5/TuO1z1Yfq23nxbmtZyhDe6JKh7iZ1x6f4ExbwLT8peb9Sfs88Xl7zg1fB0bNMsxR3c0sgCt9kRm/xLlzqtLbgGM4upt/OMSX9/AxOy7V0= +sidebar_class_name: "post api-method" +info_path: policy-attributes +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + +:::caution deprecated + +This endpoint has been deprecated and may be replaced or removed in future versions of the API. + +::: + +Deprecated: utilize AssignPublicKeyToAttribute + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-assign-key-access-server-to-value.api.mdx b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-assign-key-access-server-to-value.api.mdx new file mode 100644 index 00000000..cf2d8d96 --- /dev/null +++ b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-assign-key-access-server-to-value.api.mdx @@ -0,0 +1,75 @@ +--- +id: policy-attributes-attributes-service-assign-key-access-server-to-value +title: "AssignKeyAccessServerToValue" +description: "Deprecated: utilize AssignPublicKeyToValue" +sidebar_label: "AssignKeyAccessServerToValue" +hide_title: true +hide_table_of_contents: true +api: eJztV0lvGzcU/isEe2mBkRRncdo51U1coEiLGLaTi2EIb8g3GsYccsJF9kTQfy8eObIlS5aVokAv9UUeLt/bvrdwwQPMPC+v+JnVSvTsJASnqhjQ8+uCS/TCqS4oa3jJ32PnUEBAWbIYlFbfkJ14r2bmLFZaiQ/YX9rPoCPygtsOHdDFPyQveZfQx3CPPn4QdIFurgSOM9QH7E+EQJ+W0T0AduCgxYCO1F1wAy3ykr+zxqAIozNngxVWjz6j86RuwRXp3CBIdLzgDr9G5VDyMriIBfeiwRZ4ueCh7wjJxLZKJ4MK+hloNLHl5dXRDhfVyiALDbJ5Ps1snT4HNNYNaLzgwhofeHm0XBZb9lyqFm0Mo7/8liWHa74B8qSiIZ8qmDKs9Xy5vM7eQh9+s7InQcKagCbQv9B1WokU2ckXT1iLbY1s9QVFoKA54kFQ6Gl3TqF8FOB0a9A77U9vsJ9COjH1+chj5c9XsSwOEUgEvNfMB6fMbM1XWaYirNq6FgIveYzp+wmhy4LfbNqwX8KWPd8nbVlwkFLROuizNfNq0B5peyVoXwKd54DyvWD/POFX8EvSZzPV0oLvrPE5Ji9fvKCfTUkXMamck+K/pdr/jDqUUTmo+ym1TIyQWEPUYTvup85Z9+9FXViJuxyHd9B2GlOjMzZMaxuNpAY3FHIuwAjUqaJEc2PsbW4gc9BKTsHNYkvakSEgtTI4xTuBKNOFB8CCg3YIsp/infKB6Nyha5WnRjCVaFS64NDb6ASBNBB9SIs1KI1ySglnTXYn4VXW5X0bw9TWUwdmhklLRRaRWmlbmYDOgE5bMAelodJ0UEKAqbYpt6KBGBo0QaWk3u7wlw0yHyBEz8iVBbttlGiYb2zUklXIwDByGUscp9Z2NbN2pnHsOjF+ZyVeby2Mid4teg+znbHZ1OCESZyjpqCOahDKzBgSR9iAsK2SMuzUzLTyzZidmJ5F/8TVtTvaCqBqJhkYyTyaQDDUDNfVv0ieGEsMoLS/3rPFaoVaFsy6NeiqT4hCKzQheSEff57Gefexq5ZFLi27nHif+pUy4PosrIqzXbJ2Z2sq1U9WhjwzbYbqnTUBlPFECnCVCg5czzw6NThg5XfQ1szYrQoNA/YrqcNCA4FluAp9HkNofRiWtkHGa+VviEOapKpYj09Mz9er1mrUWhWXw01KN7ImDkN0JodxACxZE0Lny8lE5AVigrDtRFrhJzM7SXTzkx/o2MhR8yRqpVJGnTFXwlVLXWnQYmhsnpFTf+4gNLzkkwNG5skzI3NuDnlejk7zki86DYHIcmpkZ5UJy60MPM21kn3s0Fy+/52tbrBP538WzEfRMPD3nljtjhPvm2zCHJyi8pPI/FhibgJDP9jeXab506OIToWel1fXBac2cP4wkQ4a7mvz922av6rh5zf18evRm7dHb0ev3xy/HFWvajF6KX45flUfH0MNx3xn/z3sKgVVmdquDxdbodtyMjlpeE2UfH5E+UrhbyG1u+Et8Ex0NxDXZvTve6cN1SHgXaBgKkO6JLIsBipeHfJ648V+da8LnshRXvHFogKPn5xeLmn5a0Q3xHnFG/paFqsXD7FXKk8bcvegum78j6s55yf2lHU32O9/3g1llnN6mB0u+jB5G4+yDUn35whvdElQDye2xqKHG+TvLuw9e71WZ84+XlzyglfD265NMxN3cEujCdxmQ2yyLyVwWltwDWYWUw/nGZP+/gbd8cNF +sidebar_class_name: "post api-method" +info_path: policy-attributes +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + +:::caution deprecated + +This endpoint has been deprecated and may be replaced or removed in future versions of the API. + +::: + +Deprecated: utilize AssignPublicKeyToValue + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-assign-public-key-to-attribute.api.mdx b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-assign-public-key-to-attribute.api.mdx new file mode 100644 index 00000000..5c0d5bab --- /dev/null +++ b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-assign-public-key-to-attribute.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-attributes-attributes-service-assign-public-key-to-attribute +title: "AssignPublicKeyToAttribute" +description: "AssignPublicKeyToAttribute" +sidebar_label: "AssignPublicKeyToAttribute" +hide_title: true +hide_table_of_contents: true +api: eJztV0tv4zYQ/ivE9NICsr3ZR7bVqeluChTbYoMk20tgGCNqZHFDkVo+nLiG/nsxlOzYceK4QC8FmosjcvjN6+PMcAUB5x7yG7iwWsmlOAvBqSIG8jDNwLbkMChrfishhzaJjHEjMn6QviK3UJLGZ96rubmIhVbyEy2v7UYEMmjRYUOBHGtcgcGGIIcP1hiSYXThbLDS6tGf5LyyBjJQBnKoCUtykIGjb1E5KiEPLlIGXtbUIOQrCMuWkUxsiiQZVNAvQJOJDeQ3J9MMSvLSqZb9hBw+UqUMiVCTWPTSwlbpc0AT7YAGGUhrfID8pOuyPX+uVUM2htEffs+T4y3fAXnW0NBLZUIZ0XjoumkfLfLhF1suWZG0JpAJ/C+2rVYy5XXy1TPWat8iW3wlGThpjlkQFPl0dp3OT5Rg1/Zu1me3tNwz9XKduexYeCbcxhYfnDLzreg8aFOMWVnXYIAcYkzfzyjvMril5WHkW1r+M8xum5c3Ow6s1U0zwLJUfBT1xZa/FWpPjLDW/vztueyzCc9o42y8pKZ7fIPSgm+t8X3wX796xT+7nl5FKcn7nuv/M+i/zKA+1fASTTo2tcKowz4bzp2z7t/jgrQlPRVLusem1ZQak7FhVtloUhSGqg0SjSSd6BDNrbF3fbdYoFblDN08NmwdO4KlVoZmdC+JynTgATAD1I6wXM7oXvnAJG/JNcpz1Z+VZFQ64Mjb6CSD1Bh9SIsVKk3lrHUkrenDyXiFdf2+jWFmq5lDM6dkpWKP2Ky0rUwgZ1CnLVyg0lhoFiwx4EzbdOOiwRhqMoHjSykAu+m4rkn4gCF6waHMxF2tZC18baMuRUECjeCQiQXqSNzHbubWzjWNXSvHH2xJ072FMbO8Ie9x/mRudi04EyUtSHNSRxVKZeaCmCNiQNg3SRlxbuZa+XoszsxSRP/M0a0z2krU6i8qBZpSeDKBYbjzbZt/lSIxLimg0n56YEtUinSZCeu2oItlQpRakQkpCr34yzTudx+Hqssghf2pIG5qQ6EMumWvrIjzp3Q9fVtTAe8O7T5O1QdrAirjmRToChUcuqXw5NQQgHXcUVszF3cq1ALFz2yOCDUG0cMV5PuZg9eHyWgfZLxVEYc8pLGpiNX4zCxhu2at56p1cTnepXSit8RRiM70aRwAc1GH0Pp8MpH9AjNB2mZSWukncztJdPOT71hs5Kh1xNRKpQy6dSXcYfuh6bahUNt+Tk6NusVQQw6TI8bmyUFgT26xnpmj05DDqtUYmEPnpmytMqHbu5jnfQkVn1sy1x9/FesT4svl75nwUdYC/SZA691xug5178ACneKqlDj+WGPfG4Y2sb/bpRnUk4xOhSXkN9MMuDtcPkylg4VPzQQ7TRzeVPjju+r07ejd+5P3o7fvTl+PijeVHL2WP52+qU5PscLTTas8Upxzq0xltyeQvUTtBZWDMrwgclic8LXlZDeYut4w/x/M5Q7e5q4Hug+cA2UYMuV4NfDn5phnF2SHtE4zSBnNb2C1KtDTF6e7jpe/RXJDctbJ5q8uWz9VmHKl8rxRDhPCng+bWQC+Xw81P4iHOW3XN57tDr7LhpIJwC+q41Ufp2/nNbWjaSPHeKNrhnqQ2BtxHk6cSUltOCg73SoNF5+vriGDYniUNWn+AYd3PGbgXe+ITf6lW5fWVqDRzGPqx9Bj8t/fkLyORQ== +sidebar_class_name: "post api-method" +info_path: policy-attributes +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +AssignPublicKeyToAttribute + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-assign-public-key-to-value.api.mdx b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-assign-public-key-to-value.api.mdx new file mode 100644 index 00000000..f85a30da --- /dev/null +++ b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-assign-public-key-to-value.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-attributes-attributes-service-assign-public-key-to-value +title: "AssignPublicKeyToValue" +description: "AssignPublicKeyToValue" +sidebar_label: "AssignPublicKeyToValue" +hide_title: true +hide_table_of_contents: true +api: eJztV91v2zYQ/1eI20sLyHbTj3TT07w2A4ZuaJCkfTEMg6JOFhuKVPnhRDX0vw9HSY4d24kH7GlYXhyRx98d7373wTV4vnSQzuDSKCkaNvXeyix4dDBPwNRouZdG/5FDCnUUGfONyPhB+hrtSgocT52TS30ZMiXFJ2xuzFeuAkICNbe8Qo+WtK1B8wohhQ9GaxR+dGmNN8Ko0Ve0ThoNCUgNKZTIc7SQgMXvQVrMIfU2YAJOlFhxSNfgm5qQdKiyKOmlV89Aow4VpLOzeQI5OmFlTXeEFD5iITUyXyJbddLMFPGzR2N1jwYJCKOdh/SsbZO9+9zICk3wo7/c3k1Ot3wH5KihvpNKmNSsctC2885b6PxvJm9IkTDao/b0L69rJUWM6eSbI6z1vkUm+4bCU9AsMcBLdLS7olB+wgg52BrXFrfY7Jl4NUQsOQWWCLbR77yVernlkU6LJKzC2Ip7SCGE+H1EaZvALTZPo95i808w2YubEpnMmZLOY07+Jv9PXVNV6G3ku2PdJV9C226Tdra55WDXPAGe55J0cHW55ZCCK4d0ejDzcEpddSGGA1ooRM/Bt49TKi642mjXReX1q1f0s+uK6yAEOteR/39K/eco1cUfnuNOS/cpeFB+nyIX1hr77xFEmBwPORzveVUrjK1LG78oTNDRA31tB8G1QBW5EvStNnddT1lxJfMFt8tQkXV0EZ4rqXGB9wIxjwceABPgyiLPmwXeS+eJ+TXaSjrqDYsctYwHLDoTrCCQkgcKJVGAS4X5orYojO7cSXiZsd2+CX5hioXleonRSkk3IrPittQereYqbvEVl4pnigRz7vlCmZiGQfPgS9Se/IvRAbvhIH45z31wjFyZsLtSipK50gSVswwZ14xcxiKZqNvNlsYsFY5tLcYfTI7zvYUxpUKFzvHlwdjsWjBlOa5QUVBHBRdSLxkSR1iPsG+S1OxCL5V05ZhNdcOCO3J064wygiv5A3PGdc4caj8k07b519ET4xw9l8rNn9hihUSVJ8zYLeisiYhCSdQ+eqETf57G3e5jV7VJl8OHnLgpIJnU3DadsiwsD+k6nK2xqrdP7T4O1QejPZfaESm4zaS33DbMoZW9Awa/c2X0kt1JXzLOfiVzmC+5Zx1chq6bTGi9n5/2QcZbZbOPQxyuslCMp7qB7Xo1TF9DcTn9SvFEZ4lFH6zuwtgDpqz0vnbpZCK6BWKCMNUkN8JNlmYS6eYmP5HYyGJtkagVSxm0QyXcYfux+bdCX5puio5du+a+hBQmJwzVk6OgDu1qmKiDVZDCulbcE3cudF4bqX27l5AXXelkn2vUNx9/Z8MJ9uXqz4S5IErG3cYxw+44pkHZGb/iVlI1itx+rLHrCX172N9t44TqUAQrfQPpbJ4AdYWrh5m1t/DxgLDp6vCm4D+/K87fjt69P3s/evvu/PUoe1OI0Wvxy/mb4vycF/x80xZPFKdYSl2Y7VFkLzh7ziRn9O+KFFZnlKYU4IrHLte/Co7Gbwdrk9ce7z35XWqCi3Fd93yZnfIIg+SYxnkCMYLpDNbrjDv8YlXb0vL3gLYPxhBc+mqT4eFCFMulo428nwT27N/0fHgxTDgv2cOwtnsvGvCefKX1pRGA3lenqz5N387bakfTRo7wRjcE9SCxN8o8nJgKgbV/Una+VQYuP1/fQAJZ/0Sr4pwDlt/ROMHvuouYeL+YZXFtDYrrZYh9FzpM+vsbfpuL0w== +sidebar_class_name: "post api-method" +info_path: policy-attributes +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +AssignPublicKeyToValue + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-create-attribute-value.api.mdx b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-create-attribute-value.api.mdx new file mode 100644 index 00000000..bd0f0f49 --- /dev/null +++ b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-create-attribute-value.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-attributes-attributes-service-create-attribute-value +title: "CreateAttributeValue" +description: "CreateAttributeValue" +sidebar_label: "CreateAttributeValue" +hide_title: true +hide_table_of_contents: true +api: eJztPftzEzmT/4pq7qpI9rOdB5APfFu7ZxwvmyM4KduhjsM5I8+0bW3G0iBpAl7K//tVSzPjmfGbsPsBJ34hllrPfqq7pfnsaTpWXv2ddy1C5s9IQ2vJhrEG5d1WPBGBpJoJfhF4dS8yIDWagdQW0F2Q98yHWlMC1ZCVv6FhDF7Fi6ikU9AgcazPHqdT8OpeU3AOvq5eS6GFL8LqG5CKCe5VPMa9ujcBGoD0Kp6EDzGTEHh1LWOoeMqfwJR69c+enkXYE4+nQwOpmQ63dA08nnr1dye3FS8A5UsW4Qq9uncOI8aB6AmQewtNxMj8THojUdKbV/F8wZX26ifzeWVpPT02BRHr6mu1tJLdZ17oZO1EtYWqEMbJVHnz+a3dLVD6hQhmOJAvuAau8U8aRSHzDUaP/lDY1+flGYnhH+BrRJpE/GsGyrRNcYq0kAErLRkf56afgQ1Y4FW8kZBTqr26F8fmd3EhnRSv84p3b0hlQ8/3CS1N6adL4GM98eqnTx+v67LPMyIkpiWZxkqTIRDKCQ2jCeXxFCTziR2oQmgYio+Mj8lkFk2AK0J5QGIegFS+kKDIMNaEC02oMls/YlJpIiQJqdLEn1BJfQ2yRnoTIEoLCQGhpTl8ZGGIc+C4LSH7EwKiBQnFR5DEpwpq9T5///59n+sJU7Up1f4E1MGj/31Hq382qv9zXH1+e/BrffFrUL39KVd3+Ou/PzpMeuhz3NUpaBpQbfGbbGRWVt67K/MHDfucNMV0KjjJgW6mjpAOIVSrqCgdNYGoeDQImB3nutDFZrzPy5MVyWRJ0vF8vq7rEQ0VYHXGYiuEVMcyTUHYvEvGvt3S87wsoUyBigRXdmmnx8f4X3EB3dj3QSkrS74Gh5Y5aA0Y28i/K7h0DBzVAAQEmRglDZLEkCqDlYzE8yS2KNxGOFtnM68Y8aoi6heGWBSW55vVpOL7K85mv72xemF9h6a+3GWsrFSIqNSG5hZKmRjJbwpVhag4ioTUZDgjiyU3Yj1po+jqcwKcDkMgIwgSNY5zGn3gm6aE1YhVX7P7IkptSXm2thjnEMCIxqEmMdcsJPAJCZnpECsMEO7SAgFDIUKgu8iozRjzDS8HDZ1vnRQOqF6a76KKKDB7p0DegyQHwDXTM/JxIkgCZMW1BF/IAAxyUXfEAdME7oHrw8Xssn2ET3QahWBsqhNk7pPa8fHx4yfHxyenxqbKNGJANVRRf+MexFGwvIykcNUyFlUblpEA/Y3L+BeqATVBXshXbtEI5Z66Wsa+Rs6LOfsQQzgjLMDdHM0IJRKUiKWPKlxPSDbqov+FrpxXvLGkXOeXQ6WkM7QGNUxX7s/+UjGWbBMQVpeX2AgCCUqhXKTkVaNLGFeach/6/KZzsbCQ0FphAbnpXJIDqI1rFfJoonWk6kdHAUxFzRfTo0eHZCTQZIIAyS+3EQrGU+Ba1UiL+pP0p+1daSq1sayAB3Yvy/ZYZklViE85QeVIGU+tssoaYKzgAVEhVRNQ6+wos4pf60dHeYNq8Xe/3+9Xbz8fV85O5gWz6gBrans2OvzpoP4O//zH4a8HR7Wflq2zKB6GzH8FszzX28LBHcxWGP6RBB95um7Qh/szofdo24aaRSGQO5iRiDKpVghOweFqZM5fJRFK/QkEBflpS8rD25mZMSzmFjhn3AoEJniNNGMpEeORhBFItIPvs9PXZrq/g9kDuCaC6SaOwOrC8eHZyfPTijdlPC04Ka/409Pj56TRbddOSGKkofi8br0mwO8hFBFUSKxiGoYzxOfdZr69MwZEbgKPtwzfSERRckZJ5REDSUZCEiRuxIZR2OEYh+bCaJDkjHt8m7N6EWJ5gDsuPiIDjoVkejIlOPeULwtcvTjCE+C+CCCo9TnpCcvSFTS0FJApnaEEeS8VrZ8eP3n23ky0021U0SYKyEdJowiXYi2U9+DXFfjR6dMzeWJhW80SaMUcvKZCArE0ptJRaID6jCrCAXA+q/SY3QjvVaM7uL55cXnRHLxqvR00Ll8OWu2b14Obdve61bz47aJ17lXWQnW6jQGuZgvIk+PnZxtAWs1Bt9W8Pn161jnZDvb42ZNdwJ6ennROvNv88eYVVdeZYNlLBS7kS5+ThhExOZ438lVMgVClhM+MaZEqPYO6USz1BGRKpn5mc2YMgOy9x0Etk0P5M1lSeIuOlyL/S5gKvdHgTiDK676jKr/QWIakutDxinEfjKyloRJIeBK0ZHCPgo3RXMv/V2r079OiK3TnfAVO80SSFN7Ot5zdK54163qGYBYa0JYODB2VqcX4d6wxmBwwXzW6dXJw0e61Ou3GZYW0/tv+tdKyTiRS9+qm02wNem+vWyUplK9J+ywVpwMgFyD1vnqQ3ryj6mazMXlH1WCVQYlbgeSd7gPMSMN4NUjXHEe+xMjBPnPMmOtaTygyVij4WKGdnmz9Vqsi026F82xWuB5HjcuXV52L3u9lPbEoz2mGYmGiCxaFreYARf9S2eNnT5bKnp6eeEvu6a497kNghXE6fVXb0fJAVGw3kLZJZ0Num13ASCwrXCWI14vzDaSS4+kuw9PnK0PYm1XYvDiu0TDlkV9RYyapvOIyMtMYUEhBX+qryXlMb6ylhmA5sZCdsPZ2xu7rgXWOEOcI+TJHSMF2hJnlyoQp9zIfl3iadGDMlJazvBGY+EbW256GbyxUcsyBhYOzRm4UkJTVDXsBDawMdHrQ6UGnBzfoQeSYJY7CDZFC6CbIv9RluV/oZCdfTrFDdMtYaUx8nNcIA2n7K95Up2eqt+Z0r9O9f4PubeaIdldeR8Yd+IZzlzIhhCgwgmV9f4JeABQ+MlZ6BzH3RXbxIu/BVKOEicPCAdv8Xt8Mq4lRPxu0Uq/XuXhx02sNOjeX6cF42am3FqxxeTm4+m0jRPvtFojfL1qdRqf5+1tzEjfk8cUy1POZ9OOQyoPD3P6mKVS70UMyAxeC+rZ9Zy4E5UJQLgTlQlAuBOVCUC4E5UJQLgTlXG/O9fYju95cCMq5wZwb7HsOQWXOqQ0hqG8vud5pZqeZnWbeFhRb1sr5W0NObzq9+e3qzcKZE6MqW8+bO161dUGEb9v74YIILojgggguiOCCCC6I4IIILojgggjOVeFcFT+yq8IFEZwzxDlDvucggln0dxVAULHB+Gt7iPmLfUG0+HBgfoHZu3LpO3DFleLmLt5JemNffKNRZN5S+g9C72id9I3sbll+Mv+FYGzRrGHf2yKfijm6Wywyu3NNwS1UFwrCIKke+Gn9QMGyXMB1SYiVecmpu9zjYpGGvsbsHnh5I77KI1zJdLvwEH9gttaXUsTR1+joAX0kK2p90iA5DbsQgq+FfLPNO5oiDpKGA5W0XEOalKQARgxQMmIQBsmLgIJjQUi1Bg5BSpwdFCIKuDZHT3KgYn9CqOpzMpJiSlhwfXR53rg+RMTYRzqFzNNWVraKnABHth2ncKjpJYT2oLvB1r958V+tZm/wunF9fdF+Obi6bnUavavOKh/EZtiL9laQ9lVvF7CL9qB51e41Ltpdc4ooYfXNrin52WKnjF/YupP5BqQnmfYF+PJuhwxfiBwRX0wjKpkS3GJ9oQ8kKJTK6MiOonCGHiU9gT4nW4hsJ7rpc3KQiIzDSop2ez7HsTMiKVxCSRmrdBDdyCw5Itx8Ti1v0E993iDZkKikGAeFz23h/Q8xIj9nSpNQbZ/dzNb8KGMrA/Coz0NhfTW/kJ/TCf1Cfk6mTtKtTHDwS16Z5+RJmQISXXi1gs2SqsFGdkuA8mxnnJPUl0LZp0QLo69jvuZV+/yid3HVHry4urpsNdprb7xsgmy0t0FcdYpuuGZBZpfIorw5+6G/QXwRIg6Tt3azodQytZb3Gh/jvWeBfTx2CY2DsVUwG9kzizYsKNDqJUIl5GZgzliN9jkJxZj5xQNephX3MzHXrjyZgbdC9CjQy9TpHk90Z60f6vHErX4b6u9t962NGMZKi42upARi/SGvIA0y6IKf3xau8POjRyWgshCyzMo2DLnBQOs12ueNzvmg0TTSvWSSlWrPW83O2+veippep9Huvr7oFTVBbm4F0yAtNl7qB94Kf/nwB3WdVHRS8QeUiumsG35inu9jbnBixSbiKUEnRtM0vYO8qZHK1lU+76SORCCnTCeWWWKboBPLeqGn1k/kmNAx4Y/MhN2CV3Q/ZkzakqRxnTRI8vUVqhQbc3QCpDBd0AfqECdPc4yXOUP73J6N/5FwJ8L6YjpkfClnIT1FTFNHbnla6TE5x8EuIusisi4im4vI2g97GIHx9wREnA51OvSH0qH7xfi+VihOg5zuEQTIsb5taVLh0fuZm+04cYc+nMmzp9g2S78MbJUMLDzplmbJJeEEYqZqYzwJpjIr4EszRqzb2qR2mFSRNKCxfqgK+Thh/iRLK7SU1Odo1xRfo3P5JU4ofoNCsXzZJs+2CRftF/7opCyS2BL56EPWeZCLFJgbL+VWqs9z+WDmg3WEprxp2RE7qxXMoE7Riil59Eoi+mGrUuSA3tHUJGsKrqUIF6toYRK+ATNQzU7rEDegz5XROTF+eS/50lUqzhKJkt8M+7W+Ut5DIYqSyqNBXvSJYcjG9IF5BF/lE2YPHGK/xzXdd8ncd8mcmvlG1cxfaXu7+5zf8EUUd5/T3ed09zndfU53n9Pd53T3Od19Tnef00UPXfTwB4oeuvuczhHiHCE/1H1O910ypwedHnTfJSv6cooduu+SOd37Peve7/i7ZA/+JtduIY9FGDlPobnSr5fJtPvbnVqy8Rjk37b0pXSuRdVXz+ey2c6rVuCuermrXi5K7xTk9xul/4uvev0r0m9NjPKTfkgEtZB6iz+3snbIgOvNJyELYw9D+XjnHsZRBz7EoPBJHrPCorjEee6XPPe7CIPsTQjsMYkhGhtpoVDJKA5HLAwx8lJ6/8BMw8lFJxd/YLl4lTFCzxq5O59LMqN454xDx0eOj358PvrSr0w7HnI85Hgo8/Lsxj75Wwcu/Oq459vknjyR76Ie8h5jQx+NwkmzAyoSXG3tZW6WYK5s4HKLq2lJaV7ZS5JeTfAwwgsdhpuO/lDWKaj8CUzp9mMlpouu2tM8drnQg5GIeYBYTZ1vPqZOhMY/F3OTqopnWW7y6gZUjmNzMMOF0CBkHAbwyTfnOLwolnWI2bESaDAbwCemjKvcvPGgMCd5EABnSZJhkvUFnyY0VtYtOKIshGCAjsLci410aCKQ6AeN9UCMBpLyMZhZmogdTstUM27fQjRV9J6yEK/k4IyppoNQKGVrYj1BhrHOyKWQp8k401THiuBWpjc81UTEYWBSDdEFEU/Tt05H5N1YiHEINRn5taYI4HapoGZFolJ0vBI35UThAGzCs6yOqI8ZvIA0QpIelqfEOGnxccjUpEYafEZitaZprg2+KxmyPzGpF5MQk3RrPKXnp981O1ELQFMWqtsNVfYF2AoRMtd18s6h9UnULCcj+HYy1mmSYPkS89pgQSad8KUQmwYRwDAerxprNbdqGcN6AYK1y5rLZHoqI13lkGlJpRHLLNmAdN8pJhAkyaPkP03it8kssN0NwfpHTHkSrF7upJaTjAkeIim0GMajWoPPyk+ecnz4JBUuuy/JtLAzkaBjyS0akw7rJM1H9W0BUgLm1gbCV0djcWTITR39G4JVZeHpVm+eSsLCFq6Qq54xICYiQL+YUIY6KHqxvKPIvCpTy/x6qpY1NXk0zIejNV1abalMICWWoVf3Pkch1Ug3LR5EgnE9X2LGlhWb5CoC3jv/jaQtMAUFrwWaN4yzTUlra4YFJnbq91QylETW61ca0eqDRDUs187nGJRQ4MeS6ZlXf3db8VAjJC66FyKYJTM0eiNdMroIvccj+uzp6OxJ9ek/T/5ZffL07LQ6fDzyq6f+87PHo7MzOqJnXsZQuceCc7ZbptwN5vDmScFnWUbG0vZh/8l9lLp3f2KyDYTSU2p0mo2HrCOBQk8ZD6MvEPeZcXsxy8gSSx3vlie0TB34Uuyq8W4rnsFX/Z33+TMGbG5kOJ9j8YcYZLL1KSrx17ziTYAGIA1BBcw8Zx6sNtM/L7S7d9BJvKmHZGGEFVeFKUoZD1evkcl9EVbfZDd7Upx5GJXbfejdxuuxKYhYV1+r8kgZHPZX7dmE7RRiyWhZtMCkm0hvhL3Nsfz1VRejekMRmPytqbFoPEk/ouFAP9qFWCPQ3kXAMqRVPo6NhvVsn/jv/wAsUETA +sidebar_class_name: "post api-method" +info_path: policy-attributes +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +CreateAttributeValue + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Value","additionalProperties":false}},"title":"CreateAttributeValueResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-create-attribute.api.mdx b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-create-attribute.api.mdx new file mode 100644 index 00000000..753520dc --- /dev/null +++ b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-create-attribute.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-attributes-attributes-service-create-attribute +title: "CreateAttribute" +description: "CreateAttribute" +sidebar_label: "CreateAttribute" +hide_title: true +hide_table_of_contents: true +api: eJztPWtz27aWfwXD3ZnYvZL8yOO22k67iqKm3ji2R5I727W8CkweSagpgAVAJ2pG/33nACBFUk/HaW7iRb7EAg7e530OwI+BpmMVNK+CCxGzcEZaWkt2k2pQwXUtEAlIqpngJ1HQDBID0qA5SGMB3QN5x0JotCVQDXl5UAsSKukUNEgc5mPA6RSCZtAWnEOo6xdSaBGKuP4bSMUED2oB40EzmACNQAa1QMKfKZMQBU0tU6gFKpzAlAbNj4GeJdgTT6c3BlIzHW/pGng6DZpXR9e1IAIVSpbg4oJm8ApGjAPREyB3FpqIkfnpeiOJ6y2oBaHgSgfNo/m8trSePpuCSHX9rVpaye4zL3WydqLaQtUI42Sqgvn82u4WKP1SRDMcKBRcA9f4J02SmIXmMA/+UNjXx+UZiZs/INR4aBKPXjNQWItrVAkNAdEgB1ZaMj4uTD8HG7IoqAUjIadUB80gTc3v8kK62bnOa24PN3cc1IIp/XAKfKwnQfP4+dN1HQ54jn0EG5JpqjS5AUI5oXEyoTydgmQhscPUCI1j8Z7xMZnMkglwRSiPSMojkCoUEhS5STXhQhOqzL6PmFSaCEliqjQJJ1TSUINskP4EiNJCQkRoeQrvWRzjFDhuScz+gohoQWLxHiQJqYJGc8DfvXs34HrCVGNKdTgBtffkf69o/a9W/X8O6z9c7/3cXPwa1q+/K9Tt//zvT/ZdDwOOOyrT2O6o20Hze+0R1JZ23hFK0Or3uycvL/udYffytDPs/37RGXbOLt8OL896F532yS8nnVdBbT1Y6/R0eP7LRoiz37dA/HrS6ba67V9/D67nteCOxqnFSjdnKiWdIbFpmKpVWFRFm4RqDRI34B77G9SClLM/UzixwyAzmi8w1M1qBVB108/NHzQe8AWvJbY52Xs/AY6c5o5FEO0vMHcZbdXnw9sBX425ZlLbURfRbQqaRlTTIsrlZet2YIF2a9hOTG8gVqvYUzaGg6gFNIqY7fWi1MU6jmLWhjMvT024qRHX8Xy+rusRjRXMCxhQEXxdy4hLAuwqY2SGGq+3dD2vyj5ToBLBlV3b8eEh/ldeQS8NQ1DKSqnPwftzfCieLS3I983N2UaJwXL2b+RGcYhFYfWQ8ppMRH/G2VTHGgNHDQgigkIMJS2i9A1VcA+5Ve4yVZaEEiq1Of0CHzDS3RSqGlFpkgipyc2MLJbcSvXkDCl9wAlwehMDGUHktDSc0+hPvmlKWI1IHWp2Vz5SW1KdrS3GOUQwommsSco1iwl8QJRiOsYKA4S7tDiAGyFioHwH5rD5xEJDVlFLF1u7wiHVS/NdVBEFZu8UyDuQZA+4ZnpG3k8EcUCWt0kIhYzAHC6qCGnENIE74Hp/lWD8QKdJDEZlPkIyO2ocHh4+fXZ4eHRsVOZc64mohjrqaLgHaRItL8MVrlrGomrDMhzQF1zGv5AjqwnSQrFyC3Ou9tTTMg01Up6V0fGMsAh3czQjlEhQIpUhyjs9Ifmoi/5JjrLzWjCWlOtdlJAHcMVUsk1AWF1dYiuKJCiFfJGSN60eYVxpykMY8MvuyUKdQNHOInLZPSV70Bg3auTJROtENQ8OIpiKRiimB0/2yUighgERol9hIxSMp8C1apAODSfZT9u70lRqo4gAj+xeVtXuXPGokZBygmKKMp4pMbU1wFjBI6Jiqiag1unLZhU/Nw8Oiord4u/BYDCoX388rL04mpfUuz2sadyz0f53e80r/PMf+z/vHTS+W9bCk/QmZuEbmBWp3hYOb2G2wrhLJIRI001zfLg/E3qHJkysWRIDuYUZSSiTagXjFBzOR8bGrrBQGk4gKvFPW1Id3s7MjGFPbnHmjFuGwARvkHYqJZ54ImEEEpXGu9zC3oz3tzB7ANUkMN1EEVhd0va/P/rhuBZMGc8Kjqor/vD88AfS6p01johTl5B9XnTeEuB3EIsEaiRVKY3jGZ7n7Wa6vTUKRGECT7cM33KsyOn0GT9iIMlISILIjadhBHY8Npa4MBLEmWeH1wUFFCGWB7jl4j0S4FhIpidTgnPP6LJE1Qs3DQEeiggiYxgIS9I1VLQUkCmdIQd5JxVtHh8++/6dmWi316qjThSR95ImCS7FaijvIGwqCJPj5y/kkYXttCugNWOnTIUEYnFMZaPQCOUZVYQD4Hw22KlvWr3hxeXL05P28E3n92Hr9PUqM3UdVLfXGuJqtoA8O/zhxQaQTnvY67Qvjp+/6B5tB3v6/bNdwJ4fH3WPguuipfGGqoucsdxLBC74C1qfhsUUaN7wVzEFQpUSITOqRSb0zNGNUqknIDM0DXOdMycAJO972Ew5HyraSK7wGp1rZfqXMBV6o8LtIKrrvqWquNBUxqS+kPGK8RAMr6WxEoh4ErRkcIeMjdFCy/9XYvTLSdEVsnO+4kyLSOIKr+dbrOhaYNW6vkGYhQS0pUODR1VsMc4Qqww6A/NNq9ckeydn/U73rHVaI53/tn+t1KwdR+qdX3bbzo1V5kLFmqzPSnE2gPF43VL15kFy85aqy83K5C1Vw1UKJW4Fone2DzAjLeNfID1jjnyKkoN9Foix0LWeUCSsWPCxQj3dbf1WrSKXbiV7Ni/c4N08fX3ePen/uuTOzMsLkqFc6GTBorDTHiLrXyp7+v2zpbLnx0fBUgiiZ819iCwzzqavGjtqHngU2xWkbdzZoNtmNz8iywpXCZ7ryasNqFKg6R5D6/ONQezNImxeHtdImOrIb6hRk1RRcBmeaRQoxKBP9dUUnLWXVlMz7vwFW8gtrHt7QdtiOhWceEeId4T8zY6Qku4IM0uVjijvpT4u0TTpwpgpLWdFJdD5RtbrnoZuLJQzc2Dh4GyQSwUkI3VDXkAjywO9HPRy0MvBDXIQKWaJokw4WAjdBvm3uizvFzrZyZdT7hDdMpYbkxDnNcKQ1v0FbybTc9Hb8LLXy94vIHvbBaTdldaRcIehodyl7A0hSoRgST+coBcAmY9Mld6BzX2SXlxOb9k54WTRDKuJET+PMvfky/DQB4Xmg5DJMI2p3Nuv+lZ2yE5we7ETLflg2Vfs5fPBMh8s88EyHyzzwTIfLPPBMh8s88Ey7yT0TsLH7CT0wTLvsPMOu285WGYWvSFQ9vVdAVCpOfG31oj5m31BuQfst9xFVfWNDS3eVFeKm7u4jGGakylNEnNh4z8IvaVNMjC8u2PpyfwXg9FF84aD4F6uty0amd25tuAWqgclZuCqh2FWP1SwzBdwXRJSZa6L9JZ7XCzS4NeY3QGvbsRnuenjptuDh/gD87W+liJNPkdHD+jDrajzAa8U0rgHMYRayN+2eUezgwPXcKhcyzWoSUkGYNgAJSMGceTu6AmOBTHea+QQZcjZRSaigGtjepI9lYYTQtWAk5EUU8Kii4PTV62LfTwYe9FbyCJu5WWr0AlwZNtxBoeSXkJsDd0Nuv7ly//qtPvDt62Li5Oz18Pzi0631T/vrvJBbIY9OdsKcnbe3wXs5GzYPj/rt07OesaKqJzqb/e/c8q4uwN6NN9w6Pm10QJ8dbdjhrc2RyQU04RKpgTProtm8kCCQq6MjuwkiWfoUdITGHCyBcl2wpsBJ3uOZezXsmO39jmOnSNJKdKVEVbFEN1ILAUk3GynVjfouwFvkXxIFFKMg8I7PRhkEiPyYy40CdX2Kmy+5ic5WRmAJwMeC+ur+Yn8mE3oJ/KjmzrJttKdwU9FYV7gJ1UMcLLwfAWZuarhRnJzQEWyM85JGkqh7PXe0ujriK99fvbqpH9yfjZ8eX5+2mmdrQ2rbYJsnW2DOO+W3XDtEs+uoEV1c+53/C0SihjP0D3akA+llrG1utf5XeuVxzgcWwGzkTzzaMMCA61cIlRCYQbGxmqdvSKxGLOwbODlUvF+KubalbsZBCtYjwK9jJ3+hqa3tR7VDc2tfhsa3lvvWxsxTJUWG11JDmK9kVfiBjl0yc9vC1f4+dGjElFZClnmZRuG3KCg9Vtnr1rdV8NW23D3ikpWqX3VaXd/v+ivqOl3W2e9tyf9siQozK2kGmTFxkv9wLSJ1w+/te+5oueKj5ArZrNuhU49v4+6wYllm3hO7jgxmqbpLRRVjYy3rvJ5uzqSgJwy7TQzp5ugE8t6oafWT+SJ0BPhYybCXskrej9idG2Ja9wkLeJe8KNKsTFHJ0AG0wO9p/Zx8rRAeLkzdMCtbfwPR50IG4rpDeNLOQuZFTHNHLnVaWVmcoGCfUTWR2R9RLYQkbXveBmG8WUCIl6Gehn6qGTo/WJ8nysUp0FO7xEEKJC+bWlS4dH7WZjt2LlDH07kn/ZG67KnefHUnMuSc+EEYqZqYzzupHIt4FMzRqzb2qR2mFSRLKCxfqgaeT9h4SRPK7SYNOCo15SvvPn8Es8Uv0KmWH7W86pEto6K7hf+6GYk4nSJYvQh7zwqRArMjZdqKzXghXww84gsoRltWnLEzholNahb1mIqHr0Ki37YqhTZo7c0U8nagmsp4sUqOpiEb8AMVLvb2ccNGHBlZE6Kr+G65zQzduY4SnEz7Au6lbyHUhQl40fDIusTNzEb0wfmEXyWd1K/6O0z//ipf/zUi5mvVMz4x0/9fU5/n9Pf5/T3Of19Tn+f09/n9Pc5/X1Of5/TRw999PBbjx76+5zeEeIdIY/qPqd//NTLQS8H/eOnZV+Of/zUy97HI3u/4cdPv8TDn6UwchFDC6WfL5Np97c7tWTjsfl095dZ+lI616Lqs+dz2WznVSvwV738VS8fpfcC8tuN0v/NV73+Fem3Jkb5QT8kglpKvcWfW0k7ZsD1ZkvIwlhjqBjvvIdy5D4W3nYrLLNLnOf9kud+FXGUvwmBPboYotGRFgKVjNJ4xOIYIy+V9w/MNDxf9HzxEfPF85wQ+lbJ3dkuyZXinTMOPR15Onr8dJS947QbFd3l2dWehjwNeRrKvTy7kU/x1oEPv3rq+Tqpp4jknyoefL75V5wo5/PNfb65zzf3+eY+39znm/t8c59v7vPNfZ6dz7N7zHl2Pt/cOzy8w+NbzjfPY/Tf1DeEvGT2ktlL5m0Z8MtSuUDvXm56ufkVy82SzZnG294MK6WXGxzJ35LqgkoEV9uiDfO5WYERSLja8mI6Upqv8ThnpWGxCYor44o5+EPZ5GEVTmBKt4sfdPOt2tLi4XKhhyOR8giXnrHnEFXe2EjFlBsXI8o8bvwhQyrHqUngwoXQKGYchvAhND48fFAu7xC9mhJoNBvCB6aMzmDeglboSx5GwJlzDjlrHT5MaKqsMB5RFkM0RJ2i8GUnemP4NDrDUz0Uo6GkfAxmloav4bRMNeP2m0mmit5RFuPTXThjqukwFkrZmlRPkF5s0vKSYDCeAk11qghuZfYSpJqINI6MiwhTFdNp9k20EbkaCzGOoSGTsNEWEVwvFTQsR1SKjleeTdXBG4F1VMv6iIboeQXEEeJ6WJ4S46TDxzFTkwZp8RlJ1ZqmhTb4/amY/YXOWHQeOTc58vHi9HtmJxoRaMpidb2hyn4prkaELHTtvodkcxcblpARfDsa68y5U9qqTZcKcuaEL4pb9TWCm3S8aqzV1KplCuv5B9YuCy7joVOGucobpiWVhisztwHZvlNUs5zTj/yncdgb/ct2dwM2j9KUO5G+3EmjwBjdOSRSaHGTjhotPqt+Go3jA+kZc9l9SaaFnYkEnUpuj9F12CSZHzG0BYgJ6BONRKgOxuLAoJs6+DcEq8vSJ96CecYJS1tYZqmBUR0mIkINSiiDGBQDLcFBYh6eb+RqhmrkrYzpw0I4WO7NikhlYmipjINm8DGJqUZs6fAoEYzr+RIJdiyzJOcJ8P6rX0jWAtVzfDTQfOEw34qstmEQf2JnfUclQ/5jo1yVEa0UcAJhuXY+Rx+ogjCVTM+C5tV1LUA54BJ4X4po5mZo4kfFJ3mDpyP6/fPRi2f15/88+mf92fMXx/Wbp6Owfhz+8OLp6MULOqIvsidAC9RjBGEzaPX73ZOXl/3OsHt52ln71bbsotJV1sF1WePLVQJz4BhoLJkr1YNc2n8cwoUfm8HdkdG2hdJTyrMFr8ScUic51WOWMZ4R4zYEb7iPRaqr5bksIxV+g64y1HUtMMfcvAo+fsTQ16WM53Ms/jMF6U4swwD8Na8FE6ARSIOHETPfSI1W2+QfF6pAsNd1yso+WShs5QWh1ZcTfP0COUIo4vpvefjWccwgwOjL7kPvNl6fTUGkuv5WVUfK4bC/et965TOIJQ1n0QLtmERvhL0uMImL8x5eFboRkTGJp0b9CSR9j0hN39uFWIXRBpywDDGUj1MjjgPbJ/77Pw96HoU= +sidebar_class_name: "post api-method" +info_path: policy-attributes +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +CreateAttribute + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Value","additionalProperties":false},"title":"values"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the attribute. Use kas_keys instead."},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys associated with the attribute"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["rule"],"additionalProperties":false}},"title":"CreateAttributeResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-deactivate-attribute-value.api.mdx b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-deactivate-attribute-value.api.mdx new file mode 100644 index 00000000..ecab0e36 --- /dev/null +++ b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-deactivate-attribute-value.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-attributes-attributes-service-deactivate-attribute-value +title: "DeactivateAttributeValue" +description: "DeactivateAttributeValue" +sidebar_label: "DeactivateAttributeValue" +hide_title: true +hide_table_of_contents: true +api: eJztPWtz2ziSfwXFu6rYs7L8SOJNtFMzp8iajDeO7ZLk1OYinwKRLQljEmAA0InWpf9+1QBJkdTTcZJLcpgvEwNNoIF+orsB3XmajpXXeOddipD5U9LUWrJhokF51zVPxCCpZoKfBl7Diw1IneYg9Tl0F+Qt86F+AtTX7JZqyPve0DABr+bFVNIINEic787jNAKv4bUE5+DrvUsptPBFuPcGpGKCezWPca/hTYAGIL2aJ+FDwiQEXkPLBGqe8icQUa9x5+lpjCPxJBoaSM10uGFo4EnkNd4dXte8AJQvWYyr9BreCYwYB6InQG4tNBEj82c6GonT0bya5wuutNc4nM1qC+vpsQhEovdeq4WVbI95aZCViGoLVSOMk0h5s9m13S1Q+oUIpjiRL7gGrvGfNI5D5huq7v+lcKy7RYzE8C/wNRJNIg9oBgp7WVCAUVoyPi5gzQKv5o2EjKj2Gl6SmL/LWHcyIs5m8+9W8UzHrsGreTQIGI5Aw8sCPiMaKpjhSGXeMA0qFlxZrI8ODvB/ZUy6ie+DUpaKX2Jvbg2bf4ktLCM6Bo5CCAHBHUUaB1TTIVXgzWpeLoxm1HSUeWPtodjMaoaxVUz90hTzxiq+eU8mOF8Qm/vtjZXI1QOa/uqQiYKAaEFiKrXhublKJEbmTKOqEZXEsZCaDKdkvuRmoifnhPKgzwlwOgyBjCBIlSjiNPrA16GE3UhVlIcySW1LFVvbjDgEMKJJqEnCNQsJfEJGZjrEjky6gjkBhkKEQM1cEWiKu1acLW/bRDFfAg7c1MWv08YB1Qv4zruIArN3CuQtSLIDXDM9JR8ngqRA5CMLQyLBFzIAQ1zKCU0CpgncAte7c+zyfYRPNIpDMBbtEIX7sH5wcPD4ycHB4ZGxaLl6CqiGPdScuAdJHCwuI21ctox515plpEDfcBkhHUKolumgbE0pxCqNupoxrXabVTdCxHYQoiYoC8VO1Mtr9HZ1pK6Wia9R8hLOPiQQTgkLcDdHU0KJBCUS6QP5yPSE5LPOxyc5y85q3lhSrovLoVLSKdphDdHS/bm/VkwkWweE3dUlNoNAglKoFyl51ewSxpWm3Ic+v+qckihRmgyBUHJLQxaQq84Z2YH6uF4jjyZax6qxvx9AJOq+iPYf7ZKRCEPxEQJkv8JGKBhHwLWqkzb1J9mfdnSlqdSongjwwO4lMmMYTyhPIpDMJ/6ESuprkDXiU07QOFLGyWQaTwDV3nJg7OABUSFVE1D1Rp+/f/++z/WEqXpEtT8BtfPof8wqfm/s77+je/9u7v33wd7z6535v/v9fn/v+u6gdnw4K0Ds/r6DPfV7frT7y07jHf7zb7u/7+zXf9n9/T8f7aZ49Y3mi5NhyPxXMC1KvW0c3MB0icsVS/BRphuGfLg/E3oLJEpCzeIQyA1MSUyZVEsUp+BwMTKeb0WFUn8CQUl/2pbq9BYzM4el3JzmjFuFwASvk1YiJVI8ljACKSHIPNmN2vwGpg+QmhiidRKB3TUvop/OgI/1xGs8O3x+VPMixrOGw+qKPz09eE6a3fP6IUmdNFSfl+3XBPgthCKGGklUQsNwivS8WS+3N8aBKCDweMP0zVQVETtUpo8YSDISkiBzIzWMwQ7HODUXxoKkp4uD64KTixCLE9xw8REFcCwk05OIIO6ZXJaken54IsB9EUBQ73PSE1aka+hoKSARnaIGeS8VbRwdPHn23iDa6Tb30CcKyEdJ4xiXYj2U9+A3FPjx0dNjeWhh260KaI0ME00iIYFYHlPZLDRAe0YV4QCIzzI7ZjfCe9XsDi6vXpydtgav2m8HzbOXg/b51evB1Xn3st06/eO0feLVVkJ1us0BrmYDyJOD58drQNqtQbfdujx6etw53Az2+NmTbcCeHh12Dr3r4mnmFVWXuWK5lwmc65c+J02jYgoyb/SriIBQpYTPjGuRGT1DulEi9QRkxqZ+7nPmAoDivcEsF1eS66H58epd1niNR96y/EuIhF7rcKcQ1XXfUFVcaCJDsje38YpxH4yupaESyHgStGRwi4qN0cKX/6/M6Lezokts52wJTYtMkjZeYyRiHbPVPOvW9QzDzC2gbR0YPqpyS28CJHUG0wPmq2a3QXZOz3vtznnzrEba/7L/WupZpxqpe3HVabUHvbeX7YoWKvZkY1aaswlQCpB7Xz3Ibt5QdbXembyharDMocStQPbO9gGmpGmiGqRrjiOf4+TgmAVhLAytJxQFKxR8rNBPT7d+o1eRW7fSeTZvXE2j5tnLi85p78+qnZi3FyxDuTG1BfPGdmuAqn+h7fGzJwttT48OvYXAYNce9yGwyjhDX9W39DyQFJsdpE3a2bDb6frJqBosCZUgXU9P1rBKQaa7DE+frwxjb4i+lec1FqY68ytq3CRVNFxGZxoHCjnoc2M1F6mN6HNyZT01BCuohfyEtUWgozx0S0SR4MQFQlwg5CsHQkq+I0ytVKZCeS/3cUGmSQfGTGk5LTqBaWxkte9p5MZCpcccmAc46+RKAclE3YgX0MDqQGcHnR10dnCNHUSJWZAo3BAphG6B/Kohy/ulTraK5ZQHxLCM1cbER7xGmEi7v+HNbHpueuvO9jrb+w1sb6vAtNvKOgruwDeSu5DpFqIkCFb0/QlGAVD5yETpLdTcZ/nFecbVqBmjYZKwdMA2f6/+DLuJMT9rrFKv1zl9cdVrDzpXZ9nBeDGotxKseXY2uPhjLcT52w0Qf562O81O68+35iRu2OOzdajnM+knIZU7u4X9zYpXtuOHFAOXgvq+Y2cuBeVSUC4F5VJQLgXlUlAuBeVSUC4F5UJvLvT2M4feXArKhcFcGOxHTkHlwak1Kajvr7jeWWZnmZ1l3pQUW7TKxVtDzm46u/n92s3SmROzKhvPm9WLgqvxdEmE7zj64ZIILongkgguieCSCC6J4JIILongkgguVOFCFT9zqMIlEVwwxAVDfuQkgln0D5VAUImh+Gt7iPnKsSBafrKtuMCsZ3CbFsSWV4qbO38nyXxOIhrH5i2lfxB6Qxukb3R328qT+V8IxhfNP+x7G/RTuUZ3g0dmd64luIXqQkkZpN0DP+sfKFjUC7guCYkyLzl1F0ecL9Lw15jdAq9uxBd5hCtFtwsPiQfma30pRRJ/iYEeMEa6ovYnDZLTsAsh+FrIN5uioxnhIP1woNIvV7AmJRmAUQOUjBiEgVUFRHBsCKnWwCHImLODSkQB1+boSXZU4k8IVX1ORlJEhAWX+2cnzctdJIx9IlHIIm/lbcvYCXBmO3AGh5ZeQmgPumt8/asX/2y3eoPXzcvL0/OXg4vLdqfZu+gsi0Gshz093whyftHbBuz0fNC6OO81T8+75hRRoeqbbUvy88VGjJ/avsPZGqKnlfYl+Opuh0xp3FpfRDGVTAluqT63BxIUamUMZMdxOMWIkp5An5MNTLYV3/Q52UlVxm4tI7s9n+PcOZOULqFkglU5iK4VlgITrj+nVjfolz5vknxKNFKMg8LntvD+hxiRX3OjSag2WM/X/CgXKwPwqM9DYWM1v5FfM4R+I7+mqJNsK1Ma/FY05gV9UuWA1BZeLBGztGuwVtxSoKLYmeAk9aVQyqypNPsq4WtdnJ+c9k4vzgcvLi7O2s3zlTde1kE2zzdBXHTKYbhWSWdX2KK6Ofcjf5P4IkQapq+c5lOpRW6t7jU+g3rLAgiWknEwtgZmrXjm2YY5B1q7RKiEAgbmjNU8PyGhGDO/fMDLreL9XMyVK08x8JaoHgV6kTvd44nurPVTPZ64MW5D/Xv7fSszhonSYm0oKYVYfcgraYMcuhTnt41L4vwYUQmoLKUs87Y1U65x0HrN85Nm52TQbBntXnHJKr0n7Vbn7WVvSU+v0zzvvj7tlS1BAbeSa5A1myj1A2+Fv3z4g7pOKzqt+BNqxQzrpp+65/dxNzixahPplJITs2ma3kDR1ch067KYd9pHYpAR06lnlvomGMSyUejIxomcEDoh/JmFsFuKit5PGNNvSfpxgzRJ+tsXVCk25hgEyGC6oHfULiJPC4KXB0P73J6N/5ZKJ8L6IhoyvlCzkJ0ioiyQW0UrOyYXJNhlZF1G1mVkCxlZ+8MeRmF8m4SIs6HOhv5UNvR+Ob4vlYrTIKN7JAEKom+/NKXwGP0sYDtOw6EPF/L8Kbb12i8HW6YDS0+6ZVVyaTqBGFRtjielVO4FfG7FiA1bm9IOUyqSJTRWT1UjHyfMn+RlhZaT+hz9mvJrdK6+xCnF71ApVi/bFMU2laL7pT86mYikvkQx+5APHhQyBebGS/Ur1eeFerCEB4A55lQ2rTjiYPWSG9QpezGViF5FRT9sVYrs0BuauWQtwbUU4XwVbSzCN2AGqtVp7+IG9LkyNieRoLJfusrUWapRipuhTLlvpe6hlEXJ9NGgqPrEMGRj+sA6gi/yE2YPnOJ+j2u63yVzv0vmzMx3ama+pu/t7nN+xxdR3H1Od5/T3ed09zndfU53n9Pd53T3Od19Tpc9dNnDnyh76O5zukCIC4T8VPc53e+SOTvo7KD7XbJyLKc8oPtdMmd7f2Tb+wP/LtmDf5Nru5THPI1c5NBC65erZNr+7U4t2XgM8pstfaGca971xeu5bLXzshW4q17uqpfL0jsD+eNm6b/yVa//i/Jbk6P8pB+SQS2V3uKfG0U7ZMD1+pOQhbGHoWK+8x7OUQc+JKDwSR6zwrK6RDzvVzz3pwiD/E0IHDHNIRofaW5QySgJRywMMfNSef/AoOH0otOLP7FevMgFoWed3K3PJblTvHXFoZMjJ0c/vxx97q9MOxlyMuRkKI/ybCc+xVsHLv3qpOf7lJ4ik29jHgrgJ/nNimbptNkBFQuuNo40M8sw1zZwyeUVtaU0L+2lha8mgRjjpQ4jUft/KRsYVP4EIrr5aIklo8v2tUhhLvRgJBIeIGWzAJyP5ROhidEl3JSr4nmWm9q6AZXjxBzOcCE0CBmHAXzyzVkOL4vlA2KFrAQaTAfwiSkTLjfvPCisSx4EwFlaaJhWfsGnCU2UDQ2OKAshGGCwsPBqIx2aLCTGQhM9EKOBpHwMBkuTtUO0TDfj9j1E00VvKQvxWg5iTDUdhEIp25PoCQqNDUgupD1N1ZmmOlEEtzK75akmIgkDU26IYYgkyt47HZF3YyHGIdRl7NdbIoDrhYa6VYtK0fFS2lSLhQOwRc9yb0R9rOIF5BGSjrCIEuOkzcchU5M6afIpSdSKTwvf4NuSIfs3FvZiIWJaco0n9SL6XbMT9QA0ZaG6XtNlX4GtESELQ6dvHdq4RN1KM4JvZmOdFQpWLzKvTBjkGgpfC7GlEAEMk/GyuZZLq5YJrFYi2LtovUy1pzIaVg6ZllQa1czSDcj2nWIRQVpASv7LFH+b6gI73BBsjMS0pwnrxUHqBe2Y0iGWQothMqo3+bT67CnHx08y5bL9kswXFhMJOpHckjEdsEGymlTfNiAnYH1tIHy1Pxb7ht3U/n8g2J4sPd/qzTJNWE4OLNetnnEkJiLA+JhQhkMoRrO8/di8LlPP43uqnn9q6mmYD/trhrWWU5mkSiJDr+HdxSHVyD9tHsSCcT1bEMq2VZ/kIgbeO/mDZF9gOQpeETTvGeebk/XWjShMLPq3VDLUSDYCWJnR2oXURCz2zmaYoFDgJ5Lpqdd4d13z0DKk4boXIpimGGapC+/xiD57Ojp+svf074d/33vy9Phob/h45O8d+c+PH4+Oj+mIHqOQ4JWSUjCyursLe4FrSS+aNLzbQ1NGIJSOqDFUNtGxjq6l0XLhxEAfbhzj9taVURKW5O8WkVokuVdbPed1zTNEaLzz7u4wI3Mlw9kMmz8kINP9zOiDf81q3gRoANJwScDMe+XBcj/8bm66vZ1OGi7dJXMvq7wyrEHKBXTvEiXYF+Hem/zqTqrhPA/TbttPvd18PRaBSPTea1WdKYfD8fZ6tiI7g1jwSOZfYFVNrNfCXhdk+fKii2m7oQhMgVZk3BVP0o/oFdCPdiHWy7OXDbDtzgspHyfGfHp2TPzvfwGbfFko +sidebar_class_name: "post api-method" +info_path: policy-attributes +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +DeactivateAttributeValue + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Value","additionalProperties":false}},"title":"DeactivateAttributeValueResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-deactivate-attribute.api.mdx b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-deactivate-attribute.api.mdx new file mode 100644 index 00000000..978a94ff --- /dev/null +++ b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-deactivate-attribute.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-attributes-attributes-service-deactivate-attribute +title: "DeactivateAttribute" +description: "DeactivateAttribute" +sidebar_label: "DeactivateAttribute" +hide_title: true +hide_table_of_contents: true +api: eJztPWtz2ziSfwXFu6rYs5L8SOJNtFMzp8iajDeO7JLk1OYsnwKRLQljEuAAoBOtS//9qgGSIilZsuNMLskhX2IBDaAB9AvdDfDW03SqvOaldy5C5s9JS2vJxokG5V3VPBGDpJoJfhJ4TS82IA2agzSW0H2QN8yHxjFQX7MbqiGv82peTCWNQIPEoW49TiPwml5bcA6+rp9LoYUvwvo7kIoJ7tU8xr2mNwMagPRqnoQ/EyYh8JpaJlDzlD+DiHrNW0/PY+yJJ9HYQGqmwy1dA08ir3l5cFXzAlC+ZDFO0Gt6xzBhHIieAbmx0ERMzM+0NxKnvXk1zxdcaa95sFjUVuYzYBGIRNffqpWZ3B/zUid3IqotVI0wTiLlLRZXdrVA6VcimONAvuAauMY/aRyHzDcbuveHwr5uVzES4z/A17hpErdfM1BYy4ICjNKS8WkBaxZ4NW8iZES11/SSxPwuY93LNnGxWLZbQy49i75X82gQMGxMw/MCKhMaKlhgJ2WyMAUqFlxZhA/39/G/MhL9xPdBKbuBX2JZcmYwoOmsaIH0H7mqi5qhLhVTvzTEsrC6znlNRr1fEJvqWFPgKCAgILjlSIQB1XRMFWSIb+rQ1Fe7TBQERAsSU6nN7i9FEjGEbwpVjagkjoXUZDwnyym3Ej3rEsqDISfA6TgEMoEgFWKI0+RPvgklrF7UPEOU5S21JVVsbTHiEMCEJqEmCdcsJPAJSYrpECsyEg+WGzAWIgRqxopAU1y14mh52bYd8yVgxy1dbJ0WjqhewXdZRRSYtVMgb0CSHeCa6Tn5OBMkBSIfWRgSCb6QAZjNpZzQJGCawA1wvbvELl9H+ESjOASjUQ6QzQ4a+/v7T5/t7x8cGo2Sy4iAaqij+MI1SOJgdRpp4bppLKs2TCMF+orTCOkYQrVOaGRzSiHukm13E+YNDRMzRnkhRGw7IWqGvFCsRAm5QYJWe+prmfgaOS/h7M8EwjlhAa7mZE4okaBEIn0gH5mekXzUZf8kJ9lFzZtKynVxOlRKOkdlqCFauz4Pl4qJZJuAsLo6xVYQSFAK5SIlb1p9wrjSlPsw5Be9ExIlSpMxEEpuaMgCctE7JTvQmDZq5MlM61g19/YCiETDF9Hek10yEWEoPkKA5FdYCAXTCLhWDdKh/iz7aXtXmkqN4okAD+xaIjGG8YzyJALJfOLPqKS+BlkjPuUE1RRlnMzm8QxQ7K0HxgoeEBVSNQPVaA75hw8fhlzPmGpEVPszUDtP/sfM4tfm3t4lrf+7Vf/v/frLq53l38PhcFi/ut2vHR0sChC7v+5gTeOBjXZ/2mle4p9/2/11Z6/x0+6v//lkN8VraCRfnIxD5r+BeZHrbeHoGuZr7J5Ygo883TTbh+szozdAoiTULA6BXMOcxJRJtUZwCg5nE2N+VkQo9WcQlOSnLakObzEzY9idW+4541YgMMEbpJ1IiTseS5iAlBBk5uRWaX4N80dwTQzRJo7A6poX0U+nwKd65jVfHLw8rHkR41nBQXXGn57vvyStfrdxQFJzCcXneectAX4DoYihRhKV0DCc435eb+bba2NAFBB4umX4ViqKiO0qk0cMJJkISZC4cTeMwg6nODQXRoOkJv7+VcHSRIjVAa65+IgMOBWS6VlEEPeML0tcvTzBEOC+CCBoDDkZCMvSNTS0FJCIzlGCfJCKNg/3n734YBDt9Vt1tIkC8lHSOMapWAvlA/hNBX58+PxIHljYTrsCWiPjRJNISCCWxlQ2Cg1Qn1FFOADis06P2YXw3rT6o/OLV6cn7dGbzvtR6/T1qNO9eDu66PbPO+2T3046x17tTqhevzXC2WwBebb/8mgDSKc96nfa54fPj3oH28Gevnh2H7Dnhwe9A++qeKR4Q9V5LlgepAKX8mXIScuImALPG/kqIiBUKeEzY1pkSs9s3SSRegYyI1M/tzlzBkD23qKWizPJ5dDyoHOZFV7hubPM/xIioTca3ClEdd7XVBUnmsiQ1Jc6XjHug5G1NFQCCU+ClgxuULAxWmj5/0qNfj0tukZ3LtbsaZFI0sIrdAdsIraaZ826gSGYpQa0pSNDR1VqGcyApMZgesB80+o3yc5Jd9DpdVunNdL5l/1rrWWdSqT+2UWv3RkN3p93KlKoWJP1WSnOBkAuQOp98yi9eU3VxWZj8pqq0TqDEpcCyTtbB5iTlvEvkL45jnyOkYN9Fpix0LWeUWSsUPCpQjs9XfqtVkWu3Urn2bzw7j1qnb4+650Mfq/qiWV5QTOUC1NdsCzstEco+lfKnr54tlL2/PDAW/HO9e1xHwIrjDP0VeOelgduxXYDaZt0NuR2snkwqkZrXCW4ryfHG0ilwNN9hqfPN4awt/jByuMaDVMd+Q01ZpIqKi4jM40BhRT0ub6as1RHDDm5sJYaghXEQn7Cuoejo9x1W0SR4MQ5Qpwj5C92hJRsR5hbrkyZ8kHm4wpPkx5MmdJyXjQCU9/I3ban4RsLlR5zYOngbJALBSRjdcNeQAMrA50edHrQ6cENehA5ZoWjcEGkELoN8i91WT4sdHIvX065Q3TLWGlMfMRrgiGthyveTKfnqrfhdK/TvV9B97YLRHtfXkfGHfmGc1fCzUKUGMGyvj9DLwAKH5kofQ8x91l2cR5xNWLGSJgkLB2wze+7m2E1Mepng1YaDHonry4GnVHv4jQ7GK869e4Ea52ejs5+2wjRfb8F4veTTq/Va//+3pzEDXl8OzL0UaF5z2fST0Iqd3arvhXcuq1+Fcsq9+ElFyz7hr18LljmgmUuWOaCZS5Y5oJlLljmgmUuWOachM5J+CM7CV2wzDnsnMPuew6WmUlvCJR9e1cAVGJ2/K09xPzFvqDcA/Yud1FVfWMjSzfVmeLiLi9jmOYkonFsLmz8g9Br2iRDI7s7lp/MfyEYWzRvOPQe5HrbYpHZlWsLbqH6UBIGafXIz+pHClblAs5LQqLMdZH+ao/LSRr6mrIb4NWF+CI3fVJ0+/AYf2A+19dSJPGX6OgRfaQz6nzSIDkN+xCCr4V8t807mm0cpA1HKm15B2lSkgEYMUDJhEEYWFFABMeCkGoNHIKMOHsoRBRwbY6eZEcl/oxQNeRkIkVEWHC+d3rcOt/FjbH3IIUs0lZeto6cAEe2HWdwqOklhPagu8HWv3j1z057MHrbOj8/6b4enZ13eq3BWW+dD2Iz7El3K0j3bHAfsJPuqH3WHbROun1ziqjs6rv7+v3zyUaMn9i6g8WGTU8DCiX46mqHTGlcWl9EMZVMCW53fakPJCiUyujIjuNwjh4lPYMhJ1uI7F50M+RkJxUZu7Vs2+35HMfOiaQU6coYq3IQ3cgsBSLcfE6tLtBPQ94i+ZCopBgHhXd6MMgkJuTnXGkSqg3Wyzk/ydnKADwZ8lBYX80v5OcMoV/IzynqJFvKdA9+KSrzgjypUkCqC8/WsFlaNdrIbilQke2Mc5L6Uihl5lQa/S7ma591j08GJ2fd0auzs9NOq3tnWG0TZKu7DeKsV3bDtUsyu0IW1cV52Pa3iC9C3MP0PnM+lFql1upa44XnGxZAsHYbR1OrYDayZx5tWFKg1UuESihgYM5Yre4xCcWU+eUDXq4VH2Zi3jnzFANvjehRoFep093QdGetH+qG5la/DfUfbPfdGTFMlBYbXUkpxN2HvJI0yKFLfn5buMbPjx6VgMpSyDIv2zDkBgNt0Ooet3rHo1bbSPeKSVapPe60e+/PB2tqBr1Wt//2ZFDWBAXcSqZBVmy81I9Mm3j9+Fv7Tio6qfgDSsUM65afmucPMTc4sWIT9yndToymaXoNRVMjk63rfN5pHYlBRkynlllqm6ATy3qhI+snckzomPBHZsJ+ySv6MGZM25K0cZO0SPrAFVWKTTk6ATKYPugdtYvI0wLj5c7QIbdn47+l3ImwvojGjK/kLGSniChz5FbRyo7JBQ52EVkXkXUR2UJE1r7jZQTG1wmIOB3qdOgPpUMfFuP7UqE4DTJ6QBCgwPq2pUmFR+9nAdtp6g59PJPn9702S78cbJ0MLN0by7Lk0nACMajaGE+6U7kV8LkZI9ZtbVI7TKpIFtC4e6ga+Thj/ixPK7SUNORo15SvvLn8EicUv0GhWH7W87LEtikXPSz80ctYJLUlitGHvPOgECkwN16qrdSQF/LBEh4AxphT3rTsiJ01SmZQr2zFVDx6FRH9uFkpskOvaWaStQXXUoTLWXQwCd+AGah2r7OLCzDkyuicRILKntPMxFkqUYqLoUy6byXvoRRFyeTRqCj6xDhkU/rIPIIv8k7qV7195h4/dY+fOjXzjaoZ9/ipu8/p7nO6+5zuPqe7z+nuc7r7nO4+p7vP6e5zuuihix5+79FDd5/TOUKcI+SHus/pHj91etDpQff4admX4x4/dbr3x9G93/Hjp1/j4c9SGLlIoYXSL5fJdP+3O7Vk06n5qu3XmfpKOtey6ovnc9ls53UzcFe93FUvF6V3CvL7jdL/xVe9/i/Sb02M8pN+TAS1lHqLP7eydsiA680nIQtjD0PFeOcDjKP0i+DtdIZlcYl4Pix57ncRBvmbENhjGkM0NtJSoZJJEk5YGGLkpfL+gUHDyUUnF39guXiWM8LAGrn3PpfkRvG9Mw4dHzk++vH5KHvH6X5cdJNnVzsecjzkeCj38tyPfYq3Dlz41XHPt8k9RSL/XPXg8s2/4UQ5l2/u8s1dvrnLN3f55i7f3OWbu3xzl2/u8uxcnt2PnGfn8s2dw8M5PL7nfPM8Rv9dfUPIaWanmZ1m3pYBv6qVC/zu9KbTm9+w3iydOZNw25thRU46zpVH/p5UD1QsuNoWcVgszCyMUsIZlyfUkdJ8kSd1WBoxG6PKMu6YvT+UTSBW/gwiul0Foatv3bIWN5gLPZqIhAc4/UxE+2j2hkYzJty4GVHvceMTGVE5TUwSF06EBiHjMIJPvvHj4aNyeYfo2ZRAg/kIPjFl7AbzHrRCf/IoAM5SB1F6YodPM5ooq5AnlIUQjNCuKHzdiY6NrEaHeKJHYjKSlE/BYGlkG6Jlqhm3300yVfSGshCf70KMqaajUChlaxI9Q56xicsrysF4CzTViSK4lNlrkGomkjAwbiJMV0yi7LtoE3I5FWIaQkPGfqMtArhaKWhYqagUna7dm6qTNwDrrJb1CfXR+wpIIyTtYRUlxkmHT0OmZg3S4nOSqDuaFtrgN6hC9m90yKIDKXWVoywvot83K9EIQFMWqqsNVfZrcTUiZKHr9JtINn+xYZkZwbeTsc4cPKWl2nSxIBdQ+Kq4NWEDGCfTdWOt51YtE7hbhmDtqvIyXjplBKwcMy2pNJKZpQuQrTtFUyt1/JH/Mk57Y4PZ7sZgcylNearWVztpFIRjug+xFFqMk0mjxefVz6NxfCQ9Ey73n5JpYTGRoBPJ7TamHTZJ5kv0bQFSAvpFA+GrvanYM+Sm9v4Dweqy9Jk3b5FJwvI5YkWsesaEmIkALSmhDHFQDLh4e7F5gL6RmxuqkbcyRyDmw976Hq26VCaelsjQa3q3cUg1Uk2HB7FgXC9WWLFjhSY5i4EPjn8jWQs01fEBQfO1w3xJstqGYYCZxfyGSoZyyEa8KiNabZAqhtXaxQL9oQr8RDI995qXVzUP9UGazPtKBPMUwywI7T2d0BfPJ0fP6s//fvD3+rPnR4f18dOJXz/0Xx49nRwd0Qk9QtbAAGDpGFFd2JW1wLmkYcGmd3NgrGChdESNerLumDt2s9RRzo2YAYxrxrgNjxupYDf6chWf1Y32amuHu6p5Zumbl97tLYamLmS4WGDxnwnIdBWzXcFfi5o3AxqANLQRMPMN02D9mfl2qaa9nV5qTOySpUFVnhSeynJmrJ8jt/oirL/Lw6upNPM8jI7cf+j7jTdgEYhE19+q6kg5HPZXH1iveQaxYn0sW+A5I9YbYa8KzHt+1serPGMRmCNrZEwTT9KPaAHQj3Yi1qCzASEsu/VCyqeJUZWe7RP//S+veFWK +sidebar_class_name: "post api-method" +info_path: policy-attributes +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +DeactivateAttribute + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Value","additionalProperties":false},"title":"values"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the attribute. Use kas_keys instead."},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys associated with the attribute"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["rule"],"additionalProperties":false}},"title":"DeactivateAttributeResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-get-attribute-value.api.mdx b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-get-attribute-value.api.mdx new file mode 100644 index 00000000..867e0651 --- /dev/null +++ b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-get-attribute-value.api.mdx @@ -0,0 +1,73 @@ +--- +id: policy-attributes-attributes-service-get-attribute-value +title: "GetAttributeValue" +description: "--------------------------------------*" +sidebar_label: "GetAttributeValue" +hide_title: true +hide_table_of_contents: true +api: eJztPWt327aSfwXL3XNt58qynSY9rW63XUVWU28c20eSczYbeRWIHEmoSYABQDuqr/77ngFIiqSejpNs4kW/NAaGwAwwL8wMoDtP07HyGu+8CxEyf0qaWks2TDQo76rmBaB8yWLNBPca3v5W/z3pc/KGhgmQzkVL9fl2X+17NU/EICnOdRJ4DS82CNVpjlB9jlsX5A3zof4SdN5o5vRqXkwljUCDRLLuPE4j8BpeS3AOvt6/kEILX4T7b0AqJKvmMaRtAjQA6dU8CR8SJiHwGlomUPOUP4GIeo07T09jHIkn0dBAaqbDDUMDTyKv8e5oYSmPYcQ4ED0BcmOhiRiZP9PRSJyO5tU8X3ClvcbRbFZboKfHIhCJ3n+tFijZHvPSICsR1RaqRhgnkfJmsyu7WqD0CxFMcSJfcA1c4z9pHIfMN9t58KfCse4WMRLDP8HXuPUczkdmv2KJbKAZKIQbfeAFcKUl4+MCAdhd8yLGT4GP9cRrHNW8kZAR1V7DSyTzZrMq8Hx/35mWK1zU8qQ3yEnIg6snNiADFnjF+RLzd3n9hPkH2R0mo/oNDVlANdQFBzHaq2eokH8nyGv/IAcHpHd+fN4gwOkwxFVnitxOgJNbIBIicWN3IoBYgk81BGTEIAxKZBZQK9KaEXWF21aml60ldQsij3N8GiTRLGR/AWEBcM1GzDDcHGErVkV8F2S4Y3nKq3k0CBhOQcOLAsIjGiqoonDQ5wdztUMiUIqOQfX5QZ+3mZ6AJIkqrdwOC3bs8hEhieCAEriTrd4ONu6MPvCdGhkmmnChyVDoSaPP379/3+f/sjuhahc3qM6CPfK3v5F5QzbGHvnnP0neOvrA9/b20s9zpFhx9uxDbBp94CRKlCZDIAp0Nm9p1uLwqyfNp/RmuO5lBWcaVCy4srzw9PAQ/1de3G7i+6CUVUWfJuBLJGwz2BaMWUZ0DBxNCAQE+RQVVUA1HVIF3qzm5abEjJqOMm+sPRSbWc1oZxVTvzTFvLGKb96Taf/PiM391saaldUDmv7qkImCgGhBYiq1EdS5+0CM4TCNqkZUEsdCajKckjnJzURPzgjlQZ9nCm8EQeoCIE5bKH/cVV+zm/KW2pYqtrYZcQhgRJNQk4RrFhL4iIzMdIgdBsgoqnwDhkKEQM1cEWiKq1acLW/btGO+BBy4qYtfp40DqhfwnXehAkC8FcgbkGQXNauektuJICkQuWVhSCT4QgZgNpdyQpOAaQI3wPXeHLt8HeEjjeIQjPd3hMJ9VD88PPzh2eHh0VPj/eVKH43WPpp/XIMkDhbJSBuXkTHvWkNGCvQVyQjpEEK1TAdlNKUQq8zQBucA51jmCtCQqAnKQrET9fI9jF1Xy8TXKHkJZx8SCKeZuZ0SSiQokUgfyC3TE5LPOh+f5Cw7q3ljSbkukkOlpFN0JjVES9fn/loRPbE1QNhdJbEZBBKUQr1IyatmlzCuNOU+9Pll5yS3jJQYp4pcdk7JLtTH9RrZmWgdq8bBQQCRqPsiOtjZIyMRhuIWAmS/wkIoGEfAtaqTNvUn2Z92dKWp1KieCPDAriUyYxhPKE8ikMwn/oRK6muQNeJTTtA4UsbJZBpPANXecmDs4AFRIVUTUPXMsht7HVHtT0Dt7vyPoeK3xsHBO7r/V3P/vw/3f77anf+73+/396/uDms/Hs0KEHu/7WJP/Z4f7T3ZbbzDf/5977fdg/qTvd/+bafoN9S8OBmGzH8F06LU28bBNUzXuoS4fbg+E3oDJEpCzeIQyDVMSUyZVEsU56rjgE/9CQQl/WlbqtNbzMwcdufme864VQhM8DppJVLijscSRiDRF7/JD2/r+f4apg+QmhiidRKB3TUvoh+zc81PRz8/rR50yhR/fH74M2l2z+pHJHXSUH1etF8T4DcQihhqJFEJDcMp7uf1erm9Ng5EAYEfNkzfTFURsUMV3H8yEtKeZJBPUNGFY5yaC2NB0iPy4VXhSIAQixNcc3GLAjgWkulJRBD3TC5LUj2PABDgvgggqPc56Qkr0jV0tBSQiE5Rg7yXijaeHj776b1BtNNt7qNPFJBbSeMYSbEeynvwGwr8+OnzH+WRhW23KqD2qBAJCcTymMpmoQHaM6oIB0B8ltkxuxDeq2Z3cHH54vSkNXjVfjtonr4ctM8uXw8uz7oX7dbJ7yftY6+2EqrTbQ6Qmg0gzw5//nENSLs16LZbF0+f/9g52gz2w0/PtgF7/vSoc+RdFc9+r6i6yBXLvUzgXL/0OWkaFVOQeaNfRQSEKiV8ZlyLzOiZrRslMj1+GTb1c58zFwAU7w1muUhJroeKZ+60cUmIAQ/zeq3DnUJU6b6mqkhoIkOyP7fxinEfjK6loRLIeBK0ZHCDio3Rwpf/r8zo17OiS2znbMmeFpkkbTRxmXXMVvOsW9czDDO3gLZ1YPioyi29CZDUGUwPmK+a3QbZPTnrtTtnzdMaaf+X/ddSzzrVSN3zy06rPei9vWhXtFCxJxuz0pxNgFKA3PvqQXbzmqrL9c7kNVWDZQ4lLgWyd7YOMCVNE9UgXXMc+RQnB8csCGNhaD2hKFih4GOFfnq69Bu9ity6lc6zeePqPWqevjzvnPT+qNqJeXvBMpQbU1swb2y3Bqj6F9p++OnZQtvzp0eLiYKuPe5DYJVxhr6qb+l54FZsdpA2aWfDbuvDuMgsS0IluK8nx2tYpSDTXYanz1eGsdebsFl5XmNhqjO/osZNUkXDZXSmcaCQgz41VnOe2og+J5fWU0OwglrIT1hbBDrKQ7dEFAlOXCDEBUK+cCCk5DvC1EplKpT3ch8XZJp0YMyUltOiE5jGRlb7nkZuLFR6zIF5gLNOLhWQTNSNeAENrA50dtDZQWcH19hBlJgFicIFkULoFsgvGrK8X+pkq1hOeUAMy1htTHzEa4SJtPsb3sym56a37myvs71fwfa2Cky7rayj4A58I7lVpDpClATBir4/wSgAKh+ZKL2FmvskvzjPuBo1YzRMEpYO2Obv1Z9hNzHmZ41V6vU6Jy8ue+1B5/I0OxgvBvVWgjVPTwfnv6+FOHu7AeKPk3an2Wn98dacxA17fLIO9Xwm/SSkcnevsL5ZBdZ2/JBi4FJQ33bszKWgXArKpaBcCsqloFwKyqWgXArKpaBc6M2F3h5z6M2loFwYzIXBvucUVB6cWpOC+vaK651ldpbZWeZNSbFFq1y8NeTsprOb367dLJ05Mauy8bxZvSi4Gk+XRPiGox8uieCSCC6J4JIILongkgguieCSCC6J4EIVLlTxmEMVLonggiEuGPI9JxEM0d9VAkElZsdf20PMF44F0fK7g0UCs57BTVoQW6YUF3f+TpJ9syyicWzeUvoHode0QfpGd7etPJn/hWB80fzDvrdBP5VrdDd4ZHblWoJbqC6UlEHaPfCz/oGCRb2AdElIlHnJqbs44pxIw19jdgO8uhCf5RGuFN0uPCQemNP6Uook/hwDPWCMlKL2Rw2S07ALIfhayDeboqPZxkH64UClX65gTUoyAKMGaPo+ngEmgmNDSLUGDkHGnB1UIgq4NkdPsqsSf0Ko6nMykiIiLLg4OD1uXuzhxtgHPoUs8lbetoydAGe2A2dwaOklhPagu8bXv3zxn+1Wb/C6eXFxcvZycH7R7jR7551lMYj1sCdnG0HOznvbgJ2cDVrnZ73myVnXnCIqu/pm25L8nNiI8RPbdzRbs+lppX0JvrraIVMal9YXUUwlU4LbXZ/bAwkKtTIGsuM4nGJESU+gz8kGJtuKb/qc7KYqY6+Wbbs9n+PcOZOULqFkglU5iK4VlgITrj+nVhfoSZ83ST4lGinGQeFzW3j/Q4zIL7nRJFQbrOc07+RiZQB2+jwUNlbzK/klQ+hX8kuKOsmWMt2DX4vGvKBPqhyQ2sLzJWKWdg3WilsKVBQ7E5ykvhRKGZpKs68Svtb52fFJ7+T8bPDi/Py03TxbeeNlHWTzbBPEeacchmuVdHaFLaqLc7/tbxJfhLiH6VO9+VRqkVura41v+d6wAIKl2zgYWwOzVjzzbMOcA61dIlRCAQNzxmqeHZNQjJlfPuDlVvF+LuZKylMMvCWqR4Fe5E73eKI7az2qxxM3xm2of2+/b2XGMFFarA0lpRCrD3klbZBDl+L8tnFJnB8jKgGVpZRl3rZmyjUOWq95dtzsHA+aLaPdKy5Zpfe43eq8vegt6el1mmfd1ye9siUo4FZyDbLmT3sFu0zmy4c/qOu0otOKj1ArZlg3/dQ9v4+7wYlVm7hP6XZiNk3Tayi6GpluXRbzTvtIDDJiOvXMUt8Eg1g2Ch3ZOJETQieEj1kIu6Wo6P2EMf2WpB83SJOkvxNDlWJjjkGADKYLelftIfK0IHh5MLTP7dn476l0IqwvoiHjCzUL2SkiygK5VbSyY3JBgl1G1mVkXUa2kJG1P+xhFMbXSYg4G+ps6KOyoffL8X2uVJwGGd0jCVAQffulKYXH6GcB23EaDn24kOdPsa3XfjnYMh1YetItq5JL0wnEoGpzPOlO5V7Ap1aM2LC1Ke0wpSJZQmP1VDVyO2H+JC8rtJzU5+jXlF+jc/UlTil+g0qxetmmKLapFN0v/dHJRCT1JYrZh3zwoJApMDdeql+pPi/UgyU8AMwxp7JpxREHq5fcoE7Zi6lE9Coq+mFUKbJLr2nmkrUE11KEcyraWIRvwAxUq9PewwXoc2VsTiJBZb90lamzVKMUF0OZct9K3UMpi5Lpo0FR9YlhyMb0gXUEn+UnzB44xf0e13S/S+Z+l8yZmW/UzHxJ39vd5/yGL6K4+5zuPqe7z+nuc7r7nO4+p7vP6e5zuvucLnvosoePKHvo7nO6QIgLhDyq+5zud8mcHXR20P0uWTmWUx7Q/S6Zs73fs+39jn+X7MG/ybVdymOeRi5yaKH181Uybf92p5ZsPAb51UhfKOead332ei5b7byMAnfVy131cll6ZyC/3yz9F77q9X9RfmtylB/1QzKopdJb/HOjaIcMuF5/ErIw9jBUzHfewznqwIcEFD7JYygsq0vE837Fc3+IMMjfhMAR0xyi8ZHmBpWMknDEwhAzL5X3DwwaTi86vfiI9eJ5Lgg96+RufS7JneKtKw6dHDk5evxy9Km/Mu1kyMmQk6E8yrOd+BRvHbj0q5Oeb1N6iky+jXkogL8E3SwdMzugYsHVxiFmBn9zXwNpLZPSltI8sZdWvJrMYYy3OYwoHfypbERQ+ROI6OYzJdaKLlvQ4tZyoQcjkfAAtzSLvPlYNxGa4FzCTZ0qHmS5KaobUDlOzKkMCaFByDgM4KNvDnF4SywfEEtjJdBgOoCPTJk4uXngQWFB8iAAztIKw7TkCz5OaKJsTHBEWQjBAKOEheca6dCkHzEImuiBGA0k5WMwWJp0HaJluhm3DyGaLnpDWYj3cRBjqukgFErZnkRPUFpsJHIh32nKzTTViSK4lNn1TjURSRiYOkOMPyRR9tDpiLwbCzEOoS5jv94SAVwtNNStPlSKjpfuTbVKOABb7Sz3R9TH8l1AHiHpCIsoMU7afBwyNamTJp+SRK34tPANPioZsr+wohcrENNaazyiF9HvmpWoB6ApC9XVmi77/GuNCFkYOn3k0AYk6laMEXwzG+usQrB6g3llpiBXTfhMiK2BCGCYjJfNtVxatUxgtfbA3kWzZco8lVGtcsi0pNLoZJYuQLbuFKsH0spR8h+m6tuUFdjhhmCDI6Y9zVQvDlIvqMV0H2IptBgmo3qTT6vvnXJ89SRTLtuTZL6wmEjQieR2G9MBGyQrRvVtA3ICFtYGwlcHY3Fg2E0d/CuC7cvSu63ezGrCCPREBBjvEspsPMXolHcQm9di6nm8TtVzbWvqY5gPBwsq2Kt51gQqkx1JZOg1vLs4pBr5oc2DWDCuZwtC1rbqkJzHwHvHv5PsC6wrwbt+5mHinNist25Ye2LxvqGSoYaxobzKjFbPpyp/sXc2w0yDAj+RTE+9xrurmoeaPo27vRDBNMUQBzLHkYIM4PWPUuCwunIL5CK66aWQhndzZFL+QumIGttikxKL9q06zN3cSHn7W/33pM/TV8s7Fy3V59t9tT93TTDuh8vPuL2EZVSH5Zh3i3QvcoxXW0LWVc0ze9h4593dYWbmUoazGTZ/SECm25FtL/41q3kToAFIw2QBM++WB8v98eIi7XbSsOkeWUUS1iLl8rp/gQLti3D/TX6FJ1V4nofpt+2n3m6+HotAJHr/tarOlMPhePs9W5mdQSw4KPMvsLom1mthrwo64OK8i+m7oQhMoVZkvBdP0lt0EuitJcR6e/bSAbbdeSHl48RYU8+Oif/9L9i0WOU= +sidebar_class_name: "post api-method" +info_path: policy-attributes +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +--------------------------------------* + Value RPCs +--------------------------------------- + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Value","additionalProperties":false}},"title":"GetAttributeValueResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-get-attribute-values-by-fqns.api.mdx b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-get-attribute-values-by-fqns.api.mdx new file mode 100644 index 00000000..5ead927d --- /dev/null +++ b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-get-attribute-values-by-fqns.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-attributes-attributes-service-get-attribute-values-by-fqns +title: "GetAttributeValuesByFqns" +description: "GetAttributeValuesByFqns" +sidebar_label: "GetAttributeValuesByFqns" +hide_title: true +hide_table_of_contents: true +api: eJztPWlz2ziWfwXF3arYPYpsp4/q1qTSy8hKookjeSS5a7NRlg2TTxLaFMgAoBNNSv996wEkRVJ37GRiLT7ZAh7ud+Ed4GdH0bF0Gu+cyyhk/oy4Sgl2nSiQzvuaE8UgqGIRbwdOw4k1SJ3mIPUFdB/ELfOh/hJUXvgHDROQz2cvPnDp1JyYCjoFBQLH++xwOgWn4YxMJeNOw/mQgJg5NScA6QsW48BOw+nBh4QJCIacvEjCcEb+mdCQjRgEpEOnIEk0IvmcyK0elByxOtTJRKlYNk5OnuJgMqY+PDtB0JOneQMPq56d6GYnT/UfU3RcIzwSUxqyf0FAVETC6CMI4lMJdafmSH8CU+o0PjtqFuNCqBAUJ88UTGWhXCrB+NipOVP6qW3qnvx8WnOmjKc/z+Y1RzEVFrZjPexD2J35/H3NESDjiEvQe/Hk9BT/lKfeT3wfJC7Xj7gCrhCExnHIfI10J39JhPu8vNfR9V/gK8QpgSiqmBll9IFXkG9Vm8JWe4uFmp1xag4NAoaj0/Cy1HnWTANiNxunkndcbLoo3NacBaswKOuHBc685uSnVhxiUVhFlLwGMUJNgNzjbKpjjYEj44CAJAkLCOMkoIpeUwnZxDd1qOurXSbS4FlMhdLns2BV5BxGjOtCWSMyieNIKHI9I4slu4madAjlSCbA6XUIZARBytxwTqMPfNOUsHpec6iv2G35SE1JdbamGOcQwIgmoSIJVywk8Amxm6kQKzQQ7tLiAK6jKASqx5qCorhrxdHysm0n5gvAjl1VbJ0WelQtzXdRRSTovZMgbkGQI+CKqRn5OIlICkQ+sjAkAvxIBKAPl3JCk4ApArfA1fFidvk+wic6jUPQkuYMqeysfnp6+uNPp6dnT7SkGSEzUU7DCaiCx4pNNaYkcbC8jLRw1TIWVRuWkQJ9w2WE9BrCjbwohdjAfdYgpuFG8+pGRLHphMgJ0kKxcj5fN8qIhhKqPfWVSHyFlJdw9iGBcEZYgLs5mhFKBMgoET6Qj0xNSD7qon+So+y85owF5UruIDPvwBUTwTYBYXV1iW4QCJBGUpLXbp8wLhXlPgz5Va9NpolU5BoIRenJAnLVuyBHUB/Xa+RRJkIDmEZ1P5qePDomoyhEYRgg+hU2QsJ4ClzJOmlRf5L9NL1LRYVC9kSAB2YvERnDeEJ5MgXBfOJPqKC+AlEjPuUEJSZlnExm8QSQ7a0GxgoeEBlSOQFZbwz5n3/+OeRqwmR9SpU/AXn06H/1Kn5vnJy8o4//5T7+n9PHv70/Wvw/HA6Hj99/Pq39cjYvQBz/foQ19T0bHf9w1HiH//7t+Pejk/oPx7//56PjdF5Dzfni5Dpk/muYFaneFHo3sKwgnkMswEeabujjw/2Z0Fsg0yRULA6B3MCMxJQJuYJxRhy6I62RVlgo9ScQlPinKakOb2amxzAntzhzxg1DYBGvk2YiBJ54LGAEQkBAbkFI7GMbN7+B2R2oJobpJorAaq1wXgAfq4nT+PXstyda5cwKlnTOTz+f/kbcfqd+RlLNDdnnZesNAX4LYRRDjSQyoWE4w/O82Uy3N1qBKEzgxy3DuykrIqarjB8xEGQUCYLIjaehBXY4xqF5pCUI8GTqNN6dvi8o3AixPMANjz4iAY4jwdRkSnDuGV2WqHpxqSHA/SiAoD7kZBAZkq6hoiWBTOkMOcifQtLGk9Offv1TT7TXdx+jThSQj4LGMS7FaCh/gt+Q4MdPfv5FnBnYVrMCWiPXiSLTSAAxOCazUWiA8oxKwgFwPqvkmNkI57Xb9y6vnl+0m97r1lvPvXjptTpXb7yrTv+y1Wy/aLfOndpaqF7f9XA1W0B+Ov3tlw0grabXbzUvn/z8S+9sO9iPv/60C9jPT856Z877eeGgX1N5mTOWvUTggr8MOXE1iynQvOav0RQIlTLymVYtMqGnj26UCDUBkaGpn+ucOQEgeW8Ry8WV5HxIpHc/PMq08P28VmVkAqaR2qhwpxDVdd9QWVxoIkLyeCHjJeM+aF5LQxkh4glQgsEtMjZGCy3/X4nRbydFV8jO+YozLSJJWvge7+ebkK3mGLVuoBFmIQFNqafxqIotgwmQVBlML5iv3X6DHLU7g1av417USOu/zX8rNeuUI/W7V71myxu8vWxVuFCxJuuzUpwNgFSA2Pv6TnLzhsqrzcrkDZXeKoUStwLRO9sHmBFXmzpIX19HvkTJwT4LxFjoWk0oElYY8bFEPT3d+u0miky6le6zeeH6M3IvXnZ77cGrqpxYlBckQ7kwlQWLwlbTQ9a/VPbjrz8tlf385AzvWFUjkr7uQ2CYcTZ9Wd9R88Cj2K4gbePOGt3amwej0lthKsFzbZ9vQJUCTfcZ3j5fa8TeLMLm5XG1hKmO/JpqNUkWBZfmmVqBQgz6UltNN5URQ06ujKaGYAW2kN+wdjB0lLtuRtNpxIk1hFhDyFc2hJR0R5gZqkyJci/1cYmmSQ/GTCoxKyqBqW1kve6p6cZApdccWBg46+RKAslIXZMX0MDwQCsHrRy0cnCDHESKWaIo3BARRaoJ4quaLPdznexkyyl3iGYZw42Jj/MaoXdtf8GbyfRc9Nat7LWy9xvI3mYBaXeldSRcz9eUu+Qvj6ISIRjS9ydoBUDmIxKpdmBzX6QXL/zwuho5TBKWLtj69/pmWE20+NkglQaDXvv51aDl9a4usovxslFvLZh7ceF1X2yE6LzdAvGq3eq5veart/omflt1xf97eeidXPOOz4SfhFQcHVdtK3h0W+0qhlR2oSXrLPuOrXzWWWadZdZZZp1l1llmnWXWWWadZdZZZo2E1kh4yEZC6yyzBjtrsHvIzjK96A2Osu8vBUAm+sTfmEvMV7YF0VLmzErbmJflvpRXipu7SMbQzcmUxrFO2Pg7oTe0QYaad7cMPek/IWhdNG84dPYyvW3RyMzONSNuoPpQYgZptedn9Z6EZb6A6xKQSJ0u0l/ucbFIjV9jdgu8uhH3kumTTrcPd7EH5mt9KaIkvo+O7tBHuqLWJwWC07APIfgqEn9ss45mBwdpQ0+mLdegJiUZgGYDlIwYhIFhBSTiWBBSpYBDkCFnD5mIBK701ZMcycSfECqHnIxENCUsuDy5OHcvj/FgTH5kJIq4lZetQifAkU3HGRxKegGhuehu0PWvnv+j1Rx4b9zLy3bnpde9bPXcQbe3ygaxGbbd2QrS6Q52AWt3vGa3M3Dbnb6+RVROdSkFb3uK5MqcyKVDz3P1NuRFhkwq3Fo/msZUMBnxLPkxkwcCJHJlNGTHcThDi5KawJCTLUi2E94MOTlKWcZxLTt2cz/HsXMkKXm6MsKqXEQ3EksBCTffU6sb9MOQuyQfEoUU4yAxpwedTNGIPM2FJqFKz3qx5kc5WWmAR0MeRsZW84w8zSb0jDxNp06yrUzP4FlRmBf4SRUDUlnYXUFmaZW3kdxSoCLZaeMk9UUkpV5TafR1xNfsds7bg3a34z3vdi9abmetW20TpNvZBtHtlc1wzRLPrqBFdXP2O36X+FGIZ6h50WiBCXIZW6t7TWIR3bIAgpXH6I2NgNlInrm3YYGBRi4RKqAwA33HcjvnJIzGzC9f8HKpuJ+KuXbl6QycFaxHglrGTpuhae9aB5WhudVuQ/299b61HsNEqmijKSmFWH/JK3GDHLpk5zeFK+z8aFEJqCi5LPOyDUNuUNAGbufc7Z17blNz94pKVqk9bzV7by8HK2oGPbfTf9MelCVBYW4l1SAr1lbqO4ZNvLx71r7lipYrHiBXzGbt+ql6vo+6wYlhm3hO6XGiN03RGyiqGhlvXWXzTutIDGLKVKqZpboJGrGMFXpq7ESWCC0RHjIR9ktW0f2IMW1L0sYN4pL04SsqJRtzNAJkMH1QR/IYJ08LhJcbQ4fc3I3/llInwvrR9JrxpZiF7BYxzQy51Wll1+QCBVuPrPXIWo9swSM710+KaYbxbRwiVoZaGXpQMnQ/H999ueIUiOkeToAC6ZuWOhQerZ+F2Y5Tc+jdiTzP99rM/XKwVTywlDeWRcml7gSip2p8POlJ5VrAl0aMGLO1Du3QoSKZQ2P9UDXyccL8SR5WaDBpyFGvKae82fgSyxS/Q6Y4n5ftXkWyTaloP/dHLyORVJcoeh/yzoOCp0BnvFRbySEvxIMlPAD0Mae0acgRO6uX1KBeWYupWPQqLPpuq5LkiN7QTCVrRlyJKFysooVB+BpMQzV7rWPcgCGXWuYkAmT2nGbGzlKOUtwMqcN9K3EPJS9Kxo+8IuuLrkM2pneMI7iXd1K/afaZffzUPn5qxcx3Kmbs46c2n9Pmc9p8TpvPafM5bT6nzee0+Zw2n9Pmc1rvofUePnTvoc3ntIYQawg5qHxO+/iplYNWDtrHT8u2HPv4qZW9hyN7H/Djp9/i4c+SG7mIoYXS+4tk2v3tTiXYeKw/dPttlr4UzrWouvd4LhPtvGoFNtXLpnpZL70VkA/XS/+VU73+HeG32kf5Sd3Fg1oKvcWfW0k7ZMDV5puQgTGXoaK/cw/lCD99DhKf5NErLLNLnOd+wXOvojDI34TAHlMfotaRFgKVjJJwxMIQPS+V9w/0NCxftHzxgPliNyeEgVFyd76X5ErxzhGHlo4sHR0+HWXvOO1GRbd5dLWlIUtDloZyK89u5FPMOrDuV0s93yf1FJH8S8WDjTf/jgPlbLy5jTe38eY23tzGm9t4cxtvbuPNbby5jbOzcXaHHGdn482twcMaPB5yvHnuo39Q3xCyktlKZiuZt0XAL0vlAr1buWnl5ncsN0t3ziTc9mbYikDmb5O+saCnVYFvd3+Ha5envsrzXTyRlfKde5yNfRXMvgpmmexBMFn7Kpj10lovrfXSWi+t9dJaL6310lovrfXSWi+ttQVbW/DB2YKtl9YaQqwh5CF7ae2rYFYOWjloXwUr23Lsq2BW9h6O7H3Ar4IteQVzj2X2qJB2YRfQSv9e3wyriRY/G6TSYNBrP78atLze1UV2MV426q0Fcy8uvO6LjRCdt1sgXrVbPbfXfPVW38Tv9jJa+f0Xmyh4wLYz64KyLijrgrIuKOuCsi4o64KyLijrgrKmN2t6O2TTm3VBWTOYNYM9ZBeUTRS0ktlK5sOTzDZR0MrNhyw3754ouH6e1onwHVs/rBPBOhGsE8E6EawTwToRrBPBOhGsE8GaKqyp4pBNFdaJYI0h1hjykJ0IetEPyoEgE33ib8wl5ivbgvb5lGJ5pbi5i3eSdHMypXGs31L6O6E3tEGGmne3DD3pPyFoXTRvOHS28Kd9vtGY7lwz4gaqDyVmkFZ7flbvSVjmC7guAYnULzn1l3tcLFLj15jdAq9uxL08wpVOtw93sQfma30poiS+j47u0Ee6otYnBYLTsA8h+CoSf2yzjmYHB2lDT6Yt16AmJRmAZgOUjBiEgWEFBL8qSkYhVQo4BBly9pCJSODKfJvySCb+hFA55GQkoilhweXJxbl7eYwHg0uiKhJF3MrLVqET4Mim4wwOJb2AsPJp7WVd/+r5P1rNgffGvbxsd1563ctWzx10e6tsEJth252tIJ3uYBewdsdrdjsDt93p61tE5VT/2DUkP1/slPG2qTubbzj0NNK+BF/d7ZBJhVvrR9OYCiYjbk59IQ8ESOTKaMiO43CGFiU1gSEnW5BsJ7wZcnKUsozjWnbs5n6OY+dIUkpCyQir+p3qTcRSQML9Ps76w5C7JB8ShRTjIPG5Lcz/iEbkaS40CVV61os1P8rJSgM8GvIwMraaZ+RpNqFn5Gk6dZJtZXoGzyqfec34SRUDUlnYXUFmaZW3kdxSoCLZaeMk9UUk8y/TLkZfR3zNbue8rT8w/rzbvWi5nbUZL5sg3c42iG6vbIZrlnh2BS2qm7Pf8bvEj0I8Q82LRgtMkMvYWt1rEovolgUQrDxGb2wEzEbyzL0NCww0colQAYUZ6DuW2zknYTRmfvmCl0vFPb8pvW7l6QycFaxHglrGTvt4or1rHdTjiVvtNuZb7HvpfWs9holU0UZTUgqx/pJX4gY5dMnObwpX2PnRohJQUXJZ5mUbhtygoA3czrnbO/fcpubuFZWsUnveavbeXg5W1Ax6bqf/pj0oS4LC3EqqQVasrdR3zAp/efcHdS1XtFzxALliNmvXT9XzfdQNTgzbxHNKjxO9aYreQFHVyHjrKpt3WkdiEFOmUs0s1U3QiGWs0FNjJ7JEaInwkImwX7KK7keMaVuSNm4Ql1xGIfNn6NdhY45GgAymD+pIHuPkaYHwcmPokJu78d9S6kRYP5peM74Us5DdIqaZIbc6reyaXKBg65G1HlnrkS14ZHW4rWEY38YhYmWolaEHJUP38/HdlytOgZju4QQokL5pqUPh0fpZmO04NYfencjzp9g2c78cbBUPLD3plkXJpe4EoqdqfDzpSeVawJdGjBiztQ7t0KEimUNj/VA18nHC/EkeVmgwachRrym/RmfjSyxT/A6ZYjXZpki2KRXt5/7oZSSS6hJF70PeeVDwFOiMl2orOeSFeLCEB4A+5pQ2DTliZ/WSGtQrazEVi16FRd9tVZIc0RuaqWTNiCsRhYtVtDAIX4NpqGavdYwbMORSy5xEgMy+dJWxs5SjFDdD6nDfStxDyYuS8SOvyPqi65CN6R3jCO7lE2Z3HGK/xzXtd8nsd8msmPlOxczX1L1tPud3nIhi8zltPqfN57T5nDaf0+Zz2nxOm89p8zmt99B6Dw/Ie2jzOa0hxBpCDiqf036XzMpBKwftd8nKtpxyh/a7ZFb2PmTZ+4C/S3bnb3Lt5vJYuJGLGFoovb9Ipt3f7lSCjccgvtnSl8K5FlX3Hs9lop1XrcCmetlUL+ultwLy4Xrpv3Kq178j/Fb7KD+pu3hQS6G3+HMraYcMuNp8EzIw5jJU9HfuoRz14EMCEp/k0Ssss0uc537Bc6+iMMjfhMAeUx+i1pEWApWMknDEwhA9L5X3D/Q0LF+0fPGA+WI3J4SBUXJ3vpfkSvHOEYeWjiwdHT4dfelXpi0NWRqyNJRbeXYjn2LWgXW/Wur5PqmniOS7iIetFtvK42tUpwm++GdH+wrxicQQVOGzWyalRz9UyCF9QhPSZzNLFPgSlFu61MrnsxcfuOyBjCMut857ruemk0Rwg8vTbAmh3/VLw2y1uzLGFBJNvyd/SWOGlP4EpnT7RRYDVFedYhGfeKS8UZTwAPEoM/f5GKwRaotgwnVwLN6euY7k86gYJ/oqiAuhQcg4ePDJ1zdHTE3LO8R4XAE0mHnwiUltnNevSkiMgvYC4CwNa0zjzODThCbSGCJHlIUQeGiaLLwRSa+1zxMtr4nyopEnKB+DnqX2EeK0dDXj5vVFXUVvKQsxCQhnTBX1wkhKU5OoCZKoMX8uOVl1jJuiKpEEtzLLKZWTKAkDHdyIRo9kmr2uOiLvxlE0DqEuYr/ejAJ4v1RQN0xYSjpeeTbV0OQATIi1eDyiPsYMA+IISXtYnhLjpMXHIZOTOnH5jCRyTdNCG3zJMmT/wjBiDHtMA7yRGIrT7+udqAegKAvl+w1V5s3ZGolEoev0ZUVjBakb3oHg29FYZWGJ1bTpte6JnB/i2yQm8CKA62S8aqzV1KpEsoHJYO2yrNSxpVLzc3HNlKBCCwKWbkC27xRDFtJwVfJfOtRcxzKY7q7BWGR0eeoeX+6kXuDF6TnEIlLRdTKqu3xWfWSV41MrGXPZfUm6hZmJAJUIbo4x7bBBsghY3xQgJmA0bxD58mQcnWh0kyf/gWCPRemxWGeeccKyjX41b3W02jKJAu0w1whC0XTmnCz498kPJ6j/1xwjeqX2yiQidBrO5zikClGixYM4YlzNl+isZTgi6cbAB+cvSNYC41kwx1A/iJyvN6uta+yeRBKndEsFQyZjTIiVEQ2rT7n+cu18jh4OCX4imJo5jXfvkYWNopIZUr/aU1+seGkROIk0xaTh3J7pAIJIqinVQsO4ODbtcam3nFDQxIcrZtzkW2mCNftfyN3F9j845or2vuboPWm8cz5/Rg/LlQjncyz+kICY6ZMJmH5kPFitPH9eSEBt80QT55CTF0kYzsg/Expi+kdAOhi9ofO48tzQ9MXjI1aHen5eT/Mwj2caY06eLqzPWPXsRDc7ear/mKLjGuHIRQzZqYhgdLogPpVQCIUobw4GMOlrqHRy5uQ4eLQZcuDRzmvOBGgAQm+EaYPBL7EqtFoS+9hLTgQvWwNnPv8/jyr6/A== +sidebar_class_name: "get api-method" +info_path: policy-attributes +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetAttributeValuesByFqns + + + + +/attr//value/), normalized to lower case.","schema":{"type":"array","items":{"type":"string","maxItems":250,"minItems":1},"title":"fqns","maxItems":250,"minItems":1,"description":"Required\n Fully Qualified Names of attribute values (i.e. https:///attr//value/), normalized to lower case."}}]} +> + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Value","additionalProperties":false},"title":"values"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the attribute. Use kas_keys instead."},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys associated with the attribute"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["rule"],"additionalProperties":false},"value":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"attribute":{"title":"attribute","type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","description":"namespace of the attribute","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name","description":"attribute name"},"rule":{"title":"rule","description":"attribute rule enum","type":"string","enum":["ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED","ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF","ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF","ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY"]},"values":{"type":"array","items":{"type":"object","properties":"circular()","title":"Value","additionalProperties":false},"title":"values"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the attribute. Use kas_keys instead."},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys associated with the attribute"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["rule"],"additionalProperties":false},"value":{"type":"string","title":"value"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the value. Use kas_keys instead."},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"subjectMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"attributeValue":{"title":"attribute_value","description":"the Attribute Value mapped to; aka: \"The Entity Entitlement Attribute\"","type":"object","properties":"circular()","additionalProperties":false},"subjectConditionSet":{"title":"subject_condition_set","description":"the reusable SubjectConditionSet mapped to the given Attribute Value","type":"object","properties":{"id":{"type":"string","title":"id"},"subjectSets":{"type":"array","items":{"type":"object","properties":{"conditionGroups":{"type":"array","items":{"type":"object","properties":{"conditions":{"type":"array","items":{"type":"object","properties":{"subjectExternalSelectorValue":{"type":"string","title":"subject_external_selector_value","description":"a selector for a field value on a flattened Entity Representation (such as\n from idP/LDAP)"},"operator":{"title":"operator","description":"the evaluation operator of relation","type":"string","enum":["SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED","SUBJECT_MAPPING_OPERATOR_ENUM_IN","SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN","SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS"]},"subjectExternalValues":{"type":"array","items":{"type":"string","minItems":1},"title":"subject_external_values","minItems":1,"description":"list of comparison values for the result of applying the\n subject_external_selector_value on a flattened Entity Representation\n (Subject), evaluated by the operator"}},"title":"Condition","required":["subjectExternalSelectorValue","operator"],"additionalProperties":false,"description":"*\nA Condition defines a rule of "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Value","additionalProperties":false}},"additionalProperties":false},"description":"map of FQNs to complete attributes and the one selected value"}},"title":"GetAttributeValuesByFqnsResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-get-attribute.api.mdx b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-get-attribute.api.mdx new file mode 100644 index 00000000..36033f10 --- /dev/null +++ b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-get-attribute.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-attributes-attributes-service-get-attribute +title: "GetAttribute" +description: "GetAttribute" +sidebar_label: "GetAttribute" +hide_title: true +hide_table_of_contents: true +api: eJztPWtz2ziSfwXHu1rbs7Js5+FNtHMzp8iajDeO7ZLk1M1ZPgUiWxLGJMAAoB1NVv99qwGSIqmnk0wuySFfYgENoBvoF7oB8IOn6Vh5jWvvUoTMn5Km1pINEw3Ku6l5IgZJNRP8NPAaXmxA6jQHqc+huyDvmA/1l6DzQq/mxVTSCDRIHOODx2kEXsNrCc7B1/uXUmjhi3D/DUjFBPdqHuNew5sADUB6NU/Cu4RJCLyGlgnUPOVPIKJe44OnpzH2xJNoaCA10+GGroEnkde4PrqpeQEoX7IYKfMa3gmMGAeiJ0DuLDQRI/Mz7Y3EaW9ezfMFV9prHM1mtQV6eiwCkej912qBku0xL3WyElFtoWqEcRIpbza7sbMFSr8QwRQH8gXXwDX+SeM4ZL5ZyYPfFfb1YREjMfwdfO3VPMHhYmTWK5bIAZqBMr1kC4vckDdTWjI+LhCSgw1Y4NW8kZAR1V7DSxLzu0ySMH+Q3WEyqt/RkAVUQ11wEKO9erb65D8JLv/fycEB6V2cXDQIcDoMcSKYIvcT4OQeiIRI3NnJCSCW4FMNARkxCANvNluJ3pzFrksE3uD6lukfvePr6MbqmhcxfgZ8rCde46hIvGQlLCxwcXAsucFlLA/K1s71FjN8kk9GgySahewPICwArtmIGQacz5YVsyKaRXHuWPbyah4NAoa90/CygOuIhgqqo7eZnoAkiSqtyg4LduzSECGJ4IACt1NcmR2s2Bm94zs1Mkw04UKTodCTRp+/ffu2z/9td0LVLjJAnQV75C9/IfOCYj975J//JHnN6B3f29tLu+jzFDlWxKLYGItH7ziJEqXJEIgCnY1fGr04xPrB86G9GU5zWb+ZAhULruzSPzo8xP/KE9pNfB+Uspro4+R7hVQb0KqQIK+tbb6RP2c1oyZVTP3SEPPCKs/kNZka/ozYVMcaA0cTBwFB4UFtGlBNh1RBhvi6Dk19tctEQUC0IDGV2ojJ3KgSo8FNoaoRlcSxkJoMp2ROcjPRk3NCedDnmZobQZCaYcRpCy00q3nU1+yuvKS2pIqtLUYcAhjRJNQk4ZqFBN4jSzEdYoUBMhoiX4ChECFQM1YEmuKsFUfLyzatmC8BO27qYuu0cED1Ar7zKhRHxFuBvANJdlGl6Sm5nwiSApF7FoZEgi9kAGZxKSc0CZgmcAdc782xy+cR3tMoDsH4REcoZkf1w8PDx08OD48eGZ8o17ZoqvbRDuMcJHGwSEZauIyMedUaMlKgL0hGSIcQqmVKI6MphVhlBFYz5h0NEzPGMgeAhkRNUBaKlaghH2BqulomvkbJSzh7l0A4zezclFAiQYlE+kDumZ6QfNR5/yRn2VnNG0vKdZEcKiWdolenIVo6Pw/XiugSrAHC6iqJzSCQoJSxU+RVs0sYV5pyH/r8qnOa2ylKjCtFrjpnZBfq43qN7Ey0jlXj4CCASNR9ER3s7JGRCENxDwGyX2EiFIwj4FrVSZv6k+yn7V1pKjWqJwI8sHOJzBjGE8qTCCTziT+hkvoaZI34lBM0U5RxMpnGE0C1txwYK3hAVEjVBFQ9s7PGckZU+xNQuzv/a6j4uXFwcE33/2ju/8/h/vOb3fnf/X6/v3/z4bB2fDQrQOz9vIs19Qc22vtht3GNf/517+fdg/oPez//x07Rgte8OBmGzH8F06LU28LBLUzX+mK4fDg/E3oHJEpCzeIQyC1MSUyZVEsU5yq/3Kf+BIKS/rQl1eEtZmYMu3LzNWfcKgQmeJ20EilxxWMJI5Dogd/lu6j1fH8L00+QmhiidRKB1TUvou8zB/vZ0fNHVY+7TPH7p4fPSbN7Xj8iqbuE6vOy/ZoAv4NQxFAjiUpoGE5xPW/Xy+2tcSAKCDzeMHwzVUXEdlXwu8lISLt/QT5BRReOcWgujAVJ96qHN8WNSzheVAjklot7FMCxkExPIoK4Z3JZkur5VpwA90UAQb3PSU9Yka6ho6WARHSKGuStVLTx6PDJs7cG0U63uY8+UUDuJY1jJMV6KG/Bbyjw40dPj+WRhW23KqDWgY+EBGJ5TGWj0ADtGVWEAyA+y+yYnQjvVbM7uLx6cXbaGrxq/zZonr0ctM+vXg+uzruX7dbpL6ftE6+2EqrTbQ6Qmg0gTw6fH68BabcG3Xbr8tHT487RZrDHz55sA/b00VHnyLspbrpeUXWZK5YHmcC5fulz0jQqpiDzRr+KCAhVSvjMuBaZ0TNLN0pkuiEybOrnPmcuACjeG8xykZJcDxU3umnhkg02buH1Woc7hajSfUtVkdBEhmR/buMV4z4YXUtDJZDxJGjJ4A4VG6OFlv+vzOiXs6JLbOdsyZoWmSQtNAGRdcxW86xb1zMMM7eAtnRg+KjKLb0JkNQZTDeYr5rdBtk9Pe+1O+fNsxpp/7f9a6lnnWqk7sVVp9Ue9H67bFe0ULEm67NSnA2AUoDc++qT7OYtVVfrnclbqgbLHEqcCmTvbB5gSpomvkC6ZjvyMU4O9lkQxkLXekJRsELBxwr99HTqN3oVuXUr7WfzwtVr1Dx7edE57f1atRPz8oJlKBemtmBe2G4NUPUvlD1+9mSh7OmjI28hzNy1230IrDLO0Ff1LT0PXIrNDtIm7WzYbX0AF5llSagE1/X0ZA2rFGS6y3D3+cow9noTNiuPayxMdeRX1LhJqmi4jM40DhRy0MfGai5SG9Hn5Mp6aghWUAv5DmuLQEe565aIIsGJC4S4QMifHAgp+Y4wtVKZCuWD3McFmSYdGDOl5bToBKaxkdW+p5EbC5Vuc2Ae4KyTKwUkE3UjXkADqwOdHXR20NnBNXYQJWZBonBCpBC6BfJPDVk+LHWyVSyn3CGGZaw2Jj7iNcKU1sMNb2bTc9Nbd7bX2d4vYHtbBabdVtZRcAe+kdwqUh0hSoJgRd+fYBQAlY9MlN5CzX2UX5xnXI2aMRomCUsbbPN7dTOsJsb8rLFKvV7n9MVVrz3oXJ1lG+PFoN5KsObZ2eDil7UQ579tgPj1tN1pdlq//mZ24oY9vh4d+kmpec9n0k9CKnf3qrEVXLqNcRUrKtvIkkuWfcVRPpcsc8kylyxzyTKXLHPJMpcsc8kylyxzQUIXJPyeg4QuWeYCdi5g9y0nywzRaxJlX98VAJWYFX9tNzF/ciwoj4C9yUNUC3e7LN9UKcXJnV/GMM1JROPYXNj4O6G3tEH6Rne3rTyZ/0IwvmjesO89KPS2wSOzM9cS3EJ1oaQM0uqBn9UPFCzqBaRLQqLMdZHuYo9zIg1/jdkd8OpEfJabPim6XfiUeGBO60spkvhzdPQJfaQUtd9rkJyGXQjB10K+2RQdzRYO0oYDlbZcwZqUZABGDdD0epwBJoJjQUi1Bg5BxpwdVCIKuDZbT7KrEn9CqOpzMpIiIiy4PDg7aV7u4cLYm7xCFnkrL1vGToAj244zOLT0EkK70V3j61+9+Ee71Ru8bl5enp6/HFxctjvN3kVnWQxiPezp+UaQ84veNmCn54PWxXmveXreNbuIyqq+2TbunxMbMX5q645maxY9TSiU4KuzHTKlcWp9EcVUMiW4XfW5PZCgUCtjIDuOwylGlPQE+pxsYLKt+KbPyW6qMvZq2bLb/TmOnTNJKdOVCVZlI7pWWApMuH6fWp2gH/q8SfIh0UgxDgrv9GCSSYzIj7nRJFQbrOc07+RiZQB2+jwUNlbzE/kxQ+gn8mOKOsmmMl2Dn4rGvKBPqhyQ2sKLJWKWVg3WilsKVBQ7E5ykvhRKGZpKo68SvtbF+clp7/TifPDi4uKs3TxfmVZbB9k83wRx0SmH4VolnV1hi+rkPGz5m8QXIa5hejE/H0otcmt1rvHm/h0LIFi6jIOxNTBrxTPPNsw50NolQiUUMDB7rOb5CQnFmPnlDV5uFR/mYq6kPMXAW6J6FOhF7nQ3NN1e67u6obkxbkP9B/t9KzOGidJibSgphVi9yStpgxy6FOe3hUvi/BhRCagspSzzsjVDrnHQes3zk2bnZNBsGe1ecckqtSftVue3y96Sml6ned59fdorW4ICbiXXICv+uDcuymS+/PRb+04rOq34HWrFDOumn7rnD3E3OLFqE9cpXU7Mpml6C0VXI9Oty2LeaR2JQUZMp55Z6ptgEMtGoSMbJ3JC6ITwexbCbikq+jBhTNuStHGDNEn6RBtVio05BgEymC7oXbWHyNOC4OXB0D63e+O/ptKJsL6IhowvnFnIdhFRFsitopVtkwsS7DKyLiPrMrKFjKx9x8sojC+TEHE21NnQ78qGPizH97lScRpk9IAkQEH0bUtzFB6jnwVsx2k49NOFPL/vtV775WDLdGDp3lh2Si5NJxCDqs3xpCuVewEfe2LEhq3N0Q5zVCRLaKweqkbuJ8yf5McKLSf1Ofo15Stv7nyJU4pfoVIsP+t5XRLbVIoelv7oZCKS+hLF7EPeeVDIFJgbL9VWqs8L58ESHgDmmFPZtOKIndVLblCn7MWsei3XquhPo0qRXXpLM5esJbiWIpxT0cZD+AbMQLU67T2cgD5XxuYkElT2nGamzlKNUpwMZY77Vs49lLIomT4aFFWfGIZsTD/xHMFneSf1i94+c4+fusdPnZn5Ss2Me/zU3ed09zndfU53n9Pd53T3Od19Tnef093ndPc5XfbQZQ+/9eyhu8/pAiEuEPJd3ed0j586O+jsoHv8tBzLcY+fOtv7/djeb/jx0y/x8GcpjVzk0ELp5zvJtP3bnVqy8dh8nvnLkL5wnGte9dnPc9nTzssocFe93FUvl6V3BvLbzdL/yVe9/i+O35oc5Xv9KRnU0tFb/LlRtEMGXK/fCVkYuxkq5jsf4Byln05vpRSW1SXi+bDDc7+KMMjfhMAe0xyi8ZHmBpWMknDEwhAzL5X3DwwaTi86vfgd68WLXBB61sndel+SO8Vbnzh0cuTk6PuXo+wdp+2k6C4/Xe1kyMmQk6E8yrOd+BRvHbj0q5Oer1N6ikz+sebBnTf/ig/KufPm7ry5O2/uzpu78+buvLk7b+7Om7vz5u6cnTtn9z2fs3PnzV3AwwU8vuXz5nmO/pv6hpCzzM4yO8u86QT8olUuyLuzm85ufsV2s7TnTMJNb4YVJekl6PwhqQ6oWHC1KdUwmxn0jTVCUsuUtKU0n+JJI5VGv8Zoq0wc5uB3ZU8OK38CEd1sezDGt2w+iyvLhR6MRMIDpDvTzT76u6ExiQk38UU0eNwEQwZUjhNzegsJoUHIOAzgvW8CePiaXN4hhjQl0GA6gPdMGYfBPAStMJA8CICzNDKUbtXh/YQmylriEWUhBAN0KAqfdaJDo6QxEp7ogRgNJOVjMFgapYZomWrG7QeTTBW9oyzEd7sQY6rpIBRK2ZpET1BY7InlBatgwgSa6kQRnMrsGUg1EUkYmPgQnlNMouyDaCNyPRZiHEJdxn69JQK4WSioW3WoFB0vXZtqdDcAG6WW+yPqY9gVkEdI2sMiSoyTNh+HTE3qpMmnJFErmhba4MenQvYHRmIxcpTGyFGJF9HvmpmoB6ApC9XNmir7mbgaEbLQdfoxJHtwsW6lGME3s7HOIjulqVp3oyDXTPicuPVdAxgm42VjLZdWLRNYrTywdtFqmfCcMppVDpmWVBqVzNIJyOadoo+VRvzIf5lovXG+bHdDsIcoTXlqzxc7qRe0YroOsRRaDJNRvcmn1e+icXwdPVMu25NkWlhMJOhEcruMaYcNkgURfVuAnIAB0UD46mAsDgy7qYN/R7B9Wfq+mzfLNGH5WP1cn3rGaZiIAH0noQxXUEyxeAexeXK+njsYqp63Mpse5sNBpStrGZVJnSUy9BrehzikGvmkzYNYMK5nC8LXtmqSXMTAeye/kKwFeuX4VqD5sGE+CVlt3bD8xKJ8RyVDzWOTW5URrf5PTcFi7WyGoU8FfiKZnnqN65uahxYgPbf7QgTTFENjJzJq0X/0Ho/os6ej4yf7T/929Lf9J0+PH+0PH4/8/Uf+8+PHo+NjOqLHKBWY9CttHapTuzApSFSaCmx4d0fG8xVKR9RYJhuCqS5kqYdcAvG4L84a4zYXbjSBXePrRUQW19irlce5qXlm1hvX3ocPmIC6kuFshsXvEpDpBGYLgr9mNW8CNABp2CJg5kulwfKd8Ye5TfZ2O6nLsEfmblOZGtx75ZK3f4mi6Ytw/02eRE1Vl+dhDmT7obcbr8ciEInef62qI+Vw2N9+z8bGM4gFV2PeAncTsV4Le1MQ2MuLLl7YGYrAbEwj44d4kt6juaf3lhDrttm0D5Z98ELKx4mxi57tE//9C093QKQ= +sidebar_class_name: "post api-method" +info_path: policy-attributes +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetAttribute + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Value","additionalProperties":false},"title":"values"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the attribute. Use kas_keys instead."},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys associated with the attribute"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["rule"],"additionalProperties":false}},"title":"GetAttributeResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-list-attribute-values.api.mdx b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-list-attribute-values.api.mdx new file mode 100644 index 00000000..934118a0 --- /dev/null +++ b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-list-attribute-values.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-attributes-attributes-service-list-attribute-values +title: "ListAttributeValues" +description: "ListAttributeValues" +sidebar_label: "ListAttributeValues" +hide_title: true +hide_table_of_contents: true +api: eJztPftz2zaT/wqGdzOxW1l+5PG1uk57iqym+uLIHknOXC/yKTC5klCTAAuAtvVl9L/fLEBSJPV0nOSSHPpLY2AJLLBP7C6gD56mE+U13nkXImT+jDS1luw60aC8q5onYpBUM8E7gdfwYgNSpzlIfQHdB3nLfKifMaXz1rc0TEB5NS+mkkagQeJUHzxOI/AaXktwDr4+uJBCC1+EB29BKia4V/MY9xreFGgA0qt5Ev5OmITAa2iZQM1T/hQi6jU+eHoW40g8ia4NpGY63DI08CTyGu+Or2peAMqXLMYFeg3vFMaMA9FTILcWmoix+TMdjcTpaF7N8wVX2mscz+e1pfUMWAQi0Qdv1NJKdse8NMhaRLWFqhHGSaS8+fzK7hYo/VIEM5zIF1wD1/hPGsch8w1BD/9SONaHZYzE9V/gaySaRPJrBsp8mxEVWSEHVloyPimgn4ONWODVvLGQEdVew0sS83d5Ib2MrvOapzTVYEZOR7IN1U/OzT9oOOSk2Rp03rbJ9YwEMKZJqMndFDjhQhMVg8/GDHDKKqYp/T37+ag/aA7ao3b38s3ostu/aLc6v3fap15tRb9tWdnV6W7obHb/9K7mKAUTxqldyGKdhdZ1i12sYg1xQhYxXSAL4xomJbayEAWCMK6fnmza3j5oogXxBR+zSSIhyLfZjEXY2Gx1LMUtCyAYcvKG3rMoidJ+BRq5Mg6pxknTgQjlAQE+FtKHAGmnrOJQyANiPFaweR0pyEMWcmrRhqCKsjef1zwaBMyCXhS2dExDBdidzbtCr/WsnHlbxphX9ZdpULHgyhLv5OgI/1fGv5/4PihlNc2nkN9bq4sXcFRKOkMFpSFS279nG8V+hXBPgKPxgICg7CMrBFTTa6oASZ3riaIoLBq3MfxWbOY1o5VVTP3SFIvGKr55T6b1PyE2D9sba07WD2j6q0MmCgKU15hKbZhxYcqJMRimUdWISuJYSI2yt1hyM9HTLsrmkBPg9DoEMoYgNf6I0/hvvgkl7Eaq+prdlklqW6rY2uai7k64ZiGBe+RwpkPsMEC4SwsCXAsRAjVzRaAp7lpxtrxtG8V8CThwUxe/ThtHVC/hu+gyei3VWyDJHnDN9IzcTQVJgcgdC0MiwRcyAENcyglNAqYJ3ALX+6uM0j2N4hCMJ3aMUn9cPzo6evrs6Oj4xHhiuboLqIYDNPu4B0kcLC8jbVy1jEXXhmWkQF9wGSG9hnClDsrNl4VYp2rXM6ZRezhHeSNEah6ImqIsFDu3GIXqSH0tE99YyoSzvxMIZ4QFuJvjGaFEghKJ9IHcMT0l+ayL8UnOsvOaN5GU68+po5FlJNsEhN3VJTaDQIJSqBcped3sE8aVptyHIb/sdUiUKE2ugVByS0MWkMveGdmD+qReI0+mWseqcXgYQCTqvogOn+yTsQhDcWetf2EjFEwi4FrVSZv60+xPO7rSVOrUdQjsXiIzhvGU8iQCyXziT6mkvgZZIz7l6G1oyjiZzuIpoNpbDYwdPCAqpGoKqt4Y8vfv3w+5njJVj6j2p6D2nvyPWcVvjcPDd/TgX82D/z46+Plqb/Hv4XA4PLj6cFR7cTwvQOz/toc99Qd+tP/DXuMd/vPH/d/2Dus/7P/270/2U7yGRvPFyXXI/NcwK7mRpnF0A7MV54VYgo8y3TDkw/2Z0lsgURJqFodAbmBGYsqkWqE4BYfzsTm2VVQo9acQlPSnbalObzEzc1jKLWjOuFUITPA6aSVSIsVjCWOQ6HDe5oe2zXx/A7NHSE0M0SaJwO6aF9H7M+ATPfUaPx3/fFLzIsazhuPqiu+fH/1Mmv1u/Zik3huqz4v2GwL8FkIRQ40kKqFhOEN63myW2xvjQBQQeLpl+maqiogdKtNHDCQZC0mQuZEaxmCHE5yaC2NB0qPR0VXB8UWI5QluuLhDAZwIyfQ0Ioh7JpclqV6c/AlwXwQQ1IecDIQV6Ro6WgpIRGeoQd5LRRsnR89+em8Q7fWbB+gTBeRO0jjGpVgP5T34DQV+fPL8hTy2sO1WBbRGrhNNIiGBWB5T2Sw0QHtGFeEAiM+GM+LrZn90cfnyrNMavW7/OWqevVp1UlwH1es3R7iaLSDPjn5+sQGk3Rr1262Lk+cvesfbwZ7+9GwXsOcnx71j76p4wnlN1UWuWB5kAhf6BU/lRsUUZN7oVxEBoUoJnxnXIjN6hnTjROopyIxN/dznzAUAxfsBZ7VcDy3OXe+yxiuM15TlX0Ik9EaHO4WorvuGquJCExmSg4WNV4z7YHQtDZVAxpOgJYNbVGyMFr78f2VGv5wVXWE75ytoWmSStPEKw2ibmK3mWbduYBimELMyrSPDR1VuGUyBpM5gesB83ew3yF6nO2j3us2zGmn/l/3XSs861Uj988teqz0a/HnRrmihYk82ZqU5m8BEo26oev0ou3lD1eVmZ/KGqtEqhxK3Atk72weYkaYJd5C+OY58jJODYxaEsTC0nlIUrFDwiUI/Pd36rV5Fbt1K59m8cUNk8ezVea8z+GMpopi3FyxDuTG1BYvGdmuEqn+p7elPz5banp8ce0tR7b497kNglXGGvqrv6HkgKbY7SNu0s2G3zZFjZJYVoRKka+d0A6sUZLrP8PT52jD2lrBceV5jYaozv6bGTVJFw2V0pnGgkIM+NlZTCE5eWk8NwQpqIT9h7RDoKA/dElEkOHGBEBcI+cyBkJLvCDMrlalQPsh9XJJp0oMJU1rOik5gGhtZ73saubFQ6TEHFgHOOrlUQDJRN+IFNLA60NlBZwedHdxgB1FiliQKN0QKoVsgP2vI8mGpk51iOeUBMSxjtTHxEa8xZtgebngzm56b3rqzvc72fgHb2yow7a6yjoI78o3kLtVkCFESBCv6/hSjAKh8ZKL0Dmruo/ziPONq1IzRMElYOmCbv9d/ht3EmJ8NVmkw6HVeXg7ao97lWXYwXlH+sQ6seXY2Ov99I0T3zy0Qf3TavWav9YetC9mWmvd8Jv0kpHLPFB7sVzlLudzRVx70crkjlztyuSOXO3K5I5c7crkjlztyuSMXM3Mxs+85ZuZyRy5+5eJX33LuKI8qbcgdfX1V8c4yO8vsLPO2bNayVS5e93F209nNr9duls6cmA7Zet60aOyCp0sifMXRD5dEcEkEl0RwSQSXRHBJBJdEcEkEl0RwoQoXqvieQxUuieCCIS4Y8i0nEcyiv6kEgkoMxd/YQ8xnjgXR0otapQXm78hZvqmuFDd38cCR+ZxENI7NI0j/QegNbZCh0d1tK0/mfyEYXzT/cOht0U+L0tv9rfo83bmW4BaqDyVlkHaP/Kx/ZB8yW16XhESZJ5j6yyMuFmn4a8JugVc34pO8npWi24fHxAPztb6SIok/xUCPGCNdUfteg+Q07EMIvhby7bboaEY4SD8cqfTLNaxJSQZg1AAlYwZhYFUBERwbQqo1cAgy5uyhElHAtTl6kj2V+FNC1ZCTsRQRYcHF4dlp82LfPJJn3uQUsshbedsqdgKc2Q6cwaGllxBmrw6u9fUvX/6z3RqM3jQvLjrdV6Pzi3avOTjvrYpBbIbtdLeCdM8Hu4B1uqPWeXfQ7HT75hRRoerbXZ+5yxcbMd6xfcfzDUS/zd4yLcBXdztkSuPW+iKKqWRKcEv1hT2QoFArYyA7jsMZRpT0FIacbGGynfhmyMleqjL2axnZ7fkc586ZpHR7JBOsykF0o7AUmHDzObW6QT8MeZPkU6KRYhwUvpOFFzfEmPySG01CtcF6seYnuVgZgCdDHgobq/mV/JIh9Cv5JUWdZFuZ0uDXojEv6JMqB6S28HyFmKVdo43ilgIVxc4EJ6kvhVJmTaXZ1wlf67x72hl0zrujl+fnZ+1md+1VlU2Qze42iPNeOQzXKunsCltUN+dh5G8SX4RIw/Rt3Xwqtcyt1b0uvNq5goyjiTUwG8UzzzYsONDaJUIlFDAwZ6xm95SEYsL88gEvt4oPczHXrjzFwFuhehToZe50rx66s9Z39erh1rgN9R/s963NGCZKi42hpBRi/SGvpA1y6FKc3zauiPNjRCWgspSyzNs2TLnBQRs0u6fN3ql5mvq8W3XJKr2n7Vbvz4vBip5Br9ntv+kMypaggFvJNciaTZT6kde5Xz3+JVynFZ1W/A61YoZ100/d84e4G5xYtYl0SsmJ2TRNb6DoamS6dVXMO+0jMciI6dQzS30TDGLZKHRk40ROCJ0Qfs9C2C9FRR8mjOm3JP24QZok/bEVqhSbcAwCZDB90HtqH5GnBcHLg6FDbs/GP6bSibC+iK6zH5BYcYqIskBuFa3smFyQYJeRdRlZl5EtZGTtT3UYhfFlEiLOhjob+l3Z0Ifl+D5VKk6DjB6QBCiIvv3SlMJj9LOA7SQNhz5eyPM31DZrvxxslQ4svcWWVcml6QRiULU5npRSuRfwsRUjNmxtSjtMqUiW0Fg/VY3cTZk/zcsKLScNOfo15WfkXH2JU4pfoVKsXrYpim0qRQ9Lf/QyEUl9iWL2IR88KGQKzI2X6ldqyAv1YAkPAHPMqWxaccTB6iU3qFf2YioRvYqKftyqFNmjNzRzyVqCaynCxSraWIRvwAxUq9fexw0YcmVsTiJBZT9RlamzVKMUN0OZct9K3UMpi5Lpo1FR9YnrkE3oI+sIPslvjz1yioe9iul+UMz9oJgzM1+pmfmcvre7z/kVX0Rx9zndfU53n9Pd53T3Od19Tnef093ndPc5XfbQZQ+/o+yhu8/pAiEuEPJd3ed0Pyjm7KCzg+4HxcqxnPKA7gfFnO39lm3vN/yDYjv8mNanSHks0shFDi20frpKpt3f7tSSTSYgv9jSl8q5Fl2fvJ7LVjuvWoG76uWuerksvTOQ326W/jNf9fq/KL81Ocp7/ZgMaqn0Fv/cKtohA643n4QsjD0MFfOdD3COevB3Agqf5DErLKtLxPNhxXN/iDDI34TAEdMcovGRFgaVjJNwzMIQMy+V9w8MGk4vOr34HevF81wQBtbJ3flckjvFO1ccOjlycvT9y1H2jtNuUrT4lWknQ06GnAzlUZ7dxKd468ClX530fJ3SU2TyjzUPMZ1kTxEUj2+L1q3sa0t2z8djBcXzI+MarN+3CMgZyJGwoAUKMK6fniyHoe3BDQKyQIekH2P4Ce53mRXBdp6yRUM8MedlHtKiQEIWMU1+TGcnQmZ3VvDBz3YUG3YFTrjgWOMXYaScjjVI4mcVzXRiY75C03AjwhZiK6oDBCO+SLh5nBKFRgLB9ywfwjZnTOlmKd6geqBiwdU2ZprPDSebXcD1lLFrS2keW0xrn00OOcZ7PYaKh38py2/Kn0JEt0cXsGp4lWgVhZwLPRqLhAco3FkM1scKmtCEaRNuKpYxpMFNeeWIyklizue4EBqEjMMI7n1znMf7gvmAWCQtgQazEdwzZTIm5qkPhaXpowA4S2tN0+I/uJ/SRNno8JiyEIIRxosLD3fSa5OIxnB4guw5kpRPwGBpEreIlulG/sAnMU0XvaUsxJtZiDHVdBQKpWxPoqfIAjYmvZT5NoWHmupEEdzK7KKvmookDEzFKUaikih78nZM3k2EmIRQl7Ffb4kArpYa6tYyKoWcvYI21XrxAGzduzwYUx8LuQF5hKQjLKPEOGnzScjUtE6afEYStebTwjf4vGjI/oW13ViLmlbdY7CmiH7f7EQ9AE1ZqK42dNmHgGso8Iuh0+cubWiqbhU6gm9nY53Vilbvsq/NGeVKAB+MsdUwAVwnk1VzrZZWLRNYrxCwd9mBMQW/yhhZec20pNJYZ5ZuQLbvFOtI0hpi8p+m/t8UmNjhrsGGyUx7WrOwPEi9oPlSOsRSaHGdjOtNPqu+fMvx/ZtMuey+JPOFxUSCTiS3ZEwHbJCsLNm3DcgJWGIdCF8dTsShYTd1+G8IdiBLL/h680wTFudboVY940ZORYDmVSjDHBRjmd5hbN4WqufRXVXPvzXVVMyHw9UjWpdJmWxaIkOv4X2IQ6qRa9o8iAXjer4kim2rNMl5DHxw+jvJvsA6JLwbah6yzrck660bAZhazG+pZKiHbOi3MqO1BqlhWO6dzzEzpcBPJNMzr/HuquahPUjN/UsRzFIMjdXI1oxxYu/pmP70fPzi2cHzfxz/4+DZ8xcnB9dPx/7Bif/zi6fjFy/omGJ9EKo6E51vDTpv26P+oDlY+Qxv2fkxRt5rHNW81F1oHCFl8YJSyTeqUmtpg3GD0mtLDe/22LhZQumImmls2mwNi5QGykUcI8ZICMbt9T2jaiz3vFvGZ5l7vNrK6a5qnqFn45334QNm9S5lOJ9j898JyJQ0Ganxr3nNmwINQBqGC5h58z5YfZb7sLD93l4vDbnvk4U/WV4U1rHlEn5wgSrAF+HB2/z6V6oiPQ9Tt7tPvdt8AxaBSPTBG1WdKYfD8Q4Gtqo/g1hyaRZfYGVWrDfCXhU0wsV5H1O/1yIwRX6R8Xc8Se/QraB3diH2pGAvrGDbBy+kfJIY++vZMfG//wVYifcj +sidebar_class_name: "post api-method" +info_path: policy-attributes +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +ListAttributeValues + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Value","additionalProperties":false},"title":"values"},"pagination":{"title":"pagination","type":"object","properties":{"currentOffset":{"type":"integer","title":"current_offset","format":"int32","description":"Requested pagination offset"},"nextOffset":{"type":"integer","title":"next_offset","format":"int32","description":"Calculated with request limit + offset or defaults\n Empty when none remain after current page"},"total":{"type":"integer","title":"total","format":"int32","description":"Total count of entire list"}},"additionalProperties":false}},"title":"ListAttributeValuesResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-list-attributes.api.mdx b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-list-attributes.api.mdx new file mode 100644 index 00000000..b36c5c26 --- /dev/null +++ b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-list-attributes.api.mdx @@ -0,0 +1,73 @@ +--- +id: policy-attributes-attributes-service-list-attributes +title: "ListAttributes" +description: "--------------------------------------*" +sidebar_label: "ListAttributes" +hide_title: true +hide_table_of_contents: true +api: eJztPX9z27aSXwXDu5nYrSzbSdtpdZ3XU2S11YsjeyQ5c73Ip8DkSkJNAiwAOtbL6LvfLABSJCVLcpLmkhz8j21gASyA/YXdBfgu0HSmgtbr4FLELFyQttaS3WQaVHDdCCJQoWSpZoIHreBor59vxnzVCxlcdtSY79fyKGgEIgVJcbxeFLSC1CDVpAVSzRV+Q5B3LITmOVO6hHUjSKmkCWiQOK93AacJBK2gIziHUB9dSqFFKOKjVyAVzqsRMJzcHGgEMmgEEv7KmIQoaGmZQSNQ4RwSGrTeBXqRYk88S24MpGY63tE18CwJWq9P19byDKaMA9FzIHcWmoip+df1RlLXW9AIQsGVDlqny2VjbT4jloDI9NFLtTaT/TGvdPIgotpCNQjjJFHBcnltVwuUfi6iBQ4UCq6Ba/yTpmnMQrOXx38q7OvdOkbi5k8INW6axJ3XDJSB01SDAXOI2oI6bhfmDxojxXVGvVddcrMgEUxpFmvydg6ccKGJSiFkUwYRTtwOq7RkfLban8A2nwxH7VF30u1fvZxc9YeX3U7v1173LGhsqLclG6t6/S2V7f4fwfWyYbZRpTSE0moUaOXTXgFtmXo/ByK9MyIkMQSyRD6YMU4t/GolS6UP9blapwe2J2YJ0yW8GdcwqxCWhWgEUyETqi3Is6fbZjEETbQgoeBTNsskRMVGmr4Im5rNTKW4YxFEY05e0nuWZImrV6CRLtOYahzUdUQojwjwqZAhREgdykoNhQskplMF2+fhQB4zkTOLNkR1lIPlshHQKGIW9LK0pFMaK8DqfNyqUBtYJgt2NF/WhZcpUKngyu7b05MT/FVFfZiFIShlxczHYN6VtC7BUinpAiWUhkTt7oNF29iCRcEaB+3kmKImF7QFnjvpfSc29bFmwFGNQUSyjEVIlxHV9IYqyBHfxfVrXWYKImSQlEptSKCkZI2MNoWqQVSWpkJqJPbVlNuZnveRGcacAKc3MZApRE7VIk7Tv/g2lLAaqTfU7K6y3q6kjq0tLovjjGsWE7hHumI6xgoDhKu02oAbIWKgZqwENMVVK49WlO3asVACdtzW5daucEL1Gr6rKiNInKAASQ6Aa6YX5O1cEAdE3rI4JhJCISMwm0s5oVnENIE74Ppwk565p0kag7G0TpHXTpsnJyfPvjs5OX1qLK1CvkRUwxFqWlyDLI3Wp+EKN01jVbVlGg7oE04jpjcQb+T6Ql9YiIcE3MOEeUfjzIxRXQjh5DFRc+SFcuUOKVzvaahlFhrVlHH2VwbxgrAIV3O6IJRIUCKTIZC3TM9JMeqqf1KQ7LIRzCTl+m+Wiplk24Cwuj7FdhRJUArlIiUv2kPCuNKUhzDmV4MeSTKlyQ0QSu5ozCJyNTgnB9CcNRvkyVzrVLWOjyNIRDMUyfGTQzIVcSzeWnVbWggFswS4Vk3SpeE8/9f2rjSV2unqyK4lEmOczinPEpAsJOGcShpqkA0SUo7qXVPGyXyRzgHF3mZgrOARUTFVc1DN1pi/efNmzPWcqWZCdTgHdfDkf8wsfmkdH7+mR/9qH/33ydFP1werv8fj8fjo+t1J44fTZQni8JcDrGk+stHhNwet1/jnt4e/HBw3vzn85d+fHDq8xkbypdlNzMIXsKjYbaZwcguLDSZ6KiFEnm6Z7cP1mdM7IEkWa5bGQG5hQVLKpNogOAWHi6k5KdVEKA3nEFXkpy2pD28xM2PYnVvtOeNWIDDBm6STSYk7nkqYgkQL7644J22n+1tYfADXpJBs4wisbgQJvT8HPtPzoPXj6U9PG0HCeF5wWp/x/fcnP5H2sN88Jc5mQvF52X1JgN9BLFJokExlNI4XuJ+32/n21hgQJQSe7Ri+7UQRsV3l8oiBJFMhCRI37oZR2PEMh+bCaBB32jm5LlmaCLE+wC0Xb5EBZ0IyPU8I4p7zZYWrV4dtAjwUEUTNMScjYVm6gYaWApLQBUqQN1LR1tOT7358YxAdDNtHaBNF5K2kaYpTsRbKGwhbCsL06fc/yFML2+3UQBvkJtMkERKIpTGVj0Ij1GdUEQ6A+Gw59r1oDyeXV8/Pe53Ji+4fk/b5b5sOfw9BDYbtCc5mB8h3Jz/9sAWk25kMu53Lp9//MDjdDfbsx+/2Afv+6engNLguHyleUHVZCJZHqcCVfMGDthExJZ438lUkQKhSImTGtMiVntm6aSb1HGROpmFhcxYMgOz9iMNRIYdWp53XeeE1ukiq/C8hEXqrwe0g6vO+pao80UzG5Gil4xXjIRhZS2MlkPAkaMngDgUbo6WW/6/U6KfToht053LDnpaJxBVeo+dqG7E1AmvWjQzBlNxQpnRi6KhOLaM5EGcMugPmi/awRQ56/VF30G+fN0j3v+xfGy1rJ5GGF1eDTncy+uOyW5NC5Zq8z1pxPoBxMN1S9eKD9OYtVVfbjclbqiabDEpcCiTvfB1gQdrGyUCG5jjyPkYO9llixlLXek6RsWLBZwrtdLf0O62KQrtVzrNF4RZn4flvF4Pe6Pc1J2FRXtIM1UKnC1aF3c4ERf9a2bMfv1sr+/7p6bpTfmiP+xBZYZyjr5p7Wh64FbsNpF3S2ZBbb/tgVE02uEpwX9Fv+SCplHh6yPD0+cIQ9g5nWHVco2HqI7+gxkxSZcVlZKYxoJCC3tdXU/IGXllLDcFKYqE4Ye3h6Kh23RFJIjjxjhDvCPmbHSEV2xEWlisdUz7KfFzjaTKAGVNaLspGoPONPGx7Gr6xUO6YAysHZ5NcKSA5qxv2AhpZGej1oNeDXg9u0YPIMWschQsihdAdkH+ry/JxoZO9fDnVDtEtY6UxCRGvKca1Hq94c51eqN6m171e934C3dspEe2+vI6MOwkN59aRGghRYQTL+uEcvQAofGSm9B5i7r3s4iLiWuQoyCyuHLDN/w83w2pi1M8WrTQaDXrPr0bdyeDqPD8Yb8joeAisfX4+ufh1K0T/jx0Qv/e6g/ag87tN9TDk8fnI0FXcu6zv9wyGByGTYRZTeXBY963g1u30q1hW2YeXfLDsM/by+WCZD5b5YJkPlvlgmQ+W+WCZD5b5YJl3Enon4dfsJPTBMu+w8w67LzlYZia9JVD2+V0BUJnZ8Zf2EPM3+4IKD9irwkVV941NLN3UZ4qLu7qMYZqThKapubDxH4Te0hYZG9ndtfxkfsVgbNGi4Th4lOtth0VmV64juIUaQkUYuOpJmNdP7C2n9XlJyJS5LjJc73E1SUNfM3YHvL4QH363ZjWbIXyIP7CY629SZOnH6OgD+nAz6t5rkJzGQ4gh1EK+2uUdzTcOXMOJci0fIE1KcgAjBiiZMogjKwqI4FgQU62BQ5QT5wCFiAKuzdGTHKgsnBOqxpxMpUgIiy6Pz8/al4fmBp25rStkmbaKsk3kBDiy7TiHQ00vIc6vJD5o6189/2e3M5q8bF9e9vq/TS4uu4P26GKwyQexHbbX3wnSvxjtA9brTzoX/VG71x+aU0RtV1/t6/cvJpsw3rN1p8stm+4CChX4+mrHTGlc2lAkKZVMCW53faUPJCiUyujITtN4gR4lPYcxJzuIbC+6GXNy4ETGYSPfdns+x7ELIqlEunLGqh1EtzJLiQi3n1PrC/TNmLdJMSQqKcZB4Z0eDDKJKfm5UJqEaoP1as5PCrYyAE/GPBbWV/MP8nOO0D/Izw51ki+l24N/lJV5SZ7UKcDpwosNbOaqJlvZzQGV2c44J2kohVJmTpXRH2K+zkX/rDfqXfQnzy8uzrvt/oNhtW2Q7f4uiItB1Q3XqcjsGlnUF+dx298moYhxD93V+2IotU6t9bUuXendsI2TmVUwW9mziDasKNDqJUIllDAwZ6x2/4zEYsbC6gGv0IqPMzEfnLnDINggehToder0NzT9WeuruqG5029Dw0fbfQ9GDDOlxVZXkoN4+JBXkQYFdMXPbws3+PnRoxJRWQlZFmVbhtxioI3a/bP24My8jHHRr5tktdqzbmfwx+VoQ81o0O4PX/ZGVU1Qwq1iGuTFxkv9gWkTv334rX0vFb1U/AqlYo51O3Tm+WPMDU6s2MR9ctuJ0TRNb6FsauSydZPP29WRFGTCtLPMnG2CTizrhU6sn8gzoWfCr5kJhxWv6OOY0bUlrnGLtIl7+I0qxWYcnQA5zBD0gTpE5GmJ8Qpn6Jjbs/G3jjsRNhTJTf661IZTRJI7cuto5cfkEgf7iKyPyPqIbCkiax/zMgLj0wREvA71OvSr0qGPi/F9rFCcBpk8IghQYn3b0qTCo/ezhO3MuUM/nMmL+17bpV8BtkkGVu6N5VlyLpxADKo2xuN2qrAC3jdjxLqtTWqHSRXJAxoPD9Ugb+csnBdphZaSxhztmuqVN59f4oXiZygUq297vq6wreOix4U/BjmLOFuiHH0oOo9KkQJz46XeSo15KR8s4xFgjNnxpmVH7KxZMYMGVSum5tGriegPm5UiB/SW5iZZR3AtRbyaRReT8A2YgeoMuoe4AGOujM7JJKj8Oc1cnDmJUl4MZdJ9a3kPlShKLo8mZdEnbmI2ox+YR/BR3kn9pLfP/OOn/vFTr2Y+UzXjHz/19zn9fU5/n9Pf5/T3Of19Tn+f09/n9Pc5/X1OHz300cMvPXro73N6R4h3hHxV9zn946deD3o96B8/rfpy/OOnXvd+Pbr3C3789FM8/FkJI5cptFT68TKZ9n+7U0s2m5kPMH+aqa+lc62qPno+l8123jQDf9XLX/XyUXqvIL/cKP3ffNXr/yL91sQo7/X7a6IUKqm3+O9O1o4ZcL39JGRh7GGoHO98hHHkPgvecTOsikvE83HJc7+LOCrehMAeXQzR2EgrhUqmWTxlcYyRl9r7BwYNLxe9XPyK5eJFwQgja+TufS4pjOK9Mw49H3k++vr5KH/HaT8uuiuyqz0PeR7yPFR4efZjn/KtAx9+9dzzeXJPmcjfVz34fPPPOFHO55v7fHOfb+7zzX2+uc839/nmPt/c55v7PDufZ/c159n5fHPv8PAOjy8537yI0X9R3xDymtlrZq+Zd2XAr2vlEr97ven15hegN4snoern0Cze9Y5Y2UWX92KCCCmd5e8Zl+XzqnQnaVs/7MV0qqCchMa4Bps8ssrqNZATYUFLu8O4fvZ0PZfdZn9BRFboENcYbWm432dUBNt7yA6NMe2ukBLSokBiljBNvnWjEyFzdY1fDesmqSFl4IQLjo6bBJ0gdKpBkjB3U9OZTRwXmsZbEbYQO1EdIRgJRcbNF66QoSQQ/CjWY0jqnCldkJUagEoFV7uCUculIXCzADiVKmJdKc3Hmpwv22jgFK0Zs4HHfypLaiqcQ0J3WyfoBd7EcWXe50JPpiLjEXJBrr1DPBHFxmjKuPFAo0nEjbtsQuUsM/l9OBEaxYzDBO5D4+LF9waLDtHpLYFGiwncM2VMSvNUuMJQwyQCzpzv0Dlz4H5OM2VttSllMUQTNDlLH/6iN0aNY6wkQ8qcSMpnYLA0ag/RMtVIGvhJLVNF7yiL8WU3xJhqOomFUrYm03PcfZvTvmY3GEeSpjpTBJcyfyhUzUUWR8aDiJmsWZJ/Mm9KXs+EmMXQlGnY7IgIrtcKmlZhKoVEvWFv6v7/CGwcQx5NaYiOeUAaIa6HdZQYJ10+i5maN0mbL0imHmhaaoOfJ4vZv9BXj75FF0VBNV9Gf2hWohmBpixW11uq7IcEG8jrq67d57JsamvTynkE303GOvf9VZZq252Tgv/xwXl7uongJpttGmszt2qZwcOyAGvX7RrjwFVG98obpiWVRmkztwD5ulO0wp1PmPyniecY89x2dwM2zdaUO4tvvZNmSei5fUil0OImmzbbfFH/ch7H9/Nz4bL/lEwLi4kEnUlut9F12CK5mzm0BUgJ6DKPRKiOZ+LYkJs6/jcEO5KVLwAGSysJE9BzEaHWFMpsPMU4W3Ccmu8ONFf6trmStGj0shCOq/I3aATWQFImgprJOGgF79KYaiSGLo9SwbhernFY18pCcpECH539SvIWeDjDJyPN9y2Lmea1TUPXc4v0HZUMxYuNcdZGtELeyfv12uUSPeAKwkwyvQhar68bAYp5p8Cfi2jhMHS3dbSxZjqj3qvuZDhqjzZ+aK/0queKKarmilHLQeukETgF3zrBDcE4ccWaqW/E2gLiArjocSu4OzWGkVA6oWYY67UL1vaq0se7lcILjvb6+WZcfuVzcNlRY75fy6OVVYYZ6bijjNt0DSOKLAW+Xp/4OgUGjfq8rhuBoYnW6+DdO4ySXsl4ucTivzKQbntzcsH/lo1gDjQCaYg2YuZzutFm9015lQ4GzoY9JA/NBx0EBfMfXaJ0CEV89KqI9DvpGQQYqNt/6P3GG7EERKaPXqr6SAUc9nc0sgGcHGLN2lm1wCNvqrfCXpcEyuXFEG+V3YjIeE8SYwoFkr5Fi4O+tROxZwsbm8Syd0FM+SwzqjmwfeLP/wLXnS5w +sidebar_class_name: "post api-method" +info_path: policy-attributes +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +--------------------------------------* + Attribute RPCs +--------------------------------------- + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Value","additionalProperties":false},"title":"values"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the attribute. Use kas_keys instead."},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys associated with the attribute"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Attribute","required":["rule"],"additionalProperties":false},"title":"attributes"},"pagination":{"title":"pagination","type":"object","properties":{"currentOffset":{"type":"integer","title":"current_offset","format":"int32","description":"Requested pagination offset"},"nextOffset":{"type":"integer","title":"next_offset","format":"int32","description":"Calculated with request limit + offset or defaults\n Empty when none remain after current page"},"total":{"type":"integer","title":"total","format":"int32","description":"Total count of entire list"}},"additionalProperties":false}},"title":"ListAttributesResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-remove-key-access-server-from-attribute.api.mdx b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-remove-key-access-server-from-attribute.api.mdx new file mode 100644 index 00000000..61b0281b --- /dev/null +++ b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-remove-key-access-server-from-attribute.api.mdx @@ -0,0 +1,75 @@ +--- +id: policy-attributes-attributes-service-remove-key-access-server-from-attribute +title: "RemoveKeyAccessServerFromAttribute" +description: "Deprecated: utilize RemovePublicKeyFromAttribute" +sidebar_label: "RemoveKeyAccessServerFromAttribute" +hide_title: true +hide_table_of_contents: true +api: eJztV0tvGzcQ/isEe2mBlRTn4bR7qps4QJEWMWynF8MQZslZLWMuueFDtirsfy+GXMmSJdtK20MP9UVecvjN6+PMcMkDzDwvr/iZ1Uos2EkITlUxoOfXBZfohVNdUNbwkr/HzqGAgLJkMSit/kR2jq2d41mstBIfcfHB2XYNwQtuO3RAx3+VvORd0jGGtY7xvboLdHMlcJwBP+LiRAj0aRndQ9gOHLQY0JHpS26gRV7yd9YYFGF05mywwurRH+g8mV5wRfY3CBIdL7jDr1E5lLwMLmLBvWiwBV4ueVh0hGRiWyXJoIJ+BhpNbHl5dbQnXLUyyEKDbJ6lma3T54DGugGNF1xY4wMvj/q+2PHnUrVoYxj97nc8OdzyLZBHDQ1ZqmDKsNbzvr/O0UIffrFyQYqENQFNoH+h67QSKb+TL56wlrsW2eoLikBJc8SGoNCns6t0Pkh1OjnYvpaZ3uBiCklq6rPYQyfOVzktDlVMlFxb6YNTZrYRt3vdijBr61oIvOQxpu9HlPcFv9n252ktO359m7a+4CClonXQZxtu1qA90vZK0fPX6jynmT8J+U9LwkpJT7ZtX8O04DtrfM7Tyxcv6Gdb30VM5ucL89+g4f9se44a/FuJmFnwNBP7RCGJNUQddoly6px1/x5NhJW4L7J4B22nMXVQY8O0ttFI6pxDV+ACjECdylI0N8be5m40B63kFNwstmQdOQJSK4NTvBOIMh24Byw4aIcgF1O8Uz4Q/zt0rfLUVaYSjUoHHHobnSCQBqIPabEGpVFOKRnW5HASXmVd3rcxTG09dWBmmKxU5BGZlbaVCegM6LQFc1AaKk2CEgJMtU2XMRqIoUETVE74Ti+8bJD5ACF6RqEs2G2jRMN8Y6OWrEIGhlHI2Bx0ROqTVzNrZxrHrhPjd1bi9c7CmPjfovcw25ubbQtOmMQ5akrqqAahzIwhcYQNCLsmKcNOzUwr34zZiVmw6B85unFGWwFUBCUDI5lHEwiGOuum+RcpEmOJAZT2109ssVqhlgWzbgO6WiREoRWakKKQxZ+ncd59GKq+4Cns+4K4rg2VMuAWWVkVZ/t07b+tqbY/WjryALadqnfWBFDGEynAVSo4cAvm0akhAKu4g7Zmxm5VaBiwn8kcFhoILMNV6PNMQ+vD5LULMt6oj0Me0lhWxXp8YhZbtWs1t62Ky+EupRPZEochOpPTOACWrAmh8+VkIvICMUHYdiKt8JOZnSS6+cl3JDZyVFiJWqmUUSvNlXBdbgcLWgyNzWN3ausdhIaXfHLAFD45aArPPSSP4NFpXvJlpyEQZU6N7Kwyod+5h6e5YrJPHZrL9x/Y6gT7fP5bwXwUDQO/jsdqd5zY32RH5uAUFaFE6YcacysYusLubp9GWo8iOhUWvLy6Ljg1g/P7IXew8LnpYKuz81c1/PimPn49evP26O3o9Zvjl6PqVS1GL8VPx6/q42Oo4ZjvbdeHHaUUK1PbzblkJ5E7waZgDQ+Vks+P6PYSGVpIzW94ZhyU6y3cjUfA33kUDnUj4F2gBCtDdiUCLQeSXh3yVOTFIaZfFzzRprziy2UFHj873fe0/DWiGxiwYhR99cXqeUW8lsrThtw/5GwG4vvVoPQDe8zHG1w8/ZYcyjDn9Ao8XPVh+rZegFua1nKEN7okqHuJnbHp/gRFvQtPyl5v1KGzTxeXvODV8JBs00zFHdzS6AK32RGb/EtXO60tuQYzi6nH84xJf38Bb4z1Bw== +sidebar_class_name: "post api-method" +info_path: policy-attributes +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + +:::caution deprecated + +This endpoint has been deprecated and may be replaced or removed in future versions of the API. + +::: + +Deprecated: utilize RemovePublicKeyFromAttribute + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-remove-key-access-server-from-value.api.mdx b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-remove-key-access-server-from-value.api.mdx new file mode 100644 index 00000000..fabfb02a --- /dev/null +++ b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-remove-key-access-server-from-value.api.mdx @@ -0,0 +1,75 @@ +--- +id: policy-attributes-attributes-service-remove-key-access-server-from-value +title: "RemoveKeyAccessServerFromValue" +description: "Deprecated: utilize RemovePublicKeyFromValue" +sidebar_label: "RemoveKeyAccessServerFromValue" +hide_title: true +hide_table_of_contents: true +api: eJztV0lvGzcU/isEe2mBkRRncdo51U0coEiLGLaTi2EIb8g3GsYccsJFtirMfy8eObIlS5YVtEAv9UUeLt/bvrdwyQPMPC+v+JnVSizYSQhOVTGg59cFl+iFU11Q1vCSv8fOoYCAsmQxKK3+QnaOrZ3jWay0Eh9x8cHZ9gvoiLzgtkMHdPV3yUveJfwx3OOPH0RdoJsrgeMM9hEXJ0KgT8vo1iE7cNBiQEcqL7mBFnnJ31ljUITRmbPBCqtHX9B5UrngivRuECQ6XnCH36JyKHkZXMSCe9FgC7xc8rDoCMnEtkongwr6GWg0seXl1dEON9XKIAsNsnk+zWydPgc01g1ovODCGh94edT3xZY9l6pFG8PoT79lyeGab4A8qWjIpwqmDGs97/vr7C304TcrFyRIWBPQBPoXuk4rkWI7+eoJa7mtka2+oggUNEdMCAo97c4plI9CnG4Neqf96Q0uppBOTH0+8lj581Usi0MEEgXvNfPBKTNb81WWqQirtq6FwEseY/p+Qmhf8JtNG/ZL2LLn+6T1BQcpFa2DPlszrwbtkbZXgvan0HkOKd8L90/SfiWgJ5020y0t+M4an+Py8sUL+tmUdRGT2jkx/lu6/c+qw1mVw7qfVn3ihMQaog7bkT91zrp/L+7CStzlOryDttOYWp6xYVrbaCS1uqGccwFGoE51JZobY29zG5mDVnIKbhZb0o4MAamVwSneCUSZLjwAFhy0Q5CLKd4pH4jQHbpWeWoHU4lGpQsOvY1OEEgD0Ye0WIPSKKeUdNZkdxJeZV3etzFMbT11YGaYtFRkEamVtpUJ6AzotAVzUBoqTQclBJhqm7IrGoihQRNUSuztXn/ZIPMBQvSMXFmw20aJhvnGRi1ZhQwMI5exxHJqcFcza2cax64T43dW4vXWwpgI3qL3MNsZm00NTpjEOWoK6qgGocyMIXGEDQjbKinDTs1MK9+M2YlZsOifuLp2R1sBVNEkAyOZRxMIhlriuvoXyRNjiQGU9td7tlitUMuCWbcGXS0SotAKTUheyMefp3HefeyqvsjFZZcT75O/UgbcIgur4myXrN3Zmor1k7UhT06boXpnTQBlPJECXKWCA7dgHp0aHLDyO2hrZuxWhYYB+5XUYaGBwDJchT4PI7Q+jEzbIOO1AjjEIc1TVazHJ2bB1+vWauBaFZfDTUo3siYOQ3Qmh3EALFkTQufLyUTkBWKCsO1EWuEnMztJdPOTH+jYyFEDJWqlUka9MVfCVVtdadBiaGyelVOP7iA0vOSTA0bnybOjc24QeW6OTvOSLzsNgehyamRnlQn9Vg6e5mrJPnVoLt9/YKsb7PP5HwXzUTQM/L0vVrvjxPwmGzEHp6gAJTo/lpjbwNARtnf7NId6FNGpsODl1XXBqRGcP0ymg4b7Wv19q+avavj5TX38evTm7dHb0es3xy9H1atajF6KX45f1cfHUMMx39mDD7tKYVWmtusDxlbwtpxMThpeFSWfH1HGEgFaSA1veBM8G98NzLVp/XtfbUONCHgXKKDKkD6JMMuBkFeHvOV48ZzK1wVPFCmv+HJZgcfPTvc9LX+L6IZor9hDX32xev8Qh6XytCF3D63rDvhxNfH8xJ6y7wYX+x97Q7nlnJ5ph4s+TN7GE21D0v05whtdEtTDia3x6OEGebwLe89er9Wbs08Xl7zg1fDSa9PsxB3c0ogCt9kQm+xLaZzWllyDmcXUy3nGpL+/ATYDyu8= +sidebar_class_name: "post api-method" +info_path: policy-attributes +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + +:::caution deprecated + +This endpoint has been deprecated and may be replaced or removed in future versions of the API. + +::: + +Deprecated: utilize RemovePublicKeyFromValue + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-remove-public-key-from-attribute.api.mdx b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-remove-public-key-from-attribute.api.mdx new file mode 100644 index 00000000..8af46320 --- /dev/null +++ b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-remove-public-key-from-attribute.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-attributes-attributes-service-remove-public-key-from-attribute +title: "RemovePublicKeyFromAttribute" +description: "RemovePublicKeyFromAttribute" +sidebar_label: "RemovePublicKeyFromAttribute" +hide_title: true +hide_table_of_contents: true +api: eJztV0tv4zYQ/ivE9NICsr3ZR7bVqeluFijaYoMk20tgGCNqZHFDkVo+nLiG/nsxlOzYceK4QC8FmosjcvjN6+PMcAUB5x7yG7iwWsmlOAvBqSIG8jDNwLbkMChrfi0hhzaJjHEjMn6QviK3UJLGl9TYBV3EQiv5Gy0/OdtshCCDFh02FMixzhUYbAhy+GCNIRlGF84GK60e/UnOK2sgA2Ugh5qwJAcZOPoWlaMS8uAiZeBlTQ1CvoKwbBnJxKZIkkEF/QI0mdhAfnMyzaAkL51q2VPI4SNVypAINYlFLy1slT4HNNEOaJCBtMYHyE+6Ltvz51o1ZGMY/eH3PDne8h2QZw0NvVQmlBGNh66b9tEiH36x5ZIVSWsCmcD/YttqJVNmJ189Y632LbLFV5KBk+aYB0GRT2fX6fyNEuza3s367JaWe6ZerjOXHQvPlNvY4oNTZr4VnQdtijEr6xoMkEOM6fsZ5V0Gt7Q8jHxLy3+G2W3z8mbHgbW6aQZYloqPor7Y8rdC7YkR1toP3Z/LPp/wjD7Ox0uKusd3KC341hrfh//1q1f8s+vrVZSSvO/Z/j+H/tsc6pMNLxGlY2MrjDrs8+HcOev+PTZIW9JT0aR7bFpNqT0ZG2aVjSbFYajcINFI0okQ0dwae9d3jAVqVc7QzWPD1rEjWGplaEb3kqhMBx4AM0DtCMvljO6VD0zzllyjPFf+WUlGpQOOvI1OMkiN0Ye0WKHSVM5aR9KaPpyMV1jX79sYZraaOTRzSlYq9ojNStvKBHIGddrCBSqNhWbBEgPOtE13LhqMoSYTOL6UArCbjuuahA8Yohccykzc1UrWwtc26lIUJNAIDplYoI7Evexmbu1c09i1cvzBljTdWxgzzxvyHudP5mbXgjNR0oI0J3VUoVRmLog5IgaEfZOUEedmrpWvx+LMLEX0zxzdOqOtRK3+olKgKYUnExiGu9+2+VcpEuOSAirtpwe2RKVIl5mwbgu6WCZEqRWZkKLQi79M4373cai6DFLYnwripjoUyqBb9sqKOH9K19O3NZXw7tDu41R9sCagMp5Jga5QwaFbCk9ODQFYxx21NXNxp0ItUPzM5ohQYxA9XEG+nzt4fZiO9kHGWzVxyEManYpYjc/MErar1nq2WheX411KJ3pLHIXoTJ/GATAXdQitzycT2S8wE6RtJqWVfjK3k0Q3P/mOxUaOWkdMrVTKoFtXwt2yfXDGbSjUtp+XU7NuMdSQw+SI8XnyArQnt1jPztFpyGHVagzMo3NTtlaZ0O1dzvO+jIrPLZnrj5/E+oT4cvl7JnyUtUC/CdJ6d5yuRN27sECnuDIlnj/W2PeHoVXs73ZpFvUko1NhCfnNNAPuEJcP0+lg4VOTwU4rhzcV/viuOn07evf+5P3o7bvT16PiTSVHr+VPp2+q01Os8HTTMI8U5/wqU9ntOWQvVXtB5aAML4kcFid8dTndDabON7wDXsjmDuLmxge6D5wFZRg0ZXk1cOjmmCcYZIf1TjNIWc1vYLUq0NMXp7uOl79FckOC1gnnry5bP1uYdqXyvFEOk8KeF5uZAL5fjzc/iIeJbdc7nvIOvtGG0gnAr6vjVR+nb+dltaNpI8d4o2uGepDYG3UeTpxJSW04KDvdKhAXn6+uIYNieKA1aQ4Ch3c8buBd74hN/qWbl9ZWoNHMY+rL0GPy398YtJQ7 +sidebar_class_name: "post api-method" +info_path: policy-attributes +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +RemovePublicKeyFromAttribute + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-remove-public-key-from-value.api.mdx b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-remove-public-key-from-value.api.mdx new file mode 100644 index 00000000..400db4e5 --- /dev/null +++ b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-remove-public-key-from-value.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-attributes-attributes-service-remove-public-key-from-value +title: "RemovePublicKeyFromValue" +description: "RemovePublicKeyFromValue" +sidebar_label: "RemovePublicKeyFromValue" +hide_title: true +hide_table_of_contents: true +api: eJztV91v2zYQ/1eI20sLyHbTj3TT07I2BYZuaJCkfTEMg6JOFhuKVPnhRDP0vw9HSY4dJY4H7GlYXhyRx999/Xh33IDnKwfpHC6MkqJhZ95bmQWPDhYJmBot99Lo33NIoY4iU74Vmd5LX6FdS4HTS6zMGi9CpqT4jM0na6pvXAWEBGpueYUeLenbgOYVQgofjNYo/OTCGm+EUZNvaJ00GhKQGlIokedoIQGLP4K0mEPqbcAEnCix4pBuwDc1IelQZVHSS6+egUYdKkjnJ4sEcnTCypq8hBQ+YiE1Ml8iW3fSzBTxs0djdY8GCQijnYf0pG2TkT/XskIT/ORPN/LkeMv3QJ401HdSCZOaVQ7adtFFC53/zeQNKRJGe9Se/uV1raSIWZ19d4S1GVtksu8oPCXNEge8REe7a0rlZ4yQg61xbXmDzcjEyyFjyTGwRLGtfuet1KudiHRaJGEVxlbcQwohxO8nlLYJ3GBzGPUGm3+CyV5cl8hkzpR0HnOKN8X/zDVVhd5GxjvWOfkS2naXtPOtl4NdiwR4nkvSwdXFTkAKrhzS6cHMpy7VZZdkeEQPJek5Be3DSxUXXG206/Ly+tUr+tkPxlUQAp3r6P8/qf6DpOoYAM+xpyWPCh6UH5Pk3Fpj/z2KCJPjYyHHO17VCmMD08YvCxN0jEFf30FwLVBFtgR9o81t11fWXMl8ye0qVGQdOcJzJTUu8U4g5vHAPWACXFnkebPEO+k8cb9GW0lH/WGZo5bxgEVnghUEUvJAySQScKkwX9YWhdFdOAkvM7bbN8EvTbG0XK8wWinJIzIrbkvt0Wqu4hZfc6l4pkgw554vlYkXMWgefInaU3wxBmA/HcQw57kPjlEoE3ZbSlEyV5qgcpYh45pRyFikE3W8+cqYlcKprcX0g8lxMVqY0mWo0Dm+ejQ3+xacsRzXqCipk4ILqVcMiSOsRxibJDU71yslXTllZ7phwT1xdOeMMoIr+RfmjOucOdR+uE675l/FSExz9FwqtziwxQqJKk+YsTvQWRMRhZKofYxCJ/48jbvdh6Fqk+4WPxbEbQnJpOa26ZRlYfWYrsdva6zr7aHdh6n6YLTnUjsiBbeZ9Jbbhjm0sg/AEHeujF6xW+lLxtmvZA7zJfesg8vQddMJrfcz1BhkulM4+zzEASsLxfRMN7BbsYYJbCgux7sUT3SWWPTB6i6NPWDKSu9rl85molsgJghTzXIj3GxlZpFubvYTiU0s1haJWrGUQTtUwv3a/uQUXKEvTTdNx85dc19CCrMjhuvZAViHdj1M1sEqSGFTK+6JP+c6r43Uvh1dyvOufLIvNerrj5/YcIJ9vfwjYS6IknG3Dc6wO41XoezMX3MrqSJFfj/U2PWFvkWMd9s4qToUwUrfQDpfJECd4fJ+du0tfDgmbHs7vCn4z++K07eTd+9P3k/evjt9PcneFGLyWvxy+qY4PeUFP902xyPFKZ9SF2Z3IBmlZxRMCkb/vkhhfUJXlVJc8djp+tfBgQzuoW1vt8c7T5GXmgBjZjc9Z+bHPMggeVrnIoGYxXQOm03GHX61qm1p+UdA2ydkSDB9tcnwiCGa5dLRRt5PBCMPtr0fXgyzzkt2P7bte0aj3sEXW18iAeitdbzq4/TtvbP2NG3lCG9yTVD3EqOR5v7EmRBY+4Oyi51icPHl6hoSyPrnWhXnHbD8lsYKfts5YqJ/8abFtQ0orlch9l/oMOnvb/j6kck= +sidebar_class_name: "post api-method" +info_path: policy-attributes +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +RemovePublicKeyFromValue + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-update-attribute-value.api.mdx b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-update-attribute-value.api.mdx new file mode 100644 index 00000000..a58a7fa1 --- /dev/null +++ b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-update-attribute-value.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-attributes-attributes-service-update-attribute-value +title: "UpdateAttributeValue" +description: "UpdateAttributeValue" +sidebar_label: "UpdateAttributeValue" +hide_title: true +hide_table_of_contents: true +api: eJztPf1z27aS/wqGdzOx+2TZztdLdJ32GFltfXFkjyR3Xi/yMTC5klCTAAuATvQy+t/fLEBSJPVlx2lfkkN/aQwsgQX2E7sL6KOn6VR5nbfehYhZOCe+1pJdZxqUd9XyRAqSaib4aeR1vNSAtGkJ0l5CD0HeshDal2lENZTtv9I4A6/lpVTSBDRInOujx2kCXsfrCs4h1AcXUmgRivjgV5CKCe61PMa9jjcDGoH0Wp6EPzImIfI6WmbQ8lQ4g4R6nY+enqc4Es+SawOpmY53DA08S7zO2+OrlheBCiVLcYVexzuBCeNA9AzIrYUmYmL+zEcjaT6a1/JCwZX2OseLRWtlPSOWgMj0wRu1spK7Y14bZCOi2kK1COMkUd5icWV3C5R+JaI5ThQKroFr/CdN05iFhqKHvysc6+MqRuL6dwg1Ek0i/TUDhb0sqsAoLRmfVrBmkdfyJkImVHsdL8vM33WsBwURFy0vAU0jqu20+RBlW/PDc/MPGo856YokEZxUQLcjHdNriNW6xRWz5hAtj0YRs/Nc1IbYtOJbw9qLJrIiR5bkAy8Wm4ae0FhBZS+s6LyCGb1lQq7bmSAzIMF1AdNawS5nbu9Nb+Sf+CM/uLw48Ue9oNe/fBNc9ocXve7pT6e9E6+1HqT3j1Gvv7F30Ls487s97wpXVWC3TuQHlgU3bqtdO45SF23ToFLBld38x0dH+L/6Fg+zMASlrBB+Dta2pPwcElBHdAoc9SdEBAUCRRSpeE2V4ZtSj1ZJvWzcxdo7sVm0jF5SKQ1rUywbm/iWPYXe+4zY3G9vrELdPKDpbw6ZKYiIFiSlUhueW1ozYlSmaVQtorI0FVKT6zlZLtnP9KxPKI/GnACn1zGQCUS5/UOcJn/wbShhN1I11Oy2TlLb0sTWNiMOEUxoFmuScc1iAh+QkZmOscMA4S4tCXAtRAyU30GLbqdYKAEH9nX167wxoHoF32UXUWD2ToG8BUn2gGum5+T9TJAciLxncUwkhEJGYIhLOaFZxDSBW+B6f53m+kCTNAbjjByjcB+3j46Onjw9Ojp+bJyR0rqgujlAw4d7YFViYxl547plLLu2LCMH+guX8W80VGqGslDt3GGzmiMNtcxCjZKXcfZHBvGcsAh3czInlEhQIpMhkPdMz0g563L8pTVftLyppFxXl0OlpHN0ozQka/fn/loxk2wbEHY3l+hHkQSlUC9S8tofEsaVpjyEMb8cnJIkU5pcA6HklsYsIpeDM7IH7Wm7RR7NtE5V5/AwgkS0Q5EcPtonExHH4j1EyH6VjVAwTYBr1SY9Gs6KP+3oSlOpUT0R4JHdS2TGOJ1RniUgWUjCGZU01CBbJKScoHGkjJPZPJ0Bqr31wNjBI6Jiqmag2p0xf/fu3ZjrGVPthOpwBmrv0f+ZVfzYOTx8Sw/+6R/879HBy6u95b/H4/H44OrjUev58aICsf/jHva07/nR/nd7nbf4z7/t/7h32P5u/8f/fLSf4zU2mi/NrmMWvoZ5VeptY3AD8zUecyohRJnuGPLh/szoLZAkizVLYyA3MCcpZVKtUZyCw/nEHFwaKpSGM4hq+tO2NKe3mJk5LOWWNGfcKgQmeJt0MymR4qmECUgJUXEQ2anNb2D+AKlJIdkmEdjd8hL64Qz4VM+8zovjl49bXsJ40XDcXPGHZ0cviT/st49J7qSh+rzovSHAbyEWKbRIpjIax3Ok5812ub0xDkQFgSc7pvdzVUTsUIU+YiDJREiCzI3UMAY7nuLUXBgLkvvPR1cVBxchVie44eI9CuBUSKZnCUHcC7msSfXy7EuAhyKCqD3mZCSsSLfQ0VJAEjpHDfJOKtp5fPT0xTuD6GDoH6BPFJH3kqYpLsV6KO8g7CgI08fPnstjC9vrNkBb5DrTJBESiOUxVcxCI7RnVBEOgPhsOUi89ofBxeWrs9Nu8Lr3W+Cf/bzuLLEJajD0A1zNDpCnRy+fbwHpdYNhr3vx+NnzwfFusCcvnt4F7Nnj48Fx/STzmqqLUrHcywQu9cuYE9+omIrMG/0qEiBUKREy41oURs+QbpJJPQNZsGlY+pylAKB47zpKVuBLPbQ8Xr0tGq8wYlGXfwmJ0Fsd7hyiue4bqqoLzWRMDpY2XjEegtG1NFYCGU+ClgxuUbExWvny/5UZ/eus6BrbuVhD0yqT5I1XGEjaHrewbt3IMMzSAtrWwPBRk1tGMyC5M5gfMF/7ww7ZO+2PeoO+f9YiGH7Af631rHONNDy/HHR7wei3i15DC1V7ijEbzcUEKAXIva8fZDdvqLrc7kzeUBWscyhxK5C9i32AOfFNVIMMzXHkU5wcHLMijJWh9YyiYMWCTxX66fnW7/QqSutWO8+WjZtp5J/9fD44Hf3StBPL9oplqDfmtmDZ2OsGqPpX2p68eLrS9uzxsbcS1x3a4z5EVhkX6Kv2HT0PJMVuB2l3oO+GqtPtk1EVrAmVIF1PT7awSkWmhwxPn68NY++IvtXnNRamOfNratwkVTVcRmcaBwo56FNjNZWY7qX11BCsohbKE9a9w8X3jRG7QIgLhHxaIKTmO8LcSmUulPdyH1dkmgxgypSW86oTmMdGNvueRm4sVH7MgWWAs00uFZBC1I14AY2sDnR20NlBZwe32EGUmBWJwg2RQuguyD81ZHm/1MmdYjn1ATEsY7UxCRGvCSbS7m94C5temt62s73O9v4FtrdbYdq7yjoKbhAayV0pVBCiJghW9MMZRgFQ+chM6TuouU/yi8uMq1EzRsNkce2Abf7e/Bl2E2N+tlil0Whw+upy1AsGl2fFwXg1qLcRzD87C85/2grR/20HxC+nvYE/6P7ymzmJG/b4ZB3qhUyGWUzl3n5lf4vao7vxQ46BS0F92bEzl4JyKSiXgnIpKJeCcikol4JyKSiXgnKhNxd6+5ZDby4F5cJgLgz2NaegyuDUlhTUl1dc7yyzs8zOMu9Kiq1a5eqtIWc3nd38cu1m7cyJWZWd583mRcHNeLokwhcc/XBJBJdEcEkEl0RwSQSXRHBJBJdEcEkEF6pwoYpvOVThkgguGOKCIV9zEsEs+qtKIKjMUPyNPcT8ybEgWn9xr7rAoie4zQti6yvFzV2+k2Q+JwlNU/OW0n8RekM7ZGx0d8/Kk/lfDMYXLT8cezv0U71Gd4dHZneuK7iFGkJNGeTdQVj0BwpW9QKuS0KmzEtOw9URl4s0/DVlt8CbG/FZHuHK0R3CQ+KB5Vp/liJLP8dADxgjX1HvgwbJaTyEGEIt5K+7oqMF4SD/MFD5lxtYk5ICwKgBSiYM4siqAiI4NsRUa+AQFcw5QCWigGtz9CR7KgtnhKoxJxMpEsKii8OzE/9iHwljX7esP7VXtq1jJ8CZ7cAFHFp6CbE96G7x9S9f/U+vOwre+BcXp/2fg/OL3sAfnQ/WxSC2w572d4L0z0d3ATvtB93z/sg/7Q/NKaJB1V/vWpJfLjZh/NT2HS+2ED2vtK/BN3c7Zkrj1oYiSalkSnBL9aU9kKBQK2MgO03jOUaU9AzGnOxgsjvxzZiTvVxl7LcKstvzOc5dMkntEkohWI2D6FZhqTDh9nNqc4O+G3OflFOikWIcFD63hfc/xIR8XxpNQrXBernmR6VYGYBHYx4LG6v5gXxfIPQD+T5HnRRbmdPgh6oxr+iTJgfktvB8jZjlXcFWccuBqmJngpM0lEIps6ba7JuEr3vePzkdnZ73g1fn52c9v7/xxss2SL+/C+J8UA/DdWs6u8EWzc25H/l9EooYaZg/UltOpVa5tbnX+IrtLYvsQ6wrZAym1sBsFc8y27DkQGuXCJVQwcCcsfz+CYnFlIX1A15pFe/nYm5ceY6Bt0b1KNCr3OkeT3RnrW/q8cSdcRsa3tvv25gxzJQWW0NJOcTmQ15NG5TQtTi/bVwT58eISkRlLWVZtm2ZcouDNvL7J/7gJPC7Rrs3XLJG70mvO/jtYrSmZzTw+8M3p6O6JajgVnMNimYTpX7grfCfH/6grtOKTit+g1qxwNoPc/f8Pu4GJ1ZtIp1ycmI2TdMbqLoahW5dF/PO+0gKMmE698xy3wSDWDYKndg4kRNCJ4TfshAOa1HR+wlj/i3JP+4Qn+Q/W0KVYlOOQYACZgh6T+0j8rQieGUwdMzt2fhvuXQibCiSa8ZXahaKU0RSBHKbaBXH5IoEu4ysy8i6jGwlI2t/2MMojL8mIeJsqLOh35QNvV+O73Ol4jTI5B5JgIro2y9NKTxGPyvYTvNw6MOFvHyKbbv2K8HW6cDak25FlVyeTiAGVZvjySlVegGfWjFiw9amtMOUihQJjc1Ttcj7GQtnZVmh5aQxR7+m/hqdqy9xSvELVIrNyzZVsc2l6H7pj0EhIrkvUc0+lINHlUyBufHS/EqNeaUeLOMRYI45l00rjjhYu+YGDepeTCOi11DRD1uVInv0hhYuWVdwLUW8XEUPi/ANmIHqDnr7uAFjrozNySSo4peuCnWWa5TqZihT7tuoe6hlUQp9FFRVn7iO2ZQ+sI7gs/yE2QOnuN/jmu53ydzvkjkz84WamT/T93b3Ob/giyjuPqe7z+nuc7r7nO4+p7vP6e5zuvuc7j6nyx667OE3lD109zldIMQFQr6p+5zud8mcHXR20P0uWT2WUx/Q/S6Zs71fs+39in+X7MG/yXW3lMcyjVzl0Err56tkuvvbnVqy6RTkX7b0lXKuZddnr+ey1c7rVuCuermrXi5L7wzk15ul/5Ovev07ym9NjvKDfkgGtVZ6i3/uFO2YAdfbT0IWxh6GqvnOezhHA/gjA4VP8pgV1tUl4nm/4rlfRByVb0LgiHkO0fhIS4NKJlk8YXGMmZfG+wcGDacXnV78hvXieSkII+vk3vlcUjrFd644dHLk5Ojbl6NP/ZVpJ0NOhpwMlVGeu4lP9daBS7866fkypafK5HcxDxXwS7Oxfu2kOQCVCq52jrIwSzBXNnC59dX0pDSv7OVFryZ5mOKFDiNNh78rGxRU4QwSuvtYieWi6/a0Sl0udDARGY+QqkXwLcTSidjE5zJuSlXxLMtNXV1A5TQzBzNcCI1ixiGAD6E5x+FFsXJArI6VQKN5AB+YMqFy88aDwprkIALO8iLDvOoLPsxopmxYcEJZDFGAgcLKi4302mQgMQ6a6UBMAkn5FAyWJmOHaJluxu1biKaL3lIW45UcxJhqGsRCKduT6RkKjA1GrqQ8TcWZpjpTBLeyuOGpZiKLI1NqiCGILCneOp2Qt1MhpjG0ZRq2uyKCq5WGtlWJStHpWto0C4UjsAXP8mBCQ6zgBeQRko+wihLjpMenMVOzNvH5nGRqw6eVb/BdyZj9E4t6sQgxL7fGU3oV/aHZiXYEmrJYXW3psi/AtoiQlaHzdw5tTKJtJRnBd7OxLooEm5eYNyYLSu2EL4XYMogIrrPpurnWS6uWGWxWINi7arlMpacy2lVeMy2pNGqZ5RtQ7DvFAoK8eJT8tyn8NpUFdrhrsPER054nq1cHaVc0Y06HVAotrrNJ2+fz5pOnHB8+KZTL3ZdkvrCYSNCZ5JaM+YAdUtSjhrYBOQFrayMRqsOpODTspg7/A8EOZO3pVm9RaMLqfOv0qmcciJmIMC4mlOEOilEs7zA1r8q0y7ieapefmjoaFsLhhiGttVQmkZLJ2Ot4H9OYauSbHo9SwbherAhjz6pNcp4CH538RIovsAQFrwWaN4zLTSl620YEZhb1WyoZaiIb9WvMaO1BbhpWexcLTEooCDPJ9NzrvL1qeWgR8hDdKxHNcwyLdIX3ZEJfPJs8f3rw7O/Hfz94+uz544PrJ5Pw4HH48vmTyfPndEKfe3UPrTThi4rrZnfxFczoLcMnYr03vZF/4o/84PLixB+teaV1gTp4ImpRzSa5VjYYNyi/sdLxbo9NPYJQOqHG6tmMySYmqY1USjlGC5ESjNurW0bbWP55u4rQKv94rfXzXbU8Q9HOW+/jR0zpXMp4scDmPzKQOXEKYuNfi5Y3AxqBNCwXMfPgebTekf+4tP/e3iCPt+6TpZtWXxUWMZVSfnCBaiAU8cGv5d2fXE16Hubt7j713eYbsQREpg/eqOZMJRyOdzCyJd0FxIpbs/wCy3JSvRX2qqIULs6HmPe7FpGp8EqMz+NJ+h5dC/reLsS6ifa2ArYhn/NpZmywZ8fE//4FsFcDkw== +sidebar_class_name: "post api-method" +info_path: policy-attributes +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +UpdateAttributeValue + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Value","additionalProperties":false}},"title":"UpdateAttributeValueResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-update-attribute.api.mdx b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-update-attribute.api.mdx new file mode 100644 index 00000000..52ce70dd --- /dev/null +++ b/docs/OpenAPI-clients/policy/attributes/policy-attributes-attributes-service-update-attribute.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-attributes-attributes-service-update-attribute +title: "UpdateAttribute" +description: "UpdateAttribute" +sidebar_label: "UpdateAttribute" +hide_title: true +hide_table_of_contents: true +api: eJztXf9z27aS/1cwvJuJ3SfLdr69Rtdpj5HV1hdH9khy5vUiHwORKwk1CbAA6EQvo//9zQIkRVKyZNdpXpJDfokFLIEFsPvZxS5AfvQ0nSmv89a7EDELF8TXWrJJpkF5Vy1PpCCpZoKfRl7HSw1Jm5Yk7RX1EOQNC6F9mUZUQ1nutbyUSpqABondfPQ4TcDreF3BOYT64EIKLUIRH7wBqZjgXstj3Ot4c6ARSK/lSfgjYxIir6NlBi1PhXNIqNf56OlFii3xLJkYSs10vKNp4Fnidd4eX7W8CFQoWYqD8zreCUwZB6LnQG4sNRFT8zNvjaR5a17LCwVX2uscL5ettfGMWAIi0wev1dpI7s55rZFbGdWWqkUYJ4nylssrO1ug9EsRLbCjUHANXOOfNE1jFprFPPxdYVsf1zkSk98h1LhoEpdeM1BYy6IKjdKS8VmFaxZ5LW8qZEK11/GyzPyucz0oFnHZ8hLQNKLadps3UZY1Hzw3f1Cc9e0sxnQCsdo0lKKPnKLl0ShittWLWhO3je+Gxhkg53XWRM4ayRteLm9rekpjBZWRWx15CXN6w4TcNA9BZkiCSUHTWuMuF2XvdW/kn/gjP7i8OPFHvaDXv3wdXPaHF73u6c+nvROvtZmk949Rr39r7aB3ceZ3e94VjqrgrqHbAytrt86oHTY2UNdhU6BSwZWd98dHR/hffXaHWRiCUlbbPoUMl6hVnW9awakHqsCyZaBApTSsdbEqbApQWVNAzSfkptnXDDgiOUQE9RMRA8VsQhUUjG9r0NQ3m8wUREQLklKpzeqvbAcxKGUKVYuoLE2F1GSyIKsh+5me9wnl0ZgT4HQSA5lClFsb5Gn6B9/GElajwoWa3dSX1JY0ubXFyEMEU5rFmmRcs5jABxQppmOsMEQ4S6sFmAgRA+V3AK7tKxZKwIZ9XX06LwyoXuN3VUUUmLlTIG9Akj3gmukFeT8XJCci71kcEwmhkBGYxaWc0CximsANcL2/CT4+0CSNwZj+Y1Sz4/bR0dGTp0dHx4+N6S8BHXX+AG0NzoHFpcYw8sJNw1hVbRlGTvQZh/FvtBZqjrpQrdxhOJotDbXMQo2al3H2RwbxgrAIZ3O6IJRIUCKTIZD3TM9J2euqfVKK7LLlzSTlujocKiVdoOeiIdk4P/dHxUyybURY3RyiH0USlEJcpOSVPySMK015CGN+OTglSaY0mQCh5IbGLCKXgzOyB+1Zu0UezbVOVefwMIJEtEORHD7aJ1MRx+I9RCh+lYlQMEuAa9UmPRrOi5+2daWp1AhPBHhk5xKFMU7nlGcJSBaScE4lDTXIFgkpJ2imKONkvkjngLC3mRgreERUTNUcVLsz5u/evRtzPWeqnVAdzkHtPfo/M4qfOoeHb+nBP/2D/z06eHG1t/p7PB6PD64+HrWeHy8rFPs/7WFN+54P7X+313mLf/5t/6e9w/Z3+z/956P9nK+xQb40m8QsfAWLqtbbwuAaFhuc1FRCiDrdMcuH8zOnN0CSLNYsjYFcw4KklEm1ATgFh/Op2Ss0IJSGc4hq+GlLmt1bzkwfduVWa864BQQmeJt0MylxxVMJU5ASosL334nm17B4gNakkGzTCKxueQn9cAZ8pude5/vjF49bXsJ4UXDcHPGHZ0cviD/st49J7i4hfF70XhPgNxCLFFokUxmN4wWu5/V2vb02DkSFgSc7uvdzKCK2qQKPGEgyFZKgcONqGIMdz7BrLowFyZ3Yo6uKl4kU6x1cc/EeFXAmJNPzhCDvhV7WtHq13STAQxFB1B5zMhJWpVvoaCkgCV0ggryTinYeHz39/p1hdDD0D9Anish7SdMUh2I9lHcQdhSE6eNnz+Wxpe11G6QtMsk0SYQEYmVMFb3QCO0ZVYQDID9bvPlX/jC4uHx5dtoNXvV+C/yzXzY59LdRDYZ+gKPZQfL06MXzLSS9bjDsdS8eP3s+ON5N9uT7p3che/b4eHBc3068ouqiBJZ7mcAVvow58Q3EVHTe4KtIgFClRMiMa1EYPbN000zqOchCTMPS5ywVANV7136uQl/i0Gqj87YovMIgQV3/JSRCb3W4c4rmuK+pqg40kzE5WNl4xXgIBmtprAQKngQtGdwgsDFaefL/lRn9fFZ0g+1cbljTqpDkhVcYu9kePLBu3cgIzMoC2tLAyFFTWkZzILkzmG8wX/nDDtk77Y96g75/1iIYA8C/NnrWOSINzy8H3V4w+u2i10Chak3RZqO46AC1AKX31YPs5jVVl9udyWuqgk0OJU4FincxD7AgvokvkKHZjvwZJwfbrChjpWk9p6hYseAzhX56PvU7vYrSutX2s2Xh7Wvkn/1yPjgd/dq0E6vyimWoF+a2YFXY6wYI/WtlT75/ulb27PGxtxZKHdrtPkQWjAv2VfuOngcuxW4HaXe07Zqq0+2dURVsCJXgup6ebBGVik4PGe4+XxnB3hEHq/drLEyz51fUuEmqargMZhoHCiXoz8ZqijDqmJNL66khWQUWyh3WvSO0XZEkghMXCHGBkL84EFLzHWFhtTJXynu5j2s6TQYwY0rLRdUJzGMjt/ueRm8sVb7NgVWAs00uFZBC1Y16AY0sBjo76Oygs4Nb7CBqzJpG4YRIIXQX5F8asrxf6uROsZx6gxiWsWhMQuRriimt+xvewqaXprftbK+zvZ/B9nYrQntXXUfFDUKjuWtnA4SoKYJV/XCOUQAEH5kpfQeY+1N+cZlxNTBjECaLaxts8/v2x7CaGPOzxSqNRoPTl5ejXjC4PCs2xutBvVvJ/LOz4PznrRT933ZQ/HraG/iD7q+/mZ24EY8vB0MflJr3QibDLKZyb78ZW8Gl2xlXsapyF11yybIvOMrnkmUuWeaSZS5Z5pJlLlnmkmUuWeaSZS5I6IKE33KQ0CXLXMDOBey+5mSZGfSWRNmXdwVAZWbFX9tNzF8cCyojYG/KEFUzNhZYuWmOFCd3dRnDPE4SmqbmwsZ/EXpNO2RssLtn9cn8F4PxRcsHx969Qm87PDI7c13BLdUQamCQVwdhUR8oWMcFHJeETJnrIsP1FleDNPI1YzfAmxPxSW765OwO4SHxwHKsv0iRpZ+ioQe0kY+o90GD5DQeQgyhFvLNruhosXCQPxio/MlbRJOSgsDAACVTBnFkoYAIjgUx1Ro4RIVwDhBEFHBttp5kT2XhnFA15mQqRUJYdHF4duJf7OPC2Aur9Ut1ZdkmcQLs2TZc0KGllxDbje4WX//y5f/0uqPgtX9xcdr/JTi/6A380flgUwxiO+1pfydJ/3x0F7LTftA974/80/7Q7CIaq/rmrnH/crAJ46e27ni5ZdHzhEKNvjnbMVMapzYUSUolU4LbVV/ZAwkKURkD2WkaLzCipOcw5mSHkN1Jbsac7OWQsd8qlt3uz7HvUkhqma5CsRob0a3KUhHC7fvU5gR9N+Y+KbtEI8U4KLzTg0kmMSU/lEaTUG24Xo35UalWhuDRmMfCxmp+JD8UDP1IfshZJ8VU5mvwY9WYV/CkKQG5LTzfoGZ5VbBV3XKiqtqZ4CQNpVDKjKnW+23K1z3vn5yOTs/7wcvz87Oe3781rbaN0u/vojgf1MNw3RpmN8SiOTn3W36fhCLGNcwvn5ddqXVpbc413k6/YZG9YL22jMHMGpit6llmG1YSaO0SoRIqHJg9lt8/IbGYsbC+wSut4v1czFtHnnPgbYAeBXpdOt0NTbfX+qZuaO6M29Dw3n7frRnDTGmxNZSUU9y+yauhQUldi/Pbwg1xfoyoRFTWUpZl2ZYutzhoI79/4g9OAr9r0L3hkjVqT3rdwW8Xow01o4HfH74+HdUtQYW3mmtQFJso9QOPTfzy8Fv7DhUdKn6DqFhw7Ye5e34fd4MTC5u4TvlyYjZN02uouhoFtm6Keed1JAWZMJ17ZrlvgkEsG4VObJzIKaFTwm9ZCYe1qOj9lDF/luQPd4hP8jeRUaXYjGMQoKAZgt5T+8g8rSheGQwdc7s3/luunUgbimTC+NqZhWIXkRSB3CZbxTa5osEuI+sysi4jW8nI2vd4GcD4PAkRZ0OdDf2mbOj9cnyfKhWnQSb3SAJUVN8+aY7CY/Szwu0sD4c+XMnL+17b0a8k24SBtXtjxSm5PJ1ADKs2x5OvVOkF/NkTIzZsbY52mKMiRULj9q5a5P2chfPyWKGVpDFHv6Z+5c2dL3Gg+AWCYv21nm9raptr0f3SH4NCRXJfopp9KBuPKpkCc+Ol+ZQa88p5sIxHgDnmXDetOmJj7ZobNKh7MY2IXgOiHzYqRfboNS1csq7gWop4NYoeHsI3ZIaqO+jt4wSMuTI2J5OgitdpFnCWI0p1MpQ57ts491DLohR4FFShT0xiNqMPPEfwSd6T+llvn7mXn7qXnzoz84WaGffyU3ef093ndPc53X1Od5/T3ed09zndfU53n9Pd53TZQ5c9/Nqzh+4+pwuEuEDIN3Wf07381NlBZwfdy0/rsRz38lNne78d2/sVv/z0c7z4s5ZGrkpopfTTnWS6+7s7tWSzmfkE8ecZ+tpxrlXVJz/PZU87bxqBu+rlrnq5LL0zkF9vlv4vvur17zh+a3KUH/RDMqi1o7f4c6dqxwy43r4TsjR2M1TNd97DOcq/CN7NR1iHS+TzfofnfhVxVL4TAlvMc4jGR1oZVDLN4imLY8y8NN5/YNhwuOhw8RvGxfNSEUbWyb3zvqR0iu984tDpkdOjb1+Pivc43U2LbsrT1U6HnA45HSqjPHdTn+qtA5d+ddrzZWpPVcj/rHlw582/4INy7ry5O2/uzpu78+buvLk7b+7Om7vz5u68uTtn587Zfcvn7Nx5cxfwcAGPr/m8eZmj/6q+IeQss7PMzjLvOgG/bpUr+u7sprObX7DdrO05s3jXO8OqmnRpJrd8l9QAVCq42pVtWC7NCIxBwtHWB9OT0nyNJw9WGohN0VyZUMzh78oeHlbhHBK62/xgmG/TlFYXlwsdTEXGIxx6Ac8huryxsYoZNyFGtHncxEMCKmeZOcCFA6FRzDgE8CE0MTx8oVzZIEY1JdBoEcAHpozPYN4FrTCWHETAWR4cynfr8GFOM2WN8ZSyGKIAfYrKl53oxOA0BsMzHYhpICmfgeHS4BqyZaoZt99MMlX0hrIYX92FHFNNg1goZWsyPUd9sYeW1wyDiRRoqjNFcCqLN0GqucjiyISI8KhilhTfRJuStzMhZjG0ZRq2uyKCq7WCtkVEpehs49o0A7wR2EC1PJjSECOvgDJC8hbWWWKc9PgsZmreJj5fkEzd8mjlGfz+VMz+icFYDB7lYXLE8Sr7QzMT7Qg0ZbG62lJlvxTXIkJWms6/h2TPLratIiP5bjHWRXCnNlXbLhWU4IRvFLfuawSTbLapr83aqmUGt+MH1q4bLhOhUwZc5YRpSaVBZZZPQDHvFN2sPOhH/tsE7I3/ZZubgD1Hacpzk77eSLsCjPk6pFJoMcmmbZ8vmp9G4/iC9AJc7j4k84TlRILOJLfLmDfYIUUcMbQFKAkYE41EqA5n4tCImzr8DyQ7kLVPvHnLAgmr/TUg1TOuw1xE6EEJZQSDYqLFO0zNi+fbpZuh2uVTZuvDQjhcb82aSGVyaJmMvY73MY2pRmnp8SgVjOvlmgr2LFiS8xT46ORnUjyB7jm+NNB84bCciqK2bQR/brm+oZIh/tgsV6NHawVyg7Beu1xiDFRBmEmmF17n7VXLQzuQH+B9KaJFzmGRePaeTOn3z6bPnx48+/vx3w+ePnv++GDyZBoePA5fPH8yff6cTulzr+6WlXZ7WfHX7AS+hDm9YfgBOe91b+Sf+CM/uLw48UcbvuG2ROSditp+pLlSaxOME5TnFzvezbFxp4XSCTW2zsZ1NohGrZFSrfEYMS4C4zbHbuDFSs3bdV7WpcZrrXV11fLMOnbeeh8/Ym7rUsbLJRb/kYHMl6RYYvy1bHlzoBFII2gRMx9BjTZvuj+ubL23N8i9kX2y8sjqA8JtXanRBxeo8qGID96U+dkcEj0P0yt37/pu/Y1YAiLTB69Vs6eSDts7GNmwe0Gx5sKsnsCNSqq30l5VUODifIh3gSYiMnvexPg3nqTv0Y2g7+1ArEdoM0pYhtLNZ5mxt55tE//9C/IB+TI= +sidebar_class_name: "post api-method" +info_path: policy-attributes +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +UpdateAttribute + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Value","additionalProperties":false},"title":"values"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the attribute. Use kas_keys instead."},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys associated with the attribute"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["rule"],"additionalProperties":false}},"title":"UpdateAttributeResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/attributes/policy-attributes.info.mdx b/docs/OpenAPI-clients/policy/attributes/policy-attributes.info.mdx new file mode 100644 index 00000000..2655c550 --- /dev/null +++ b/docs/OpenAPI-clients/policy/attributes/policy-attributes.info.mdx @@ -0,0 +1,41 @@ +--- +id: policy-attributes +title: "policy.attributes" +description: "" +sidebar_label: "policy.attributes" +hide_title: true +custom_edit_url: null +--- + +import ApiLogo from "@theme/ApiLogo"; +import Heading from "@theme/Heading"; +import SchemaTabs from "@theme/SchemaTabs"; +import TabItem from "@theme/TabItem"; +import Export from "@theme/ApiExplorer/Export"; + + + + + + + + + + + + + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/attributes/sidebar.ts b/docs/OpenAPI-clients/policy/attributes/sidebar.ts new file mode 100644 index 00000000..5db9bab9 --- /dev/null +++ b/docs/OpenAPI-clients/policy/attributes/sidebar.ts @@ -0,0 +1,7 @@ +import type { SidebarsConfig } from "@docusaurus/plugin-content-docs"; + +const sidebar: SidebarsConfig = { + apisidebar: [], +}; + +export default sidebar.apisidebar; diff --git a/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-create-key-access-server.api.mdx b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-create-key-access-server.api.mdx new file mode 100644 index 00000000..10957625 --- /dev/null +++ b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-create-key-access-server.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-kasregistry-key-access-server-registry-service-create-key-access-server +title: "CreateKeyAccessServer" +description: "CreateKeyAccessServer" +sidebar_label: "CreateKeyAccessServer" +hide_title: true +hide_table_of_contents: true +api: eJztWm1z27gR/isY9GZipxQtOS+T8ENTnaO7euwkHsnu9GqrCkSsRJxJgAFA24pH/72zAClSr3bu0utMa3+xCCyxwO6zr8Q9tWxqaHRJz1Qq4hk56Q5IH6bCWD2jw4CqHDSzQsljTiOaO6Lwmhld0oQnMOvGMRgzAH0DunoXn0QM4ZEGZmGFiAY0Z5plYEEj83sqWQY0okdKSoht60wrq2KVtv4O2gglaUCFpBFNgHH3uoYvhdDAaWR1AQE1cQIZo9E9tbMcV5JFNnaUVtj0gaVBFhmNLjvDgHIwsRY5HphG9D1MhARiEyA3npqoiXssVyN5uRoNaKyksTTqzOfB2nnORQaqsK0PZu0kj9/50iJbN2o9VUCEJJmh8/nQSwuM/VHxGTKKlbQgLf5keZ6K2Cn44FeDa92v70iNf4XYotI0wsEKMDhbaNEgMlYLOW1sG6dX99kv1XYlL/rHJCuMJWMgjNywVHBy0T8lexBOw4A8S6zNTXRwwCFTYayyg2f7ZKLSVN0CJ+MZYZwLXJSlxMA0A2lNSHosTqpHv7qxTFvCJCcgObkVNiFMEpbmCZNFBlrEJE6YZrEFHZCYSYLCYUKSZJYnIE2whRgnJCcmZSYBE0ZX8vPnz1fSJsKEwlxosbdfDl1JOg9oXoxTEZ+AU0AlIj84uobZBo3mGmJmgaNIV/SgJHyaOLtZ1kjM4gRtouZQjqyu7hmTa5iVMqmlKeRE6cwhIiRHhdYoy1zDBLQGXtnBhk0tb+UaZqaBDqY1w0MKC5l5GFo5ZLughdMBzdjdKcipTWj0pvP2MKCZkNVAZ/XEd6/ab0l38DHskBL+aCBnvQ8E5A2kKoeAFKZgaTpDdV0LvmsDOL20gRcPsO+SQoovBRC/FBEcpBUTAZpMlCYIG9QGsmbpFFlL5Qy09E3t4bzmjhTrDK6lukVoT5UWNskI7r1C/JK91K6XgIwVBx5eSXKuvLEE6EUMkIzN0DY/a8Oiw/bLN5/dRvuDbmvMDHByq1me41GY5FeSfIY4MhDnh69e646n7R2tkAZkXFiSKQ3EY8xUXBjnwAkzRALgfmp4LURfCoKedAejs4sfT4+PRie9X0bd059HvY8XH0YXHwdnvaPjn45772mwlao/6I7wNA+QvGy/fb2DpHc0GvSOzg5fve53HiZ78eblY8heHXb6HTqcNxR9wszZwm8EtNbhWcNaJiw1sN19XEnSdVG9YfPOc6kMCDNGxQLJSAaWcWaZU92k0DYBXcHUBwja2Jkzb9zqjj01T7LwQ3XgvqwGhxgwl+1fQ6Ys7LLAkmL13NfMNA9a6JS0iMqrSCFkDM7Ls9QoBJ4GqwXcoGMTrPHm/3aAypiNEzB7z/5VneKStb52W/9st94O9+rfV1dXV63hfTt43Zk3KPbf7eFM+I0v7T/fOwif77/74VkzNM436LQJknJwiHnMLrAF1KhCx3DuAFNHQD86cjhaRcunEhg73M3g00X/qDc6/+Wst+JimjPHH897/Y/d05Xh3j/KYfTePiXcjmg3vxRUDl+92LbjK+kTbcCYjNaNb9d4XUGQ54VISdUt+uwaO5KTQnLQJlYajHPQUll0xZhMToQ2lihNUmZsja2QnCcYytQS91uRpshdom9PxVfgxCqCBqFJzAwsMGjEV9hDIO6Tv5A2eUdWQNnE1buofhq1hs+XEPXDs30SEawAlnKtypU1YbAYW5XokcoyJUljfndqkrIxpBtTmIpVSbENrtsRcMPSAvAAyztcuK9y4W9wuxurr76vBnYHlDkus1xluQGTK2n8MQ7bbfy3vNlB4Tj5euh7VBnXK6Xjgy/sztwERwH/htKly7kGY7AAZA7zQhrLZAz/V6Hi3R8XK6JL/Pnn/XebosbvKagipz6UT8Ju0GmmVuQpuIQhZ0Kbp4rrqeJ6qrieKq6niuup4nqquL5rxeXqBjdfddJPuoOI7FUFVECqmmn/DynKrpk5+V1x85phs3dn5GJmtCmhRFEgvCs5wIz4RJeUme5vSHJwzYYxNpa2CUPDSpWcGizLStE/mFUsoltzB/Xgdh11T3/+1D8+/9tqnKjHG5FhebCMBfVg72iErn9t7MWbl2tjrw47dO1DzqDIc6XR6TpnXG3fhI/MPFAVDydID3lnB7fj3cyYGYn17BH1evx+B1QaNj0QWZ7CiQP2AzXeMl8XYVY5nzCXJplm4HI+0yVQiKDHtza2tTLIhc/UXBehdguLCus/XtPHrkzmXbuUyPvBEbNr69dTxIDF2GOcHsgeBm87I7eJIiWRb4toiJXGjEtIF20KLiyBG5B2o5+7Y6hD9122gzrphO12+8XLdrtzaBDdPpmjEeXMQgs/+bmqNufrxygHNx2jntpxjJLoDzzGf7HDYhKlLWlOfkPGtf6R+xvSxzWbrr/CP6Kh47syD3Z03MEnrEjteuOmp7XS369tg1XOJk00MSGVHU1UITlioYobMVp86jLXQroKy30yd+ngiOlpgZmcgzLjqZAwgrvYlTA0aCyIRZ0GxmcjuBPGIlZy0JkwWEqPOEhR5sZlsgJ3CSuM/9o6YSIFPsJ0XkkvTlxv7AII9gIKO1KTkWZyCm6XzuHitty0kBa0byoXkt0wkbJx6twfs2yUKtccKyQrbIJm5r/xrkUs32BltjAERRmQ20RgJpuoIuVljxdFRhyk0WteTpWaphDqPA6PFIfh2kDoHakxbLpRN6v1LQdfp+vWhMVYeAJihJQrrG9JSNKT01SYJCRdOSOF2fJq451UxWWv2OXOZZcAI0Bz+wMniZCDZSI1wx1TZCIg5YHrWS+WHs/cinEqQNrQ2z+SPwxjW+W2S6KaB6Un2SDEhU8bC8n0zDMbF9NNvDZbq+u1bnU7/r7LarxzBYpxPlmPhdVMO2cuSgFUcmeY/5U1D/mr61e4xNAvNwbf9XfjZRxeXyRs+NNSD+4WzLiYhF254q7KazKVc3n8kdwbficabKGlV2O5YESqMir2A4gELAm5is3BVB04uJmDPyFZS2NpjtAqi+rKEy6JcMs9pQxsovzVJ9cyzxl2m+jBN9+EOtjGwcdcfw2q0CmN6H2eMos46kmeKyHtfM04e96Nkk85yPP3P5HqDawoAmKKOMHeTiWkajZ0JpH4k9wwLdAz+fbfCkcfH8pQsT47d9eKDMSFFnZGo8thQDFC9OuLRuUOFxeFagtZKmrqBqrvX16Wrcia3KXn9aNr1j2qJzV3nZ1mjbqjcCwvbC3YNPPNRULicIPt2qVybA0Ja9pCaZdd3IjedFw5oYzNmAup1V2xLfhYWmrhQyzcWdSrkP57hvNlHpyX335NjwZb2A8D6uASXdL7e+wtXuh0PsfhLwXoUvMVkvBpHlRX21CVXBic4JuTnsZNNLpXXQ3bJ3UmuXxILHh33uMrfTKl2N56POvH8Vu6fbfEaUGH67XOfdujoljLoeo3UNC53Uk7bDigs0+DcxrQcXmJL3MJFtXsFvMYdusP4jNZ39HDMQSvnBYu4FO/Jv79G6YbYS4= +sidebar_class_name: "post api-method" +info_path: policy-kasregistry +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +CreateKeyAccessServer + + + + + + + + + 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true\n```\n\n"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional labels"}},"additionalProperties":false}},"title":"CreateKeyAccessServerRequest","additionalProperties":false}}},"required":true}} +> + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-create-key.api.mdx b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-create-key.api.mdx new file mode 100644 index 00000000..ff59d5c2 --- /dev/null +++ b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-create-key.api.mdx @@ -0,0 +1,72 @@ +--- +id: policy-kasregistry-key-access-server-registry-service-create-key +title: "CreateKey" +description: "KAS Key Management" +sidebar_label: "CreateKey" +hide_title: true +hide_table_of_contents: true +api: eJztWm1v2zgS/issD9hNANl5c7Jd43o4r+Pu5ZLUQez0UKSBS0tjixuJVEkqiS7r/34YUrIly3bSNrd7OLRfGpPD4fDhvIuP1LCppu1reiEj7mfktDMglzDl2qiM3ng0AO0rnhguBW1TnD2FjJwzwaYQgzAfBbmEzyloQ4wkvgJmgDAi4J7cQka4ICYEu6bj+6A1GYC64z40qUdlAooh55OAtmliBWjeMq3y/ZunkLlVuAhUIVfBomt3O4WMejRhisVgQOFhHqlgMdA27UohwDeNCyWN9GXUeA9K41E8yvE8IbAAFPWogs8pVxDQtlEpeFT7IcSMth+pyRLkJNJ4bCkNN9ETrEGkMW1f79XgO4YJF2ARuXPURE7sz5wbSXJu1KO+FNrQ9t5s5tXOM+QxyNQ0znXtJM+XvMJkraDGUXl4lbGms9mNQwu0+UUGGW7kS2FAGPyTJUnEfXupO79p5PVYl0iOfwPf4KUpVAHDQePsLdOoCHMybRQX05Lgt0yPeEA9OpEqZoa2aZra31XhL/O7JMMQSCr45xQID0AYPuGgCsSXVBIUnXn0FrInRIDMiRBzcQZiakLa3lsrQIekGlQjsGgGZSEmUlkpbiHL9+1EU6m4CWO7fWk7Np/YeNA5GdrhGHDnoLzNRzF0fywYkjjVBmmlgAKWQtY7FqWgm+2P4tOnTx+FCblGDbje88i+Rw480vLI4U0++xG1fhmy3Apo5+zX/uXJ8B/no6t3g4te9+TtSe+YeqXxy0FntL/bel0bbO3+fFQZ7HVHF/uH9bGD163a2OH+Hr1x2J7LAJZhjXFsI6JIUcCCvmwLmtOmRyLps4hIReDBgBIs2l5Aa5c8iSrZ2mu0tqvY/u0N2SM//EDsj7++Ia3nQHva+zA67x/3lpCdD3f7796e/Dq67PeHo9Peh/LUxWX//clx73Ll5GXvvD/sVcivfjk76SLdqP/u7IMFNknHEfdPIeuahzK6bnyEePjmYT3GXXQbDwahZEHAcZpFJGCGEZ2AzyfcR11G/BxLhNgjY4aaLcX8XhIl73gAivA4iWxQsv5ngdsaf5NAvMnUcfqZdv4L03DUIiB8GUBQkhZN5qJ3TnKHNZt5dHHUi5I0ExZpQEwVv3MxbRlUN7EW1a4UBd8oI1+FsdvhhUF+YY+KXvvkeO7XdBbHYFQO9r1iScLF1BnRLWRN9K12FAJMEzaIkVMhvjVs+0mO29I952vsTqR6AUU+Qfhk4Ri4Jmf9buesSQahTKOACGkdRaJAgzDLtM4Km8/SGnc5XSkmfLoZ74J25Fvi0YoAOj+v45e6JK2Me1kjPJQ7j/vjCBDyCKbML8M9ljICJkpi5CRrt/5XCCaExW5cE0bcoiJoxmAYanLZTOZjdfuIYylIMU/OU4PSLgbKEfkppY7YGCK9KqOZH89RrLu49ddjIwSeriq+LHDJGT+lE7NSuldkyXmeXsl2r6te/GYj1xqm5WyfVW1xbqHOy+SmW0m4yNZpZ5AHz5L54VWvM591kQ392/rQ1iTLWxQhGuLEZGs3cQZY5V2Ng/MYvrWFPqc5Z/MGw/nvv5Pa6P52EeWbSy69WRbw1Rvy44/byGEF54OVnFvP4/zGcp5nFxeFX3fugPDgWfjXMK6glHsucmKWkJ6UqZbvkIngBYGuwLHs8nIU1uC7v5LhwUaGr6qwLt2AgyF39xpqrv7JY7+qS9lCcUKmt1Zd+fZCFDpDb1AtcO2ATqTQzhvt7+7if1XzHqTWWl0p+kIFXhGFSxXdqoiL9up6CcEqx8KwTdF8Ovd4ZkHpioSlAuFJ7nwj6w116ZcVmht5fEPR+L9dsQ0MM6lePpV2o19xJDSowbAzvBqsqJXyiU53ePK+Vx277A87w97x1xeSgzz+aRLK+3I2E9sWWkC25vWkglga2P6/rfcGRcGhjUp9kypYlBnf67jlBPi/hdb3guwPL8iq919JHZ5be60qvL49Qs28vLG8nsrOz2wKMOHTf+YRfx11ng/ZxKDUph1nxjJxPk9t4lCQfGN99yQ2eXbRMWXu+eCImRr/xZTN38YZ0XkRgz1dk5H7UM5TlnseRUSBLxVqJReECcLSgBsCdyDMShf/wNCO7aeYPQxxe83d3d2D1u7u3r7GumwOZsAMNLArjxilSVA/Rj646hiLqQ3HyIn+wGP8iQW1DqUypDz5jNp6s/W/QPvjRASYZQN2PWzByjJ0TBOZCnsTw+O3mtxzE8rUuAA1/7agv7k3MuEQBfq7CX03oT/NhG6ZvlL8qdotVfwrO2Gu9l2Lxcp2V7EKG+aMLLfVPOygGMaFy3fW1a9YjVskJyyNTL3o7ikl1cuV3H5RsGxQMiHNyDoWVK6i1PCZ8CGyNVUqboW8d9/M71jEgxFT0xQzTmsbLIi4gBE8+ACBXbBg6FEWKWBBNoIHrg0qXwIq5hq/fY8CENwuUKBlqnxkErJUGzs4YTyCYJSg9eSZHPIbS+XmZWpGcjJSTEzBSjlPhO00F+7rnJ1id4xHtjvtodWwUSRtYyMVLDUh2i0626D+4AEbEa7qJAilR+5D7oeo8ZgujgHtGSFzX/bwc9/1VMppBE2V+M2uDOCmNtB0DlprNl15N1UJOiSAO4jwUhsT5qN2AeoIyTnUReKC9MQ04jpsko7I3DfoVUtLa2wRyv+N6ioC4pJf9/GnLL6rypsBGMYjfbNhysUQD8vaBetx5gwj4iBM0zkUJH9ajd3sMlQzL3dNK0Bc5J5cMJW5zcbpdNVeq32A7ZOtdS7umUjtGxw6AG2dvBpzo5iy0YHnABS4s0iKqQ3fhJG/ozjEhKxwoWPQ7uUFjucfkOtMmiVfmN+DfTwyTifNjshoxfHlr0sK5/L8I9kVThIFJlXCXWPOsE1CYxLd3tnx3QBqgi/jnUD6emcqd6y66Z2/IFlDQV5XsTxGWE8Ygwmle/9jv00kDAtOuvPFz4F2ys+BXEh2b4FSFdE2fUwiZlAreiJIJBdmVjO1nnOKpJ+AGB6/JcUKcnV55hGd+iFhen7kYrZpFTx00t8xxdHPuMbE0o7O2+eOvz47s29rNPip4iaj7esbj6K/v1y8tsklLDU36cGEvT6cHLUahz/t/dRoHR7tN8YHE7+x7/98dDA5OmITht23vOxfGEi1e7i25zdveq1rPi13hWw3pmShtU5ITZJyP6CycPmj5mJJkWE7lS0nu/M0yCoXFxNZqb5rSlVTArzE/CVXm97tWUmkNjGzcbd4h1VStcry0mOoF34slzst/JqPqseFzV2VdZ7OZq6//Akd9UpHufGo1eL2NX18xF7TlYpmMxz+nILKFbJQcPw184pnZ2hmAdc4EazOnsrAbBXdo22y7mC2H7/pjV3u+CnF13HP3/p5+1VexlV2mtMhv8YQWS0oaonaYgXeQWI20t6UfOFFfzCkHh3nD+xiZ4GK3WOyxO7dQVz+bT2NHUPlF9PUZhXU8cR//wGiS3L8 +sidebar_class_name: "post api-method" +info_path: policy-kasregistry +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +KAS Key Management + Request to create a new key in the Key Access Service. + + + + + + + + += 1 && this <= 4\n```\n\n","type":"string","enum":["KEY_MODE_UNSPECIFIED","KEY_MODE_CONFIG_ROOT_KEY","KEY_MODE_PROVIDER_ROOT_KEY","KEY_MODE_REMOTE","KEY_MODE_PUBLIC_KEY_ONLY"]},"publicKeyCtx":{"title":"public_key_ctx","description":"Required Context or additional data specific to the public key, based on the key provider implementation","type":"object","properties":{"pem":{"type":"string","title":"pem","minLength":1,"description":"Required Base64 encoded public key in PEM format"}},"additionalProperties":false},"privateKeyCtx":{"title":"private_key_ctx","description":"Conditionally Required Context or additional data specific to the private key, based on the key provider implementation","type":"object","properties":{"keyId":{"type":"string","title":"key_id","minLength":1,"description":"Required Key ID for the symmetric key wrapping this key."},"wrappedKey":{"type":"string","title":"wrapped_key","description":"Optional Base64 encoded wrapped key. Conditionally required if key_mode is LOCAL. Should not be present if key_mode is REMOTE."}},"additionalProperties":false},"providerConfigId":{"type":"string","title":"provider_config_id","description":"Optional Configuration ID for the key provider, if applicable"},"legacy":{"type":"boolean","title":"legacy","description":"Optional Whether the key is a legacy key"},"metadata":{"title":"metadata","description":"Common metadata Mutable metadata for the key","type":"object","properties":{"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional labels"}},"additionalProperties":false}},"title":"CreateKeyRequest","required":["publicKeyCtx"],"additionalProperties":false,"description":"Create a new asymmetric key for the specified Key Access Server (KAS)\nThe wrapped_key is required if key_mode is KEY_MODE_CONFIG_ROOT_KEY or KEY_MODE_PROVIDER_ROOT_KEY. The wrapped_key must be empty if key_mode is KEY_MODE_REMOTE or KEY_MODE_PUBLIC_KEY_ONLY.:\n```\n((this.key_mode == 1 || this.key_mode == 2) && this.private_key_ctx.wrapped_key != '') || ((this.key_mode == 3 || this.key_mode == 4) && this.private_key_ctx.wrapped_key == '')\n```\n\nProvider config id is required if key_mode is KEY_MODE_PROVIDER_ROOT_KEY or KEY_MODE_REMOTE. It must be empty for KEY_MODE_CONFIG_ROOT_KEY and KEY_MODE_PUBLIC_KEY_ONLY.:\n```\n((this.key_mode == 1 || this.key_mode == 4) && this.provider_config_id == '') || ((this.key_mode == 2 || this.key_mode == 3) && this.provider_config_id != '')\n```\n\nprivate_key_ctx must not be set if key_mode is KEY_MODE_PUBLIC_KEY_ONLY.:\n```\n!(this.key_mode == 4 && has(this.private_key_ctx))\n```\n\n"}}},"required":true}} +> + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-delete-key-access-server.api.mdx b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-delete-key-access-server.api.mdx new file mode 100644 index 00000000..da47a425 --- /dev/null +++ b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-delete-key-access-server.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-kasregistry-key-access-server-registry-service-delete-key-access-server +title: "DeleteKeyAccessServer" +description: "DeleteKeyAccessServer" +sidebar_label: "DeleteKeyAccessServer" +hide_title: true +hide_table_of_contents: true +api: eJzlGWtz47bxr2DQzpydUrTkV+705ar4lNRj5+yR7E5TS9WtyJWIGAR4AGhb8ei/dxYkLeppX5PJl96XsxbL3cW+d/HMHUwtb9/xay1FNGMXnT7r4VRYZ2Z8GHCdoQEntDqPeZtnHim8B2tKnPACZ50oQmv7aB7QVN/SLxFh+AklOlxB4gHPwECKDg0xf+YKUuRtfqaVwsg1ro12OtKy8U80VmjFAy4Ub/MEIfafG/yaC4MxbzuTY8BtlGAKvP3M3SwjSipPxx7TCSdfIY0qT3n7rjUMeIw2MiKjC/M2/4QToZC5BNlDgc30xP8sqbGspMYDHmllHW+35vNg7T43IkWdu8bPdu0mb5d8ichWQV2BFTChWGr5fD4stIXW/aDjGTGKtHKoHP0JWSZF5A188KslWs/rEunxrxg5Mpohd3ACLZ2KuIZjnRFqWpNaxDzgE21ScLzN89z/Xpa6VxlxPl98t9FhesUFeMAhjgV9DvK6JswEpMU5kVl2DA+wmVa2EPmw2aT/lsXo555TYcI/QjH3K97++zU5D3huxC4kOl7VbyeODVpLPgs+sIWyDlSEA3XbO2dpbh0bIwP2AFLE7LZ3yfYwnIYBe5c4l9n2wUGMqQ4jnR6822cTLaV+xJiNZ2xhBmZxmqJyNmRdiJLqZ0HdOjCOgYoZqpg9CpcwUAxkloDKUzQiYlECBiKHJmARKEYmAKFYMssSVDbYgkwHKmZWgk3Qhu2B+vLly0C5RNgwBRclaPfe/cff4mP74OAOGr91Gv9uNj4M9xZ/DwaDQWP43AxOW/Maxv7HPToJv/Gj/e/22nf059/2P+4dhN/tf/zru/1SroEiE2b5WIroAn0QVoYrgKN7nG2I6sxgBA7jtjcf6SeBB2RpLp3IJLJ7nLEMhCHnXXUxrfBq4pPrsrNFECUY10UoIavsC8k8j8JyC5sLVUS20CpkZ7kxZPHM4ASNwbhKlhuEWgsUW3NqMAZIC8Jhal+PmgzTXRFBxwFP4ekS1dQlvP2+9eEw4KlQFaC1euOnk+YH1ul/DlusTAWURa+7PzNUDyh1hgHLbQ5Szsie97vj9t6nvJoAR6+w77Bcia85soIUEzEqJyYCDZtow8i5yRrEGuSUWCvtk1VZwJrDWh4ljHUG90o/UgBOtREuSRnJXsXlUlQv6jNDFekY43Cg2I0uQjqgUmORpTCjDPLFWGgfNo/ff/GC9vqdxhgsxuzRQJbRVUDFA8W+YNS2GGWHJ6emVeB2z1ZQAzbOHUu1QVb4mK24QBxjzMAyhUjyLNzrRfWlIvhFpz+6vv3h8vxsdNH9ZdS5/GnU/Xz78+j2c/+6e3b+43n3Ew+2YvX6nRHd5hWU4+aH0x0o3bNRv3t2fXhy2mu9jnb0/vgtaCeHrV6LD+sF8wLs9Uti2Vkgt+eXgWIdn2JqMe/zq06RgbU6EoTGUnQQgwNvukluXIKmctOiWPKaZD68SdSdRTtYz0OLIn5XAYfUVS3Hv8FUO9wVgSXG6r3vwdYvmhvJGkxnVT0TKkKfa0FaTY5n0BmBD5TYBNS+/L8qo39eFd1QO+cbbFp3khI4pGZ3l7MF3OrcRHjjHWZRAQvoyPvRqrfcJMiK86r5v+j022zv/PNNt/e5cxmw7r+Kv/Z3ZKT+1W3vrDu6+eW6u5KF6icVzRVwxYCigLz34nfVzXuwt7ubyXuwo00NJamC3LvSA85Y0eiystP9H5ocolkLxhpplwAFltRqapnTlepf7SpeqltdggVwu406lz9d9c5v/rFaJxbwWmVYBpa1YAHsno0o9a/Bjt4fr8FODlt8bfbs51mmDSVdn4wr8W34xs6DTPF6g/Radvbudr6bGdjRhuGO7Hr+aYer1GK6L9JM4oV37FdmvGW+vsKscr4A3ybZeuHyOdM3UORB86Ac0Lffyp+vUr4qa8RAsduiUyO0Wlp4mbCIRVUs6274AlslfabTVCtWO9/t5JFBuljHLTXyBXAEbo3+4ohZdFR7rLcD26Pi7WbsMdGsRGKPQkpmMNKGOi6hfLXJY+EYPqByG/PcE5AN/SqpRTZphc1m8+i42WwdWvLul1VADA4btKXwU20Wr1+jBG66xuJoxzVKpD/xGhLGKDem3upOJcY2597uiA8gc89jWRGLdiXRxrH64Td0XOt7uW9oH9dierE4fMNCp9jKvLrR8RefQC7d+uKma4w2f9zahqacTZao+4TSbjTRuYrJF6q6EVHES9+55spPWH7L59vBEZhpTp2cd2WIpVA4wqfIjzA8qBGkoc4gxLMRPgnryFcyNKmwNEqPYlSi7I3LZgWfEsit88AJCInxiNp5rQp1Er2xLyC0C8jdSE9GBtQUvZQ+4ZJY/lgoh0aB9EfwAELCWPr0Bw5GUvvlWK4gdwmFmR8Z1iuWb5QcuNwyUmXAHhNBnWyicxn7DlkxUhnzLk1Z826q9VRiaLIoPNMxDtcAYZFIrYXpRtuszrcxFnO6aUwgosETyUdYSWFdJKFYV02lsEnIOmrGcrvl09o3UkcgxW80i1LvXG4JqALUxe97TYQxOhDSDnccsYlAGQdMmxrp8cxTjKRA5cIi/gn9dTd2VW+7pKp5UGaSDUp8yWljocDMCmbjfLqJ1+Zo9bvWrWmnWNGv1js/oFifk81YOAPGJ3NRKqDSO1D/V8487O9+X+Ebw4LcGG2x9SZ4WYfXiYS1fFrawS/ux/kk7KjldFVt9qvk8vYr+S8KSQy63KjCjCXBNqvGqKgAkCfQSBjryB5M9YF3N3vwF0JrGBrNybXKobrKhMvj++anlRRdoovXGr8yz4C2Tfzgmx9vDrZxKGpu8XKTG8nb/DmT4MiPuirOtFBuvhac3SKNsqsM1c2nH1n1BU0UAbN5lNBup1JSdRr6kEiKmzyAEZSZivXfCseiPpSlYv107l9CLEa5EW7G23fDgFOF6C3eRkoJq408P5rA+5PJ6XHj5PvW943jk9PDxvhoEjUOow+nR5PTU5jAKQULbUOXpp01Ra8pgy5TLknb/KHlu3VtXQq+YpWvR9vUv0TqJUQdPjlSm1DFc4FPFYXt77794Y4HW9gPA+6t0b7jz8+0urs1cj4n8NccTanYylD0ax5Uj13kLrGwdBBv7ilqb1N8r3oe2meLRm35kjRP7nzZK1Me57Q9ejvrt/Fbeo9b4vSCR/QaN8VWocJYa1EWX5CiM7cTd1iL7+ur/g0P+Lh81kt9/8INPFKbAI/FRYpGsViYEeyZS1DT3NdTXtCkf/8FVh1TnA== +sidebar_class_name: "post api-method" +info_path: policy-kasregistry +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +DeleteKeyAccessServer + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-get-base-key.api.mdx b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-get-base-key.api.mdx new file mode 100644 index 00000000..96893f73 --- /dev/null +++ b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-get-base-key.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-kasregistry-key-access-server-registry-service-get-base-key +title: "GetBaseKey" +description: "Get Default kas keys" +sidebar_label: "GetBaseKey" +hide_title: true +hide_table_of_contents: true +api: eJytV21TGzcQ/isa9Us7c9hAk056n+oASRmSwmDoF4bxrE9rn2KddNGLwfXcf++sdA7nnDGkU76YW60erZ591Zp7mDue3/Ero2SxYhejMbvGuXTervh9xgW6wsraS6N5zj+iZ6c4g6A8W4BjC1w5nnFTowVSORc853VEGizA2RZocIGrUVGgc2O0S7SbA+hLFjj4iP49OLzAFc94DRYq9GjJrDXXUCHP+YnRGgt/cGWNN4VRB3+jdWRUxiVZViIItDzjFr8GaVHw3NuAGXdFiRXwfM39qiYkHapp1PTSqxegUYeK53dHPSJOcSY1Ml8iWyZtZmbxs0VjdYvGM14Y7TzPj5om693nRlZogj/47Ho3eb3lWyDPGuqTVsakZpXjTXOf2ELn3xuxooMKoz1qT/9CXStZRK8OvzjCWvctMtMvWPiORU+evE7IPOMghCQYUFeWIsVLdDyfgXLYNM33HosCVxvtSGvNjw8P6Wf7VuMQoylx+98srju2rPm0Db8XFRfgbq3s6DlvpZ53KFiAmwQre564KZHdXn/axMkFrljKCZaSgjcZr8NUyWJjSAuYhJNFzI4+ZlqmVOxC+xI8m6Iyeu6YN0k+GpOde+8Ham6s9GXVteBJmPWu3aYIH336eHl9fvPn58ntX+Ors5PzD+dnpzzryK/Ho8nx4Zt3PeGbw99/2xKenUyujt/2Zb++e9OTvT0+6tepcahrYz2KSMs3892ASF5Isdd/UkRXYLVPi5YpePcFd0axcL7/MHATKXb69fx0T6g0TxBjWdUKL8Cl8rnHoF2nFMFa1J5RAhBZW9DdbE4p+WI6N3RIbBD9rD2z1tj/L2cLI3AXt/gIxEjsatr4ycwELShGNqFagC5QIdEe9EKbh9RFlqCkmICdh4qso4uAUFLjBB8LRBE3PAFmHJRFEKsJPkrnqRjVaCvpqBtMBGoZN1h0JtiCQEoIzkfhDKRCMaktFkYnOglvGmOWGmrwEzObWNBzjFZGH5NZcVlqj1aDikuwBKlgqkhRgIeJMrEyBg3Bl6g98YuinyTkfufBB8eIyow9lLIomStNUIJNkYFmRBlbggpIwXg3N2aucGDrYnBiBN73BDHBKnQO5jt9s23BiAlcoiKnHsygkHrOkGKEtQh9k6RmZ3qupCsHbKRXLLhntnb2KFOAkv+gYKAFcxTtUsfE6po/jkwMBHqQyt3vWWIziUpkzNgO9HQVEQslUfvIQlJ/OYzT6vdUNRmPtO8icWZsBZ7nfCo12FU6bBrmu87ana2x0T5bvdLgtO2qE6M9SO0oKMBOpbdgV8yhlS0BG96BWg57kL5kwP4gc1IvSnBTdGkWIXlb3vogg06FbP0Qx6lpmA1GertGbeatTXF5/ZXijmSJRR+sTm5sAXNWel+7fDgskoAioTDVUJjCDedmGMPNDX8itQOLtUUKrVjKeJMqYYW+NGkkjpNQDb7kOR/+8IQ83JqQXVRJ43Gwiud8XSvwFBZnWtRGat/0cu0sVUV2WaO+Of3ANjtoJsmYC0XJwH2782Z1ECO8TOYvwUoqNDFsvz8xlfu28vdXmzhuOiyClX7F87v7jFPBv34aQFsLeb5uqMTNzNYQ1KOsd0OysJ3cc748ik3cOF9B7Crt3L1F5Nb+zvT73DunTS6Pj54YkprOiB5Yt769+/HXD8+6Rt1nPLKd3/H1mpryrVVNQ+KvAW1L3MYR9NVkmxcDhYOQjhbE7o7fveLP1+3Y/Qt77mY0Dux9HrUVinN62Lz+6Nedt/Wo2Trpmx7hHdwQ1JNGb6J42kFOqP1e3ftO0l5djm94xqft26iK4wa38EBdHR7SRUy8X8yIKFtzBXoeYvvjCZP+/gWOQWOr +sidebar_class_name: "post api-method" +info_path: policy-kasregistry +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +Get Default kas keys + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-get-key-access-server.api.mdx b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-get-key-access-server.api.mdx new file mode 100644 index 00000000..789070f0 --- /dev/null +++ b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-get-key-access-server.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-kasregistry-key-access-server-registry-service-get-key-access-server +title: "GetKeyAccessServer" +description: "GetKeyAccessServer" +sidebar_label: "GetKeyAccessServer" +hide_title: true +hide_table_of_contents: true +api: eJzlGWtz47bxr2zRTmynFGX5lTt1OlfFp6QeX84ey+40tVUdRK5ExCTAAKBtxdF/7yxAStTDkp128qX35azFct8vLJ6Z5WPD2rfsUqUimsB5pwdXOBbG6gnrB0zlqLkVSp7FrM1yhxTec6NLnPAcJ50oQmN6qB9QV9/SLxFh+D3aJQwWsJxrnqFFTZyfmeQZsjY7VVJiZBuXWlkVqbTxD9RGKMkCJiRrswR57D7X+HMhNMasbXWBATNRghln7WdmJzlRkkU2dJhW2HQLaZRFxtq3rX7AYjSRFjlpy9rsI46ERLAJwoPHBjVyP0tqkJfUWMAiJY1l7dZ0Gqzocy0yVIVt/GBWNHm95AtEXhTUeqwAhITMsOm0762Fxn6r4gkxipS0KC39yfM8FZHzbvMnQ7SeVyVSw58wsixgSuLFyPkr1xQVVqAhvHtuKDZmHxirhRzXVLjnZiBiFrCR0hm3rM2Kwv1eVEO5P2B3WIzCB56KmFsMlUQ12gsrj8NfgVz+F2g24fri40UbUPJhSsoLA48JSnhE0JipB2+QGHONEbcYw0hgGrPpdI1g84C6LdXpkx8X9fRefVlNdx6wTMhPKMc28dGwfFxn5UBrOBVabGJEx4t86qbVYkFHj1znSpA+BcYiU7HRh6/w38eZqd3R7IdL0rpIqyXhyocoCxiPY0H0eHpZk27EU4PL/LrCJqihMAte3hHxjnc1KA1KIiXtjvf0DoF2Ci12AhgWFqSyMFQ2ad/JL1++3Mk/7Cbc7FIohSLeg6++gjnAU9iDX3+FGazQYhFADt3b2yvJ3clSRFGXxRMiQKEFZIWxMEQwaCspFmSoU3+9CDMB2JQMv1gvHcDkShrv+IP9ffpv0bi9wrnHV7bfVi+WqsRSE9j6wdZ4nAavS5RFxTpxrNEY8gR3zU5IY7mM8E7eXJ3N/MHBlSC4ufoEuxiOwwB2Emtz0242Y8xUGKmsubMHI5Wm6hFjGE5gHrtgcJyhtCaELo+S6qenbizXFriMAWUMj8ImwCXwNE+4LDLUIoIo4ZpHFnUAEZdALuBCQjLJE5QmeAGZDmQMJuUmQRNW8eTCIuM2StDs7vzbafGh3Wze8sYvnca/9hvv+7vzv+/u7u4a/ef94KQ1rWHsfdilk/CNH+19vdu+pT//vPdhtxl+vffhTzv16AxYXgxTEZ2j602V4zxwcI+TDVWm7dxH9kn4A0JWpFbkKcI9TiDnQlPwvraHRTxKMK6LUEKW2XvJHA/vubnPhfT1USgZwmmhNXk81zhCTZ3rYTZxbE0UUwtqrjUnKwiLmdmeNTlmmzKCjgOW8aeqdbxrvT9Y7iWLGj8d77+HTu9z2IKyFNBwcdn9AVA+YKpyDKAwBU/TCfnzfnPe3rvGURPgcAv7DhRS/FwgeFIgYpRWjARqGCnt+z7FyTRgPB27Pq1csSrnuv1+rfMQxiqDe6keKQHHSgubZECyV3m5kNXzsRVQRirGOLyTcK18Sgc0cBiEjE+ognzRhrcP9o/efXGCXvU6jSE3GMOj5nlOqnAZ30n4glHbYJQfHJ/olsftni6h+naVKY3gY8xUXHgcYwzcgEQkeebhNTN9aQh23ukNLm++/XR2Ojjv/jjofPp+0P1888Pg5nPvsnt69t1Z9yMLXsS66nUGpM0WlKP99ycbULqng1739PLg+OSqtR3t8N3Ra9COD1pXLdavjxjn3FzOCsubpop5fbmT0HElppbzrr6qDIEboyLhJo4MLY+55c51o0KXLd+FqW+WrD5zUnqTqBtkqmsyq0P1Ea4ErhkdafS1G8fUEmNZ73tu6ooWOoUG+JGc+pmQEbpay1OjKPA0Wi3wgQqb4LUv/6/a6O/XRdf0zukan9aDpAS6UX9TsAXMqEJHeO0CZt4BPXTg4mg5Wq4TBH9e3YnPO7027J59vu5efe58CqD7T//X3oaK1Lu4uTrtDq5/vOwuVaH6SUVzCVwxoCyg6D3/r/rmPTc3m4dJmr7XDZRkCgrvyg44AT/oQjnp/oYhh2jWkrFG2iacEitVcmzAqsr0W6eKWXerSzAHvuyjzqfvL67Orv++3Cfm8FpnWASWvWAO7J4OqPSvwA7fHa3Ajg9abGUl0yvyXGkquq4YV+Kb8JWTB7li+4C0rToHb1h5rPr17OOGUKnldE9keYrnLrA3t7CljYbrMMucz7kbk0y9cbma6QYoiqBp8NoNxyLli7JH3Em48ZMaodXKwuyGRSyqZlkPwxlsmfSpyjIloXa+OcgjjaRYxy4M8h444HaF/vyI7t/Ue4zzA+xS87YTeEwUlEjwKNIUNEZK08QlpOs2RSws4ANKu7bOPXHyoVuvtsgnrXB/f//waH+/dWAoumcLFdp1NWh55261ebyqRglcp8b8aIMaJdLvqEbKh5iuLb2VTiXGS8H9ciA+8LRwPNZtEGluSJS2UD98w8S1uq5+w/i4ktPzZfq2FZhfyWxJdbfPiXHEi9Subm26Wiv9v9vZ0BVnnRvqASGVHYxUIWMKhKppRJTuqRtbC+muV27z7WbBAdfjgsY4F8c8ToXEAT5F7v7CghpButFp5PFkgE/CWAqUHHUmDN2jBzFKUQ7G5aSCTwkvjN8/jrhIMR7QLK+kNyfRG7ruQYuAwg7UaKC5HKOT0lVbEssdC2lRS566I/7ARUpbZpKYWz5IlduMFZIXNqEc84vOlXblpiTLbWGATBnAYyJojE1UkcZuPJZAJgMXz1Qyb8dKjVMMdR6FpyrG/gog9FXUGD5e65vly22M/pKuGyMe0a0TKUagpLAqkpDQleNUmCSEjpzQenX9p7VvUhXxVPxCF1EanMsVAZX/uvg9Z4kwRstFavobjvz+NqAd6Zz0cOIoRqlAaUOf/IS+PYxtNdgumGoalGVkjRFnBW0oJNcTz2xYjNfxWp+t1c775dPVZuduJ8YVZD0UVnPtKrkoDVDZndPwV1544G9uWeGmQk9uiMa/BBG8bMKrRMJaMS394B6z6O2lIxdrVfXaVRWX16vkvvCSaLSFlt6NJcE2VHeoyAMoEug+GKvINMeq6cLNNP9IaA1N93IKrfJGXVXCOr+1b40Z2kT5t0v3wpBz2jOx5pufMptryftW698xC52yNnvOU24pgroyzpWQdrqSll1fQOEiR3n98TuovqCLRACmiBJa6VTmqU5DlwyJV+OBa0E1yW/9ljj6zlA2idXTqXsXNBgVWtgJa9/2A0a94Wr+UlhKWHvfY4cj/u54dHLUOP6m9U3j6PjkoDE8HEWNg+j9yeHo5ISP+AllCu1BF+45K4ZesQfpU65H2+yh5eZ0ZWzG5fzhbb13F+jMktPikyWzCelfCVyR8I6/ffsbNgvW8e4HzLmifcuen2ldd6PT6ZTAPxeoS6tWXqJf06B696VYiYWhg3j9HFF7pmW7V+Wlfg/mw9mihnSH3PjIXVY6xmhj9HrWr+O38DS9wGmGR/Qa136TUGGsTCbzL8jQud2I269l9uVF75oFbFi+cGdubGGaP9J0wB+9In449Esygj2zlMtx4doo8zTp338ASU9b+w== +sidebar_class_name: "post api-method" +info_path: policy-kasregistry +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetKeyAccessServer + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-get-key.api.mdx b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-get-key.api.mdx new file mode 100644 index 00000000..4da87f89 --- /dev/null +++ b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-get-key.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-kasregistry-key-access-server-registry-service-get-key +title: "GetKey" +description: "Request to retrieve a key from the Key Access Service." +sidebar_label: "GetKey" +hide_title: true +hide_table_of_contents: true +api: eJztWd1v2zgS/1cI3ksXkJ3vbNdP6zpuz5ekDmynQBEEAi2NbG4kUiUpJ7rA//thSMmWLH8k3b27l+1L6uFovjjzI2f4Sg2badp5oHcy5kFOrrtjMoIZ10bl9NGjIehA8dRwKWiHjuBHBtoQI4kCozgsgDDyBDmJlEyImQO5hpx0gwC0JmNQCx5Am3pUpqAYChmEtENTq6v9xLQqVLWvIXdf4UegShNKEV/AXENOPZoyxRIwoNDoVypYArRDe1IICEzrTkkjAxm3voHSaLJHOdo9BxaCoh5V8CPjCkLaMSoDj+pgDgmjnVdq8hQliSyZWk7DTXxANIgsoZ2Hk0aYriDiAmw4Fo6byMj+LKSRtJBGPRpIoQ3tnCyXXsOfCU9AZqZ1qxuevN3ympCdhhrH5REuSKLpcvnoogXafJJhjooCKQwIg/9laRrzwO7o0R8aZb02LZLTPyAwuPsChpHdr1RhJhgOGvl4WOHWRnExq9jPQ+rRSKqEGdqhWWZ/1+2fzIFkgv/IgPAQhOERB1XGGtOykqh0udyQvU6GByQ84gbUDXwC63j51ZNNwbd698T0YK+DT0z7W5ys2rliqdrqBG8x12XPboV23aMJFzcgZmbusm5zuarKkrZoyhTfpwiX63qqTipe89ExV7Ui5RETcCOg+/PlyQaqrrQJX6jDgtTgqpooXBCb68iIxrEw5PiDxXcVGyIWa9iU+hW0gZAkoDWbAYmkIjqFgEc5FzOrgAWGL5yeTCMRUXZwRZgoTalvuk2z2o5D7gJSsjg8LOCYvsvc0Qq4BYEXrg0axHSeJLgQNNH8lgk2gwSEIeNcG0joEq2tQ6kl6FQK7fbq9PgY/9RVjzML8Q70fg5KGiV2vVGiTPsufk2kKOAMwoa7UhGGm9LeUt4/V9RL723g8W5A3J7Rhb4DpkHuH5bRjWdScTNPNoz32WphpwSvobs4I2n35stwNJj889a//zq+6/cGnwf9K+pV6KNx1z89Pv/YIJ4f/3ZZI/Z7/t3pRZN29vG8Qbs4PUH8QgfGhplMb3qlHfUnXLruf/fHk+7kfrzhU2Wh25sMvvXrtNFw0p30r0qzbmUIm0YlSNuJXmOLLhw0mcvnNYJpkthKDcmHWAYsJlIRBYk08MsBL26HV/0tPlhyb/j18+CLPxoOJ/51/3t16W40/Da46o+2Lo76t8NJv8Z+/+lm0EM+f/j15rv1P82mMQ+uIe+Zl2oQHB0r2Q/My8FQBEQblQUmU0CmTENIpLBBSZVc8BAU4UkaWwyzQHOwEFNI9lUSLr/xqPnENFyeExCBDCEkzrHyyLnr35LiXDxw6GCsFF8wA1uC5RZ2RmuYOqH/tWi9HXneczojKmNy17H6WbE0dQcr10hpI25ZKoTlYbDDjIJr6wGxCtLGhhXfWE14fS93KM5JeQISHpGyarEMb4a97k2bjOcyi0MipCFTIKkCjUfoBq8rk/abtt9tTk+KiM/q++9W/MAt7XTNfZq5TmwV3+rO//kTaum97Rq6tJeAiM/+VZz5u7gdl2+vBpVb5DQ3VojDPLVPQsmC3GBYyAyrhm9F24xbTyaJFKSyvj82gQJmIOyaqvSC6DPTkL9eIhoMmeZE2+aXfMBWxuTkeS5JwUSeeRwTBYFUmJVc4PWNZSE3BBYgzFaIf2FYx7a9P8Ej7qR9fHx8dn58fHKqsblfBTNkBlrYAWKMsjRsulEQt7mxXtrjRsH0P3QjZlOI9bY7ZOlTwbGr8HYn1ILFmdVRD4Qs60zPpTKkuniovA9WfwwzFlTBbSplDExU3XEsO6t/IEK8Z4MuRjYJyxGYIpkJuxOTq8+aPHMzl5lxB9SqpdZ/tnZIxCEO9d8l9HcJ/d9K6Inp+/1jC+zdyunEAVWbjbhrfd/bibuvcErFSK2l9wh2yIyLcoSwq3fFXtxGMWJZbJotd18pqf66hjsom5U9CSak8S2oYGKVbUbARACx7acy8STks5vNLljMQ5+pWYa3TVsXLIy5AB9eAoDQfrAW6FEWK2Bh7tvJBSZeCirhGmesfgiCgxuWaZmpAIXMWYZRw5sD4zGEfoqVU9ziUN5UKrcuM+PLyFdMzMBauboE22UuDCjBYrvEFozHbBrbJo0Z5sfSjjUywTIzx5pFoA2bA3QcQ7iOk2AoPfI858Ecsx2vilM3lBFZQmx94IDqYSblLIa2SoN2T4bw2CC0HTjb6dO2valb0CUhLCDGTW1FLMD8AsyRcn7VNIkL0hezmOt5m3QFjrB2fFr5xjag/N+YriIk7uIrbCJXzXcdeTsEw3isH/csufPDw5Z2LXqaW4lBzEGYtgMTZD+cxm51M1RLr4ClLUFc3zu5YCp3yqbZbJuu7RBgp2Q7gcU9R2yeoRYCtAV4NeVGMWVPBl4EoIw7i6WY2aObMPI7mkPMnJXwOQXtJvxIL0aeTSHtCg4W+2AfKaZZ1O6KvDagLF8xSnB5u0v2C2eJApMp4baxENghc2NS3Tk6ChwBMyGQyVEoA300k0c23fTRP5CtpaDoqVhxPlgkTMDMpXtkspPRlGGzSY/e/eZ0tHpzcmexe3DKVEw79DWNmcGU6IswlVyYZaPO+g4RyTAFMbn6TMovyP3oxiM6C+aE6ZW/5WrbZvfcmb5giiPIuInEhkYH9QXqN1eX9gFHQ5ApbnLaeXj0KIL9aP2kU1hYdnX0LGIfL6LL89bFrye/ts4vLk9b07MoaJ0Gv12eRZeXLGKXmPdcRLLWfjYi2wgGOlM8m3Xo4gSl4PYkTKyfLegq3rVvK89OP//8WFSogReDoebCXtKURQqXIA/vf5SkXmnyo0ftlnUe6OsrTlTuVbxcIvlHBqqIfrmb+GvplQ95mFMh17gQbr8mVAPwoZyR/EJ2eWWnzvteLQuIoxRfdd6u+m36am+NNU0rPpTXmqCoNUfjSrL+AjcgNXt5HytVfzccT6hHp8WTpR2kdqhiz3gtYM/OEXfLtGVlaa80ZmKW2fOTOpn47z90j8mA +sidebar_class_name: "post api-method" +info_path: policy-kasregistry +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +Request to retrieve a key from the Key Access Service. + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-list-key-access-server-grants.api.mdx b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-list-key-access-server-grants.api.mdx new file mode 100644 index 00000000..246802ab --- /dev/null +++ b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-list-key-access-server-grants.api.mdx @@ -0,0 +1,75 @@ +--- +id: policy-kasregistry-key-access-server-registry-service-list-key-access-server-grants +title: "ListKeyAccessServerGrants" +description: "Deprecated" +sidebar_label: "ListKeyAccessServerGrants" +hide_title: true +hide_table_of_contents: true +api: eJztWm1z27gR/isYtjOx7yhacl4m0cxNqnOU1GMn9kh2p1dLVSByKeIMAgwA2tb59N87C5AiKcmSnaT3ob18iQUsF4t9xwPce4bOtNe98s4lZ+GcnPSGZAAzpo2ae2Pfi0CHimWGSeF1vXeQKQipgcjzPZmBojhxHHldL7PfB9dUq+Lz4ATmvTAErYegbkCVbPEXCyE4ZdqskHxQVBjt+V5GFU3BgELZ7j1BU/C63pEUAkLTOlfSyFDy1j9AaZTM9xiKlwCNQHm+p+BLzhREXteoHHxPhwmk1Ovee2aeISeRp1NLaZjhO1iDyFOve9XZoI2YCSAmAXLjqImM7c+CG8kKbp7vhVJo43U7i4W/tp8LloLMTeujXtvJ4yVvMHlQUOOofMIESbW3WIydtkCbn2U0x4VCKQwIg3/SLOMstEY++FUjr/t1ieT0VwgNGk2hSxgGGmevqUbHWJJpo5iY1QS/pnrCojVhz+wflI8Eec+4AUVOj4cXZDonx+9Qv5Q4BwMFETmBOXEORJwHBSNBjmMigJkEFGEabXDDIoh8MrPeRWIlU0I5b/DpDTUxkjgvJtQYxaa5gZEgbnuaUAVEgcmVgCgYiVJMEjPgEUlzbcgUCCU3lLOIXF4ev+uOxOfPn0dCs99gzyRM75OffiJt8vvvBH8FKTVhAnrv2VW79Ya24l7r/fj+9aJV//niKT87h4tn+8WiI+EtfNTxpWK7rJAr9gQzXA6OH28HKeCPMALKtGaCwSnZg2AW+ORZYkymuwcHEaQyCGV68GyfxJJzeQsR7olGEStYaZilIIwOSJ+GSfnTcdeGKkOoiAiIiNwykxAqCOVZQkWegmIhCROqaGhA+SSkgmAwUSZIMs8SENp/gBgnREQ0pzoBHezyHIZW3Vsz9SebVrbb2qYe30vp3SmImUm87uHL5483Pn7+NOujyf5L5h80PnayLb1gxS5OGah/Lm+ZmNUsIiKSiwiUDqUCTaa5IUIaQrXNmDFT2hCpCKfaVBYLyEUCRBvZWP2WcY6rC6lSytlvEOGO0M0UCamGnZZd5oR/X9HWb73Wv9qtN+O9t93q16Q1/qE2t//2rysxn9EZE9RZ8n5p+9roQ9ZGT9ma0jlLmak5GBMGZo1i5Ch8L8b9G0fy/HBbchmCQRWFUsRslqMyI4hpzg2xvAiLrTFKDxoJ8pHesTRPi3kNBmtZxqnBRQtGRYzGUoUuwLVrOjQqSMaxhu37KEiespF3TmyIVkX2FgvfqxLMeU2lMeUacLpc98GeaOBqtLeV06p0NmhlbN3TsSmiR5OYU0MU6EwKbQO6CEwjbVgWMVjEXUCOzUiQSIK2O4M04xJ1yiE0UmkSS1VjoDMIWczCFS4YQ9Oc8QjDaiSqACdGAcY1t+4ZYOaoSUOuhbwVNrx0RkPwqw99ZHlDeW7ZKSACwGaZXLtuBzcIoWE3QD70L0jR6CBbnN0sZ+At0CLNFtIOOGXZSDhst/G/prqHuTWba/a+RwvltFCjo0rROfaIBlL9iBas6Um7P2BbGzYWYfTk2/uJTb1EL4oUFgdbN9AZmdCGihBG4n+0cK/kcruLt92Dg3pSr/4ejUaj1vi+7b/qLBqpfQ9ngid+tP/DXhe7wvGP+2/3DoIfNlSIfMpZeALzRoGwg5NrmG84P5THvq41H+onoTdYbLlhGQdyDXOSUab0hhoiBZzF9hjXdLaQhglEdRGKkdXlnWR2DWe5yuZMuARt88ZRrhRaPFMQg8JScrM8xO0MlG8IswzSbRGB042G63XnzaHvpUyUA53VHd+9bL8hveGnoEOKVII17rz/kYC4AS4zwByXU87ntvXbHrfX9pRVE+D5juV7JBfsSw5F00RYBMKwmIGymR6dG62BS1M+w6WFtMmuOCq3x7WShhTrC7ikTvlMKmaSlKDsZVw2orpCAgiIUEa28SMX0oW0j4lcA0npHDPIZ6Vp97D94vVnK+hg2GtNqYaI3CqaZbgVKrCF+AxhV0OYHb58pTqOtn+0QurbRjCVCojzMV2uQqMIImwPXbkJKvdaqr5QhHfSG07OL38+PT6anPR/mfROP0z6ny4/Ti4/Dc/7R8fvj/vvPP9BqsGwN8Hd7CB50X7zagtJ/2gy7B+dH758NejsJnv++sVjyF4edgYdb1zvXU6oPl8mlif1KVV+GQnSsymmFvM2v8oUCNVahgzJSAqGRtRQa7o4V+6w79zUFVuvJpkN7yd0Ycs8VDUBV+XgGPGbZvwrSKXZevAqKFb3fU11faO54qRFZHmm1UyEYHMt5Vqi4ykwisENJjZGa1/+X5XRP66Kbqidiw02rTtJMThGWG2bs/melrkK4cI6TFUB3ejE+tGqt9jzpp0vYcaT3rBL9o4/XfQHn3qnPun/0/21vyUjDc8uB0f9ycUv5/2VLFSfKXmuDJcLYBSg9558U938enAKVYHuXephFX/4miYHedaCscbaJBQDi0sx0+XZ4aQ33NlVLKtbXYJq8GEb9U4/nA2OL/6+Wieq8VplaA4WtaAa7B9NMPWvjT1//WJt7OVhZx3zH+ZZJhUmXZuMS/F18MjOA02xu0HalZ39r8aT0a4OOX7AVWoxPWRpxuHEOvb2ErZormsrzOrKJ9S2SbpeuGzOtA0UetDCL64CHt5Vgdc9CDtcuk6txOUK31yesHCJsljW3XA5tsr6SKapFKQ2v93JQwW4sZ5pNPJucELNGv9qykI3BTQDiuxh8TZzcptIUhA5OE1BKBV2XEzYapNHzBC4AWE25rk7ija0d1odtEknaLfbz1+0251Djd69RHQiaqCF9yH2VJtF69soBjdto5raso2C6A/cBqdT4BtT7xKhcxQPOffDjmhxFlyjqYiqXUmkMqQ++YSOawXzelr7uBbT1Q1mEWAWOPrwjWjKY8CR+IvYRoTT9W1bkSByd69n5bJP2PoRFRZu3gCOIY7KhGVU4WT1rnj50aTAmdBc5dd/KquprCVlTVmW6E9FNRVlB5ZKejjEl1f9X3VOrK84KzlF1XQJ2j7iLmRHeXOY0tnuK4OCcvLYq4MC0YeIVOKQ4mNMW3D3mFWR7NFLHlEe5rzqQ0o83N2k/FisjmYt7mD0SJB+mtlyBsLd5ylI8UBHY7wWDEvIjc6cF0hD+VaBHcVOUS+QjIQyFwbbGiyqCghn2nyn6xQH5n+9/9lLgkJN61cBfaWk+n4XAYh7bcoA9S5BSDOJZS4i7A7Kk0SIPSC3WEYuLOZmX5hYgGBC1SzHs71VPo04EzCBu9CCWp5fY4gwnwIazSdwx7R7oAMqZRrB1UkEghVoSXF8hbuE5tq9Eoop4xBNUHFSOE0jv6k9UiA6nKP/ThQVM7BS2hYcxbLT6EDK3U3mgt5QxumU24aYGjrh0l635ILmJkEfccZZO8O4q1pqck1QlT65TRhiG4nMeVTcFqPKXDpDh7uaSTnjEKgsDI5kBOO1gcC11lqj62+wzSriGYFDblUrpiFCkYA+QgoO6yIxQfpixplOAtITc7zT2vxp7Rsuw+LW2aIpBW6MZ4K6+EOriSACQxnX4y1T7nGLTfQV6+nccgw5A2EC1xEi+W43NiXa0VBVWUk3KXGZJaZMUNfPRTDNZ5vW2hzIthA8mDHc87DVE5CFrLTt0tWUGUWVbe9ZoYBS7xQRgQIFI3+zCLaFChy7Kbj3A3a8OJmtMwlqqbGwg300Ns3joCfmjQpaviork8vjt2S/cJKUzyfQjAXDLimBtdANoCcgSBjJUB/M5IF1N33wFyRrKUyC6FoFzFpmwmbttafORLqXgfbeOqN41+AdPPmh4MG2h4Lu1OVeCeaKe13vvnwK0BdRJpkwi7Vg7Lu0Sc4yEBfv3lePBy4Hpz7ReZggul8qpZwNbAgkbjc3VDHMRO4CaGVFVw+K0rA+u7Cv7jSEuWJm7nWvxr6HFWFQvcMrJKy9o6tiooTNGiPu6U811Gx8iocb7ertQxuNhrdnjb5ozTRrqsOtF5dqXe+mY9EdqU1K7TrFu8ZtBmuwqz02bL4tLWLbwJ1B/TPhbp5tjnGOdPX0F6eev0Wyse9Z03avvPt7vAm6VHyxwOEvOajCSqXV8dfCL19pou9FTONEtLlzqO9zb1DgxfvkoY0iPLn1SWqRLz0PLyMev/Tj1ms8JG2stKRDfq0LB1KXFGv9TfUFqjszW2nHtYRxfja88HxvWrxHTW3z4yl6iz0GvXUbcbiDu3/BsXuPUzHLbTH2HE/89x+oro0I +sidebar_class_name: "post api-method" +info_path: policy-kasregistry +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + +:::caution deprecated + +This endpoint has been deprecated and may be replaced or removed in future versions of the API. + +::: + +Deprecated + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-list-key-access-servers.api.mdx b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-list-key-access-servers.api.mdx new file mode 100644 index 00000000..9ee15e42 --- /dev/null +++ b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-list-key-access-servers.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-kasregistry-key-access-server-registry-service-list-key-access-servers +title: "ListKeyAccessServers" +description: "ListKeyAccessServers" +sidebar_label: "ListKeyAccessServers" +hide_title: true +hide_table_of_contents: true +api: eJzlWW1v47gR/isDtsAmd4piZ1+w6y9bN+vbC5LdBHYC9Bq7Ci2NLV4oUktSSXyB/3sxlGTLL3Gyd8W1QD/FIUczw+Ezr3xkjk8t61yzCy1FPIPT7gD6OBXWmRkbBUznaLgTWp0krMNyTxTecmsqmvAUZ904RmsHaO7Q1N/SfyLG8ExYt0ZiWcBybniGjv7pXD8yxTMk9nwqlJcWSpEJxwImFOuwbwWaGQtYgjY2IicC1mHn/geXQwUDdOA0xFpNxLQwmECCE15IB54PiAko7SA3+k4kmAwVfOEPIiuyat+iA6Egl9xNtMkqRsBVAqgm2sSYwHgGtjwUHcDGKWacdR6Zm+Wku1AOp2hYwJxwklbqIxBH7kqS10f/S8eYz4NttteTicWXG/9TqSMm6/q9zEwLaS+309MS5/NRwAzaXCuLluQetVr0Z5XXoPB4ZAGLtXKoHJHwPJci9iY4/NUS3eOm/nr8K8akbW7INZwopdyuQ3z5BTeGk/2Ew8w+z0kkDRrrjFDThrFEwuYBK4zYRUTb69brJolBa0FPgHsnF8o6rmIcqqv+CWSFdTBG4HDHpUjgqn8GexhOwwBepc7ltnN4mGCmw1hnh6/2YaKl1PclnHiSiPJqwOI0Q+VsCD0ep/W/JXfruHEVFhO4Fy4FroDLPOWqyNCIGOKUGx47NAHEXBF8HRcK0lmeorLBE8S0oRKwktsUbdgZqpubm6FyqbBhxl2cot179S9/io+dw8NrfvBb9+CfrYMPo73l7+FwODwYPbaCd+15g2L/4x7thN/50f4Pe51r+vnj/se9w/CH/Y9/fbVf6TVUdIV5MZYiPsWZv8jq4srF6BY3/e0T5gZj7jDp+Osj+6T8DiErpBO5RLjFGeRc+PC6DjGt8HziI+0q2GIep5g0VahW1sWXmnkZ5c0t71yo0nEpcsBxYQzdeG5wgoYiGHkD8dhUasOD/oDX5Jjt8gjaDljGH85QTV3KOu/bH44ClglVL7TXT/zwtvUBuoOvYRuqGEGh9aL3BVDdodQ5BlDYgks5o/u83e23tL2iwOtnxHehUOJbgVCyApGgcmIi0MBEGyBw022QaC6nJFppH8VQFRnrXLdG86V0otgUcKv0PTngVBvh0gxI99ovV7x6mawBVawTTMKhgktdunQALkWLkPEZRZAbY3nnqPXm/Y1XtD/oHoy5xQTuDc9zOgpXlLluMO5YjPOjt+9Mu6TtHa+RBjAuHGTaIJQYs7UUniSYALegEEmfJbwWpq8MwU67g+ji6u9nJ8fRae+XqHv2Oep9vfoSXX0dXPSOT3466X1iwZNU/UE3otM8Q/Km9eHdDpLecTToHV8cvX3Xbz9P9vr9m5eQvT1q99tsNG9c9Cm3F4vAErDlHV40vGXCpcWn48tQQdeHmIbP+/iqMwRurY4FkUGGjifccX91k8K4FE0N0zKLsoZm3r1J1R06NU+yiEMGvxXCUJC6rhdHVLas+r/BTDvc5YEVxfq5b7ltHrQwEg5A53U+EypGH2u5tJqAZ9AZgXcU2ARvfPl/lUb/vCy6JXfOt9xpEyTV4ogqwV1gC5jVhYnx0gNmmQHL1cjjaB0tlylCuU+FlEuRHKUDeydfL3v9r92zAHr/KH/t74hIg/Or/nEvuvzlorcWhZo7Nc+15VoAeQGh9/QP5c1bbq92F5O33EbbCkoyBcG7tgPOoKyAoSyBf0+RQzwbzthg7VJOjiW1mlpqkSrTP1tVLLJbU4Pl4tN31D37fN4/ufx5PU8s1xuZYXWxygXLxd5xRKF/Y+31+zcba2+P2tR2r7crea4NBV0fjGv1bfjCyoOu4vkC6bno7OF2slsYt5HYrB7pXk8+7YBKw6cHIsslnnpg705h81W5PsOsSz7lvkyyzcTlY6YvoAhB86DqgJ8+ld/f0Y5elZUakTXCwqLDIhF1smzCcLG2zvpYZ5lW0NjfDfLYIB2s61YK+XIx4m6D/3LLTwyqiQAa2KPk7WZwn2qoiOBeSAkGY22o4hLKZ5siEQ7wDpXbGuceON2hHyu16U7aYavVev2m1WofWUL3otNPuMMDJzJvoyJPNo9RLW47xnJrxzEqoj/xGJKPUW4NvYvBUEnxFLifBuIdl4WXsWqIZbmSauOgufkdFdfalO77yscNn14OEVeLwIh7qshWcxIKTYvJ00qaWK4+i/+y6TwvB0m7Zk0VZfTSmVMfvxVoCT9LdaD6mAIHPrxEKpG9WOQxl3Ehl4HKlCpUE74fK+mgTT0btEMFvSz3eEcFSiuqUjOq+PjEoYG47sn51IPHacflToVLimdVvSQyiHWhHMU98jqDIIV134O7bRPifjXBeyYBzOfeF7wZNod8PWO0+c+N+Kjx3eaczTChtIsmulAJhYe6lIgpCUjfzBTKN91+tOo7hIibaUHFvTcuT6RQGOFD7LtaFjQYUp9vkCezCB+EdX6IjiYTlqYrUYJKVO1SVb/iQ8oLgi7dIxcSk4g6PK1KcxK/sa8paDxUED4jw9UUvZY+B5NafpsAYpRHRKH4HReSj6XPiNzxSGo/SC0UL1xKGPBd5GYR42tnx11hgUwZwH0qqLlJdSET3zQpIJOBj3IEqOup1lOJocnj8FgnONpYCMvcai1Be8vdrI88EixHN+ZgwmOaRSBhBCoOmyoJBT01lcKmIXTVDAr7xKeNb6SOuRS/0XiC2qlqcERFQVP9gbdEmKDjQtrRji2YCJRJQB6/ZD2eeY6xFKhcWKYEIn8exq5ud1ZMNQ+q5LLFiIsoMBaKlwE9wXEx3SZru7c6U+DTEYF2N0sg37Nan6bNWDjDjc/vojJAbXdOLUHVBsPf/AjL9woluzFabye/XpVmm0zCRuir7iE32ulxMQm7arZSnh5rpTB2UAeXlx/Jf1FqYtAVRpXXWDHsQN1Zx+UCIYGmBImO7eFUH3q42cO/ENmBoWkNQauas9SRsCnviZe3DF2q6S1v6rNRzmn8yA5vcXZQpuYDu6Ctf9HguDCSddhj/bbUU0muhXLzDS/rlfEQznNUl59+Wr5GXfXPArBFnNLcrj5tvRt6bKfaklJ33AgKMeVod01iGeirmL+5O/dPQBbjwgg3Y53rEQWwiV6pLTaeMTdOQVpUk+sOu2v7OkVbl3GfM6o3sydMvMJp4SMOHxwdV6jyCcf7amn+a7bF/KOAeXN0rtnjI81Fr4ycz2m5fJGjS0mEJTsl26uyx2Xq++8+lm61AA0Atj75VoGIMRrz/a4T7nqRfJkui2ptqcxoiUtC1TxgKfIEjb+IkgEBIW9+tVFvEJeFB37uXbL5/N/iPuI3 +sidebar_class_name: "get api-method" +info_path: policy-kasregistry +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +ListKeyAccessServers + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-list-key-mappings.api.mdx b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-list-key-mappings.api.mdx new file mode 100644 index 00000000..d48e6bab --- /dev/null +++ b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-list-key-mappings.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-kasregistry-key-access-server-registry-service-list-key-mappings +title: "ListKeyMappings" +description: "Request to list key mappings in the Key Access Service." +sidebar_label: "ListKeyMappings" +hide_title: true +hide_table_of_contents: true +api: eJztWEtzGzkO/iss7mWnpiXnMfHs6jSe2FuVSjJ2xc5eHJcKItESx2yyzYdsrUv/fQtkS+pWy7I8yXF8kZsEgQ8PAiAeeYCp56NrfmG1Egv28eSSfcGp8sEt+E3BJXrhVB2UNXzEv+BdRB9YsEwrH9gtLlgFda3M1DNlWJgh+4gLdiIEes8u0c2VwCEvuK3RAXH5IPmI10nY8Ba8a2QNP+Iin6JD6FYYViw+KR8+4uJzI4wXvAYHFQZ0BP+RG6iQj/h7awyKMLhwNlhh9eC/6DyBL7giDWYIEh0vuMO7qBxKPgouYsG9mGEFfPTIw6ImTiZWk0QZVNDPsEYTKz66ft0z2CmWymCyyzxTM1umz4YbqxtuvODCGh/46PVyWfT0uVIV2hgGn31Pk8ORd5g8CTRkqoIcWnm+XN5ka6EPv1u5IEHCmoAm0L9Q11qJ5NqjPz3xeuwjspM/UQQKA4PnZfJX7SgkgkJPdEq2qH1wykxb+JXkBS+tqyDwEY8xfXfxX82QRaPuIjIl0QRVKnQrW1OYBsscBqdwjny53OK9CYZrWrghB3QB3mJSfHWKPouDtbsF/2GvgrfgxzuUbONck7SxZsY74OboeVpg2i94pcwnNNMwy1G3vd0WlZZ2SIpO7RNE2105bSWd6uiYidtSaeWGAnDLoPvj5TYZqiu0n8hIRspWH07bgaIMS7FOhAQOpFT0AfqihaEE7XGb6x/oA0pWofcwRVZax3yNQpULZaZJAIig5llO9LRI+fbDKQOzgtJ1egqzjsdxscsgNUyVgQxjE6Wt1W2oF+st1tztBJcwpsxuSwLpdwR5V7BWlQotXygTcNpJPpmi5XVlwts3PUDndTbyN8MuMVUYYU2pppG8JLGEqANLvJgqmbEpc86VRPnNsM/woKpYNfseA3mx1hBIaMMo2RhNaZ1AySYL5nNp8XxZcFuWHvfr0ZC8RJHTDBvlNuTnAqsdA1uVrynB/Jnzy+0KlxZ8bY3Pjnvz6hX9dLFfxlSCcy36axm+lzbXJXtDDM4BBbYKWPkDmDx/25cF5cKv+3MRpdCUcoqUzXwNAr8f3QGl6wWlKndGrJG1LHh5Z/bxp+1dAsqo9YLdRdDEXjJS+AkZrVgja6DMreD5St19cdYtGcmi42rTo3VxfWoSy5rUp+YRJd32Jv2SyhCCU5MY/nbOj3LO2qLPO2dNSklXmcT8CT/NQce/ffSjfJSs+RL/pAM7XdPiuqkcBwO5xcXTMK66DcL69UeW/r4mJNemv9aFiOgcmnD+fBVvKMeHVvOm3KJkGz1Yc5jqCD4cIpXIDhb5HrSIGkjmvQqzdX+Wm5ufG+nMulVb5L8ZdlbVYcHuZ2iYsQaZwwqUYVAGdKxRmlRAQh1sAL0XcKZ4FuoVkTFho0m+orvosuu+q8PJofBsi7MkOMkC/U7mzDnrflwfI6zc+Z7CB6hqjWmCYmwYlzYaSXOTZiLABRiBGimJRXNr7H2eRMxBKzkGN40VoSNFQGplcIwPAlGmAxuGBQftEORijA/KhzT+QFcpTxOFsUSjMD8NvY1OEJMZRIpaciEojXJcOxTWZHMSv4l1ed9GCs2xAzPFhFKRRgQrbVNsOJOCIRqYg9Iw0UQoIcBY29QtRgMxzMj9guK2PziitOEDhOgZmbJg9zMlZszPbNSSTZCBYWSynNQolq6n1k41Dl0thu+txJvewpBCuXlr7fJNF8EJkzhHTU4dlCDo7YUUI6vXWh+SMuzMTLXysyE7MfRge+Jo64y2ArT6H8r02vB06ZqxWBv+ZbLEUGIApf3Nni1WKtSyoMu+YT1ZJI5CKzQhWSGTPx/GeXfbVKtSvsuI6wQwUQbcIgubxOkuWbtva3p8PJkM8vBtKwFaE0AZT0EBbqKCA5eea6oxwMruoK2Z5iQJ7DeCw8IMAsvsJujzPIvWm8rdZzJsZb3GD2kkN4nl8MR0i+lqZrdKLoerlE5kJA5DdCa7sWE4YrMQaj86OhJ5gSJB2OpIWuGPpvYohZs/+geRDRzWDim0oJlRpExYYZjZPFtNr8MaaPDBj148aj3qj1p9ostz1ug0H/HH1eP6zMjaKhOWvQt3llMjO6/RXJ3+Z/Mc//rlU8F8FDMGfq34aneYwnyWdZiDU5Rt8ohjS2LO+U367+8u09zSo4hOhQUfXd8UnLL+l80ks0HYn580Q41Xm7nAq2WR+lT+toR/vSuPfxm8+/X1r4Nf3h2/GUzelmLwRvz7+G15fAwlHNMlUaa0nS6o54aewUjhZqI84vPXqaOyPlRgNhO97Vq5zaQ1mv2OYX1zsQM+BHKMMoQlOf6xiavrl4/wedEDf1Pw5OnRNX98nIDHr04vl7R8F9E1TlsFAX0ti9XYm0JRKk8bcvc0rm2Kf67mfT+xp9RLA959M/4mRXJOM9DDRR8mrzOZ70ha0xG/wRWx2lD0WprNCfJEHfbS3rSyxsX55RUv+KQZ8Fep3+EO7qmtgPusiE36pduY1h65BjONqf7yzJP+/g9O6kJR +sidebar_class_name: "post api-method" +info_path: policy-kasregistry +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +Request to list key mappings in the Key Access Service. + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-list-keys.api.mdx b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-list-keys.api.mdx new file mode 100644 index 00000000..d0f7a954 --- /dev/null +++ b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-list-keys.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-kasregistry-key-access-server-registry-service-list-keys +title: "ListKeys" +description: "Request to list keys in the Key Access Service." +sidebar_label: "ListKeys" +hide_title: true +hide_table_of_contents: true +api: eJztGl1z2zbyr2BwL+kcLcsfcVM9nSIrPdV25JHkzGRsjwKRSwk1CTAAKJvn0X+/WQCUqG/FbW/uoXmJBSwW+72LXb5Sw8aaNu7prUx4WJCrZp/0YMy1UQV9DGgEOlQ8M1wK2qA9+J6DNsRIknBtyBMUmnBBzATIFRSkGYagNemDmvIQajSgMgPF8HQnog2a2UtqT0wrf0ftCgp3Cg+BKu8uUVxzba6g0DSgGVMsBQMK6X2lgqVAG7QlhYDQHN0qaWQok6MvoDRSG1COJE+ARaBoQBV8z7mCiDaMyiGgOpxAymjjlZoiQ0wiT0cW0nCT7EENIk9p4/5kTUKXEHMBViBTB01kbH96bCTz2GhAQym0oY2T2SxY42fAU5C5ObrRa5wcTvkSkq2EGgcVoCZTTWezRyct0OajjAq8KJTCgDD4J8uyhIdWp8e/a8T1uk6RHP0OoUH9C+jGVl+ZQlswHDTCPTGNFjE/oI3iYlxh4YnpIY9oQGOpUmZog+a5/b3MxieeGFDOEEeFM8Rmn3Qu6Wy2AdnCCO49CY8o+zXaPltl7KbOKiygKRfXIMZmQhsnB1JnT67S59GtUGgJ2UzjneL7SMwVX6NwIU+7eRDBd73OGr3u+Aq5SNMj2s8KtVA0k7FU3ExSS3OJB4ohm2/sIWYO+CAGEyBLZ0maa0NGQKSA0uEia+ERmbIkB11rPIhv3749CDPhNmbd1wNyEpDTgJwF5Dwg7x89wAM6+KpUvcPT5vWv3V5n8O+b4d3n/m271fnUaV/SoLLe6zeHp/XzD2uL5/VfLpYW263h7en79bWzD+dra+9PT9AMaAJjFhYVvY+kTICJiuI9yKo0u/YPlhAv1lgq4kCthGlARZ4kbIQ4MELOMOKOuWDu/EJpldWtd9zOYYiPJPY+VItNHDIuL10NGMuGk/CUmwq3XBgYL4U6B1Exay7M2elWyh4E6YNNYKEUMR/nCiK0FJYnhlhchMdESBunpzyC6EGQG/bC0zz1+xoM2k+WMIOXekSEiYiAiKUKIUJz1S6DaToLqIxjDbv58CA/wsilIxuiVZKtr7Io4g70tiLSmCUaqq5cJlif2unOg6vE4GHCkoQwXaQpGMVD564pE2zs5MCIziDkMQ9XSwRQRCryzM2EMDLmUxALH6czJHI5Z9sFnUmhnXGc1uv43zJJ/dxe4LLr23LWWqS1BcgCkCnF0L+4gVQfhOCgVDcLMB6uhMe9HsJ3ot6QMXulTN19e0iDYrgfxxti+xzD/2+ofYKib5jJ9SpX2q2+gaWr9tdhf9Ac3PVXeKpsNFuDzpf28lqvO2gO2pclWTcyglWiUlzbRhLpOxcETSby2YbhJygIXzjqu0SGLEF/VJBKAz/t4eKme9newINdbnU/f+r8Oux1u4PhVftrdeu21/3SuWz3Nm722jfdQXsJ/O7jdaeFcMPu5+uvlv8sHyU8vIKiZV6W0pJdH6IsQvOyVxQh0UblockVkBHTEBEprFB8EFWEp1kCKQhT5rrdjphBusuTcHt3sTin8CPTcHFOQIQygog4xpzCBLlt3xCfIvZFeaSQT5mBDcJyG1ulNU/kf5W0Do88B4kMM0vncl5jLGUj8qxYlnExJrb0e4KihnHLrkJ0BcUuMjzU0IXiLUJaUZg/Y2/CZ1+poaQgZULDjF16LbrhdbfVvK6R/kTmSWRz+QhIpkCDMKuwzk1qB6nfKadlK5Rl/budoStetrPW8lWSq+VK+VY1/8cz1Czwj9/tUO7FZHN6zMe/+RS+DdpBDW2mrxRUo8JYJC7mqV0YShCEBsMiZlhVfPO1Vbm1ZJpKQSr7u2UTKmAGoqapYveLQ2bW8C+2bBnqy0xQ5B0Iw01BnieSeCDyzJOEKAilQqvkgjBBWB5xQ2AKwmwM8S8M/dh2hE4wxZ3U6vX62Xm9fnKqsR80F2bEDBxh5wBllGfROht+cRMbi60dbHig/yEbCRtBsrGim782HMQ2x9tuUPYRincsC0KWfqYnUhlS3Tyght/t/X/CU7EjIiybQRNmfT5lBQamWObCamJw+UnbAl7mxiWoCBUYc2zS/UHfITGHJNr/RPzbhf52ob/KhQ7vslWf1Ff2xbj7Jb3STPPNkGXOBtVuCdOuY/KWtsxSN8Y9oN/WjglzpUCY7v52hoccHtrW8O0HLHcXxPrDWB/AyyG3ItjBV7ZYEuaJ9w8zmTeqXJfnn/52fBL5/pB+EKSdZta3QBCBvUYFKUN/irGl5plGFqyhGmlYspNgB7GX1AGCkVDmwuoKPVw51b2t1eNs4Md6PeUp7J0xstI2CrALZhgXrsxemNVqYwi7ZBUNc+E4d946s85tZb3e2GkrJdWf19YJyzf0jrgnpBnaXIfxrnz9hkyEkNhnfi6ehHx2o6YpS3g0ZGqc4yPIapBFCRcwhJcQILIHFggDyhIFLCqG8MK1sfMtUCnXODIaRiA4uHmFlrkKEcmE5egfaCyMJxANMwzo/nGB+EZSuX2ZoxMMFRNjsFTO32Z2G61QCWt2uWBTxl3TN8BAzoaJtM2zXLDcTNDQMP9H66NADE6uEUJQlAF5nvBwgkEYXzAjwBSDInPtdzSF+7GU4wRqKgtrLRnB49pCzdUMWqP/bNDNMgVNEsEUElTqUcxCtDxAGyEewzpJXJC2GCdcT2qkKQqS6y1HK2dsX4T/ByJruu495gaeVfJdo6gWgWE80Y87tlxZE2BYWaD2o5Yw4SBMzeU4BN9vxm53VVSzwGfLDUJcPIe4YKpwl43y8aa7NocH24vdGnbcdHW1tLPBQdu6Q424UUzZgoV7AZRyZ4kU47Il/C8kh5gJK7P6CLQbWOK6n/KsI6lV4qvXg525jvK41hTFUqouh7JlcDmcJXvCUaLA5Eo4NXqEDTIxJtON4+PQLaAlhDI9jmSoj8fy2JqbPv4Hgh0p8E/9RSB0xfNEuqm57ctnDHsg9PiHh+jHlSG6KxLdBD1XCW3Q13KQ0RZRJrkwszVPa7uYSLoZiMHlp8Xo4653HRCdhxPC9Jzjcrdm7XviiJ8yxTHMuFbZyo0u2Pu4v747sxNpDWGuuClo4/4xoBjue4sZtadwfda4tYtcvo6cbpdLKj91qi8GN3VXDNqPGM5i9uF9fHF+9P7nk5+Pzt9fnB6NzuLw6DT85eIsvrhgMbtAr8LctlSgreltTdAoKP+NQYNOT2yxJ7VJmSXLfyFQ0ebS6cqU/g0fanjXN/BiUINc2EeJsiHIWd79j3++QYMFtY8BtbbQuKevr9hDvFPJbIbL33NQXq2lmeCvWVB+8oDGGnGNG9Hm6qTK+7uyK/gT2caXnbPs+r7DR09KcfJ++NWH3bf0VcbSTXM4xHc0QFQLiLVqZ3ECVZCZnbCPlYBy2+0PaEBH/uMOOzpoUMWeseJgz44R966y/mrXXmnCxDi3qZk6nPjvv4XskK4= +sidebar_class_name: "post api-method" +info_path: policy-kasregistry +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +Request to list keys in the Key Access Service. + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-rotate-key.api.mdx b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-rotate-key.api.mdx new file mode 100644 index 00000000..4193f9dd --- /dev/null +++ b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-rotate-key.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-kasregistry-key-access-server-registry-service-rotate-key +title: "RotateKey" +description: "Request to rotate a key in the Key Access Service." +sidebar_label: "RotateKey" +hide_title: true +hide_table_of_contents: true +api: eJztG2tzIjfyryi6qsR7Bfi5TkLVVh2x2RxnO7gw3qqU1zURMw3oPCPNShpjzuG/X7WkgRkGMN5Ncrk79osXPfrdre4e6ZkaNtK0eUevZczDKblo3ZAejLg2akrvazQCHSqeGi4FbdIefMpAG2IkUdIwA4SRB5gSLogZA7mAKWmFIWhNbkA98hAatEZlCoohgE5EmzS1eBoPTCuPpnEBU7cLN4HK0ecgehbTBUxpjaZMsQQMKKT5mQqWAG3SMykEhKZ+raSRoYzrH0BppLhGOZI9BhaBojWq4FPGFUS0aVQGNarDMSSMNp+pmaYISWTJwK403MQvgAaRJbR5d1iR0jkMuQArkUe3msih/emhkdRDozUaSqENbR7OZrUKP32egMxM/UpXONme8hKQtYQat6qGqkw0nc3unbRAmx9kNEVEoRQGhMH/sjSNeWiVuv9PjbCeqxTJwT8hNGgAArpDq69UoTEYDhrX8aiwWhvFxahAP49ojQ6lSpihTZpl9neZ/rNMKRCGtELDH5353d52zulstgRmofc7HLhHWZdpeQDLY77rwVpbGVsrNqAEs6gmbIpOoFMI+XBqJcgcEegOmeZiZF2pc06YiCxlnXNkbkvRPDDd2SidB6aDFRIqcj5fUuTeAV4hAGd66xHa+RpNuLgEMTJjZ7LL00VUdmgFpkzxTYhwuoynyKTiJR7d4iJWHLlH610S6GZje7CCKiOthj7E4XWZe7SPftZRcCESx6KI4w8WXxdoGLJYQ0k/1sZKyoHpKtoFTC7K5ilgEqwy0Y5wksKQwwYyM5ZGARNLp5FkAD5wR4SLFfZYcYoXrBCmwdaSoyiaeCQVN+OkyM1icN3Wj6LvZB3M15Ik0wb5kQJyZUQ2nkXkkcUZ6Ebzo/jll18+CjPmGpV0d1gjRzVyXCMnNfL23s9+LMhhzqCP7bR1+WO31+n//Sq4/enmun3Wed9pox8vxns3reDo4OS7yuDJwfenpcH2WXB99LY6dvzdSWXs7dEhug4K+EpGsBSaggTHNgvLK90ufVlWZO+wfvJmk8S2EtdF++fgqnveXpLWfPis+9P7zo9Br9vtBxftn4tT173uh855u7dyste+6vbbpeW3P1x2znBd0P3p8mcrrDQbxDy8gOmZeSpKzI2jwwSheVortxfdIYVkkzPg9JYx5Aem4fSEgAhlBBFxBOax5Lp9RXzAeymaIIX80WVHy0y7iS/n+rcNAnn4HEplzVBPkwSM8txPFEtTPDutAT7AtIFBw45ClMfANWT4VSvjYjd1ElwWvN9jMWFylks6npI8LhM+XPgR1+Sye9a6bJCbscziiAhp/SpVoDERWVrrzLaxlRrlI49AnUkx5KPN8s7XBqFdHKxKjEqs5LJvkA8s5pE7HsZMRDFEZDAlCWjNRlCP4RFicta+RKEnYFjEDCva1Hysii9JpCD5PBlyiCP9omnFbACxXpUy5hj9inXiWy8kG9aQjzKhMjcED3iL47p4QJcizP3WJ/28gvH101p+7M5lmt97V/ERvWZ/FKwdLW2dta6LvEQqsj70Nkh/CUV+gECSmulaJM7ey7DLcXp+wuztoYs3fCLTmIN7944ckl9/JWtnj96Qr78uTy+FukaR8K/ekW++eYMQN2A83ojx5HUY31mM89Oyor3cfYlzX8KjrRRYUVJJzD7SkI5ZUtWwuGrZCGxp8rtpaqXclkOXF9cLCjraiOh4K0RflfWypEInNh/ONVRC+Yti+mo99SdI3pjpvU029GZBGp2V4w72KuyATqXQLu4dHRzgn3KkuMlsG8V1FT6vVq+UoeVTd/26rcpVl9FWC+3N0LfoE6yvOLZPXzbCaK0qXEoFyRYZ1p+xvLgxzGR6mSvtRj+DJXSMm36rf3uzogjwE62zfudDuzzW6/Zb/fb5Z1c95Mb2YjhoMpaTRW2uScIEG0FE9mIZshjDpoJEGnjzv1rI5KIIiTYqC02mgAyYhohIYYUyP4J4ksaQgDA2PPx/FUDzmuD3ktaucPrDC6ey/kspwHrW3NbMfaOYy7eo+S8/oWa17RqsM3t0D/noH/6kXrfa5zX2QC/0RwdTY4G4mKc2QciXfGGt96JsQgXYb2yZInQ/GDBTgb+YsnnYYEq0/SxE9kAYbqZkMpbELyITHsdEQShVZFuahAnCsogbAo8gzMoQ/8TQj+1Hr0M84g4bBwcHxycHB4dHGou6uTAjZqCOH0ZQRlkaVdnwg6vYWExtYMMv+gPZ+A+W3HoslSHFyS2q783eH8OIhcXgNpAyBiaK7Lgla72/IyLMjkH7T5kJm2JgGspMWE30z99rMuFmjN10e0BFqMAhx2+Qf1CfZOdCOxf6vVzogenbzR/ksHZb/u524QrDV/Wx/FcJTBH8J6gLpjGtQYb9UA+0zFQIpYLEzwVqPln9NIu697PEjJkhE1CLb11Mk5QpU/xoZ6fwwE+V9EXzZif0sLqZ2ZXEu5J4VxLvSuJdSbwriXcl8a4k3pXEu3z+T5PP70rinQvtXOi/qCSWceRuZ9qqlel50SozY69MGqP4IDNgb2tbyFcusynKjSnFEDk3kKxUxOtP5+GnjcctThf5PxszMYI5aa+Sw18/CnKDuSQGETTVVddYv7DAt+nf/MppLtQgmks1SHLai1L/gPa3E/hvJ3Dr0CVZY5qnUxbuxPzFYp6LsiDg7W+kF+6puasmr+M235VfKJwXDnO4xD8pwRsuNqQPWRab6kWWtlJS/XbXWMK8c7LhtBPSBDbDwVMu73mETIQQ2+ZOJh6EnLgnRY94jTJgapRh6WsPaRbFXEAATyFAZDcsAOK1dwUsmgbwxLVBG0pBJVzj06AgAsHBPdNwdhDA05hl2tjBIeMxREGKx7gvKRHeQCo3LzMTyGGg0EYtlfOK3E5zYd+sxHaKPTIes0FsO0bMsCCWtu+ZCZaZMSYQmPVF1WdfeEy59hdBUdbIZMzDMR69WLcOABMLFJm7TI7GejeSchRDQ6Vh40xGcF8ZaLhM0RrKKt0sNXhJhJdTUan1IQuxrAe0kdzUqiRxQdpiFHM9bpCWwDc5a7YW9thuGP8X+p2IiKvC3cu2IvmuPdiIwDAe6/sNUy6ZrWF/bQF64J4LhTEHYRous8HlL5uxm10W1azmc6QVQlwUwVwwNXXIBtloFa7Vjm7vnq2NIO4VXeXusWFcaJttqgE3iimbpnIvgFzuLJZiZOsIwsjfkBwXAB24gY2HQOy4D39VII1C4PZ6sG/rBtmw0RLTciD3j+/y4LI9S3aHo0SByZRwavQAm2RsTKqb+/uhG0BLCGWyH8lQ74/kvjU3vf8XXFZX4Bs8zCerNhImYMbSPY+014NThp0vuv/q15L7xdeSrjZwTyUzFdMmfU5jZtAq2iJKJRdmVnG1tguKpJuC6J+/J/kOctu7rBGdhWM8lXKW89mGNfCxo/6RKY5xxnVIlzC6aO8Df3V2Zp8eaggzxc2UNu/uaxTjfW/xGNFTSEtPo3xrcWH7hadGaz8qzLvq67rby21n2+4teF6l1Voho9hwLG1cvvC/2FKsn+eVlTUTTG/o8ZB993Z4elJ/++3ht/WTt6dH9cHxMKwfhd+fHg9PT9mQnSIKzDZK3b+KLVV0j7rz71ub9PHQEiq1SZg9bv3r1KKFlbYXnoh+3kthH5IMPBk0LC5siaxsaHQecff698O0VqD4vkatjTbv6PMztrRvVTyb4fCnDJQ3t9x88deslr+5RSeKuMaJaHUCVOR/L29SvyHrGLOf/TY9MPZhnVJ8Q7k96u3wlZ4FlzDN1yG8eh9BLVZU0rDFDtRBajauvS9EuuvuTZ/W6MC/Lk6cHyo2wVSITRwjrsx3319xDB1CjDKbM1AHE//9G0MRp44= +sidebar_class_name: "post api-method" +info_path: policy-kasregistry +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +Request to rotate a key in the Key Access Service. + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-set-base-key.api.mdx b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-set-base-key.api.mdx new file mode 100644 index 00000000..dd6c5a96 --- /dev/null +++ b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-set-base-key.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-kasregistry-key-access-server-registry-service-set-base-key +title: "SetBaseKey" +description: "Request to set the default a default kas key." +sidebar_label: "SetBaseKey" +hide_title: true +hide_table_of_contents: true +api: eJztWN1TIzcS/1dUupdc1dheWCAbP4UAe0exyVIY8kJcrvZMj621RprVh1nH5f891dIMnvEYL6Tu7cILnpbUn79utXrNHcwsHz7yWy1FumI35yN2hzNhnVnxccIztKkRpRNa8SG/w68erWNOM4uOuTmyDHPw0jF4/rUAyxa46vOE6xIN0NnrjA95GUT0F2BNJaF/g6vzNEVrR2iWaGrJ9CVS7I/Q/QIWb3DFE16CgQIdGtJ3zRUUyIf8QiuFqevdGu10qmXvdzSWtE24IJXnCBkannCDX70wmPGhMx4TbtM5FsCHa+5WJXFSvpiGnU44+R3WqHzBh49HHQ9dYi4UBs8s426m8/BZcWNlxY0nPNXKOj482mySjj33okDtXe9X27Hk9Zq3mLyoqIu7EiYUKyzfbMbRW2jdLzpbkaBUK4fK0U8oSynSENXBF0u81l2N9PQLpo4QoPBzHuJVGkKDE2hpn8gau60zQs0a+ouMJzzXpgDHh9z78N3W/8Ibg8qxG1yxh4frS+ZKNsUAS7A1Fvlms8N0i4JHIozJ823NFhgsrk8tAvbass+lQ6PAiSWyJ1iFdCgxFfkq+HOBK+atULOQTdeXDFQW9Ly+JBtf6aEF2OuDTlqAnexxVNPk5y1NsyPjPZZHBL4sMKwnvBDqE6qZm0fk7i43RQXSHkneiEOCaLktp2mkES0b4+amVKKMCcQ7Dj2MuUVwVFtot/qRjCqWdWJTuIViIV9oIykHWSboA+RtQ4ccpMVWfAK4WsHBVdS93rItgVXx5Qe57+o8QmeDlhGgArOgL0TiFGzUP9cmEMiyWJBZrMh/KPabdjhk95WlhbeOEg1Sgn+fb8iedm0NBFtqZaPjj9+9o387ivkgJlbBv1dbdtCLT/Vd8d29C7APhyFImROR1Vab3PBw96mOfcdffJPw0k+lSG/adSQSJ/vKCfGMy8HDDdZuDuRsqdXMUpUJ9PPRnirStg/kTBvh5kVTgy0x6Zhd3Wf8/NN/Pt9d3//318nDb6Pbq4vrj9dXVLS29LvR+eT43cmHDvHk3U9nLeLVxeT2+LRLe//hpEM7PT7qdhsjX5bauBqytfq2T05+RTZTKLA4tIuWv5euyRsqcTeu2zKxByqNSjASRSnxBmzsdd6Q4XViBqw8ga2vQMrt4AKDS6G9/Sc5/kmO/8vkqBPg+bZLmMgZqFVbRuOejXfXYUmbcPHVfWbnersyRpv/3eWW6mxva4bfgFwTXnBKu0muvcoILDVmU1ApSiT/e7VQ+ik+jJYgRTYBM/MFaUeGQCaFwgl+SxGzcGDLMOEgDUK2muA3YR3d2iWaQlh64EwyVAJjl2m1NykxmYO3LhBzEBKzSWkw1Sq6k/hNA3ip//VuovOJATXDoGUINqkVloUKvbYMS7AEIWEqaWMGDiZShxbCK/BujsqRfzHrZgvhwDpw3jJyZcKe5iKdMzvXXmahnVGMXMaWID0SKh9nWs8k9k2Z9i90huMOIWRagdbCbG9sdt4MLMMlSgpqL4eUXgdIGGEVh65KQrErNZPCzvvsXNGT4oWjjTNSpyDFn5iFN4elB5JQIcOa6o+CJ/oZOhDSjg8ssVygzBKmTYP1ND5zUilQueCFuP37MI6ru67aJDy4fZ8Tn9v+qVBgVlHY1M/2ydqfraEjfbGMxVnAztNSKwdCWQIFmKlwBsyKWTSickDtd6C7hz0JN2fAfiZ14qUU2U0xNtmBXtW5LpN+o1RWcQgTgqnP++c7NaoeIdTF5fUmhRNRE4POGxXDWDEcsrlzpR0OBmkkEBJSXQwyndrBTA8C3OzgX7StZ7A0SNCC6rkTKmGBbq7jlCe8UUqgNxQfvHnoM2gNfWzYEic+3kg+5OtSgiNYXKms1EK5TSfXrmJVZJ9LVPeXH1l9gpqThFmfzqlBqm2uV/sB4fOo/hKMoEITYLsrMZb7qvJ3VzdhgmIx9Ua4FR8+jhNOBf9uO1OpNKwnIfx9Dh9O87OT3umPRz/2Tk7PjnvT93naO05/Onufn51BDmeEfaFy3WqcOt7tOIOMqeZWQ748Che/tq4AtX3z85bPW+cbs583j/+qBHX4zZGXhSLhIYrrCh+Pbx8K8qSp7TjhIWLDR75e0wX/YORmQ+SvHk3l/DqY9LVJ6kEaQSoTlhay/e1D0/Yf6tf/v9lLloXJ0aGpYVXlOKeJyOtFv05ea9bXkvS8j/j17onVdkenK9meoCCU7uDecSPxbz+P7nnCp9XIsAgtCzfwRJ0BPEVDdLAvZFWgrbkENfPhCuWRJ/39BSd6zDw= +sidebar_class_name: "post api-method" +info_path: policy-kasregistry +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +Request to set the default a default kas key. + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-update-key-access-server.api.mdx b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-update-key-access-server.api.mdx new file mode 100644 index 00000000..87785915 --- /dev/null +++ b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-update-key-access-server.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-kasregistry-key-access-server-registry-service-update-key-access-server +title: "UpdateKeyAccessServer" +description: "UpdateKeyAccessServer" +sidebar_label: "UpdateKeyAccessServer" +hide_title: true +hide_table_of_contents: true +api: eJztWntv4zYS/yoE74BNerJi59VdA8Wem3XbINndwE4O14t9WloaW2wkUiWpJG7q734YUrLkd9IWPeAu+ScWOZohh/P6jfhEDZto2r6lVzLh4ZRcdPqkBxOujZrSoUdlBooZLsV5RNs0s0T+HdOqoPEvYNoJQ9C6D+oeVPkuPvEQ/JssYgaWiKhHM6ZYCgYUCn+igqVA2/RMCgGhaVwpaWQok8Y/QGkuBfUoF7RNY2CRfV3BzzlXENG2UTl4VIcxpIy2n6iZZshJ5OnIUhpukh2sQeQpbd+2hh6NQIeKZ7hh2qYfYMwFEBMDuXfURI7tY8GNZAU36tFQCm1ouzWbeSv7ueYpyNw0PuqVnTx/5QtMNi7UOCqPcEFSTWezodMWaPOtjKYoKJTCgDD4k2VZwkN7wAc/aeT1tLoiOfoJQoOHptAcDAeNszyq0WijuJjUVs0j6tGxVCkztE3z3D4vrrpXHuLMo7ni27jh9PLrn+0PlgxE+Yvc9M5JmmtDRkAYuWcJj8hN75LsgT/xPfImNibT7YODCFLphzI9eLNPxjJJ5ANEZDQlLIp4wUrDJAVhtE+6LIzLR8ddG6YMYSIiICLywE1MmCAsyWIm8hQUD0kYM8VCA8ojIRMEVc64IPE0i0FobwMxToiI6ITpGLTfHogvX74MhOa/wJ6Jud4n33xDmuTXXwk++VzfKL63X1ANBCoyy0cJDy/AnnSpPjcY3MF0jelkCkJmIBoIUioSNb909lLA57H11UUrCFkYQ1QXVowsC3JrIHcwLTRW6ZoLZyhcCp+c5UqhpjMFY1AKotL31ixqcSl3MNU1I2JKMdwvN5Dq3eacQbrNAnHaoyl7vAQxMTFtv229O/RoykU50Fre8eNJ8x3p9D/5LVK4HDrlVfcjAXEPiczAI7nOWZJM8eTutjvUnfWg2gKOdojvkFzwn3MgjhXhEQjDxxwUGUtlLQhPA0WzZIKihbRBoYiHzeGsko4UqwLuhHxAw59IxU2cElx76Q8L3lSFewIilBFE/kCQa+lcycPIpYGkbIqe+0Vp1j5sHr/9Yhfa63caI6YhIg+KZRluhQm01i8QtjWE2eHJqWo52u7ZEqlHRrkhqVRAnI3pUgqLIogI00QA4Hoq85qrvlAEvej0g6ubby/Pz4KL7o9B5/L7oPvp5mNw86l/1T07/+68+4F6G6l6/U6Au9lBctx8d7qFpHsW9LtnV4cnp73WbrKjt8fPITs5bPVadDirHfQF01fzEOLR6gyvat4yZomGrZGkYyuJms/buCZTIExrGXIkIykYFjHD7NGNc2ViUKWZuqREayuz7o1L3bKm+k7mcagqFm7LwSEm6UX/V5BKA9s8sKBY3vcd0/WN5iohDSLLlKS5CMHmAJZoiYanwCgO9xjYOKu9ORD/o+nL5qqUmTAGvffm3+Uublnjl07jX83Gu+Fe9XswGAwaw6emd9qa1Sj23+/hjP/Cl/a/2jvwv9p//9c39Sw5W3OmdSMpBodYO20zNo9qmasQrq3BVBnQjQbWjjZXLeRGYyyrBRHywJOEKNB5YlMFIzq3ZfM4T0huK2lvIGxEs5RCGsJCYzNIMW9rwFxEoJIpcndLwWD7o8yJjmWeRPa9gvyi03+jyVjJlJx/uu72PnUuD7r/dD8GghhJcqEzCDFvbI2R/c83vbNucP3jVXcpLtZnShlLw6VE9Muidt7shnZ+IRMenhxtVrNDJICFBIYkfLtysiWzd7LQvBP5gOqrDF5ETq06lAq0PQOrfm01PuZKGyIVSZg2lUP45DrG/CsXpNuzGwERmJAS/gtEqGf0YkVCpmFn3Vf5Ut0d3rerp6Ax/GrBERYdwKNl6K2b7Xxsi82eyTSVgtRIt1dVCRtBsrb6KqUWFJs8bbMd3LMkB9zL4mLnkbdgvCtjVLpwWPVbiNk9l2qdZgLnNcGopNnsDx+7150PnetOcHP1oXPdXVcwrCVBV/i0cbbXvbrsnHUXU/ZajN1zmG97Cp8hm0UsbQd0JoV22j9sNvHfoo77Liw51PtHYMm7pQbB7wefvw1TdqJIgdYI85l1WC60YSKE/6vk/P7Py87tW/z5t/336/L070GzbXt8qJ+Y3WPETwzPErAlWsa40q8Y9xXjvmLcV4z7inFfMe4rxv1DMa4FPXa+/F5y0em3yV6J/jxSAr79PwVR3jF98bvy5h3DTvvWzMV0sK6gRFWgeZd6gClxhS4pKt3fUOQgz5oz1libmKFjJVJMNGLKQvU7q4p5dquvoBrcfEady+8/986vf1jOE9V4LTMsDha5oBrsngUY+lfGjt4er4ydHLboyue6fp5lUmHQtcG4XL72n1l54FHsLpB248k7ps+3C2M6WPM9DM/1/MMWU6n5dJ+nWQIX1rB3YLxFuTbDLEu+YLZM0vXEZWOmLaDQgp7fl9nc7nKVmm2BVGFhjrBe3JV4aSsiVIAb65iFQt4NBsys8K+miAaDuUfbcyB7mLzNlDzEkhREZeculAorLuzdCcLyiBsC9yDM2jj3yPAM7df3Fp5Jy282m0fHzWbrUKN1z7+eIrxv4Iddi2ot2l/aRjG4bhvV1JZtFER/4jb+i40hHUtlSH3yBRXX6lWGF5SPKz5d3bV4RkPHdWV2dnTsxscsT8xq46arlO1a/UFtG0Q5606ibhNCmmAscxGhLZR5I0SPT2zlmguLsOzFCFsOBkxNcqzkrCmzKOECAngMLYShXo0hgjoFLJoG8Mi1QVvJQKVcI5QOIhC8qI2LYgUeY5ZrYwfHjCcQBVjOS+HUifxGNoFgLyA3gRwHiokJ2FXagIvLstNcGFDuS3ku2D3jCRslNvxhmzCRtjmWC5abGN3MQobVjOW6w8zkmqAqPfIQc6xkXZveNahRZcSaNEbN24mUkwR8lYX+mYxguDLgu0CqNZusPZtlfBuBw+mqMWYhAk9AGyEFh9UlcUG6YpJwHfukI6Yk1xterb2TyLBodNvauegSYAaoL79vNeFHYBhP9HDLFBlzSCLPNtznrEdTyzFMOAjjO/9H8t1mbMradkFVM6+IJGuUOI9pIy6Ymjpho3yyTtZ6b7W91o1hx91qWs53FqBoG5PViBvFlA3mvFBAqXeG9V+Becjfbb/CFoaO3QjcJws7XuThVSZ+LZ4W52DvOo3ysd8Ri+GqvAxVBpfnb8m+4VaiwORKuGMsGLZJCaNCN4CWgJAwkqE+mMgDa2764C9I1lAIzdG0ClBdRsK6vE230VIwsXQX3GzLPGPYbaIHL77vdrBJgsu57rJbrhLapk9ZwgzaUVdEmeTCzFacs+vCKPmcgbj+8B0p30BE4eG3wRh7O6WSylnfukTsdnLPFMfI5Np/SxJdfihSxerszF4e0xDmipspbd8OPYoZolddJytWWHbk6dGYvT0Znx43Tr5ufd04Pjk9bIyOxmHjMHx3ejQ+PWVjhgW+7cxX3rQAgKpmq+t13hZty4rclvLVo23sPat/NbNdoDqe3QIyiyt8czH12nRevMy2fD7a/QlohnlkLBdg34rFrVgFnmrRLW7T+5aFLVKblNnUXSx7kx0usJrHKgOPBu2HC/fdxMZM5wS3L7/0Sb0N4ocetWbZvqVPT9jDvFHJbIbDP+egCgsrLRafZl55URLNIOIaJ6L1xVXtXiPdK68W7pOqYl3cJALrrbdCi9hPKbbRni/6efIW7nIuSJrTIb/GtWuvlBQrtVr1Bio6M1tph7VAd/W5f009OiquhKa2kKOKPWC9xB7cRlzF7DqHOIaGLya5LSyo44l//wFdjCRC +sidebar_class_name: "post api-method" +info_path: policy-kasregistry +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +UpdateKeyAccessServer + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-update-key.api.mdx b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-update-key.api.mdx new file mode 100644 index 00000000..e045688a --- /dev/null +++ b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry-key-access-server-registry-service-update-key.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-kasregistry-key-access-server-registry-service-update-key +title: "UpdateKey" +description: "Request to update a key in the Key Access Service." +sidebar_label: "UpdateKey" +hide_title: true +hide_table_of_contents: true +api: eJztGWtv4zbyr7A8oEgA2XlsNt0aOOC8jrbny8OG7Sy6yAZaWhpbbCRSS1JOdKn/ezGkZMuvONv2rl+6XzaeGQ3nwXnymRo21bR1R/sy4WFBLttDMoAp10YV9N6jEehQ8cxwKWiLDuBrDtoQI0meRcwAYeQBCsIFMTGQSyhIOwxBazIENeMhNKlHZQaKIYNuRFs0s+c0H5hW5THNSyjcV/gRqOr4isWtPekSCurRjCmWggGFMj9TwVKgLdqRQkBoGn0ljQxl0vgISqPEHuUodgwsAkU9quBrzhVEtGVUDh7VYQwpo61naooMOYk8HVtKw02yhzWIPKWtu5MNK13AhAuwFpk5aiIn9mfJjWQlN+rRUAptaOtkPvc29BnxFGRuGtd6Q5PXS77CZKegxlF56MpU0/n83lkLtHkvowIPCqUwIAz+ybIs4aF16tEvGnk9b0okx79AaNBpCq+A4aARy6MajTaKi2lNah5Rj06kSpmhLZrn9vfmJUQnklEMJBf8aw6ERyAMn3BQlanxWi6uKZ17NAXDImachOVpC9j6GT37B0s+C9KRaSoFqUjJdW7YOIElYCJVdSIq8qLyCRtDorcZqRKppPAoiyLuhOivsNhluRlLcqvoqiay1ISUjOfzXawnLNFQM5SLu/cQsxmXapvZAmfdYFzRrB+OHqqQ1k72Ay6m1mA1668rVcYWvfZH7Yv2qB3c9i/aIz/wb26vg9ubYd/vdD90/QvqbSfxfx75NzuxA79/1e749B6NUSm1SDNlktvpAmundU1vy3QoCDxxbVVkukhTMIqH6znymgk2hRSEIcNCG0g/i+vqNpV5dWG1NNeGjIEANzEo0u73/ZsLIhUplfDIYwxiadjKqM3WZ/Hly5fP4uDgu5jpAxNz3ayQh4fk11/JwSacfP89WYGsu5h8909yfHhY8v4s6BxtuJpXLUBnUmh3Y0+Pj/G/VYMNc5vyXQb8M/LKA9NYI15D130xBT0wHfAII+mh5FchXhHgr8hu27NZed4e0aAI9vNoJ1OpuInTNeEDtkDs5LA7FNtXP/UG3dG/1+NvCR8M28Hp8dm7DeDZ8Y/nK0C/E/RP327C3rw724C9PT2h906xoWEm1+taaQf9HSpd+p+C4ag9uh2u6VRDtDuj7kd/FTbojdoj/6IS61pGsC5UirCdlWuYQYjVSpNYPi7KFdcktZkhIgeJDFmCYa4glQYO92hx3bvwt+hgwZ3ezYfuT8Gg1xsFl/6nOqo/6H3sXviDrciBf90b+Svkt++vuh2kC3o3V5+s/lk+Tnh4CUXHPNWN4OAB2iI0T3tNERJtVB6aXAEZMw0RkcIaJVNyxiNQhKdZYnOmTQ97AzGD9KVIQrRHUy6uQExNTFsnOyV8zzScnxEQoYwgIk6xKqX3/WtStiv7K2um+MzVmHVjOcROa1XtyP/MWq/PPK8yGRa57sWiM1othI+KZZnrAbhGSBPzloVCtJrCN8QoqQKXincYac1h5Tf2JOzAKw8lBanqFuETUkUthuFVr9O+apJhLPMkIkLaCpwp0Fiy12hdmDRf5X7nnI4UEz5d9b/DBKFD7VTNfZq7eareeS48/8cr1Nwr55DdVBY/t6V7wqf/KSv1LmpHFdiCXmvux0XZmNucp17iUJF8axu/1rvvtU2ogBmI2qbOvQQGzGzwX6KIBkPGBdF2hCUHOI6YgjzGkpRE5JEnCVEQSoW3kgtsFlkecUNgBsJsTfFPDOPYDugnWOJOmsfHx2/Ojo9PTjWO5wtjYpPWwCEObeR6tjU1SuA2NZaoF9Qoif6PavyFw5KOpTKkjtwX3nujP4EpC+vJbSxlAkzU1XEkO6O/KyLsjkGXa5eUFZiYJjIX1hOjiw+aPHITy9y4ArUYi/UfjR0y4ZBE+u8Q+juE/rIQemD6VvF9s1uuOK0P9pduMPymcd6ulkpvPTDbpdAdywI36H4b++or3FAxQdZXDx7BmZhxUW1KKlFWVwo4e1v7T1iemM0R21fK7mT+pAE7rMacF66mkCaw6QivZDWghEyEkNhJLBcPQj66xeyMJTwKmJrm2KfaiGJRwgUE8BQCRPaDJUOPskQBi4rAbljwymagUq5xwRpEILj9QIGWuQqRScxybSxwwngCUZBhzJX9H/IbS+XwMjeBnASKiSlYKRfts0VzYUAJllgUmzGe4AYQJcYNSSLtGiMXLDcxRjum6GhzeY53ys2qBE2Jixsexhgn2GSO3fJI5CmxkYV7zLuplNMEmioLmx0Zwf0GoOnSutZsutU3qxK0SQQzSNCpjQkL8XYB3hFSctgUiQvii2nCddwkbVGQXO/4tPaNHV35f/G6ioi4ltntvuriu1m+GYFhPNH3L6Bc5fFwGF6yHheWY5hwEKbp0hCS77/GDrtuqrlXJrQtRlx2rFwwVbjDxvl021nbk4Ddiu1Mb+4tYr362gSgbWlQY24UU7am8NIAld1ZIsXUFn3CyL9QHGJiViXeMWi33kd4uRnfZNKsZdDSD/aFYpxPmm2xmvmqJ4wqubxeJfuFk0SByZVwbiwZtkhsTKZbR0ehA+BNCGV6FMlQH03lkb1u+ugfSNZQUE5jrKwsNhOmYGLpHpns/jZjOKbSo29+czqqvzm5Qu4enHKV0BZ9zhJm8Fb4IsokF2a+EWq+S4qkl4EYXXwg1RfkdnDlEZ2HMWF6oXKFbdoLHjvpZ0xxzDNunbF2osv2ZeLfxM7tA46GMFfcFLR1d+9RzPeD5ZNOKWE1EtI3E/bu7eT8rPH2h5MfGmdvz08b4zeTsHEa/nj+ZnJ+ziYMF3b1HnLRXcxfeDbYv8OfY4adyJWBeMNjGxZGC5VvcS06O0Eu6PaU2aJWvqTV/bjyee056/e9apaBb+DJoPu4sF2jsgnI3bu7b3/rpF5N4nuP2pvQuqPPz7jluVXJfI7grzmo0qnVJcFfc696H8SrGnGNiGh7C1LX/6Da2xySXYrZTfhLj6Fl8qQUnzFff/Trzlt5wlw5aUGH/BojZLWk2Gh2ll+gDzLzIu19LZ/0e8MR9ei4fAm1y90WVewRGw726BRxna+NVgvD+BDT3FZm6njiv98A1z/qBg== +sidebar_class_name: "post api-method" +info_path: policy-kasregistry +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +Request to update a key in the Key Access Service. + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry.info.mdx b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry.info.mdx new file mode 100644 index 00000000..f69b7c1f --- /dev/null +++ b/docs/OpenAPI-clients/policy/kasregistry/policy-kasregistry.info.mdx @@ -0,0 +1,41 @@ +--- +id: policy-kasregistry +title: "policy.kasregistry" +description: "" +sidebar_label: "policy.kasregistry" +hide_title: true +custom_edit_url: null +--- + +import ApiLogo from "@theme/ApiLogo"; +import Heading from "@theme/Heading"; +import SchemaTabs from "@theme/SchemaTabs"; +import TabItem from "@theme/TabItem"; +import Export from "@theme/ApiExplorer/Export"; + + + + + + + + + + + + + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/kasregistry/sidebar.ts b/docs/OpenAPI-clients/policy/kasregistry/sidebar.ts new file mode 100644 index 00000000..5db9bab9 --- /dev/null +++ b/docs/OpenAPI-clients/policy/kasregistry/sidebar.ts @@ -0,0 +1,7 @@ +import type { SidebarsConfig } from "@docusaurus/plugin-content-docs"; + +const sidebar: SidebarsConfig = { + apisidebar: [], +}; + +export default sidebar.apisidebar; diff --git a/docs/OpenAPI-clients/policy/keymanagement/policy-keymanagement-key-management-service-create-provider-config.api.mdx b/docs/OpenAPI-clients/policy/keymanagement/policy-keymanagement-key-management-service-create-provider-config.api.mdx new file mode 100644 index 00000000..9e63f766 --- /dev/null +++ b/docs/OpenAPI-clients/policy/keymanagement/policy-keymanagement-key-management-service-create-provider-config.api.mdx @@ -0,0 +1,72 @@ +--- +id: policy-keymanagement-key-management-service-create-provider-config +title: "CreateProviderConfig" +description: "Key Management" +sidebar_label: "CreateProviderConfig" +hide_title: true +hide_table_of_contents: true +api: eJzFWN1zGzUQ/1c04oXOXOyk8HRPhFAYKKWdJMBDkvGspfWdqE666sPpkfH/zqx0Z5/jj5qhQF5y1q5W+/nTrp54gMrz8o6/xo69AQMVNmgCfyi4RC+caoOyhpfP6PeGvXN2qSS68a6C2xYd0JYfJS95a7US3eQ9ds2aafIau82WG3RLJXBy5RACDjKvrFmoihe8BQcNBnSk4xM30CAv+ZU1BkU4e+dssMLqs9/QeVKz4Ip0rREkOl5whx+icih5GVzEgntRYwO8fOKha0mSic08cQYV9CdEo4kNL+8udlzzHS6UQRZqZMvMzewi/eylsbaXxgsurPGBlxerVbFjz61q0MZw9sbvWHK65ltCDioaMlfBlGGN56vVQ/YW+vCtlR0dJKwJFNTyiUPbaiVSXKd/eJL1tKuRnf+BgnKgdZQFQaEnarZxzeWDU6Ya6Z3ozzW97gN3b9htjYx4Bp++x478mfJkwr7ESTVh9/zy9xv2+s0N+9H4AEYgu7jnBbvnP1hbaWRX2ka5zfDynr/gqxSQhap+6q06pGXmmiXjC76wroHASz7vwlHlf7p5+wvLe2OuC7awbo8dt7XyTHkWjfoQkQXLlJFqqWQEvcXqJ6R0Lid3TOOB5ROupe3kWjqj37J2Kjz67MVKtPkD/owO86dt0QS5mCg7nYNXondngwEkhJwYgyrD2nNdrmzTWMNG9OO5pGGO2u/LueGonqPgIKWiU0C/2xJxyF1L0BHJgG0NbZuFsF7wanVI9AK0RyKvC3IPpF3nEtuCpruhBEaZuInww9Hznqu7BuWrrZzrj/UMjGTX6FtrPLI36D1USEatnmNlWsh8yW0vz8/p3/ZpN1EI9D6r/jmwot3G/1EKDZSZGK6G45KUPBZsJSnSJyHTZ0GIv1ex/3YViZSY8jKMpfeLMwg78jck5jGwecc8umXCCRNU6NhjbVnPxB6V1syhsE6ipNsFDIMoVWC4RBNebLRb248foWk1pjbkgrLpYnJ+fv7V1+fnFy89FcDamRICntHVRT6Krdw1o1/cZ8aGdMSMnuk/NON/xDRfWxfYmHgCvP0j9MuIctCUXsoqqbyAqMMu6LxyzrrPBznCyr0gMI6msWG2sNFIimLfBnJBXYRGyQsezXtjH3P7uQSt5AxcFfuOWCJIrQzO8KNAlGnDRmDBQTsE2c3wo/KBotyia5SnNnIm0ai0waG30QkSUkP0IS0uQGmUs5bS1GR3kry5dZluY5jZxcyBqTBpqcgiUiuRlQnoDOhEgiUoDXOduhkIMNM2AXs0EENNBSKoLnbnAuohfIAQPSNXFuyxVqKm1IpasjlS4ZDLWEpG6jTuqtSTTVwrJldW4sPOQm5x8u20LzbbGlwyiUvUFNSzBQhlKoaUI6yXsKuSMuyVqbTy9YRdmo5Ff2DraI+2ArT6E2W6Qz2aQGKokRurf5M8MZEYQGn/cITEFgq1LJh1I9HzLkkUWtGglCuX2D+dxpn63FWroseAPU7c3FDKgOvyYfNY7Ttrf7WmPuEgIuSJ6/lNZQIo4xOaurkKDlyCYdU7YPA7aGsq9qhCzYB9k3rUUMOAVXP0eYjpe1f63hUyGSFhH4c0h83jYnJpOr6FVv2gNoDL6SalHVkThyE6k8PYCyxZHULry+lU5AXKBGGbqbTCTys7Tenmp18Q25nD1iGlFvRgnJCwwVDbPE2nzrGFUPOST08erqcHhut8/eXJOjrNS/7UagiUGK+MbK0yYbVTba8yLrK3LZrb775nww726/XPBfNR1Az82uqBOkk5XmcDluAUQU1u+Z6dmAG/x/5d6ipNqh5FdCp0vLx7KDhB/vVmdu013Myem5wfd3Kb1XVrNloa9V/rCzpFQ5mF3WpM90Rhx2lkdP+OUPLlBdUaBbMBM9LyQJS2JI2m8lNfZPpaDvgxUDiUSb2TS5iSU+nu9HcaXuxX86HgKbjlHX96moPHX51erWj5Q0TXx2mIO/1aFcPbBmWfVJ4Icv9UMzb6y2F8fcEO2fYeu+MPOT0kck5PMKcffdp5W88vWyet+Uje2S2J2nDstDCbHZdCYBuO8j6MUOLd25tbXvB5/4rTpP6GO3ikNgIesyG5BUwFmNYoy00V033Ls0z6+wts2xG3 +sidebar_class_name: "post api-method" +info_path: policy-keymanagement +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +Key Management + Provider Management + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/keymanagement/policy-keymanagement-key-management-service-delete-provider-config.api.mdx b/docs/OpenAPI-clients/policy/keymanagement/policy-keymanagement-key-management-service-delete-provider-config.api.mdx new file mode 100644 index 00000000..181dfea2 --- /dev/null +++ b/docs/OpenAPI-clients/policy/keymanagement/policy-keymanagement-key-management-service-delete-provider-config.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-keymanagement-key-management-service-delete-provider-config +title: "DeleteProviderConfig" +description: "DeleteProviderConfig" +sidebar_label: "DeleteProviderConfig" +hide_title: true +hide_table_of_contents: true +api: eJy9V9tuGzcQ/RWCfUmAlWQ7idPuU13HBdI0iGE7fTEEYUTOahlzyS0vsreC/r0YcmVJluQYaFC/GOIMz86NZ2YWPMDM8/KWf8KOfQYDM2zQBD4uuG3RQVDWfJS85K3VSnTDO+yaR63hJ+zWd67RzZXA4QfUGPDS2bmS6M6tqdSMF7wFBw0GdPS5BTfQIC/5uTUGRRhcOhussHrwFzqvrOEFV4aXvEaQ6HjBHf4dlUPJy+AiFtyLGhvg5YKHriUkE5tp0gwq6O9Ao4kNL2+PxwWX6IVTLfnJS/4BK2WQhRrZPGszW6WfPRprezRecGGND7w8Xi6LHX9uVIM2hsFnv+PJyy3fAjloaMhaBVOGNZ4vl+McLfThNys7+pCwJlBWywWHttVKpLyOvnnCWuxaZKffUARKmqMqCAo9SZXc0PHBKTPbsFpJXvDKugYCL3mM6fe21VerJC6X63v76uUq288LDlIqug36csOWCrTHp+gfDbNOomPBMplAGVC+Ei4TCTjmkmadjayJPrBKOR8e1bVmd9h5Bt5boSCgZPcq1CnOK6QhX5L52wWZDnxrjc+hOjk6on/bBl5HIdD7XDo/IiHt9iP77wlcFn0hH9ZK8mVyoVKzP3qLD2lnrUlybKM6pl1IIJlL3HMIKxXSxgASQg7MSrw6e1oN57ZprGEb8udjIxxSvs/CJnp/OIGwg78WMY+BTTvm0c3RsVdoggodu68t65XYvdKaORRUn5IeKhgGUarAcI4mvF5b9+g/PkDTakzkfEw1czw8Ojp68/bo6PjEEz8/BlNCwAGxAMUotnLXjf5wnxtr0TNu9Er/oxsapqj9vope+dRrHGKIwwU1Bx3TN7YDYdsMwnxtHTHCWkjP/Rke2iSzT9jtdL4XXt3Pg5lTvoeyTO5UEHXYpZ0L56z7caQjrNxLEJuZNjZMKhuNpAz33ZYLMAI1UluI5s7Y+9zl56CVnICbxTR5kCMgtTI4wQeBKNOFNWDBQTsE2U3wQflAFdCia5Snbj2RaFS64NDb6ASB1BB9SIcVKI1y0lIJmxxOwptal+U2homtJg7MDJOVijwis5JYmYDOgE4imIPSMNWkSAQz0TZRezQQQ02PR9Cb4Tszxk2NzAcI0TMKZcHuayVqKruoJZsiPSoKGUuFSvPH7czamcaha8Xw3Eoc7xwMMz16D7O9udm24IxJnKOmpA4qEMrMGFKNsB5h1yRl2IWZaeXrITszHYv+wNWNO9oK0OoflAyMZB5NIBjqpJvmX6dIDCUGUNqPnxGxSqGWBbNuA3raJUShFc2j+VWT+vfLOEufhmpZ9PywJ4jr7qUMuC5/bBr39t39rzVNCgfJJA+2T7uYCaCMT0zrpio4cImiVR+AVdxBWzPLwwqwX8kcFmpY8dgUfZ4V6byfaHdBhhss2echjbvTWA3PTLc1ta3m4RW5vNyldCNb4jBEZ3Iae8CS1SG0vhyNRD6gShC2GUkr/GhmR6nc/OgnUhs4bB1SaUFP1D0Tbo/Ke/eRBkNt82aTBs0WQs1LPnrxojM6AJz7Z95yotO85ItWQ6DquTCytcqE5c6TvMjkyb60aG4+/M5WN9jXqz8L5qOoGfjH0Kykw/QQ6uzAHJwiPsqT4ZMv5q7QN4hd6TJtDR5FdCp0vLwdF5z6wtV6j+gtXI2R/E0FP7+rTt8O3r0/fj94++70ZDB9U4nBifjl9E11egoVnNITUaaym7PIvvjuhIPc6be1ks+PCYfS1EDqVP2udSD+W0iPLzPgQ6C4KZOmJJcYIuf89uXLLS/2f3Vc8JSF8pYvFlPw+NXp5ZKO/47o+oCuEkS/lsVqIaQykcqTQO5fbDb2N/5qtUK9Zutha9u3O+ye3357guOc9taXf/pl39vaWbe+9KhHeIMbglpr7Awk6xtnQmAbntUdbzznyy/XN7zg0371bdK0wh3c01AA99mRPOyll5LOFlyDmcXUPXnGpL9/Afa2BdE= +sidebar_class_name: "post api-method" +info_path: policy-keymanagement +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +DeleteProviderConfig + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/keymanagement/policy-keymanagement-key-management-service-get-provider-config.api.mdx b/docs/OpenAPI-clients/policy/keymanagement/policy-keymanagement-key-management-service-get-provider-config.api.mdx new file mode 100644 index 00000000..c9d75d5e --- /dev/null +++ b/docs/OpenAPI-clients/policy/keymanagement/policy-keymanagement-key-management-service-get-provider-config.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-keymanagement-key-management-service-get-provider-config +title: "GetProviderConfig" +description: "GetProviderConfig" +sidebar_label: "GetProviderConfig" +hide_title: true +hide_table_of_contents: true +api: eJy9V19v2zYQ/yoE99ICsp2kbbrpaVmaDVtbJEjSvQSGcSZPEluKVEnKjmf4uw9HyrEcO042DMtLEt7p/t/v7pY8QOl5fsc/4oJ9BgMl1mgCH2fcNuggKGt+lzznjdVKLIbfcFE/cA0/4mLzzQ26mRI4/A3DlbMzJdGdW1Ookme8AQc1BnSka8kN1Mhzfm6NQREGV84GK6we/InOK2t4xpXhOa8QJDqecYffW+VQ8jy4FjPuRYU18HzJw6IhSaatp5EzqKCfEY2mrXl+dzzOuEQvnGrISZ7zD1gogyxUyGaJm9ki/ttJY00njWdcWOMDz49Xq2zHn1tVo23D4LPf8eTllm8JedLQkLgypgyrPV+txila6MMvVi5IkbAmUErzJYem0UrEpI6+epK13LXITr+iCDzj1uBlEfPVOCqGoNATn5I9bh+cMmXPfiV5xgvragg8522rJF+tHpE3+byjhzHFcFtHiujTWiI947Uyn9CUoUqZeEzu64lPY4rPtqZUzu6QsjXL4zxcxj9AswErlA7o2HTBOmZGwti8QsM8ghOVMiWRoxl9U3fa5Tqlj2ccpFRJw1XP5AK0xxWJ2G6L+OAba3xy7OToiH5tm3zTCoHepwL+d2WxHb5mu9WJv3NsTZmINQoclvRsWa2yl5XFKjpXqPKPzpenuBPXJLrcq9npIkQh/6AyiBsDSAjQD8HD2+PKObd1bQ3r0Q/HRjiEgPIs9KV3jxMIO/I3JOYxUN15dDN07BWaoMKCzSvLOiY2V1ozh8I6iZKABAyDVqrAcIYmvN5Y9+A/3kPdaIyT45iq6Xh4dHT05u3R0fGJp+HxEEwJAQeEUhSjtpG7bnSP+9zYkA640TH9j25omKL2+3pj7VPH8VQLP11QM9Bt1LEdCLtGGl9ZF1ifSEBwECieJR9AogQnz0JRtLeAVoddxLlwzrr/Dm+ElXsRoJ9KY8OksK2RlMJu3HMBRqBGGj+t+WbsPK0ZM9BKTsCVbdx7yBGQWhmc4L1AlPGDjcCMg3YIcjHBe+UDpbhBVytP68JEolGYBpy3rRMkpILWh/hYgNIoJw3VqEnhJHlT6xLdtmFii4kDU2K0UpFHZFYkKxPQGdCRBDNQGqaaGAlBJtpGVG8NtKGi7hDUFHxnybmtkPkAofWMQpmxeaVERXXVasmmSF1DIWOxEmkBuiutLTUOXSOG51bieOdhmPDPeyj35mbbgjMmcYaakjooQNBcRKoR1knYNUkZdmFKrXw1ZGdmwVr/xKe9b7QVoNVfKBkYyTyaQGJoZeqbfxMjMZQYQGk/PkBihUItM2ZdT/R0ESUKrWgbTm1L7M+XcaI+DtUq6wBgTxA340kZcIukbNqW+3Tt79a4JDwJB2mzfjymTABlfIRSN1XBgYsYrLoArOMO2pqSzVWoGLCf4+oTKlgD1RR9WlbpvVupd4UMezDY5SHu29O2GJ6ZxdbStF7I1+DycpfiF8kSh6F1JqWxE5izKoTG56ORSA9UCcLWI2mFH5V2FMvNj34gtoHDxiGVFnRI3CFhX9++a6jGUNl0VMU9rwFaYPnoxTfWaJ/UNBrTgdU6zXO+bDQEqpsLIxurTFjtNONFgk122aC5/fArW3/Bvlx/yphvRcXAPwRlTR3GFqiS9TNwipAorYOPNKZ50I2GXeoqHiweRetUWPD8bpxxmgjXmxOms3BrVd90BS2N/E0BP74rTt8O3r0/fj94++70ZDB9U4jBifjp9E1xegoFnFK/KFPYrQ11T7x3IkQedrdjzmfHJIfSVoPZ3Cl7s7wl5qFHA94HiqMycSFyEStSAdy9/Mjm2R6V44zHlOR3fLmcgscvTq9W9Py9RddFd50t+m+VrQ9TqhmpPBFkN9Z3HHgY4PzVdXd4vGabpWrbsW+4OHyFdzjHOd1+L1f9Mn1bt/OWpgc+kje4JVEbjp29ZPPFmRDYhIO8415jX13e3PKMT7sTvI5LC3cwp90A5smRtNTFtolvS67BlG0cojzJpJ+/ASNFLsk= +sidebar_class_name: "post api-method" +info_path: policy-keymanagement +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetProviderConfig + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/keymanagement/policy-keymanagement-key-management-service-list-provider-configs.api.mdx b/docs/OpenAPI-clients/policy/keymanagement/policy-keymanagement-key-management-service-list-provider-configs.api.mdx new file mode 100644 index 00000000..a4648a2a --- /dev/null +++ b/docs/OpenAPI-clients/policy/keymanagement/policy-keymanagement-key-management-service-list-provider-configs.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-keymanagement-key-management-service-list-provider-configs +title: "ListProviderConfigs" +description: "ListProviderConfigs" +sidebar_label: "ListProviderConfigs" +hide_title: true +hide_table_of_contents: true +api: eJy9WEtvIzcS/isE95Jg25I82ZNO6/U4QHYymMHYycVjCCWyupsZNtnhQ3ZH0H8PiqReliwp2GB9sU0W6/nVq5c8QOP59JF/wIF9BAMNdmgCf6q47dFBUNb8JPmU91YrMYy+4dBtqEYfcNi+uUe3UAJHPysfPju7UBLdrTW1ajyveA8OOgzoSNqSG+iQT/mtNQZFuPrsbLDC6qtf0XllDa+4MnzKWwSJjlfc4e9ROZR8GlzEinvRYgd8uuRh6ImTid08UQYV9BnWaGLHp4/XTxWX6IVTPZnJp/w91sogCy2yRaZmtk7/Fm6sL9x4xYU1PvDp9WpVHdjzoDq0MVx99AeWXK75HpM3FQ2ZqmLKsM7z1eopewt9+I+VAwkS1gQK6nTJoe+1Eims49888VoeamTnv6EIFDRHIAgKPd320CgDWYPlRtud09dafkp/ADnrNGetOhV2FFAmYLPnk0xR8dq6DkIm+eHdmxK/GnaPgQXLREJgdCiZxBqiDizxYqpmxqaAElLlV8M+wovqYlfuPQZyaa8hkNDCiIGRDE1tnUDJ5gPzGfWerypu69rjaTsKyV8x5H1WG+VrlflqVXGQUmXSzzsurUF7pOu13CNJ+SWDhJ/hsXqdfOnA99b4HLx3kwn92tf/PgqB3uc0+VvA96qibB+AczBQmgXs/HlGSu7Q+OCUaXbioyQFMmfz21TpfpVsq1Xz32LKW9SZapYs3gn8fAiJSa6n7hSHNQlRYwAJAXZTcHP2GkW3tuusYTv3p30jHEJAeRN2uZfDGYQD/turlC4lHdCx79AEFQb23FpWiNiz0po5FNZJwrJhYBhEqQLDBZrw/Va7jf34Al2vMTWoawLT9Wgymfzwr8nk+p2nHrVxpoSAV1QKyUexl4dmlMNjZmyvTphRiP6PZmiYoz6K6E1VzBRvZfDbgFqAjknGviNsqTrMt9YFtnv5F2rNBxz2S82ZErN9uU7ymShZvqou6TpnQB2dQxM+nS/OhXJ2aZEuFRQl26rDymOqIvhyiVQiu1jkLWgRdQFiaFnp9KVn/bNIZ9atu53/athd1ycQo2HGGmQOOyDg1gEdK0aTCQkRwQbQJxXOFGdVfSAyJmw0gaYoSiWHTCsf/ufGlbvP2c6V8J28cNig7pyz7u9rT8LKox1jN/WNDbPaRiMp5csMygUYgRolr3g034x9zrPvArSSM3BNTOM4GQJSK4MzfBGIMj3YMqw4aIcghxm+KB/SwI2uU55m2JlEo9IDh95GJ4hJC5GQS2EEpVHOeqppJruT+M2ty/c2EjxnDkyDSUtFFpFa6Zrw4fKQFw0sQGmYayKkjjPTNg0B0UAMLUFAEHb5weT90CLzAUL0jFxZsedWiZbqUNSSzZGqLLmMpcpFeHpsrG00jlwvRrdW4tPBwSj3S+8J2Udis6/BDZO4QE1BvapBKNMwJIywwuFQJWXYnWm08u2I3ZiBRf/G05032grQ6g+UaZD0lHjKpDl+V/375ImRxABK+6cTV6xWqGVFCb9lPR8SR6EVLWm5zBP5eRjn29euWlWlYRxx4nacUQbckIXNY3NM1vFsTTPlmwUhr3uvxxoTQBmfWq+bq+DApZ6tigPWfgdtTZMLJbB/kzostLBubHP0eYOi87LnHTIZ7VS+Eoe0BM5jPboxA98tVustcV1cLjcpvciaOAzRmRzGwnDK2hB6Px2PRT4gJAjbjaUVftzYcYKbH/+DyK4c9g4JWlA6d6mEu/KOL+kdhtbmbT8tBj2Elk/5+OLlf3ycbx6n8uYfneZTvlzvVXdG9laZsDpIyLtcOtmnHs3D+x+3m9gvX36umI+iZeA3jlnfjlIatFn/BThF1ShvEK8k5p5Q2sPh7Spt0h5FdCoMfPr4VHHqCl+2u3XR8HA3LvvsZLsSTigEytR2b4g54tYDN5AZ5cvFlC+u00hkfeggSSrfHY67fY/RJh0DvgRylzJpVnY660+Rfrz8Mw+vjgp9qnjy/fSRL5dz8PiL06sVHf8e0RU3rsNC/62q9acRAodUni5k6eEHJmy6Nf/uS1lKv2fbCXDftG84nP4OVIoa5/QF53LRl8nb+3qzJ2lDR/yuHojVluJgCNm+uBEC+3CS9mknhz9/un/gFZ+Xj0BdmlC4g2caBOA5G5In/pQf6WzJNZgmpo7JM0/6+RMzdByB +sidebar_class_name: "post api-method" +info_path: policy-keymanagement +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +ListProviderConfigs + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/keymanagement/policy-keymanagement-key-management-service-update-provider-config.api.mdx b/docs/OpenAPI-clients/policy/keymanagement/policy-keymanagement-key-management-service-update-provider-config.api.mdx new file mode 100644 index 00000000..b3567293 --- /dev/null +++ b/docs/OpenAPI-clients/policy/keymanagement/policy-keymanagement-key-management-service-update-provider-config.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-keymanagement-key-management-service-update-provider-config +title: "UpdateProviderConfig" +description: "UpdateProviderConfig" +sidebar_label: "UpdateProviderConfig" +hide_title: true +hide_table_of_contents: true +api: eJzFWFtv2zYU/isE99ICsp30km56mpu4QNelDRJnGJAZBkUeWWwpUiUpp1rg/z4cUorl+JIUK7a8OCIPP57rx0PeUc8WjqY39AM05JxptoAStKezhJoKLPPS6PeCprQySvJm+AWa8l5q+AGa9ZorsEvJYXhdCebhwpqlFGBPjc7lgia0YpaV4MHidndUsxJoSk+N1sD94MIab7hRgz/AOmk0TajUNKUFMAGWJtTC11paEDT1toaEOl5AyWh6R31TIZKuyyxIeunVI9Cg65KmN8ezhApw3MoK7aQpPYNcaiC+ALKM0sTk4bNFI1WLRhPKjXaepserVbJlz1SWYGo/OHdbljxd8w2QvYr6KJUQqUnp6Go1i94C598a0eBG3GiPUU3vKKsqJXmI6+izQ6y7bY1M9hm4x6BZzAIvweGsFD0Z563Ui57WUtCE5saWzNOU1nX43tT6sgviKmkdth8uzD8E+BT+YQoBeMis31ob9sFEqXkwtade1vjD6DHL7SHoTuQgDHgmmI/O7dZ1Y/sW/qXJqSlLo0lP9HBoFMtAuV0h7HZtJRLKhJBxn4sNiH1mLpmqAW3ZVNa0ypIWeLXaB50z5aDni0gQb6FgS2nsLs/M6yAyzzqZZEu7toTp+WQ6PhtPx/Pri7PxdDKffLw+n19/vLqYnL5/935yRpPdIpM/p5OPe2cvJxe/j08ndIZWddrtIrbLWGh73RptR5RNAgsDrjLaRee/ODrCn00XX9Wcg3ORan5EAVebpPzvC/6pdfxDyvX7qvJ7i+97K45bYB7E2PfR28E581v46yniwJOsIQ7sEix5BtpL35DbwpBWiNxKpYgFbqwAgcTONGG1kJ7AErR/vqsgvrGyUhAO82PMmePh0dHRy1dHR8cvHJ7n987ELB7gqYE+ipX2wIx2cJcZ66kDZrRC/6EZ/yP/ucJYT/qTj1Fhj1M+QLPVKT1x6W46ipzyKB8Fc3JWK79NOxNrA+X+INLhRuwkiH6ktfHz3NRaYIQ7audMc1CAbUStv2hzG7vCJVNSzJld1KFTRUOYUFLDHL5xABEWrAETypQFJpo5fJPOYwZUYEvpsLubC9AyLLDgTG05ghSsdj4M5kwqEPMKU1hHdyJeZmycN7Wfm3xumV5A0FKiRahWmJbag8VGAKfYkknFMhXaDjzjlAnUXmtW+wKLh2PN0K2edFoAcZ752hF0ZUJuC8kLTLtaCZIBFhW6jIRExX71ZmHMQsHQVnx4agTMtgaGkR6dY4udsdnUYEwELEFhUAc541IvCGCOkBZhWyWpyUQvlHTFkIx1Q2q3Z2lvjTKcKfk3CMK0IA60RxjscPvqXwVPDAV4JpWbHZgiuQQlEmJsDzprAiJXEu8vsapR/PE0jrMPXbVKWn7Y4cT16SU1s03cLKt3nru7qzV0CnvJJF6EHp5i2jOpXWBam0lvmQ0ULVsHdH5nyugFuZW+IIz8iuoQX7COxzJw8W6B4+0NaBtk2GPJNg7hepTV+XCsG9pnq+7+1JHL000KK6ImFnxtdQxjC5iSwvvKpaMRjwOYCdyUI2G4Gy3MKKSbG/2EYgMLlQVMLdYSdcuE/f323F9L8IWJN+HQ71XMFzSloydfjEd7gOP5GW/FtVU0pXeVYh6zZ6JFZaT2q62SnETyJJ8q0NOzd6RbQa4vf0+Iq3lBmLt3TTc7DIVQRAOWzErko9gZPtgxngrtAbE9uwq3TAe8ttI3NL2ZJRTPhcv1vbPVsGsj6cuc/fw6P3k1eP3m+M3g1euTF4PsZc4HL/gvJy/zkxOWsxPatZPrIuq3jevR+z6wN9Rr9u67gdWBa8fjV4cVUnhu+p3RrmhvBQed2741pHR5jDiYNCUL52Zr4Z5s2EC65wkP3zxGUerQs9nAVzEDb57+NEOT3bvOEhpyIr2hd3cZc3Bt1WqFw19rsG14u3TBr1XSPWdg0grpcEK03cWWDfd9BH3WPQA8J+vWb9O2L9Acfrtp6ZZSfHV5+tZP22/jxWVjp3s5xBtMEWotsdUerVeMOYfKH5Sd9cjl4tPVlCY0ax9uytA7UctusUVht9GQ2HqGug1jmPB6UYeznEZM/PsHiXjxHw== +sidebar_class_name: "post api-method" +info_path: policy-keymanagement +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +UpdateProviderConfig + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/keymanagement/policy-keymanagement.info.mdx b/docs/OpenAPI-clients/policy/keymanagement/policy-keymanagement.info.mdx new file mode 100644 index 00000000..d138abd6 --- /dev/null +++ b/docs/OpenAPI-clients/policy/keymanagement/policy-keymanagement.info.mdx @@ -0,0 +1,41 @@ +--- +id: policy-keymanagement +title: "policy.keymanagement" +description: "" +sidebar_label: "policy.keymanagement" +hide_title: true +custom_edit_url: null +--- + +import ApiLogo from "@theme/ApiLogo"; +import Heading from "@theme/Heading"; +import SchemaTabs from "@theme/SchemaTabs"; +import TabItem from "@theme/TabItem"; +import Export from "@theme/ApiExplorer/Export"; + + + + + + + + + + + + + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/keymanagement/sidebar.ts b/docs/OpenAPI-clients/policy/keymanagement/sidebar.ts new file mode 100644 index 00000000..5db9bab9 --- /dev/null +++ b/docs/OpenAPI-clients/policy/keymanagement/sidebar.ts @@ -0,0 +1,7 @@ +import type { SidebarsConfig } from "@docusaurus/plugin-content-docs"; + +const sidebar: SidebarsConfig = { + apisidebar: [], +}; + +export default sidebar.apisidebar; diff --git a/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-assign-certificate-to-namespace.api.mdx b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-assign-certificate-to-namespace.api.mdx new file mode 100644 index 00000000..fd07b61f --- /dev/null +++ b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-assign-certificate-to-namespace.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-namespaces-namespace-service-assign-certificate-to-namespace +title: "AssignCertificateToNamespace" +description: "Namespace <> Certificate RPCs" +sidebar_label: "AssignCertificateToNamespace" +hide_title: true +hide_table_of_contents: true +api: eJztWN1vI7cR/1cI9uUOWEn2fTitUBR1HRcIkOQMn9MXwxBG5KyWCZfc44d8irH/ezDkStr1ypJbHNqX6kUSOZzv+c2QTzzAyvP5Pb+xWokN+xlq9A0I9Pyh4BK9cKoJyho+57s99te/sSt0QZVKQEB2e3PlecFtgw6I9gfJ57xJDKdmx3C6O/8Z3VoJnF56r1amx+nO7mh4wRtwUGNARwo+ceLE5/zKGoMiTG6cDVZYPfkXOk8KFlyRlhWCRMcL7vBLVA4lnwcXseBeVFgDnz/xsGmIk4n1MlEGFfQJ1mhizef35yOnfI+lMshChWydqZkt09+OG2s6brzgwhof+Py8bYuRPXeqRhvD5Cc/suT1mg+YvKhoyFQFU4bVnrftQ/YW+vAPKzckSFgT0AT6CU2jKTrKmtmvnng9jTWyy19RBAqaozQICj3t7qKfSDtlTS/GQx1vu5CxCdsRMSXRUIKgY2+UZNax8ot5S8YfFa1kTz0fnDKrnsOU5AUvrash8DmPUUneFrz8Yo4dou2C18r8iGYVKj4/7/NwirdtwUFKReaAvunpU4L22Ba8wfqYBNo+4pSb659YFsjEvmpI8xoDSAjQ9/Nu7TnHT01W8KQPNSxR+0Nh3sroKF4y+2VL16Bj0nyomu1UYx3jUx5t9xyPocltzu4BKtwPEpE8/3BCVvscVNKCb6zx2dh3Z2f0NTTpcxQCvc/l/02Lqmfrwfpa9JPkuafvKmQ1NI0yqy1i7Wsu2LTQOz89mSz/r/Vntd7z3g9HFewRLg4o+6Ln3lAMlWSls3VuOb2mnF31lg+zdpj0Qw1PpP+A/HSWviImQ7NWaGh+QMnIaupNBF5L8Akm/gPg/MZoybYUp0tBOCRDLkNfQLe4gDASsd9iHgNbbphHt6YioHIIG/ZYWdYRsUelNXMorJOY3ASGQZQqMFyjCb1q2XkJv0LdaEyD3jkh0fn07Ozs/Yezs/N3adDbJZyEgBOaD8hNsZFjM7rFQ2bst46Y0RH9F834H3YxX1kXWH/z32hoVwP0PnJoDBAhOpMQoYxa97O/gwWqCyasWaNRaATy1zfS3O6OK9SmXimxhKjDuCNeO2fdt+uHwko8FKR+uhgbFqWNJqFcN8xzAUagRoKiaH4z9jFfItaglVyAW8WatCNDQGplcIFfBaJMB/YMCw7aIcjNAr8qH3waJlytPF0GFpI8LNPg4W10gphUEH1IiyUojXLRUB2Y7E7it7Qu79sYFrZcODArTFoqsojUStvKBHR5kIsG1qA0LHVqtRBgoW2aOqKBGCqqQIqlHN/rqIv4ACF6Rq4s2GOlREW5G7VkS6TKJJexlO00LNyvrF1pnLpGTK+sxIfRwjTDrPewOhiboQaXTOIaNQV1UoKgkQQpR1jHYaySMuzarLTy1ZRdmg2L/oWjvTPaCtDqd5QMjGQeTSA2VCV99T8nT0wlBlDaPxzZYqVCLQuaUvasl5s8OWmFJkwzNBD56TTOu89d1RYdyBxw4g7ulsqA22Rhy7g6JOtwtaYh9kVEyvfmYaiurAmgjE9w7ZYqOHAJ51XngK3fQVuzYo8qVAzY30kdFirYguESfb6K0no3fo6ZTHtQ28Uh3aaXsZxems0AtbbX7S24vN6kdCJr4hJy5jB2DOesCqHx89lM5AXKBGHrmbTCz1Z2ltLNz/5EZBOHjUNKLejQPiFhjaGy+VEkXUIaoImSz06/kcxOvJHkBpsfSKLTfM6fGg2BMuPayMYqE9pRuV1nYGSfGjR33/+TbU+wX25/LJiPomLgd2Zvd6cpyatswRqcIqxJmftcYkb8DvzHu216cPAoolNhw+f3DwUnzL/dP0F0Go6uFTRU8vcl/PljefFh8vG78+8mHz5evJss35di8k785eJ9eXEBJVzwbsDvlVGaIPfF058BdxNCipYype1PPKMojRxKDumeiuZ8fZ6kWR9qMFsLTrTV5xx7DzAnn926Sg/4NVCslEmjm0uIkxPt/hWPcbw4ruBDwVPo5/f86YmG8l+cblta/hLRdVHcZgX9a4vtAxblplSeNuThiaVv7pvt9eYte8m433Bz/LWuQ0zO6Z3t9aJfJ2/wxjaQtKMjfpM7YrWnGE04+xOXQmATjtI+9EDk5tPnO17wZfdUV6fxhzt4pCkDHrMheQRN5ZnWKMnNKqZ2zDNP+vwB0NO3DQ== +sidebar_class_name: "post api-method" +info_path: policy-namespaces +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +Namespace <> Certificate RPCs + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-assign-key-access-server-to-namespace.api.mdx b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-assign-key-access-server-to-namespace.api.mdx new file mode 100644 index 00000000..6b344735 --- /dev/null +++ b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-assign-key-access-server-to-namespace.api.mdx @@ -0,0 +1,75 @@ +--- +id: policy-namespaces-namespace-service-assign-key-access-server-to-namespace +title: "AssignKeyAccessServerToNamespace" +description: "Deprecated: utilize AssignPublicKeyToNamespace" +sidebar_label: "AssignKeyAccessServerToNamespace" +hide_title: true +hide_table_of_contents: true +api: eJztV9tuGzcQ/RWCfWmBlRTn4rT7VDdxgSJtYthOXwxDmCVntYy55IYX2VtB/14MuZIlS7aVok9F/SIvL2cOZw5nhgseYOZ5ecXPrFaiZx+hRd+BQM+vCy7RC6e6oKzhJX+PnUMBAWXJYlBa/YXsxHs1M2ex0kp8wP7SrgF4wW2HDmjzb5KXvEsWxmZtYbxee4FurgSOM9oH7E+EQO9pGN02ZgcOWgzoiPWCExov+TtrDIowOnM2WGH16E90nlgXXBH1BkGi4wV3+DUqh5KXwUUsuBcNtsDLBQ99R0gmtlVaGVTQz0CjiS0vr472eKpWBllokM3zambr9DmgsW5A4wUX1vjAy6Plstg5z6Vq0cYw+sPvnORw5lsgjxINeVXBlGGt58vldfYW+vCLlT0ZEtYENIH+ha7TSqTgTr54wlrsMrLVFxSBguZICkGhp9m1Ah4EOu0cuK/XTG+wn0JaNfV5WXEoPsluTcYHp8xswz33JpTkBa+tayHwkseYvrcddb7SzbLgN9u0n7ayQ//brC0LDlIqGgd9tnHMGrTHx29o2rni8Ny1Os9h5v/Q1iHZYGViSby2L2Ea8J01Pofv5YsX9LNt7SIm6vm6/C/C/6QIswaeVuEyCUhiDVGHXZmcOmfdvycSYSXu8yveQdtpTIXT2DCtbTSSCuZQEbgAI1AjOTWaG2NvcyWag1ZyCm4WW2JHBwGplcEp3glEmTbcAxYctEOQ/RTvlA+k/g5dqzxVlKlEo9IGh95GJwikgehDGqxBaZRTCoU12Z2EV1mX520MU1tPHZgZJpaKTkS00rQyAZ0BnaZgDkpDpWmhhABTbdNVjAZiaNAElcO9UwcvG2Q+QIiekSsLdtso0TDf2Kglq5CBYeQyNgcdkWrk1czamcax68T4nZV4vTMwJvW36D3M9sZmm8EJkzhHTUEd1SCUmTEkjbABYZeSMuzUzLTyzZidmJ5F/8jWjT3aCqAEKBkYyTyaQDBUVTfpXyRPjCUGUNpfPzHFaoVaFsy6DeiqT4hCKzQheSEvf17Gefahq5YFT27f58R1ZqiUAddnY1Wc7bO1/7amzP5o4sjN13ao3lkTQBlPogBXqeDA9cyjU4MDVn4Hbc2M3arQMGA/Ex0WGggsw1Xocz9D40PXtQsy3siOQxxSS1bFenxi+q3MterZVsnl8COlHZmJwxCdyWEcAEvWhND5cjIReYCUIGw7kVb4ycxOktz85DtaNnKUVklaKZVRIc2ZcJ1sBwYthsbmfjuV9A5Cw0s+eb79nhzQfufykXvv6DQv+aLTEEgvp0Z2Vpmw3LmEpzldsk8dmsv3v7LVDvb5/PeC+SgaBn7tjNXsOEm/yaeYg1OUgZKeH1rMdWAoCbuzy9TLehTRqdDz8uq64FQJzu+724Hhc43BVlHnr2r48U19/Hr05u3R29HrN8cvR9WrWoxeip+OX9XHx1DDMd9bqQ/bSvFVprabLclOFHecTc4aXiglnx/R1SUltGBWJzigGD9E3ej9v/0ZOCSMgHeBgqsMcUriWQzqvDrgcciL51lfFzzppbzii0UFHj87vVzS8NeIbgj9Skr0tSxWDyoStFSeJuT+xmbTB9+vmqMf2GMHvMH+6dfjkHw5p3ff4aYPs7f15tuytF5HeKNLgrpfsdMs3e8gn3fhybXXG9nn7NPFJS94NTwd29RJcQe31LDAbT6ITedLdzqNLbgGM4upsvOMSX9/A0G+6Jc= +sidebar_class_name: "post api-method" +info_path: policy-namespaces +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + +:::caution deprecated + +This endpoint has been deprecated and may be replaced or removed in future versions of the API. + +::: + +Deprecated: utilize AssignPublicKeyToNamespace + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-assign-public-key-to-namespace.api.mdx b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-assign-public-key-to-namespace.api.mdx new file mode 100644 index 00000000..ae2b2813 --- /dev/null +++ b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-assign-public-key-to-namespace.api.mdx @@ -0,0 +1,73 @@ +--- +id: policy-namespaces-namespace-service-assign-public-key-to-namespace +title: "AssignPublicKeyToNamespace" +description: "--------------------------------------*" +sidebar_label: "AssignPublicKeyToNamespace" +hide_title: true +hide_table_of_contents: true +api: eJztV1tv2zYU/ivE2Us7yHbTrukmDMOytAOGbmuQpHtJDYMijyw2FKny4kQz9N+HQ8mOHSeOBwx7GOaXRLx85/adC5cQ+NxDfgVnVivRst95jb7hAj1MM5DohVNNUNZADqODfl9/Mnco7Psf2Hts2fnZqf9kDgMYQQa2QcdJ7C8ScmiSbmOz1m28FnCBbqEEjk+8V3NzFgutxHtsL+36BGTQcMdrDOjI0iUQDuRwao1BEUZnzgYrrB79gc6TpRkoMrdCLtFBBg6/ROVQQh5cxAy8qLDmkC8htA0hmVgX6WRQQT8BjSbWkF8d7Xj3LZbKIAsVskV/mtkyfQ5orBnQIANhjQ+QH3VdtmPPparRxjD6ze9YcrjmWyCPKhr6UxlThtUeum7aewt9+MnKlgQJawKaQP/yptFKpLBOPnvCWu5qZIvPKAIFzREJgkJPu+vYv8cEu9J3vT67xpbsOAyFaLUW6YNTZr7hhDtQJSGD0rqaB8ghxvS97Y7zFTu6DK6x3Y98je3fwWTPLitkSrLS2Tp5/MS3dY3BKZHyqrfzOXTdJk2vtgxdqTXNgEupSATXZxt+Kbn2SAgrLR9PpvM+uPCINArOfjH3Le1FJVuCvasb0G1bRImXFnxjje+D+fLFC/qzjXcRhUDv+xT5n3j/IeL1kYcnsAhNYsmjDrvkeOecdf8cNYSV+JDP8ZbXjcbUVo0Ns9JGk7ww1H4Q3AjUSB6K5trYm77nLLhWcsbdPNakHRnCpVYGZ3grEGW6cAeYAdcOuWxneKt8IM436GrlqXfMJBqVLjj0NjpBIBWPPqTFkiuNctY4FNb07iS8wrp+38Yws+XMcTPHpKUii0ittK1MQGe4Tlt8wZXmhaaDkgc+0zYlYDQ8hgpNIP+i3J0niGI+8BA9I1dm7KZSomK+slFLViDjhpHL2ILriNQNr+bWzjWOXSPGp1bidGdhTNlQo/d8/mBs7lUfJnGBmoI6KrlQZs6QOMIGhF2VlGHvzFwrX43ZiWlZ9I9c3bijreBa/YmScSOZRxMIhpJqU/2L5ImxxMCV9tM9W6xUqGXGrNuALtqEKLRCE5IX+uNP07jfve+qLoPk9oecuK4hhTLctb2wIs4fkvVwtqZ63u3bvR+qU2sCV8YTKbgrVHDctcyjU4MDVn7n2po5u1GhYpz9SOqwUPHAergCfT+50PowX+2CjDcq5xCHNHwVsRyfmBY2a9ZqOlsVl8NNSjd6TRyG6EwfxgEwZ1UIjc8nE9EvEBOErSfSCj+Z20mim598RcdGDhuHRK1Uyqh9dikRQmX7CTo17YaHCnKYPD1QT/YO1B7dYjVNR6chh2WjeSBevDOyscqEbifZ3vVlkX1o0Fy+/ZmtbrCP579mzEdRMe7XRq92x4niVa//gjtFlSbx9r7Evt4PpX93t0vTqUcRnQot5FfTDKjin9/Nq4OGD7X9rQYOr0r+7evy+JvR6zdHb0bfvD5+OSpelWL0Unx3/Ko8PuYlP163vwOPU7yUKe3mkLETpx2nklOGt0UOiyNKRYp1zc1K671t9T7exrz+bz73hqIR8DZQ4JUhOxKxlgNnrw54BEK2z9JpBolF+RUslwX3+NHprqPlLxHdQIgVweiry1YPJ6K5VJ425MNz7Kbfnq2GqOfsMdNoZNz7ShxKLwC97w4XfZi8rbfdlqT1OcIbXRLU3YmdUenuxokQ2IS9Z6cb1ejsw8UlZFAMT8Q6zVHg+A2NK/ymN8Qm+1Kmp7UlaG7mMfV16DHp9xeXcMbg +sidebar_class_name: "post api-method" +info_path: policy-namespaces +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +--------------------------------------* + Namespace <> Key RPCs +--------------------------------------- + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-create-namespace.api.mdx b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-create-namespace.api.mdx new file mode 100644 index 00000000..546b4ade --- /dev/null +++ b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-create-namespace.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-namespaces-namespace-service-create-namespace +title: "CreateNamespace" +description: "CreateNamespace" +sidebar_label: "CreateNamespace" +hide_title: true +hide_table_of_contents: true +api: eJztWutz2zYS/1d2cDcTu6Voy3lMoi85VVFbj1PHY9k317N0CkSuRNQkwACgbNWj//1mAVKiHpbsvu7DJV8iA8vFYrGPHxb7wCyfGNa6YRcqFdEMznmGJucRGjYImMpRcyuUPI1Zi+WOJJQLknBB3UM9FRGGHY3c4mKYBSznmmdoUdMqD4w+Zi3WUVJiZBsXWlkVqbTxT9RGKMkCJiRrsQR5jJoFTOOXQmiMWcvqAgNmogQzzloPzM5y4iSLbOQorbDpHtYoi4y1bpqDgMVoIi1y2htrsQ84FhLBJghTTw1q7P4suUFecmMBi5Q0lrWa83mwsZ8rkaEqbOMns7GTp0u+wuRRQa2nCkBIyAybzwdeW2jsdyqe0UKRkhalpZ88z1MRubM8+sUQr4dNidToF4wsHZqmk7cCDc36PS6ojNVCTmpyu/mAZfz+I8qJTVjr5PXLdckvy4Psy4V1QFYYCyMEDlOeihgSZSwxC+HUgklUkcYgZJQWMQK3kCI3FpREiJUN4E7YBJBHCRicZCgtHKR8hOkhGMu1FXICXMaAMqafjppL4GmecFlkqEUEUcI1jyzqELrEyH2/EKsJVsGbl0sqA6mSkwB4mqo7YprM8gSlgVFhQSoL3LijGQtNgmpISeDaIld0bipvpDjFFGKVcSHhgD5xlNU++NiiLjlJToT20EtFtieI93ipEHun/K5GaOt7Mn49Y5XGGBZeC3ciTWl7UumMp+JXjGmfqbpDDRE3GLb68vPnz31pE2HCjNsoQXPw4j8HN7zxa7vx7+PGu0Htd7/f7zcGD8fBm+a8RnH4nibCw2/LscHDSTD/+4vDkndfsnnAMrQ85tbbYGlNi7F1C/rkfnBywd326k7RbLPrao2SImA8joXnerHC4jFTn/K0QJJ8VTRVigYl4/n8MdZjnhqk6YXTr0bMS+/BK5HvxnvYYA/P+Xq0dAMmV9L4TZ0cH9N/q6L3iihCY3xc+6OihQ/+e0lFvEvXIt4wgQlKSkgYQ1EIig1AljLixp3JE+PUKsvCePvPKWTQGLSt1WJUWAQXbd2gCcAUea60hdGs5kvtwibnFGb6ElDyUYowxrhMmiTT+IvcJRJNk61EVkyx7gXlyLq0fphkiHHMi9RCIa1IAe/pwIRNacIRkZaWnjJSKkX+FJ/bfWKRs9a4betfl4NDbjfkXU6BQac7g3qKGg5QWmFncJcoKIl8YNIYKR2jO1wK10UsLOAUpT1cSrfQI97zLE/RIZgmGXEzPD4+fvnq+Lh54hDMmIKcZS0Wc4sNypmkgyKPN7dRDm7bxnJqxzZKor9wG//DQGcS8oX65J6Yt86pZ3URWfK8QoovBaYzEDFpczwDDhqNKrRLVjaBxapL/rAw2XnAJppLW98O15rPCIFZzLbq55lxiExGi11ENL2+xXYcazTGJWs4a/dASGO5jLAvry9PN9DP9eVHOMBwEgbwIrE2N62joxgzFUYqO3pxCGNFsANjMr+aIkrQYEoIU2EIx90BoQoF7YFAAURcEsCwBEpKZBM8QkwTMgaTcpOgeQwxuF28bx0dPRM5HDjo8MyPDr85aN3Qz28P3x8chd8cvl9HG3kxSkV0hrO61/vB4S3OtoDtXGNEPt1yx0f6SfiUcGtqRZ4i3OIMci602RI4lcRPY3fnWQuhPEowXomffmR9eS+ZW8Of3PLMhfQBQSgZQqfQmk481zhGTVhvurjx7Lb7W5z9Dq/JMdvlETS9cil423x3ErBMyGqgub7j+9fH76DdOw+bUIIRCp8X3Z8A5RRTlWMAhSl4ms7oPG93++2tAxA1AV7uWb5dhiLwrKp4JFDDWBEeF4ZOwyXsdOKwjnIZpLxXHg9quI4oNhe4leqOHHCitLBJBiR75ZcrXr28NgPKSMUYh30JV8q7dECXA4OQ8RlFkM/a8NbJ8au3n52gl712gzBRDHea53l5EepL+IxRy2CUn7x+o5uetttZIw3cZSZTGsHbmKlW4THlM25AIpI82/KYVwQ7a/eGF9fffTztDM+6Pw/bH38Yds+vfxpen/cuup3T70+7H1jwKNVlrz2k3ewheXX87s0Okm5n2Ot2Lk5ev7ls7id7+fbVU8henzQvm2xQB/Bn3FwsAsuzUuAyvvQltF2Iqfm8i68qQ+DGqEg4aFElPXd040LbBHVlptECcy4cgNz7GVeRRRyqXz3KwQEVO1b9X2Om7E7AXVKs7/uWm/pGC51CY5njjZARuljLU6PI8DRaLXBKgU3w2pf/V2n0r8uiW3LnfMuZ1o2kHBzM99xRA+Zh3ZUzmGUG9KNDZ0fr1uJqGB4MljW5s3avBQen51fdy/P2xwC6//K/tiLrMiL1Pl1fdrrDq58vumtRqD5T8VwbrhYgLyDrPftdefOWm+vdYPKWm+E2QEmqIPOu9IAzaLvbO/TcdeS3gBziWXPGGmubcHIsKnkZwuml6veiikV2W7nPLgYfP6P2xx8+XZ5e/bieJ5bjtcywOljmguVgtzOk0L8x9vLtq42x1ydNtlES7vnrPsY+GFfim/CJyIOOYj9A2hednbmd7l6Mm+GWUgmd6+mHHaZS8+meoNvnmTPs3SlsvrquyzDrK59xB5NMPXG5mOkAFFnQb63VVBXAvoRrj9SIrBYWFjesZxcXOyrLlISvhZCvhZA/uRCygh1x5r2ydMpnwccNn4ZLnAhj9awOAsvayOPY0/mNpyqvObgscIZwbRAqV3fuhTz2MfBrHvyaB7/mwR15kDxmw6NIIVop20H9p5Ysn/d08qRazipDKsv4aAwRyTWmB6PnJ94qpy9Sb/g1937NvX9B7u3UjPapvk6OO4yc5270Nyi14gje9aOEqgAUfHRh7EqwqTfJ/Na3Yv+4u4/B3GnQPRduvv92tVb6j3v9pVLltiOtG5dUdjhWhYzJqKqkFxFsT135qZCuTOo6aFxNZ8j1pKByjNM6j1MhcYj3katDsqDGkCqzGnk8G+K9MO6YctSZMFQPH8YoRVngKisOeJ/wwvin0jEXKcZDwkVKenUSv5HLflTQL+xQjYeaywk6KV22ILHctJAWtW9PKCSfcpHSczBJzC0fpsq9sReSFzYhf3XYazPd+o4NbgsDpMoA7hJB5SjfDENlLnpoLjJwvkGWdTNRapJiqPMo7KgYBxsDoQ/KxvDJ1rNZL1LH6IvtujHmEVWPkWwESg6bIgkJXTlJhUlCaMsZFOaRT2vfpCoqe09cAaws9VOmrIvfc5oIY7RcpGawYwrGAtM4cE03C9ajmeMYpQKlDX0gIfL9ZmyrAtWKquZBGZK2KHERHEdCcg/BYxwVk21rbfdW17LxaPzy7W/rl1ZXZTQuuOuRsJprlxVEqYBK75zAa1m4hH+4RweHaj27Efq2JTdeAqVNJmEtMJfn4JriRsU4bMvZSmyruuaq4PL0LbkvvCQabaGlP8aSYQuqWmjkB8gSqK4bq8gcTdSRMzdz9Dcia2i645BplZXxKhKuqHCjYTFDmyjf7uj6cHJOj0XsaH/349EmM5+hfetjoVPWYg95yi0ZS1fGuRLSzjc8sOtjJXzKUV59+B6qL+jOQ30oUUKvMJUmqtnQ2X3ihZ5yLSj8+Ie6tRV9Eijzwebs3LUSGowKLeyMtW4GAaM0cLlsLiwlXDYHLv2gDv4W0MApnh4tVy5j6wrdUARtpHzKbLFp0wFVZWzGZW3lTaWvMFl4n8V7S8oS0j/nuyjgD/fmCa2tLNhYaRAwp+7WDXt4ICR9rdP5nIa/FKhLzVUnQX/Ng6odlOwhFoYm4u3X+1r3JjuomicPYYnbVvdDV9qdva9l4GKMHnKevvTT1lvpWF1ZaUFH/BpXvsBfUWwAjeUXdEnL7U7aQc1XLz71rljARmXja+ZQCNP8jpI9v/Mb8bjRv13RGBmonBQuKzLPk/79F8wOgOg= +sidebar_class_name: "post api-method" +info_path: policy-namespaces +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +CreateNamespace + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-deactivate-namespace.api.mdx b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-deactivate-namespace.api.mdx new file mode 100644 index 00000000..3a079873 --- /dev/null +++ b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-deactivate-namespace.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-namespaces-namespace-service-deactivate-namespace +title: "DeactivateNamespace" +description: "DeactivateNamespace" +sidebar_label: "DeactivateNamespace" +hide_title: true +hide_table_of_contents: true +api: eJylVl1v2zYU/SvE3csGyHbTrummp2VtBwzY1iBJ9xIYxhV5ZbGlSJUfTjxD/324lOzYtZsEW14ckZeHh+d+biDiMkB5C5fOaLkWf2FLoUNJAeYFuI48Ru3s7wpK6LLJ1O5Mpjvra/IrLWn6jlBGvcJIuy0ooEOPLUXyfNMGGABKeOusJRknl95FJ52Z/E0+aGehAG2hhIZQkYcCPH1J2pOCMvpEBQTZUItQbiCuO0ayqa2yZdTRPAFNNrVQ3p7NC1AUpNcdvw9KeEe1tiRiQ2I1WAtX588RTXQjGhQgnQ0RyrO+L47ec6NbcilO/gxHL3k+8wOQbxKNg1UhtBVtgL6fD2pRiL86teaLpLORbOR/seuMltmfs0+BsTbHjFz1iWRkp3n2ftQUeFerPZsQvbbLPdZaQQG18y1GKCGl/H3I+mrrxL5/OHciXK4G+lAAKqX5MJrLPSo1mkA9gxyGRV4InbNhIPzyxQv+OSRxnaSkEAYH/jdZHqU+3P8k957FqTGZeEzxvffO/x+Ch36TTtEpz9E9tp2hnPrWxUXtklWc8mN+gEQryRA7MtnP1t0NeblCo9UC/TK1zI4fgspoSwu6l0QqH3gALACNJ1TrBd3rEFn5jnyrA+fXQpHV+YCn4JKXDNJgCjEv1qgNqUXnSTo7yMl4lfPDvktx4eqFR7ukzFLzi5hW3tY2krdo8hauUBusDBsqjLgwLodBsphiQzayvpQFOHTHTUMiRIwpCJayEHeNlo0IjUtGiYoEWsGSiRWaRFwxbpfOLQ1NfSenb52i+dHCFPoCWgoBlyd9c8jgQihakWGnTmqU2i4FcYyIEeGYkrbivV0aHZqpuLBrkcI3ju6dMU6i0f+QEmiVCGQjw3CN2ad/nZWYKoqoTZg/siVqTUYVwvk96GqdEaXRZGNWYTB/OoyH3a+l6gvIsp8ScVeNKm3Rr4fLqrQ8ddfpbM1VpX9s92tXvXU2oraBgwJ9paNHvxaBvB4F2OqOxtmluNOxESh+YToiNhjFAFdRGKo7r4896BhkuleMRj/kBlWlenph1wd1dtvBtsXl+U/KJwYmnmLydnDjCFiKJsYulLOZHBY4EqRrZ8rJMFu6WQ63MPuOzSaeOk8cWrmUQb+thIfN7dQA0VJs3DCC5NbQYWyghNnTE8nsNGAgv9qOI8kbKGHTGYwcNO+t6py2sT/KxPdDzRQfOrI3734T2xPi49UfhQhJNgLDTpHt7jTHfzMQX6HXXIZyUH9949AMxr5wvNvn9h5IJq/jGsrbeQHcDq4eGv7IcNuw4VWNP72uz3+cvH5z9mby4+vzl5PqVS0nL+XP56/q83Os8ZwzQ9va5cQY4+VI1yMt+C3jTFXC6oxB2Dct5u40TkSntT8A2iVjpPvImmnLWNknm9HPt8+YPKE4edu8gKx8eQubTYWBPnrT97z8JZEfRdw6hb/6YjutcWgoHXhDja37iPuuScP32/nmB8F5eepNn2n9+Gg61jIAHiqff/Xz7jsYKA9u2tkx3uSGoR4sjmaPhxMXUlIXH7Wd76Xu5YfrGyigGufSNg8m4PGO+z/eDQ9x+X05O/LaBgzaZcqNEgZM/vsXmhB8gQ== +sidebar_class_name: "post api-method" +info_path: policy-namespaces +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +DeactivateNamespace + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-get-namespace.api.mdx b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-get-namespace.api.mdx new file mode 100644 index 00000000..3e55f0ed --- /dev/null +++ b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-get-namespace.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-namespaces-namespace-service-get-namespace +title: "GetNamespace" +description: "GetNamespace" +sidebar_label: "GetNamespace" +hide_title: true +hide_table_of_contents: true +api: eJztGmtz47bxr2zRTmynNG35HnOnTueq+JTE44vtsexOU1vVQeRKREwCNADKVhz9984CpERKsmwnTb707stZi+W+sC8s8MAsHxvWvmJnKhXRFE54hibnERrWD5jKUXMrlDyKWZvlDiWUc5Rwjt1DPRERht+hncNYwHKueYYWNbF4YPQla7NDJSVGdvdMK6sile7+E7URSrKACcnaLEEeo2YB03hbCI0xa1tdYMBMlGDGWfuB2WlOlGSRDR2mFTZ9gjTKImPtq1Y/YDGaSIucFGNt9hFHQiLYBGHisUGN3M+SGuQlNRawSEljWbs1mwUr+lyIDFVhd38wK5o8X/IGkUcFtR4rACEhM2w263trobHfqHhKjCIlLUpLf/I8T0XkNnLvJ0O0HlYlUsOfMLIsYEri6cjtV67JAaxAQ3ijW1lDN1YLOa4pQMsBy4T8hHJsE9ZuBWykdMYta7NCCzabLSMv9vfKQfpk1CbTubORBz7OfI42EDGr8y3c76YdlfsDtofFKJzwVMTcYqgkqtFOWIkEfwfyub/B3h5cnH48bQNKPkzJ+sLAXYIS7hA0ZmridyTGXGPELcYwEpjGDXWXxKvrXVewT9vY1F9sVPsZyn6cy+WW5j9cSNVlrIfuuXclFjAex4Io8fSsJteIpwaXOXWFTVBDYRrG2BLxlrcIKA1KIgXXVt0gW7SwNbqVWwEMCwtSWRgqm7Sv5efPn6/ln7YTbrbJ7qGId+Crr2ABqNPZgV9+gfnK6Fbu7OyUJK5lKZyoS1H/mMCjWwlZYSwMEQzain+De53FZuZz1mxGZm7mMgcwuZLGb/PB/j791zRor4giNMZnnV8Xy48Ek0Nd9k3yq42fP8MXmwqMUVL9wBjINSlXxdzyITfIZkGZPTfH9ArJwmAMVkHOtXWOCR1rtRgWFsHlRwc0AZgiz5W2MJwu9hk6hU1OgMv4WlbxPMK4rHEk0zNy3CxgPLJi0jBiCVmW1oNJhhhHvEgtFNKKFPCeNlHYlBYcUhmgJeOhUilyxytDy8lqdW5z2FM7Fmkkwh1b/7oEDrhdkXexRAFAchvUE9SwjdIKO4W7REGJBHciTUFjpHSMbnO5BF7EwgJOUNqdhXRzO+I9z/IUXcPRIsduhfv7+69e7++3DlzDMc9llJN3qcqRDYo8XlWjBK5TY7G0QY0S6Q9UI+VDTM26MK10KjEeS7uPO+aEp4Xjsa7S8RRMQrFQX6Sc9ILk3rO6iCxFXiHFbYHpFERM1hxNgYNGowodIdwJm8Cc64I+zF12FrCx5tLW1eFa8yn1TBaztfZ5YR4il9FiExItL6vYiWONxlBl4HDc6YGQxnIZ4bW8PD+aVwYOrmeAy/NPsI3hOAxgK7E2N+29vRgzFUYq29vagZFKU3WHMblfzRAGxxlKa0Lo8iipfnrqxnJtKT0BytjbkpwxzRMuiwy1iCBKuOaRRR1AxCVQYeBCQjLNE6S0tx6ZFmQMJuUmQRNWlc3VqozbKEGzvfUfp8WH9t7eFd/9ubP77/3d9/3txd/X19fXu/2H/eBta1bD2PmwTSvhCz/a+Xq7fUV//nXnw/Ze+PXOh79s1WtmwPJimIroGKf1qPfAwQ1ON3Q6bbd9ZJ+ETxCyIrUiTxFucAo5F9qsSZyPdb0RjxKMG/nTQ5bZe8kcD79ziz0X0icEoWQIh4XWtOO5xhFqajUn8zPKZr+/welviJocs00RQcsBy/h91b6/a70/WO7nmxrfv9l/D53eSdiCskGh9HnW/QFQTjBVOQZQmIKn6ZT282Zz3N64BqImwKsn2HfKVASeVJWPBGoYKe0bdfITSnTp2PU/ylWQ8iS43691v4SxyuBGqjsKwLHSwiYZkOxVXDaienHQBZSRijEOryVcKB/SAZ0QDELGp5RBPmvD2wf7r999doKe9zq71BPFcKd5npMqvkP5jFHbYJQfvHmrWx63e7iE6lvmTGkE72Om4sJjqmfcgEQkedbVMW8IdtzpDc4uv/l0dDg47v446Hz6btA9ufxhcHnSO+seHn171P3IgkexznudAWnzBMrr/fdvN6B0Dwe97uHZwZu3562n0V69e/0ctDcHrfMW69ePOcfcnM0Ty4tK4CK/XEvouBRTi3mXX1WGwI1RkXCtRVX03NaNCl0eQZybRvOecx4AFN5PlOW6JvM8VD9OlsA1J2k6q9qNDXeJsaz3DTd1RQudwu6ixhshI3S5lqdGkeNptFrghBKb4LUv/6/K6B9XRdfUztmaPa07SQl044ZNzhYw39ZdOIdZVEAPHTg/WvaWiwShbAbLKdpxp9eG7aOTi+75SedTAN1/+b/WdtZlRuqdXp4fdgcXP551l7JQfaWiuQSuGFAUkPce/6a6ecPN5eZm8oabwbqGkkxB7l3ZAafQcSd66LnjyK9pcohmLRhrpG3CKbBSJceG+vTS9E92FfPq1jjPzoGP71Hn03en50cX3y/XiQW8VhmawLIWLIDdwwGl/hXYq3evV2BvDlpsZYjb88d9jH0yrsQ34TM7D9qKpxukp7Kzc7fNk0pyljWjEtrXo48bXKUW0z1Bp89j59ibS9isyddVmGXOx9y1SaZeuFzOdA0UedCvndWcljXiWsKl79QIrZYW5iesZww6mqQPVZYpCV8GIV8GIb/zIKTRO+LUR2UZlC9qH1diGs5xLIzV03oTWM5GHu89Xdx4rPKYg4sBZwiXBqEKdRdeyGOfA7/UwS918Esd3FAHKWJWIooMopWyh6h/15Hly65OnjXLaRKksYzPxhCRXCO6RHp54a1q+rz0hl9q75fa+wfU3sOa0z431ilwB5GL3GWhzpVqBIIP/SihKQAlH10Y+xLxmrfn/mb3CTndtXB5L7h6+dvVWun/3dUvzSTX7V3di6Syg5EqZEzeU1W3iPrz1M2ZCunmoe5xixveDLgeFzR3ceblcSokDvA+cgNHFtQI0ghWI4+nA7wXxu1HjjoThgbfgxilKCdZ5WgB7xNeGH8nOuIixXhADZCS3pxEb+jKHE3uCztQo4HmcoxOSlcWSCy3LKRFLXnqlviEi5TufUlibvkgVe6CvZC8sAkFpn8dsVJX3VjDclsYIFMGcJcImjslqkhjN8+iG+UiAxcE5EJXY6XGKYY6j8JDFWN/BRD67GsMH6/dm+VpdIx+qq53RzyiMTGSj0BJYVUkIaErx6kwSQgdOaWXGes/rX2Tqoin4meaHNOkq5zpU0msi99zlghjtFykpr9hyT/9COh5xYL0cOooRqlAaUOfMQj9aTe21SSqYapZUOaeNUacZ8GhkNz32jEOi/E6XuujtXoo8/jq6unUjRONy+J6KKzm2qV/URqgsjunLrWcUMI/3O2Ca189uSEa/9iL4GVHtEokrGXgch/cezV63dSR00bHVD1oq5LL81VyX3hJNNpCS7+NJcE2VEPPyAPIE2iAG6vI7I3VnnM3s/dnQtvVdJgh1ypH4FUmrPNbekiYoU2Uf4PoniXlnK6E2N7TTxL3lij5IuzfIxY6ZW32kKfckpt0ZZwrIe1sJfa6PkvCaY7y4uO3UH1Bxxp6ahIldNFS2aBaDZ3HJ17iCdeCEo+/i1vi6NN/WQlWV2fufZ/BqNDCTln7qh8wKgDnixd/pYTzd3q10KDbx8apatlmK+qSuOWdZJtNWq7jVMZmXFaviFZ3qEFhHloW7y3ZQ0h/Ke9C3G/e1TPek7KgyaYfMGfO9hV7eKBm+FKnsxmBbwvUpWUqS9OvWVC9waT9joWhhXj9Cb32ZJJtn5fj8h1YtF5NZehUuvHBaZmSGKO7mOezfh6/xjPRBqc5HtHbvfAz+gpjpYVYfEHnrNxuxO3XAvHstHfBAjYsX5tmrr9gmt9RGed3XhHf+vnrJ4I9sJTLceHqHfM06d9/AS02S30= +sidebar_class_name: "post api-method" +info_path: policy-namespaces +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetNamespace + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-list-namespaces.api.mdx b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-list-namespaces.api.mdx new file mode 100644 index 00000000..35654a51 --- /dev/null +++ b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-list-namespaces.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-namespaces-namespace-service-list-namespaces +title: "ListNamespaces" +description: "ListNamespaces" +sidebar_label: "ListNamespaces" +hide_title: true +hide_table_of_contents: true +api: eJztGmtzGjnyr6h0VxV7d4zBeVTClxxLuD2XHdsF9tbt2RwRo4bRekaa6IHNuvjvVy3NwPAw4H19ueRLsNTT3eq3Wv1ELRsb2rylVyoV8ZRcsAxMzmIwtB9RlYNmVih5ymmT5h6kJucgtTl0D/RExFA7F8ZWUEQ0Z5plYEEjkSeK39ImbSspIbZHV1pZFav06CfQRihJIyokbdIEGAdNI6rhqxMaOG1a7SCiJk4gY7T5RO00R0zSZUMPaYVNd6AG6TLavG30I8rBxFrkeDTapJ9gJCQQmwCZBGiiRv7PAhvJC2w0orGSxtJmYzaL1s5zLTJQzh59Nmsn2Z/zJSTPMmoDVESEJJmhs1k/SAuM/UHxKRKKlbQgLf5keZ6K2Kvy+BeDuJ7WOVLDXyC2qDSNircCjIezzIIHKxgNC6u8XfofLL2TpNW+Pv2pQ4ZTwmHEXGrJQwKSSGWJySEWIwEcDx7IGquFHC/0Q8Png95167oz6FzcfB7cXPSuOu3Tf552PtFow35Y2bh1erFls3XxM+3P0ErHQrJwkMU5K6vPHXZximeEl4pM2IqMhbQwXlJ7gIjoSOmM2QDy+mSbeHtgiVUkVnIkxk4Dn4vZ4yJi5EWdazURHPidJJ/Zo8hcVuwbsGg1ecosEi0QESY5ATlSOgaOujPBpw2dRVSNRga2n6MAeclBPgW2ga+yTGeziDLORQC9qoh0xFIDuF3SXQ453eACdMfns9XQ4hdMrqQJejup1/G/ZdZ7Lo7BmBAE/gjXWoTSCizTmk0xfljIzG4cgldg5r5USkfwNQWMQWJUB06cExwtgTPLhswAajpEtOcR+v1VlM4AR5PMmbZe6KRlrRZDZ4H4mOUXTUSMy3OlLZrX/Oyk5WxygeZ3JwlINkyBjIAXmQd5Gn2V21jCbbSX2IrJUqAqVla5DcvV8OSkFSmBR9SksClueCCU0sLFh0qlwDytDCxDqVWpzdd2xYRYAyJu2erXxeKA2TV+F1vedQvXBE0OQFphp+QhUaQAIg8iTYmGWGkOXrlMEua4sAQmIO3hprj7yLI8BV8GNNC6G7V6vf76Tb3eOPFlwNyjObNwhJkHZeByvn6MYnHTMRZbW45RAP2Fx0jZENKNfjaP0AHiuZDyvGFOWOo8jWVBqCICEpOgL1Q3d8S9VUw9q13sk4GT4quDdEoER2mOpoQRDUY5HQN5EDYhc6oL/GRusrOIjjWT9s+MQ2gyWmwDwu3VI7Y412AMFmSMnLV6REhjmYzhTt50T0nmjCVDIIxMWCo4uemekwOojWsReZVYm5vm8TGHTNVilR2/OiQjlabqISS4iiAMjDOQ1tRIh8VJ+WfAbizTtsiOPMgSjTHNEyZdBlrEJE6YZrEFHZGYSUyolglJkmmeAIa9zcC4ITkxKTMJmFrzTn758uVO2kSYWsZsnIA5ePVff4qPzePjW3b0a+voP/WjD/2Dxe+7u7u7o/5TPXrXmFUgDj8e4E7thR8dfnfQvMWf3x9+PDiufXf48e+vDgu+7nzky90wFfEZTJcqJb84uIfphpI11xCjTze9+lA+CZsAyVxqRZ4CuYcpyZnQZkPgVBIuR/7msBJCWZwAX4qfYWWVfODM0wiaW+hcyBAQhJI10nZao8ZzDSPQWFNN5veG7XZ/D9Pf4TU5ZNs8ArcjmrHHc5Bjm9Dm+8aHk4hmQpYLjdUTP76tfyCt3kWtQYoqBcPnVeczATmBVOUQEWccS9Mp6vN+u9/e+wKiwsDrHeRbRSgiAVUZjwRoMlKaoHGjNnzCTse+CFI+gxTVf71fqe0QYp3AvVQP6IBjpYVNMoK8l3655NWLyycBGSsOvHYnybUKLh3hPcoAydgUI8gXbVjzpP7m/RfPaLfXOsKaiJMHzfIcjxIqlC8QNw3E+cnbd7oRYDvtFdCIDJ0lmdJAgo2ZkgrjmM+YIRIA+dlyDTpr9QZXNz+cn7YHZ52fB63zHzddhp6D6vZaAzzNDpA39Q/vtoB02oNep3118vZdt7Eb7PX7N/uAvT1pdBu0Xy3iz5i5mgeWF6XARXzBi6cPMRWf9/FVZUCYMSoWvrQok55X3chpm4AuzTSe15xzB0D3fsF1ZB6HFveL23Kxjy2DZf/XkCm7teAuIFbPfc9M9aBOp+RokeONkDH4WMtSo9DwNFgtYIKBTbDKl/9XafSvy6Ibcudsg06rRlIs9rGTs83YIhrKumtvMJW2jF8deDtatZbrBEhRDBadrbNWr0kOTi+uO92L1nlEOv8OvzZW1kVE6l3edNudwfXPV52VKFTdKXGuLJcEfMPlnpmz35U375m52V5M3jMz2FRQoijQvEs5wJS0/LWe9Px15LcUOYiz4owV1DZh6FipkmODdXoh+p1VxTy7Ld1n54tbmmfnP152T6//tdY0m69XMsPyYpELFoud9gBD/9ra6/dv1tbenjToWmO1F677wEMwLtk3tT0rD1TF7gJpV3T25na6nRgzgw2tEtTr6actplLx6Z7A2+eZN+wd7adluj7DrFI+Y75MMtXE5WOmL6DQgn5rr6bSf7sJlRqCVcLC/Ia1R6NjGXVbZZmS5Fsj5Fsj5E9uhCzVjjANXlk45YvKxzWfJl0YC2P1tFoEFr2R52tP7zcBqrjmwKLBWSM3Bkjp6t69gPEQA7/lwW958Fse3JIH0WPWPAoFopWybdB/asvyZU8ne/VylhFiWyZEYxIjXyN8SXp54i1z+jz11r7l3m+59y/Ive2K0e7r6+i4g9h77ipTXaWWHCG4fpxgFwCDj3bGLgWb+cPv3tQrT677PfzvcKPQN77c/T5eQA72fScvXrKBkwU7pPgYa3943Icqgu1Nss3S2KWLu0YxT1KMDXxfUCdKlw+n5k6STpZ7t/EDHhIbTRmqi40saBKXbXU29jZolWXpVoYDxE5WrxGMxMpJi5aBzquBpKKwj984OxAGAHYOD3hn8gJYnxHoaK30HzchgF3rTd5djTNS2cFIOckxvpT1T4w3uNR3Ip30HXM/kuTbewOmxw47c16sjKdCwgAeY9+SplEFITbpNTA+HcCjMN5jc9CZMPg0MuAgRdHrLJpP8JgwZ8Kr+YiJFPgAS2QlgzgR39AXQvi249AyB5rJMXgufeGAbPltNA0dRmycZBMmUpwMQI6ZZYNU+TkMJ5mzCWrfl+HrlZdvfFlmnSEoyog8JAI7k4lyKfcdT5w5cBnxYRJN6Xas1DiFms7jWltx6K8t1EJ+NgaNeoNuVt8rOIR3F300YjE+JADaCCkwrLMkJOnIcSpMUiMtOSXOPPNp5ZtUxSwVv+LbAvZCi1cfLJqq7Pe8JGocLBOp6W/ZIiMBKY/Q1xeoh1OPMU4FSFsLOQXBd5uxLXuVS6KaRUV22iDEuf8PhWThNsZh6MabaG32Vj/W82wsCPOEq/0L33A2Ps/robCaaV8giEIApdwZ3mOKHjb5h39/8hecgG4IJozo4XpRM68jqVWCXqEHP2U4dKNaS06X0lw5hlgGl/2P5L8InGiwTsugxgJhk5Rt8TgsoCVgi5+r2ByP1bE3N3P8NwQ70njdRdMqHknKSFiltzYAmoFNVJge9WNZOcNnQ3q8e5j0eA1XKNXCJKnTKW3Sp3KIrSN5roS0szX/64RISS5zkNef/rkYe7vpnuNAUpzgc1wph3K35q0+CTxPmBYYfMKL7QrFkAKKbLC+O/OTmQZip4Wd0uZtP6KYBLqLWc2Cw8qs5c4RyOW6pRgyrC/m9OqoGXzgXiprVkW+Jis8a/Hs3aSThq+QlLEZk+W02iYVL+GYe6eFR4viFDJMfvgoEbR/u8coMY1WCfUj6vXRvKVPT3jnutHpbIbLXx3oQrSlqvCvWVSO36LBcGFwg29uBFWmZelBt3iVOSSL+m/5ONj82DprXMQ1SvHJb3/S+9FbmhBeojSHQ3xH1+EpqIRYq0MWX+B1PrdbYfsVX7667F3TiA6LQePMFylUswesBdhDOEi4YYRXTlx7oimTY+eTJg048d//AOye+4U= +sidebar_class_name: "post api-method" +info_path: policy-namespaces +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +ListNamespaces + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-remove-certificate-from-namespace.api.mdx b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-remove-certificate-from-namespace.api.mdx new file mode 100644 index 00000000..bc318382 --- /dev/null +++ b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-remove-certificate-from-namespace.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-namespaces-namespace-service-remove-certificate-from-namespace +title: "RemoveCertificateFromNamespace" +description: "RemoveCertificateFromNamespace" +sidebar_label: "RemoveCertificateFromNamespace" +hide_title: true +hide_table_of_contents: true +api: eJztWEtv2zgQ/ivE7CUFZLvpI93VabNpChToboMk3UtgGDQ5kthSpEJSTryG/vtiKNmWo8T2YQ97aC6OyeE37+FHryDw3EN6B1dWK7Fkf/ESfcUFepgmYCt0PChrPktIoYoiY7MRGW+kb9AtlMDxNZZ2gRfogsqU4AE/OVtupCCBijteYkBHSldAWJDChTUGRRhdORussHr0NzqvrIEElIEUCuQSHSTg8L5WDiWkwdWYgBcFlhzSFYRlRUimLudRMqigD0CjqUtI706nCUj0wqmKXIUUPmKmDLJQIFu00sxm8WuHxqoODRIQ1vgA6WnTJAN/blWJtg6jP/3Ak+Mt3wF50dDQSiVMGVZ6aJppGy304Q8rl6RIWBPQBPqXV5Wm/ChrJt89Ya2GFtn5dxSBkuaoEIJCT7ub/PfSHE91dm/2Z6In8NT02wLZRpJxI1lPmgXLasO9V7kZU0iOM+hZKwaar7saYqOeAUqiIe3o2ImSzDqW3ZtXB1Ur2YuXD06ZvJdBJSGBzLqSB0ihrpWEJoHs3uw7RNsJlMp8QZOHAtLTPoZT0DQJcCkVucP1Vc+ejGuPTQK9SH7ea2BPcPaMsS9G7oSypyTLnC3bvujlrg3Vq2jntl/vdjKya+F0v0PN1uD98+W6rXd4QW+/Xg+pbJ7OmrjgK2t8m/k3r1/Tx26Abmoh0Pt2Kvy/em3dTihfbrufrfaz1Y5utbYX4FAfNeRZxmsdhu1y6Zx1/12zCCvxuRTgIy8rjZHmGBtmma1NjERHAEBwI1AjZaE2P4x9aInHgmslZ9zldUnWkSNcamVwho8CUcYDW8AEuHbI5XKGj8oHmgIVulJ5IhAziUbFAw69rZ0gkILXPsTFjCuNclY5FNa04SS8uXXtvq3DzGYzx02O0UpFHpFZcVuZgM5wHbf4givN5zq2Iw98pm0cSbXhdSio9yibMQDDMeEDD7VnFMqEPRRKFMwXttaSzWlcMAoZW3BdI1Giu9zaXOPYVWJ8YSVOBwtjasMSvef5s7nZteCcSVygpqSOMi6UyRlSjbAOYWiSMuzS5Fr5YszOzZLV/oWjvTPaCq7VPyjj/PNoAsFQb/XNv4mRGEsMXGk/3bPFMoVaJjTJttDzZUQUWqEJMQqt+OEybnefhqpJIIb9uSBuRslcGe6WrbJ5nT+n6/lujTfci8Ou5dq7qbqwJnBlPBUFd3MVHHdL5tGpLgDruHNtTc4eVCgYZ7+TOSwUPLAWbo6+pa+03pHsIci4N0i7PEQGPq+z8blZQn9urSn6ergc71I80VriMNTOtGnsAFNWhFD5dDIR7QJVgrDlRFrhJ7mdxHLzk19IbOSwckilFUcZNOtJuDvjDzyWSgyFbV9ekdVUnC4pmBx+iE0OYnt0i/UrrHYaUlhVmgcqpUsjK6tMaAb9edlOUva1QnP78RNbn2Dfrr8kzNeiYNxv4rTeHceuKFofFtwpGk6x1J9qbK+I7rYY7jbxVeNR1E6FJaR30wTokrjevnM6C/dxpx0OQ6wC3mb81/fZ2bvR+w+nH0bv3p+9Gc3fZmL0Rvx29jY7O+MZP4OOTfT68cndfxwMlYEyme0TqEE+B4GnwHXv1hQWp6SdaqLkZu3RMfW0g7kZDQEfA+VKGYKNtbDqSu3uiDc/JIcUTxOIyU/vYLWac4/fnG4aWr6v0XV5XNcFfWuS9TuZqlMqTxuy4xQDNzbsAU7WrOkV29LJXfd+4HL/jwLdkAWg5/zxqo/Tt/OU39G0kSO80S1BbSUGpGh74lwIrMJe2WlvkFx9vbmFBObdLwJlZEzg+AMRE/7QOmKjf7FB49oKNDd5HW9waDHp719/IG1U +sidebar_class_name: "post api-method" +info_path: policy-namespaces +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +RemoveCertificateFromNamespace + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-remove-key-access-server-from-namespace.api.mdx b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-remove-key-access-server-from-namespace.api.mdx new file mode 100644 index 00000000..20826d6b --- /dev/null +++ b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-remove-key-access-server-from-namespace.api.mdx @@ -0,0 +1,75 @@ +--- +id: policy-namespaces-namespace-service-remove-key-access-server-from-namespace +title: "RemoveKeyAccessServerFromNamespace" +description: "Deprecated: utilize RemovePublicKeyFromNamespace" +sidebar_label: "RemoveKeyAccessServerFromNamespace" +hide_title: true +hide_table_of_contents: true +api: eJztV9tuGzcQ/RWCfWmBlRTn4rT7VDdxgCJtY9hOXwxDmCVntYy55IYX2VtB/14MuZIlS7bVoE9F/SIvL2cOZw5nhgseYOZ5ecXPrFaiZ39Ai74DgZ5fF1yiF051QVnDS/4eO4cCAsqSxaC0+gvZObZ2jmex0kp8xP6Ds+0aghfcduiAtv8qecm7ZGNs1jbG67UX6OZK4DjjfcT+RAj0nobRPUTtwEGLAR0xX3DC4yV/Z41BEUZnzgYrrB79ic4T84Irot8gSHS84A6/RuVQ8jK4iAX3osEWeLngoe8IycS2SiuDCvoZaDSx5eXV0R5v1cogCw2yeV7NbJ0+BzTWDWi84MIaH3h5tFwWO+e5VC3aGEa/+52THM58C+RRoiGvKpgyrPV8ubzO3kIffrGyJ0PCmoAm0L/QdVqJFN7JF09Yi11GtvqCIlDQHIkhKPQ0u9bAg1CnnQP39ZrpDfZTSKumPi8rDsUn4a3J+OCUmW24596EkrzgtXUtBF7yGNP3tqPOV7pZFvxmm/bTVnbo/zNry4KDlIrGQZ9tHLMG7fHxW5p2rjg8f7HOc6D5N1o7LCesjCyJ2/ZFTAO+s8bnEL588YJ+tu1dxEQ/X5n/hfgfFWJWwdNKXCYJSawh6rArlFPnrPv3ZCKsxH2exTtoO42phBobprWNRlLpHOoCF2AEaiS3RnNj7G2uR3PQSk7BzWJL7OggILUyOMU7gSjThnvAgoN2CLKf4p3ygfTfoWuVp7oylWhU2uDQ2+gEgTQQfUiDNSiNckrBsCa7k/Aq6/K8jWFq66kDM8PEUtGJiFaaViagM6DTFMxBaag0LZQQYKptuozRQAwNmqBywHeq4WWDzAcI0TNyZcFuGyUa5hsbtWQVMjCMXMbmoCNSpbyaWTvTOHadGL+zEq93Bsak/xa9h9ne2GwzOGES56gpqKMahDIzhqQRNiDsUlKGnZqZVr4ZsxPTs+gf2bqxR1sBlAQlAyOZRxMIhmrrJv2L5ImxxABK++snplitUMuCWbcBXfUJUWiFJiQv5OXPyzjPPnTVsuDJ7fucuM4NlTLg+mysirN9tvbf1pTbH00duQXbDtU7awIo40kU4CoVHLieeXRqcMDK76CtmbFbFRoG7Geiw0IDgWW4Cn3uamh86L12QcYb+XGIQ2rMqliPT0y/lbtWndsquRx+pLQjM3EYojM5jANgyZoQOl9OJiIPkBKEbSfSCj+Z2UmSm598R8tGjhIrSSulMiqlOROu0+3AoMXQ2Nx3p7LeQWh4ySfPt+GTg9rwXEJyDx6d5iVfdBoCKebUyM4qE5Y71/A0J0z2qUNz+f4DW+1gn89/K5iPomHg1+5YzY6T+Jt8jjk4RTkoKfqhxVwJhqKwO7tMPa1HEZ0KPS+vrgtOteD8vssdGD7XHGwVdv6qhh/f1MevR2/eHr0dvX5z/HJUvarF6KX46fhVfXwMNRzzvdX6sK0UYWVqu9mW7MRxx9nkrOGlUvL5EV1e0kILZnWCgwryQ9yNV8C3PAqHtBHwLlCAlSFeSUCLQaNXBzwVeXEI8+uCJ9WUV3yxqMDjZ6eXSxr+GtENAlgJir6Wxep5RbKWytOE3N/ibPrh+1Wb9AN77Ig32D/9lhySMOf0Cjzc9GH2tl6AW5bW6whvdElQ9yt2mqb7HeT1Ljy59nojC519urjkBa+Gh2SbOiru4JYaF7jNB7HpfOlmp7EF12BmMVV4njHp729sBvBB +sidebar_class_name: "post api-method" +info_path: policy-namespaces +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + +:::caution deprecated + +This endpoint has been deprecated and may be replaced or removed in future versions of the API. + +::: + +Deprecated: utilize RemovePublicKeyFromNamespace + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-remove-public-key-from-namespace.api.mdx b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-remove-public-key-from-namespace.api.mdx new file mode 100644 index 00000000..8a8dc380 --- /dev/null +++ b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-remove-public-key-from-namespace.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-namespaces-namespace-service-remove-public-key-from-namespace +title: "RemovePublicKeyFromNamespace" +description: "RemovePublicKeyFromNamespace" +sidebar_label: "RemovePublicKeyFromNamespace" +hide_title: true +hide_table_of_contents: true +api: eJztV91v2zYQ/1eI20sLyHbTj3TT07I2BYZua5CkewkMgyJPFhuKVPnhRDP0vw9HSY4dJ04G7GlYXhyRx9/d/e6DxzUEvvSQX8GZ1Uq07A9eo2+4QA/zDGyDjgdlza8ScmiSyNRsRKYb6Qt0KyVweo61XeFZLLQSn7H95Gy9kYEMGu54jQEdqVwDIUEOH6wxKMLkzNlghdWTP9F5ZQ1koAzkUCGX6CADh9+jcighDy5iBl5UWHPI1xDahpBMrIskGVTQT0CjiTXkV0fzDCR64VRDjkIOH7FUBlmokK16aWbL9DmgsWZAgwyENT5AftR12Z4/l6pGG8Pkd7/nyfMt3wF51NDQS2VMGVZ76Lp5zxb68IuVLSkS1gQ0gf7lTaOVSIGdffOEtd63yBbfUAQKmqM0CAo97W6i/xkT7GjvZn1xjS358TwUSqyNSh+cMsstEu5AlYQMSutqHiCHGNP3Lh3nY3Z0GVxjexj5Gtt/gsleXFbIlGSls3Vi/MS3dY3BKcE+Y8t6P19C122n6dWOo6NZ8wy4lIpUcH22xUvJtUdCGK08VE7nfXjhEX0UnqcUdfdLKi34xhrfh+n1q1f0s8vJRRQCve+T//+U+k+lVB97eCpvOnKq5FGH/fQ4dc66fy85hJX4EOt4y+tGY7q7jA2L0kaTeBj6OghuBGokjqK5Nvamv09WXCu54G4Za7KOHOFSK4MLvBWIMh24A8yAa4dctgu8VT5Q1jfoauXpXlhINCodcOhtdIJAKh59SIslVxrlonEorOnpJLzCun7fxrCw5cJxs8RkpSKPyKy0rUxAZ7hOW3zFleaFJkHJA19om0owGh5DhSYQv5gI2A0HJZkPPETPiMqM3VRKVMxXNmrJCmTcMKKMrbiOSDfd1dLapcapa8T0g5U431uYUj3U6D1fPhibXQtOmMQVagrqpORCmSVDyhE2IOybpAw7NUutfDVlJ6Zl0T9ydOuMtoJr9RdKxo1kHk0gGCqrbfMvEhNTiYEr7ecHtlipUMuMWbcFXbQJUWiFJiQWevGn07jfvU9Vl0Gi/SESN12kUIa7tldWxOVDuh6u1tTRu0O790P1wZrAlfGUFNwVKjjuWubRqYGAkXeurVmyGxUqxtnPZA4LFQ+shyvQ91MJrQ+z0z7IdKt3DnFIg1URy+mJaWG7a42T19hcnu9SOtFb4jBEZ/owDoA5q0JofD6biX6BMkHYeiat8LOlnaV087MfSGzisHFIqZVaGXRjJ9xt7wcn4BpDZfthOt3dDQ8V5DB7eraePYHs0a3GwTo6DTmsG80DpdGpkY1VJnR7tXnad1H2pUFz+fETG0+wr+e/ZcxHUTHuNxyNu9NUEVXvwYo7RY0ppfl9jf31MNwU+7tdGlQ9iuhUaCG/mmdAF8T53eg6WPjQnLBz48Obkv/4rjx+O3n3/uj95O2749eT4k0pJq/FT8dvyuNjXvLjzX35THEKrzKl3Z5K9iK1RyqRMjwzclgdUeVStGtuRqufzpMdxE3BB7wNFAVlCDRFeT2k0NUznmeQHVY7zyAFNb+C9brgHr863XW0/D2iG+Izxpu+umx80lDWSeVpQw5zwp4Tm4kAXoxD0Et2N9ftOkcj38H329A4Aejl9XzVz9O38+ra0bSRI7zJJUHdSewNOncnToTAJhyUnW+1h7MvF5eQQTE83uo0BYHjNzRs8JveEZv8S4WX1taguVnGdCtDj0l/fwPx7Zic +sidebar_class_name: "post api-method" +info_path: policy-namespaces +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +RemovePublicKeyFromNamespace + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-update-namespace.api.mdx b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-update-namespace.api.mdx new file mode 100644 index 00000000..af4885d9 --- /dev/null +++ b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces-namespace-service-update-namespace.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-namespaces-namespace-service-update-namespace +title: "UpdateNamespace" +description: "UpdateNamespace" +sidebar_label: "UpdateNamespace" +hide_title: true +hide_table_of_contents: true +api: eJztWm1z27gR/isYtDOxrxQt+e0SfUkVRXf12HE8ktzp1VYViFyJOJMAA4CydR79984CpERKsmTf5dIPdb5EBpaLxb48u1jgkRo20bR5Q69kzIMZuWQJ6JQFoOnAozIFxQyX4iykTZpaEl8sSPwFdQ/UlAfgX6chM7AYph5NmWIJGFC4yiPFj2mTtqUQEJjalZJGBjKu/ROU5lJQj3JBmzQCFoKiHlXwNeMKQto0KgOP6iCChNHmIzWzFDmJLBlZSsNNvIM1iCyhzZvGwKMh6EDxFPdGm/QjjLkAYiIgU0dN5Nj+mXMjac6NejSQQhvabMzn3tp++jwBmZnaJ722k+dLXmHypKDGUXmEC5JoOp8PnLZAmw8ynOFCgRQGhMGfLE1jHlhbHvyqkdfjukRy9CsEBo2m0PKGg8ZZHpZotFFcTEpS85B6dCxVwgxt0iyzf1el7hZGnHs0AcNCZtyyOYvF2OqHn+0PhlrfLmLMRhDrTVsp1sgpPMrCkDuuVxUWT+1vyuIMUPKqaDIXjeSM5/OnWI9ZrKG0cxcjHyBiUy7VJj0MM0syHBU03pp0uSvTT51+62Or3xpeX31s9TvDzuX1p+H1Ze+q0z776azzkXqbSTr/6ncun5ztdq4uWu0OHeCuCulWYrvrfO1JjbptI4NqDNsBnUqhnd4P63X8r6rdXhYEoLWLtm/hwwvQ+ibuXhV2AgJhEkKC3o/xiEYcMW3dxiHE0wzt/CrLTENIjCQpU8bqlrSMUXyUGSAWA+yg9ojO0lQqQ0YzstgiaWUmuiRMhLeCgGCjGMgYwhzKUabxV7FNJJxGdw4Mn0LZQfORVWndMMoQwphlsSGZMDwm8IAG4ybGCUuEWlp680jKGJh4Bixst1igABm3TPnrfHDIzJq8yymiwepOg5qCInsgDDczch9JkhORex7HREEgVQjWuEwQloXcEJiCMPubgvOBJWkMNq820Ikbfr1ePzqu1xuHNq8u4BIjqoZIjjpwUb+yjXxw0zaWU1u2kRN9x238D7FYRxgL5ckdsLzKqWdUFhiMvEzwrxnEM8JD1OZ4RhhRoGWmAiD33ERkseqSP1m47NyjE8WEKW+HKcVmWBcYSDbq54U4hC6j+DYinF7dYisMFWiNBQ4j560e4UIbJgK4FdfdM5Jk2pAREEamLOYhue5ekD3wJ75H3kTGpLp5cBBCIv1AJgdv9slYxrG8hxDdr6QIDZMEhNE+6bAgKv503LVhyiA8ERCh0yU6Y5xGTGQJKB6QIGKKBQaURwImCCYBxgWJZmkECHubiXFChETHTEeg/eat+PLly60wEdd+wkwQgd578x+7i/fNg4MbVvutVft3vfZusLf8fXt7e1sbPNa908a8RLH/fg9n/Bd+tP/DXvMGf/5t//3egf/D/vu/vtnP5bq1yJdmo5gH5zArR70bHN7BbEMJmCoIMKab1nyon4hNgSRZbHgaA7mDGUkZV3oDcEoBn8e2El+BUBZEEFbw042sLu8ks2s4yy1tzoUDBC6FT9qZUmjxVMEYlIKwqKx3ovkdzP5A1KSQbIsInPZowh4uQExMRJtvG+8OPZpwUQw0Vnf8cFJ/R1q9S79B8mIE4fOq84mAmEIsU/BIpjMWxzO05932uL2zBURJgKMdy7dyKCKOVYFHHBQZS0XQudEaNmHHE1vrSJtB8hKxPijVcEixvsCdkPcYgBOpuIkSgrIXcVmJ6uVhjoAIZAihfytIX7qQ9vBcooEkbIYI8kVp1jysH7/9YgXt9lo1rIlCcq9YmuJWXIXyBYKmhiA9PDlVDUfbaa+QemSUGZJIBcT5mC5WYSHmM6aJAEB5ttTK563e8Or6w8VZe3je+WXYuvh5U7n8FFW31xribnaQHNffnW4h6bSHvU776vDktNvYTXb09vg5ZCeHjW6jWqyfM321AJYXpcAlvtwK0rIQU4p5i68yAcK0lgG3pUWR9KzpxpkyEajCTYNFzbkIAAzvXaelEv0Ch5bHiJticIBH8Gr8K0ik2Vpw5xSr+75jurzRTMWktszxmosALNayWEt0PAVGcZgisHFW+vL/Ko1+vyy6IXfON9i07CT54AA7I9uP5q6s61uHWWZANzq0frTqLf0ISF4M5p2i81avSfbOLvud7mXrwiN4wsZfGyvrHJF6n6+77c6w/8tVZwWFyjMFz5XhYgGMAvTe8z+UN++Yvt5eTN4xPdxUUKIq0L0LPcCMtOzpnfTsceT3FDnIsxSMJdYmYhhYsRQTjXV6rvqdVcUiu1XOs4vBp23Uuvj5c/es/4/VPLEcL2WG6mCeC5aDnfYQoX9t7Ojt8drYyWGDrjUqe+64D6ED40J87T+z8kBT7C6Qdvey7pg+274Y08MNrRK069nHLa5Siukex9PnuXXsHV2m6ro2w6yufM5smaTLictipi2g0IN+b6+maFLeCnLtKjUkK8HC4oT14v5nWyaJFOS1EfLaCPmTGyGV2hFmLirzoHxR+bgW06QLE66NmpWLwLw38nTtaePGUeXHHFg2OH1yrYEUoW7DC1joMPA1D77mwdc8uCUPYsSsRRQqRElp2qD+1Jbly65OntXLqTLEtoxDYxKgXGO8MHp54i1y+iL1+q+59zX3fofc2y457XNjHQN3GNjIXbt5l7ISCC70gwi7AAg+KtOmAjblpxvPFHntXthd7u68GLYatNeF6/e/HaXstfc3uv3FVuUmk5adS0gzHMtMhOhURdILsGyPbfspE7ZNat912J7OkKlJhu0Yq3UWxlzAEB4C24ekXokhdmYVsHA2hAeurZlSUAnX2A8fhiB43uDKOw7wELFMu6vSMeMxhEOsi6Rw6kR+I5v9sKGfmaEcDxUTE7BS2myBYtlpLgwo94IiE2zKeIzXwSgxvjOIpb1jzwTLTITxamuv9XRrux2GmUwTVKVH7iOO7ahIZnFo21x40ZwlxMYGetbNRMpJDL5KA78tQxisDfgOlLVmk422WW1Sh+Ca7ao2ZgF2jwF9hOQc1kXignTEJOY68klLzEimn/i09E0sAxbz37ChjA2wvNWPmbIsfs9qwg/BMB7rwZYpMuYQhx6RqsR6NLMcg5iDML4DEiTf7camaFBVVDX3ckjaoMQFOI64YK4ED2GUTTattTla7ZONJ/HLPcpaPbTaLqO24K5G3CimbFbguQIKvTMsXvPGJfm7vXSwVa1jNwLt3jnheF4orTPxS8Cc28E+1RplY78lZhVsK95yFeDy/C3ZL5wkCkymhDNjzrBJil5o4AbQE7CvG8pAH0zkgXU3ffAXJKspPOOga+Wd8QIJy+utP6NLwETSPcKzb25ShpdF9GD3m7yDdWYuQ7sHeZmKaZM+pjEz6CwdEaaSCzNfi8COw0ryOQXR//gTKb7AMw++QwkivIUpNFHM+tbvIyf0lCmO8OMu6lZWdEkgzwfrs3P7wE1DkCluZrR5M/AopoHu8slbLmFRiNKjMXt7Mj49rp382PixdnxyelgbHY2D2mHw7vRofHrKxuyUVgvDRdkw3/Jga/ejqzkC71hWDnmrhlpTMCoovyJt0mnDFsBSm4SJ4gHTRs+oMFlEtYEHg0bgwj0TsOjinObmGQ85qbe20sCj1ozNG/r4iBX6tYrncxz+moHKLVJYGP+ae8XjR/SzkGucCDe3DUpvFele8Vxwnyzrwep+8Ki89aVnDoiU4gXR85d+3nqV95mVlRZ0yK/WdxcHBcVaAbP8Ag9/qdlKOyhhwNXnXp96dJQ/80xsdUMVu8cigt27jbh61N2J4Rg6t5hkNttSxxP//Rf+dBbP +sidebar_class_name: "post api-method" +info_path: policy-namespaces +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +UpdateNamespace + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/namespaces/policy-namespaces.info.mdx b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces.info.mdx new file mode 100644 index 00000000..d33ae83f --- /dev/null +++ b/docs/OpenAPI-clients/policy/namespaces/policy-namespaces.info.mdx @@ -0,0 +1,41 @@ +--- +id: policy-namespaces +title: "policy.namespaces" +description: "" +sidebar_label: "policy.namespaces" +hide_title: true +custom_edit_url: null +--- + +import ApiLogo from "@theme/ApiLogo"; +import Heading from "@theme/Heading"; +import SchemaTabs from "@theme/SchemaTabs"; +import TabItem from "@theme/TabItem"; +import Export from "@theme/ApiExplorer/Export"; + + + + + + + + + + + + + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/namespaces/sidebar.ts b/docs/OpenAPI-clients/policy/namespaces/sidebar.ts new file mode 100644 index 00000000..5db9bab9 --- /dev/null +++ b/docs/OpenAPI-clients/policy/namespaces/sidebar.ts @@ -0,0 +1,7 @@ +import type { SidebarsConfig } from "@docusaurus/plugin-content-docs"; + +const sidebar: SidebarsConfig = { + apisidebar: [], +}; + +export default sidebar.apisidebar; diff --git a/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-add-obligation-trigger.api.mdx b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-add-obligation-trigger.api.mdx new file mode 100644 index 00000000..5a234eff --- /dev/null +++ b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-add-obligation-trigger.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-obligations-service-add-obligation-trigger +title: "AddObligationTrigger" +description: "AddObligationTrigger" +sidebar_label: "AddObligationTrigger" +hide_title: true +hide_table_of_contents: true +api: eJztPftz2zaT/wqGdzOx+8nyI4+v1XXaUxS19cWRPZLcuV7kU2ByJaGmABYAnagZ/e83C4AUScl6xE4u8Yf8EgsAgV1g37sEPwaajlXQeBtciJiFM3J+HbMx1UxwFVzVApGANL9Oo6ARJGZMXSzG1Hsgb1kI9WYULR7tSzYegwxqQUIlnYIGiWt8DDidQtAIWoJzCPXBhRRahCI++B2kYoIHtYDxoBFMgEbmcQl/pUxCFDS0TKEWqHACUxo0PgZ6luBMPJ1em5Ga6XjD1MDTadB4e3xVCyJQoWQJwho0glcwYhyIngC5taOJGJmfbjaSuNmCWhAKrnTQOJ7Pa0v49NkURKoP3qglTLaHvDTJnYBqO6pGGCdTFcznV3a3QOmXIprhQqHgGrjGP2mSxCw0Z3P4p8K5Pi5DJK7/hFDjoUk8ds1AYe/itH+ncQrmAQfyomt4a/qqAHez86ttWIRFBUCUloyPC1vDcIKRkFOqg0aQpiwK5rVg9Bdf9xB214Ip42fAx3oSNI6Lc0gWzOe1gEYRQ1hpfFGAZ0RjBdgbWjwWGLuWL4qnJbK7nzL9tWBKP2SYnjx/WsW8DG+HToFMU6XJNRDKCY2TCeXpFCQLiV2gRmgci/eMj8lklkyAK0J5RFIegVShkKDIdaoJF5pQZUhyxKTSREgSU6VJOKGShhpknfQnQJQWEiKCsJL3LI5xYY6YxuxviIgWJBbvQZKQKqg3Bvzdu3cDridM1adUhxNQe0/+9y09+Lt58D9HBz9c7f3cWPwaHlx9V+jb//nfn+y7GQZ8m2PWWrLrVMMSgec9j5O+jYT4oDfLgASS4rbgz00YhzEDrk/X4m3HDA36RUQ2QT5fTNG1Mq/lMCmqjLcGzqu1U1UP9DcRR5aa3d4QDhBBREZCkoW4I6M0HrE4nqJ8ndeCKWgaUU2Lm5S3Vdc4TywwA05aYjoVnBSGrt/UmF5DrFadV7aqG3EX0nefhSXweRVY4YAlbuIdjmaVSeCOq3JOVRVTW8jZCm/udppuUYR6XjUmTINKBFd2X06OjvC/8gS9NAxBqaD2UMpUO8uoQCc6N5buKULmtR119UOut3qpB1kEdYZKaFhCZ9H4AKK3fOhj4Gj0QkRQEqOBhbx5TRXsoI3LU6bK6riESm2IlzQzuibGqDONqkZUmiRCanI9IzmGpJnqSQe174AT4PQ6BjKCyBnmW2oKZ83cltWbbalCa5sRhghGNI01SblmMYEPSPhMx9hhBuEuLQ7gWogYKN9CIG5QHRJw4qYuPu0ah1QvwbvoIgrM3imQtyDJHnDN9Iy8nwjiBlnjQ0IoJIp1xo35k0ZME7gFrvcX0OX7CB/oNInBuEnHKAyO60dHR0+fHR0dnxgvKVe7EdVwgKY57kGaRMtouMZVaCy61qDhBn1BNP4fdY6aIC8UOzeon+pMPS3TUCPnpZz9lUI8IyzC3RzNCCUSlEhliAapnpB81cX8C8U8rwVjSbkuokOlpDN09DRMV+7P7qIOzbY1g7C7imIziiQohR4rJa+bPcK40pSHMOCX3dOFkU9uacwictk9I3tQH9dr5MlE60Q1Dg8jmIp6KKaHT/bJSKDVDxGSX2EjFIzR1lF10qbhJPtpZ1eaSm2cA+CR3cuqS5E7AzUSUm5sK8p45ljU7hiMHTwiKqZqAuour8Bg8XPj8LDoHiz+HgwGg4Orj0e1F8fzkpOwhz31HR/a/26v8Rb//Mf+z3uH9e+qvkYtSNLrmIWvYVYymE3j8AZmK3z6REKIPN0wx4f7M6G36J7FmiUxkBuYkYQyqVYITsHhfGRCKxURSsMJRCX5aVuqy1vIzBr25BZnzrgVCEzwOmmlUuKJJxJGINGVu80DK+vp/gZm9+CaBKbrOAK7S67v98c/nKz3fT88P/qBNHud+jFxRh2Kz4v2GwL8FmKRQI2kKqVxPMPzvFnPtzfWeVkA8HTD8k0nipybnckjBtL4GEjceBpGYcdjXJoLo0Fc+OroqmBi44jlBW64eI8MOBaS6cmUIOwZX5a4ehGdI8BDEUFUH3DSF5ala+gHKSBTOkMJ8k4q2jg5evb9OwNot9c8QJsoIu8lTRJExVoo7yBsKAiTk+cv5LEd225VhtZM7GAqJBBLYypbhUaoz6hyfld9lR6zGxG8bvaGF5cvz05bw9ftP4bNs1+H7c7lm+Flp3fRbp3+ctp+FdTuHNXtNYeIzYYhz45+eLFmSLs17LVbFyfPX3SPNw97+v2zbYY9PznuHgdXRV/qNVUXuWDZSQUu5MuAk6YRMQWeN/JVTIFQpUTIjGmRKT1zdKNU6gnIjEzD3ObMGQDZewevMJdDRQfQNV5hTLXM/xKmQq81uN2IKt43VBURTWVMDhY6XjEegpG1NFYCCU+ClgxuUbAxWnjyX0qNfjktukJ3zlecaZFIXOPVfH0QYF4LrFnXNwSz0IC2dWjoaClSgCFKawy60P/rZq9B9k47/Xa30zyrkfZ/279WWtZOIvXOL7ut9rD/x0W7IoWKPdmcleZsAeQCpN7X99KbN1Rdrjcmb6garjIocSuQvLN9gBlpmigI6Rl35FOMHJyzwIyFqfWEImPFgo8V2ulu6zdaFbl2K/mzeePdZ9Q8+/W8e9r/raonFu0FzVBudLpg0dhuDVH0L7U9/f7ZUtvzk+NgKfPUs+4+RFYYZ+Cr+paWBx7FZgNpcyD4hqr1kVoklhWhEjzX01drSKXA0z2G3udrQ9jrVdi8vK7RMNWVX1NjJqmi4jIy0xhQSEGfGqsphGcvraVmkhYLsZB7WDtHfncN9/pAiA+EfFogpGQ7wsxypWPKnczHJZ4mXRgzpeWsaAS62MjdtqfhGzvKuTmwCHDWyaUCkrG6YS+gkZWBXg96Pej14Bo9iByzxFG4IVII3QL5WUOWu6VOtorllCfEsIyVxiREuEaYeNtd8WY6PVe9da97ve79Arq3VSDabXkdGXcYGs5dqjcRosQIlvXDCUYBUPjIVOktxNxWdvG8Zrfmk+VHEDIZpjGVe/uFuc+Xc/1b7YqDZetsp89AeuZ/VBnIjVx9m5d8bEJWZ3Uxn4mzF/W/2/F2Do/nbs/dnrt3rUXeOimcKi3WmuBuxN1+fMmTyUeXUjm2cUUqB4NmEZWlrHTetmbJNfH2frPzqtl9NWy2+qfnnWrMvdL7qt3q/nHRX9HT7zY7vTen/XLOrQBbEcG82SQi7ukw/Xr/WjMvDb00/NeShksVD5xYWYjH4k4P86Oa3hh8d6nv/6IBkXz5lTB9meLZMryLolMXy3pAaHydra+z9ZLfS35fZ/vtFgj5OltfZ+vrbH2dra+z9XW2vs7W19n6OltfX+Trix5zfZGvs/WBEB8I8XW2Xg96PfivrAd9na2vs/W692vVvd9wne1SVjDPWGblHTKNSw62+X33Y9hNjPpZo5X6/e7py8t+e9i9PMsc4+Wg3p3Dmmdnw/Nf1o7o/LFhxG+n7W6z2/rtD+OJf45a40+tMPYpqK84duZTUD4F5VNQPgXlU1A+BeVTUD4F5VNQPvTmQ2+POfTmU1A+DObDYN9yCioPTq1JQX19xfVeM3vN7DXzpqTYslYuvjXk9abXm1+v3iz5nJhV2ehvbn/Jgk8ifMXRD59E8EkEn0TwSQSfRPBJBJ9E8EkEn0TwoQofqnjMoQqfRPDBEB8M+ZaTCAbpbyqBoFJz4m+sE/OZY0Gf/hVr3NzFPUnmcTKlSWLuUvoPQm9ogwyM7G5bfjL/xWBs0fzBQbBBPpVrdDdYZHbnWoLbUT0oCQPXPQyz/qGCZbmAeElIlbnJqbc84wJJQ19jdgu8uhEPcgmXA7cH94kH5rj+KkWaPMRE95jDYdT+oEFyGvcghlAL+fum6Gh2cOAeHCr35B2kSUk2wIgBSkYM4siKAoIXvpFRTLUGDlFGnF0UIgq4tl/q3lNpOCFUDTgZSTElLLo4PHvVvNjHg0GUqBal7zHnbavICXBlO3E2DjW9hLjyveNlW//y5X+1W/3hm+bFxWnn1+H5Rbvb7J93V8Ug1o897Wwc0jnvbzPstDNsnXf6zdNOz3gRlVP9fduS/BzZKeOntu94vubQXaV9aXx1t2OmNG5tKKYJlUwJbk99oQ8kKJTKGMhOkniGESU9gQEnG4hsK7oZcLLnRMZ+LTt265/j2jmRlF5CyRiremPoOmYpEOFuHzf/bsCbJF8SlRTjoPC6LXz/Q4zIj7nSJFQbqBc4P8nZygx4MuCxsLGan8iPGUA/kR8d6CTbSncGPxWVeUGeVCnA6cLzFWzmuoZr2c0NKrKdCU7SUAqlDE6l1e9ivtZ559Wpuer15fn5WbvZufONl3Ujm51NI8675TBcqySzK2RR3Zzdjr9JQhHjGRpZNFpQglqm1upek0SKWxZBtPIYh2OrYNayZ55tWFCg1UuESihAYHysZucVicWYhWUHL9eKu5mYd2LuIAhWiB4Fepk6/eWJ3td6VJcnbnmJ+E52n79M3F8m7qWil4rftFTMoG5mn0x4wNvFi2Eka4Uux7xdH0lATpl2lpmzTTCIZaPQUxsn8kzomfAxM2GvFBXdjRnds8Q93CBNciFiFs4wr8PGHIMA2Zge6D21j8DTAuPlwdABt77xPxx34thQTK8ZX6pZyLyIaRbIrYKVuckFDvYZWZ+R9RnZQkbWlNtagfFlEiJeh3od+qh06MN9yWaXVJwGOd0hCVD8rJ950pTCY/SzAO3YhUPvz+T5VWzrpV8+bJUMLF3pllXJuXQCMaDaHI87qdwK+NSKERu2NqUdplQkS2jcvVSNvJ+wcJKXFVpKGnC0a8q30fn6Ei8Uv0KhWH3Zpsi2jot2S390MxZxtkQx+5BPHhUyBeaNl+pTasAL9WApjwBzzI43LTviZPWSGdQtWzGViF5FRN8PK0X26A3NTLKW4FqKeIFFG4vwzTAzqtVt7+MGDLgyOieVoLIvXWXizEmU4mYoU+5bqXsoZVEyeTQsij6Rf+71M9txGz9hds8ldrtc03+XzH+XzKuZr1TNfE7b27/P+RW/iOLf5/Tvc/r3Of37nP59Tv8+p3+f07/P6d/n9NlDnz18RNlD/z6nD4T4QMijep/Tf5fM60GvB/13ycqxnPKE/rtkXvd+y7r3G/4u2b2/ybVdymORRi5SaKH14SqZtr+7U0s2HoN84M+RnedI9e38W5NEDs/WyV6fgPWy71ElYOer+OhTP/DnecjzkOehXMFuxz7Fgi8f+fLc83Vyz2br12T9P+j71CSUitnx50Z6jhlwvT62YMfY8EKxgmAHd6MLf6Wg8JIrg2E5f4Zw7laO+puIo/yWFZzRZeWN17EQB2SUxiMWx5jLrNwoYsDwqtQLg0eoSrfkyWYULTl+XVCJ4GqT6Tqfm70wNbi4b2Vk2lKaa5NcFZOJBidYoWtWOvxTWZdahROY0s1SDet/Vh1OkUy40MORSHmE5JFFkkPMhcWmpiPlpvYIRSk3hRJDKsepkQuICI1ixmEIH0IjRrDyP58Qy50k0Gg2hA9MmdiHeWlXYZHZMALOXNWIS+PDhwlNla0/HlEWQzTEZEPhCi56bULKWCWX6qEYDSXlYzBQmhAsgmW6GbeXW5kuektZjDXWCDHVdBgLpWxPqidIK/YikaUYtikh0FSniuBWZq/sqIlI48jUjnDzVfbs8roReTsWYhxDXSZhvSUiuFpqqFvZqRQdrzybauVXBLaCTR6MaIglWYA0QtwMyyAxTtp8HDM1qZMmn5FU3fFo4Rm8KCxmf2OVFlaVuPo5VBJF8HtmJ+oRaMpidbWmy17pVyNCFqZ2F1dZlVi3IgGHbyZjnVV9VN9KuzP6k4s5fPXb5rUiuE7Hq9Zaza1apmvsDuxdtodN6Y4yYlpeMy2pNPKduQ3I9p1iRshVA5H/NJV8JlVkp7sGq55Nu8s+LE9SL4hYdw6JFFpcp6N6k8+qd9hxfJM9Ey7bo2SesJBI0Knk9hjdhA2SFRiFtgEpAYulIhGqw7E4NOSmDv8Nhx3I0l18wTyThJXC51UBtSnoiYjQLBPKUAdFIyo4TMw1AfWCE1PH5AwL4fCOmay2Vaa6NpVx0Ag+JjHVSC5tHiWCcT1f4sG2lZbkPAHef/ULyZ7AVCK+3mHuosz3IuutG8qfWIhvqWQogKytWVnRqgGnEZZ753OsjlIQppLpWdB4e1ULUBE4w/CliGYOQpxIVAIpLmQbPB3R75+PXjw7eP7P438ePHv+4uTg+ukoPDgJf3jxdPTiBR1RTPaZKEqBw+w9CrvOYoPRxWmWXnK9D1AFa9/Z7QtbPB9WsVBzE8eQHdZBl+z9JUpaogI8RVce3Qhuj03ySyg9pWZ3HMZ3kF1pplwCIQ5ILozb9wSMJLS0/XYFRBltY/p11TJXtcBQW+Nt8PEj5ucuZTyfY/NfKUhHOBkh4q95LZgAjUAadoiYuVQ3Wm1mfVyYJMFe13kg+2RhgpaRwUR5LngOLlAyhSI++D2vL3eSOwiwPHT7pbdbr8+mIFJ98EZVV8rH4XwHfVs2mI1YsrQWT2DqN9Frx14V5NTFeQ+vEbsWkakimBozLJD0PVo79L1FxBqjtiIW25BG+Tg1ZkFg58R//wezwXee +sidebar_class_name: "post api-method" +info_path: policy-obligations +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +AddObligationTrigger + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":"circular()","title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false}},"title":"AddObligationTriggerResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-create-obligation-value.api.mdx b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-create-obligation-value.api.mdx new file mode 100644 index 00000000..b9938b10 --- /dev/null +++ b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-create-obligation-value.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-obligations-service-create-obligation-value +title: "CreateObligationValue" +description: "CreateObligationValue" +sidebar_label: "CreateObligationValue" +hide_title: true +hide_table_of_contents: true +api: eJztPWtz27aWfwXD3ZnYvbL8yOO22k67iqy0vklsjyRntht5FYg8klBTAAOATtSM/vvOAUCKpGQ94iQ3SZEvscBD4AA473MAfgg0Haug8Tq4FDELZ+RiGLMx1UxwFVzXApGANL/OoqARJAamLhYw9S7IWxZCvSWBali8/YrGKQS1IKGSTkGDxEE+BJxOIWgELcE5hPrgUgotQhEfvAKpmOBBLWA8aAQToBHIoBZIeJsyCVHQ0DKFWqDCCUxp0PgQ6FmCPfF0OjSQmul4Q9fA02nQeH18XQsiUKFkCWIaNIJTGDEORE+A3FpoIkbmp+uNJK63oBaEgisdNI7n89rSfHpsCiLVBy/V0ky2x7zUyZ2IagtVI4yTqQrm82u7WqD0UxHNcKBQcA1c4580SWIWmp05/FNhXx+WMRLDPyHUuGkS910zUPh0sd1IBDm00pLxcQH/BdyARUEtGAk5pTpoBGnKomBeKwA8e8u37Gn0FnduyvgL4GM9CRrHxY4lw35vDa2t6e/WEeOUvs+6OXn8sLq4C+Il5gUyTZUmQyCUExonE8rTKUgWEtt/jdA4Fu8YH5PJLJkAV4TyiKQ8AqlCIUGRYaoJF5pQZbZsxKTSREgSU6VJOKGShhpknfQmQJQWEiI38jsWxzgyx5nG7C+IiBYkFu9AkpAqqDf6/M2bN32uJ0zVp1SHE1B7D/7vNT34q3nwv0cHP13v/dpY/BocXP9QeLb/638+2Hc99DkuoZZsPDZMmq8ilZLOkIw1TNVmKqGhXcYP+aq7luoydxxL22mfnWasZsGJnlBt5+9wIjhHIqqbY2URiSBkyLCMj+u442txZGvpdzXRWg6/+y3zfJm0yhRbXoFzOv33EBfi+qVpa14LaBQxnDqNLwvbMaKxAnyqtWTDVMOrnI0zAsqeDDIGXkdJObQjkLPTr46WRuvF3mZZt3Exjch/rzezawJJcanx56YZhzEDrtfrAAtj5X9xIpswny+66Fgl1nIzKdoArw2e12u7qhLJ7yKOLIe4tSEcIIKIjIQsUsIojUcsjqeoMIvoGKrsWfJxqFVwyuVchZLX41kYIhe+SxopsS/3OWmJ6ZBxi6oYZcISZUKFS+5F9PNaMAVNI6ppkTrytvUITgUnBdD11BTTIcQr9Uo2qoO4axU3qft5FVnhkCWu4x1ocqV1u5oabrfZe+y7bNqaBpUIruzcTo6O8L/yDLppGIJSQe1TmXa3VZGbCdp7yr6SsVfsv9D6KQZBhaYSGpbmsGj8BDK8vAFj4OgPQURQpKPpjbQ+pAp2MBXKXabKKuCESm3ohTRzRWbMfdOoakSlSSKkJsMZyWdImqmenKMY6HMCnA5jICOInM+2pcpBNgg1uy3rXttSxdY2Iw4RjGgaa5JyzWIC75EImY7xgQHCVVpswFCIGCjfQsBs0EGGEaOmLr7tGgdUL+G7eEQUmLVTIG9Bkj3gmukZeTcRxAFZoSkhFBL1A+PGNksjpgncAtf7C+zydYT3dJrEYDzoY2TM4/rR0dHDR0dHxyfGgc71d0Q1HKDThmuQJtHyNFzjqmksHq2ZhgP6gtP4N8pwNUFeKD7cIM6rPXW1TEONnJdy9jaFeEZYhKs5mhFKJCiRyhCtZT0h+aiL/heKbl4LxpJyfQ/faRtRh/bfGiB8XJ1iM4okKGXsBfK82SWMK015CH1+1TlbeCBoELCIXHVekD2oj+s18mCidaIah4cRTEU9FNPDB/tkJNAlgQjJr7AQCsZoNKk6adNwkv20vStNpTZWCvDIrmXV38k9lRoJKTdGGmU883pqdwDjAx4RFVM1AXWXy2Jm8Wvj8LDouyz+7vf7/YPrD0e1J8fzkgezh0/qO760/8Ne4zX++Y/9X/cO6z8sO9lJOoxZ+BxmJcvbNA5uYLYi2pNICJGnG2b7cH0m9BZ9x1izJAZyAzOSUGZMxyqJCQ4XIxN0q4hQGk4gKslP21Id3mJmxrA7t9hzxq1AYILXSSuVEnc8kTACaYIYechtPd3fwOweXJPAdB1H4OOSX/7j8U8n6x3z94+PfiLN7nn9mDgDC8XnZfslAX4LsUigRlKV0jie4X7erOfbG+sFLRB4uGH4phNFLgaQySMG0jgrxoxHOkFBF49xaC6MBnGBzaPrgsmKEMsD3HDxDhlwLCTTkylB3DO+LHH1Im5LgIcigqje56QnLEvX0KFSQKZ0hhLkjVS0cXL06Mc3BtFOt3mANlFE3kmaJDgVa6G8gbChIExOHj+Rxxa23aqA1kxgYyokEEtjKhuFRqjPqHIOXH2VHrMLETxvdgeXV09fnLUGz9t/DJovfhu0z69eDq7Ou5ft1tmzs/ZpULsTqtNtDnA2G0AeHf30ZA1IuzXotluXJ4+fdI43gz388dE2YI9PjjvHwXXRN3lO1WUuWHZSgQv50uekaURMgeeNfBVTIFQpETJjWmRKz2zdKJV6AjIj0zC3OXMGQPbewcvK5VDRn3KN1xhtL/O/hKnQaw1uB1Gd9w1VxYmmMiYHCx2vGA/ByFoaK4GEJ0FLBrco2BgtvPm3UqNfTouu0J3zFXtaJBLXeD3fGHOxZl3PEMxCA9rWgaGjKrWY+Kk1Bl2k+nmz2yB7Z+e9due8+aJG2v9j/1ppWTuJ1L246rTag94fl+2KFCo+yfqsNGcDIBcg9T6/l968oepqvTF5Q9VglUGJS4Hkna0DzEjTRCRI17gjH2PkYJ8FZix0bQJZQ4gFHyu0093Sb7Qqcu1W8mfzxrv3qPnit4vOWe/3qp5YtBc0Q7nR6YJFY7s1QNG/1Pbwx0dLbY9PjoOlnGTXuvsQWWGcoa/qW1oeuBWbDaTNEeUbqtaHfJFYVoRKysmdFaRS4OkuQ+/zuSHs9SpsXh7XaJjqyM+pMZNUUXEZmWkMKKSgj43VFMKdV9ZSMxmVhVjIPaydI6m7hk99IMQHQj4uEFKyHWFmudIx5U7m4xJPkw6MmdJyVjQCXWzkbtvT8I2Fcm4OLAKcdXKlgGSsbtgLaGRloNeDXg96PbhGDyLHLHEULogUQrdAftaQ5W6pk61iOeUOMSxjpTEJEa8RJsF2V7yZTs9V7+bUv9e9XvfeX/e2CkS7La8j4w5Cw7lLxTBClBjBsn44wSgACh+ZKr2FmNvKLs5q7j5afgQhk2EaU7m3X+h7uXp0u1VxuGyd7fQZSM/831UGciNXb1kh+0kKQXcrDlkq+ivU/m5TjFKWJBsqDe8uUd06eZYqLdaaKg7ibn+nZPHl0KWQt21cEfLG4EJEZSl7l7etGXJNXLLXPD9tdk4HzVbv7OK8GpusPD1ttzp/XPZWPOl1mufdl2e9cm6igFtxgnmzCdje07D87f41OV4neJ3w99IJS5lhvigpJW73MI+k6Y2Z7y5F2l/UccyHX4nTlykyLOO7KM7LDjZ8Omx8PaKvR/SS30t+X4/47RZS+HpEX4/o6xF9PaKvR/T1iL4e0dcj+npEX4fh6zC+5zoMX4/oAyE+EOLrEb0e9Hrw76wHfT2ir0f0uvdr1b3fcD3iUlYwz1hm5R0yjUsOtvl992v4mBj1s0Yr9Xqds6dXvfagc/Uic4yXg3p3gjVfvBhcPFsLcf7HBojfz9qdZqf1+x/GE/8cNZkfW4npU1BfcezMp6B8CsqnoHwKyqegfArKp6B8CsqnoHzozYfevufQm09B+TCYD4N9yymoPDi1JgX19RXXe83sNbPXzJuSYstauXhqyOtNrze/Xr1Z8jkxq7LR39z+MLpPInzF0Q+fRPBJBJ9E8EkEn0TwSQSfRPBJBJ9E8KEKH6r4nkMVPonggyE+GPItJxHMpL+pBIJKzY6/tE7MZ44FffyniHFxF/ckvbKfD6dJYu5S+i9Cb2iD9I3sblt+Mv/FYGzR/MV+8AlvO3Qr1xLcQnWhJAzc40GYPR8oWJYLOC8JqTI3OXWXe1xM0tDXmN0Cry7EJ7mEy6HbhfvEA/O5/iZFmnyKju7Rh5tR+70GyWnchRhCLeSrTdHRbOPAvThQ7s07SJOSDMCIAUpGDOLsQ/N44RsZxVRr4BBlxNlBIaKAa/u94D2VhhNCVZ+TkRRTwqLLwxenzct9c5VngsdohCzSVt62ipwAR3YfMnZwqOklxJXvwi7b+ldP/9Vu9QYvm5eXZ+e/DS4u251m76KzKgaxHvbsfCPI+UVvG7Cz80Hr4rzXPDvvGi+isquvti3Jzyc7ZfzMPjuer9l0V2lfgq+udszwi/AjEoppQiVT2aefF/pAgkKpjIHsJIlnGFHSE+hzsoHItqKbPid7TmTs17Jtt/45jp0TSekQSsZY1RtD1zFLgQh3+zb4D33eJPmQqKQYB4XXbeH5DzEiP+dKk1BtsF7M+UHOVgbgQZ/HwsZqfiE/Zwj9Qn52qJNsKd0e/FJU5gV5UqUApwsvVrCZezRYy24OqMh2JjhJQylU/mH0xeh3MV/r4vz0zFz1+vTi4kW7eX7niZd1kM3zTRAXnXIYrlWS2RWyqC7ObtvfJKGIcQ/dR9XzodQytVbXmiRS3LIIopXbOBhbBbOWPfNsw4ICrV4iVEIBA+NjNc9PSSzGLCw7eLlW3M3EvHPmDoNghehRoJep01+e6H2t7+ryxI1xG3tN7k52n79M3F8m7qWil4rftFTMsG5mn0z4hLeLF8NI1gpdjnm7ZyQBOWXaWWbONsEglo1CT22cyDOhZ8LvmQm7pajobszo3iXu5QZpkksRs3CGeR025hgEyGC6oPfUPiJPC4yXB0P73PrG/3DcibChmA4ZX6pZyLyIaRbIraKVuckFDvYZWZ+R9RnZQkbWlNtagfFlEiJeh3od+l3p0E/3JZtdUnEa5HSHJECB9e2bphQeo58FbMcuHHp/Js+vYlsv/XKwVTKwdKVbViXn0gnEoGpzPG6ncivgYytGbNjalHaYUpEsoXH3UDXybsLCSV5WaCmpz9GuKd9G5+tLvFD8CoVi9bBNkW0dF+2W/uhkLOJsiWL2Ie88KmQKzImX6luqzwv1YCmPAHPMjjctO2Jn9ZIZ1ClbMZWIXkVE329WiuzRG5qZZC3BtRTxYhZtLMI3YAaq1Wnv4wL0uTI6J5Wgsi9dZeLMSZTiYihT7lupeyhlUTJ5NCiKvsW3Lj+zHbfxE2b3HGK3yzX9d8n8d8m8mvlK1czntL39ec6v+CCKP8/pz3P685z+PKc/z+nPc/rznP48pz/P6bOHPnv4HWUP/XlOHwjxgZDv6jyn/y6Z14NeD/rvkpVjOeUO/XfJvO79lnXvN/xdss/0Ta6LPG38sV/n2i7b6TOQnvm/qwzkfBUPbc0+xWoN77Z67vk6uWez6jIpu/f6PgnFUiUq/txIzzEDrtc7BhbG+gbF9N8OtkIH3qag8IYaM8Ny8Bvx3K2W7HcRR/kVCdijS6kZk2EhDsgojUcsjjERUbkOwKDhVakXBn8LVdqTbDzeFB4rVrdbeG+Sej76G/PRtn6wIbSK79cBlQiuNvmA87lZDFOJigtXnk1bSnN5kKvlMTHRBOtUzTiHfyphWFOFE5jSzeYBVsGs2p0inXChByOR8gjpI4unhpgRik1lQ8pNBQ7aJNyUCwyoHKdGweJEaBQzDgN4Hxp9jPXveYdY9COBRrMBvGfKRADM0VWFpVaDCDhztRMumQ3vJzRVtgp3RFkM0QBD7oWLqOjQBFaxVizVAzEaSMrHYLA0gUhEyzxm3F7xZB7RW8pirDRGjKmmg1goZZ+keoLEYq/TWIrkmkS6pjpVBJcyO7iiJiKNI1NBwc23ybMr3Ebk9ViIcQx1mYT1lojgeqmhboWnUnS8cm+q9U8R2DoueTCiIRYmAdIIcT0so8Q4afNxzNSkTpp8RlJ1x6uFd/C6rJj9hbVKWFvhqsjQ2iqi3zUrUY9AUxar6zWP7MV2NSJkoWt3fZO1LetWJiD4ZjLWWe1D9WzWnd8vyeUcHoC22Z0Ihul41ViruVXLdI0Bj0+XHUtTwKKMnJZDpiWVRsAztwDZulPMi7iaGPLfpp7NJExsd0Owdq5pdzH45U7qBRnr9iGRQothOqo3+ax6kxvH89yZcNl+SuYNi4kEnUput9F12CBZmU1oG5ASsGQoEqE6HItDQ27q8D8Q7ECWbqQL5pkkLC3hKsEaGFtjIiJ0cIQy5EHRHQkOE3Navl4IB9QxR8FCOLyrK6twlakyTWUcNIIPSUw1EkybR4lgXM+XuLBt5SW5SID3Tp+R7A1MqeExB3MnY74a2dO6of2JRfmWSoYiyLptlRGtInA6YfnpfI5VQgrCVDI9Cxqvr2sBqgLnYz0V0cxhiB0tVgOdvODhiP74ePTk0cHjfx7/8+DR4ycnB8OHo/DgJPzpycPRkyd0RDHXtXjr2VteZCXHYwXVnpmKuIT2toEsvbLtYDZkW2Dk5aOgu3Q3KmJcdqudg7xwenMws6ZFIza3ggxhYr1wybVeIrUlKsHFcmXEjeD22CSJhNJTatbHzfkuuix1lQspnAbSE+O2oN4IS0v9r1eglFE/Xuy3cpzrWmDosfE6+PABM1lXMp7PsfltCtKRVkaq+GteCyZAI5BmtyNmrp+NVttiHxZmS7DXce7+PlnYqeXZYEo5F04Hlyi9QhEfvMorsTPKC7CQcvuhtxuvx6YgUn3wUlVHyuGwv4OeLbDLIJasscUbmCRN9FrY64Iou7zo4oVbQxGZfPvUmGqBpO/QIqLv7ESsxWprR7ENqZSPU2M6BLZP/Pf/Tur0SQ== +sidebar_class_name: "post api-method" +info_path: policy-obligations +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +CreateObligationValue + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":"circular()","title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false}},"title":"CreateObligationValueResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-create-obligation.api.mdx b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-create-obligation.api.mdx new file mode 100644 index 00000000..f4cb3a1a --- /dev/null +++ b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-create-obligation.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-obligations-service-create-obligation +title: "CreateObligation" +description: "CreateObligation" +sidebar_label: "CreateObligation" +hide_title: true +hide_table_of_contents: true +api: eJztPftz2zaT/wqGdzOx+0nyI4+v1XXaU2Ql9cWxPZKcuV7kU2ByJaGmAAYAnagZ/e83C4AUScl61PlySYr8EgtcAgvsE7sL8FOg6VgFzbfBpYhZOCMXNzEbU80EV8F1LRAJSPPrNAqaQWJgGmIB0+iBvGMhNNoSqIbF20EtSKikU9Agsf9PAadTCJpBW3AOoa5fSqFFKOL6G5DKvsB40AwmQCOQQS2Q8D5lEqKgqWUKtUCFE5jSoPkp0LMEe+Lp9MZAaqbjDV0DT6dB8+3RdS2IQIWSJQbJZnACI8aB6AmQOwtNxMj8dL2RxPUW1IJQcKWD5tF8XluaT59NQaS6/lotzWR7zEud3IuotlA1wjiZqmA+v7arBUo/F9EMBwoF18A1/kmTJGahIcrBHwr7+rSMkbj5A0KNRJNIcs1A4VOco0poCEj+HFhpyfi4gH4ONmRRUAtGQk6pDppBmrIomNcWz1+859v1M3qPVJsyfgZ8rCdB86jYrWRZr5t6w07ox6yT46ePq8u64FiC8GSaKk1ugFBOaJxMKE+nIFlIbO81QuNYfGB8TCazZAJcEcojkvIIpAqFBEVuUk240IQqQ6sRk0oTIUlMlSbhhEoaapAN0p8AUVpIiOzAH1gc48AcZxmzPyEiWpBYfABJQqqg0Rzwd+/eDbieMNWYUh1OQO09+t+3tP5nq/4/h/Wfrvd+bS5+DevXPxSe7f/674/2XQ8Djst3R+PUUtktIJWSzpB5NUzVqoWtrmRCtQaJq7gDFkEtSDl7n8KpHQaFe74gmsNqBdAS5cwfNMa5TEHTiGrL0a6nvO2+FwectMV0KjgpgK6Xh5jeQKxWyU02qoOoBTSKmB3nstTFfdxqJo5zKSMrHLLEdTyf39f1iMYK5oWlrKrkrlURJdX61krJ9YZO51V1bBpUIriyszo+PMT/yrj30jAEpazi/BzqaGF4ioQWRaOzvgO2Vo1VlFVxjEXjg4eoUngMHG0sRATVJep0ZMUbqmAHJVfuMlVWeyRUakNU0tJasptUAzF2xDSqGlFpkgipyc2M5DMkrVRPzlGvDTgBTm9iICOInB+AOI3Wa3F8jFwaanZXWkTXUsXWNiMOEYxoGmuScs1iAh+RU5iO8YEBwlVaEOBGiBgo30L+11MsNHIStXTxbdc4pHoJ38UjosCsnQJ5B5LsAddMz8iHiSAOyKp1CaGQERjiomFJI6YJ3AHX+wvs8nWEj3SaxGC8siOUnqPG4eHh4yeHh0fHxinLDWFENdTRG8A1SJNoeRqucdU0Fo/WTMMBfcFp/D+qWDVBWSg+3KBtqz31tExDjZJnrVc8IyzC1RzNCCUSlEhliKZeT0g+6qL/hR2a14KxpFxvY54foOrQkVoDhI+rU2xFkQSl0Emm5FWrRxhXmvIQBvyqe7pwn8gdjVlErrpnZA8a40aNPJponajmwUEEU9EIxfTg0T4ZCfSnIEL2KyyEgvEUuFYN0qHhJPtpe1eaSm3cLuCRXcuqs5a7WTUSUk7Q+lDGM5etdg8wPuARUTFVE1D3+VtmFr82Dw6KLs/i78FgMKhffzqsPTualxyfPXzS2PGl/R/2mm/xz3/s/7p30Phh2YtL0puYha9gVpR62zi8hdmKbUQiIUSZbhry4fpM6B06vrFmSQzkFmYkoUyqFYpTcLgYmd1cRYXScAJRSX/alurwFjMzhqXcguaMW4XABG+QdiolUjyRMAKJTvJdvpdbz/e3MHuA1CQwXScR+LjkB/949NNxdZ9SnvHHp4c/kVbvvHFEnBeE6vOy85oAv4NYJFAjqUppHM+Qnrfr5fbWOBAFBB5vGL7lVJHbwGT6iIEkIyEJMjdSwxjseGz2fMJYELdjPrwueJQIsTzALRcfUADHQjI9mRLEPZPLklQvAgIEeCgiiBoDTvrCinQN90sKyJTOUIO8k4o2jw+f/PjOINrtteroE0Xkg6RJglOxHso7CJsKwuT46TN5ZGE77QpozezKpkICsTymslFohPaMKsIBEJ9VdswuRPCq1RteXj0/O20PX3V+H7bOXg4751evh1fnvctO+/TFaeckqN0L1e21hjibDSBPDn96tgak0x72Ou3L46fPukebwR7/+GQbsKfHR92j4Lq4dXhF1WWuWHYygQv9MuCkZVRMQeaNfhVTIFQpETLjWmRGz5BulEo9AZmxaZj7nLkAoHjvsAnK9VBxz+MarzGMU5Z/CVOh1zrcDqI671uqihNNZUzqCxuvGA/B6FoaK4GMJ0FLBneo2BgtvPm3MqNfzoqusJ3zFTQtMolrvJ5v2BzXAuvW9Q3DLCygbR0aPqpyiwn+WGfQRRtftXpNsnd63u90z1tnNdL5b/vXSs/aaaTexVW33Rn2f7/sVLRQ8UnWZ6U5GwClALn31YPs5i1VV+udyVuqhqscSlwKZO9sHWBGWiZsQHpmO/JXnBzssyCMha71hKJgxYKPFfrpbuk3ehW5dSvtZ/PG+2nUOnt50T3t/1a1E4v2gmUoNzpbsGjstIeo+pfaHv/4ZKnt6fFRsBTs7tntPkRWGWfoq8aWngeSYrODtEk7G3ZbH1BGZlkRKkG6np6sYZWCTPcY7j5fGcZeb8Lm5XGNhamO/IoaN0kVDZfRmcaBQg76q7GaQjTyynpqJhy8UAv5DmvnQOeu0U0fCPGBkL8WCCn5jjCzUumEcif3cUmmSRfGTGk5KzqBLjZyv+9p5MZCuW0OLAKcDXKlgGSibsQLaGR1oLeD3g56O7jGDqLELEkULogUQrdB/ktDlrulTraK5ZQ7xLCM1cYkRLxGmKna3fBmNj03vQ1ve73t/QK2t11g2m1lHQV3GBrJrSLVFaIkCFb0wwlGAVD5yFTpLdTcVn7xLhUJD0h5PDCFHIRMhmlM5d7+xgW2lN6GFbRk47Gpk/oyU3+TY7Y0/6FF6vOtAiZuy4vtWnbILqRKi7W63EHc7xCWTGIOXYoJ2sYVMUHcfUVUltIbeduaIdcEbvqt85NW92TYavdPL86rwZvK05NOu/v7ZX/Fk363dd57fdovB28LuBUnmDebiNYDLe/Lhxct+LS9t5jfW9p+t3FbnFhdiGRx1MNAu6a3Zr40K9pZ0tf5k63U9Wf3rPPhV+L0ZaqwyvguqpfcpugzYuMLtnzBltf8XvP7gq1vN9PsC7Z8wZYv2PIFW75gyxds+YItX7DlC7Z8otonqr/nRLUv2PKBEB8I8QVb3g56O/h3toO+YMsXbHnb+7Xa3m+4YGspK5hnLLPyDpnGpQ22+X3/a/iYGPOzxir1+93T51f9zrB7dZZtjJeDeveCtc7Ohhcv1kKc/74B4rfTTrfVbf/2u9mJP6xorVxJlS3UG5fU344fHAY+BfV1x858CsqnoHwKyqegfArKp6B8CsqnoHwKyofefOjtew69+RSUD4P5MNi3nILKg1NrUlBfX3G9t8zeMnvLvCkptmyVi6eGvN30dvPrtZulPSdmVTbuN7c/jO6TCF9x9MMnEXwSwScRfBLBJxF8EsEnEXwSwScRfKjChyq+51CFTyL4YIgPhnzLSQQz6W8qgaBSQ/HXdhPzL44F7XLLVXmmuLiLe5LM62RKk8TcpfQfhN7SJhkY3d2x8mT+i8H4ovmLg+Az3nboVq4tuIXqQUkZuMfDMHs+VLCsF3BeElJlbnLqLfe4mKThrzG7A15diM9yCZdDtwcPiQfmc30pRZp8jo4e0IebUecjfriUxj2IIdRCvtkUHc0IB+7FoXJv3sOalGQARg1QMmIQR1YVELzwjYxi/Hoqhyhjzi4qEQVc26/R7qk0nBCqBpyMpJgSFl0enJ20LvfNVZ7ms8xCFnkrb1vFToAj244zOLT0EuLKrafLvv7V8//qtPvD163Ly9Pzl8OLy0631b/oropBrIc9Pd8Icn7R3wbs9HzYvjjvt07Pe2YXUaHqm92/bMu4+9Ls0XwN0fOP0xbgq6sdM/ze74iEYppQyZTgluoLeyBBoVbGQHaSxDOMKOkJDDjZwGRb8c2Akz2nMvZrGdnt/hzHzpmkdAglE6zqjaHrhKXAhOv3qdUF+mHAWyQfEo0U46Dwui08/yFG5OfcaBKq7UeU8zk/ysXKADwa8FjYWM0v5OcMoV/Izw51ki2lo8EvRWNe0CdVDnC28GKFmLlHw7Xi5oCKYmeCkzSUQtkPQ5dGv0/42hfnJ6fmqtfnFxdnndb5vSde1kG2zjdBXHTLYbh2SWdX2KK6OLuRv0VCESMN3afW86HUMrdW1xq/xX7HIohWknE4tgZmrXjm2YYFB1q7RKiEAgZmj9U6PyGxGLOwvMHLreJuLua9M3cYBCtUjwK9zJ3+8kS/1/quLk/cGLex1+Tu5Pf5y8T9ZeJeK3qt+E1rxQzrVvbJhM94u3gxjGS90OWYt3tGEpBTpp1n5nwTDGLZKPTUxom8EHoh/J6FsFeKiu4mjO5d4l5ukha5FDELZ5jXYWOOQYAMpgd6T+0j8rQgeHkwdMDt3vgfTjoRNhTTG8aXahayXcQ0C+RW0cq2yQUJ9hlZn5H1GdlCRtaU21qF8WUSIt6Gehv6XdnQz/clm11ScRrkdIckQEH07ZumFB6jnwVsxy4c+nAhz69iW6/9crBVOrB0pVtWJefSCcSganM8jlK5F/BXK0Zs2NqUdphSkSyhcf9QNfJhwsJJXlZoOWnA0a8p30bn60u8UvwKlWL1sE1RbJ0U7Zb+6GYi4nyJYvYh7zwqZArMiZfqW2rAC/VgKY8Ac8xONq04YmeNkhvULXsxlYheRUU/bFaK7NFbmrlkbcG1FPFiFh0swjdgBqrd7ezjAgy4MjYnlaCyL11l6sxplOJiKFPuW6l7KGVRMn00LKq+xbcuP/OtbRfFj4hu52QWcfFK0CvBr1cJrudnc8Doo37I8aeSn4U/N/JzzIDr9e6ThbG+U/Gw0g5VhV14n4LC+iszw7LSRDx305S/iTjKCwCwR3cAyDhTC3VARmk8YnGMpWqVZLdBw28TvTL43raJ81WmtG8/jb21Rc0/pb11Ya2XIy9H378c/dUrhb0MeRn6e8rQtje4G0ZbCFoXVCK42iRr87lZB3NAA9esPJGOlKay1B3cN2mnBI9vmCEO/lDCSKUKJzCl21TORyujfUUW4UIPRyLlEbJGlrIK8fhXbMqPUm6O26NLz83Z4CGV49T4pzgRGsWMwxA+hsadxeBI3iGe8JdAo9kQPjJlChpNXlPhvQrDCDhzB6Xdbh0+TmiqbNXTiLIYoiHWQRWqlOmNyV1hmVeqh2I0lJSPwWBpcj2IlnnMuK3/NY/oHWUxHqpAjKmmw1goZZ+keoJ8YmutlpJl5tSspjpVBJcyi2qqiUjjyByX5ubi+qy+f0TejoUYx9CQSdhoiwiulxoaVm8qRccraVOtHY3AXtog6yMaYiQEkEeI62EZJcZJh49jpiYN0uIzkqp7Xi28g7XUMfsTs814kNpdGYGblSL6PbMSjQg0ZbG6XvPInnqoESELXbvaXrs1a1h1gOCb2VhnB52rgft7L7fJVRxmx+1Rrghu0vGqsVZLq5bpmv0vPl2Oy5g4vDIqWt4wLak0up25BcjWnWLq2R2AJ/9p6sNNTtp2dwN2m2jaXZpzuZNGQb06OiRSaHGTjhotPquW+XNM9mfKZfspmTcsJhJ0Krklo+uwSbIz9aFtQE7A+wEiEaqDsTgw7KYO/g3B6rJ0XCGYZ5qwtIQVnRoYD2MiIgwNCGU4g+JGPjhITBVFoxBIa2AGmIVwsKIXa2GVKQtNZRw0g09JTDWySYdHiWBcz5dkr2O1JLlIgPdPXpDsDaxVqBF3TCdfg+xpw3D8xGJ7RyVDxWNjHZURrfp3lmD56XyOJZYKwlQyPQuab69rARoAF5h4LqKZwxA7KuWVgscj+uPT0bMn9af/PPpn/cnTZ8f1m8ejsH4c/vTs8ejZMzqiz4JCMurFe14UH5slWvzOvnXxNmu6Lrt+ue9gaIr36pSCOkukWlpqHMNdt9MM7o5MlYFQekp5NrfV3FHqJRdtjJQgPRi3d04ZFWMZ5+0KbDLGwbMS1SGua4EhZfNt8OkTVqZeyXg+x+b3KUhHlYzK+GteCyZAI5CG1yJmDvNFq/2WTws7H+x1XXhpnyx8uvJEsMwll+b6JYp7KOL6m/yeIqcOgwDLj7cfervx+mwKItX116o6Ug6H/dX79vqJDGLJfVm8gVmCRK+FvS4ogMuLHpYv34jI1ABNjW8TSPoBXQj6wU7Eenf2ZhVsQ97k49TY2sD2if/+D+PHjcw= +sidebar_class_name: "post api-method" +info_path: policy-obligations +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +CreateObligation + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":"circular()","title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false}},"title":"CreateObligationResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-delete-obligation-value.api.mdx b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-delete-obligation-value.api.mdx new file mode 100644 index 00000000..2f074219 --- /dev/null +++ b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-delete-obligation-value.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-obligations-service-delete-obligation-value +title: "DeleteObligationValue" +description: "DeleteObligationValue" +sidebar_label: "DeleteObligationValue" +hide_title: true +hide_table_of_contents: true +api: eJztPf1zGrmS/4pq7qpi7wP8kY+XcFu7RzCb9YuDXYBTlws+Is80oPWMNJE0Tngu/verlmaGmQEDjpNU4lV+iZFaUkvqL3W3NDeephPlNd97ZyJk/oycXoZsQjUTXHkXNU/EIM2v48BrerGBaYgFTKMP8pr50DiCEDQsWr+lYQJezYuppBFokDjIjcdpBF7TawvOwdf1Mym08EVYfwtSMcG9mse41/SmQAOQXs2T8DFhEgKvqWUCNU/5U4io17zx9CzGnngSXRpIzXS4oWvgSeQ13x9c1LwAlC9ZjJh6Te8IxowD0VMg1xaaiLH5mfZG4rQ3r+b5givtNQ/m89rSfAYsApHo+hu1NJPtMS91ciui2kLVCOMkUt58fmFXC5R+KYIZDuQLroFr/JPGcch8szN7fyns62YZI3H5F/gaN03ivmsGCmtZUIBRWjI+KWDNAq/mjYWMqPaaXpKwwJvXvPFHvq4RVte8iPET4BM99ZoHxT4k8+bzBfBK0urZqXo1jwYBw2IanhXQHtNQwRy7KZOQKVCx4MpO7nB/H/8rL3M/8X1Qym7211jCa8MNCJbO6Tplj3uu/LzmLZix2H+h9GsMgmSuYuqX5rAovPcQVTqfAEe5AwFBgkISD6iml1RBhs26Dk19tctEQUC0IDGV2tALaWkt2WWigRi2MoWqRlQSx0Jqcjkj+QxJK9HTLqE8GHICnF6GQMYQpLJxS4Kf1zzqa3ZdWsS0pIqtLUYcAhjTJNQk4ZqFBD4jETIdYoUBwlVabMClECFQM1YEmuKqFUfLyzbtmC8BO27pYuu0cET1Er6LKqLArJ0CeQ2S7ADXTM/Ip6kgKRD5xMKQSPCFDMBsLuWEJgHTBK6B690Fdvk6wmcaxSEYTXWAjHnQ2N/ff/xkf//g0CiqXHoEVEMdhSOuQRIHy9NIC1dNY1G1Zhop0HecRkgvIVSrxEw2pxTiNml4O2FaQTSvLoSIbSdETZEXipUoU9fI3GpPfS0TXyPnJZx9TCCcERbgao5nhBIJSiTSB/KJ6SnJR130T3KSnde8iaRcF6dDpaQzVLUaopXrc3dRh9pnDRBWV6fYCgIJSqHNQMnrVp8wrjTlPgz5ee+YRInS5BIIJdc0ZAE5752QHWhMGjXyaKp1rJp7ewFEouGLaO/RLhmLMBSfIEDyKyyEgkkEXKsG6VB/mv20vStNpUbxRIAHdi2RGMN4SnkSgWQ+8adUUl+DrBGfcoKKjTJOprN4Cij2VgNjBQ+ICqmagmo0h/zDhw9DrqdMNSKq/SmonUf/Z2bxe3Nv7z2t/7tV/9/9+ouLncXfw+FwWL+42a89O5gXIHZ/38Gaxh0b7f6y03yPf/5j9/edvcYvu7//56PdFK+hkXxxchky/zXMilxvC0dXMFthVcUSfOTpptk+XJ8pvQYSJaFmcQjkCmYkpkyqFYJTcDgdG+O2IkKpP4WgJD9tSXV4i5kZw+7cYs8ZtwKBCd4g7URK3PFYwhikhCAzVjdK8yuY3YNrYojWcQRW17yIfs5suecHLw6rxl15xp+f7r8grX63cUBSAwvF51nnDQF+DaGIoUYSldAwnOF+Xq3n2ytjQBQQeLxh+FYqiojtKpNHDCQZC0mQuHE3jMIOJzg0F0aDpAeI/YuCdYoQywNccfEJGXAiJNPTiCDuGV+WuHpxPiLAfRFA0BhyMhCWpWto6isgEZ2hBPkgFW0e7j95/sEg2uu36mgTBeSTpHGMU7EWygfwmwr8+PDpM3lgYTvtCmiNXCaaREICsTSmslFogPqMKsIBEJ9VeswuhPe61R+dnb88OW6PXnfejVonr0ad7vmb0Xm3f9ZpH/9x3DnyardC9fqtEc5mA8iT/RfP1oB02qN+p312+PRZ72Az2OPnT7YBe3p40DvwLorHkNdUneWC5U4qcCFfhpy0jIgp8LyRryICQpUSPjOmRab0zNaNE6mnIDMy9XObM2cAZO8Nark4k1wOLY5G77PCCzzVlvlfQiT0WoM7hajO+4qq4kQTGZL6Qscrxn0wspaGSiDhSdCSwTUKNkYLLf9WavT7adEVunO+Yk+LRJIWXqCzYR2x1Txr1g0MwSw0oC0dGTqqUstgCiQ1BlPny+tWv0l2jruDTq/bOqmRzv/Yv1Za1qlE6p+e99qd0eDdWacihYo1WZ+V4mwA5AKk3tf30ptXVJ2vNyavqBqtMihxKZC8s3WAGWkZjwTpm+PIlxg52GeBGQtd6ylFxgoFnyi009Ol32hV5NqtdJ7NC2/fo9bJq9Pe8eDPqp5YlBc0Q7kw1QWLwk57hKJ/qezx8ydLZU8PD7wl31/fHvchsMI4Q181trQ8cCs2G0ibpLMht+P1g1E1WuEqwX09PlpDKgWe7jM8fb42hL3Bc1Ye12iY6sivqTGTVFFxGZlpDCikoC/11ZymOmLIybm11BCsIBbyE9YWjo5y120RRYIT5whxjpBv7Agp2Y4ws1yZMuWdzMclniY9mDCl5axoBKa+kdttT8M3Fio95sDCwdkg5wpIxuqGvYAGVgY6Pej0oNODa/QgcswSR+GCSCF0G+Q3dVneLXSylS+n3CG6Zaw0Jj7iNcYg2N0Vb6bTc9XbcLrX6d7voHvbBaLdlteRcUe+4dwqUj0hSoxgWd+fohcAhY9MlN5CzG1lF89rdmm+WH54PpN+ElK5s1voezlLY7tVSXHZOtrpIpCO+R9UBHIjVy/yPDZNVks2mZisqG8ZzBQVTl+ZITLaJhmlLEnWrwLmJZTTUdKSOwTPEqXFWlMlhbj9vFOy+HLoksvbFq5weaNzIaCyFL3Ly9YMucYvOWh1j1q9o1GrPTg+7VZ9k5Xao0679+5ssKJm0Gt1+2+OB+XYRAG34gTzYuOwvadh+er+OTlOJzid8PfSCUuRYU6sLMRtSXcP40iaXpn50iwnbUle5zVbieuvfnDMh1+J0/dJMizju0jOS8/8XxEbl4/o8hGd5HeS3+Uj/ryJFC4f0eUjunxEl4/o8hFdPqLLR3T5iC4f0eVhuDyMh5yH4fIRnSPEOUJcPqLTg04P/p31oMtHdPmITvf+qLr3J85HXIoK5hHLLL1DJmHpgG1+394Mq4lRP2u00mDQO355PuiMeucn2cF42al3K1jr5GR0+sdaiO67DRB/Hnd6rV77z3fmJP4tcjK/NBPThaB+YN+ZC0G5EJQLQbkQlAtBuRCUC0G5EJQLQTnXm3O9PWTXmwtBOTeYc4P9zCGo3Dm1JgT14yXXO83sNLPTzJuCYstauXhryOlNpzd/XL1ZOnNiVGXjeXP7y+guiPADez9cEMEFEVwQwQURXBDBBRFcEMEFEVwQwbkqnKviIbsqXBDBOUOcM+RnDiKYSf9UAQSVmB1/Yw8x39gXdJdXrsozxcVdvJNkmpOIxrF5S+m/CL2iTTI0srtj+cn8F4KxRfOGQ+8rvnaYrlxbcAvVh5IwSKtHflY/UrAsF3BeEhJlXnLqL/e4mKShrwm7Bl5diK/yCFeKbh/u4w/M5/pKiiT+Gh3do490Rp3PGiSnYR9C8LWQbzd5R7ONg7ThSKUtbyFNSjIAIwYoGTMIAysKCD74RsYh1Ro4BBlx9lCIKODaHD3Jjkr8KaFqyMlYioiw4Gzv5Kh1tmue8jRfYhaySFt52SpyAhzZdpzBoaaXEFa+C7ts65+//FenPRi9aZ2dHXdfjU7POr3W4LS3ygexHva4uxGkezrYBuy4O2qfdget427fnCIqu/p225T8fLIR48e27mC+ZtPTTPsSfHW1Q6Y0Lq0vophKpgS3u77QBxIUSmV0ZMdxOEOPkp7CkJMNRLYV3Qw52UlFxm4t23Z7PsexcyIpXULJGKv6Yug6ZikQ4fpzanWBfhnyFsmHRCXFOCh8bgvvf4gx+TVXmoRqg/Vizo9ytjIAj4Y8FNZX8xv5NUPoN/JrijrJljLdg9+KyrwgT6oUkOrC0xVsllaN1rJbClRkO+OcpL4USpk5lUa/jfnap92jY/PU68vT05NOq3vrjZd1kK3uJojTXtkN1y7J7ApZVBfnbtvfIr4IcQ/TD6vnQ6llaq2uNX55/ZoFEKzcxtHEKpi17JlHGxYUaPUSoRIKGJgzVqt7REIxYX75gJdrxbuZmLfOPMXAWyF6FOhl6nSPJ7qz1oN6PHGj38Y+k3snu889Ju4eE3dS0UnFn1oqZli3sk8mfMXXxYtuJGuFLvu80zoSg4yYTi2z1DZBJ5b1QkfWT+SY0DHhQ2bCfskrejdmTNuStHGTtMiZCJk/w7gOm3B0AmQwfdA7aheRpwXGy52hQ27Pxv9IuRNhfRFdMr6Us5CdIqLMkVtFKzsmFzjYRWRdRNZFZAsRWZNuawXG9wmIOB3qdOiD0qFf70s2dwnFaZDRHYIABda3LU0qPHo/C9hOUnfo/Zk8f4ptvfTLwVbJwNKTblmWXBpOIAZVG+NJdyq3Ar40Y8S6rU1qh0kVyQIatw9VI5+mzJ/maYWWkoYc7Zrya3Quv8QJxR9QKFYv2xTZNuWiu4U/ehmLpLZEMfqQdx4UIgXmxku1lRryQj5YwgPAGHPKm5YdsbNGyQzqla2YikevIqLvNytFdugVzUyytuBainAxiw4m4RswA9XudXZxAYZcGZ2TSFDZl64ycZZKlOJiKJPuW8l7KEVRMnk0Koq+xbcuv7Edt/ETZvcc4m6Pa7rvkrnvkjk184OqmW9pe7v7nD/wRRR3n9Pd53T3Od19Tnef093ndPc53X1Od5/TRQ9d9PABRQ/dfU7nCHGOkAd1n9N9l8zpQacH3XfJyr6ccofuu2RO9/7Muvcn/i7ZN/om12keNv7Sr3NtF+10EUjH/A8qAjlfxUNbs08xW8MdWx33/Jjcs1l1mZDdZ32fgGIpExV/bqTnkAHX6w8GFsaeDYrhvzvYCj34mIDCF2rMDMvOb8Tzbrlkf4owyJ9IwB7TkJoxGRbigIyTcMzCEAMRlecADBpOlTph8LdQpQPJJpNN7rFidruFdyap46O/MR9tqduOIAQNlbNfD1QsuNp0BpzPzWKYTFRcuPJsOlKax4PSXB7jE40xT9WMs/eXEoY1lT+FiG42DzALZtXuFOmECz0ai4QHSB+ZP9XHiFBoMhsSbjJw0CbhJl1gROUkMQoWJ0KDkHEYwWff6GPMf887xKQfCTSYjeAzU8YDYK6uKky1GgXAWZo7kQaz4fOUJspm4Y4pCyEYocu98BAVvTSOVcwVS/RIjEeS8gkYLI0jEtEy1YzbJ55MFb2mLMRMY8SYajoKhVK2JtFTJBb7nMaSJ9cE0jXViSK4lNnFFTUVSRiYDApuvk2ePeE2Ju8nQkxCaMjYb7RFABdLBQ0rPJWik5V7U81/CsDmccn6mPqYmARIIyTtYRklxkmHT0Kmpg3S4jOSqFuaFtrgc1kh+zfmKmFuRZpFhtZWEf2+WYlGAJqyUF2sqbIP29WIkIWu0+ebrG3ZsDIBwTeTsc5yH6p3s279fkku5/ACtI3uBHCZTFaNtZpbtUzWGPBYu3ywNAksyshpecm0pNIIeJYuQLbuFOMiaU4M+W+Tz2YCJra7S7B2rilPffDLnTQKMjbdh1gKLS6TcaPFZ9WX3Dje586Ey/ZTMi0sJhJ0IrndxrTDJsnSbHxbgJSAKUOB8NXeROwZclN7/4FgdVl6kc6bZ5KwHGJbIVg9Y2tMRYAHHKEMeVA8jnh7sbkt3yi4AxoYo2A+7N3WlVW4ymSZJjL0mt5NHFKNBNPhQSwY1/MlLuxYeUlOY+CDoz9I1gJDanjNwbzJmK9GVtswtD+1KF9TyVAE2WNbZUSrCFKdsFw7n2OWkAI/kUzPvOb7i5qHqiA9Y70UwSzFMItzeI/H9PnT8bMn9af/PPhn/cnTZ4f1y8djv37ov3j2ePzsGR1TjHAZU6/AUJglWzpQLi3w0trg3NLk2aZ3fWBCI0LpiBpNZZ2zt25sqaucNfGohqvIuE0jNyLC7vn7FShle+7VbhnnouaZXWi+925uMH5zLsP5HIs/JiDTBc02CH/Na94UaADSkEnAzKOrwWoL5GahrL2dXnrI3SUL66w8Gwyk5ixZP0Oe9UVYf5vnH6cyzfMwfXD7obcbb8AiEImuv1HVkXI47K8+sGllGcSSDbJogaHBWK+FvSgw8NlpH5+ZuhSBiTJHxkDxJP2EdgD9ZCdi7TSbMYllN15I+SQxCtOzfeK//wd2VZiE +sidebar_class_name: "post api-method" +info_path: policy-obligations +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +DeleteObligationValue + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":"circular()","title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false}},"title":"DeleteObligationValueResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-delete-obligation.api.mdx b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-delete-obligation.api.mdx new file mode 100644 index 00000000..111149cb --- /dev/null +++ b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-delete-obligation.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-obligations-service-delete-obligation +title: "DeleteObligation" +description: "DeleteObligation" +sidebar_label: "DeleteObligation" +hide_title: true +hide_table_of_contents: true +api: eJztPf1z27aS/wqGdzOx+yT5Ix8v0XXaU2Q19YsjeyQ5c7nIp0DkSkJNAgwAOtHL6H+/WYCkSEqW5NrNJCn6S2NgCSwW+4XdBfTF03SqvOZ770KEzJ+T83HIplQzwZV3VfNEDNL8dRp4TS82MA2xhGn0Qd4wHxonEIKG5ddezYuppBFokDj+F4/TCLym1xacg6/rF1Jo4Yuw/haksh8w7jW9GdAApFfzJHxMmITAa2qZQM1T/gwi6jW/eHoe40g8icYGUjMdbhkaeBJ5zfdHVzUvAOVLFhskm94JTBgHomdAbiw0ERPzZzoaidPRvJrnC6601zxaLGor6xmwCESi62/Uykp2x7w0yK2IagtVI4yTSHmLxZWlFij9UgRznMgXXAPX+E8axyHzzaYc/KFwrC+rGInxH+Br3DSJW64ZKOxlQQFGacn4tIA1C7yaNxEyotpreknCAm9R8yYf+aaPsLvmRYyfAZ/qmdc8Ko4hmbdYLIGrXNWzq/RqHg0Chi00vChgPKGhggWOUOYe06BiwZVd1/HhIf6vTOF+4vuglN3nh6DeUk4MbLomUZSRe5J/UTNsqGLqQ3GOZeO9p6jy4RQ4qgQICG44smBANR1TBRk2mwY0/dUhEwUB0YLEVGqzqaSltWTjRAMxbG8aVY2oJI6F1GQ8J/kKSSvRsy6hPBhyApyOQyATCFK1tSNDLmoe9TW7KRExbalia5sRhwAmNAk1SbhmIYHPyClMh9hhgJBKyw0YCxECNXNFoClSrThb3rZtx3wJOHBLF79OG0dUr+C77CIKDO0UyBuQZA+4ZnpOPs0ESYHIJxaGRIIvZABmcyknNAmYJnADXO8vscvpCJ9pFIdgjMgRSs9R4/Dw8PGTw8OjY2NDcukOqIY6Ki+kQRIHq8tIG9ctY9m1YRkp0FdcRkjHEKp1uiBbUwpxm8q6nTFvaJiYOcqEELEdhKgZykKxExXfBsVYHamvZeJrlLyEs48JhHPCAqTmZE4okaBEIn0gn5iekXzW5fgkZ9lFzZtKynVxOVRKOkdTqCFaS5+7qzq0DhuAsLu6xFYQSFAKbTolr1t9wrjSlPsw5Je9UxIlSpMxEEpuaMgCctk7I3vQmDZq5NFM61g1Dw4CiETDF9HBo30yEWEoPkGA7FcghIJpBFyrBulQf5b9aUdXmkqN6okADywtkRnDeEZ5EoFkPvFnVFJfg6wRn3KC1ocyTmbzeAao9tYDYwcPiAqpmoFqNIf8w4cPQ65nTDUiqv0ZqL1H/2dW8Wvz4OA9rf+7Vf/fw/qLq73lv4fD4bB+9eWw9uxoUYDY/3UPexp3/Gj/p73me/znP/Z/3Tto/LT/638+2k/xGhrNFyfjkPmvYV6Uets4uob5Gq8nluCjTDfN9iF9ZvQGSJSEmsUhkGuYk5gyqdYoTsHhfGKcz4oKpf4MgpL+tC3V6S1mZg67c8s9Z9wqBCZ4g7QTKXHHYwkTkBKCzJncqs2vYX4PqYkh2iQR2F3zIvo587WeH704rjpf5RV/fnr4grT63cYRSb0gVJ8XnTcE+A2EIoYaSVRCw3CO+3m9WW6vjQNRQODxlulbqSoidqhMHzGQZCIkQebG3TAGO5zi1FwYC5I6+IdXBe8RIVYnuObiEwrgVEimZxFB3DO5LEn18vxCgPsigKAx5GQgrEjX0BVXQCI6Rw3yQSraPD588vyDQbTXb9XRJwrIJ0njGJdiPZQP4DcV+PHx02fyyMJ22hXQGhknmkRCArE8prJZaID2jCrCARCfdXbMEsJ73eqPLi5fnp22R68770ats1ejTvfyzeiy27/otE9/O+2ceLVboXr91ghXswXkyeGLZxtAOu1Rv9O+OH76rHe0Hezx8ye7gD09PuodeVfFY8Jrqi5yxXInE7jUL0NOWkbFFGTe6FcRAaFKCZ8Z1yIzembrJonUM5AZm/q5z5kLAIr3FrNcXEmuh5bnl/dZ4xWeOsvyLyESeqPDnUJU131NVXGhiQxJfWnjFeM+GF1LQyWQ8SRoyeAGFRujhS//Vmb061nRNbZzsWZPi0ySNl5hMGATs9U869YNDMMsLaBtHRk+qnLLYAYkdQbT4MjrVr9J9k67g06v2zqrkc7/2H+t9axTjdQ/v+y1O6PBu4tORQsVe7IxK83ZBCgFyL2v72U3r6m63OxMXlM1WudQIimQvTM6wJy0TNiA9M1x5M84OThmQRgLQ+sZRcEKBZ8q9NNT0m/1KnLrVjrP5o2371Hr7NV573Twe9VOLNsLlqHcmNqCZWOnPULVv9L2+PmTlbanx0feSmyub4/7EFhlnKGvGjt6HrgV2x2kbdrZsNvp5smoGq0JleC+np5sYJWCTPcZnj5fG8beEt4qz2ssTHXm19S4SapouIzONA4UctCfjdWcpzZiyMml9dQQrKAW8hPWDoGO8tBtEUWCExcIcYGQvzgQUvIdYW6lMhXKO7mPKzJNejBlSst50QlMYyO3+55GbixUesyBZYCzQS4VkEzUjXgBDawOdHbQ2UFnBzfYQZSYFYlCgkghdBvkXxqyvFvqZKdYTnlADMtYbUx8xGuCmaq7G97Mpuemt+Fsr7O9X8H2tgtMu6uso+COfCO5VaR6QpQEwYq+P8MoACofmSi9g5rbyS9e1Cxp/uKUxz1TyJ7PpJ+EVO7tbyWw3eldWEFLNp2aso6vs/S3OWYr6x9ZpB6OCpi4LRM7bblDdiFRWmzU5SnE7Q5hySTm0KWYoG1cExPE01dAZSm9kbdtmHJD4GbQ6p60eiejVntwet6tBm8qvSeddu/dxWBNz6DX6vbfnA7KwdsCbsUF5s0monVPy/vq/kULLm3vLOaPlra/27wtTqwuxG1Jdw8D7Zpem/XSrGhnRV/nPTup6wf3rPPp1+L0daqwyvguq5fSQ9EDYuMKtlzBltP8TvO7gq3vN9PsCrZcwZYr2HIFW65gyxVsuYItV7DlCrZcotolqn/kRLUr2HKBEBcIcQVbzg46O/h3toOuYMsVbDnb+63a3u+4YGslK5hnLLPyDpmEpQO2+fv2z7CbGPOzwSoNBr3Tl5eDzqh3eZYdjFeDereCtc7ORue/bYTovtsC8ftpp9fqtX9/Z07i9ytaK1dSZYR6myb1d+OHFAOXgvq2Y2cuBeVSUC4F5VJQLgXlUlAuBeVSUC4F5UJvLvT2I4feXArKhcFcGOx7TkHlwakNKahvr7jeWWZnmZ1l3pYUW7XKxVtDzm46u/nt2s3SmROzKlvPm7tfRndJhG84+uGSCC6J4JIILongkgguieCSCC6J4JIILlThQhU/cqjCJRFcMMQFQ77nJIJZ9HeVQFCJ2fE39hDzF8eC7vLKVXmlSNzlO0nmcxLRODZvKf0Xode0SYZGd3esPJn/hWB80fzDofeArx2mlGsLbqH6UFIGaffIz/pHClb1Aq5LQqLMS0791RGXizT8NWU3wKuEeJBHuFJ0+3CfeGC+1ldSJPFDDHSPMdIVdT5rkJyGfQjB10K+3RYdzTYO0g9HKv3yFtakJAMwaoCSCYMwsKqA4INvZBJSrYFDkDFnD5WIAq7N0ZPsqcSfEaqGnEykiAgLLg7OTloX++YpT/MrskIWeStvW8dOgDPbgTM4tPQSwsqrp6u+/uXLf3Xag9Gb1sXFaffV6Pyi02sNznvrYhCbYU+7W0G654NdwE67o/Z5d9A67fbNKaKyq293LcnPFxsxfmr7jhYbNj2ttC/BV6kdMqWRtL6IYiqZEtzu+tIeSFColTGQHcfhHCNKegZDTrYw2U58M+RkL1UZ+7Vs2+35HOfOmaR0CSUTrOqLoZuEpcCEm8+pVQL9NOQtkk+JRopxUPjcFt7/EBPyc240CdUG6+WaH+ViZQAeDXkobKzmF/JzhtAv5OcUdZKRMt2DX4rGvKBPqhyQ2sLzNWKWdo02ilsKVBQ7E5ykvhRKmTWVZr9N+Nrn3ZNT89Try/Pzs06re+uNl02Qre42iPNeOQzXLunsCltUiXO37W8RX4S4h+kvQ+dTqVVurdIafzr6hgUQrN3G0dQamI3imWcblhxo7RKhEgoYmDNWq3tCQjFlfvmAl1vFu7mYt648xcBbo3oU6FXudI8nurPWD/V44ta4jX0m905+n3tM3D0m7rSi04rftVbMsG5lP5nwgK+LF8NI1gtdjXmnfSQGGTGdemapb4JBLBuFjmycyAmhE8IfWQj7pajo3YQx/ZakHzdJi1yIkPlzzOuwKccgQAbTB72n9hF5WhC8PBg65PZs/I9UOhHWF9GY8ZWahewUEWWB3Cpa2TG5IMEuI+sysi4jW8jImnJbqzC+TkLE2VBnQ38oG/pwv2Rzl1ScBhndIQlQEH37pSmFx+hnAdtpGg69v5DnT7Ft1n452DodWHrSLauSS9MJxKBqczzpTuVewJ+tGLFha1PaYUpFsoTG7VPVyKcZ82d5WaHlpCFHv6b8Gp2rL3FK8RtUitXLNkWxTaXobumPXiYiqS9RzD7kgweFTIG58VL9Sg15oR4s4QFgjjmVTSuOOFij5Ab1yl5MJaJXUdH3W5Uie/SaZi5ZW3AtRbhcRQeL8A2YgWr3OvtIgCFXxuYkElT2S1eZOks1SpEYypT7VuoeSlmUTB+Niqpv+VuXD/xq23nxR0R3czKLuDgl6JTgt6sEN/OzuWD0Wd/n+lPJz8I/t/JzyIDrze6ThbG+U/Gy0h2qCnvwMQGF9VdmhWWliXjeTVP+LsIgLwDAEdMLQMaZWqoDMknCCQtDLFWrJLsNGu6Y6JTBj3ZMXKwzpQP709g7W9T8p7R3Lqx1cuTk6MeXoz/7pLCTISdDf08Z2tE/PIEQNCwFrQcqFlxtk7XFwtDBXNBAmpUX0pHSVJamF/dN2inG6xtmioM/lDBSqfwZRHSXyvlgbbSvyCJc6NFEJDxA1shSVj5e/wpN+VHCzXV7dOm5uRs8onKaGP8UF0KDkHEYwWffuLMYHMkHxBv+EmgwH8FnpkxBo8lrKnxXYRQAZ+lF6fS0Dp9nNFG26mlCWQjBCOugClXKdGxyV1jmleiRmIwk5VMwWJpcD6Jluhm39b+mi95QFuKlCsSYajoKhVK2J9Ez5BNba7WSLDO3ZjXViSJIyiyqqWYiCQNzXZqbh+uz+v4JeT8VYhpCQ8Z+oy0CuFppaFi9qRSdrt2bau1oAPbRBlmfUB8jIYA8QtIRVlFinHT4NGRq1iAtPieJuuXTwjdYSx2yf2O2GS9Sp09G4GGliH7fUKIRgKYsVFcbuuythxoRsjB0Wttrj2YNqw4QfDsb6+yiczVwf+vjNrmKw+y4vcoVwDiZrptrvbRqmWw4/2LvalzGxOGVUdFyzLSk0uh2lhIgozvF1HN6AZ78t6kPNzlpO9wY7DHRtKdpztVBGgX1mu5DLIUW42TSaPF5tcyfY7I/Uy67L8l8YTGRoBPJ7TamAzZJdqfetw3ICfg+QCB8dTAVB4bd1MF/IFhdlq4reItME5brHss61TMexkwEGBoQynAGxYO8dxCbKopGIZDWwAww8+FgzSjWwipTFprI0Gt6X+KQamSTDg9iwbherMhex2pJch4DH5z8RrIvsFahRtJrOjkNst6G4fiZxfaGSoaKx8Y6KjNa9Z9agtXexQJLLBX4iWR67jXfX9U8NABpYOKlCOYphlnuyXs8oc+fTp49qT/959E/60+ePjuujx9P/Pqx/+LZ48mzZ3RCsXTA+HYFMcKHcEpRmBXartAG15a+j9P0bo5MWYBQOqLGPtks07rtLI2SyyKGNpCAjNtHooxOsDv9fg022U57tdUprmqeoX3zvfflC5aSXspwscDmjwnIlIzZtuBfi5o3AxqANMwRMHP7LljvaHxZGmZvr5fGg/bJ0gkrLwTrUnLxq1+gfPoirL/NHxZK9ZfnYb3w7lPvNt+ARSASXX+jqjPlcDhefWDfi8ggVvyN5RcY1o/1RtirgsRenPex3ngsAlO0ExlnxJP0E9p8+skuxLpj9ikUbPvihZRPE2McPTsm/vf/bI1NEw== +sidebar_class_name: "post api-method" +info_path: policy-obligations +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +DeleteObligation + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":"circular()","title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false}},"title":"DeleteObligationResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-get-obligation-value.api.mdx b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-get-obligation-value.api.mdx new file mode 100644 index 00000000..3fb7e851 --- /dev/null +++ b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-get-obligation-value.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-obligations-service-get-obligation-value +title: "GetObligationValue" +description: "GetObligationValue" +sidebar_label: "GetObligationValue" +hide_title: true +hide_table_of_contents: true +api: eJztPWtz2ziSfwXFu6rYs5L8yGMT3dTMKbIm440juyQ5dbnIp8BkS8KYBBgAdKJ16b9fNUBSJCVLcpykEg/yJRbQeDX6he4GeONpOlFe8713JkLmz8jpZcgmVDPBlXdR80QM0vw6DrymFxuYhljANPogr5kPjVegF03f0jABr+bFVNIINEgc4cbjNAKv6bUF5+Dr+pkUWvgirL8FqZjgXs1j3Gt6U6ABSK/mSfiYMAmB19QygZqn/ClE1GveeHoWY088iS4NpGY63NA18CTymu8PLmpeAMqXLMaZek3vCMaMA9FTINcWmoix+Zn2RuK0N6/m+YIr7TUP5vPa0noGLAKR6PobtbSS7Wde6uTWiWoLVSOMk0h58/mFxRYo/VIEMxzIF1wD1/gnjeOQ+WZn9v5S2NfN8ozE5V/ga9w0iZuuGSisZUEBRmnJ+KQwaxZ4NW8sZES11/SShAXevOaNP/J1jbC65kWMnwCf6KnXPCj2IZk3ny+Al+mqZ9fp1TwaBAyLaXhWmPOYhgqquDMtEVHzKlmZAhULruyCD/f38b9y837i+6CUJYCvgdZrwyEIlq7zOmWZe+7GvOYtuLPYf6H0awyCpK9i6pfWsCi89xDV/ZsAR0EEAUEiQ7IPqKaXVEE2m3Udmvpql4mCgGhBYiq1ISPS0lqyy0QDMaxmClWNqCSOhdTkckbyFZJWoqddQnkw5AQ4vQyBjCFIheWWTDCvedTX7LqExLSkOltbjHMIYEyTUJOEaxYS+IxEyHSIFQYIsbTYgEshQqBmrAg0RawVR8vLNu2YLwE7buli67RwRPXSfBdVRIHBnQJ5DZLsANdMz8inqSApEPnEwpBI8IUMwGwu5YQmAdMEroHr3cXscjzCZxrFIRjVdYCMedDY399//GR//+DQaK5cogRUQx0FJuIgiYPlZaSFq5axqFqzjBToOy4jpJcQqlViJltTCnGbkLydMK0gmlcRIWLbCVFT5IViJcrUO4jivpaJr5HzEs4+JhDOCAsQm+MZoUSCEon0gXxiekryURf9k5xk5zVvIinXxeVQKekM1a+GaCV+7i7qUCOtAcLq6hJbQSBBKbQjKHnd6hPGlabchyE/7x2TKFGaXAKh5JqGLCDnvROyA41Jo0YeTbWOVXNvL4BINHwR7T3aJWMRhuITBEh+BUQomETAtWqQDvWn2U/bu9JUahRPBHhgcYnEGMZTypMIJPOJP6WS+hpkjfiUE1RslHEyncVTQLG3GhgreEBUSNUUVKM55B8+fBhyPWWqEVHtT0HtPPo/s4rfm3t772n93636/+7XX1zsLP4eDofD+sXNfu3ZwbwAsfv7DtY07tho95ed5nv88x+7v+/sNX7Z/f0/H+2m8xoayRcnlyHzX8OsyPW2cHQFsxWWVizBR55umu1D/EzpNZAoCTWLQyBXMCMxZVKtEJyCw+nYGLwVEUr9KQQl+WlLqsPbmZkx7M4t9pxxKxCY4A3STqTEHY8ljEFKCDIDdqM0v4LZPbgmhmgdR2B1zYvo58y+e37w4rBq8JVX/Pnp/gvS6ncbByQ1sFB8nnXeEODXEIoYaiRRCQ3DGe7n1Xq+vTIGRGECjzcM30pFEbFdZfKIgSRjIQkSN+6GUdjhBIfmwmiQ9FCxf1GwWBFieYArLj4hA06EZHoaEZx7xpclrl6cmQhwXwQQNIacDIRl6Rqa/wpIRGcoQT5IRZuH+0+efzAT7fVbdbSJAvJJ0jjGpVgL5QP4TQV+fPj0mTywsJ12BbRGLhNNIiGBWBpT2Sg0QH1GFeEAOJ9Veswiwnvd6o/Ozl+eHLdHrzvvRq2TV6NO9/zN6LzbP+u0j/847hx5tVuhev3WCFezAeTJ/otna0A67VG/0z47fPqsd7AZ7PHzJ9uAPT086B14F8WjyWuqznLBcicVuJAvQ05aRsQUeN7IVxEBoUoJnxnTIlN6ZuvGidRTkBmZ+rnNmTMAsvcGtVxcSS6HFkej91nhBZ50y/wvIRJ6rcGdQlTXfUVVcaGJDEl9oeMV4z4YWUtDJZDwJGjJ4BoFG6OFln8rNfr9tOgK3TlfsadFIkkLL9ABsY7Yap416waGYBYa0JaODB1VqWUwBZIag6lD5nWr3yQ7x91Bp9dtndRI53/sXyst61Qi9U/Pe+3OaPDurFORQsWarM9KcTYAcgFS7+t76c0rqs7XG5NXVI1WGZSICiTvDA8wIy3jkSB9cxz5EiMH+ywwY6FrPaXIWKHgE4V2eor6jVZFrt1K59m88PY9ap28Ou0dD/6s6olFeUEzlAtTXbAo7LRHKPqXyh4/f7JU9vTwwFvyB/btcR8CK4yz6avGlpYHbsVmA2mTdDbkdrx+MKpGK1wluK/HR2tIpcDTfYanz9eGsNersHl5XKNhqiO/psZMUkXFZWSmMaCQgr7UV3Oa6oghJ+fWUkOwgljIT1hbODrKXbdFFAlOnCPEOUK+sSOkZDvCzHJlypR3Mh+XeJr0YMKUlrOiEZj6Rm63PQ3fWKj0mAMLB2eDnCsgGasb9gIaWBno9KDTg04PrtGDyDFLHIUIkULoNshv6rK8W+hkK19OuUN0y1hpTHyc1xiDYHdXvJlOz1Vvw+lep3u/g+5tF4h2W15Hxh35hnOrk+oJUWIEy/r+FL0AKHxkovQWYm4ru3hes6j5Yvnh+Uz6SUjlzm6h7+XMje2wks5l62ini0A65n9QEciNXL3I89i0WC3ZZGIypb5lMFNUOH1lhshom2SUsiRZjwXMSyino6QldwieJUqLtaZKCnH7eadk8eXQJZe3LVzh8kbnQkBlKXqXl60Zco1fctDqHrV6R6NWe3B82q36Jiu1R512793ZYEXNoNfq9t8cD8qxicLcigvMi43D9p6G5av75+Q4neB0wt9LJyxFhjmxshC3Jd09jCNpemXWS7OctCV5nddsJa6/+sExH37lnL5PkmF5vovkvPTM/xVn4/IRXT6ik/xO8rt8xJ83kcLlI7p8RJeP6PIRXT6iy0d0+YguH9HlI7o8DJeH8ZDzMFw+onOEOEeIy0d0etDpwb+zHnT5iC4f0eneH1X3/sT5iEtRwTximaV3yCQsHbDN79ubYTUx6meNVhoMescvzwedUe/8JDsYLzv1bgVrnZyMTv9YC9F9twHiz+NOr9Vr//nOnMS/RU7ml2ZiuhDUD+w7cyEoF4JyISgXgnIhKBeCciEoF4JyISjnenOut4fsenMhKOcGc26wnzkElTun1oSgfrzkeqeZnWZ2mnlTUGxZKxdvDTm96fTmj6s3S2dOjKpsPG9ufxndBRF+YO+HCyK4IIILIrggggsiuCCCCyK4IIILIjhXhXNVPGRXhQsiOGeIc4b8zEEEs+ifKoCgErPjb+wh5hv7gu7yylV5pYjcxTtJpjmJaBybt5T+i9Ar2iRDI7s7lp/MfyEYWzRvOPS+4muHKebagluoPpSEQVo98rP6kYJluYDrkpAo85JTf7nHxSINfU3YNfAqIr7KI1zpdPtwH39gvtZXUiTx1+joHn2kK+p81iA5DfsQgq+FfLvJO5ptHKQNRypteQtpUpIBGDFAyZhBGFhRQPDBNzIOqdbAIciIs4dCRAHX5uhJdlTiTwlVQ07GUkSEBWd7J0ets13zlKf5NLOQRdrKy1aRE+DItuMMDjW9hLDyXdhlW//85b867cHoTevs7Lj7anR61um1Bqe9VT6I9bDH3Y0g3dPBNmDH3VH7tDtoHXf75hRR2dW326bk54uNGD+2dQfzNZueZtqX4KvYDpnSiFpfRDGVTAlud32hDyQolMroyI7jcIYeJT2FIScbiGwruhlyspOKjN1atu32fI5j50RSuoSSMVb1xdB1zFIgwvXn1CqCfhnyFsmHRCXFOCh8bgvvf4gx+TVXmoRqM+vFmh/lbGUAHg15KKyv5jfyazah38iv6dRJhsp0D34rKvOCPKlSQKoLT1ewWVo1WstuKVCR7YxzkvpSKGXWVBr9NuZrn3aPjs1Try9PT086re6tN17WQba6myBOe2U3XLsksytkUUXO3ba/RXwR4h6mH1vPh1LL1FrFNX6N/ZoFEKzcxtHEKpi17JlHGxYUaPUSoRIKMzBnrFb3iIRiwvzyAS/XinczMW9deToDb4XoUaCXqdM9nujOWg/q8cSNfhv7TO6d7D73mLh7TNxJRScVf2qpmM26lX0y4Su+Ll50I1krdNnnndaRGGTEdGqZpbYJOrGsFzqyfiLHhI4JHzIT9kte0bsxY9qWpI2bpEXORMj8GcZ12ISjEyCD6YPeUbs4eVpgvNwZOuT2bPyPlDsR1hfRJeNLOQvZKSLKHLnVaWXH5AIHu4isi8i6iGwhImvSba3A+D4BEadDnQ59UDr0633J5i6hOA0yukMQoMD6tqVJhUfvZ2G2k9Qden8mz59iWy/9crBVMrD0pFuWJZeGE4iZqo3xpDuVWwFfmjFi3dYmtcOkimQBjduHqpFPU+ZP87RCS0lDjnZN+TU6l1/ihOIPKBSrl22KbJty0d3CH72MRVJbohh9yDsPCpECc+Ol2koNeSEfLOEBYIw55U3LjthZo2QG9cpWTMWjVxHR91uVIjv0imYmWVtwLUW4WEUHk/ANmIFq9zq7iIAhV0bnJBJU9qWrTJylEqWIDGXSfSt5D6UoSiaPRkXRt/jW5Te24zZ+wuyeQ9ztcU33XTL3XTKnZn5QNfMtbW93n/MHvoji7nO6+5zuPqe7z+nuc7r7nO4+p7vP6e5zuuihix4+oOihu8/pHCHOEfKg7nO675I5Pej0oPsuWdmXU+7QfZfM6d6fWff+xN8l+0bf5DrNw8Zf+nWu7aKdLgLpmP9BRSDnq3hoa/YpZmu4Y6vjnh+TezarLhOy+6zvE1AsZaLiz430HDLgev3BwMLYs0Ex/HcHW6EHHxNQ+EKNWWHZ+Y3zvFsu2Z8iDPInErDHNKRmTIaFOCDjJByzMMRAROU5ADMNp0qdMPhbqNKBZJPJJvdYMbvdwjuT1PHR35iPttRtr0BXDn49ULHgatMBcD43mDBpqIi18lI6UpqXg9JEHuMQjTFJ1Yyz95cShi+VP4WIbrYNMAVm1dYUiYQLPRqLhAdIHJkz1cdwUGjSGhJu0m/QIOEmV2BE5SQx2hUXQoOQcRjBZ98oY0x+zzvEjB8JNJiN4DNT5vhv7q0qzLMaBcBZmjiRRrLh85QmyqbgjikLIRihv73wChW9NF5VTBRL9EiMR5LyCZhZGi8kTstUM27fdzJV9JqyENOMccZU01EolLI1iZ4ipdi3NJbcuCaKrqlOFEFUZrdW1FQkYWDSJ7j5MHn2ftuYvJ8IMQmhIWO/0RYBXCwVNKzkVIpOVu5NNfkpAJvEJetj6mNWEiCNkLSH5SkxTjp8EjI1bZAWn5FE3dK00AbfygrZvzFRCRMr0hQyNLWK0+8bTDQC0JSF6mJNlX3VrkaELHSdvt1kDcuGFQgIvpmMdZb4UL2YdevHS3Ihh7efbWgngMtksmqs1dyqZbLGesfa5VOlyV5RRkjLS6YllUa6sxQBGd4pBkXShBjy3yaZzURLbHeXYI1cU5464Jc7aRQEbLoPsRRaXCbjRovPqs+4cbzMnQmX7ZdkWtiZSNCJ5HYb0w6bJMux8W0BUgLmCwXCV3sTsWfITe39B4LVZek5Om+eScLygy9VqeoZK2MqAjzaCGVog+JBxNuLzT35RsER0MDoBPNhb2U/Vs8qk1yayNBrejdxSDWSSocHsWBcz5f4r2MlJTmNgQ+O/iBZC4yk4e0G8xRjjoestmGofmrne00lQ+FjT2uVEa0KSLXBcu18jslBCvxEMj3zmu8vah4qgfRo9VIEs3SGWXjDezymz5+Onz2pP/3nwT/rT54+O6xfPh779UP/xbPH42fP6JhiYMtYeAVWwuTY0jlyCbtLuMG1pTmzTe/6wEREhNIRNTrK+mRXb2mpn5wj8XiGKGTcpo4byWB3+/2K+WS77dVWDXJR8wz+m++9mxsM2JzLcD7H4o8JyBSV2dbgr3nNmwINQBoCCZh5ZTVYbXLcLBS0t9NLT7W7ZGGOlZeCkdOcDetnyKe+COtv84TjVI55HuYLbj/0duMNWAQi0fU3qjpSDof91Qc2jyyDWLI7Fi0wFhjrtbAXBb49O+3ju1KXIjBh5cgYJZ6kn1D30092IdYwsymSWHbjhZRPEqMkPdsn/vt/v5GYIQ== +sidebar_class_name: "post api-method" +info_path: policy-obligations +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetObligationValue + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":"circular()","title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false}},"title":"GetObligationValueResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-get-obligation-values-by-fq-ns.api.mdx b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-get-obligation-values-by-fq-ns.api.mdx new file mode 100644 index 00000000..7d213cbd --- /dev/null +++ b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-get-obligation-values-by-fq-ns.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-obligations-service-get-obligation-values-by-fq-ns +title: "GetObligationValuesByFQNs" +description: "GetObligationValuesByFQNs" +sidebar_label: "GetObligationValuesByFQNs" +hide_title: true +hide_table_of_contents: true +api: eJztPX9z27aSXwXDu5nYfbJsp0mn1XXaU2Ql9Ysj+0ly5nKRT4HJlYSaBBgAdKLn0Xe/WYCkSEqm5DjJJA7yTyxgASyA/YXdBXjjaTpVXuutdyZC5s/J6WXIplQzwZV30fBEDNL8Og68lhcbmKZYwjQHIK+ZD80XoJdNX9MwAfVs/vxfPeU1vJhKGoEGiQPdeJxG4LW8juAcfL13JoUWvgj3XoNUTHCv4THutbwZ0ACk1/AkvE+YhMBraZlAw1P+DCLqtW48PY+xJ55ElwZSMx1u6Bp4Enmtt4cXDS8A5UsWI8JeyzuCCeNA9AzItYUmYmJ+pr2ROO3Na3i+4Ep7rcPForEynyGLQCR675Vamcn2mJc6uRVRbaEahHESKW+xuLCrBUo/E8EcB/IF18A1/knjOGS+2aD9vxX2dbOKkbj8G3yNmyZx7zUDhbWT91wVoKiUdI7T0xAVy5WWjE+9hhcxfgJ8qmde67DhTYSMqPZaXiIZVtKPx7bh46cHBjb9edjwEs7eJ5D+xv1eLBfHIHHX5oX2t9Jo366Z1/BoEDCspeFZYf4TGipYYFdlWjQFKhZc2VV6fHCA/5X3a5D4PihlqeYz7YVB/hWN1wEXVmt8jXDjiMa3Tu0mhzew2L52cBas2+6sDxZ4i4a3lA/F/guln2MQ5DoVUx+KYywL7z1Ele2mwFEUQkCShAXIcQHV9JIqyLCp69DUV7tMFARECxJTqc3WkLbWkl0mGojhclOoGkQlcSykJpdzks+QtBM96xHKgxEnwOllCGQCQSquEafJe16HElYvGh71NbsuLWJaUsXWFiMOAUxoEmqScM1CAh+RlJkOscIA4SotN+BSiBCoGSsCTXHViqPlZZt2zJeAHbd1sXVaOKZ6Bd9lFVFg1k6BvAZJdoBrpufkw0yQFIh8YGFIJPhCBmA2l3JCk4BpAtfA9e4Su3wd4SON4hCM8jxE9j5sHhwc/Pzk4ODwsdGdudQLqIY9lNW4BkkcrE4jLVw3jWVVzTRSoK84jZBeQqjq5E8KUSN4biFMK4gW1YUQse2EqBnyQrESJXON5K72NNAy8TVynlUX4ZywAFdzMieUSFAikT6QD0zPSD7qsn+Sk+yi4U0l5Xob1XgPUYdaswbIKtXyFNtBIEEpNGEoedkeEMaVptyHET/vH5MoUZpcAqHkmoYsIOf9E7IDzWmzQR7NtI5Va38/gEg0fRHtP9olExGG4gMESH6FhVAwjYBr1SRd6s+yn7Z3panUKJ4I8MCuJRJjGM8oTyKQzCf+jErqa5AN4lNOUD1SxslsHs8Axd56YKzgAVEhVTNQzdaIv3v3bsT1jKlmRLU/A7Xz6P/MLP5s7e+/pXv/bu/978Hebxc7y79Ho9Fo7+LmoPHL4aIAsfvnDtY079ho96ed1lv88x+7f+7sN3/a/fM/H+2meI2M5IuTy5D5L2Fe5HpbOL6C+RojL5bgI0+3zPbh+szoNZAoCTWLQyBXMCcxZVKtEZyCw+nE2NoVEUr9GQQl+WlLqsNbzMwYdueWe864FQhM8CbpJFLijscSJiAlBJntvFGaX8H8HlwTQ1THEVht7MTMBv318LfHVaO0POOPTw9+I+1Br3lIUjMNxedZ9xUBfg2hiKFBEpXQMJzjfl7V8+2VMSAKCPy8Yfh2KoqI7SqTRwwkmQhJkLhxN4zCDqc4NBdGg6TnmYOLgp2LEKsDXHHxARlwKiTTs4gg7hlflrh6eVwjwH0RQNAccTIUlqUbePJQQCI6RwnyTiraenzw5Nd3BtH+oL2HNlFAPkgaxzgVa6G8A7+lwI8fP/1FHlrYbqcC2iCXiSaRkEAsjalsFBqgPqOKcADEZ50eswvhvWwPxmfnz06OO+OX3Tfj9smLcbd3/mp83hucdTvHz4+7R17jVqj+oD3G2WwAeXLw2y81IN3OeNDtnD1++kv/cDPYz78+2Qbs6ePD/qF3UTzQvKTqLBcsd1KBS/ky4qRtREyB5418FREQqpTwmTEtMqVntm6SSD0DmZGpn9ucOQMge29Qy8WZ5HJoecB6mxVe4CG7zP8SIqFrDe4UojrvK6qKE01kSPaWOl4x7oORtTRUAglPgpYMrlGwMVpo+UOp0a+nRdfozsWaPS0SSVp4gb6POmJreNasGxqCWWpAWzo2dFSlluEMSGoMpr6gl+1Bi+wc94bdfq990iDd/7F/rbWsU4k0OD3vd7rj4ZuzbkUKFWuyPivF2QDIBUi9L++lN6+oOq83Jq+oGq8zKHEpkLyzdYA5aRu/BhmY48inGDnYZ4EZC13rGUXGCgWfKrTT06XfaFXk2q10ns0Lb9+j9smL0/7x8K+qnliWFzRDuTDVBcvCbmeMon+l7Odfn6yUPX186K24Igf2uA+BFcYZ+qq5peWBW7HZQNoknQ25HdcPRtV4jasE9/X4qIZUCjw9YHj6fGkIe4P/rTyu0TDVkV9SYyapouIyMtMYUEhBn+qrOU11xIiTc2upIVhBLOQnrC0cHeWuOyKKBCfOEeIcIV/YEVKyHWFuuTJlyjuZjys8TfowZUrLedEITH0jt9uehm8sVHrMgaWDs0nOFZCM1Q17AQ2sDHR60OlBpwdr9CByzApH4YJIIXQH5Bd1Wd4tdLKVL6fcIbplrDQmPuI1wVDa3RVvptNz1dt0utfp3q+gezsFot2W15Fxx77h3CpSfSFKjGBZ35+hFwCFj0yU3kLMbWUXLxp2aT5Zfng+k34SUrmzW+i7EpffelVSXLaOdroIpGP+BxWB3MjVdi7bTFZLNp2aJK0vGcwUFU5fmyEy3iYZpSxJ6lcB8xLK6ShpyR2CZ4nSotZUSSFuP++ULL4cuuTytoVrXN7oXAioLEXv8rKaIWv8ksN276jdPxq3O8Pj017VN1mpPep2+m/Ohmtqhv12b/DqeFiOTRRwK04wLzYO23sali/un5PjdILTCT+WTliJDHNiZSFuS7p7GEfS9MrMl2Y5aSvyOq/ZSlx/9oNjPvxanL5OkmEZ32VyXnrm/4zYuHxEl4/oJL+T/C4f8ftNpHD5iC4f0eUjunxEl4/o8hFdPqLLR3T5iC4Pw+VhPOQ8DJeP6BwhzhHi8hGdHnR68EfWgy4f0eUjOt37rere7zgfcSUqmEcss/QOmYSlA7b5fXszrCZG/dRopeGwf/zsfNgd989PsoPxqlPvVrD2ycn49HktRO/NBoi/jrv9dr/z1xtzEv8SOZmfmonpQlDfsO/MhaBcCMqFoFwIyoWgXAjKhaBcCMqFoJzrzbneHrLrzYWgnBvMucG+5xBU7pyqCUF9e8n1TjM7zew086ag2KpWLt4acnrT6c1vV2+WzpwYVdl43tz+MroLInzD3g8XRHBBBBdEcEEEF0RwQQQXRHBBBBdEcK4K56p4yK4KF0RwzhDnDPmegwhm0t9VAEElZsdf2UPMF/YF3eWVq/JMcXGX7ySZ5iSicWzeUvovQq9oi4yM7O5afjL/hWBs0bzhyPuMrx2mK9cR3EINoCQM0uqxn9WPFazKBZyXhESZl5wGqz0uJ2noa8qugVcX4rM8wpWiO4D7+APzub6QIok/R0f36COdUfejBslpOIAQfC3k603e0WzjIG04VmnLW0iTkgzAiAFKJgzCwIoCgg++kUlItQYOQUacfRQiCrg2R0+yoxJ/RqgacTKRIiIsONs/OWqf7ZqnPM3HoYUs0lZeto6cAEe2HWdwqOklhJXvwq7a+ufP/tntDMev2mdnx70X49Ozbr89PO2v80HUwx73NoL0TofbgB33xp3T3rB93BuYU0RlV19vm5KfT7bwJeNFzaanmfaVLx+XVztkSuPS+iKKqWRKcLvrS30gQaFURkd2HIdz9CjpGYw42UBkW9HNiJOdVGTsNrJtt+dzHDsnktIllIyxqi+G1jFLgQjrz6nVBfppxNskHxKVFOOg8LktvP8hJuT3XGkSqg3Wyzk/ytnKADwa8VBYX80f5PcMoT/I7ynqJFvKdA/+KCrzgjypUkCqC0/XsFlaNa5ltxSoyHbGOUl9KZQycyqNfhvzdU57R8fmqddnp6cn3Xbv1hsvdZDt3iaI037ZDdcpyewKWVQX527b3ya+CHEP0++850OpVWqtrjV+CP6aBRCs3cbx1CqYWvbMow1LCrR6iVAJBQzMGavdOyKhmDK/fMDLteLdTMxbZ55i4K0RPQr0KnW6xxPdWetBPZ640W9jn8m9k93nHhN3j4k7qeik4nctFTOs29knEz7j6+JFN5K1Qld93mkdiUFGTKeWWWqboBPLeqEj6ydyTOiY8CEz4aDkFb0bM6ZtSdq4RdrkTITMn2Nch005OgEymAHoHbWLyNMC4+XO0BG3Z+N/pNyJsL6ILhlfyVnIThFR5sitopUdkwsc7CKyLiLrIrKFiKxJt7UC4+sERJwOdTr0QenQz/clm7uE4jTI6A5BgALr25YmFR69nwVsp6k79P5Mnj/FVi/9crB1MrD0pFuWJZeGE4hB1cZ40p3KrYBPzRixbmuT2mFSRbKAxu1DNciHGfNneVqhpaQRR7um/Bqdyy9xQvEbFIrVyzZFtk256G7hj37GIqktUYw+5J0HhUiBufFSbaVGvJAPlvAAMMac8qZlR+ysWTKD+mUrpuLRq4jo+81KkR16RTOTrCO4liJczqKLSfgGzEB1+t1dXIARV0bnJBJU9qWrTJylEqW4GMqk+1byHkpRlEwejYuib/mtyy9sx238hNk9h7jb45ruu2Tuu2ROzXyjauZL2t7uPuc3fBHF3ed09zndfU53n9Pd53T3Od19Tnef093ndNFDFz18QNFDd5/TOUKcI+RB3ed03yVzetDpQfddsrIvp9yh+y6Z073fs+79jr9L9oW+yXWah40/9etc20U7XQTSMf+DikAu1vHQ1uxTzNZwx1bHPd8m92xWXSZk91HfJ6BYykTFnxvpOWTAdf3BwMLYs0Ex/HcHW6EP7xNQ+EKNmWHZ+Y143i2X7C8RBvkTCdhjGlIzJsNSHJBJEk5YGGIgovIcgEHDqVInDH4IVTqUbDrd5B4rZrdbeGeSOj76gfmoVrcVuOUF6MrJTz2bP/9XT/VBxYKrTQdB01majoqrV55SV0rzglCa0GMcozEmq5rh9v9WwvCn8mcQ0c02AqbCrNuiIrFwoccTkfAAiSRzqvoYFgpNekPCTRoOGibc5AyMqZwmRsviRGgQMg5j+OgbpYxJ8HmHmPkjgQbzMXxkyrgBzP1VhflW4wA4SxMo0og2fJzRRNlU3AllIQRj9LsXXqOil8a7igljiR6LyVhSPgWDpfFGIlqmmnH7zpOpoteUhZhujBhTTcehUMrWJHqGFGPf1Fhx55pouqY6UQSXMru9omYiCQOTRsHNB8qzd9wm5O1UiGkITRn7zY4I4GKloGklqFJ0unZvqklQAdhkLrk3oT5mJwHSCEl7WEWJcdLl05CpWZO0+Zwk6pamhTb4ZlbI/o0JS5hgkaaSoclVRH9gVqIZgKYsVBc1VfZ1uwYRstB1+oaTNTCbVjAg+GYy1lkCRPWC1q0fMcmFHd6CtiGeAC6T6bqx1nOrlkmNFY+1q6dLk8WijLCWl0xLKo2UZ+kCZOtOMTiSJsaQ/zZJbSZqYru7BGvsmvLUEb/aSbMgaNN9iKXQ4jKZNNt8Xn3OjeOl7ky4bD8l08JiIkEnktttTDtskSzXxrcFSAmYNxQIX+1Pxb4hN7X/Hwi2J0vP0nmLTBKWH365Rbh6xuiYiQBPOkIZEqF4LvH2Y3NtvlnwCzQxWMF82K/rzmpfZVJOExl6Le8mDqlGwunyIBaM68UKN3at3CSnMfDh0XOStcD4Gt55MA805quS1TYND8ws2tdUMhRF9gxXGdEqhFQ3rNYuFpgypMBPJNNzr/X2ouGhSkgPXM9EME8xxI4m77myT/MYpsBsHMyELR0aV9ZuZcqIcpog2/KuD034QygdUaOIrAO2dt9K3eXch0cyXCDGbbq4kQJ2S9+uQSvbUq9RM9ZFwzOL3Hrr3dxgrOZchosFFr9PQKbrla0//lo0vBnQAKShgoCZB1aD9dbGzVInezv99EC7S5aWWHlGGDTNOW/vDFnTF+He6zzXOBVdnoepgtsPvd14QxaBSPTeK1UdKYfD/vaGNoUsg1gxNZYtMAwY61rYiwKPnp0O8EmpSxGYiHJk7BBP0g+o7ukHOxFrk9nsSCy78ULKp4nRi57tE//9PxfYyYo= +sidebar_class_name: "post api-method" +info_path: policy-obligations +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetObligationValuesByFQNs + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":"circular()","title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false}}},"title":"GetObligationValuesByFQNsResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-get-obligation.api.mdx b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-get-obligation.api.mdx new file mode 100644 index 00000000..d116e138 --- /dev/null +++ b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-get-obligation.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-obligations-service-get-obligation +title: "GetObligation" +description: "GetObligation" +sidebar_label: "GetObligation" +hide_title: true +hide_table_of_contents: true +api: eJztPf1z27aS/wqGdzOx+yT5Ix8v0XXaU2Q19YsjeyQ5c7nIp0DkSkJNAgwAOtHL6H+/WYCkSEqW5NrNJCn6S2NgCSwW+4XdBfTF03SqvOZ770KEzJ+T83HIplQzwZV3VfNEDNL8dRp4TS82MA2xhGn0Qd4wHxqvQC8/9WpeTCWNQIPEwb94nEbgNb224Bx8Xb+QQgtfhPW3IJX9gHGv6c2ABiC9mifhY8IkBF5TywRqnvJnEFGv+cXT8xhH4kk0NpCa6XDL0MCTyGu+P7qqeQEoX7LYINn0TmDCOBA9A3JjoYmYmD/T0UicjubVPF9wpb3m0WJRW1nPgEUgEl1/o1ZWsjvmpUFuRVRbqBphnETKWyyuLLVA6ZcimONEvuAauMZ/0jgOmW825eAPhWN9WcVIjP8AX+OmSdxvzUBhLwsKMEpLxqcFrFng1byJkBHVXtNLEhZ4i5o3+cg3fYTdNS9i/Az4VM+85lFxDMm8xWIJXGKpnl2iV/NoEDBsoeFFAd0JDRWsJRuzzLzAoctsZRpULLiyCz4+PMT/lcfoJ74PSlkGeAiyLqXHwKaLFUXhuee+LGqGP1VMfSjOsWy89xRVSk+Bo6KAgCAnIG8GVNMxVZBhs2lA018dMlEQEC1ITKU2e0haWks2TjSQwsbWiEriWEhNxnOSr5C0Ej3rEsqDISfA6TgEMoEgVWY7cuqi5lFfs5sSEdOWKra2GXEIYEKTUJOEaxYS+IycwnSIHQYIqbTcgLEQIVAzVwSaItWKs+Vt23bMl4ADt3Tx67RxRPUKvssuosDQToG8AUn2gGum5+TTTJAUiHxiYUgk+EIGYDaXckKTgGkCN8D1/hK7nI7wmUZxCMa0HKH0HDUODw8fPzk8PDo2liUX+4BqqKNWQxokcbC6jLRx3TKWXRuWkQJ9xWWEdAyhWqcLsjWlELeps9sZ84aGiZmjTAgR20GImqEsFDtR8d1Bafa1THyNkpdw9jGBcE5YgNSczAklEpRIpA/kE9Mzks+6HJ/kLLuoeVNJuS4uh0pJ52gjNURr6XN3VYdmYwMQdleX2AoCCUqhsafkdatPGFeach+G/LJ3SqJEaTIGQskNDVlALntnZA8a00aNPJppHavmwUEAkWj4Ijp4tE8mIgzFJwiQ/QqEUDCNgGvVIB3qz7I/7ehKU6lRPRHggaUlMmMYzyhPIpDMJ/6MSuprkDXiU07Q+lDGyWwezwDV3npg7OABUSFVM1CN5pB/+PBhyPWMqUZEtT8Dtffo/8wqfm0eHLyn9X+36v97WH9xtbf893A4HNavvhzWnh0tChD7v+5hT+OOH+3/tNd8j//8x/6veweNn/Z//c9H+yleQ6P54mQcMv81zItSbxtH1zBf4w7FEnyU6abZPqTPjN4AiZJQszgEcg1zElMm1RrFKTicT4xXWlGh1J9BUNKftqU6vcXMzGF3brnnjFuFwARvkHYiJe54LGECUkKQeZlbtfk1zO8hNTFEmyQCu2teRD9nTtjzoxfHVa+svOLPTw9fkFa/2zgiqReE6vOi84YAv4FQxFAjiUpoGM5xP683y+21cSAKCDzeMn0rVUXEDpXpIwaSTIQkyNy4G8Zgh1OcmgtjQVLP//Cq4FYixOoE11x8QgGcCsn0LCKIeyaXJaleHmwIcF8EEDSGnAyEFeka+ugKSETnqEE+SEWbx4dPnn8wiPb6rTr6RAH5JGkc41Ksh/IB/KYCPz5++kweWdhOuwJaI+NEk0hIIJbHVDYLDdCeUUU4AOKzzo5ZQnivW/3RxeXLs9P26HXn3ah19mrU6V6+GV12+xed9ulvp50Tr3YrVK/fGuFqtoA8OXzxbANIpz3qd9oXx0+f9Y62gz1+/mQXsKfHR70j76p4fnhN1UWuWO54bsj0y5CTllExBZk3+lVEQKhSwmfGtciMntm6SSL1DGTGpn7uc+YCgOK9xSwXV5LroeX55X3WeIXH0bL8S4iE3uhwpxDVdV9TVVxoIkNSX9p4xbgPRtfSUAlkPAlaMrhBxcZo4cu/lRn9elZ0je1crNnTIpOkjVcYJdjEbDXPunUDwzBLC2hbR4aPqtwymAFJncE0avK61W+SvdPuoNPrts5qpPM/9l9rPetUI/XPL3vtzmjw7qJT0ULFnmzMSnM2AUoBcu/re9nNa6ouNzuT11SN1jmUSApk74wOMCctEzYgfXMc+TNODo5ZEMbC0HpGUbBCwacK/fSU9Fu9ity6lc6zeePte9Q6e3XeOx38XrUTy/aCZSg3prZg2dhpj1D1r7Q9fv5kpe3p8ZG3ErTr2+M+BFYZZ+irxo6eB27Fdgdpm3Y27Ha6eTKqRmtCJbivpycbWKUg032Gp8/XhrE3m7BFeV5jYaozv6bGTVJFw2V0pnGgkIP+bKzmPLURQ04uraeGYAW1kJ+wdgh0lIduiygSnLhAiAuE/MWBkJLvCHMrlalQ3sl9XJFp0oMpU1rOi05gGhu53fc0cmOh0mMOLAOcDXKpgGSibsQLaGB1oLODzg46O7jBDqLErEgUEkQKodsg/9KQ5d1SJzvFcsoDYljGamPiI14TzFTd3fBmNj03vQ1ne53t/Qq2t11g2l1lHQV35BvJrSLVE6IkCFb0/RlGAVD5yETpHdTcTn7xomZJ8xenPO6ZQvZ8Jv0kpHJvfyuB7U7vwgpasunU1Ht8naW/zTFbWf/IIvVwVMDEbZnYacsdsguJ0mKjLk8hbncISyYxhy7FBG3jmpggnr4CKkvpjbxtw5QbAjeDVvek1TsZtdqD0/NuNXhT6T3ptHvvLgZrega9Vrf/5nRQDt4WcCsuMG82Ea17Wt5X9y9acGl7ZzF/tLT93eZtcWJ1IW5LunsYaNf02qyXZkU7K/o679lJXT+4Z51Pvxanr1OFVcZ3Wb2UHooeEBtXsOUKtpzmd5rfFWx9v5lmV7DlCrZcwZYr2HIFW65gyxVsuYItV7DlEtUuUf0jJ6pdwZYLhLhAiCvYcnbQ2cG/sx10BVuuYMvZ3m/V9n7HBVsrWcE8Y5mVd8gkLB2wzd+3f4bdxJifDVZpMOidvrwcdEa9y7PsYLwa1LsVrHV2Njr/bSNE990WiN9PO71Wr/37O3MSv1/RWrmSKiPU2zSpvxs/pBi4FNS3HTtzKSiXgnIpKJeCcikol4JyKSiXgnIpKBd6c6G3Hzn05lJQLgzmwmDfcwoqD05tSEF9e8X1zjI7y+ws87ak2KpVLt4acnbT2c1v126WzpyYVdl63tz9MrpLInzD0Q+XRHBJBJdEcEkEl0RwSQSXRHBJBJdEcKEKF6r4kUMVLonggiEuGPI9JxHMor+rBIJKzI6/sYeYvzgWdJdXrsorReIu30kyn5OIxrF5S+m/CL2mTTI0urtj5cn8LwTji+YfDr0HfO0wpVxbcAvVh5IySLtHftY/UrCqF3BdEhJlXnLqr464XKThrym7AV4lxIM8wpWi24f7xAPztb6SIokfYqB7jJGuqPNZg+Q07EMIvhby7bboaLZxkH44UumXt7AmJRmAUQOUTBiEgVUFBB98I5OQag0cgow5e6hEFHBtjp5kTyX+jFA15GQiRURYcHFwdtK62DdPeZrflhWyyFt52zp2ApzZDpzBoaWXEFZePV319S9f/qvTHozetC4uTruvRucXnV5rcN5bF4PYDHva3QrSPR/sAnbaHbXPu4PWabdvThGVXX27a0l+vtiI8VPbd7TYsOlppX0JvkrtkCmNpPVFFFPJlOB215f2QIJCrYyB7DgO5xhR0jMYcrKFyXbimyEne6nK2K9l227P5zh3ziSlSyiZYFVfDN0kLAUm3HxOrRLopyFvkXxKNFKMg8LntvD+h5iQn3OjSag2WC/X/CgXKwPwaMhDYWM1v5CfM4R+IT+nqJOMlOke/FI05gV9UuWA1BaerxGztGu0UdxSoKLYmeAk9aVQyqypNPttwtc+756cmqdeX56fn3Va3VtvvGyCbHW3QZz3ymG4dklnV9iiSpy7bX+L+CLEPUx/MjqfSq1ya5XW+JvSNyyAYO02jqbWwGwUzzzbsORAa5cIlVDAwJyxWt0TEoop88sHvNwq3s3FvHXlKQbeGtWjQK9yp3s80Z21fqjHE7fGbewzuXfy+9xj4u4xcacVnVb8rrVihnUr+8mEB3xdvBhGsl7oasw77SMxyIjp1DNLfRMMYtkodGTjRE4InRD+yELYL0VF7yaM6bck/bhJWuRChMyfY16HTTkGATKYPug9tY/I04Lg5cHQIbdn43+k0omwvojGjK/ULGSniCgL5FbRyo7JBQl2GVmXkXUZ2UJG1pTbWoXxdRIizoY6G/pD2dCH+yWbu6TiNMjoDkmAgujbL00pPEY/C9hO03Do/YU8f4pts/bLwdbpwNKTblmVXJpOIAZVm+NJdyr3Av5sxYgNW5vSDlMqkiU0bp+qRj7NmD/LywotJw05+jXl1+hcfYlTit+gUqxetimKbSpFd0t/9DIRSX2JYvYhHzwoZArMjZfqV2rIC/VgCQ8Ac8ypbFpxxMEaJTeoV/ZiKhG9ioq+36oU2aPXNHPJ2oJrKcLlKjpYhG/ADFS719lHAgy5MjYnkaCyX7rK1FmqUYrEUKbct1L3UMqiZPpoVFR9y9+6fOBX286LPyK6m5NZxMUpQacEv10luJmfzQWjz/o+159Kfhb+uZWfQwZcb3afLIz1nYqXle5QVdiDjwkorL8yKywrTcTzbprydxEGeQEAjpheADLO1FIdkEkSTlgYYqlaJdlt0HDHRKcMfrRj4mKdKR3Yn8be2aLmP6W9c2GtkyMnRz++HP3ZJ4WdDDkZ+nvK0I7+4SvQSynrgYoFV9sEbbEwRDC3M5Bg5VV0pDRlpemtfZNzivHuhpni4A8ljEgqfwYR3aVsPlgb6ivyBxd6NBEJD5AvsnyVj3e/QlN7lHBz1x79eW4uBo+onCbGOcWF0CBkHEbw2Te+LEZG8gHxer8EGsxH8JkpU81okpoKH1UYBcBZeks6ParD5xlNlC15mlAWQjDCIqhCiTIdm8QV1ngleiQmI0n5FAyWJtGDaJluxm3xr+miN5SFeKMCMaaajkKhlO1J9AyZxBZarWTKzJVZTXWiCJIyC2mqmUjCwNyV5ubV+qy4f0LeT4WYhtCQsd9oiwCuVhoaVmkqRadr96ZaOBqAfbFB1ifUxzAIII+QdIRVlBgnHT4NmZo1SIvPSaJu+bTwDRZSh+zfmGrGW9TpexF4Uimi3zeUaASgKQvV1YYue+WhRoQsDJ0W9tpzWcPqAgTfzsY6u+Vcjdrf+rJNrt8wNW7vcQUwTqbr5lovrVomGw6/2LsalDFBeGX0sxwzLak0ip2lBMjoTjHvnN5+J/9tisNNQtoONwZ7RjTtaY5zdZBGQbem+xBLocU4mTRafF6t8eeY6c+Uy+5LMl9YTCToRHK7jemATZJdqPdtA3ICPg4QCF8dTMWBYTd18B8IVpeluwreItOE5WpAXYqkRaBnIsCggFCGLSge4b2D2NRPNAohtAbmfpkPB9UhrGFVpho0kaHX9L7EIdXIIB0exIJxvViRuo7Vj+Q8Bj44+Y1kX2CJQo2kt3Py1We9DcPrM4vqDZUMVY4NcVRmtIo/tQGrvYsFVlYq8BPJ9Nxrvr+qeaj603jESxHMUwyzlJP3eEKfP508e1J/+s+jf9afPH12XB8/nvj1Y//Fs8eTZ8/ohGLFgHHpCgKE79+Ugi8rhF2hDa4tfRan6d0cmWoAoXREjWWyyaWVjSwNkYsghjOQeozbh6GMKrB7/H4NKtkee7XK+Fc1z1C9+d778gVrRy9luFhg88cEZErAbEPwr0XNmwENQBq2CJi5bhes9yy+LI2xt9dLA0D7ZOl1lVeBhSi5yNUvUCZ9Edbf5i8JpTrL87BAePepd5tvwCIQia6/UdWZcjgcrz6wD0RkECs+xvILjOPHeiPsVUFQL877WGA8FoGp0omMA+JJ+gntPP1kF2L9L/v2CbZ98ULKp4kxiJ4dE//7f7nWTrw= +sidebar_class_name: "post api-method" +info_path: policy-obligations +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetObligation + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":"circular()","title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false}},"title":"GetObligationResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-get-obligations-by-fq-ns.api.mdx b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-get-obligations-by-fq-ns.api.mdx new file mode 100644 index 00000000..1b88423a --- /dev/null +++ b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-get-obligations-by-fq-ns.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-obligations-service-get-obligations-by-fq-ns +title: "GetObligationsByFQNs" +description: "GetObligationsByFQNs" +sidebar_label: "GetObligationsByFQNs" +hide_title: true +hide_table_of_contents: true +api: eJztPX9z27aSXwXDu5nYfbJsp0mn1XXaUxQl9Ysj+0ly5nqRT4HJlYSaBBgAdKLn0Xe/WQCkSEqW5DrNJCnyTyxgASyA/YXdBXgbaDpVQettcC5iFs7J2VXMplQzwVVw2QhECtL8OomCVpAamKZYwjQHIG9YCM2XoEtNn81f/KungkaQUkkT0CBxjNuA0wSCVtARnEOoD86l0CIU8cEbkIoJHjQCxoNWMAMagQwagYT3GZMQBS0tM2gEKpxBQoPWbaDnKfbEs+TKQGqm4y1dA8+SoPX2+LIRRKBCyVLENWgFz2HCOBA9A3JjoYmYmJ+uN5K63oJGEAqudNA6XiwaK/MZsgREpg9eq5WZ7I55pZM7EdUWqkEYJ4kKFotLu1qg9DMRzXGgUHANXOOfNE1jFpq9OfxDYV+3qxiJqz8g1LhpErddM1BYO3nPVQmKSknnOD0NSblcacn4NGgECeOnwKd6FrSOG8FEyITqoBVkkmEl/XhiGz5+emRg3c/jRpBx9j4D9xv3e7FcHIPEfZuX2q8jz75drqAR0ChiWEHj89LUJzRWsMBeqmRoClQquLIL9PjoCP+rbtUgC0NQyhLMJ9qG5Qxe03Rdi9JqjZdMOk5oeuckb4tGNzTOADvZiAaL1u153geLgkXDcIVKaQjl7peFDx6izhZT4CilICJZxiLkiIhqekUV5Nhs6tDU17vMFEREC5JSqc2qkbbWkl1lGojhQlOoGkRlaSqkJldzUsyQtDM96xHKoxEnwOlVDGQCkZOkiNPkPd+EElYvGgENNbupLKIrqWNrixGHCCY0izXJuGYxgY9Ib0zHWGGAcJWWG3AlRAzUjJWAprhq5dGKsm07FkrAjtu63NoVjqlewXdZRRSYtVMgb0CSPeCa6Tn5MBPEAZEPLI6JhFDICMzmUk5oFjFN4Aa43l9iV6wjfKRJGoPRa8fIg8fNo6Oj758cHR0/NmqtkEoR1XCAshTXIEuj1Wm4wnXTWFZtmIYD+ozTiOkVxGqTfHAQG2TCHYRpZcSivhAitZ0QNUNeKFei+NwgXus9DbTMQo2cZ8V5PCcswtWczAklEpTIZAjkA9MzUoy67J8UJLtoBFNJud5FdT1A1KFW2wBklV51iu0okqAUmhiUvGoPCONKUx7CiF/0T0iSKU2ugFByQ2MWkYv+KdmD5rTZII9mWqeqdXgYQSKaoUgOH+2TiYhj8QEiJL/SQiiYJsC1apIuDWf5T9u70lRqFE8EeGTXEokxTmeUZwlIFpJwRiUNNcgGCSknqMMo42Q2T2eAYm89MFbwiKiYqhmoZmvE3717N+J6xlQzoTqcgdp79H9mFr+2Dg/f0oN/tw/+9+jgp8u95d+j0Wh0cHl71PjheFGC2P91D2ua92y0/91e6y3++Y/9X/cOm9/t//qfj/YdXiMj+dLsKmbhK5iXud4Wjq9hvsYISyWEyNMts324PjN6AyTJYs3SGMg1zElKmVRrBKfgcDYxtnBNhNJwBlFFftqS+vAWMzOG3bnlnjNuBQITvEk6mZS446mECUgJUW7bbpXm1zB/ANekkGziCKw2dlxuI/54/NPjutFYnfHHp0c/kfag1zwmzpZC8XnefU2A30AsUmiQTGU0jue4n9eb+fbaGBAlBL7fMnzbiSJiu8rlEQNJJkISJG7cDaOw4ykOzYXRIO68cXRZskMRYnWAay4+IANOhWR6lhDEPefLClcvj1MEeCgiiJojTobCsnQDTwYKSELnKEHeSUVbj4+e/PjOINoftA/QJorIB0nTFKdiLZR3ELYUhOnjpz/IYwvb7dRAG+Qq0yQREoilMZWPQiPUZ1QRDoD4rNNjdiGCV+3B+Pzi2elJZ/yq+/u4ffpy3O1dvB5f9Abn3c7Ji5Pu86BxJ1R/0B7jbLaAPDn66YcNIN3OeNDtnD9++kP/eDvY9z8+2QXs6ePj/nFwWT5wvKLqvBAs91KBS/ky4qRtREyJ5418FQkQqpQImTEtcqVntm6SST0DmZNpWNicBQMge29Ry+WZFHJoeQp6mxde4iG4yv8SEqE3GtwOoj7va6rKE81kTA6WOl4xHoKRtTRWAglPgpYMblCwMVpq+bdSo59Pi67RnYs1e1omEld4ib6JTcTWCKxZNzQEs9SAtnRs6KhOLcMZEGcMOl/Nq/agRfZOesNuv9c+bZDu/9i/1lrWTiINzi76ne54+Pt5tyaFyjV5n7XifADkAqTeVw/Sm9dUXWw2Jq+pGq8zKHEpkLzzdYA5aRvnAxmY48ifMXKwzxIzlrrWM4qMFQs+VWinu6XfalUU2q1yni0K796j9unLs/7J8Le6nliWlzRDtdDpgmVhtzNG0b9S9v2PT1bKnj4+DlZchQN73IfICuMcfdXc0fLArdhuIG2TzobcTjYPRtV4jasE9/Xk+QZSKfH0gOHp85Uh7C1Osuq4RsPUR35FjZmkyorLyExjQCEF/VlfzZnTESNOLqylhmAlsVCcsHZwdFS77ogkEZx4R4h3hPzFjpCK7Qhzy5WOKe9lPq7wNOnDlCkt52Uj0PlG7rY9Dd9YKHfMgaWDs0kuFJCc1Q17AY2sDPR60OtBrwc36EHkmBWOwgWRQugOyL/UZXm/0MlOvpxqh+iWsdKYhIjXBONd91e8uU4vVG/T616vez+D7u2UiHZXXkfGHYeGc+tI9YWoMIJl/XCGXgAUPjJTegcxt5NdvGjYpfmLQx7LwHKZQkulmxk1CJkMs5jKvf2tC2x3ehdS0JJNpybL5PNM/U2B2cr8x7sE0u+zChi4rS62K7lHdCFTWmyU5Q7iboOwohIL6IpP0Bau8Qni6SuishLeKMo2DLnBcTNs9563+8/H7c7w5KxXd97Uap93O/3fz4draob9dm/w+mRYdd6WcCtPsCg2Hq0Hat6XD09a8GF7rzG/tbD9/cZtc2JlIW6L2z10tGt6beZL86SdFXld1Owkrj+5ZV0Mvxanz5OFVcV3mb3kDkWfEBufsOUTtrzk95LfJ2x9vZFmn7DlE7Z8wpZP2PIJWz5hyyds+YQtn7DlA9U+UP0tB6p9wpZ3hHhHiE/Y8nrQ68G/sx70CVs+Ycvr3i9V937FCVsrUcEiYpmnd8gsrhywze+7m2E1Mepng1YaDvsnzy6G3XH/4jQ/GK869e4Ea5+ejs9ebITo/b4F4reTbr/d7/z2uzmJPyxprZpJlS/UGxfU340eHAY+BPVl+858CMqHoHwIyoegfAjKh6B8CMqHoHwIyrvevOvtW3a9+RCUd4N5N9jXHIIqnFMbQlBfXnK918xeM3vNvC0otqqVy7eGvN70evPL1ZuVMydGVbaeN3e/jO6DCF+w98MHEXwQwQcRfBDBBxF8EMEHEXwQwQcRvKvCuyq+ZVeFDyJ4Z4h3hnzNQQQz6a8qgKAys+Ov7SHmL/YF3eeVq+pMcXGX7ySZ5iShaWreUvovQq9pi4yM7O5afjL/xWBs0aLhKPiErx26lesIbqEGUBEGrnoc5vVjBatyAeclIVPmJafBao/LSRr6mrIb4PWF+CSPcDl0B/AQf2Ax15dSZOmn6OgBfbgZdT9qkJzGA4gh1EK+2eYdzTcOXMOxci3vIE1KcgAjBiiZMIgjKwoIPvhGJjHVGjhEOXH2UYgo4NocPcmeysIZoWrEyUSKhLDo/PD0eft83zzlaT5sK2SZtoqydeQEOLLtOIdDTS8hrr16umrrXzz7Z7czHL9un5+f9F6Oz867/fbwrL/OB7EZ9qS3FaR3NtwF7KQ37pz1hu2T3sCcImq7+mbXlPxisqVPsS42bLrLtK99urW62jFTGpc2FElKJVOC211f6gMJCqUyOrLTNJ6jR0nPYMTJFiLbiW5GnOw5kbHfyLfdns9x7IJIKpdQcsaqvxi6iVlKRLj5nFpfoO9GvE2KIVFJMQ4Kn9vC+x9iQn4ulCah2mC9nPOjgq0MwKMRj4X11fxCfs4R+oX87FAn+VK6PfilrMxL8qROAU4Xnq1hM1c13shuDqjMdsY5SUMplDJzqox+F/N1znrPT8xTr8/Ozk677d6dN142QbZ72yDO+lU3XKcis2tkUV+c+21/m4Qixj10H6ouhlKr1Fpfa/yS9Q2LIFq7jeOpVTAb2bOINiwp0OolQiWUMDBnrHbvOYnFlIXVA16hFe9nYt45c4dBsEb0KNCr1OkfT/RnrW/q8cStfhv7TO697D7/mLh/TNxLRS8Vv2qpmGPdzj+Z8AlfFy+7kawVuurzdnUkBZkw7SwzZ5ugE8t6oRPrJ/JM6JnwW2bCQcUrej9mdG2Ja9wibXIuYhbOMa7DphydADnMAPSe2kfkaYnxCmfoiNuz8T8cdyJsKJIrxldyFvJTRJI7cuto5cfkEgf7iKyPyPqIbCkia9JtrcD4PAERr0O9Dv2mdOin+5LNfUJxGmRyjyBAifVtS5MKj97PErZT5w59OJMXT7Ftln4F2DoZWHnSLc+Sc+EEYlC1MR63U4UV8GczRqzb2qR2mFSRPKBx91AN8mHGwlmRVmgpacTRrqm+RufzS7xQ/AKFYv2yTZltHRfdL/zRz1nE2RLl6EPReVSKFJgbL/VWasRL+WAZjwBjzI43LTtiZ82KGdSvWjE1j15NRD9sVors0Wuam2QdwbUU8XIWXUzCN2AGqtPv7uMCjLgyOieToPIvXeXizEmU8mIok+5by3uoRFFyeTQui77lty4/8attZ+WPiO5mZJZx8ULQC8EvVwhupmdzweijfsj1p4qdhT+30nPMgOvN5pOFsbZT+bLSPbIK+/A+A4X5V2aGVaGJeN5PUv4m4qhIAMAe3QUgY0wtxQGZZPGExTGmqtWC3QYNf0z0wuBbOyYu1qnSof009s4atfiU9s6JtZ6PPB99+3z0Z58U9jzkeejvyUMb7cMSr7wEvWQz9Wz+4l891QeVCq62MZzpx93SwIWrzqYrpUkvdbf3TewpxTscZqTDP5QwrKnCGSR0l/T5aK3Lr0wnXOjxRGQ8QvrI41Yh3gGLTQ5Sxs2de7TrubkgPKZymhkjFSdCo5hxGMPH0Ni06CEpOsRr/hJoNB/DR6ZMVqMJbip8XGEcAWfutrQ7ssPHGc2UTX2aUBZDNMZkqFKqMr0yASzM9cr0WEzGkvIpGCxNwAfRMtWM2yRgU0VvKIvxZgViTDUdx0IpW5PpGRKLTbhaiZiZq7Oa6kwRXMrctalmIosjc2eam9fr8yT/CXk7FWIaQ1OmYbMjIrhcKWha4akUna7dm3oCaQT25QZ5MKEhukMAaYS4HlZRYpx0+TRmatYkbT4nmbqjaakNJlTH7N8Ycsbb1O7dCDyxlNEfmJVoRqApi9Xlhip79aFBhCx17RJ87fmsaWUCgm8nY53fdq577+984aaQcxgit/e5IrjKpuvGWs+tWmYbDsFYu+qcMc54ZeS0vGJaUmkEPHMLkK87xfizuwVP/tskiZvAtO3uCuxZ0ZS7WOdqJ82SjHX7kEqhxVU2abb5vJ7rzzHinwuX3adkWlhMJOhMcruNrsMWyS/Wh7YAKQEfCYhEqA6n4tCQmzr8DwQ7kJU7C8Eil4TVrMBVuRoYU2MmIvQRCGWog+KJPjhMTTpFs+RRa2IomIVweEdPVt0qkyOayThoBbdpTDWSS5dHqWBcL1Z4sGulJTlLgQ+fvyB5C0xcaBB3Z6dYi7y2aSh/ZjG+oZKhALKOj9qIVg04jbBau1hgvqWCMJNMz4PW28tGgIrAeSmeiWjuMMSOJu+5stmahhXwqgw+dlPxtKws28qUEWX3Bk4ruDk2oX+hdEKN+rGRpLt2q9JTwW7owsC1Ydw+BmXY3m7k2zUY5RsZNNYPc9kIzNK23ga3t5g2eiHjxQKL32cg3Srlq46/Fo1gBjQCafY+YuamXbTeqLhd6t9gr+98P/tkaXBVJ4M5KAWXHZwjG4YiPnhTPCLkxFQQYG7w7kPvNt6QJSAyffBa1Ucq4LC/g6F9GyKHWDErli3QhZ/qjbCXJaY8PxtgbvGViEyCTmJsjkDSD6ja6Qc7EWt62WdPsOw2iCmfZkYHBrZP/Pf/pFR+GQ== +sidebar_class_name: "post api-method" +info_path: policy-obligations +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetObligationsByFQNs + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":"circular()","title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false}}},"title":"GetObligationsByFQNsResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-list-obligation-triggers.api.mdx b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-list-obligation-triggers.api.mdx new file mode 100644 index 00000000..1e1a8a46 --- /dev/null +++ b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-list-obligation-triggers.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-obligations-service-list-obligation-triggers +title: "ListObligationTriggers" +description: "ListObligationTriggers" +sidebar_label: "ListObligationTriggers" +hide_title: true +hide_table_of_contents: true +api: eJztPWtz27ayfwXDe2dit7L8yOO0Op32KrLS+sSxPJLcObmWrwKTKwk1CTAA6FjHo/9+ZwGSIilZjzjJJCnyJRawABbAvrC7AO89TcfKa1x65yJk/pR0rkM2ppoJrryrmidikObXSeA1vNjA1MUcpt4Dect8qJ8ypedt+5KNxyCVV/NiKmkEGn80Lu89TiPwGl5LcA6+3juXQgtfhHt/glRMcK/mMe41vAnQAKRX8yS8T5iEwGtomUDNU/4EIuo17j09jbEnnkTXBlIzHa7pGngSeY3Lw6uaF4DyJYsRWa/hHcOIcSB6AuTWQhMxMj/T3kic9ubVPF9wpb3G4WxWW5hPn0UgEr33Ri3MZHPMS508iKi2UDXCOImUN5td2dUCpV+KYIoD+YJr4Br/pHEcMt9szv5fCvu6X8RIXP8FvsZNk7jxmoHCWpyjiqkPSAQ5sNKS8XEB/RxsyAKv5o2EjKj2Gl6SsMCb1eb1r97zzfoZvcddixg/BT7WE69xWOxWMuw1pmPGqV2e+7yPQml1CTvmD4o7uXraIYuYLiDKuIZxacMsRAEnxvXTowdHHHDSA020IL7gIzZOJAQkgBFNQk1MX4SNCBeG2m5ZAMGAkzf0jkVJlNYr0LjfcUg1Dpp2RCgPCPCRkD4E5HpKlOVKhQskRiMFq+eRgmwzkWOLNgRVlL3ZrObRIGAW9LywpCMaKsDqbNzlQqNridhb082sKhxMgYoFV3b/jg4O8L/yFHqJ74NSlo0/BXPoTNTNIamUdIr8ryFS63tgK7nK8s5c5P5JwwSKpD6vGt6aunV0vd14y4f6JIPkjF4cY1746CGq5DsGjtoMAoIiCfkooJpeUwUZNuvE0kKXiYIAGTqmUhtSJU2tJbtONBAjq02hqhGVxLGQGpkznyFpJnpyhsw74AQ4vQ6BjCBINS7iNFotKbEauc3X7La0iGlJFVtbjDhkUifhmoUE7pD+mQ6xwgDhKs034FqIEKgZKwJNcdWKo+Vl63bMl4AdN3WxdVo4pHoB33mVEXypYANJdoBrpqfkw0SQFIh8YGFIJPhCBmA2l3JCk4BpArfA9e4cu3wd4Y5GcQjG/jlEmXBYPzg4ePrs4ODwyJg/uTwMqIY91Li4BkkcLE4jLVw2jXnVimmkQF9wGiG9hnCpfMr1m4V4SBA/TJhWEM2qCyFS/UHUBHmhWLlGa1R76mmZ+EaVJpy9TyCcEhbgao6mhBIJSiTSB/KB6QnJR533T3KSndW8saRcf2b5jcbKCiCsrk6xGQQSlEJDlJLXzR5hXGnKfRjwi+4JiRKlyTUQSm5pyAJy0T0lO1Af12vkyUTrWDX29wOIRN0X0f6TXTISYSg+WPOgsBAKxhFwreqkTf1J9tP2rjSVOrUtAruWSIxhPKE8iUAyn/gTKqmvQdaITzmaI5oyTibTeAIo9pYDYwUPiAqpmoCqNwb83bt3A64nTNUjqv0JqJ0n/2dm8Vtjf/+S7v2nufe/B3s/X+3M/x4MBoO9q/uD2ovDWQFi97cdrKlv2Wj3h53GJf754+5vO/v1H3Z/++8nuyleAyP54uQ6ZP5rmJbsTFM4vIHpElM9luAjTzfM9uH6TOgtkCgJNYtDIDcwJTFl5phUJTHBoTMyJ6aKCKX+BIKS/LQl1eEtZmYMu3PzPWfcCgQmeJ20Eilxx2MJI5Bokd7m56XVdH8D00dwTQzRKo7A6poX0bvM9P/p8Oej6lmgPOO75wc/k2bvrH5IUtsOxed5+w0BfguhiKFGEpXQMJzift6s5tsbY0AUEHi6ZvhmKoqI7SqTRwwkGQlJkLhxN4zCDsfmXCWMBklPpQdXBcsYIRYHuOHiAzLgWEimJxFB3DO+LHH1/NBNgPsigKA+4KQvLEvX8PyogER0ihLknVS0cXTw7Kd3BtFur7mHNlFAPkgaxzgVa6G8A7+hwI+Pnr+Qhxa23aqA1sh1okkkJBBLYyobhQaoz6giHADxWabH7EJ4r5u94fnFy9OT1vB1++2wefr7sH128WZ4cdY7b7dOXp20j73ag1DdXnOIs1kD8uzg5xcrQNqtYa/dOj96/qJ7uB7s6U/PNgF7fnTYPfSuikeg11Sd54JlKxU4ly8DTppGxBR43shXEQGhSgmfGdMiU3pm60aJ1BOQGZn6uc2ZMwCy9xaHuVwOzU9ll1nhFbpKyvwvIRJ6pcGdQlTnfUNVcaKJDMneXMcrxn0wspaGSiDhSdCSwS0KNkYLLf9WavTLadElunO2ZE+LRJIWXqEHaxWx1Txr1vUNwcw1oC0dGjqqUkt/AiQ1BlOP3utmr0F2Ts767e5Z87RG2v+2fy21rFOJ1OtcdFvtYf/tebsihYo1WZ+V4mwA5AKk3teP0ps3VF2sNiZvqBouMyhxKZC8s3WAKWkaZwjpmePIxxg52GeBGQtd6wlFxgoFHyu009OlX2tV5NqtdJ7NCx/eo+bp753uSf+Pqp6Ylxc0Q7kw1QXzwnZriKJ/oezpT88Wyp4fHXoLDuWePe5DYIVxhr6qb2h54FasN5DWSWdDbqudtkgsS1wluK8nxytIpcDTPYanz9eGsNc47crjGg1THfk1NWaSKiouIzONAYUU9LG+moL38sJaaghWEAv5CWsDR0e565aIIsGJc4Q4R8hndoSUbEeYWq5MmXIr83GBp0kXxkxpOS0agalv5GHb0/CNhUqPOTB3cNbJhQKSsbphL6CBlYFODzo96PTgCj2IHLPAUbggUgjdAvlZXZbbhU428uWUO0S3jJXGxEe8Rhh/217xZjo9V711p3ud7v0CurdVINpNeR0Zd+gbzq0i1RWixAiW9f0JegFQ+MhE6Q3E3EZ28axml+aj5YfnM+knIZU7u4W+O5UQ9aarkuKycbTTRSAd839XEci1XH2bp3ysm+z6ZJQ57y4k3hSZOe/IsaVjS8eWS9kSE2XK+VFpyRbR3ERpsdJ2TiEePoCXjiA5dCkGYwuXxGDQ2xVQWQon52UrhlzhKO83z46b3eNhs9U/6ZxVneWV2uN2q/v2vL+kpt9tnvXenPTLwbICbsUJ5sUmgvDIk87vj08Sc9LQScO/lzRcSFXgxMpC3JZ09zCwqemNmS/NkiQXslnzmk+VzLqdJyMffilOXybrtYzvPFs0dUJ9QmxcgqxLkHWS30l+lyD77Wb2uARZlyDrEmRdgqxLkHUJsi5B1iXIugRZlxjkEoO+58QglyDrHCHOEeISZJ0edHrw76wHXYKsS5B1uvdr1b3fcILsQlQwj1hm6R0yCUsHbPP74WZYTYz6WaGV+v3uycuLfnvYvTjNDsaLTr0HwZqnp8POq5UQZ2/XQPxx0u42u60/3pqT+OdIEv7Y1GAXgvqKfWcuBOVCUC4E5UJQLgTlQlAuBOVCUC4E5VxvzvX2PbveXAjKucGcG+xbDkHlzqkVIaivL7neaWanmZ1mXhcUW9TKxVtDTm86vfn16s3SmROjKmvPm5u/juCCCF+x98MFEVwQwQURXBDBBRFcEMEFEVwQwQURnKvCuSq+Z1eFCyI4Z4hzhnzLQQQz6W8qgKASs+Nv7CHmM/uCtnnlqjxTXNz5O0mmOYloHJu3lP5J6A1tkIGR3W3LT+a/EIwtmjcceGvkUzlHd41FZleuJbiF6kFJGKTVQz+rH9ovCi/OS0KizEtOvcUe55M09DVmt8CrC/FJHuFK0e3BY/yB+Vx/lyKJP0VHj+gjnVH7ToPkNOxBCL4W8s913tFs4yBtOFRpywdIk5IMwIgBSkYMwsCKAoIPvpFRSLUGDkFGnF0UIgq4NkdPsqMSf0KoGnAykiIiLDjfPz1unu/ixgjzwXkhi7SVly0jJ8CRbccZHGp6CWHlQ8WLtv7Fy3+1W/3hm+b5+cnZ78POebvb7He6y3wQq2FPztaCnHX6m4CdnA1bnbN+8+SsZ04RlV39c9OU/HyyEeMntu5wtmLT00z7Enx1tUOmNC6tL6KYSqYEt7s+1wcSFEpldGTHcThFj5KewICTNUS2Ed0MONlJRcZuLdt2ez7HsXMiKV1CyRir+mLoKmYpEOHqc2p1gX4Y8CbJh0QlxTgofG4L73+IEfklV5qEaoP1fM5PcrYyAE8GPBTWV/Mr+SVD6FfyS4o6yZYy3YNfi8q8IE+qFJDqws4SNkurhivZLQUqsp1xTlJfCqXMnEqjP8R8rc7Z8Yl56vVlp3Pabp49eONlFWTzbB1Ep1t2w7VKMrtCFtXF2W77m8QXIe6hkUWjOSWoRWqtrjWJpbhlAQRLt3E4tgpmJXvm0YY5BVq9RKiEAgbmjNU8OyahGDO/fMDLteJ2JuaDM08x8JaIHgV6kTrd44nurPVdPZ644SPiW9l97jFx95i4k4pOKn7TUjHDupl9MuETvi5edCNZK3TR553WkRhkxHRqmaW2CTqxrBc6sn4ix4SOCb9nJuyVvKLbMWPalqSNG6RJzkXI/CnGddiYoxMgg+mB3lG7iDwtMF7uDB1wezb+MeVOhPVFdM34Qs5CdoqIMkduFa3smFzgYBeRdRFZF5EtRGRNuq0VGF8mIOJ0qNOh35UO/XRfstkmFKdBRlsEAQqsb1uaVHj0fhawHafu0Mczef4U22rpl4Mtk4GlJ92yLLk0nEAMqjbGk+5UbgV8bMaIdVub1A6TKpIFNB4eqkY+TJg/ydMKLSUNONo15dfoXH6JE4pfoVCsXrYpsm3KRduFP7oZi6S2RDH6kHceFCIF5sZLtZUa8EI+WMIDwBhzypuWHbGzeskM6patmIpHryKiHzcrRXboDc1MspbgWopwPos2JuEbMAPV6rZ3cQEGXBmdk0hQ2ZeuMnGWSpTiYiiT7lvJeyhFUTJ5NCyKPpF/0fUz23FrP2H2yCG2e1zTfZfMfZfMqZmvVM18Ttvb3ef8ii+iuPuc7j6nu8/p7nO6+5zuPqe7z+nuc7r7nC566KKH31H00N3ndI4Q5wj5ru5zuu+SOT3o9KD7LlnZl1Pu0H2XzOneb1n3fsPfJXv0N7k2C3nMw8hFCi2UfrpMps3f7tSSjccgV0x9Pm4nR7VvWxW/QJZ3tHGU1kVOndD6riKnBck2Z5WP/TKf4yHHQ46Hcs24GfsUM7Wcy8pxz9fJPevNVhOuv9OPSSYoZaHjz7X0HDLgerVTwMJYv0Ax9L/FOaEL7xNQ+DqVmWE58IV4bpdH+ocIg/x5FOwxDaeb48JcHJBREo5YGGIQsvIUiEHDqVInDP4WqjQ9uW2sUYvHupiOsyujRdkyL13LJTa1qjMaKSgKN8Y1WKRy1rGQQ2FBCxvNuH56tOgusFIFAjJHh6SN0Q0Ad5uMimAbD9miIR6L83CctCiQkEVMkx/T0YmQWW4xPszWjmLDFcAJFxxzMSL0aNCRBkn8LPOMju3ZXGgarkTYQqxFtY9gxBcJN4+IITVJIPju2DYenlOm9AIhqS6oWHC17ogzmxmeMQuBUyoj2JbSvIuVpqkZd3+MKdhmqP2/lCU55U8gouu1HyZ4LWPiojjhQg9HIuEBipEsVOBjsDM0STsJN8llqHK5yYQZUjlOjP7AidAgZByGcOcbdYNXO/IOMZ9NAg2mQ7hjyji3zK1shVmEwwA4S9OC0jwNuJvQRNkE8xFlIQRDjCYV3lij1yZmgGmQCVLoUFI+BoOl8bEjWqYaSQRfLzNV9JayEJPoEWOq6TAUStmaRE+QCuxLMQtBCpMjoqlOFMGlzO5kqYlIwsAkB2F6fhJlrxOOyOVYiHEIdRn79ZYI4GqhoG51rFJI3Ev2ppraF4BNUZR7I+pjzh0gjZC0h0WUGCdtPg6ZmtRJk09Joh5oWmiDL8GF7D+YhodpQ2mCJBoTRfR7ZiXqAWjKQnW1osq+2VhDnp93nb5MZk2nulUdCL6ejHWW1lO9dvigey+XA3i33wYuA7hOxsvGWs6tWiYr7FOsXTw3mdwsZdS5vGZaUmnsAJYuQLbuFEN+aboX+R+Tqmligba7a7BmnClPw0uLndQLwi/dh1gKLa6TUb3Jp9VHCjk+VZAJl82nZFpYTCToRHK7jWmHDZJlkPm2ACkBs+EC4av9sdg35Kb2/wvB9mTpsUVvlknC4njLJatnbNKJCFDJCmXog6K57e3H5iWIeuG4W8f4G/Nh/8G+rGWmTAp1IkOv4d3HIdVIMm0exIJxPVvgw7aVmKQTA+8fvyJZC4wX4x0e8+Bovh5Zbd1Q/8TifEslQyFkzyWVEa0qSLXCYu1shilwCvxEMj31GpdXNQ+VQaruX4pgmmJo0oeLN2S9pyP60/PRi2d7z/9x+I+9Z89fHO1dPx35e0f+zy+ejl68oCP6wivcuXr1nhdZqWzsGKXuNQ5qXmoeNA5wGzFxvGQLLezLworiiqT55A3v9tDYVULpiPJsCqsIotRXztN4hMHFZ9xerTCyxdLK5RKcMlrxag8NdFXzzO41Lr37ewxqXshwNsPi9wnIdCOyjcVfs5o3ARqANOQVMPMScbDcxL2fq3lvp5ue/nbJ3HosTwezC3Jm3jtHbvdFuPdnnpSfSkPPw5zazYfebLw+i0Akeu+Nqo6Uw2F/e32ba5lBLFgv8xYYL4/1StirAuefd3r49tq1CEzqRWRMG0/SD2hB0A92IvYgYNOIsezeCykfJ0bVerZP/Pf/tBZmsQ== +sidebar_class_name: "post api-method" +info_path: policy-obligations +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +ListObligationTriggers + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":"circular(ObligationTrigger)","title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"pagination":{"title":"pagination","type":"object","properties":{"currentOffset":{"type":"integer","title":"current_offset","format":"int32","description":"Requested pagination offset"},"nextOffset":{"type":"integer","title":"next_offset","format":"int32","description":"Calculated with request limit + offset or defaults\n Empty when none remain after current page"},"total":{"type":"integer","title":"total","format":"int32","description":"Total count of entire list"}},"additionalProperties":false}},"title":"ListObligationTriggersResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-list-obligations.api.mdx b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-list-obligations.api.mdx new file mode 100644 index 00000000..9f888a02 --- /dev/null +++ b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-list-obligations.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-obligations-service-list-obligations +title: "ListObligations" +description: "ListObligations" +sidebar_label: "ListObligations" +hide_title: true +hide_table_of_contents: true +api: eJztPf1z27aS/wqGdzOxW1n+yMdrdZ32FFlp/eLYHknOXC/yKTC5klCTAAOAjvU8+t9vFgApkpIluUk7SR76S2NgCSywn9hdQPeBphMVtN4FFyJm4YycX8dsQjUTXAVXjUCkIM1fJ1HQClID0xQLmGYf5C0LoXnKlC5/2whSKmkCGiQOfx9wmkDQCjqCcwj13oUUWoQi3nsLUjHBg0bAeNAKpkAjkEEjkPAhYxKioKVlBo1AhVNIaNC6D/QsxZF4llwbSM10vGFo4FkStN4dXjWCCFQoWYpYBq3gGMaMA9FTILcWmoix+dONRlI3WtAIQsGVDlqH83ljaT0DloDI9N4btbSS7TGvDPIgotpCNQjjJFHBfH5ldwuUfimiGU4UCq6Ba/wnTdOYhYYq+38oHOt+GSNx/QeEGokmkeKagcJeXKNKaQhI/QJYacn4pIR+ATZiUdAIxkImVAetIMtYFMwbi/5XH/h244w/INUSxk+BT/Q0aB2Wh5UMR03phHFqt+e+GKPUWt/Cc/MPipRcv+yYJUyXEGVcw6RCMAtRwolx/fTowRmHnPRBEy1IKPiYTTIJEYlgTLNYEzMWYWPCheG2WxZBNOTkDb1jSZa4fgUa6Z3GVOOkbiBCeUSAj4UMISLXM6KsOCrcIDEeK1i/DgfymIUcW7QhqqMczOeNgEYRs6AXpS0d01gBdufz1rRFz3JvsOH7eV0rmAaVCq4s4Y4ODvB/Vdz7WRiCUlZ+P4dUlNRfCZhKSWco+xoStXkQtlaianJTZvBF4yY23jhFncoT4KjtISIouchuEdX0mirIsdkkvUtDZgoi5PuUSm0IS9paS3adaSBGpZlG1SAqS1MhNfJwsULSzvT0DHl8yAlweh0DGUPkLBLiNF6vULAbmTLU7Layia6ljq1tRhxy4cy4ZjGBO+QWpmPsMEC4SwsCXAsRAzVzJaAp7lp5tqJtE8VCCThwW5e/do0jqpfwXXQZ/eDkHyTZAa6ZnpGPU0EcEPnI4phICIWMwBCXckKziGkCt8D17gK7Yh/hjiZpDMY/OEQJOmweHBw8fXZwcHhk3INCbURUwx4aJtyDLI2Wl+EaVy1j0bVmGQ7ob1xGTK8hXinKhRmwEA+prYcZ85bGmZmjuhHCqVmipigL5c4NyrU+Ul/LLDQWJ+PsQwbxjLAId3M8I5RIUCKTIZCPTE9JMetifFKw7LwRTCTl+i9WdWjT1wBhd32J7SiSoBT6a5S8bvcJ40pTHsKQX/ZOSJIpTa6BUHJLYxaRy94p2YHmpNkgT6Zap6q1vx9BIpqhSPaf7JKxiGPx0VrR0kYomCTAtWqSLg2n+Z92dKWp1M4ER3YvkRnjdEp5loBkIQmnVNJQg2yQkHK02poyTqazdAqo9lYDYwePiIqpmoJqtob8/fv3Q66nTDUTqsMpqJ0n/2dW8Utrf/8d3ftXe+9/D/Z+vNpZ/Hs4HA73ru4PGi8O5yWI3V92sKf5yI92v9tpvcN/fr/7y85+87vdX/7zya7Da2g0X5pdxyx8DbOKO2YaRzcwW+HRphJClOmWIR/uz5TeAkmyWLM0BnIDM5JSJtUKxSk4nI/NwaKmQmk4haiiP21LfXqLmZnDUm5Bc8atQmCCN0knkxIpnkoYg0TH7bY4Vqzn+xuYfYLUpJCskwjsbgQJvcs95B8Ofzyqu8zVFd89P/iRtPtnzUPiPCFUnxfdNwT4LcQihQbJVEbjeIb0vFkvtzfGgSgh8HTD9G2niogdKtdHDCQZC0mQuZEaxmDHE3P8EMaCuMPbwVXJgUSI5QluuPiIAjgRkulpQhD3XC4rUr04mxLgoYggag45GQgr0g08ZikgCZ2hBnkvFW0dHTz74b1BtNdv76FPFJGPkqYpLsV6KO8hbCkI06PnL+Shhe12aqANcp1pkggJxPKYymehEdozqggHQHxW2TG7EcHrdn90cfny9KQzet39fdQ+/XXUPbt8M7o86190OyevTrrHQeNBqF6/PcLVbAB5dvDjizUg3c6o3+1cHD1/0TvcDPb0h2fbgD0/OuwdBlflk8Jrqi4KxfIoE7jQL0NO2kbFlGTe6FeRAKFKiZAZ1yI3eoZ040zqKcicTcPC5ywEAMX7EWeeQg8tzjDv8sYrjChU5V9CIvRah9tB1Nd9Q1V5oZmMyd7CxivGQzC6lsZKIONJ0JLBLSo2Rktf/luZ0b/Piq6wnfMVNC0ziWu8wkDPOmZrBNatGxiGWVhA2zoyfFTnlsEUiHMGXeDrdbvfIjsnZ4Nu76x92iDd/7H/WulZO43UP7/sdbqjwe8X3ZoWKvfkY9aa8wlQCpB7X3+S3byh6nK9M3lD1WiVQ4lbgeyd7wPMSNuEDkjfHEf+jJODY5aEsTS0nlIUrFjwiUI/3W39Rq+isG6V82zR+DCN2qe/nvdOBr/V7cSivWQZqo3OFiwau50Rqv6ltqc/PFtqe350GCzFXfv2uA+RVcY5+qq5peeBpNjsIG3Szobd1sc2kVlWhEqQrifHa1ilJNN9hqfP14axN4S4qvMaC1Of+TU1bpIqGy6jM40DhRz0Z2M1pSDfpfXUEKykFooT1haBjurQHZEkghMfCPGBkL84EFLxHWFmpdIJ5aPcxyWZJj2YMKXlrOwEutjIw76nkRsL5Y45sAhwNsmlApKLuhEvoJHVgd4Oejvo7eAaO4gSsyRRuCFSCN0B+ZeGLB+XOtkqllMdEMMyVhuTEPEaY7bq8YY3t+mF6W162+tt799gezslpt1W1lFwR6GR3DpSPSEqgmBFP5xiFACVj8yU3kLNbeUXzxt2a/7ilMcijVzm0FLrekENQibDLKZyZ3fjBltKb8MKWrLJxJTs/D1Lf1tgtrT+kUXq8+0CJm6rm+1aHpFdyJQWa3W5g3jYIayYxAK6EhO0jStignj6iqispDeKtjVTrgncDNpnx+3e8ajdGZycn9WDN7Xe426n9/vFYEXPoNc+6785GVSDtyXcygssmk1E6xMt76+fXrTg0/beYn5rafvHzdvmxOpCJIujHgbaNb0x66V50c6Svi56tlLXn92zLqZfidOnY7NNFVYV30X1kjsUfUZsfMGWL9jymt9rfl+w9fVmmn3Bli/Y8gVbvmDLF2z5gi1fsOULtnzBlk9U+0T1t5yo9gVbPhDiAyG+YMvbQW8H/53toC/Y8gVb3vZ+qbb3Ky7YWsoKFhnLvLxDZnHlgG3+fvgz7CbG/KyxSoNB7+Tl5aA76l2e5gfj5aDeg2Dt09PR+au1EGe/b4D47aTba/c6v/1uTuKfVrRWraTKN+qtS+pvxw8OA5+C+rJjZz4F5VNQPgXlU1A+BeVTUD4F5VNQPgXlQ28+9PYth958CsqHwXwY7GtOQRXBqTUpqC+vuN5bZm+ZvWXelBRbtsrlW0Pebnq7+eXazcqZE7MqG8+b219G90mELzj64ZMIPongkwg+ieCTCD6J4JMIPongkwg+VOFDFd9yqMInEXwwxAdDvuYkgln0V5VAUJmh+Bt7iPmLY0GPeeWqulLc3MU7SeZzktA0NW8p/RehN7RFhkZ3d608mf/FYHzR4sNh8BlfO3Q71xHcQvWhogxc9yjM+0f2hyCX1yUhU+Ylp/7yiItFGv6asFvg9Y34LI9wOXT78CnxwGKtv0qRpZ9joE8Yw62oe6dBchr3IYZQC/l2U3Q0Jxy4D0fKffkAa1KSAxg1QMmYQRxZVUDwwTcyjqnWwCHKmbOHSkQB1+boSXZUFk4JVUNOxlIkhEUX+6fH7Ytd85Sn+YFgIcu8VbStYifAme3AORxaeglx7dXTZV//8uU/u53B6E374uLk7NfR+UW31x6c91bFINbDnpxtBDk7H2wDdnI26pyfDdonZ31ziqhR9e22JfnFYhPGT2zf4XwN0V2lfQW+vtsxUxq3NhRJSiVTgluqL+yBBIVaGQPZaRrPMKKkpzDkZAOTbcU3Q052nMrYbeRkt+dznLtgksollFyw6i+GrhOWEhOuP6fWN+i7IW+TYko0UoyDwue28P6HGJOfCqNJqDZYL9b8pBArA/BkyGNhYzU/k59yhH4mPznUSb6VjgY/l415SZ/UOcDZwvMVYua6RmvFzQGVxc4EJ2kohVJmTZXZHxK+zvnZ8Yl56vXl+flpt3324I2XdZDts00Q571qGK5T0dk1tqhvzuPI3yahiJGG7le/i6nUMrfW97r0q8cryDiaWAOzVjyLbMOCA61dIlRCCQNzxmqfHZNYTFhYPeAVVvFxLuaDK3cYBCtUjwK9zJ3+8UR/1vqmHk/cGLexz+Q+yu/zj4n7x8S9VvRa8avWijnW7fwnEz7j6+LlMJL1Qpdj3q6PpCATpp1n5nwTDGLZKHRi40ReCL0QfstC2K9ERR8njO5b4j5ukTa5EDELZ5jXYROOQYAcpg96R+0i8rQkeEUwdMjt2fh7J50IG4rkmvGlmoX8FJHkgdw6WvkxuSTBPiPrM7I+I1vKyJpyW6sw/p6EiLeh3oZ+Uzb08/2SzWNScRpk8ogkQEn07ZemFB6jnyVsJy4c+ulCXjzFtl77FWCrdGDlSbe8Ss6lE4hB1eZ4HKUKL+DPVozYsLUp7TClInlC4+GpGuTjlIXToqzQctKQo19TfY3O15d4pfgFKsX6ZZuy2Dopelz6o5eLiPMlytmHYvColCkwN17qX6khL9WDZTwCzDE72bTiiIM1K25Qr+rF1CJ6NRX9aatSZIfe0Nwl6wiupYgXq+hiEb4BM1CdXncXN2DIlbE5mQSV/9JVrs6cRilvhjLlvrW6h0oWJddHo7LqW/zW5RrrsDA05wV4+YW28iBee3nt9eVqr/VOkrkZdKc/5d5SxUHCPzfyc8yA6/V+j4WxTk/5ltEjygF78CEDhYVTZoVVbYd4Pk7F/SbiqMjc44ju5o7xghbqgIyzeMziGGvMallqg4Y/33ll8K2d70psvrCWA/ub1lvHW4rfwN66ItbLkZejb1+O/uxbwF6GvAx5GZrk5c3biU/tWJfSSZ5VK/u4i9aNEmJfEzgfjxWUnWzGNVjjuCgjMpAjYUFLRGZcPz1afundercQkQU6xH2M8T2422ZWBNt6yg6N8UhcVEdKiwKJWcI0+d7NToTML55g7Xo3SY1EACdccCx+TvAqLx1rkCTMH1ugE1uSIDSN1yJsITaiOkAwEoqMmzpr5CQJBEuzH3Oh6JQpvWAi1QOVCq42KeP53AiK2QFcSxWzrpSmZtg9yWASiilezDFz7P+hLK+pcAoJ3eZORLQyjlvWIVzo0VhkPELdkScjQ7zYF5vCsoybhxTwzMfNre8RlZPMHGBwITSKGYcR3IXmvINhr2JAfLtBAo1mI7hjypSqmoy1whczRhFw5q7AuzgM3E1ppmw925iyGKIRVriV6s/ptclKYgFfhqw5kpRPwGBpsniIlulG3sDKbtNFbymL8boMYkw1HcVCKduT6SmS31bRLaVBzX1oTXWmCG5lHq9WU5HFkbkIz81PEuQ3N8bk3USISQxNmYbNjojgaqmhaQ2rUsjVK2hTrwqOwD7HIffGNMQYFyCPEDfCMkqMky6fxExNm6TNZyRTD3xa+gar5GP2L6wjwCvy7jEQPM2W0e+bnWhGoCmL1dWaLnufpYHCvhjaVW3bs3vT2gsE38zGOr/CXk/JPPhsUaEAsO7BXtKL4DqbrJprtbRqma0JkGDvcuDOZFiUseHymmlJpTH+zG1Avu8Uiwrc0wbkv03lv6k2sMNdg40jmHaXwF4epFnSeo4OqRRaXGfjZpvP6hc4OJZx5Mpl+yWZLywmEnQmuSWjG7BF8tcSQtuAnIAvP0QiVPsTsW/YTe3/B4LtycpFlGCea8LyfDWVGhgPdCoiNKtCGcagGOgJ9lNTHtMsWeQmpvZZCPvLg1gHTJly30zGQSu4T2OqkUm6PEoF43q+JHldqyPJeQp8cPyK5F9gDUqDuOtXxQ7kvU3D71OL7C2VDNWODYXVZrTK39mB5d75HEtnFYSZZHoWtN5dNQJU/86yvxTRzGGIA1XyhcHTMf3h+fjFs73n/zj8x96z5y+O9q6fjsO9o/DHF0/HL17QMX0RlJKMrz7wsvBU/Rpjv4PWQSNwnkDrAAmHzyJV3J4lgiztKO6Iey2pFdweGhdKKJ1Qni9hJQtUBinEF8NluOuM2xfDjBqx3PFuBTI5dwSNpRmuGoGhV+tdcH+PZcWXMp7PsflDBtJtfU5K/GveCKZAI5CGoSJmbmJGq33X+4UpD3Z6LsS4SxauYXUdWKNUCOzeBUp0KOK9t8UjU07jBQHWjm8/9XbzDVgCItN7b1R9pgIOx9sb2LdDcoglD2XxBaZ4Ur0W9qok5Bfnfaw9vxaRKeBKjPsSSPoRvQT60S7Eevj2WRxsuw9iyieZMaeBHRP/+39jUK/F +sidebar_class_name: "post api-method" +info_path: policy-obligations +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +ListObligations + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":"circular(Obligation)","title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"pagination":{"title":"pagination","type":"object","properties":{"currentOffset":{"type":"integer","title":"current_offset","format":"int32","description":"Requested pagination offset"},"nextOffset":{"type":"integer","title":"next_offset","format":"int32","description":"Calculated with request limit + offset or defaults\n Empty when none remain after current page"},"total":{"type":"integer","title":"total","format":"int32","description":"Total count of entire list"}},"additionalProperties":false}},"title":"ListObligationsResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-remove-obligation-trigger.api.mdx b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-remove-obligation-trigger.api.mdx new file mode 100644 index 00000000..21c4c9c7 --- /dev/null +++ b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-remove-obligation-trigger.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-obligations-service-remove-obligation-trigger +title: "RemoveObligationTrigger" +description: "RemoveObligationTrigger" +sidebar_label: "RemoveObligationTrigger" +hide_title: true +hide_table_of_contents: true +api: eJztPf1zE7mS/4pq7qpI9jnOB5AHvq3dM46XzSM4KduhjsM5o8y0bW1mpEHSBPxS/t+vWpoZz4wd2yGBgqz4hVhqSS2pv9Td0tx4mo6V1/jgnYmQ+VNyehmyMdVMcOVd1DwRgzS/jgOv4cUGpi7mMPUeyGvmQ70LkbiGeeu+ZOMxSK/mxVTSCDRIHObG4zQCr+G1BOfg650zKbTwRbjzDqRigns1j3Gv4U2ABqa5hE8JkxB4DS0TqHnKn0BEvcaNp6cx9sST6NJAaqbDNV0DTyKv8WH/ouYFoHzJYsTVa3hHMGIciJ4AubbQRIzMz7Q3Eqe9eTXPF1xpr7E/m9UW5tNnEYhE77xVCzPZHPNSJ7ciqi1UjTBOIuXNZhd2tUDpVyKY4kC+4Bq4xj9pHIfMN3uz+5fCvm4WMRKXf4GvcdMk7rxmoLCWBQUYpSXj4wLWLPBq3kjIiGqv4SWJ+V3Guptt4mw2b3cLyXTtFLyaR4OAYQUNzwrojGioYIYdlUnDFKhYcGWRPtjbw//KiPQS3wel7CY+xNLolM7xz3ReOif9e67qrObNWe0dDRMoDjOvGl6buocdb/lQDzIIsoyKqV+azrzw3kNUqW8MHKUYBASJE9kloJpeUgUZNqs6NPXVLhMFAdGCxFRqQ6OkqbVkl4kGYljUFKoaUUkcC6nJ5ZTkMyTNRE86hPJgwAlwehkCGUGQSlrEafSJr0IJq2c1j/qaXZcWMS2pYmuLEYcARjQJNUm4ZiGBL0j4TIdYYYBwleYbcClECNSMFYGmuGrF0fKydTvmS8COm7rYOi0cUr2A77yKKDBrp0BegyRbwDXTU/J5IkgKRD6zMCQSfCEDMJtLOaFJwDSBa+B6e45dvo7whUZxCEbv7aMw2K/v7e09fba3t39g1F4uzQKqYQcFLa5BEgeL00gLl01jXrViGinQd5xGSC8hVMtEWzanFOI2CXw7YVpBNKsuhIhtJ0RNkBeKlSjHV8j5ak89LRNfI+clnH1KIJwSFuBqjqaEEglKJNIH8pnpCclHnfdPcpKd1byxpFwXp0OlpFNU2xqipetzd1GXSLYKCKurU2wGgQSl0P6g5E2zRxhXmnIfBvy8e0yiRGlyCYSSaxqygJx3T8gW1Mf1Gnky0TpWjd3dACJR90W0+2SbjEQYis8QIPkVFkLBOAKuVZ20qT/JftrelaZSo3giwAO7lkiMYTyhPIlAMp/4Eyqpr0HWiE85QWVKGSeTaTwBFHvLgbGCB0SFVE1A1RsD/vHjxwHXE6bqEdX+BNTWk/8zs/i9sbv7ge78u7nzv3s7Ly+25n8PBoPBzsXNXu1wf1aA2P59C2vqd2y0/ctW4wP++Y/t37d2679s//6fT7ZTvAZG8sXJZcj8NzAtcr0tHF7BdImFFkvwkacbZvtwfSb0GkiUhJrFIZArmJKYMqmWCE7B4XRkDOWKCKX+BIKS/LQl1eEtZmYMu3PzPWfcCgQmeJ20Eilxx2MJI5ASgszwXSvNr2B6D66JIVrFEVhd8yL65QT4WE+8xov9lwc1L2I8K9ivzvjL872XpNnr1PdJatSh+DxrvyXAryEUMdRIohIahlPcz6vVfHtlDIgCAk/XDN9MRRGxXWXyiIEkIyEJEjfuhlHY4RiH5sJokPQwsndRsIkRYnGAKy4+IwOOhWR6EhHEPePLElfPz1oEuC8CCOoDTvrCsnQNjw0KSESnKEE+SkUbB3vPXnw0iHZ7zR20iQLyWdI4xqlYC+Uj+A0Ffnzw/FDuW9h2qwJaI5eJJpGQQCyNqWwUGqA+o4pwAMRnmR6zC+G9afaGZ+evTo5bwzft98Pmyethu3P+dnje6Z21W8d/HLePvNqtUN1ec4izWQPybO/l4QqQdmvYa7fODp4fdvfXgz198WwTsOcH+91976J4+HlD1VkuWO6kAufyZcBJ04iYAs8b+SoiIFQp4TNjWmRKz2zdKJF6AjIjUz+3OXMGQPZeo5aLM8nl0Pw49iErvMATcpn/JURCrzS4U4jqvK+oKk40kSHZmet4xbgPRtbSUAkkPAlaMrhGwcZooeXfSo1+Py26RHfOluxpkUjSwgt0XKwitppnzbq+IZi5BrSlQ0NHVWrpT4CkxmDqyHnT7DXI1nGn3+52mic10v4f+9dSyzqVSL3T826rPey/P2tXpFCxJuuzUpwNgFyA1PvmXnrziqrz1cbkFVXDZQYlLgWSd7YOMCVN4wUhPXMc+RojB/ssMGOhaz2hyFih4GOFdnq69Gutily7lc6zeeHte9Q8eX3aPe7/WdUT8/KCZigXprpgXthuDVH0L5Q9ffFsoez5wb634Efs2eM+BFYYZ+ir+oaWB27FegNpnXQ25Ha8ejCqhktcJbivx0crSKXA0z2Gp883hrDXeOvK4xoNUx35DTVmkioqLiMzjQGFFPS1vprTVEcMODm3lhqCFcRCfsLawNFR7rolokhw4hwhzhHyjR0hJdsRppYrU6a8k/m4wNOkC2OmtJwWjcDUN3K77Wn4xkKlxxyYOzjr5FwByVjdsBfQwMpApwedHnR6cIUeRI5Z4ChcECmEboH8pi7Lu4VONvLllDtEt4yVxsRHvEYYeLu74s10eq566073Ot37HXRvq0C0m/I6Mu7QN5y7EBgXosQIlvX9CXoBUPjIROkNxNxGdvGsZpfmq+WH5zPpJyGVW9uFvk8rIepNVyXFZeNop4tAOuZ/VBHItVx9nad8rJtsmnLyzTh7ns21GW/n+DjudtztuHspr2C+TTnNKi25Q1A4UVqsNMFTiNvP8aWTTA5dCuXYwiWhHHSaBVSWotJ52YohV/jb+83OUbN7NGy2+sennarPvVJ71G5135/1l9T0u81O7+1xvxxzK+BWnGBebAIR9zwwvb5/rpmThk4a/r2k4ULGAydWFuK2pLuH8VFNr8x8aZZruZAUm9c8VE7s3Rwi+fBLcfo+ybNlfOdJp6kv6wGxcXm2Ls/WSX4n+V2e7c+bIOTybF2ercuzdXm2Ls/W5dm6PFuXZ+vybF1+kcsvesz5RS7P1jlCnCPE5dk6Pej04N9ZD7o8W5dn63Tvj6p7f+I824WoYB6xzNI7ZBKWDtjm9+3NsJoY9bNCK/X73eNX5/32sHt+kh2MF516t4I1T06Gp3+shOi8XwPx53G72+y2/nxvTuLfItf4azOMXQjqB/aduRCUC0G5EJQLQbkQlAtBuRCUC0G5EJRzvTnX22N2vbkQlHODOTfYzxyCyp1TK0JQP15yvdPMTjM7zbwuKLaolYu3hpzedHrzx9WbpTMnRlXWnjc3f2TBBRF+YO+HCyK4IIILIrggggsiuCCCCyK4IIILIjhXhXNVPGZXhQsiOGeIc4b8zEEEM+mfKoCgErPjb+0h5hv7gu7yylV5pri483eSTHMS0Tg2byn9F6FXtEEGRna3LT+Z/0IwtmjecOCtkU/lHN01FplduZbgFqoHJWGQVg/9rH6oYFEu4LwkJMq85NRb7HE+SUNfY3YNvLoQD/IIV4puD+7jD8zn+lqKJH6Iju7RRzqj9hcNktOwByH4Wsh367yj2cZB2nCo0pa3kCYlGYARA5SMGISBFQUEH3wjo5BqDRyCjDi7KEQUcG2OnmRLJf6EUDXgZCRFRFhwtnty1Dzbxo0R5nvlovQ95rxsGTkBjmw7zuBQ00sIK987XrT1z1/9q93qD982z86OO6+Hp2ftbrN/2l3mg1gNe9xZC9I57W8CdtwZtk47/eZxp2dOEZVdfbdpSn4+2YjxY1u3P1ux6WmmfQm+utohUxqX1hdRTCVTgttdn+sDCQqlMjqy4zicokdJT2DAyRoi24huBpxspSJju5Ztuz2f49g5kZQuoWSMVX0xdBWzFIhw9Tm1ukC/DHiT5EOikmIcFD63hfc/xIj8mitNQrXBej7nJzlbGYAnAx4K66v5jfyaIfQb+TVFnWRLme7Bb0VlXpAnVQpIdeHpEjZLq4Yr2S0FKrKdcU5SXwqlzJxKo9/GfK3TztGxeer11enpSbvZufXGyyrIZmcdxGm37IZrlWR2hSyqi3O37W8SX4S4h0YWjeaUoBaptbrWJJbimgUQLN3G4dgqmJXsmUcb5hRo9RKhEgoYmDNWs3NEQjFmfvmAl2vFu5mYt848xcBbInoU6EXqdI8nurPWo3o8ccNHxO9k97nHxN1j4k4qOqn4U0vFDOtm9smEB3xdvOhGslboos87rSMxyIjp1DJLbRN0YlkvdGT9RI4JHRM+Zibslbyid2PGtC1JGzdIk5yJkPlTjOuwMUcnQAbTA72lthF5WmC83Bk64PZs/I+UOxHWF9El4ws5C9kpIsocuVW0smNygYNdRNZFZF1EthCRNem2VmB8n4CI06FOhz4qHfpwX7K5SyhOg4zuEAQoftbPtDSp8Oj9LGA7Tt2h92fy/Cm21dIvB1smA0tPumVZcmk4gRhUbYwn3ancCvjajBHrtjapHSZVJAto3D5UjXyeMH+SpxVaShpwtGvKr9G5/BInFH9AoVi9bFNk25SL7hb+6GYsktoSxehD3nlQiBSYGy/VVmrAC/lgCQ8AY8wpb1p2xM7qJTOoW7ZiKh69ioi+36wU2aJXNDPJWoJrKcL5LNqYhG/ADFSr297GBRhwZXROIkFlX7rKxFkqUYqLoUy6byXvoRRFyeTRsCj6RP65129sx639hNk9h7jb45ruu2Tuu2ROzfygauZb2t7uPucPfBHF3ed09zndfU53n9Pd53T3Od19Tnef093ndNFDFz18RNFDd5/TOUKcI+RR3ed03yVzetDpQfddsrIvp9yh+y6Z070/s+79ib9Ldu9vcm0W8piHkYsUWih9uEymzd/u1JKNxyAf+HNkp/mk+rb/jUkix2fjYK8LwDrZ96gCsLNlfPS1H/hzPOR4yPFQrmA3Y59iwpfzfDnu+TG5Z731a6L+X/R9chJKyez4cy09hwy4Xu1bsDDWvVDMILjDcaMLnxJQ+MiVmWE5foZ43i0d9U8RBvkrK9hjGpU3p465OCCjJByxMMRYZuVFEYOGU6VOGDxCVboxT0biGhbOfl1QseBqnfU6m5nlMGm4uHTl+bSlNC8npYlMxiEcY5KuGWn3L2VP1cqfQETXCzZMAVq2P0VK4UIPRyLhAVJI5kz2MRwWmrSOhJv0I5Sm3ORKDKkcJ0Y04ERoEDIOQ/jiG0mCyf95h5jxJIEG0yF8Ycq4P8y9XYV5ZsMAOEsTR9JIPnyZ0ETZFOQRZSEEQ4w3FF7hopfGq4yJcokeitFQUj4Gg6XxwiJapppx+76VqaLXlIWYZo0YU02HoVDK1iR6guRi3xJZcGObLAJNdaIILmV2a0dNRBIGJn2Emw+zZ+/XjciHsRDjEOoy9ustEcDFQkHdik+l6Hjp3lSTvwKwSWxyZ0R9zMoCpBGS9rCIEuOkzcchU5M6afIpSdQtTQtt8K2wkP0bE7UwsSRNoUM9UUS/Z1aiHoCmLFQXK6rsq341ImSh6/TtKqsV61YqIPh6MtZZ4kf1YtqtDqBc0uHtbxvaCuAyGS8bazm3apmsMD2wdtEkNtk7ykhqecm0pNKIeJYuQLbuFINCaUIQ+W+TzGeiRba7S7Aa2pSnAYjFTuoFKZvuQyyFFpfJqN7k0+ozdhwvs2fCZfMpmRYWEwk6kdxuY9phg2Q5Rr4tQErAfKlA+Gp3LHYNuand/0CwHVl6js+bZZKwfF1mqWj1jL0xEQEaZ0IZAqFoSnm7sXksoF44ytQxRMN82L29M6t2lUmzTWToNbybOKQaiabNg1gwrmcLnNi2MpOcxsD7R3+QrAXGFPGeh3mUMl+RrLZu6H9ikb6mkqEYskZnZUSrDFK9sFg7m2GalAI/kUxPvcaHi5qH6iC1EF+JYJpimDlqvacj+uL56PDZzvN/7v9z59nzw4Ody6cjf+fAf3n4dHR4SEf0EDkD84JL9u/Cmi4sBk4mTRdueNf7JhgklI6oUU/WHb1iN0ud5RyJtiUuHOM2dd5IBrvRH5YglW20V7t1pIuaZ5a+8cG7ucGo1bkMZzMs/pSATFcx2xX8Nat5E6ABSEMbATNPzQbLjY+buZb2trqpXb5N5oZZeT4YPs55cecMmdUX4c67POs6FWaeh0mTmw+92Xh9FoFI9M5bVR0ph8P+dvo2mS6DWDA+5i0wIBrrlbAXBb49O+3h41qXIjCx9chYJp6kn9EAoJ/tRKyJZvNEsezGCykfJ0ZTerZP/Pf/utQJRw== +sidebar_class_name: "post api-method" +info_path: policy-obligations +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +RemoveObligationTrigger + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":"circular()","title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false}},"title":"RemoveObligationTriggerResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-update-obligation-value.api.mdx b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-update-obligation-value.api.mdx new file mode 100644 index 00000000..ba7c9190 --- /dev/null +++ b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-update-obligation-value.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-obligations-service-update-obligation-value +title: "UpdateObligationValue" +description: "UpdateObligationValue" +sidebar_label: "UpdateObligationValue" +hide_title: true +hide_table_of_contents: true +api: eJztPWtz27aWfwXD3ZnYvbL8yOO22k67jKymvnFkjyRntht5FYg8klBTAAuATtSM/vvOAUiKpN5x0pukyJdYwCGe530OgA+epmPlNd541yJiwYxcDSM2ppoJrrzbmidikObXReg1vNjA1MUCpt4Fec8CqN/EIdWw+Po1jRLwal5MJZ2CBomdfPA4nYLX8JqCcwj00bUUWgQiOnoNUjHBvZrHuNfwJkBDkF7Nk/BHwiSEXkPLBGqeCiYwpV7jg6dnMbbEk+nQQGqmoy1NA0+mXuPN6W3NC0EFksU4Uq/hncOIcSB6AuTeQhMxMj/T1kictubVvEBwpb3G6XxeW5pPj01BJProlVqaye4jLzWydqDaQtUI42SqvPn81q4WKP1chDPsKBBcA9f4J43jiAVmZ45/V9jWh+URieHvEGjcNIn7rhkorGVhAUZpyfi4MGoWejVvJOSUaq/hJYn5XR51J9vEec27N3ixob37FHGm9P0l8LGeeI2zp4+rTV6ZP2jU5wuUI+ZTMk2UJkMglBMaxRPKkylIFhDbU43QKBLvGB+TySyeAFeE8pAkPASpAiFBkWGiCReaUGUWesSk0kRIElGlSTChkgYaZJ30JkCUFhLCtOd3LIqwZ46rEbE/ISRakEi8A0kCqqDe6PO3b9/2uWJ/woGeMHVIfiIn5GeCf9enVAcTUAeP/u8NPfrTP/rfk6Mfbg9+bix+DY5uvyvUHf78n48OSYMgaaQt9zkuspZsPDYkl68zlZLOECk1TNX2PaeBXegP+b6kJev21i7HxXlGOBac6AnVdl3SMZmpElHdNMtZSAgBQ/JjfFxHnPi0eDmvpfS6/itTv4x8U8az36fVFWjT6b8H6XCsu+PcA1CsgFvzmkfDkFniuy5sx4hGCrBWa8mGiYbXOaFnCJTVDDIS34RJOXSKIBfnXxwujf7gmz7C6irmLNqQbIfFNAz8vd5OrjHExaXGn9tmHEQMuL7YOG8LMzDTL05k28jniyY6ViQ105kUJfobM87bjU1VkeRXEYWWQtK1IRwghJCMhCxiwiiJRiyKpij+isMxWNmz6JMOrTKmnM9VMHnzOAtd5Mx3vcwqaFkkHYxCFeOe4VQmIFO6lhBHNADkHgTeM6WRg0gIhAwVyn1ch5BqOkRCR5ScgqZYUESGvGzDeJpiOhWcFEA3I09EhxCtFCNZrynEukXbJv/n1cGKdLAkbXg78WSTsZrpc5jQeybkqpUZJAZkMMxgakujS1VH71Wr55/7PX9wc33u91qDVvvm1eCm3b1uNS9+uWide7XVIK3/6bXaa2s7retLv9nybououlKjXuDsRvqbVzVnU6BiwZVd/bOTE/yvvMbdJAhAKa/2qTTH+6oMyDj/A5nxvOYtaL3YfqH0U3SCElbFNCjNYVH4CYRKeQPGwNHcgpCgjEEKz6h7D92l3GSirEYQU6kNvhA/l6zGmjCFqkZUEsdCajKckXyGxE/0pI26Sp8T4HQYARlBmJqEO8pAJNRAs/uyMmBLqqO1xTiGEEY0iTRJuGbI/BAJmY6wwgDhKi02YChEBJTvwAK3CEUJ2LCvi1+nhQOql8a7qCIKzNopkPcgyQFwzfSMvJsIkgJlLB25N5jNRWUxCZkmcA9cH65iO+/pNI7AGOinSJin9ZOTk8dPTk5Oz4x9nisUyCuO0CbENbD8rDKNtHDVNBZVG6aRAv2F0/g3Shk1QVooVm4RONWWulomgUbKSzj7I4FoRliIqzmaEUokKJHIAMW8npC810X7C1E8r3ljSbl+gDG3C6tDhXQDEFZXp+iHoQSl0OKj5KXfJYwrTXkAfX7TuViYRKiWs5DcdC7JAdTH9Rp5NNE6Vo3j4xCmoh6I6fGjQzISaCNBiOhXWAgFY9TiVJ20aDDJftrWlaZSG1MKeGjXsmqA5aZTjQSUG62RMp6ZYbU1wFjBQ6Iiqiag1tlQZhY/N46Pi8bU4u9+v98/uv1wUnt2Oi+ZVAdYU9/zo8PvDhpv8M9/HP58cFz/rmqZ1bw4GUYseAmzkilgCgd3MFvhTIolBEjTDbN9uD4Teo/GbKRZHAG5gxmJKTO6bBXFBIerkfHpVVgoDSYQlvinLal2b0dm+rA7t9hzxi1DYILXSTOREnc8ljACabwtuUdvM97fwewBVBPDdBNFYHXJUfD96Q9nmz0F75+e/ED8brt+SlIFC9nndesVAX4PkYihRhKV0Cia4X7ebabbO2uWLQbweEv3fsqKUqdExo8YSGM9GWMa8QQZXTTGrrkwEiRVfk9uC9opQix3cMfFOyTAsZBMT6YEx57RZYmqF25hAjwQIYT1Pic9YUm6hpaNAjKlM+Qgb6WijbOTJ9+/NQPtdP0j1IlC8k7SOMapWA3lLQQNBUF89vSZPLWwrWYFtGY8LVMhgVgcU1kvNER5RlVqUdY3WAEv/e7g+ub55UVz8LL128C/fLHKEFgH1en6A5zNFpAnJz882wDSag66reb12dNnndPtYI+/f7IL2NOz085p2Qx5SdV1zlj2EoEL/tLnxDcspkDzhr+KKRCqlAiYUS0yoWe2bpRIPQGZoWmQ65w5ASB57+GKyPlQ0dxPC2/RmV+mfwlToTcq3ClEdd53VBUnmsiIHC1kvGI8AMNraaQEIp4ELRncI2NjtPDl30qM/nVSdIXsnK/Y0yKSpIW3861OIKvW9QzCLCSgLR0YPKpii3HoWmUwdZ2/9LsNcnDR7rU6bf+yRtB3gH+t1KxTjtS9uuk0W4Peb9etChcq1mRtVoqzDpAKEHtfPkhu3lF1s1mZvKNqsEqhxKVA9M7WAWbENx4J0jXmyMcoOdhmgRgLTRt38hAiwccK9fR06bdqFbl0K9mzeeH6PfIvX1x1Lnq/VuXEorwgGcqFqSxYFLaaA2T9S2WPv3+yVPb07NRbCnl2rbkPoWXG2fBVfUfNA7diu4K03Ut3R9VmHzQiywpXSTnatAJVCjTdZWh9vjSIvcVzVu7XSJhqzy+pUZNUUXAZnmkUKMSgj/XVFByyN1ZTMyGeBVvILay9fb37OnidI8Q5Qj7OEVLSHWFmqTIlyr3UxyWaJh0YM6XlrKgEpr6R9bqnoRsLlZo5sHBw1smNApKRuiEvoKHlgU4OOjno5OAGOYgUs0RRuCBSCN0E+VldlvuFTnby5ZQbRLeM5cYkwHGNMAi2v+DNZHouerfnIjjZ62Tvw2Vvs4C0u9I6Eu4gMJS7lJ0jRIkQLOkHE/QCIPORidI7sLmd9OIsTfCj+YcXMBkkEZUHh4W2l5NTd1uVdCw7RztdBNIR/zcVgdxK1Tsm9X6SzNT9kkOWshAXVYNdklHKnGRL6uP6nNmdg2eJ0mKjqpJCrLd3ShpfDl1yedvCFS5vdC6EVJaid3nZhi43+CV7fvvc75wP/Gbv4qpd9U1Was9bzc5v170VNb2O3+6+uuiVYxOFsRUnmBcbh+0DFcsXD8/JcTLByYS/l0xYigzz7EAAxUQys3sYR9L0zsx3n6zxv9RwzLtfOaa/JsmwPN5Fcl520uLTjcblI7p8RMf5Hed3+YhfbyKFy0d0+YguH9HlI7p8RJeP6PIRXT6iy0d0eRguD+NbzsNw+YjOEeIcIS4f0clBJwf/znLQ5SO6fEQne79U2fsV5yMuRQXziGWW3iGTqGRgm9/rP8NqYsTPBqnU63Uunt/0WoPOzWVmGC879daC+ZeXg6tfNkK0f9sC8etFq+N3mr/+Zizxz5GT+bGZmC4E9QX7zlwIyoWgXAjKhaBcCMqFoFwIyoWgXAjKud6c6+1bdr25EJRzgzk32NccgsqdUxtCUF9ecr2TzE4yO8m8LSi2LJWLp4ac3HRy88uVmyWbE6MqW+3N3Q+juyDCF+z9cEEEF0RwQQQXRHBBBBdEcEEEF0RwQQTnqnCuim/ZVeGCCM4Z4pwhX3MQwUz6qwogqMTs+CtrxHxmX9DHv42Mi7u4J+m1feecxrG5S+m/CL2jDdI3vLtl6cn8F4HRRfMP+94nvO0wXbmm4BaqCyVmkFYPgqx+oGCZL+C8JCTK3OTUXW5xMUmDX2N2D7y6EJ/kEq50uF14iD8wn+sLKZL4UzT0gDbSGbXea5CcRl2IINBCvt7mHc02DtIPByr9cg1qUpIBGDZAyYhBFKZPceOFb2QUUa2BQ5ghZweZiAKu7QvIByoJJoSqPicjKaaEhdfHl+f+9aG5yjPGYzTld3vzslXoBNizbTiDQ0kvIaq8C7us6988/1er2Ru88q+vL9ovBlfXrY7fu+qs8kFshr1obwVpX/V2AbtoD5pX7Z5/0e4aK6Kyq693TcnPJztl/MLWnc43bHqaaV+Cr652xPCJ+hEJxDSmkqnsAfaFPJCgkCujIzuOoxl6lPQE+pxsQbKd8KbPyUHKMg5r2bZb+xz7zpGkdAglI6zqjaGbiKWAhPs9Vv5dn/sk7xKFFOOg8LotPP8hRuTHXGgSqs2oF3N+lJOVAXjU55GwvpqfyI/ZgH4iP6ZDJ9lSpnvwU1GYF/hJFQNSWXi1gszSqsFGckuBimRnnJM0kELlL7Uvel9HfM2r9vmFuer1+dXVZctvrz3xsgnSb2+DuOqU3XDNEs+uoEV1cfbbfp8EIsI9NLxotMAEtYyt1bXOX4NfuY2DsRUwG8kzjzYsMNDKJUIlFEZgbCy/fU4iMWZB2cDLpeJ+Kubamacj8FawHgV6GTvd5YnO1vqmLk/c6rex1+Tupfe5y8TdZeKOKzqu+FVzxWzUfvZkwie8XbzoRrJa6LLPO60jMcgp06lmluom6MSyXuip9RM5InRE+C0TYbfkFd2PGNNvSfpxg/jkWkQsmGFch405OgEymC7oA3WIg6cFwsudoX1ubeN/pNSJsIGYDhlfylnIrIhp5sitDiszkwsU7CKyLiLrIrKFiKxJt7UM468JiDgZ6mToNyVDP91LNvuE4jTI6R5BgALp2y9NKjx6PwujHafu0IcTeX4V22bul4Ot4oGlK92yLLk0nEDMUG2MJ92pXAv42IwR67Y2qR0mVSQLaKzvqkbeTVgwydMKLSb1Oeo15dvoXH6JY4pfIFOsHrYpkm1KRfuFPzoZiaS6RDH6kDceFiIF5sRL9SvV54V8sISHgDHmlDYtOWJj9ZIa1ClrMRWPXoVFP2xWihzQO5qpZE3BtRTRYhYtTMI3YAaq2Wkd4gL0uTIyJ5GgspeuMnaWcpTiYiiT7lvJeyhFUTJ+NCiyvsVbl59Zj9v6hNkDu9jvck33Lpl7l8yJmS9UzHxO3dud5/yCD6K485zuPKc7z+nOc7rznO48pzvP6c5zuvOcLnroooffUPTQned0jhDnCPmmznO6d8mcHHRy0L1LVvbllBt075I52fs1y96v+F2yz/Qm11UeNv7Y17l2i3a6CKQj/m8qAjlfRUM7k08xW8OZrY56vkzq2S66TMjuvX5IQLGUiYo/t+JzxIDrzYaBhbG2QTH8t4eu0IE/ElB4Q42ZYdn5jePcL5fsVxGF+RUJ2GIaUjMqw4IdkFESjVgUYSCich2AGYYTpY4Z/C1EaU+y8Xibe6yY3W7hnUrq6OhvTEc7yrYbs0MV268DKhZcbbMB53OzGCYTFReuPJuWlObyoDSXx/hEY8xTNf0c/66EIU0VTGBKt6sHmAWzaneKeMKFHoxEwkPEj8yfGmBEKDKZDQk3GTiok3CTLjCgcpwYAYsToWHEOAzgfWDkMea/5w1i0o8EGs4G8J4p4wEwR1cVploNQuAszZ1Ig9nwfkITZbNwR5RFEA7Q5V64iIoOjWMVc8USPRCjgaR8DGaUxhGJwzLVjNsrnkwVvacswkxjHDHVdBAJpWxNoieILPY6jSVPrgmka6oTRXAps4MraiKSKDQZFNy8TZ5d4TYib8ZCjCOoyzioN0UIt0sFdcs8laLjlXtTzX8KweZxyaMRDTAxCRBHSNrC8pAYJy0+jpia1InPZyRRaz4tfIPXZUXsT8xVwtyKNIsMta3i8LtmJeohaMoidbuhyl5sVyNCFppOr2+yumXd8gQE347GOst9qJ7NWvt+Sc7n8AC0je6EMEzGq/paTa1aJhsUeKxdNixNAosyfFoOmZZUGgbP0gXI1p1iXCTNiSH/bfLZTMDENjcEq+ea8tQHv9xIvcBj032IpdBimIzqPp9Vb3LjeJ47Yy67T8l8YUciQSeS221MG2yQLM0msAWICZgyFIpAHY/FsUE3dfwfCHYkSzfSefOMExb7W8lYPaNrTESIBo5QBj0omiPecWxOy9cL7oA6xihYAMfrmrICV5ks00RGXsP7EEdUI8K0eBgLxvV8iQpbll+Sqxh47/wXkn2BITU85mDuZMxXI6utG9yf2CHfU8mQBVmzrdKjFQSpTFiunc8xS0hBkEimZ17jzW3NQ1GQ2ljPRThLR5jFObzHI/r909GzJ0dP/3n6z6MnT5+dHQ0fj4Kjs+CHZ49Hz57REX3m5QRUkNuZHojrY68S2LdN648tUOnyOc99mjPaaKG1gs2cWr8LizYHMwtW1FBzFWdeUF0tjjyHCb1neJ+f96rV88/9nj+4uT73eyuu1JujZBmJks29hINL6IMLneYXN7z7UxM9EkpPqVnbdL3WIWypqZx74RIgojFuM+0NF7Vk8WbFkDKy8Gpr+rmteQZRG2+8Dx8wxHUjo/kci/9IQKY4l+Ew/prXvAnQEKTBlJCZe2nD1Urah4U+4x10Uj/AIVkosOXZYKw551pH18jWAhEdvc5TtDOs9TDDcveud+uvx6YgEn30SlV7yuGwvaOezbzLIJbUtMUXGD2N9UbY2wKPu77q4k1cQxGaQPzU6HCepO9QVaLv7ESsKmuTSrEMMZyPE6NTeLZN/Pf/aSAU5g== +sidebar_class_name: "post api-method" +info_path: policy-obligations +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +UpdateObligationValue + + + + + + + + + 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true\n```\n\n"},"triggers":{"type":"array","items":{"type":"object","properties":{"action":{"title":"action","description":"Required. The ID of the action that will trigger this obligation value policy decisioning.","type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid"},"name":{"type":"string","title":"name","maxLength":253,"minLength":1,"description":"Name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored name will be normalized to lower case.:\n```\nthis.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$')\n```\n\n"}},"additionalProperties":false},"attributeValue":{"title":"attribute_value","description":"Required. The attribute value ID that will trigger this obligation value policy decisioning.","type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid"},"fqn":{"type":"string","title":"fqn","minLength":1,"format":"uri"}},"additionalProperties":false},"context":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"}},"title":"ValueTriggerRequest","required":["action","attributeValue"],"additionalProperties":false},"title":"triggers","description":"Optional\n Obligation Triggers provided here will replace all existing records in the database."},"metadata":{"title":"metadata","description":"Optional\n Common metadata","type":"object","properties":{"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional labels"}},"additionalProperties":false},"metadataUpdateBehavior":{"title":"metadata_update_behavior","type":"string","enum":["METADATA_UPDATE_ENUM_UNSPECIFIED","METADATA_UPDATE_ENUM_EXTEND","METADATA_UPDATE_ENUM_REPLACE"]}},"title":"UpdateObligationValueRequest","additionalProperties":false}}},"required":true}} +> + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":"circular()","title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false}},"title":"UpdateObligationValueResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-update-obligation.api.mdx b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-update-obligation.api.mdx new file mode 100644 index 00000000..a0597da2 --- /dev/null +++ b/docs/OpenAPI-clients/policy/obligations/policy-obligations-service-update-obligation.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-obligations-service-update-obligation +title: "UpdateObligation" +description: "UpdateObligation" +sidebar_label: "UpdateObligation" +hide_title: true +hide_table_of_contents: true +api: eJztPf1z27aS/wqGdzOx+yT5Ix8v0XXaY2S19cWRNZKceb3Ip0DkSkJNASwAOlEz+t/fLEBSJCVLcp3mkhT5JRawABbAfmF3AX70NJ0qr/nW64qIBQtyOY7YlGomuPKua56IQZpf56HX9GID0xArmEYf5C0LoHEVh1TDqrVX82Iq6Rw0SOz/o8fpHLym1xKcQ6DrXSm0CERUfwNS2QaMe01vBjQE6dU8Cb8nTELoNbVMoOapYAZz6jU/enoRY088mY8NpGY62tE18GTuNd+eXNe8EFQgWWyQbHpnMGEciJ4BubXQREzMz7Q3Eqe9eTUvEFxpr3myXNbW5jNgcxCJrr9WazPZH/NSJ3ciqi1UjTBO5spbLq/taoHSL0W4wIECwTVwjX/SOI5YYDbl6DeFfX1cx0iMf4NA46ZJ3HLNQGEtCwswSkvGpwWsWejVvImQc6q9ppck5ncZ6162ictaumB3d2fqa96cfrgAPtUzr3n69HG1w0vzB42GfEVrBFuSeaI0GQOhnNAonlGezEGygNhxaoRGkXjP+JTMFvEMuCKUhyThIUgVCAmKjBNNuNCEKrPKEyaVJkKSiCpNghmVNNAgG2QwA6K0kBDagd+zKMKBOa5ExP6AkGhBIvEeJAmogkZzyN+9ezfkiv0BB3rG1CH5gRyTHwn+3ZhTHcxAHTz6v7e0/odf/9/j+ovrgx+bq1+j+vV3hbrDH//z0SFpEmSLtOchxwWeg6Yh1XZf00XNy2o7tjqiY4jUJpLIukohah4NQ2Z3oVvq4q6NvaVRAohgeStFupUk7Xi5vKvrCY0UFCZohc1LmNFbJuSm6Y4SAzIaZzC1NexSkeC9bg/8M3/gj666Z/6gPWp3rl6Prjr9brt1/tN5+8yrbQZp/2vQ7txZ22t3L/xW27vGWWXYVYVkzzLtnUtq5409lIWhKVCx4Mou/OnxMf5XXt5+EgSglBVbn0IYrMR+ccVFUeQ/UJqkQkLFNIDiGKvCBw9RJcIpcNRwEBKUXyhRkXzGVME9RFa5y0RZCRBTqc2mEl9rycaJBmKkuClUNaKSOBZSk/GC5DMkfqJnHZRNQ06A03EEZAJhqoURp8nvfBtKWI2MFGh2W1rEtKSKrS1GHEKY0CTSJOGaRQQ+IKUwHWGFAcJVWm3AWIgI6MPlTiABO/Z1sXVaOKJ6Dd9VFVFg1k6BvAVJDoBrphfk/UyQFMiKZgmBkCGYzUXlkIRME7gFrg83iYUPdB5HYGyiE+Sek8bx8fHjJ8fHJ6fGJMoVHvJyHXUxroGVN5VppIWbprGq2jKNFOgzTuP/UQuoGfJCsXKHQqj21NcyCTRyXsLZ7wlEC8JCXM3JglAiQYlEBqiu9Yzko676JznJLmveVFKui9OhUtIFWnYa5hvX5/6iLpFsGxBWV6foh6EEpdBEpeSV3yeMK015AEN+1TtfmUDklkYsJFe9C3IAjWmjRh7NtI5V8+gohLloBGJ+9OiQTATaRBAi+RUWQsF0DlyrBmnTYJb9tL0rTaU2phPw0K5l1eDKTaUaCSgnqH0o45nZVbsDGCt4SFRE1QxUbjNVTCQzix+bR0dFW2n193A4HNavPx7Xnp0sSxbTAdY07tno8LuD5lv88x+HPx4cNb4zhlfJ4oqTccSCV7Aocr0tHN3AYoMRH0sIkKebZvtwfWb0Fo3XSLM4AnIDCxJTJtUGwSk4XE7MWaoiQmkwg7AkP21JdXiLmRnD7txqzxm3AoEJ3iCtRErc8VjCBCQaurf5SWo73d/A4gFcE8N8G0dgdel88PzkxWnNmzOeFZxUZ/zh6fEL4vc7jROSWkEoPrvt1wT4LUQihhpJVEKjaIH7ebOdb2+MAVFA4PGO4f1UFKWHkEweMZBkIqSx/3E3jMKOpjg0F0aDpMbp8XXBekSI9QFuuHiPDDgVkunZnCDuGV+WuHp1HCfAAxFC2BhyMhCWpWt45lFA5nSBEuSdVLR5evzk+TuDaK/v19EmCsl7SeMYp2ItlHcQNBUE8enTZ/LEwrZbFdCaOVnNhQRiaUxlo9AQ9RlVhAMgPlus9Fd+f9S9enlx3hq9av868i9+3mSo3wXV6/sjnM0OkCfHL55tAWm3Rv12q3v69FnvZDfY4+dP9gF7enrSOykfE15R1c0Fy71U4Eq+DDnxjYgp8LyRr2IOhColAmZMi0zpma2bJFLPQGZkGuQ2Z84AyN67zmkF+FwOrc4vb7PCa3SilPlfwlzorQZ3ClGd9w1VxYkmMiL1lY5XjAdgZC2NlEDCk6Alg1sUbIwWWv6t1Ojn06IbdOdyw54WiSQtvEbf1nangDXrBoZgVhrQlo4MHVWpxThwrDGY+vpe+f0mOTjvDNq9jn9RI3i2x782WtapROpfXvVa7dHg1267IoWKNVmfleJsAOQCpN5XD9KbN1RdbTcmb6gabTIocSmQvLN1gAXxjduA9M1x5M8YOdhngRkLXesZRcaKBJ8qtNPTpd9pVeTarXSezQvv3iP/4ufL3vngl6qeWJUXNEO5MNUFq8J2a4Sif63s8fMna2VPT0+8NVdz3x73IbTCOENfNfa0PHArdhtIu71oN1Sdbx+MqtEGVwnu6/nZFlIp8HSf4enzlSHsHe6t8rhGw1RHfkWNmaSKisvITGNAIQX9WV/Nyp1MrqylZly6K7GQn7D2cHSUu26J+Vxw4hwhzhHyFztCSrYjLCxXpkx5L/NxjadJD6ZMabkoGoGpb+Ru29PwjYVKjzmwcnA2yJUCkrG6YS+goZWBTg86Pej04BY9iByzxlG4IFII3QL5l7os7xc62cuXU+4Q3TJWGpMA8ZpgpOr+ijfT6bnqbTjd63TvZ9C9rQLR7svryLijwHDuWu6EECVGsKwfzNALgMJHJkrvIeb2souXNbs0f3HI44EhZC9gMkgiKg8Ody6w3el9SEFLNp2aLKXPM/U3OWZr8x9ZpD7dKmDgtrzYack9oguJ0mKrLE8h7jYISyoxhy75BG3hBp8gnr5CKkvhjbxsy5BbHDcDv3Pm985GfmtwftmpOm8qtWftVu/X7mBDzaDnd/qvzwdl520Bt+IE82Lj0Xqg5v354UkLLmzvNOa3Fra/37g+J1YW4raku4eOdk1vzHxplrSzJq/zmr3E9Se3rPPhN+L0ebKwyviuspfSQ9EnxMYlbLmELSf5neR3CVtfb6TZJWy5hC2XsOUStlzClkvYcglbLmHLJWy5QLULVH/LgWqXsOUcIc4R4hK2nB50evDvrAddwpZL2HK690vVvV9xwtZaVDCPWGbpHTKJSgds8/vuZlhNjPrZopUGg975y6tBe9S7usgOxutOvTvB/IuL0eVPWyE6v+6A+OW83fN7rV9+NSfxhyWtlTOpsoV6kwb196OHFAMXgvqyfWcuBOVCUC4E5UJQLgTlQlAuBOVCUC4E5VxvzvX2LbveXAjKucGcG+xrDkHlzqktIagvL7neaWanmZ1m3hUUW9fKxVtDTm86vfnl6s3SmROjKjvPm/tfRndBhC/Y++GCCC6I4IIILojgggguiOCCCC6I4IIIzlXhXBXfsqvCBRGcM8Q5Q77mIIKZ9FcVQFCJ2fHX9hDzF/uC7vPKVXmmuLird5JMczKncWzeUvovQm9okwyN7G5bfjL/RWBs0bzh0PuErx2mK9cS3EL1oSQM0upRkNWPFKzLBZyXhESZl5z66z2uJmnoa8pugVcX4pM8wpWi24eH+APzuf4sRRJ/io4e0Ec6o/YHDZLTqA8RBFrIN7u8o9nGQdpwpNKWd5AmJRmAEQOUTBhEoRUFBB98I5OIag0cwow4eyhEFHBtvyh7oJJgRqgacjKRYk5Y2D26OPO7h+YpT/NR5PKHR/OyTeQEOLLtOINDTS8hqrx6um7rX738n3ZrMHrtd7vnnZ9Hl912zx9c9jb5ILbDnnd2gnQuB/uAnXdGrcvOwD/v9M0porKrb/ZNyc8nO2f83NadLLdsepppX4KvrnbE8Ju9ExKIeUwlU4LbXV/pAwkKpTI6suM4WqBHSc9gyMkOItuLboacHKQi47CWbbs9n+PYOZGULqFkjFV9MXQbsxSIcPs5tbpA3w25T/IhUUkxDgqf28L7H2JCvs+VJqHafgg5n/OjnK0MwKMhj4T11fxAvs8Q+oF8n6JOsqVM9+CHojIvyJMqBaS68HIDm6VVo63slgIV2c44J2kghbIfdy6NfhfztS47Z+fmqdeXl5cXbb9z542XbZB+ZxfEZa/shmuVZHaFLKqLc7/t90kgItzD9EPn+VBqnVqra41fQr9lof2Y99o2jqZWwWxlzzzasKJAq5cIlVDAwJyx/M4ZicSUBeUDXq4V72di3jnzFANvg+hRoNep0z2e6M5a39TjiTv9NvaZ3HvZfe4xcfeYuJOKTip+1VIxw9rPPpnwCV8XL7qRrBW67vNO60gMcs50apmltgk6sawXem79RI4JHRN+y0zYL3lF78eMaVuSNm4Sn3RFxIIFxnXYlKMTIIPpgz5Qh4g8LTBe7gwdcns2/kfKnQgbiPmY8bWchewUMc8cuVW0smNygYNdRNZFZF1EthCRNem2VmB8noCI06FOh35TOvTTfcnmPqE4DXJ+jyBAgfVtS5MKj97PArbT1B36cCbPn2LbLv1ysE0ysPSkW5Yll4YTiEHVxnjSncqtgD+bMWLd1ia1w6SKZAGNu4eqkfczFszytEJLSUOOdk35NTqXX+KE4hcoFKuXbYpsm3LR/cIfvYxFUluiGH3IOw8LkQJz46XaSg15IR8s4SFgjDnlTcuO2FmjZAb1ylZMxaNXEdEPm5UiB/SGZiZZS3AtRbSaRRuT8A2YgWr12oe4AEOujM5JJKjsS1eZOEslSnExlEn3reQ9lKIomTwaFUXf6luXn/jVtsviR0T3MzKLuDgh6ITglysEt9OzuWD0QT/k+lPJzsKfO+k5YsD1dvPJwljbqXhZ6R5ZhT34PQGF+VdmhmWhiXjeT1L+IqIwTwDAHtMLQMaYWokDMkmiCYsiTFWrBLsNGu6Y6ITBt3ZMXG5SpQP7aey9NWr+Ke29E2sdHzk++vb56M8+Kex4yPHQ35OH9rQPr8wOrRitByoWXO3iteXSrIO5oIFrVp5IW0qTWZpe3Ddhpxivb5ghjn5TwnClCmYwp/tkzocbvX1FEuFCjyYi4SGSRhayCvD6V2TSjxJurtujSc/N3eARldPE2Kc4ERpGjMMIPgTGnEXnSN4h3vCXQMPFCD4wZRIaTVxT4bsKoxA4Sy9Kp6d1+DCjibJZTxPKIghHmAdVyFKmYxO7wjSvRI/EZCQpn4LB0sR6EC1TzbjN/zVV9JayCC9VIMZU01EklLI1iZ4hndhcq7Vgmbk1q6lOFMGlzLyaaiaSKDTXpbl5uD7L75+Qt1MhphE0ZBw0WiKE67WChpWbStHpxr2p5o6GYB9tkPUJDdATAkgjJO1hHSXGSZtPI6ZmDeLzBUnUHU0LbTCXOmJ/YLQZL1KnT0bgYaWIft+sRCMETVmkrrdU2VsPNSJkoes0t9cezRpWHCD4bjLW2UXnquP+zsdtchGH0XF7lSuEcTLdNNZmbtUy2XL+xdp1v4zxwysjouWYaUmlke0sXYBs3SmGntML8OS/TX64iUnb7sZgj4mmPA1zrnfSKIjXdB9iKbQYJ5OGzxfVNH+Owf5MuOw/JdPCYiJBJ5LbbUw7bJLsTn1gC5AS8H2AUATqaCqODLmpo/9AsLosXVfwlpkkLI5XlamesTBmIkTXgFCGMige5L2j2GRRNAqOtAZGgFkARxt6sRpWmbTQREZe0/sYR1QjmbR5GAvG9XKN99pWSpLLGPjg7CeStcBchRpJr+nka5DVNgzFzyy2t1QyFDzW11EZ0Yr/VBOs1y6XmGKpIEgk0wuv+fa65qECSB0TL0W4SDHMYk/e4wl9/nTy7En96T9P/ll/8vTZaX38eBLUT4MXzx5Pnj2jE/osc18Xb8EUrLjcDFgWzDu7oi9hRm8Z3orwXrcH/pk/8EdX3TN/sOFiwhJF8ESUfDtrO7a24rhi6as7Te/2xCQbCKXn1Gi9FO0N21vqJedwdJjgtjBun54yksbSz9sN2GT049XWh7iueWZHm2+9jx8xQfVKRsslFv+egEw3J9ts/LWseTOgIUhDciEzd/rCzebLx5W69w56qZfpkKxMu/JEMNslZ+p6F7k+EFH9Tf5cUSoVPQ+zkPcfer/xBmwOItH116o6Ug6H/dUH9hWKDGLNilm1wGBBrLfCXhfkQPeyj1nMYxGaVKC5MXE8Sd+jJUHf24lYI88+sIJlSNd8mhiV69k+8d+/AYuyX9I= +sidebar_class_name: "post api-method" +info_path: policy-obligations +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +UpdateObligation + + + + + + + + + 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true\n```\n\n"},"metadata":{"title":"metadata","type":"object","properties":{"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional labels"}},"additionalProperties":false},"metadataUpdateBehavior":{"title":"metadata_update_behavior","type":"string","enum":["METADATA_UPDATE_ENUM_UNSPECIFIED","METADATA_UPDATE_ENUM_EXTEND","METADATA_UPDATE_ENUM_REPLACE"]}},"title":"UpdateObligationRequest","additionalProperties":false}}},"required":true}} +> + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":"circular()","title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false}},"title":"UpdateObligationResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/obligations/policy-obligations.info.mdx b/docs/OpenAPI-clients/policy/obligations/policy-obligations.info.mdx new file mode 100644 index 00000000..14424611 --- /dev/null +++ b/docs/OpenAPI-clients/policy/obligations/policy-obligations.info.mdx @@ -0,0 +1,41 @@ +--- +id: policy-obligations +title: "policy.obligations" +description: "" +sidebar_label: "policy.obligations" +hide_title: true +custom_edit_url: null +--- + +import ApiLogo from "@theme/ApiLogo"; +import Heading from "@theme/Heading"; +import SchemaTabs from "@theme/SchemaTabs"; +import TabItem from "@theme/TabItem"; +import Export from "@theme/ApiExplorer/Export"; + + + + + + + + + + + + + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/obligations/sidebar.ts b/docs/OpenAPI-clients/policy/obligations/sidebar.ts new file mode 100644 index 00000000..5db9bab9 --- /dev/null +++ b/docs/OpenAPI-clients/policy/obligations/sidebar.ts @@ -0,0 +1,7 @@ +import type { SidebarsConfig } from "@docusaurus/plugin-content-docs"; + +const sidebar: SidebarsConfig = { + apisidebar: [], +}; + +export default sidebar.apisidebar; diff --git a/docs/OpenAPI-clients/policy/policy.info.mdx b/docs/OpenAPI-clients/policy/policy.info.mdx new file mode 100644 index 00000000..82cb509c --- /dev/null +++ b/docs/OpenAPI-clients/policy/policy.info.mdx @@ -0,0 +1,41 @@ +--- +id: policy +title: "policy" +description: "" +sidebar_label: "policy" +hide_title: true +custom_edit_url: null +--- + +import ApiLogo from "@theme/ApiLogo"; +import Heading from "@theme/Heading"; +import SchemaTabs from "@theme/SchemaTabs"; +import TabItem from "@theme/TabItem"; +import Export from "@theme/ApiExplorer/Export"; + + + + + + + + + + + + + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-create-registered-resource-value.api.mdx b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-create-registered-resource-value.api.mdx new file mode 100644 index 00000000..9288b03d --- /dev/null +++ b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-create-registered-resource-value.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-registeredresources-registered-resources-service-create-registered-resource-value +title: "CreateRegisteredResourceValue" +description: "CreateRegisteredResourceValue" +sidebar_label: "CreateRegisteredResourceValue" +hide_title: true +hide_table_of_contents: true +api: eJztPf1z27aS/wqGdzOx+yT5Ix8v0XXaUxS19cWxPZLceb3Ip0DkSkJNAQwAOlEz+t/fLEBSpChTUuykTg75JRawBBbAfmF3AXzyNJ0or/nWuxAh8+ekCxOmNEgISBeUiKUPyruqeSICSTUT/CTwml5kgBsyA5YpbGPZQPZ9D+QN86HRlkA1lAF+p2EMXs2LqKQz0CARoU8epzPwml5bcA6+rl9IoYUvwvrvIBUT3Kt5jHtNbwo0AOnVPAnvYyYh8JpaxlDzlD+FGfWanzw9j7AlHs9GBlIzHW5oGng885pvj65qXgDKlyzCwXtN7xWMGQeip0BuLDQRY/MzaY1ESWtezfMFV9prHi0WtdJ4+mwGItb1N6o0ku0xLzRyK6LaQtUI42SmvMXiys4WKP1SBHPsyBdcA9f4J42ikPlmsQ/+VNjWpzJGYvQn+BoXTSJpaAYKa1M6QCrJYJWWjE9y2KdQQxZ4NW8s5Ixqr+nFsfldHEY3XdVFzbsxhFLR8E1CSTP68RT4RE+95vHTx7c1OeBrqJ0YaiSzWGkyAkI5oWE0pTyegWQ+sV3WCA1D8YHxCZnOoylwRSgPSMwDkMoXEhQZxZpwoQlVZgnGTCpNhCQhVZr4Uyqpr0E2SH8KRGmBKBjsyQcWhtgzx2kJ2V8QEC1IKD6AJD5V0GgO+Lt37wZcT5lqzKj2p6D2Hv3fW1r/q1X/38P6i6u9n5vLX8P61Q+5uv2f//PRftLCgOOsUh/npaW1ZKNYW25UuVmmUtI50qiGmVpHAjQMz8eGZQWH5K8iWdguqonCwqwjicViPdSS4d8ue7hCVlvX+5lhv439Gy7dREEtA0sQ9m+hFJrr/yvTS3ktkhkrr4aZ8auFWZFbKaNAdr+855VLlAIPDasMx+9RVM8YT5fqKE86khWxXftxAesSLuuIqQC0gaRXutxE2+vAb0fQEPsVyvK0gdYaTkb+DAKGFTS8yA1lTEMF5dVcQaKsV84j29aAG4qkSgmfUQ0BSbjix59IEQXii9mIcaNRFBLnCEismaVVxgmN9VRI9pdVOcANRjPgmgTgM1SxjE8GnOyxBjRS2pdAA1L/iWT4JuJzqnWkmgcH8JHOohAavpgdIMxBABGVGps9MJAHMyqvQTM+2UcpOANNA6qtjkumJCurmIO2mM0EJznQag0Z0hGEa8Vo2msCcdu6bdJ+i1VkRYIsSRpGkqsiiRxNVFpsXWtBrNCoReJqQxeLVXPNFKhIcGXHeHx4iP8VR9KLfR+UsobVfZgrS4NixYCo/oxVcj3bxVax4zaTmscjK7sPVPgGzWfqU5R30vx5XDyfST8Oqdzbz7V9u7W/nVRKcNqVQXflSt8QetDS+daTwiHVpfaXVUSBJqM5USBvQJI9I77m5MNUkATIamgJvpBBIvBQ5gVME7gBrveX2GVLk0gvszM7QoI/ahweHj5+cnh4dGz2Y5kWCaiGOhr4OEdxFJSHkRSuG8ayqmIYCdBXHMbfKCPVVEjUO8vKLcRlNSnf2b7eneNtl3kiSErKfHCbYebHSotZVVcJRHnfGUnwkWIKxk0GnVcWSeEaM0tpygMqg/wYsrKKLtfQoN3Je71+6+xVq/tq2Gr3T87PhpdnvYtO++SXk84rr1aqfdVpd/+46K+p6XdbZ703J33vKj+8HG75AWbFxk7bcSFXh/krcHTCQEDQdEQORNk2ogp2kfIb5KiTk05Ofgk5udpST8vY17gbiDl7H0M4JyzA2RzPCSWp/UM+MD0lWa/L9peqfcd+WzzdQVBOktXzKSeaXpvxFvdYBRFa3Bnd3TRbRW1Syd9Z92txujdDUUW0aIouC1fxzWpSD+g9YrPb3Gwl+0pMrayrBLeFhnqW21ZinKemUNWIiqMIqX00J8sht2I9PUNfzgDJiI5CIGMIEic54jSu9mVgdaKpb2BVU9+UsbXFiEMAYxqHmsRcs5DAR9z+MB1ihQEq6sGRECFQ7iS/k/zfneSveRNJuf7CxjQ6EiuAsLqkZAKMiCmUi5S8bvUI42gJ+jDgl92TpcsYfVYsIJfdU7IHjUmjRh6l/qsAZsI4rx7tk7FAHzIESH65iVAwQXeWapAO9afpT9u60lRq42oGHti5XHVQZ67lmlGA6FKhjKdu6totwFjBA6JCqqagbnMum1H83Dw4yHuZl38PBoNB/erTYe3Z0aLga97DmsaOH+3/sNd8i3/+Y//nvYPGD+UQRxSPQua/hnme623h8BrmFRuKplk+nJ8pvUFnf6hZFAK5hjmJKJNqly0V9adQ2NEkJavdW8xMH3bllmvOuBUITPAGacdS4opHEsYgTQgpC2BW0/01zO/ANRFUbgyxuhBBeX704njVT18c8cenhy9Iq3fWOCKJaw/F50XnDQF+A6GIoEZiFdMwnON6Xlfz7bUxIHIIPN7QfSsRRUnQJpVHDCQZC0mQuHE1jMIOJ9g1F0aDJJvLw6u8Iz2clAUCuebiAzLgREimpzOCuKd8WeDqZRScAPdFAEEDXe3CsnQNDS0FZEbnKEHeSUWbx4dPnr8ziHZ7rTraRAH5IGkU4VCshfIO/KYCPzp++kweWdhOewW0ZiJRMyGBWBpTaS80QH1GFeEAiE/FLvt1qze8uHx5etIevu78MWyd/jrsnF2+Wdlt3wbV7bWGOJoNIE8OXzyrAOm0h71O++L46bPu0Wawx8+fbAP29Pioe1Tc87+m6iITLDupwKV8GXDSMiImx/NGvopZIbaSKj2zdONY6inIlEz9zObMGADZewc/fyaHCs4ZW7jGOSNhJnSlwZ1ArI77mqr8QGMZkvpSxyvGfTCylobKRIkkaMngBgUbo7kv/1+p0a+nRdfozsWaNc0TSVJo3FvVblBr1vUNweR8ejYRxNDRKrWYgLc1BpMN5utWr0n2Ts76ne5Z67RGOv+yf621rFO/3/llt90Z9v+46Kz6/HI1aZsrxWkHyAVIva/vpDevqbqsNiavqRquMyhxKpC803mAOWmZWBjpme3I5xg52GaOGXNN6ylFxgoFn5h4bTL1G62KTLsV9rNZ4e1r1Dr99bx70v9tVU8sy3OaoViY6IJlYac9RNFfKnv8/Emp7OnxkVfK8OrZ7T4EVhin6KvGlpYHLsVmA2lz3OCaqur0AiSWNa4SXNeTVxWkkuPpHsPd52tD2FvH5LBfo2FWe35NjZmk8orLyExjQCEFfa6vJhdwv7SWmsl9WYqFbIflQoXOEfJAHSEF2xHmlisTptzJfCzxdJK2K+d5IzDxjdxuexq+sVDJNgeWDs4GuVRAUlY37AU0sDLQ6UGnB50erNCDyDEljjK5PkLoNsgv6rLcLXSylS+n2CC6Zaw0Jj7iNcb0q90Vb6rTM9XbcLrX6d6voHvbOaLdlteRcYe+4dzScQIhCoxgWd+fohcAhY+Mld5CzH2WXbzMfk3TO2QcFjMJ8fftn2E1MeqnQiv1+92Tl5f9zrB7eZpujMtOvVvBWqenw/NfKiHO/tgA8dtJp9vqtn/7w+zEv0Sm4ufmJboQ1AP2nbkQlAtBuRCUC0G5EJQLQbkQlAtBuRCUc70519v37HpzISjnBnNusG85BJU5pypCUA8vud5pZqeZnWbeFBQra+X8qSGnN53efLh6s7DnxKjKxv3m9ndAuCDCA/Z+uCCCCyK4IIILIrggggsiuCCCCyK4IIJzVThXxffsqnBBBOcMcc6QbzmIYAb9TQUQVGxW/I3dxHzpCwJ3uOWqOFKc3OU9Scll6TSKzF1K/0XoNW2SgZHdHctPndx9vtmHA2+DfCrm6G6wyOzMtQW3UD0oCIOkeuin9UMFZbmA45IQK3OTU6/c4nKQhr4m7Ab46kTcyyVcCbo9uIs/MBvrr1LE0X00dIc2khF1PmqQnIY9CMHXQv6+yTuaLhwkHw5V8uUtpElJCmDEACVjBmF6rT5e+EbGIdUaOAQpcXZRiCjg2mw9yZ6K/SmhasDJWIoZYcHFwemr1oW5Ido+gSFknraysnXkBNizbTiFQ00vIbQb3Qpb//Ll/3Ta/eGb1sXFydmvw/OLTrfVP++u80FUw56cbQQ5O+9vA3ZyNmyfn/VbJ2c9s4tYWdWtrzXNBjtj/MTWHS0qFj27hjwHvzrbIcMr88d40XhEJVOC21Vf6gMJCqUyOrKjKJyjR0lPYcDJBiLbim7wbvJEZOzX0mW3+3PsOyOSwiGUlLFWbwytYpYcEVbvU1cn6IcBb5GsS1RSjIPC67bw/IcYkx8zpUmotu8QZGN+lLGVAXg04KGwvpqfyI8pQj+RHxPUSTqVyRr8lFfmOXmySgGJLjxfw2ZJ1bCS3RKgPNsZ5yT1pVD2bYVC77cxX/v87NWJuer15fn5aad1duuJlyrI1tkmiPNu0Q3XLsjsFbJYnZzdlr9FfBHiGibP1WRdqTK1rs41vmdzwwL7AktpGYcTq2Aq2TOLNiwp0OolQiXkMDB7rNbZKxKKCfOLG7xMK+5mYt468gQDb43oUaDL1OkuT3R7re/q8sQt7y3fye5zl4m7y8SdVHRS8ZuWiinWrfTJhHu8XTzvRrJWaNnnndSRCOSM6cQyS2wTdGJZL/TM+okcEzom/J6ZsFfwiu7GjMm3JPm4SVokeeWUKsUm+KpY6ukjPdB7ah+RpznGy5yhA273xv9IuBNhc6+ardtFzFJH7ipa6TY5x8EuIusisi4im4vI5p5F+zoBEadDnQ79rnTo/b1ks0soToOc7RAEyLG+/dKkwqP3M4ftJHGH3p3Js6vYqqVfBrZOBhaudEuz5JJwAjGo2hhPslKZFfC5GSPWbW1SO0yqSBrQuL2rGvkwZf40Syu0lDTgaNcUb6Nz+SVOKD5Aobh62CbPtgkX7Rb+yN52T2yJfPQhazzIRQrMiZfVr9SA5/LBzAvehKa8adkRG2sUzKBu0YqpfND5jqNSZI9e09QkawuupQiXo+hgEr4BM1DtbmcfJ2DAldE5MT5Fnrx0lYqzRKLkJ8M+X76S91CIoqTyaJgXfWIUsgm9Yx7BvTxhdscudrtc071L5t4lc2rmgaqZL2l7u/OcD/ggijvP6c5zuvOc7jynO8/pznO685zuPKc7z+mihy56+B1FD915TucIcY6Q7+o8p3uXzOlBpwfdu2RFX06xQfcumdO937Lu/YbfJbvzm1zbhTyWYeQ8heZK7y+Tafu7O7VkkwnIrzb0UjrXsure87lstvO6EbijXu6ol4vSOwX57Ubpv/BRr78j/dbEKD/qu0RQC6m3+HMja4cMuK7eCVkYuxnKxzt3MI668D4GhVfymBEWxSXiuVvy3G8iDLI7IbDFJIZobKSlQiXjOByzMMTIy8r9BwYNJxedXPyO5eJ5xgh9a+RuvS/JjOKtMw4dHzk++v756HNfmXY85HjI8VDm5dmOffKnDlz41XHPw+SezS5YR7iOcB8o4RY9KK2iz2NbOW39KMMVv4iT2Y70HzLpbxvVM/RgE2FAQpCepDQs0gUVCa42scpiYXA35+twnMVhdKQ0V6ImJxRMpkeEp++M6XPwp7IRHOVPYUY3+wAxt3/dZOaXlQs9HIuYB7icaaTExzy30ARTYm7OFaDjkZsk6CGVk9h40XAgNAgZhyF89I3TDU/1Zg3iUQYJNJgP4SNTJq5pLuRReIBkGABnSUZ4kqILH6c0VjaGM6YshGCIUZ3c9bp0ZNJFMGgV66EYDyXlEzBYmvQKRMtUM24vrjVV9IayEM9PIsZU02EolLI1sZ4ip9jIUSk/xaQHa6pjRXAq0+P4airiMDB54egvjmfpxdRj8nYixCSEhoz8RlsEcFUqaFhZqBSdrF2b1VMdAdjTKbI+pj4etwCkEZK0UEaJcdLhk5CpaYO0+JzE6pZPc9/gJcAh+wtPYGDGeHI2Bl2qefR7ZiYaAWjKQnVVUWWv664RIXNNJ5fSWgdyw7Iwgm8mY51mdBemqiqym4klvNbJ5qwFMIon6/paz61axhWiAWvLKsuk5SsjVuWIaUmlkccsmYB03ilmeyWZ/uS/zSkdkwZmmxuBdWab8iSzqNxIIycSk3WIpNBiFI8bLT5fvZ+a4y1VqXDZfkjmC4uJBB1LbpcxabBJ0sMDvi1ASsCDEIHw1cFEHBhyUwf/gWB1Wbhn21ukkrAwhVUC1jMmxFQEGM0QypAJxdiDdxCZu8AaMvswFSmqUW7M5EMyHw429WZVqTKR8ViGXtP7FIVUI211eBAJxvWixLAdK1rJeQS8/+oXkn6BOYV4zttcSp9NXFrbMGwytaO6oZKhtLJhnJUerc5I1Ee5drHAKLMCP5ZMz73m26uah1ojibm8FME8wdCesrEjxpCP93hMnz8dP3tSf/rPo3/Wnzx9dlwfPR779WP/xbPH42fP6Jg+8zKeW/IaXWMv2kmzNbs0Xoy0/fKe59j9qmhCZjaGoSM8tFgId91KEaUVwzElZxqb3s2RyVgTSs+oUbU2pr6RMgtNZjIGA0u4xozbU75G1lmifVuBYgXR4kXklahc1TxDRs233qdPmBhwKcPFAovfxyATikgpDH8tat4UaADSLFnAzLMZwXp30KelYeLtdZOo3T5ZGo7FAWMqbCZ+6hcon3wR1n/PTpCmtORh9sf2XW/XX5/NQMS6/kat9pTBYXv1vj0YlEKU7K3lF5jcGelK2KuckLo472H2yEgEJk94ZowxT9IPaPPQD3Yg1nC1Z96wDAmbT2JjHHi2Tfz3b7u63fU= +sidebar_class_name: "post api-method" +info_path: policy-registeredresources +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +CreateRegisteredResourceValue + + + + + + + + + AttributeValue combinations to be utilized in authorization/entitlement decisioning\n (i.e. action read -> attribute value https://example.com/attr/department/value/marketing)"},"metadata":{"title":"metadata","description":"Optional\n Common metadata","type":"object","properties":{"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional labels"}},"additionalProperties":false}},"title":"CreateRegisteredResourceValueRequest","required":["value"],"additionalProperties":false}}},"required":true}} +> + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"ActionAttributeValue","additionalProperties":false},"title":"action_attribute_values"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false}},"title":"CreateRegisteredResourceValueResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-create-registered-resource.api.mdx b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-create-registered-resource.api.mdx new file mode 100644 index 00000000..acecac66 --- /dev/null +++ b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-create-registered-resource.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-registeredresources-registered-resources-service-create-registered-resource +title: "CreateRegisteredResource" +description: "CreateRegisteredResource" +sidebar_label: "CreateRegisteredResource" +hide_title: true +hide_table_of_contents: true +api: eJztPWtz27aWfwXD3ZnYvbJsJ02n1e20qyhq640jeyQ5s93Iq8DkkYSaAlgAtKNm9N/vHICk+JAoKXZzkyzyJRYIAgfAeeG8+MHTdKq81lvvUoTMX5A+TJnSICEgfVAilj4o77rhiQgk1Uzws8BreZHp3JRZZ5n2ba4GyN4fgLxjPjQ7EqiGagev4UVU0jlokAjLB4/TOXgtryM4B18fXUqhhS/CozcgFRPca3iMey1vBjQA6TU8CX/GTELgtbSMoeEpfwZz6rU+eHoR4Ug8nt+YnprpcMvQwOO513p7et3wAlC+ZBGu22t5L2HCOBA9A3JnexMxMT+T0UiUjOY1PF9wpb3W6XLZqKxnyOYgYn30WlVWsjvkhUE2AqptrwZhnMyVt1xe290CpV+IYIET+YJr4Br/pFEUMt+c8/EfCsf6UIVI3PwBvsZDk4gVmoHCp3aNWS+lJePTHNzmecOb0/fnwKd65rWePn9WhryfHOSIr0FE0qNzIPNYaXIDhHJCw2hGeTwHyXxiJ2wQGobinvEpmS2iGXBFKA9IzAOQyhcSFLmJNeFCE6rMDk2YVJoISUKqNPFnVFJfg2yS4QyI0gIhQNjJPQtDnJgLOach+wsCogUJxT1I4lMFzdaIv3v3bsT1jKnmnGp/Burgyf+9pUd/tY/+9+Toh+uDn1urX+Oj629yzw5//s8nh8kII+4tG94dDWO7t8meUinpAlFGw1yt2+vy5kZUa5C4sXtA4TW8mLM/Yziz0yBJLVfnmEC1plP5MC/MHzQkI76Or5A3ZiRycD8DjqRzxwIIDlcHXD1d9XjHO+L5AzaL2n7CeCpz0DSg2lJEsidZ26YtGHHSEfO54CTXtZ6eQnoDoVpHd+msSY+GR4OA2XkuC0NsIkWzWlxLEViRnlcy8HK5aegJDRUsc0ixibX3LaspsOi3lhVcbxl8WWbrpkFFgiu7uqcnJ/hfcQ2D2PdBKcuAH4OtpZItf9xyJbjqX2ZB3TGwAM9gJ765Dzd4ACwWMXbBnAdsi+cz6cchlQeHG3HX4kDDoz4+a2st2U2s4c0n2AM7ZX5dSUt1VYLDxcQoLMVp/FhpMa+bKulRFdyRBJ9qCLw8dWW980SUNF6jflGcXmnKAyqD/BqytpopGxVwE1XIGwzbvZft/stxuzM8u+iNr3qDy27n7Jez7kuvUXn6stvp/345XPNk2G/3Bq/Pht51fnk52PILzJqvUWnZ8yDLy/wVOCqwEJA4ZgFqQ8iEb6iCfWhwC++vRz7f8MigrfNvJ41jqisgrx4RBZrcLIgCeQeSHADXTC/I/UyQpJMVXRJ8IQMwy0P1KA6YJnAHXB+uO9z3dB6FYLT/U+SYp82Tk5Nn356cnD41Ov8ExaD2Wl5ANRyhJol7EEdBdRlJ47plrB7VLCPp9AmX8W8Ur2ompCb5h1skbXmkgZaxr1E3sTpYuCAswN2cLAglKRsm90zPSDbravyVDrLnvG1OLC/EY0lOz6ecaHpr1ksLfLrAQtMnY7s5DxacZdCmtfSdTb8WpkcT4yqiRYm4aizDmz1Jr5CPCM1+e7Pjva1E1MrqxhGV2mAPyWQ0MbdP06gaRMVRhNh+syCrJbdjPeuh4j5CNKI3IZAJBImBAWGa/MnrQMLHiaS+g7KkvqtCa5sRhgAmNA41iblmIYH3qBcyHeID06koB2+ECIFyx/kd5//qOH/Dm0rK9d+sTMeS1XXCxxUhE6A1USFfpORVe0AYR03QhxG/6p+trAN4Z2cBueqfkwNoTpsN8mSmdaRax8cBzEXTF/PjJ4dkItBgAAGiX24jFEznwLVqki71Z+lPO7rSVGpjVwAe2L0sG5syO0LDCEC8a1LGU5tEY0NnfMADokKqZqA22YvMKn5uHR/nTTarv0ej0ejo+sNJ47vTZcFwc4BPmnu+dPjNQest/vmPw58PjpvfVK1QUXwTMv8VLPJUbxvHt7CouVC0zPHh/szoHRruQs2iEMgtLEhEmVT7XKmoP4PCjSZpKU9vITNz2JNbnTnjliEwwZukE0uJJx5JmIA0NqDMAlyP97eweADVRFB7McTHBTve96c/PG14c8bThtPyit8/P/mBtAe95ilJbB7IPi+7rwnwOwhFBA0Sq5iG4QLP87aebm+NApED4NmW6dsJK0pMdCk/YiDJREiCyI2nYQR2ODWWYmEkSHK5PLnOXQWxR3WCWy7ukQCnQjI9mxOEPaXLAlWv3AgEuC8CCIydT1iSbqCipYDM6QI5yDupaOvpybffvzOA9gftI9SJAnIvaRThUqyG8g78lgI/evr8O3lq+3Y7pa4NY3acCwnE4phKZ6EByjOqCAdAeGpu2a/ag/Hl1Yvzs874Vff3cfv813G3d/W6dNve1Ks/aI9xNVu6fHvyw3c1Xbqd8aDbuXz6/Lv+6fZuz77/dpduz5+e9k+Ld/5XVF1mjGUvEbjiLyNO2obF5Gje8FcxB0KVEj4zqkUq9MzRTWKpZyBTNPUznTMjACTvPUyfGR8qGGds4xrjjIS50LUKd9KjvO5bqvILjWVIjlYyXjHug+G1NFQCEU+ClgzukLExmnvz/5UY/XRSdI3sXK450zySJI3GvFVvBrVq3dAgTM6mZ1rHBo/K2GJ8G1YZTC6Yr9qDFjk46w27/V77vEG6/2P/WqtZp3a/i6t+pzse/n7ZLdv8ck/SMUvN6QRIBYi9rx4kN2+puqpXJm+pGq9TKHErEL3TfYAFaRsnARmY68jHKDk4Zo4Yc0PrGUXCCgWfKtTTk63fqlVk0q1wn80aN59R+/zXi/7Z8LeynFi15yRDsTGRBavGbmeMrL/S9uz7byttz5+eehUX+cBe9yGwzDgFXzV31DzwKLYrSNu4s0G3s/rJqBqvMZXguZ69rEGVHE0PGN4+XxnE3urIyM9rJEx55lfUqEkqL7gMzzQKFGLQx9pqcj7IK6upGXf2ii1kN6y93Zv7+jSdIcQZQj7OEFLQHWFhqTIhyr3UxwpNJ6EJcpFXAhPbyGbd09CN7ZVcc2Bl4GySKwUkJXVDXkADywOdHHRy0MnBGjmIFFOhKBNyIITugPxbTZb7uU52suUUB0SzjOXGxEe4JhiXsr/gzUKr0h5NJ3ud7P0EsreTQ9pdaR0Jd+wbyq3EewpRIARL+v4MrQDIfGSs9A5s7qP04szjStLwDhmHxYAm/L35NXxMjPipkUrDYf/sxdWwO+5fnacX46pRb2O39vn5+OKX2h6937f0+O2s22/3O7/9bm7iD4sjKwZvpRv1JnHq74YPCQTOBfV5286cC8q5oJwLyrmgnAvKuaCcC8q5oJwLypnenOntaza9OReUM4M5M9iX7ILKjFM1LqjPL7jeSWYnmZ1k3uYUq0rlfNaQk5tObn6+crNw50Svytb75u6p6M6J8BlbP5wTwTkRnBPBORGcE8E5EZwTwTkRnBPBmSqcqeJrNlU4J4IzhjhjyJfsRDCL/qIcCCo2J/7aXmL+7gKBe1S5Kq4UN3dVJ8m8TuY0ikwtpX8SektbZGR4d9fSk/kvBKOLZi+OvEcssJjsXEdw22sABWaQPB776fOxgipfwHVJiJWp5DSojrhapMGvKbsDXt6IRynClYA7gIfYA7O1/ipFHD3GQA8YI1lR9z3W8aXhAELwtZBvtllH04OD5MWxSt7cgJqUpB0MG6BkwiBM6+JiwTcyCbGYMIcgRc4+MhEFXJurJzlQsT8jVI04mUgxJyy4PD5/2b48xIOx5cOFzONW1rYOnQBntgOn/VDSSwjtRbdG17968d/dznD8un15edb7dXxx2e23hxf9dTaI+r5nva1dehfDXbqd9cadi96wfdYbmFtE6VR3Lmu6KvTMeFJ4+XRZc+hZreZc//JuhwzrI0+IL+YRlUwJbk99JQ8kKOTKaMiOonCBFiU9gxEnW5BsJ7wZcXKQsIzDRnrs9n6Oc2dIUkhCSQmrXDG0jlhySFh/Ty1v0Dcj3ibZlCikGAeF5bYw/0NMyI+Z0CRU26LT2ZqfZGRlOjwZ8VBYW81P5McUoJ/IjwnoJN3K5Ax+ygvzHD8pY0AiCy/WkFnyaFxLbkmnPNkZ4yT1pVC2kHZh9k3E17novTwzpV5fXFycd9u9jRkvdT3bvW09LvpFM1ynwLNLaFHenP2Ov018EeIZJvX+s6lUFVvLe51VNV97jOOpFTC15Jl5G1YYaOUSoRJyEJg7Vrv3koRiyvziBS+TivupmBtXnkDgrWE9CnQVO13xRHfX+qqKJ26129gyuXvpfa6YuCsm7rii44pfNFdMoW6nn0x4xOrieTOS1UKrNu/kGYlAzplONLNEN0EjlrVCz62dyBGhI8KvmQgHBavofsSYvEuSl1ukTZIvxFGl2JSjESDtMwB9oA4ReJojvMwYOuL2bvyPhDqxry/mN4xXYhbSW8Q8NeSWwUqvyTkKdh5Z55F1HtmcRzb3daZP4xBxMtTJ0K9Khj7el2z2ccVpkPM9nAA50rdvmlB4tH7moJ0m5tCHE3lWiq2e+2Xd1vHAQkm3NEoucScQA6r18SQnlWkBHxsxYs3WJrTDhIqkDo3NUzXI/Yz5syys0GLSiKNeU6xG5+JLHFP8DJliOdkmT7aNXT68WanQlpJIokvkvQ/Z4EHOU2AyXspvqRHPxYOZz7USmtKmJUccrFlQg/pFLaZk0Sux6IetSpEDektTlawjuJYiXK2ii0H4ppvp1el3D3EDRlwZmRPjd2eTL12l7CzhKPnNsN+qLcU9FLwoKT8a51mfuAnZlD4wjuBRPmH2wCn2K67pvkvmvkvmxMxnKmb+Tt3b5XN+xokoLp/T5XO6fE6Xz+nyOV0+p8vndPmcLp/TeQ+d9/Ar8h66fE5nCHGGkK8qn9N9l8zJQScH3XfJirac4oDuu2RO9n7JsvcL/i7Zg7/JtZvLY+VGzmNorvXxIpl2r92pJZtOQX6ypVfCuVaPHj2ey0Y7r1uBS/VyqV7OS+8E5Jfrpf+bU73+HeG3xkf5Xj/Eg1oIvcWfW0k7ZMB1/U3I9rGXoby/cw/lqA9/xqCwJI9ZYZFdIpz7Bc/9JsIgqwmBIyY+RKMjrQQqmcThhIUhel5K9Q8MGI4vOr74FfPFi4wQhlbJ3flekinFO0ccOjpydPT109HHfmXa0ZCjIUdDmZVnN/LJZx0496ujns+TerabYB3iOsT9TBG3aEFpF20eu/Jpa0cZl+wijmc71P8SUN/GuICEIE2S/Fgl3yG7Q/bPFNl3dWEbfKhSRB9UJLjaRhTLpQHb5JHiEosr6EppSv8mmTgmoinCLFOj4h//oaynUvkzmNPttm7MYVm3j/kT5UKPJyLmAZ5k6hH0MZ4zNE7DmJv8GTSwcxPsP6ZyGhtrMS6EBiHjMIb3vjEuY/Z6NiCm7EigwWIM75ky/ntTeEphotQ4AM6SzIckFB3ez2isrK9yQlkIwRi9l7ky0vTGhEWhczbWYzEZS8qnYKA0YUQIlnnMuC3QbB7RO8pCzBNGiKmm41AoZZ/EeoZEYj2klTgsEwavqY4Vwa1My06omYjDwOQ/oF8knqcF2Cfk7VSIaQhNGfnNjgjgutLQtGxQKTpdezbl7KUAbBaWPJpQH9OKAHGEJCNUQWKcdPk0ZGrWJG2+ILHa8GruHSx2HbK/MNMIMyOSHDB0HeTBH5idaAagKQvVdc0jW5a+QYTMDZ0UX7aOkqalXuy+HY11mrlQ2Kq6CIaMI2H5MhubGcBNPF0313pq1TKu4Qr4tCqtTPqJMhxV3jAtqTSsmCUbkO47xajGJKOF/JfJRjPhjna4G7BOG9OeRNBVB2nmuGFyDpEUWtzEk2abL8p12DlWY0uZy+5LMm9YSCToWHJ7jMmALZImyfi2ATEBE34C4avjqTg26KaO/wO7HclCPXlvmXLCwhZu4K2eURxmIkCHnVAGQyi617zjyJS7a8rsnZSbqGZ1HBPyy3w4rpnIyk5l4j5iGXot70MUUo0Y1eVBJBjXywqZdi1DJRcR8OHLX0j6BkbMYhUD88mFbLvSp01DHDO7oDsqGfIo66QszWglRSI0qk+XS4yhUODHkumF13p73fBQViQexRciWCQQ4kA2HGJFLGlY09u06bqop2WC3JwYpsEWHKgbD6CySzhXkiXb8u5OTQykUHpOeQ6smqMpjJYRMnopcUsZtynjhqFY9HhbA10NemBV+01QXDc8c2Ctt96HDxhgciXD5RKb/4xBJnufniX+Wja8GdAApMGogJnPrwTrzYofVoLfO+gn3t9DstLJimvFkOqMvI8ukf59ER69yTKRE/7oeRhFtPvUu803ZHMQsT56rcozZf1wvKOhTTBLe1T0mdUbGCQc6dq+1zlOcHkxwCikGxGYePO5UXY8Se9Rp6D3diFWJ7S5k9iG6MynsRG+nh0T//0LWUlH3A== +sidebar_class_name: "post api-method" +info_path: policy-registeredresources +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +CreateRegisteredResource + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"ActionAttributeValue","additionalProperties":false},"title":"action_attribute_values"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"RegisteredResourceValue","additionalProperties":false},"title":"values"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false}},"title":"CreateRegisteredResourceResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-delete-registered-resource-value.api.mdx b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-delete-registered-resource-value.api.mdx new file mode 100644 index 00000000..0b12c0b5 --- /dev/null +++ b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-delete-registered-resource-value.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-registeredresources-registered-resources-service-delete-registered-resource-value +title: "DeleteRegisteredResourceValue" +description: "DeleteRegisteredResourceValue" +sidebar_label: "DeleteRegisteredResourceValue" +hide_title: true +hide_table_of_contents: true +api: eJztPWtz2ziSfwXFu6rYs7L8yGMT7dTMKbIm441juyR5anORT4HIloQxCTAA6ESb8n+/aoCkSFGmpNiZS3KYLxMDTaAB9Av9gD57mk6V13rnXYiQ+XPSgylTGiQEpAdKJNIH5V01PBGDpJoJfhJ4LS82wE2ZA8sMtrkYIP++D/KG+dA8hhA0VAH+oGECXsOLqaQRaJCI0GeP0wi8ltcRnIOv9y6k0MIX4d4fIBUT3Gt4jHstbwY0AOk1PAkfEiYh8FpaJtDwlD+DiHqtz56exzgST6KxgdRMh2uGBp5EXuvd4VXDC0D5ksW4eK/lHcOEcSB6BuTGQhMxMX+mo5E4Hc1reL7gSnutw9vbRmU9AxaBSPTeG1VZyeaYlwa5E1FtoRqEcRIp7/b2yu4WKP1SBHOcyBdcA9f4TxrHIfPNYe//qXCsz1WMxPhP8DUemkTS0AwU9rKgAKO0ZHxawJoFXsObCBlR7bW8JDF/l7HuZYd4e7v4rpZwenYhXsOjQcBwGBpeFJCa0FDBLQ5XJhDToGLBlUX96OAA/1dGp5/4Pihlj/IhNujG0Pr99/G2URmqAmYB7DrNfhngtDNvazwAKpa074Yy/RnKqgBJpaRzpH8NkVq3LZ7PpJ+EVO7sFsa+W57U0cPSLinELgJNA6ppcZvytmVC7YgoEpwU+uu30ZdANQRtXRw9bRxRXRl/0UUUaDKeEwXyBiTZAa6ZnpOPM0FSIPKRhSGR4AsZQIBcTjmhScA0gRvgeneBXX408IlGcQhG9h8igR82Dw4OHj85ODg8MhI/59OAathDEYJ7lMRBdRlp46plLLpqlpEC/YXLCOkYwpUEl60phbiLijbguvJGiNgOQtRMSE2KnSibamXXOlKmPva1tZZsnGhL/1/MZZtxvJ2ySARpS5UPBIfzidHoSxyRKC2iuqlSiKpmiyX4SDElLZFDL+T8u6zxChVweXqlKQ+oDIpryNtqplxBg9ZW8PqD9tlxu3c8ancGJ+dno8uz/kW3c/LbSffYa1R6j7ud3tuLwYqeQa991n9zMvCuissr4FZcYN58hVp9a21cXuYr4GjmQUBQOSMHomwbUwXbSPk1ctTJSScnv4acXB6pr2Xia6IFSTj7kEA4JyzA3ZzMCSWZ/UM+Mj0j+ayL8Reqfct525xYWYjHkp6eTznR9Nqsl5bkdEmEZj2jm9SEube1XUZtWsvf+fQrcXowQ1HFtGyKLhqX8c17sjvWA2Kz3d5sJPsqTK0gQPqLqdSGekiuo4m5nplG1SAqiWOk9vGcLJbcTvTsjFAeDJGM6DgEMoEgvYYjTpMPvA4l7E419Q0sa+qbKra2GXEIYEKTUJOEaxYS+ITXHaZD7DBAZT04FiIEyp3kd5L/h5P8DW8qKddf2ZhOJKsDwu6KkgnQ56ZQLlLyut0njKMl6MOQX/ZOSJQoTcZAKLmhIQvIZe+U7EBz2myQRzOtY9Xa3w8gEk1fRPuPdslEhKH4CAGSX2EjFEwj4Fo1SZf6s+xPO7rSVGoUTwR4YPcSiTGMZ5QnEUjmE39GJfU1yIZRgOhCoYyT2TyeAYq91cDYwQOiQqpmoJqtIX///v2Q6xlTzYhqfwZq59H/mFX82trff0f3/t3e+++DvRdXO4t/D4fD4d7V54PGs8PbAsTurzvY09zyo92fdlrv8J9/2/11Z7/50+6v//loN8VraCRfnIxD5r+GeZHrbePoGuY1F4qWOT7cnxm9ARIloWZxCOQa5iSmTKptrlTUn0HpRpO2LE9vMTNz2JNbnDnjViAwwZukk0iJJx5LmIBEr/BN7iKtp/trmN+Da2KovRhid8OL6KdT4FM981rPD18cNbyI8azhcHnFn54evCDt/lnzkKSuPBSfF903BPgNhCKGBklUQsNwjud5Xc+318aAKCDweM307VQUETtUJo8YSDIRkiBx42kYhR1OcWoujAZJL5cHV4WrIEJUJ7jm4iMy4FRIpmcRQdwzvixx9cLPToD7IoCgOeRkICxLN9DQUkAiOkcJ8l4q2jo6ePL8vUG012/voU0UkI+SxjEuxVoo78FvKfDjo6fP5KGF7XaWQBtknGgSCQnE0pjKZqEB6jOqCAdAfGpu2a/b/dHF5cvTk87odfftqH36atQ9u3yzdNu+C6rXb49wNWtAnhy8eFYD0u2M+t3OxdHTZ73D9WCPnz/ZBOzp0WHvsHznf03VRS5YtlKBC/ky5KRtREyB5418FREQqpTwmTEtMqVnjm6SSD0DmZGpn9ucOQMge2/guKrIoZJzxjaucM5IiISuNbhTiOV1X1NVXGgiQ7K30PGKcR+MrKWhEkh4ErRkcIOCjdHCl/+v1Ohfp0VX6M7bFWdaJJK00bi36t2g1qwbGIIp+PRM68jQ0TK1DGZAUmMwvWC+bvdbZOfkbNDtnbVPG6T7L/uvlZZ15vc7v+x1uqPB24vuss+v0JONudScTYBcgNT7+l5685qqy3pj8pqq0SqDErcCyTvbB5iTtol9kb65jnyJkYNjFpixMLSeUWSsUPCpQjs93fq1VkWu3Ur32bzx7jNqn746750Mfl/WE4v2gmYoN6a6YNHY7YxQ9FfaHj9/Uml7enToVWLIfXvdh8AK4wx91dzQ8sCjWG8grY8bXFN1Uj8ZVaMVrhI815PjGlIp8HSf4e3ztSHsjWNyOK/RMMszv6bGTFJFxWVkpjGgkIK+1FdznuqIISeX1lJDsIJYyG9YLlToHCHfqCOkZDvC3HJlypRbmY8Vnk4Tg+S8aASmvpG7bU/DNxYqvebAwsHZJJcKSMbqhr2ABlYGOj3o9KDTgzV6EDmmwlEm10cI3QH5VV2W24VONvLllAdEt4yVxsRHvCaYbrW94s10eq56m073Ot37F+jeToFoN+V1ZNyRbzi3khQpRIkRLOv7M/QCoPCRidIbiLkvsovziCvJ0jtkEpYzCfHvuz/DbmLUT41WGgx6Jy8vB91R7/I0uxhXnXp3grVPT0fnv9VCnL1dA/H7SbfX7nV+f2tu4l8jU/FL8xJdCOob9p25EJQLQbkQlAtBuRCUC0G5EJQLQbkQlHO9Odfbj+x6cyEo5wZzbrDvOQSVO6dqQlDfXnK908xOMzvNvC4oVtXKxaohpzed3vx29WbpzolRlbX3zc3fgHBBhG/Y++GCCC6I4IIILojgggguiOCCCC6I4IIIzlXhXBU/sqvCBRGcM8Q5Q77nIIJZ9HcVQFCJOfE39hLztR8I3OKVq/JKcXMX7ySZz0lE49i8pfQPQq9piwyN7O5afjL/C8HYovmHQ2+NfCrn6K6xyOzOdQS3UH0oCYO0e+Rn/SMFVbmA65KQKPOSU7864mKRhr6m7Ab48kY8yCNcKbp9uI8/MF/rKymS+CEGuscY6Yq6nzRITsM+hOBrIf9Y5x3NDg7SD0cq/fIO0qQkAzBigJIJgzCwooDgg29kElKtgUOQEWcPhYgCrs3Vk+yoxJ8RqoacTKSICAsu9k+P2xe7eDD2kW0hi7SVt60iJ8CZ7cAZHGp6CaG96NbY+pcv/9ntDEZv2hcXJ2evRucX3V57cN5b5YOohz05Wwtydj7YBOzkbNQ5Pxu0T8765haxdKobP2uaLzZi/MT2Hd7WHHqaaV+CX97tkCmNW+uLKKaSKcHtqS/0gQSFUhkd2XEcztGjpGcw5GQNkW1EN0NOdlKRsdvIjt3ez3HunEhKRSgZYy2/GFrHLAUirL+nLm/QT0PeJvmUqKQYB4XPbWH9h5iQn3OlSag2WC/W/ChnKwPwaMhDYX01v5CfM4R+IT+nqJNsK9Mz+KWozAvyZJkCUl14voLN0q5RLbulQEW2M85J6kuhlFlTafa7mK9zfnZ8Yp56fXl+ftptn91Z8VIH2T5bB3HeK7vhOiWZvUQWy5uz3fG3iS9CPMP0Qfx8KlWl1uW9xhfzb1gAwcpjHE2tgqllzzzasKBAq5cIlVDAwNyx2mfHJBRT5pcveLlW3M7EvHPlKQbeCtGjQFep0z2e6O5aP9TjiRu+W76V3eceE3ePiTup6KTidy0VM6zb2U8mPODr4kU3krVCqz7vtI/EICOmU8sstU3QiWW90JH1EzkmdEz4IzNhv+QV3Y4Z029J+nGLtEn6O2pUKTbl6ATIYPqgd9QuIk8LjJc7Q4fc3o3/lnInwvoiGjNeyVnIbhFR5shdRiu7Jhc42EVkXUTWRWQLEdnCz6L9NQERp0OdDv2hdOjD/ZLNNqE4DTLaIghQYH37pUmFR+9nAdtp6g69P5PnT7HVS78cbJUMLD3plmXJpeEEYlC1MZ70pHIr4EszRqzb2qR2mFSRLKBx91QN8nHG/FmeVmgpacjRrim/RufyS5xQ/AaF4nKxTZFtUy7aLvyR/fRodhMoRh/ywYNCpMBUvCx/pYa8kA+W8AAwxpzypmVHHKxZMoN6ZStmyaO3JKLvtypFdug1zUyyjuBainCxii4m4RswA9XpdXdxA4ZcGZ2TSFDZL11l4iyVKMXNUCbddynvoRRFyeTRqCj6xDhkU3rPPIIH+Qmze06x3eOa7nfJ3O+SOTXzjaqZr2l7u3rOb7gQxdVzunpOV8/p6jldPaer53T1nK6e09Vzuuihix7+QNFDV8/pHCHOEfJD1XO63yVzetDpQfe7ZGVfTnlA97tkTvd+z7r3O/5dsnv/JtdmIY9FGLlIoYXWh8tk2vztTi3ZdAryL1t6JZ1r0fXg+Vw223nVClyplyv1clF6pyC/3yj9Vy71+r9IvzUxyk/6PhHUUuot/rmWtUMGXNffhCyMvQwV451bGEc9+JCAwid5zArL4hLx3C557ncRBvmbEDhiGkM0NtJCoZJJEk5YGGLkZen9A4OGk4tOLv7AcvE8Z4SBNXI3vpfkRvHGGYeOjxwf/fh89KW/Mu14yPGQ46Hcy7MZ+xSrDlz41XHPt8k9612wjnAd4X6jhFv2oLTLPo9N5bT1o4yW/CJOZjvS/x5I3+a4gIQgK5LchPoLAxxDCBruGKYHKhZcrR3u1qzOVODhTpQX2pXSPJqa1jCYXJAY6/OMcbT/p7IxHuXPIKLrvYSY/b9qu4sHz4UeTUTCAzzwLJbiYyZcaMItCTeVB+ia5CZNekTlNDF+NlwIDULGYQSffOOWw7rffEAsdpBAg/kIPjFlIp/myR6FJSajADhLc8bTJF74NKOJslGeCWUhBCOM+xQe4KVjk1CCYa1Ej8RkJCmfgsHSJGAgWqabcfu0remiN5SFWGGJGFNNR6FQyvYkeoa8ZGNLlQwWk0CsqU4Uwa3MCvbVTCRhYDLH0aOcRNnT1RPybirENISmjP1mRwRwVWloWmmpFJ2uPJvluo8AbP2K3JtQHwsyAGmEpCNUUWKcdPk0ZGrWJG0+J4m649PCN/hMcMj+jTUamFOeVs+g07WIft/sRDMATVmormq67IPeDSJkYej02VrrYm5aJkfw9WSss5zv0lbVxX5zwYUPP9mstgDGyXTVXKu5VcukxuDD3qpSM4n7ygheOWZaUmkkNks3INt3ivlgaS0A+S9Tx2MSxexwY7DubtOe5h5VB2kWhGZ6DrEUWoyTSbPN58svWHN8xyoTLpsvyXxhMZGgE8ntMaYDtkhWXuDbBqQELJUIhK/2p2LfkJva/w8E25Oll7i920wSluO8NQLWM0bGTAQY7xDKkAnF6IS3H5vXwpoy/zATKapZHcxkTDIf9tfNZpWtMrHzRIZey/sch1QjbXV5EAvG9W2FYbtWtJLzGPjg+DeSfYFZh1gJbp6tzzcu620aNpnZVd1QyVBa2UDP0oxWZ6Tqo9p7e4txaAV+Ipmee613Vw0PtUYalXkpgnmKYRah9h5P6POnk2dP9p7+/fDve0+ePjvaGz+e+HtH/otnjyfPntEJfYYMhJWDpZjTnZte2RRcVFpY2PJuDk3amFA6okab2cD22sMvDZmzMUZ3cBsZt6W2RpxYunhXg2INXXiNNahcNTxzUq133ufPGJ2/lOHtLTZ/SECmm54dIv512/BmQAOQhpQCZn67Iljtk/m80P3eTi8Nne2ShfVWXjDmo+YcvneBIsAX4d4feRlnKiI9D1MwNp96s/kGLAKR6L03anmmHA7H2xvY6pwMomLSLL7ADMtY18JeFeTAxXkfUzjGIjDJupGxdzxJP6JZQT/ahVjr0RaeYdtnL6R8mhj969kx8b//BVhOAuI= +sidebar_class_name: "post api-method" +info_path: policy-registeredresources +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +DeleteRegisteredResourceValue + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"ActionAttributeValue","additionalProperties":false},"title":"action_attribute_values"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"RegisteredResourceValue","additionalProperties":false}},"title":"DeleteRegisteredResourceValueResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-delete-registered-resource.api.mdx b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-delete-registered-resource.api.mdx new file mode 100644 index 00000000..df7731ed --- /dev/null +++ b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-delete-registered-resource.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-registeredresources-registered-resources-service-delete-registered-resource +title: "DeleteRegisteredResource" +description: "DeleteRegisteredResource" +sidebar_label: "DeleteRegisteredResource" +hide_title: true +hide_table_of_contents: true +api: eJztPWtz27aWfwXD3ZnYvbJs53Vb3U67iqy2vnFsjyR3bjfyKjB5JKEmARYAneh6/N93DgBSpCRTUuxkkyz6pTFwCBwA54XzgG4DTScqaL0NzkXMwhnpwYQpDRIi0gMlMhmCCi4bgUhBUs0EP46CVpAa4KYsgGUO25wPUHzfB3nDQmgeQQwalgGCRpBSSRPQIBGX24DTBIJW0BGcQ6j3zqXQIhTx3u8gFRM8aASMB61gCjQCGTQCCX9lTEIUtLTMoBGocAoJDVq3gZ6lOBLPkisDqZmO1wwNPEuC1tvDy0YQgQolS3HdQSs4gjHjQPQUyI2FJmJs/nSjkdSNFjSCUHClg9bh3V1jaT0DloDI9N4btbSSzTGvDHIvotpCNQjjJFHB3d2l3S1Q+pWIZjhRKLgGrvGfNE1jFppz3v9T4Vi3yxiJqz8h1HhoEqlCM1DYy6ISjNKS8UkJaxYFjWAsZEJ10AqyzPxdxbqXH+Ld3fy7+2imZ9cQNAIaRQxHoPF5CZ8xjRXc4UhV2jANKhVcWayfHhzg/6qY9LMwBKXsKT7G3uTs8Qi7eNdw1HQ/lOm/awQ3NM7sqA6SSklnSHIaEvU4uJg56sAsgN32+R64TjmXAHWoBCGTYRZTubO75sAbAQ2xr621ZFeZht8/wx7YKcvrci3LqxIczsZGxFWnCTOlRVI3lYNYZvVUQkj1AtsU0HPqf5s3XqJEqk6vNOURlVF5DUVbzZSNJXSd8Az6g/bpUbt3NGp3Bsdnp6OL0/55t3P8y3H3KGgs9R51O70/zgcrega99mn/zfEguCwvr4RbeYFF8yWKua3FU3WZvwJHlQcRQWmF8jOiml5RBdvwYAKa4nflnS3a6qn+NgglIAJtXf7aNY6oXkJ53kUUaHI1IwrkDUiyA1wzPSPvp4I4IPKexTGREAoZgVke5YRmEdMEboDr3VWH+4EmaQzGXjhE8XjYPDg4ePb84ODwqbESCgEfUQ17qHtwD7I0Wl6Ga1y1jHlXzTIc0GdcRkyvIF4pMvI1OYj7RNQGQrK6ESK1gxA1FVKTcidyQ40gXBypr2UWaqIFyTj7K4N4RliEuzmeEUpyMUzeMz0lxazz8UlBslvO2+bEykI8Fnd6IeVE02uzXlqR0xURmveM7Oas45Wt+XtSy9/F9Ctxejg2ToSolFY14rxxEd+iJzc6HxGb7fZmI9m3xNQKIqS/lEptqIcUOpoYe9U0qgZRWZoitV/NyHzJ7UxPTwnl0RDJiF7FQMYQuSsJ4jT+i9ehhN1OU9/Aoqa+WcbWNiMOEYxpFmuScc1iAh/QCGQ6xg4DVNWDV0LEQLmX/F7yf3OSvxFMJOX6ExvTmWR1QNi9pGQi9D8olIuUvG73CeNoCYYw5Be9Y5JkSpMrIJTc0JhF5KJ3QnagOWk2yJOp1qlq7e9HkIhmKJL9J7tkLOJYvIcIya+0EQomCXCtmqRLw2n+px1daSo1iicCPLJ7icQYp1PKswQkC0k4pZKGGmTDKEC8WFLGyXSWTgHF3mpg7OARUTFVU1DN1pC/e/duyPWUqWZCdTgFtfPkf8wqfm7t77+le/9u7/33wd4Plzvzfw+Hw+He5e1B4+XhXQli9+cd7Glu+dHudzutt/jPv+3+vLPf/G735/98suvwGhrJl2ZXMQtfw6zM9bZxdA2zmgtFyxwf7s+U3gBJslizNAZyDTOSUibVNlcqGk6hcqNxLYvTW8zMHPbk5mfOuBUITPAm6WRS4omnEsYg0UN2U/iM6un+GmYP4JoUai+G2N0IEvrhBPhET4PW94c/PG0ECeN5w+Hiij+8OPiBtPunzUPiHBwoPs+7bwjwG4hFCg2SqYzG8QzP87qeb6+NAVFC4Nma6dtOFBE7VC6PGEgyFpIgceNpGIUdT3BqLowGcZfLg8vSVRAhlie45uI9MuBESKanCUHcc76scPXc8UiAhyKCqDnkZCAsSzfQ0FJAEjpDCfJOKtp6evD8+3cG0V6/vYc2UUTeS5qmuBRrobyDsKUgTJ++eCkPLWy3swDaIFeZJomQQCyNqXwWGqE+o4pwAMSn5pb9ut0fnV+8OjnujF53/xi1T34ddU8v3izctu+D6vXbI1zNGpDnBz+8rAHpdkb9buf86YuXvcP1YM++f74J2Iunh73D6p3/NVXnhWDZSgXO5cuQk7YRMSWeN/JVJECoUiJkxrTIlZ45unEm9RRkTqZhYXMWDIDsvUYtV5wzuRyqOGds4wrnjIRE6FqD20EsrvuaqvJCMxmTvbmOV4yHYGQtjZVAwpOgJYMbFGyMlr78f6VGP58WXaE771acaZlIXKNxb9W7Qa1ZNzAEU/LpmdaRoaNFahlMgThj0F0wX7f7LbJzfDro9k7bJw3S/Zf910rLOvf7nV30Ot3R4I/z7qLPr9STj7nQnE+AXIDU+/pBevOaqot6Y/KaqtEqgxK3Ask73weYkbaJCJC+uY58jJGDY5aYsTS0nlJkrFjwiUI73W39Wqui0G6V+2zReP8ZtU9+PesdD35b1BPz9pJmqDY6XTBv7HZGKPqX2p59/3yp7cXTw2ApqNa3132IrDDO0VfNDS0PPIr1BtI66WzI7bh+MqpGK1wleK7HRzWkUuLpPsPb52tD2GsDGeV5jYZZnPk1NWaSKisuIzONAYUU9LG+mjOnI4acXFhLDcFKYqG4YW3g6KgO3RFJIjjxjhDvCPnEjpCK7Qgzy5WOKbcyH5d42iVJyFnZCHS+kfttT8M3Fspdc2Du4GySCwUkZ3XDXkAjKwO9HvR60OvBGj2IHLPEUSblQAjdAflJXZbbhU428uVUB0S3jJXGJES8xpiEsr3izXV6oXqbXvd63fsZdG+nRLSb8joy7ig0nLuUJSZEhREs64dT9AKg8JGZ0huIuY+yi4uIK8nTO2QWVxOa8O/7P8NuYtRPjVYaDHrHry4G3VHv4iS/GC879e4Fa5+cjM5+qYU4/WMNxG/H3V671/ntD3MTf1geWTV5K9+o311QfzN6cBj4ENSX7TvzISgfgvIhKB+C8iEoH4LyISgfgvIhKO968663b9n15kNQ3g3m3WBfcwiqcE7VhKC+vOR6r5m9ZvaaeV1QbFkrl6uGvN70evPL1ZuVOydGVdbeNzcvRfdBhC/Y++GDCD6I4IMIPojggwg+iOCDCD6I4IMI3lXhXRXfsqvCBxG8M8Q7Q77mIIJZ9FcVQFCZOfE39hLzqR8I3OKVq+pKcXPn7ySZz0lC09S8pfQPQq9piwyN7O5afjL/i8HYosWHw+ARH1h0O9cR3EL1oSIMXPcozPtHCpblAq5LQqbMS0795RHnizT0NWE3wBc34lEe4XLo9uEh/sBirb9KkaWPMdADxnAr6n7QIDmN+xBDqIX8fZ13ND84cB+OlPvyHtKkJAcwYoCSMYM4sqKA4INvZBxTrYFDlBNnD4WIAq7N1ZPsqCycEqqGnIylSAiLzvdPjtrnu3gw9sFhIcu0VbStIifAme3AORxqegmxvejW2PoXr/7Z7QxGb9rn58env47Ozru99uCst8oHUQ97fLoW5PRssAnY8emoc3Y6aB+f9s0tYuFUN37WtFhswvix7Tu8qzl0l2lfgV/c7ZgpjVsbiiSlkinB7anP9YEEhVIZHdlpGs/Qo6SnMORkDZFtRDdDTnacyNht5Mdu7+c4d0EklSKUnLEWXwytY5YSEdbfUxc36Lshb5NiSlRSjIPC57aw/kOMyY+F0iRUG6zna35SsJUBeDLksbC+mp/IjzlCP5EfHeok30p3Bj+VlXlJnixSgNOFZyvYzHWNatnNAZXZzjgnaSiFUmZNldnvY77O2enRsXnq9dXZ2Um3fXpvxUsdZPt0HcRZr+qG61Rk9gJZLG7OdsffJqGI8QzdC+HFVGqZWhf3Gp8Qv2ERRCuPcTSxCqaWPYtow5wCrV4iVEIJA3PHap8ekVhMWFi94BVacTsT896VOwyCFaJHgV6mTv94or9rfVOPJ67129hncrey+/xj4v4xcS8VvVT8qqVijnU7/8mER3xdvOxGslboss/b9ZEUZMK0s8ycbYJOLOuFTqyfyDOhZ8JvmQn7Fa/odszoviXu4xZpE/ebUlQpNuHoBMhh+qB31C4iT0uMVzhDh9zejf/muBNhQ5FcMb6Us5DfIpLckbuIVn5NLnGwj8j6iKyPyJYisqVfZ/o8ARGvQ70O/aZ06OP9ks02oTgNMtkiCFBiffulSYVH72cJ24lzhz6cyYun2OqlXwG2SgZWnnTLs+RcOIEYVG2Mx51UYQV8bMaIdVub1A6TKpIHNO6fqkHeT1k4LdIKLSUNOdo11dfofH6JF4pfoFBcLLYps63jou3CH/lPdOY3gXL0oRg8KkUKTMXL4ldqyEv5YBmPAGPMjjctO+JgzYoZ1KtaMQsevQUR/bBVKbJDr2luknUE11LE81V0MQnfgBmoTq+7ixsw5MronEyCyn/pKhdnTqKUN0OZdN+FvIdKFCWXR6Oy6BNXMZvQB+YRPMpPmD1wiu0e1/S/S+Z/l8yrmS9UzXxK29vXc37BhSi+ntPXc/p6Tl/P6es5fT2nr+f09Zy+ntNHD3308BuKHvp6Tu8I8Y6Qb6qe0/8umdeDXg/63yWr+nKqA/rfJfO692vWvV/x75I9+De5Ngt5zMPIZQottT5eJtPmb3dqySYTkJ9t6UvpXPOuR8/nstnOq1bgS718qZeP0nsF+fVG6T9xqdf/RfqtiVF+0A+JoFZSb/HPtawdM+C6/iZkYexlqBzv3MI46sFfGSh8ksessCouEc/tkud+E3FUvAmBI7oYorGR5gqVjLN4zOIYIy8L7x8YNLxc9HLxG5aLZwUjDKyRu/G9pDCKN8449Hzk+ejb56OP/ZVpz0OehzwPFV6ezdinXHXgw6+ee75M7lnvgvWE6wn3CyXcqgelXfV5bCqnrR9ltOAX8TLbk/7XQPo2xwUkRHmR5Mca+Z7YPbF/dcS+hs5L3x5BDBqWR+iBSgVXa0e6M2syRaa4/uryulKad4FdmY5Jd0qxBNXY//t/KhvGVOEUErreEY4FLqs2uXzcXOjRWGQ8wmPOw4UhJnvGJqKYcVNcg953bioBRlROMuNKxoXQKGYcRvAhNJ5nLG0vBsR6Hgk0mo3gA1MmuG9epVJYRTWKgDNXFuHy1OHDlGbKBjLHlMUQjTC0WXpjml6ZnCmM3GZ6JMYjSfkEDJYmxwjRMt2M29ebTRe9oSzGImLEmGo6ioVStifTU+QgGz5dStIyOfKa6kwR3Mr8TQo1FVkcmeIIDJpkSf46+5i8nQgxiaEp07DZERFcLjU0rYxUik5Wns1iaVMEtkRL7o1piDVHgDRC3AjLKDFOunwSMzVtkjafkUzd82npG3wJO2b/xjIkLJtwBWIYVyij3zc70YxAUxary5ou+2Z9gwhZGtq9zGyjKE3L2gi+nox1XtZQ2aq69IZCXOHbZjZxM4KrbLJqrtXcqmVWc6fB3mVVZmpTlBG38oppSaWR08xtQL7vFFMeXbkL+S9TqmZyIe1wV2AjOqbdpdctD9IsiUp3DqkUWlxl42abzxYfaef4VFsuXDZfkvnCYiJBZ5LbY3QDtkheQRPaBqQErAaKRKj2J2LfkJva/w8E25OVx+aDu1wSVlMZVsvWwFgVUxFhNE8oQyEUY2/BfmrewmvK4ptcmqjm8jgmH5iFsF8zkVWsyiSFZDIOWsFtGlONFNXlUSoY13dLbNq1ApWcpcAHR7+Q/AtMp8UnDszvMRTblfc2DXNM7YJuqGQoo2wEc2FGqymc0ljuvbvDBAsFYSaZngWtt5eNAHWFCze+EtHMYZinXgTPxvT7F+OXz/de/P3w73vPX7x8unf1bBzuPQ1/ePls/PIlHdOXyDZYElsJpt6730ubgotyFbOt4ObQ5EMKpRNqdJjN2Kg78spoBd9ixBJ3kHFbPm7kh6WGtzXY1VBD0Lgfi8tGYM6n9Ta4vcVkkwsZ391h818ZSLfV+dHhX3eNYAo0AmkIKGLmp1ii1S7G27meD3Z6LhK8S+b2WXWtmF5dcPPeObJ7KOK934uqZCcOgwAzijaferP5BiwBkem9N2pxpgIOx9sb2GKzHGLJfJl/gQnDqa6FvSwx/vlZHzOSrkRkcs8TY9sEkr5HE4K+twux9qGto8S22yCmfJIZXRvYMfG//wUSevQ2 +sidebar_class_name: "post api-method" +info_path: policy-registeredresources +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +DeleteRegisteredResource + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"ActionAttributeValue","additionalProperties":false},"title":"action_attribute_values"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"RegisteredResourceValue","additionalProperties":false},"title":"values"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"RegisteredResource","additionalProperties":false}},"title":"DeleteRegisteredResourceResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-get-registered-resource-value.api.mdx b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-get-registered-resource-value.api.mdx new file mode 100644 index 00000000..0a9c0f8e --- /dev/null +++ b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-get-registered-resource-value.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-registeredresources-registered-resources-service-get-registered-resource-value +title: "GetRegisteredResourceValue" +description: "GetRegisteredResourceValue" +sidebar_label: "GetRegisteredResourceValue" +hide_title: true +hide_table_of_contents: true +api: eJztPWtz27aWfwXD3ZnYvbJsp0mn1XbaVWQ19Y0jeyS5s9nIq8DkkYSaBBgAdKLr0X/fOQBJkXpQUuxkHS/6pTFwCBwA54XzgO48TcfKa7z3LkTI/CnpwpgpDRIC0gUlEumD8q5qnohBUs0EPw28hhcb4LrMgWUGW58PkH/fA3nLfKi/Br3c+xcNE/BqXkwljUCDRGzuPE4j8BpeS3AOvj64kEILX4QHf4FUTHCv5jHuNbwJ0ACkV/MkfEyYhMBraJlAzVP+BCLqNe48PY1xJJ5E1wZSMx1uGBp4EnmN98dXNS8A5UsW48q9hncCI8aB6AmQWwtNxMj8mY5G4nQ0r+b5givtNY5ns9rSevosApHog7dqaSXbY14aZC2i2kLVCOMkUt5sdmV3C5R+JYIpTuQLroFr/CeN45D55qQP/1Y41t0yRuL6b/C1V/MEh/OROa9YIoVoBgrhRh95AVxpyfi4sADsrnkR42fAx3riNY5r3kjIiGqv4SWSebPZIvD8fN+blivc1PKkLKiakwVecZKEBaVZTHdxEhZ4V7hVGcB64u3azfRqHg0ChjtHw4sCZiMaKpjhZGUiNQ0qFlxZ/J8fHeH/ygfZS3wflLLk9GWHVN6lW8NvCJYu7DZlwOrPNm7urFYYeg2YBbDrNvtXxCNvewhULLuthzL9GcqqAEmlpFPkSQ2R2rSbns+kn4RU7u0Xxl4v46roY2GXFGIXgaYB1bS4TXnbIsu3RBQJTgr91dvoS6AagqYujp42DqleGn/eRRRocj0lCuQtSLIHXDM9JZ8mgqRA5BMLQyLBFzKAACUP5YQmAdMEboHr/Tl2+dHAZxrFIRhldIwEf1w/Ojr68cXR0fFzo4Jy5g2ohgMUa7hHSRwsLyNtXLWMeVfFMlKgb7iMkF5DuJLgsjWlEOuoaAuuK2+EiO0gRE2E1KTYibKqUpZtImXqY19Ta8muE23p/4u5bDuOt1MWiSBtWeaDdVrLT5QWUdVUKcSyto0l+EgxJZ2SQxf1Stq4Qn8pTXlAZVBcQ95WMeUKGrT2i9frNzsnze7JsNnqn553hped3kW7dfrHafvEqy31nrRb3XcX/RU9/W6z03t72veuissr4FZcYN5s1OfOKrq8zNfA0e6EgKDGRg5E2XZNFewi5TfIUScnnZz8GnJycaSelomviRYk4exjAuGUsAB3czQllGT2D/nE9ITks87Hn6v2HedtcmJlIR5Leno+5UTTG7NeWpLTJRGa9QwfyEpcRG1cyd/59CtxejBDUcW0bIrOGxfxzXuye98DYrPb3mwl+5aYWkGA9BdTqQ31kFxHE3NlNI2qRlQSx0jt11MyX3Iz0ZMOoTwYIBnR6xDICILUL4A4bXHtSzX1LSxq6ttlbG0z4hDAiCahJgnXLCTwGa8/TIfYYYDKevBaiBAod5LfSf4nJ/lr3lhSrr+yMY0+mAog7F5SMgE6ARXKRUreNHuEcbQEfRjwy+4piRKlyTUQSm5pyAJy2T0je1Af12vk2UTrWDUODwOIRN0X0eGzfTISYSg+QYDkV9gIBeMIuFZ10qb+JPvTjq40lRrFEwEe2L1EYgzjCeVJBJL5xJ9QSX0NsmYUILpUKONkMo0ngGJvNTB28ICokKoJqHpjwD98+DDgesJUPaLan4Dae/Y/ZhW/Nw4P39ODfzUP/vvo4Jervfm/B4PB4ODq7qj20/GsALH/+x721Hf8aP+HvcZ7/Oc/9n/fO6z/sP/7vz/bT/EaGMkXJ9ch89/AtMj1tnF4A9OKC0XDHB/uz4TeAomSULM4BHIDUxJTJtUuVyrqT6B0o0lbFqe3mJk57MnNz5xxKxCY4HXSSqTEE48ljECim/o2d9tW0/0NTO/BNTFUXgyxu+ZF9HPm0fz5+Jfniy7O8oo/vzz6hTR7nfoxSV17KD4v2m8J8FsIRQw1kqiEhuEUz/Ommm9vjAFRQODHDdM3U1FE7FCZPGIgyUhIgsSNp2EUdjjGqbkwGiS9XB5dFa6CCLE8wQ0Xn5ABx0IyPYkI4p7xZYmr575/AtwXAQT1ASd9YVm6hoaWAhLRKUqQD1LRxvOjFz9/MIh2e80DtIkC8knSOMalWAvlA/gNBX78/OVP8tjCtlsLoDVynWgSCQnE0pjKZqEB6jOqCAdAfCpu2W+aveHF5auz09bwTfvdsHn2etjuXL5duG2vg+r2mkNczQaQF0e//FQB0m4Ne+3WxfOXP3WPN4P9+POLbcBePj/uHpfv/G+ousgFy04qcC5fBpw0jYgp8LyRryICQpUSPjOmRab0zNGNEqknIDMy9XObM2cAZO8tHFdLcqjknLGNK5wzEiKhKw3uFGJx3TdUFReayJAczHW8YtwHI2tpqAQSngQtGdyiYGO08OX/KzX67bToCt05W3GmRSJJG417q9oNas26viGYgk/PtA4NHS1SS38CJDUG0wvmm2avQfZOO/12t9M8q5H2f9l/rbSsM7/f+WW31R723120F31+hZ5szIXmbALkAqTeN/fSmzdUXVYbkzdUDVcZlLgVSN7ZPsCUNE0sjPTMdeRLjBwcs8CMhaH1hCJjhYKPFdrp6dZvtCpy7Va6z+aN68+oefb6vHva/3NRT8zbC5qh3JjqgnljuzVE0b/U9uPPL5baXj4/9pbi2j173YfACuMMfVXf0vLAo9hsIG2OG9xQdVo9GVXDFa4SPNfTkwpSKfB0j+Ht840h7K1jcjiv0TCLM7+hxkxSRcVlZKYxoJCCvtRXc57qiAEnl9ZSQ7CCWMhvWC5U6Bwhj9QRUrIdYWq5MmXKnczHJZ5OM5XktGgEpr6R9ban4RsLlV5zYO7grJNLBSRjdcNeQAMrA50edHrQ6cEKPYgcs8RRJtdHCN0C+VVdlruFTrby5ZQHRLeMlcbER7xGmH61u+LNdHqueutO9zrd+w10b6tAtNvyOjLu0Decu4hUV4gSI1jW9yfoBUDhIxOltxBzX2QX5xFXkqV3yCQsZxLi3+s/w25i1E+FVur3u6evLvvtYffyLLsYLzv11oI1z86G539UQnTebYD487TdbXZbf74zN/Gvkan4pXmJLgT1iH1nLgTlQlAuBOVCUC4E5UJQLgTlQlAuBOVcb8719pRdby4E5dxgzg32PYegcudURQjq8SXXO83sNLPTzJuCYstauVg15PSm05uPV2+W7pwYVdl439z+DQgXRHjE3g8XRHBBBBdEcEEEF0RwQQQXRHBBBBdEcK4K56p4yq4KF0RwzhDnDPmegwhm0d9VAEEl5sTf2kvM134gcIdXrsorxc2dv5NkPicRjWPzltJ/EHpDG2RgZHfb8pP5XwjGFs0/HHgb5FM5R3eDRWZ3riW4hepBSRik3UM/6x8qWJYLuC4JiTIvOfWWR5wv0tDXmN0CX9yIB3mEK0W3B/fxB+ZrfS1FEj/EQPcYI11R+7MGyWnYgxB8LeRfm7yj2cFB+uFQpV+uIU1KMgAjBigZMQgDKwoIPvhGRiHVGjgEGXF2UYgo4NpcPcmeSvwJoWrAyUiKiLDg4vDspHmxjwdjX/0WskhbedsqcgKc2Q6cwaGmlxDai26FrX/56p/tVn/4tnlxcdp5PTy/aHeb/fPuKh9ENexpZyNI57y/DdhpZ9g67/Sbp52euUUsnOrWz5rmi40YP7V9x7OKQ08z7Uvwi7sdMqVxa30RxVQyJbg99bk+kKBQKqMjO47DKXqU9AQGnGwgsq3oZsDJXioy9mvZsdv7Oc6dE0mpCCVjrMUXQ6uYpUCE1ffUxQ36YcCbJJ8SlRTjoPC5Laz/ECPya640CdUG6/man+VsZQCeDXgorK/mN/JrhtBv5NcUdZJtZXoGvxWVeUGeLFJAqgvPV7BZ2jWsZLcUqMh2xjlJfSmUMmsqzb6O+VrnnZNT89Trq/Pzs3azs7bipQqy2dkEcd4tu+FaJZm9QBaLm7Pb8TeJL0I8w/SR/nwqtUyti3uNr/jfsgCClcc4HFsFU8meebRhToFWLxEqoYCBuWM1OyckFGPmly94uVbczcRcu/IUA2+F6FGgl6nTPZ7o7lpP6vHELd8t38nuc4+Ju8fEnVR0UvG7looZ1s3sJxMe8HXxohvJWqHLPu+0j8QgI6ZTyyy1TdCJZb3QkfUTOSZ0TPiUmbBX8oruxozptyT9uEGaJP1hN6oUG3N0AmQwPdB7ah+RpwXGy52hA27vxv9IuRNhfRFdM76Us5DdIqLMkbuIVnZNLnCwi8i6iKyLyBYisoWfRfs2ARGnQ50OfVI69OF+yWaXUJwGGe0QBCiwvv3SpMKj97OA7Th1h96fyfOn2KqlXw62SgaWnnTLsuTScAIxqNoYT3pSuRXwpRkj1m1tUjtMqkgW0Fg/VY18mjB/kqcVWkoacLRryq/RufwSJxQfoVBcLLYpsm3KRbuFP7KfHs1uAsXoQz54UIgUmIqXxa/UgBfywRIeAMaYU9607IiD1UtmULdsxSx49BZE9P1WpcgevaGZSdYSXEsRzlfRxiR8A2agWt32Pm7AgCujcxIJKvulq0ycpRKluBnKpPsu5D2UoiiZPBoWRZ+4DtmY3jOP4EF+wuyeU+z2uKb7XTL3u2ROzTxSNfM1bW9Xz/mIC1FcPaer53T1nK6e09VzunpOV8/p6jldPaeLHrro4ROKHrp6TucIcY6QJ1XP6X6XzOlBpwfd75KVfTnlAd3vkjnd+z3r3u/4d8nu/Ztc24U85mHkIoUWWh8uk2n7tzu1ZOMxyG+29KV0rnnXg+dz2WznVStwpV6u1MtF6Z2C/H6j9F+51Ov/Iv3WxCg/6/tEUEupt/jnRtYOGXBdfROyMPYyVIx37mAcdeFjAgqf5DErLItLxHO35Lk/RRjkb0LgiGkM0dhIc4VKRkk4YmGIkZeF9w8MGk4uOrn4hOXiec4IfWvkbn0vyY3irTMOHR85Pnr6fPSlvzLteMjxkOOh3MuzHfsUqw5c+NVxz+Pkns0uWEe4jnAfKeGWPSjNss9jWzlt/SjDBb+Ik9mO9B8z6W/JGa9B2ywYkBBkZZSGP7qgYsHVJj6ZzQziprgOF1leQ1tK8x5qWp5g0jxiLL0zds/h38qGb5Q/gYhudgBiYv+qnSyeKRd6OBIJD/AsszCJj0luoYmkJNwUFaDXkZsM6CGV48S40HAhNAgZhyF89o3HDUt68wGxjkECDaZD+MyUCWqa13gUVo8MA+AsTQdP83Ph84QmygZwRpSFEAwxpFN4W5dem1wRjFgleihGQ0n5GAyWJrcC0TLdjNtXa00XvaUsxOJJxJhqOgyFUrYn0RNkExs2WkpOMbnBmupEEdzKrBZfTUQSBiYpHJ3FSZS9Sj0i78dCjEOoy9ivt0QAV0sNdSsIlaLjlWezWNIRgC1NkQcj6mOtBSCNkHSEZZQYJ20+Dpma1EmTT0mi1nxa+AZfAA7Zv7D8AtPF08IY9KcW0e+ZnagHoCkL1VVFl32ru0aELAydvkhrvcd1y78IvpmMdZbOXdqqqrBuLpPwTSebsBbAdTJeNddqbtUyqZAL2Lusr0xOvjIyVV4zLak0wpilG5DtO8VUrzTNn/ynKdExOWB2uGuwnmzTnqYVLQ9SL8jD9BxiKbS4Tkb1Jp8uPk7N8YmqTLhsvyTzhcVEgk4kt8eYDtggWeWAbxuQErAKIhC+OhyLQ0Nu6vDfEOxAlh7Z9maZJCzHNtdJV88YDxMRYBxDKEMjFKMO3mFsXgGry/zDTJ6o+vJgJhOS+XBYOZXVoMoExBMZeg3vLg6pRqpq8yAWjOvZEqu2rVAl5zHw/skfJPsCUwmxvNu8RZ9vWdZbNwwysUu6pZKhnLLRm4UZrbZIFcdy72yGwWUFfiKZnnqN91c1D/VFGmp5JYJpiiEOZDxQBU7Cir9SrGjtpi6tG/FOCwIb3u2xSfcSSkfUqCobkK4+2dJ4OYNiSAa3iXFbH2sEhT309xX4VRy6V6vC46rmmWNovPfu7jCefinD2QybPyYg0x3NTgj/mtW8CdAApKGTgJlfmwhWe1Hu5ird2+umwa59Mre3yqvFDNKccQ8ukLN9ER78lRdeppLP8zBpYvupt5uvzyIQiT54qxZnyuFwvIO+rafJIJYslfkXmBMZ60rYqwKHX5z3MOniWgQmvTYyZown6Se0FugnuxBr79lSMWy780LKx4lRq54dE//7X04wGP8= +sidebar_class_name: "post api-method" +info_path: policy-registeredresources +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetRegisteredResourceValue + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"ActionAttributeValue","additionalProperties":false},"title":"action_attribute_values"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false}},"title":"GetRegisteredResourceValueResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-get-registered-resource-values-by-fq-ns.api.mdx b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-get-registered-resource-values-by-fq-ns.api.mdx new file mode 100644 index 00000000..fde8ce34 --- /dev/null +++ b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-get-registered-resource-values-by-fq-ns.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-registeredresources-registered-resources-service-get-registered-resource-values-by-fq-ns +title: "GetRegisteredResourceValuesByFQNs" +description: "GetRegisteredResourceValuesByFQNs" +sidebar_label: "GetRegisteredResourceValuesByFQNs" +hide_title: true +hide_table_of_contents: true +api: eJztPf1z2zaW/wqGdzOxu7Jsp0mn1XbaU2Ql9caRvZLc2VzkU2DySUJNAgwAOtF6/L/fPICkSEqmpNjJOTn0l8bAI/AAvC+8D+jG03SqvNY770yEzJ+TPkyZ0iAhIH1QIpE+KO+i4YkYJNVM8OPAa3mxAW7KHFhmsM3FAPn3A5DXzIfmK9DLvX/SMAH1Yv7ynz3lNbyYShqBBolI3XicRuC1vI7gHHy9dyaFFr4I9/4EqZjgXsNj3Gt5M6ABSK/hSfiQMAmB19IygYan/BlE1GvdeHoe40g8iS4NpGY6XDM08CTyWu8OLxpeAMqXLMYN8FreEUwYB6JnQK4tNBET82c6GonT0byG5wuutNc6vL1tLK1nyCIQid57o5ZWsjnmpUHuRFRbqAZhnETKu729sLsFSr8QwRwn8gXXwDX+k8ZxyHxz4Pt/KRzrZhkjcfkX+BoPTSJ5aAYKeycfuCpAUSnpHJenISq2Ky0Zn3oNL2L8BPhUz7zWYcObCBlR7bW8RDLbeWw/PGx4CWcfEkj/xgO+XeyGmXUdfHV/+hm53BZGWkumfbttXsOjQcBwKBqeFbZgQkMFtzhkmRxNg4oFV3ajnh4c4P/KKA0S3welLOE80HEY5N/QeBVwYf/G1wg3jmh859JucngDi9/XTs6CVSeejcEC77aRjlQDZgHs7pnDKOKRtz0EKpY974Yy/RnKmxD5Slw8n0k/Canc2S2MfQfNraGyyi4pxC4CTQOqaXGb8rYqC3REFAlOCv312+hLoBqCti6OnjaOqV4af9FFFGhyOScK5DVIsgNcMz0nH2eCpEDkIwtDIsEXMoAAJRXlhCYB0wSugevdBXb50cAnGsUhGB12iGxz2Dw4OPjx2cHB4VOjuXKBElANeygGcY+SOFheRtq4ahmLrpplpEBfcRkhvYRwJcFla0ohahh6HdeVN0LEdhCiZkJqUuxEiVcrEdeRMvWxr621ZJeJTmXu53LZZhxvpywSQdqyzAeCw+nEWCUVjkiUFlHdVCnEsnaOJfhIMSX9k0MvtMe7rPECjYjy9EpTHlAZFNeQt9VMuYIGrb3jDYbt3lG7fzRud4bHp73xeW9w1u0cvzzuHnmNpd6jbqf/9my4omfYb/cGb46H3kVxeQXcigvMmy/QMtnyIKvLfAUczVUISJIww4Eo2y6pgm2k/Bo56uSkk5NfQk5WRxpomfiaaEGsPRvOCQtwNydzQklm/5CPTM9IPuti/IVq33LeNidWFuKxpKfnU040vTLrpSU5XRKhWc/4gazEKmrTWv7Op1+J04MZiiqmZVN00VjFN+/J7okPiM12e7OR7FtiagUB0l9MpTbUQ3IdTcwV0zSqBlFJHCO1X87JYsntRM96hPJghGREL0MgEwhSdwLiNPnA61DC7lRTX0NVU18vY2ubEYcAJjQJNUm4ZiGBT3iJYjrEDgNU1oOXQoRAuZP8TvJ/d5K/4U0l5foLG9PosqkBsh6dipIJ0HeoUC5S8ro9IIyjJejDiJ/3j0mUKE0ugVByTUMWkPP+CdmB5rTZIE9mWseqtb8fQCSavoj2n+ySiQhD8RECJL/CRiiYRsC1apIu9WfZn3Z0panUKJ4I8MDuJRJjGM8oTyKQzCf+jErqa5ANowDRMUMZJ7N5PAMUe6uBsYMHRIVUzUA1WyP+/v37EdczppoR1f4M1M6T/zGr+L21v/+O7v27vfffB3u/XOws/j0ajUZ7FzcHjZ8ObwsQu7/vYE9zy492f9hpvcN//m3395395g+7v//nk90Ur5GRfHFyGTL/NcyLXG8bx1cwr7lQtMzx4f7M6DWQKAk1i0MgVzAnMWVSbXOlov4MSjeatKU6vcXMzGFPbnHmjFuBwARvkk4iJZ54LGECEr3b17mbt57ur2B+D66JofZiiN0NL6KfMgfoz4e/PK16RMsr/vT84BfSHvSahyR1EKL4POu+IcCvIRQxNEiiEhqGczzPq3q+vTIGRAGBH9dM305FEbFDZfKIgSQTIQkSN56GUdjhFKfmwmiQ9HJ5cFG4CiLE8gRXXHxEBpwKyfQsIoh7xpclrl7ECghwXwQQNEecDIVl6QYaWgpIROcoQd5LRVtPD579/N4g2h+099AmCshHSeMYl2ItlPfgtxT48dPnP8lDC9vtVEAb5DLRJBISiKUxlc1CA9RnVBEOgPjU3LJftwfjs/MXJ8ed8evu23H75NW42zt/U7lt3wXVH7THuJo1IM8OfvmpBqTbGQ+6nbOnz3/qH64H+/HnZ5uAPX962D8s3/lfU3WWC5atVOBCvow4aRsRU+B5I19FBIQqJXxmTItM6ZmjmyRSz0BmZOrnNmfOAMjeGziuluRQyTljG1c4ZyREQtca3ClEdd1XVBUXmsiQ7C10vGLcByNraagEEp4ELRlco2BjtPDl/ys1+vW06ArdebviTItEkjYa91a9G9SadUNDMAWfnmkdGzqqUstwBiQ1BtML5uv2oEV2jnvDbr/XPmmQ7r/sv1Za1pnf7/S83+mOh2/PulWfX6EnG7PSnE2AXIDU+/peevOKqvN6Y/KKqvEqgxK3Ask72weYk7aJqJGBuY58jpGDYxaYsTC0nlFkrFDwqUI7Pd36tVZFrt1K99m88e4zap+8Ou0fD/+o6olFe0EzlBtTXbBo7HbGKPqX2n78+dlS2/Onh95SHHxgr/sQWGGcoa+aG1oeeBTrDaT1cYMrqo7rJ6NqvMJVgud6fFRDKgWeHjC8fb42hL1xTA7nNRqmOvNraswkVVRcRmYaAwop6HN9Naepjhhxcm4tNQQriIX8huVChc4R8kgdISXbEeaWK1Om3Mp8XOLpNMFJzotGYOobudv2NHxjodJrDiwcnE1yroBkrG7YC2hgZaDTg04POj1YoweRY5Y4yuT6CKE7IL+oy3K70MlGvpzygOiWsdKY+IjXBJO4tle8mU7PVW/T6V6ne7+C7u0UiHZTXkfGHfuGc5fSLYUoMYJlfX+GXgAUPjJRegMx91l2cR5xJVl6h0zCciYh/n33Z9hNjPqp0UrDYf/4xfmwO+6fn2QX42Wn3p1g7ZOT8enLWoje2zUQfxx3++1+54+35ib+JTIVPzcv0YWgHrHvzIWgXAjKhaBcCMqFoFwIyoWgXAjKhaCc68253r5n15sLQTk3mHODfcshqNw5VROCenzJ9U4zO83sNPO6oNiyVi5WDTm96fTm49WbpTsnRlXW3jc3fwPCBREesffDBRFcEMEFEVwQwQURXBDBBRFcEMEFEZyrwrkqvmdXhQsiOGeIc4Z8y0EEs+hvKoCgEnPib+wl5ks/ELjFK1flleLmLt5JMp+TiMaxeUvp74Re0RYZGdndtfxk/heCsUXzD0feGvlUztFdY5HZnesIbqEGUBIGaffYz/rHCpblAq5LQqLMS06D5REXizT0NWXXwKsb8SCPcKXoDuA+/sB8ra+kSOKHGOgeY6Qr6n7SIDkNBxCCr4X8c513NDs4SD8cq/TLO0iTkgzAiAFKJgzCwIoCgg++kUlItQYOQUacfRQiCrg2V0+yoxJ/RqgacTKRIiIsONs/OWqf7eLB2MfChSzSVt62ipwAZ7YDZ3Co6SWE9qJbY+ufv/hHtzMcv2mfnR33Xo1Pz7r99vC0v8oHUQ973FsL0jsdbgJ23Bt3TnvD9nFvYG4RlVPd+FnT4gvZ2aPWtzWHnmbaVx7BLu92yJTGrfVFFFPJlOD21Bf6QIJCqYyO7DgO5+hR0jMYcbKGyDaimxEnO6nI2G1kx27v5zh3TiSlIpSMsaovhtYxS4EI6++p1Q36YcTbJJ8SlRTjoPC5Laz/EBPya640CdUG68Wan+RsZQCejHgorK/mN/JrhtBv5NcUdZJtZXoGvxWVeUGeVCkg1YWnK9gs7RrXslsKVGQ745ykvhRKmTWVZr+L+TqnvaNj89Tri9PTk267d2fFSx1ku7cO4rRfdsN1SjK7QhbVzdnu+NvEFyGeYfqofz6VWqbW6l7jq//XLIBg5TGOp1bB1LJnHm1YUKDVS4RKKGBg7ljt3hEJxZT55QterhW3MzHvXHmKgbdC9CjQy9TpHk90d63v6vHEDd8t38ruc4+Ju8fEnVR0UvGblooZ1u3sJxMe8HXxohvJWqHLPu+0j8QgI6ZTyyy1TdCJZb3QkfUTOSZ0TPg9M+Gg5BXdjhnTb0n6cYu0Sfp7cFQpNuXoBMhgBqB31C4iTwuMlztDR9zejf+WcifC+iK6ZHwpZyG7RUSZI7eKVnZNLnCwi8i6iKyLyBYisoWfRfs6ARGnQ50O/a506MP9ks02oTgNMtoiCFBgffulSYVH72cB22nqDr0/k+dPsdVLvxxslQwsPemWZcml4QRiULUxnvSkcivgczNGrNvapHaYVJEsoHH3VA3yccb8WZ5WaClpxNGuKb9G5/JLnFB8hEKxWmxTZNuUi7YLf2Q/PZrdBIrRh3zwoBApMBUv1a/UiBfywRIeAMaYU9607IiDNUtmUL9sxVQ8ehURfb9VKbJDr2hmknUE11KEi1V0MQnfgBmoTr+7ixsw4sronESCyn7pKhNnqUQpboYy6b6VvIdSFCWTR+Oi6BOXIZvSe+YRPMhPmN1ziu0e13S/S+Z+l8ypmUeqZr6k7e3qOR9xIYqr53T1nK6e09VzunpOV8/p6jldPaer53TRQxc9/I6ih66e0zlCnCPku6rndL9L5vSg04Pud8nKvpzygO53yZzu/ZZ17zf8u2T3/k2uzUIeizBykUILrQ+XybT5251asukU5Fdb+lI616LrwfO5bLbzqhW4Ui9X6uWi9E5BfrtR+i9c6vV/kX5rYpSf9H0iqKXUW/xzLWuHDLiuvwlZGHsZKsY7tzCO+vAhAYVP8pgVlsUl4rld8twfIgzyNyFwxDSGaGykhUIlkyScsDDEyEvl/QODhpOLTi5+x3LxNGeEoTVyN76X5EbxxhmHjo8cH33/fPS5vzLteMjxkOOh3MuzGfsUqw5c+NVxz+PknvUuWEe4jnAfKeGWPSjtss9jUzlt/Sjjil/EyWxH+o+Z9Gu7C9T9CrRNgwEJQVZHaesmX8xf/rOn+qBiwdU6fjGDpkV2uNjyWrpSmndR0zIFk+4RYwmesX/2/1I2jKP8GUR0vSMQE/xX7WjxbLnQ44lIeIBnmoVLfEx2C01EJeGmuAC9j9xkQo+pnCbGlYYLoUHIOIzhk288b1jamw+I9QwSaDAfwyemTHDTvMqjsIpkHABnaVp4mqcLn2Y0UTaQM6EshGCMoZ3CG7v00uSMYOQq0WMxGUvKp2CwNDkWiJbpZty+Xmu66DVlIRZRIsZU03EolLI9iZ4hu9jw0VKSiskR1lQniuBWZjX5aiaSMDDJ4eg0TqLsdeoJeTcVYhpCU8Z+syMCuFhqaFqBqBSdrjybamlHALZERe5NqI81F4A0QtIRllFinHT5NGRq1iRtPieJuuPTwjf4EnDI/o1lGJg2nhbIoF+1iP7A7EQzAE1ZqC5quuyb3Q0iZGHo9GVa60VuWj5G8PVkrLO07tJW1YV3c9mEbzvZxLUALpPpqrlWc6uWSY18wN5lvWVy85WRrfKSaUmlEcos3YBs3ymmfKXp/uS/TKmOyQWzw12C9Wib9jS9aHmQZkEupucQS6HFZTJptvm8+kg1x6eqMuGy+ZLMFxYTCTqR3B5jOmCLZBUEvm1ASsBqiED4an8q9g25qf3/QLA9WXps27vNJGE5xrlGyHrGlpiJAMMaQhlSoRiE8PZj8yhYU+bfZ2JFNZfHNImRzIf9TWa0elWZMHkiQ6/l3cQh1UhjXR7EgnF9u8S4XStiyWkMfHj0kmRfYIIhFn2bF+rzDcx6m4ZdZnZl11QylFo2plOZ0eqOVI0s997eYshZgZ9Ipude691Fw0PtkQZgXohgnmKIA00+cGUD1oZ/sBwBSwFLQaQ7t3dp6Yh6WinY8q4PTR6YUDqiRnfZSPVGR10aNmdcDNnghjFu62eNALFU8K4GzRoq8BoboHPR8My5tN55NzcYdj+X4e0tNn9IQKZbnB0Z/nXb8GZAA5CGcAJmfpQiWO1suVlofG+nn8bEdsnCLCsvGhNNc77eO0PG90W492den5kKRs/D3IrNp95sviGLQCR6742qzpTD4Xh7Q1t2k0EsGTKLLzB1Mta1sBcFzj87HWBuxqUITBZuZKwcT9KPaEzQj3Yh1iy0FWXYduOFlE8To3U9Oyb+978dXj4J +sidebar_class_name: "post api-method" +info_path: policy-registeredresources +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetRegisteredResourceValuesByFQNs + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"ActionAttributeValue","additionalProperties":false},"title":"action_attribute_values"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false}}},"title":"GetRegisteredResourceValuesByFQNsResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-get-registered-resource.api.mdx b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-get-registered-resource.api.mdx new file mode 100644 index 00000000..2e7496c4 --- /dev/null +++ b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-get-registered-resource.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-registeredresources-registered-resources-service-get-registered-resource +title: "GetRegisteredResource" +description: "GetRegisteredResource" +sidebar_label: "GetRegisteredResource" +hide_title: true +hide_table_of_contents: true +api: eJztPWtzGrmWf0XVu1Wx5wJ+5HETdmpmCWEyvnGwC/DUzgYvEd0H0LiROpLaCZPiv28dSd10A+YRJ9kkq3yJkY7e56XzUH8MNB2roP4muBQxC2ekA2OmNEiISAeUSGUIKriuBCIBSTUT/CwK6kFigGsyB5YZbG3RQd6+C/KWhVB7CXq1NqgECZV0ChokTuRjwOkUgnrQFJxDqKuXUmgRirj6B0jFBA8qAeNBPZgAjUAGlUDCu5RJiIK6lilUAhVOYEqD+sdAzxLsiafToYHUTMdbugaeToP6m5PrShCBCiVLcNFBPXgBI8aB6AmQWwtNxMj8dL2RxPUWVIJQcKWD+sl8XllZT49NQaS6+lqtrGT3mZc6uXOi2kJVCONkqoL5/NruFij9XEQzHCgUXAPX+CdNkpiF5pCP/lLY18fVGYnhXxDqoBIIDhcjc16JROTQDBTCsagArbRkfFyYP4uCSjASckp1UA/SlEXBfL5UvTjPN1hwjXtYHsPu6N2jmPpKMKUfzoGP9SSonz5+uLxPazCdtOkUyDRVmgyBUE5onEwoT6cgWUjsMBVC41i8Z3xMJrNkAlwRyiOS8gikCoUERYapJlxoQpU5hRGTShMhSUyVJuGEShpqkDXSmwBRWuAMcMbkPYtjHJjj/sTsb4iIFiQW70GSkCqo1fv87du3fa7Y33CgJ0wdkl/IMfmV4N+1KdXhBNTBg/95Q6t/N6r/fVx9dn3wa33xa1C9/qlQd/jrvz84JHWCZON67vPSebiNLJ6IKbpGTMqA1pJ1x6JZUAloFDHcchpfFg5xRGMFcxyrTL6mQCWCK3vUp8fH+F/56LppGIJSltA+DX3LCJWxLwPpliUXDGpz460YP6/shrHzSnBL49T26iCplHSGjELDVG1fyC5zMWNsArMA9iQ+dVuCkMkwjak8ONyCA5WAhljX0FqyYarhj6+wB3bI4rpcyeqq7mJ0Yaq0mG4aykGsMuhEQkg1lHlfDl2kNle4hgcqTXlEZVRcQ162YcjKynSdyAu6vUb7RaPzYtBo9s4u2oOrdvey1Tz77az1Iqis1L5oNTt/XvbW1PQ6jXb39VkvuC4urzC34gLzYsNS9hYl5WW+BI5aCkQEJQtKvYhqOqQK9qHBKWiK7Yo7m5dtYwahBJxAQxdbu8IB1StTXlQRBZoMZ0SBvAVJDoBrpmfk/UQQB2QFhIRQyAjM8lBEpRHTBG6B68N1h/uBTpMYjIp3ghzzpHZ8fPzw0fHxyalR7HJhHFENVdQYcA/SJFpdhitct4xF1YZlOKCvuIyYDiFeyzKyNTmIu1jUDkyyvBEisZ0QNRFSk2IlUsMGRrjcU1fLNNSoAaScvUshnhEW4W6OZoSSjA2T90xPSD7qon+So+ye4zY4sbwQj8WdXkg50fTGrJeW+HSJhWY1A7s59xacy1Mbb6TvfPi1c/psYlwltCwRF4XL881rsqvCZ5zNfnuzo8a8RNTKaqAJldpgD8llNDG3DFOoKkSlSYLYPpyRxZIbqZ60UTfuIxrRYQxkBJG7ReKcRu/4pilhtZPUt7AsqW9XZ2uLcQ4RjGgaa5JyzWICH1AvZDrGCgNUloNDIWKg3HN+z/l/OM5fCcaScv2FlelUsk1AWL0iZCI0GSnki5S8anQJ46gJhtDnV52zxRWc3NKYReSqc04OoDauVciDidaJqh8dRTAVtVBMjx4ckpHAOzlEiH6FjVAwngLXqkZaNJxkP23vSlOpzdUdeGT3cvnCn1/VK0YA4l2TMp5d+yt3AGMFj4iKqZqAyu/sS1d0s4pf60dHxbv64u9+v9+vXn88rjw5mZdu7AdYU9uz0eFPB/U3+Oc/Dn89OKr9ZC7+hRt/JUjSYczCVzArUr0tHNzAbMOFom6OD/dnQm/ReBJrlsRAbmBGEsqk2udKRcMJlG40rmR5eDszM4Y9ucWZM24ZAhO8RpqplHjiiYQRSDS03OaWvs14fwOze1BNAhsvhlhdMk89PXl2WgmmjGcFJ8sr/vD4+BlpdNu1E+JsHsg+L1uvCfBbiEUCFZKqlMbxDM/zZjPd3hgFojCBh1uGbzhW5IxgGT9iIMlISGN/wtMwAjseGxudMBLEXS6PrwtXQYRYHeCGi/dIgGMhmZ5MCc49o8sSVS/MxQR4KCKIan1OesKSdAUVLQVkSmfIQd5KReunx4+evjUT7XQbVdSJIvJe0iTBpVgN5S2EdQVhcvr4iTyxsK3mEmjFWPamQgKxOKayUWiE8owqwgFwPhtu2a8a3cHl1fPzs+bgVevPQeP85aDVvnq9dNu+C6rTbQxwNVtAHh0/e7IBpNUcdFvNy9PHTzon28EePn20C9jj05POSfnO/4qqy5yx7CUCF/ylz0nDsJgCzRv+KqZAqFIiZEa1yISeObpRKvUEZIamYa5z5gSA5L1FLJeMMxkfKhlnbOEa44yEqdAbFW4HsbzuG6qKC01lTKoLGa8YD8HwWhorgYgnQUsGt8jYGC20/H8lRr+eFF0jO+drzrSIJK7QmLc2m0GtWtczCFOw6ZnSgcGjZWwxDgSrDLoL5qtGt04Oztq9VqfdOK+Q1n/Zv9Zq1pnd7+Kq02wNen9etpZtfoWarM+l4mwApALE3lf3kps3VF1tViZvqBqsUyhxKxC9s32AGWkYJwHpmuvIpyg52GeBGAtd6wlFwooFHyvU093Wb9UqculWus/mhXefUeP85UXnrPf7spxYlBckQ7nQyYJFYas5QNa/Uvbw6aOVssenJ8GKK7Rrr/sQWWacTV/VdtQ88Ci2K0jbuLNBt7PNg1E1WGMqwXM9e7EBVQo03WV4+3xlEHurI6M4rpEwyyO/okZNUkXBZXimUaAQgz7VVnPhZESfkyurqRmX4oIt5DesHQwd5a6bYjoVnHhDiDeEfGFDSEl3hJmlSkeUe6mPKzTt4lrkrKgEOtvI3bqnoRsL5a45sDBw1siVApKRuiEvoJHlgV4Oejno5eAGOYgUs0JRJuRACN0E+UVNlvu5Tnay5ZQ7RLOM5cYkxHmNMC5lf8GbyfRc9Na87PWy9yvI3mYBaXeldSTcQWgodyXSTogSIVjSDydoBUDmI1Old2Bzn6QX5x5XkoV3yDQuBzTh77ubYTUx4meDVOr1OmfPr3qtQefqPLsYrxr17gRrnJ8PLn7bCNH+cwvE72etTqPT/P1PcxO/XxxZOXgr26g/nFN/N3xwM/AuqG/bduZdUN4F5V1Q3gXlXVDeBeVdUN4F5V1Q3vTmTW8/sunNu6C8Gcybwb5nF1RunNrggvr2guu9ZPaS2UvmbU6xValczBryctPLzW9XbpbunOhV2Xrf3D0V3TsRvmHrh3cieCeCdyJ4J4J3IngngncieCeCdyJ4U4U3VfzIpgrvRPDGEG8M+Z6dCGbR35UDQaXmxF/bS8yXfiBwj1euyivFzV28k2SakylNEvOW0n8QekPrpG94d8vSk/kvBqOL5g37wWd8YNHtXFNwC9WFEjNw1YMwqx8oWOULuC4JqTIvOXVXe1ws0uDXmN0CX96Iz/IIl5tuF+5jD8zX+lKKNPkcHd2jD7ei1gcNktO4CzGEWsg/tllHs4MD13CgXMs7UJOSDMCwAUpGDOLIsgKCD76RUUy1Bg5RhpwdZCIKuDZXT3Kg0nBCqOpzMpJiSlh0eXT+onF5iAdj34gWsohbedk6dAIc2XacwaGklxDbi+4GXf/q+b9azd7gdePy8qz9cnBx2eo0eheddTaIzbBn7a0g7YveLmBn7UHzot1rnLW75haxdKo7P2uaL3bK+JmtO5lvOHQXaV+CX97tmOETxCMSimlCJVOC21NfyAMJCrkyGrKTJJ6hRUlPoM/JFiTbCW/6nBw4lnFYyY7d3s9x7BxJSkkoGWEtvxi6iVgKSLj5nrq8QT/1eYPkQ6KQYhwUPreF+R9iRH7OhSah2r7rnK/5QU5WBuBBn8fC2mp+IT9nE/qF/OymTrKtdGfwS1GYF/jJMgY4WXixhsxc1WAjuTmgItkZ4yQNpVD2rerS6HcRX/Oi/eLMPPX6/OLivNVo35nxsgmy0d4GcdEpm+GaJZ69hBbLm7Pf8TdIKGI8Q/euez6UWsXW5b3Gh99vWQTR2mMcjK2A2UieubdhgYFWLhEqoTADc8dqtF+QWIxZWL7g5VJxPxXzzpW7GQRrWI8CvYqd/vFEf9f6oR5P3Gq3sc/k7qX3+cfE/WPinit6rvhdc8Vs1o3skwmf8XXxohnJaqGrNm9XRxKQU6adZuZ0EzRiWSv01NqJPBF6IvyRibBbsoruR4yuLXGN66RB3GfAqFJszNEIkMF0QR+oQ5w8LRBebgztc3s3/oejToQNxXTI+ErMQnaLmGaG3OVpZdfkAgV7j6z3yHqPbMEjW/g609dxiHgZ6mXoDyVDP9+XbPZxxWmQ0z2cAAXSty1NKDxaPwuzHTtz6P2JPH+KbTP3y8HW8cDSk25ZlJxzJxAzVevjcSeVawGfGjFizdYmtMOEimQOjbuHqpD3ExZO8rBCi0l9jnpN+TU6H1/imeI3yBSXk22KZOuoaD/3R/4BVKdLFL0PeedRwVNgMl6WW6k+L8SDmS+iEprRpiVH7KxWUoM6ZS1myaK3xKLvtypFDugNzVSypuBainixihYG4RswA9XstA5xA/pcGZmT4qdd3ZeuMnbmOEpxM+znYJfiHkpelIwfDYqsTwxjNqb3jCP4LJ8wu+cQ+z2u6b9L5r9L5sXMNypmvqTu7fM5v+FEFJ/P6fM5fT6nz+f0+Zw+n9Pnc/p8Tp/P6b2H3nv4A3kPfT6nN4R4Q8gPlc/pv0vm5aCXg/67ZGVbTrlD/10yL3u/Z9n7HX+X7N7f5NrN5bFwIxcxtFD6+SKZdn+7U0s2HoP8aktfCedaVH32eC4b7bxuBT7Vy6d6eS+9F5Dfr5f+C6d6/V+E3xof5Qd9Hw9qKfQWf24l7ZgB15tvQhbGXoaK/s49lKMOvEtB4ZM8ZoVldonz3C947ncRR/mbENij8yEaHWkhUMkojUcsjtHzsvT+gZmG54ueL/7AfPEiJ4SeVXJ3vpfkSvHOEYeejjwd/fh09KlfmfY05GnI01Bu5dmNfIpZB9796qnn26Se7SZYj7gecb9RxC1bUBplm8eufNraUQZLdhHPsz3qfw+ob2NcQEKUJUl+qpLvkd0j+zeK7DvSwkvQq+TQAZUIrrZRxHxu5mySSHF95em3pDTv/ro0HBPOlGCKqdHvj/5S1k2pwglM6XZDNyawrNvE4nFyoQcjkfIIjzFzB4YYzBkbj2HKTfIMWte5ifQfUDlOjakYF0KjmHEYwIfQWJYxdT3vEPN1JNBoNoAPTBnnvXl1SmGW1CACzlzag4tDhw8TmirrqBxRFkM0QNdl4Q1pOjQxUeiZTfVAjAaS8jGYWZoYIpyWqWbcvs5squgtZTEmCeOMqaaDWChla1I9QQqx7tGVICwTA6+pThXBrczenFATkcaRSX5Ap0g6zV5fH5E3YyHGMdRkEtaaIoLrlYKa5YFK0fHas1lOXYrApmDJ6oiGmFMEiCPE9bA6JcZJi49jpiY10uAzkqo7mhba4EvXMfsb04wwLcIlgKHfoDj9rtmJWgSaslhdb6iyb9JXiJCFrt3Ly9ZLUrOki+Db0VhnaQulrdoUvpCzI3y7zAZmRjBMx+vGWk+tWqYbWALWrooqk3uiDDuVQ6YllYYPM7cB2b5TDGl06SzkP00qmol1tN0NwXpsTLkLn1vtpFZghe4cEim0GKajWoPPlh9h5/gUW8Zcdl+SaWFnIkGnkttjdB3WSZYhE9oCxATM9olEqI7G4sigmzr6NwSrytJj8sE844RlH/4axhoYlWEiInTVCWXQg6JjLThKzEN3NZm3yViJqq32Y4J9WQhHd41iRaYy4R6pjIN68DGJqUZcavEoEYzr+QqBtiwrJRcJ8N6L30jWAgNl8fEC86WFfKOy2pohi4ldzS2VDLmT9U0ujWhlhBMXq7XzOYZOKAhTyfQsqL+5rgQoJZwj8bmIZm6GWVBF8HBEnz4ePXlUffzPk39WHz1+clodPhyF1dPw2ZOHoydP6Ig+QYLBZNeSm/TOzV7ZFFyUy4WtB7cnJtJRKD2lRnrZWIw7D7vUVU6u6IjE7WPcZoUbtmHx4M2GqW3Ag6ByxxSuK4E5mfqb4ONHDCC5kvF8jsXvUpBuk7NDw1/zSjABGoE0qBMx83mVaL3Z8ONCtgcHHefdPSQLnau8UAyZzim4eokkHoq4+keeaexYYBBglNDuQ+82Xo9NQaS6+lotj5TDYX/Vnk0gyyBWVJZFCwwCTvRG2OsCvV9edDHKaCgiE08+NfpMIOl7VBvoe7sQq/PZ3Egs+xjElI9TI18D2yf++1/2YXcG +sidebar_class_name: "post api-method" +info_path: policy-registeredresources +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetRegisteredResource + + + + + + + + + 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true\n```\n\n"}},"title":"name","required":["name"]}],"title":"GetRegisteredResourceRequest","additionalProperties":false}}},"required":true}} +> + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"ActionAttributeValue","additionalProperties":false},"title":"action_attribute_values"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"RegisteredResourceValue","additionalProperties":false},"title":"values"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false}},"title":"GetRegisteredResourceResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-list-registered-resource-values.api.mdx b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-list-registered-resource-values.api.mdx new file mode 100644 index 00000000..8e6c5856 --- /dev/null +++ b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-list-registered-resource-values.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-registeredresources-registered-resources-service-list-registered-resource-values +title: "ListRegisteredResourceValues" +description: "ListRegisteredResourceValues" +sidebar_label: "ListRegisteredResourceValues" +hide_title: true +hide_table_of_contents: true +api: eJztPWtz27aWfwXD3ZnYrSw/knZabW+7iqymvnFsjyR3Nht5FZg8klCTAAOAjlVf/fedA5AUScmUFCfZJIt8iUUcAgfAeeE8wHtP04nyWm+8CxEyf0Z6MGFKg4SA9ECJRPqgvKuGJ2KQVDPBTwKv5cUGuClzYJnBNhcd5O/3Qd4yH5qnTOnl5j9pmIDyGl5MJY1Ag0R87j1OI/BaXkdwDr7eu5BCC1+Ee3+CVExwr+Ex7rW8KdAApNfwJLxLmITAa2mZQMNT/hQi6rXuPT2LsSeeRNcGUjMdrukaeBJ5rTeHVw0vAOVLFuPcvZZ3DGPGgegpkFsLTcTY/Ex7I3Ham9fwfMGV9lqH83ljaT4DFoFI9N4rtTSTzTEvdfIgotpCNQjjJFLefH5lVwuUfi6CGQ7kC66Ba/yTxnHIfLPX+38p7Ot+GSNx/Rf4GjdNImVoBgpbMzJAIslhlZaMTwrYZ1AjFiyhfW7+oOGQZ3+RMYMwIFGiNLkGQsktDVlALi9PjltD/vbt2yFX7G/Y0VOmdsk//kEOyL/+RfBXM6Lan4LaefLmYO9nujdu7/1+df/TfK/489k2Pw+P5k9200GH3Jsj0U4Ypxb5+3yGhacPTRDXo3YtQxYxXVhGxjVMSlRgIRreWMiIagvy9KhmSUkfNNGC+IKP2SRBJg9gTJNQE9MXYWPChSHhWxZAMOTkFb1jURKl7Qo0ElEcUo2Dph0RygMCfCykDwG5nhFlGV7hAonxWEH9PFKQbSZybNGGoIqyN583PBoEzIJeFJZ0TEMF2JyNWyePepY/vDWdzatyxzxQseDK7uLRwQH+V55IP/F9UMpKiI/Bd7dWhi7gqJR0hoJFQ6TWv89q+ZUFuJFmjDowC2AXwKxkkSPyZ+vIfhNUrCh9GMq0ZyjXLIvnM+knIZU7D5DBbnV6hqQj0DSgmhbnlz+rEm1HRJHgpNBeP39fAtUQtHWx9/ThiOql/hdNhjtT7gNJdoBrpmfk/VSQFIi8Z2FIJPhCBsg6nFBOaBIwTeAWuN5dYJevKdzRKA7B2AiHSLKHzYODg6fPDg4Oj4xlkDNtQDXsoa7BNUriYHka6cNV01g01UwjBfqM0wjpNYQrGSgXwhbiITmxAbuUF0Jkak9NhdSk2LiBaKtrbnjUx7a21pJdJzqzvD6p1LBDFokgfbLMB4LD+diYfhWOSJQWUd1QKcSyCRRL8JFivKLYz6EXkvtN9vAKLbXy8EpTHlAZFOeQP6sZcgUNWqPS6w/aZ8ft3vGo3RmcnJ+NLs/6F93Oye8n3WOvsdR63O30Xl8MVrQMeu2z/quTgXdVnF4Bt+IE88dXaP5tuZHVab4AjscBCEiSMMOBKNuuqYJtxPMaOerkpJOTn0JOVnvqa5n4xi5OOHuXQDgjLMDVHM8IJZnhQt4zPSX5qIv+F6p9y3HbnFhZiNuS7p5POdH0xsyXluR0SYRmLSO7OI+2qaqoTWr5Ox9+JU4fzcJTMS3bkIuHVXzzluww/hGx2W5tNpJ9S0ytIED6i6nUhnpIrqOJOcebh6pBVBLHSO3XM7KYcjvR0zM8gw2RjOh1CGQMQequQZzG73gdSticaupbqGrq22Vs7WPEITs8JlyzkMAdHmCYDrHBAJX14LUQIVDuJL+T/N+c5G94E0m5/sTGdCJZHRA2LymZAH2zCuUiJS/bfcI4WoI+DPll72TZq9Y7JTvQnDQb5MlU61i19vcDiETTF9H+k10yFmEo3lsvT2EhFEwi4Fo1SZf60+yn7V1pKnXqIgrsWiIxhvGU8iQCyXziT6mkvgbZMAoQnSKUcTKdxVNAsbcaGBt4QFRI1RRUM3MGlj1//2Nm8Vtrf/8N3fu7vfffB3s/X+0s/h4Oh8O9q/uDxo+H8wLE7m872NLc8qXd73Za6C+8+n73t5395ne7v/171V+YXIfMfwmzkrvQPBzdwKzmQNEy24frM6W3QKIk1CwOgdzAjMSUSbXNkYr6UyidaNIn1eEtZmYMu3OLPWfcCgQmeJN0Eilxx2MJY5DoWLzNfen1dH8Ds0dwTQy1B0NsbngRvTsFPtFTr/XT4c9HDS9iPHtwWJ3x3Q8HP5N2/6x5SFLnHIrPi+4rAvwWQhFDgyQqoWE4w/28qefbG2NAFBB4umb4diqKiO0qk0cMJBkLadzauBtGYYcTHJoLo0HSw+XBVeEoiBDLA9xw8R4ZcCIk09OIIO4ZX5a4ehGQIcB9EUDQHHIyEJalG2hoKSARnaEEeSsVbR0dPPvprUG012/voU0UkPeSxjFOxVoob8FvKfDjox9+lIcWttupgDbIdaJJJCQQS2MqG4UGqM+oIhwA8ak5Zb9s90cXl89PTzqjl93Xo/bpi1H37PJV5bT9EFSv3x7hbNaAPDv4+ccakG5n1O92Lo5++LF3uB7s6U/PNgH74eiwd1g+87+k6iIXLFupwIV8GXLSNiKmwPNGvooICFVK+MyYFpnSM1s3TqSegszI1M9tzpwBkL238MnncqjknLEPVzhnJERC1xrcKUR13jdUFSeayJDsLXS8YtwHI2tpqAQSngQtGdyiYGO08Ob/KzX6+bToCt05X7GnRSJJHxr3Vr0b1Jp1A0MwBZ+ejUkaOqpSy2AKJDUG0wPmy3a/RXZOzgbd3ln7tEG6/2X/WmlZZ36/88tepzsavL7oVn1+hZasz8rjbADkAqTel4/SmzdUXdYbkzdUjVYZlLgUSN7ZOsCMtE00i/TNceRDjBzss8CMha71lCJjhYJPFNrp6dKvtSpy7VY6z+YPH96j9umL897J4I+qnlg8L2iG8sNUFywedjsjFP1Lz57+9Gzp2Q9Hh95SskHfHvchsMI4Q181N7Q8cCvWG0jr4wY3VNVH9JFYVrhKcF9PjmtIpcDTfYanz5eGsNdEXcvjGg1THfklNWaSKiouIzONAYUU9KG+mkIQ+tJaaghWEAv5CcuFCp0j5At1hJRsR5hZrkyZcivzcYmn0wQyOSsagalv5GHb0/CNhUqPObBwcDbJpQKSsbphL6CBlYFODzo96PRgjR5EjlniKJOkI4TugPykLsvtQicb+XLKHaJbxkpj4iNeY0yg2l7x5qmGGUTT6V6nez+D7u0UiHZTXkfGHfmGc6tI9YQoMYJlfX+KXgAUPjJRegMx90F2cR5xJVl6h0zCcgog/n74NWwmRv3UaKXBoHfy/HLQHfUuT7OD8bJT70Gw9unp6Pz3Woiz12sg/jjp9tq9zh+vzUn8cZmXiwTEYqbhn2lQfzN6WOQluhDUF+w7cyEoF4JyISgXgnIhKBeCciEoF4JyISjnenOut2/Z9eZCUM4N5txgX3MIKndO1YSgvrzkeqeZnWZ2mnldUGxZKxerhpzedHrzy9WbpTMnRlXWnjc3v7zBBRG+YO+HCyK4IIILIrggggsiuCCCCyK4IIILIjhXhXNVfMuuChdEcM4Q5wz5moMIZtJfVQBBJWbHX9lDzKe+IHCLW67KM8XFXdyTZF4nEY1jc5fSfxB6Q1tkaGR31/KT+S8EY4vmLw69NfKpnKO7xiKzK9cR3EL1oSQM0uaRn7WP7L23y/OSkChzk1N/ucfFJA19Tdgt8OpCfJRLuFJ0+/AYf2A+1xdSJPHH6OgRfaQz6t5pkJyGfQjB10L+uc47mm0cpC+OVPrmA6RJSQZgxABN77A2wAQvfCPjkGoNHIKMOHsoRBRwbY6eZEcl/pRQNeRkLEVEWHCxf3rcvtg1dyqby9iFLNJW/mwVOQGObDvO4FDTSwizS6oftPUvn/+z2xmMXrUvLk7OXozOL7q99uC8t8oHUQ97crYW5Ox8sAnYydmoc342aJ+c9c0porKrG19rmk82YvzEth3Oazb9NrupvgBfXe2QKY1L64soppIpwe2uL/SBBIVSGR3ZcRzO0KOkpzDkZA2RbUQ3Q052UpGx28i23Z7PceycSEpFKBljVW8MrWOWAhHWn1OrC/TdkLdJPiQqKcZB4XVbWP8hxuSXXGkSqg3Wizk/ydnKADwZ8lBYX82v5JcMoV/JLynqJFvKdA9+LSrzgjypUkCqC89XsFnaNKpltxSoyHbGOUl9KZQycyqN/hDzdc7Pjk/MVa/Pz89Pu+2zByte6iDbZ+sgzntlN1ynJLMrZFFdnO22v018EeIepl9OyIdSy9RaXevCJe8rtnE0sQqmlj3zaMOCAq1eIlRCAQNzxmqfHZNQTJhfPuDlWnE7E/PBmacYeCtEjwK9TJ3u8kR31vqmLk/c8N7yrew+d5m4u0zcSUUnFb9qqZhh3c4+mfARbxcvupGsFbrs807bSAwyYjq1zFLbBJ1Y1gsdWT+RY0LHhN8yE/ZLXtHtmDF9l6Qvt0ibpN/bo0qxCUcnQAbTB72jdhF5WmC83Bk65PZs/H3KnQjri+g6+97YilNElDlyq2hlx+QCB7uIrIvIuohsISJb+J7Z5wmIOB3qdOg3pUM/3pdstgnFaZDRFkGAAuvbN00qPHo/C9hOUnfo45k8v4qtXvrlYKtkYOlKtyxLLg0nEIOqjfGkO5VbAR+aMWLd1ia1w6SKZAGNh4dqkPdT5k/ztEJLSUOOdk35NjqXX+KE4hcoFKvFNkW2Tblou/BH9nXR7CRQjD7knQeFSIGpeKm+pYa8kA+W8AAwxpzypmVH7KxZMoN6ZSum4tGriOjHzUqRHXpDM5OsI7iWIlzMootJ+AbMQHV63V1cgCFXRuckElT2patMnKUSpbgYyqT7VvIeSlGU/DvTRdEnrkM2oY/MI/gonzB75BDbXa7pvkvmvkvm1MwXqmY+pe3t6jm/4EIUV8/p6jldPaer53T1nK6e09VzunpOV8/poocuevgNRQ9dPadzhDhHyDdVz+m+S+b0oNOD7rtkZV9OuUP3XTKne79m3fsVf5fs0d/k2izksQgjFym08PTjZTJtfnenlmwyAfnZpr6UzrVo+uj5XDbbedUMXKmXK/VyUXqnIL/eKP0nLvX6v0i/NTHKO/2YCGop9RZ/rmXtkAHX9SchC2MPQ8V45xbGUQ/eJaDwSh4zw7K4RDy3S577Q4RBficE9pjGEI2NtFCoZJyEYxaGGHmp3H9g0HBy0cnFb1gunueMMLBG7sbnktwo3jjj0PGR46Nvn48+9CvTjoccDzkeyr08m7FPserAhV8d93yZ3LPeBesI1xHuF0q4ZQ9Ku+zz2FROWz/KqOIXcTLbkf7XQPo2xwUkBFmR5Ica+TGdZBfKFJ1wi6drCdoWXpyPxwqKXkDGNdjT+yKsYiBHwoIW9oRx/fRoOZho3W8QkAU6JH0Zgwhwt8moCLbxkB0aot8zT9aTFgUSsohp8n06OhEyqzzEa5u7UWwIGDjhgmOmdoTxTjrWIImf1aXQiY3cCU3DWoQtxFpUBwhGfJFwc8UwspEEgrcSb0NIp0zpB4hJ9UDFgqt1VDWfGyI3y4ETK6PZldLcnZuWspiUoBjLNM127v+lLOEpfwoRXe8sxiKQVVxX5H8u9GgsEh4g32chNR8TIkMTdUu4KUBBDzU32fIjKieJcbfiRGgQMg4juPONdxbLv/MOseZFAg1mI7hjygTAzc1NCiuNRgFwlpYOpLnccDelibLBvjFlIQQjDP8V7mGm1yavCKObCdLpSFI+AYOlycNBtEwzEgrecGya6C1lIRbaIsZU01EolLItiZ4iLdgQ41Iik8kj11QniuBSZvc2qKlIwsAUEGBgIYmyG8zH5M1EiEkITRn7zY4I4GrpQdMqTaWQxFfsTbX8JwBbxiT3xtTHuhxAGiFpD8soMU66fBIyNW2SNp+RRD3wauEdvC06ZH9jqQ6WFqRFVOh7L6LfNyvRDEBTFqqrmiZ7r3sDOX/RdXp7sY00NK2sR/D1ZKyz1P/SUtWlAOTSAO//ssmNAVwnk1VjreZWLZMaux9bl20bU7+hjP6V10xLKo3iZukCZOtOMS0wLQkh/2nKuUy+oO3uGmzUwzxPU9CWO2kWRGC6D7EUWlwn42abz6oXmXO8ziwTLptPybxhMZGgE8ntNqYdtkhWZeLbB0gJWDETCF/tT8S+ITe1/28ItidLF7J780wSFserk6+eMTWnIkCFK5ShEooxKm8/NnfGNWX+ZiZRVHO5N5M3y3zYXzOYtbiUSaBIZOi1vPs4pBopq8uDWDCu50vs2rWClZzHwAfHv5PsDUw9xesAzLcL8mXLWpuGSaZ2UrdUMpRVNtpXGdFqjFR5LLfO55iMoMBPJNMzr/XmquGhzkhtg+cimKUYeqYYy04ZI4ML1imbOEaVe62DhpcaBa0D3DYsJi1ZQA/uwNIS4RTTWtOWd3torCqhdETNeDbXYR0hlHrMORrjfbimjNviayNZLI28qcGwhka8Rj0mVw3P7FrrjXd/j+kalzKcz/HxuwRkugHZhuKvecObAg1AGrIKmPmYSbDaSXe/sAK8nV4aS90lCxOzPF9MUM55fe8ChYEvwr0/87reVFh6HubkbD70ZuMNWAQi0XuvVHWkHA772xvYcq0MYsm4WbyBKbexroW9KoiEi/M+5vRci8Bkb0fG8vEkfY8GBn1vJ2KPE7YSEZ/deyHlk8RoYs/2if/+F+DbgCY= +sidebar_class_name: "post api-method" +info_path: policy-registeredresources +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +ListRegisteredResourceValues + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"ActionAttributeValue","additionalProperties":false},"title":"action_attribute_values"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"RegisteredResourceValue","additionalProperties":false},"title":"values"},"pagination":{"title":"pagination","type":"object","properties":{"currentOffset":{"type":"integer","title":"current_offset","format":"int32","description":"Requested pagination offset"},"nextOffset":{"type":"integer","title":"next_offset","format":"int32","description":"Calculated with request limit + offset or defaults\n Empty when none remain after current page"},"total":{"type":"integer","title":"total","format":"int32","description":"Total count of entire list"}},"additionalProperties":false}},"title":"ListRegisteredResourceValuesResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-list-registered-resources.api.mdx b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-list-registered-resources.api.mdx new file mode 100644 index 00000000..a2e52ec5 --- /dev/null +++ b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-list-registered-resources.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-registeredresources-registered-resources-service-list-registered-resources +title: "ListRegisteredResources" +description: "ListRegisteredResources" +sidebar_label: "ListRegisteredResources" +hide_title: true +hide_table_of_contents: true +api: eJztPX9z27aSXwXDu5nYrSzbSdtpdZ3XU2S19YtjeyS5c73Ip8DkSkJNAiwAOtbz6LvfLABSpCRTUpzkkhzyTyxgASyA/YVdLPgQaDpRQetNcCliFs5IDyZMaZAQkR4okckQVHDdCEQKkmom+GkUtILUADdlASxz2Oaig6J9H+QdC6F5xpReUx00gpRKmoAGiag8BJwmELSCjuAcQn1wKYUWoYgP/gCpmOBBI2A8aAVToBHIoBFI+DtjEqKgpWUGjUCFU0ho0HoI9CzFnniW3BhIzXS8oWvgWRK03hxfN4IIVChZitMOWsEJjBkHoqdA7iw0EWPz0/VGUtdb0AhCwZUOWsfzeWNlPgOWgMj0wWu1MpPtMa908iii2kI1COMkUcF8fm1XC5R+KaIZDhQKroFr/JOmacxCs82Hfyns62EVI3HzF4QaN00iUWgGCmtTOmGcWgweCmxLpctYXpg/KC5Wfc8xS5guIcC4hkllTSxEIxgLmVBtQV48f3TEISd90EQLEgo+ZpMMqT2CMc1iTUxfhI0JF2ZD71gE0ZCT1/SeJVni6hVoXNI0phoHdR0RyiMCfCxkCBG5mRFlKV8F80YgxmMF9fNwILtM5MSiDdEyysF83ghoFDELella0jGNFWB1Pu4jjNmzhBJs6Ge+zICmQKWCK7uBz4+O8L/qHPpZGIJSllU+BAEWIqgESqWkM2QyDYna3AWLSjBKS8Ynpd1hEW6j5eXHoUz9vBHc0Tj72LiYMerALIDdD7M4Zd4syuoZMAiZDLOYyr39DZTQCGiIdW2tJbvJNPzxCdbADlmelytZnZXgcDE2CqY6TJgpLZK6oRzEqqBNJYRUO25bgV6wxZu88Br1QXV4pSmPqIzKcyjKaoZsrKDrVFfQH7TPT9q9k1G7Mzi9OB9dnfcvu53TX0+7J0Fjpfak2+n9eTlYUzPotc/7r08HwXV5eiXcyhMsiq9Ryey4kcvT/A042hsQkSxjEYraiGp6QxXswoMJaIrtyitblG1SO6EERKCty61d4YjqFZQXVUY7OOkPkuwB10zPyLupIA6IvGNxTCSEQkZgpkc5oVnENIE74Hp/3ebe0ySNwRhrxyg3j5tHR0cvvjs6On5uTLRCaURUwwFqflyDLI1Wp+EK101jUVUzDQf0CacR0xuI14qMwgiwEI+JqC2EZHUhhFOyRE2F1KRcuUG1LvfU1zILjb2RcfZ3BvGMsAhXczwjlORimLxjekqKURf9k4Jkdxy3zYmVhbgtbvdCyommt2a+tCKnKyI0rxnZxdnEKzvz96SWv4vh1+L0dGycCFEprWrEReEyvkVNbvJ/QGx2W5utZN8KUyuIkP5SKrWhHlLoaGJOC6ZQNYjK0hSp/WZGFlNuZ3p6jrbtEMmI3sRAxhC58yDiNP6b16GE1U5T38Gypr5bxdYWIw65UZ5xzWIC92gdMh1jhQGq6sEbIWKg3Et+L/m/OsnfCCaScv2RjelMsjogrF5RMhE6fxTKRUpetfuEcbQEQxjyq94pSTKlyQ0QSu5ozCJy1Tsje9CcNBvk2VTrVLUODyNIRDMUyeGzfTIWcSze2dNzaSEUTBLgWjVJl4bT/KftXWkqtTt6R3YtkRjjdEp5loBkIQmnVNJQg2wYBYgnTso4mc7SKaDYWw+MFTwiKqZqCqrZGvK3b98OuZ4y1UyoDqeg9p79j5nFL63Dwzf04F/tg/8+Ovjpem/x93A4HB5cPxw1fjielyD2f9nDmuaOjfa/2Wu9wT+/3f9l77D5zf4v//5s3+E1NJIvzW5iFr6CWcUNYwpHtzCrOVC0zPbh+kzpHZAkizVLYyC3MCMpZVLtcqSi4RQqJxpXsjy8xcyMYXduseeMW4HABG+STiYl7ngqYQwSHTZ3hceunu5vYfYErkmh9mCI1Y0gofdnwCd6GrR+PP7peSNIGM8LjpdnfP/90U+k3T9vHhPn+UDxedl9TYDfQSxSaJBMZTSOZ7ift/V8e2sMiBICLzYM33aiiNiucnnEQJKxkASJG3fDKOx4gkNzYTSIO1weXZeOggixOsAtF++QASdCMj1NCOKe82WFqxduXwI8FBFEzSEnA2FZuoGGlgKS0BlKkLdS0dbzo+9+fGsQ7fXbB2gTReSdpGmKU7EWylsIWwrC9Pn3P8hjC9vtLIE2yE2mSSIkEEtjKh+FRqjPqCIcAPGpOWW/avdHl1cvz047o1fdP0fts99G3fOr10un7cegev32CGezAeS7o59+qAHpdkb9bufy+fc/9I43g7348bttwL5/ftw7rp75X1F1WQiWnVTgQr4MOWkbEVPieSNfRQKEKiVCZkyLXOmZrRtnUk9B5mQaFjZnwQDI3jv4Ogs5VHHO2MI1zhkJidC1BreDWJ73LVXliWYyJgcLHa8YD8HIWhorgYQnQUsGdyjYGC21/H+lRj+dFl2jO+dr9rRMJK7QuLfq3aDWrBsYgin59EzpyNDRMrUMpkCcMegOmK/a/RbZOz0fdHvn7bMG6f6X/WutZZ37/S6uep3uaPDnZXfZ51eqyftcKs4HQC5A6n31JL15S9VVvTF5S9VonUGJS4Hkna8DzEjbhApI3xxH3sfIwT5LzFjqWk8pMlYs+EShne6WfqNVUWi3ynm2KHx8j9pnv130Tge/L+uJRXlJM1QLnS5YFHY7IxT9K2Uvfvxupez758fBSkizb4/7EFlhnKOvmltaHrgVmw2kTdLZkNtp/WBUjda4SnBfT09qSKXE032Gp89XhrA3BjLK4xoNszzyK2rMJFVWXEZmGgMKKeh9fTWl4N6VtdQQrCQWihPWFo6OatcdkSSCE+8I8Y6Qj+wIqdiOMLNc6ZhyJ/NxhafdDRU5KxuBzjfyuO1p+MZCuWMOLBycTXKlgOSsbtgLaGRloNeDXg96PVijB5FjVjjKXDkQQndAflSX5W6hk618OdUO0S1jpTEJEa8x3k7ZXfHmOr1QvU2ve73u/QS6t1Mi2m15HRl3FBrOXUaqJ0SFESzrh1P0AqDwkZnSW4i597KLi4grya93yCyuXmjC3483w2pi1E+NVhoMeqcvrwbdUe/qLD8Yrzr1HgVrn52NLn6thTj/cwPE76fdXrvX+f1PcxJ/2j2y6uWtfKH+cEH97ejBYeBDUJ+378yHoHwIyoegfAjKh6B8CMqHoHwIyoegvOvNu96+ZtebD0F5N5h3g33JIajCOVUTgvr8Ltd7zew1s9fMm4Jiq1q5nDXk9abXm5+v3qycOTGqsvG8uX0qug8ifMbeDx9E8EEEH0TwQQQfRPBBBB9E8EEEH0TwrgrvqviaXRU+iOCdId4Z8iUHEcykv6gAgsrMjr+2h5iP/UDgDq9cVWeKi7t4J8k0JwlNU/OW0n8QektbZGhkd9fyk/kvBmOLFg2HwQd8YNGtXEdwC9WHijBw1aMwrx/Z90RX5yUhU+Ylp/5qj4tJGvqasDvgywvxQR7hcuj24Sn+wGKuv0mRpR+ioyf04WbUvdcgOY37EEOohfxjk3c03zhwDUfKtXyENCnJAYwYoGTMII6sKCD44BsZx1Rr4BDlxNlDIaKAa3P0JHsqC6eEqiEnYykSwqLLw7OT9uW+eavWvPYsZJm2irJ15AQ4su04h0NNLyHOH/991Na/evnPbmcwet2+vDw9/210cdnttQcXvXU+iHrY0/ONIOcXg23ATs9HnYvzQfv0vG9OEUu7uvWzpsVkE8ZPbd3xvGbT3U37CvzyasdMaVzaUCQplUwJbnd9oQ8kKJTK6MhO03iGHiU9hSEnG4hsK7oZcrLnRMZ+I992ez7HsQsiqSSh5Iy1/GJoHbOUiLD+nLq8QN8MeZsUQ6KSYhwUPreF+R9iTH4ulCah2mC9mPOzgq0MwLMhj4X11fyD/Jwj9A/ys0Od5Evp9uAfZWVekifLFOB04cUaNnNVo1p2c0BltjPOSRpKoZSZU2X0x5ivc3F+cmqeen15cXHWbZ8/mvFSB9k+3wRx0au64ToVmb1EFsuLs9v2t0koYtxD9z57MZRapdbltS49nr1mG0cTq2Bq2bOINiwo0OolQiWUMDBnrPb5CYnFhIXVA16hFXczMR+ducMgWCN6FOhV6vSPJ/qz1lf1eOJGv419Jncnu88/Ju4fE/dS0UvFL1oq5li3808mfMDXxctuJGuFrvq8XR1JQSZMO8vM2SboxLJe6MT6iTwTeib8mpmwX/GK7saMri1xjVukTdwHvahSbMLRCZDD9EHvqX1EnpYYr3CGDrk9G3/ruBNhQ5Hc5N9xWnOKSHJH7jJa+TG5xME+Iusjsj4iW4rIlr7O9GkCIl6Heh36VenQD/clm11CcRpkskMQoMT6tqW5Co/ezxK2E+cOfTqTF0+x1Uu/AmydDKw86ZbfknPhBGJQtTEet1OFFfC+N0as29pc7TBXRfKAxuNDNci7KQunxbVCS0lDjnZN9TU6f7/EC8XPUCguJ9uU2dZx0W7hj/zjnflJoBx9KDqPSpECk/Gy3EoNeek+WMYjwBiz403LjthZs2IG9apWzJJHb0lEP21WiuzRW5qbZB3BtRTxYhZdvIRvwAxUp9fdxwUYcmV0TiZB5V+6ysWZkyjlxVDmuu/SvYdKFCWXR6Oy6BM3MZvQJ94j+CCfMHviELs9rum/S+a/S+bVzGeqZj6m7e3zOT/jRBSfz+nzOX0+p8/n9PmcPp/T53P6fE6fz+mjhz56+BVFD30+p3eEeEfIV5XP6b9L5vWg14P+u2RVX061Q/9dMq97v2Td+wV/l+zJ3+TaLuSxCCOXKbRU+uFuMm3/dqeWbDIB+cmmvnKda1H1we9z2dvO62bgU718qpeP0nsF+eVG6T9yqtf/xfVbE6O810+JoFau3uLPjawdM+C6/iRkYexhqBzv3ME46sHfGSh8ksfMsCouEc/dLs/9LuKoeBMCe3QxRGMjLRQqGWfxmMUxRl6W3j8waHi56OXiVywXLwpGGFgjd+tzSWEUb33j0POR56Ovn4/e9yvTnoc8D3keKrw827FPOevAh18993ye3LPZBesJ1xPuZ0q4VQ9Ku+rz2FZOWz/KaMkv4mW2J/0vgfTtHReQEOVJku9r5Hti98T+xRH79qHqPIXYXO+gk/ztpLK/eVG6kZxtjtHFeKyg7PBmXIN1VC0iiAZyJCxoaUcY1y+er8bNracZIrJAh7jGGC+D+21GRbCth+zQGF38xb1UaVEgMUuYJt+60YmQeZItvlDeTVJDvsAJFxyTEhIM7dOxBknCPAWLTmyQWmga1yJsITaiOkAwEoqMm9e0kYkkEHyAexcyOmNKr5KS6oFKBVebaGo+N9RtVgLnVMWwK6V5IdolbJmLbykmI5udPPxLWZpT4RQSujkkgqlO69itzPhc6NFYZDxChs8DxyFe+41NbDnjJs0K4zDc5ISMqJxkJqiAE6FRzDiM4D40MQh85KDoEDO7JNBoNoJ7psw1D/M+mcJ8ulEEnLkEGZexAPdTmikb0h5TFkM0wiB36bVxemNuz2EMP0MSHUnKJ2CwNLfNEC1TjTSC73ibKnpHWYzp5Igx1XQUC6VsTaanSAY2kL5yXc9kS2iqM0VwKfPXSdRUZHFk0mQwfJYl+Tv9Y/JmIsQkhqZMw2ZHRHC9UtC02lIppO41e7Oc5BaBTdaTB2MaYvYZII0Q18MqSoyTLp/ETE2bpM1nJFOPNC21wTfRY/YvTEjDBBqXKogRpjL6fbMSzQg0ZbG6rqmyXy9oINMvunZvdNt4WtMKeQTfTMY6T3CpLFXdRZdCEOArd/YKbwQ32WTdWOu5Vcus5nSLtatGjclSUkbxyhumJZVGYzO3APm6U7z86hKfyH+apEVzK9Z2dwM2tmfK3UXL1U6aJenn9iGVQoubbNxs89nyc/0cH+3Lhcv2UzItLCYSdCa53UbXYYvkuVShLUBKwLywSITqcCIODbmpw39DsANZ+exAMM8lYXm8R0RrYMzLqYhQzQplCIRiEDY4TM2jiE1ZNCo0dXNNR3hLlYVw+Pg41sBS5nJQJuOgFTykMdVIT10epYJxPV9h0q4Vp+QiBT44+ZXkLfBaNT51Yb7LUSxWXts0rDG187mjkqGEspHspRGtnnAqY7V2PseLNgrCTDI9C1pvrhsBagpnDLwU0cxhaDqvWC9GSweto0bg9H3rCLcFU6Irxs2jy7yyGDgZlzHdCu6OjcEklE6oGc/e2KnZ6EpnBbNiwBoXjnH7ekBsZ4I08KYGuRoaCBqPInHdCMyutN4EDw941ehKxvM5Fv+dgXQLnG8Y/po3ginQCKQhm4iZD/FE6x3MDwvdHuz13D2AfbKwGatTxcv1BQcfXCKLhyI++KPISXciMAjwPtn2Q2833oAlIDJ98Fotj1TAYX8HA5tqmEOsmCyLFnhdPNW1sNclbr+86ON9tBsRmcyDxNgzgaTv0Gyg7+xE7OnAZtFi2UMQUz7JjH4NbJ/4738ByTo0iA== +sidebar_class_name: "post api-method" +info_path: policy-registeredresources +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +ListRegisteredResources + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"ActionAttributeValue","additionalProperties":false},"title":"action_attribute_values"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"RegisteredResourceValue","additionalProperties":false},"title":"values"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"RegisteredResource","additionalProperties":false},"title":"resources"},"pagination":{"title":"pagination","type":"object","properties":{"currentOffset":{"type":"integer","title":"current_offset","format":"int32","description":"Requested pagination offset"},"nextOffset":{"type":"integer","title":"next_offset","format":"int32","description":"Calculated with request limit + offset or defaults\n Empty when none remain after current page"},"total":{"type":"integer","title":"total","format":"int32","description":"Total count of entire list"}},"additionalProperties":false}},"title":"ListRegisteredResourcesResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-update-registered-resource-value.api.mdx b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-update-registered-resource-value.api.mdx new file mode 100644 index 00000000..54312624 --- /dev/null +++ b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-update-registered-resource-value.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-registeredresources-registered-resources-service-update-registered-resource-value +title: "UpdateRegisteredResourceValue" +description: "UpdateRegisteredResourceValue" +sidebar_label: "UpdateRegisteredResourceValue" +hide_title: true +hide_table_of_contents: true +api: eJztPW1z2zaTfwXDu5nYfWTZztvT6jrtMbLa+uLIHknuXC/yKTC5klBTAAOATtSM/vvNAiRFihIlxUmfJId8iQUsgQWwb9hdAB88TSfKa732rkTEgjnpwYQpDRJC0gMlEhmA8m4anohBUs0EPw+9lhcb4KbMgWUG21w2kH/fB3nPAmhexyHVUAX4nUYJeA0vppLOQINEhD54nM7Aa3ltwTkE+uhKCi0CER39DlIxwb2Gx7jX8qZAQ5Bew5PwNmESQq+lZQINTwVTmFGv9cHT8xhb4sns1kBqpqMtTQNPZl7r9elNwwtBBZLFOHiv5Z3BmHEgegrk3kITMTY/09ZInLbmNbxAcKW91uli0aiMZ8BmIBJ99EpVRrI75qVGNiKqLVSDME5mylssbuxsgdIvRDjHjgLBNXCNf9I4jlhgFvv4T4VtfahiJG7/hEDjokkkDc1AYS0LCzBKS8YnBaxZ6DW8sZAzqr2WlyTmdxnrXraIi4Z3b+iipr37lHBm9P0F8Imeeq3Hz56sNnlp/qDRkK8hbmKIj8wSpcktEMoJjeIp5ckMJAuI7bJBaBSJd4xPyHQeT4ErQnlIEh6CVIGQoMhtogkXmlBlZnzMpNJESBJRpUkwpZIGGmSTDKZAlBaIgsGevGNRhD1znJaI/QUh0YJE4h1IElAFzdaQv3nzZsgV+wsO9JSpQ/ITOSE/E/y7OaM6mII6ePS/r+nRX/7R/5wc/XBz8HNr+Wt0dPNdoe7w539/dEhaBHkkbXnIcbZpgNPkay3ZbaItU6rC7FMp6RxJVcNMraMEGkWXY8O5gkP6V5k6bBfntTRiYUZrSGWxWA+15PvXyx5ukOPW9d41XLi1f8Os2yjLN7AEYf8lFEQL/e9MRw8gmwK9VNcinbHqapgZv1mYFdlIGSWy++Utr12iDHhkWGg0fosSe8Z4tlSnRdKRrIzt2o9LWFdwWUdMJaAtJL3S5TbaXge+GUFD7Dco0rMG/DWcjPwZhsxKwqvCUMY0UlBdzRUkquplKVVJygZ5h1amKlSE9yyEkExBpgQqIY5oAMgNBN4zpZEjJARChgq1E1J+SDW9RYolA0FCiEBb+JTac8ysAFUNokAbYUjGDCJD9pQTmMV6TiKmdBOl2ww0xYbNOqVDzctqxtYWs5ngpABarwAjegvRWvGY9ZpCbFqPbdpusYqsSJElacNISvVLnQ3G2mMvYErvmZDrZmaUGJDRbQbTqGCXGkreq87AP/MH/uj66swfdEad7vWr0XW3f9Vpn/9y3jnzGutBOv896HQ31vY6Vxd+u+PdFBmk1o7sWbtmC71jc2V70RSoWHBlV+HxyQn+V57rfhIEoJS17D6FvbRq4nysWbW7tWTHaearuOJ52TYC3wUVvkXHmvoM5b1sjCIuXsBkkERUHhwW2t68vdhN/qU47Ssy9pUTgQSqIfR1sfW0cER1pf1llRF3t3OiQN6DJAfANdNz8m4qSAqUiVqUqhCiWEWjJAmZJnAPXB+uY+P3dBZHYLaCp0jgp82Tk5MnT09OTh+bDWCur5D3jnBHgXNk5cPKMNLCdcNYVtUMIwX6G4fxL5TaaiqkJsXKbQJ8q3x/sCW/P8fbLotEkJZU+WCTCRgkSotZXVcpRHWjG0sIkGJKZlQOXTSd0sI1Bp3SlIdUhsUx5GU1XW7WiP2B3z3ze2cjvz04v+yuKMPV2rNOu/fH1WBNzaDnd/uvzgdlJVjArTjAvNhYhHtvzsvD/BU4en0gJGikIgdmttk+Un6LHHVy0snJzyEnV1vqa5kEGncHCWdvE4jmhIU4m+M5oSSzf8g7pqck73XZ/lK179mvz/OdCyfp6gWUE03vzHjLu7mSCC3vwR5umq2iNqnl77z7tTh9MkNRxbRsii4LV/HNazKX6yfEZr+52Un2VZhaWadMTKVmK1tm4601hbihTeIYqf12TpZD9hM97aLXaIhkRG8jIGMIU6884jSu95pgdaqp72FVU99XsbXFiEMIY5pEmiRcM9y243aH6QgrDFBZD94KEQHlTvI7yf/NSf6GN5GU689sTKPLsgYIqytKJsQQnEK5SMlLv08YR0swgCG/7p0vndPoM2Mhue5dkANoTpoN8miqdaxax8chzEQzELPjR4dkLNBbDSGSX2EiFExmwLVqkg4NptlP27rSVGrj1AYe2rlcdYXnTuyGUYDoQqGMZw7xxgZgrOAhURFVU1Cb3NhmFD+3jo+L/uzl38PhcHh08+Gk8fx0UfJqH2BNc8+PDr87aL3GP/9x+PPBcfO7Ved4w4uT24gFL2Fe5HpbOLqDec2GomWWD+dnSu8xrBBpFkdA7mBOYsqk2mdLRYMplHY0aclq9xYz04ddueWaM24FAhO8SdqJlLjisYQxSBPEyiOm9XR/B/MHcE0MtRtDrC7Far4//eHxakSgPOL3z05+IH6/2zwlqSsPxedV5xUBfg+RiKFBEpXQKJrjet7V8+2dMSAKCDzZ0r2fiqI0PJTJIwaSjIW03mykExR00QS75sJokHRzeXJTdNlHk6pAIHdcvEMGnAjJ9HRGEPeML0tcvQy7E+CBCCFsDjn63g1LN9DQUkBmdI4S5I1UtPX45On3bwyivb5/hDZRSN5JGsc4FGuhvIGgpSCIHz97Lk8tbKe9AtowMa+ZkEAsjamsFxqiPqOKcADEp2aX/dLvj66uX1yct0cvO3+M/Itf17meN0H1+v4IR7MF5OnJD89rQDrtUb/Tvnr87HnvdDvYk++f7gL27PFp77S8539J1VUuWPZSgUv5gvEaI2IKPG/kq5gBoUqJgBnTIlN6ZunGidRTkBmZBrnNmTMAsvcOjquKHCo5Z2zhGueMhJnQtQZ3CrE67juqigNNZESOljpeMR6AkbU0UgIJT4KWDO5RsDFa+PL/lRr9+7ToGt25WLOmRSJJC417q94Nas26gSGYgk/PlI4MHa1SiwmtW2Mw3WC+9PstcnDeHXR6Xf+iQTBahX+ttawzv9/lda/dGQ3+uOqs+vwKNVmbK8VZB8gFSL0vH6Q376i6rjcm76garTMocSqQvLN5gDnxTeyL9M125GOMHGyzwIyFpvWUImNFgk8U2unp1G+1KnLtVtrP5oWb18i/+PWydz74bVVPLMsLmqFcmOqCZWGnPULRXyl78v3TStmzx6deJaWsb7f7EFphnKGvmjtaHrgU2w2k7XGDO6rqExmQWNa4SnBdz89qSKXA032Gu8+XhrB3jslhv0bDrPb8khozSRUVl5GZxoBCCvpYX00hBeDaWmomy2YpFvIdlgsVOkfIF+oIKdmOMLdcmTLlXuZjhafTPGE5LxqBqW9ks+1p+MZCpdscWDo4m+RaAclY3bAX0NDKQKcHnR50erBGDyLHVDjK5PoIodsgP6vLcr/QyU6+nHKD6Jax0pgEiNcY0632V7yZTs9Vb9PpXqd7/wbd2y4Q7a68jow7CgznVs5ICFFiBMv6wRS9ACh8ZKL0DmLuo+ziZfZtlt4hk6icSYi/N3+G1cSonxqtNBj0zl9cDzqj3vVFtjGuOvU2gvkXF6PLX2ohun9sgfjtvNPze+3f/jA78c+RqfixeYkuBPUF+85cCMqFoFwIyoWgXAjKhaBcCMqFoFwIyrnenOvtW3a9uRCUc4M5N9jXHILKnVM1IagvL7neaWanmZ1m3hYUq2rl4qkhpzed3vxy9WZpz4lRla37zd3vgHBBhC/Y++GCCC6I4IIILojgggguiOCCCC6I4IIIzlXhXBXfsqvCBRGcM8Q5Q77mIIIZ9FcVQFCJWfFXdhPzuS8I3OOWq/JIcXJXrhYmMxrH5i6l/yD0jrbI0MjujuUn818ExhbNPxx6W+RTOUd3i0VmZ64tuIXqQ0kYpNWjIKsfKajKBRyXhESZm5z61RaXgzT0NWH3ULlj+ZNcwpWi24eH+APzsf4qRRJ/ioYe0EY6os57DZLTqA8RBFrI37d5R7OFg/TDkUq/3ECalGQARgzQ9AJqe7E/XvhGxhHVGjiEGXH2UIgo4NpsPcmBSoIpoWrIyViKGWHh1fHFmX91iAtj39wo38ycl60jJ8CebcMZHGp6CZHd6NbY+tcv/qvTHoxe+VdX591fR5dXnZ4/uOyt80HUw553t4J0Lwe7gJ13R+3L7sA/7/bNLmJlVXe+1jQf7Izxc1t3uqhZ9PzC8wL86mzjveI4tYGYxVQyJXh6G3muDyQolMroyI7jaI4eJT2FISdbiGwnuhlycpCKjMNGtux2f45950RSOoSSMdbqjaF1zFIgwvp96uoEfTfkPsm7RCXFOCi8bgvPf4gx+TFXmoRq++JBPuZHOVsZgEdDHgnrq/mJ/Jgh9BP5MUWdZFOZrsFPRWVekCerFJDqwss1bJZWjWrZLQUqsp1xTtJACmVfcSj1von52pfds3Nz1euLy8uLjt/deOKlDtLvboO47JXdcO2SzF4hi9XJ2W/5fRKICNcwfR8n70pVqXV1rvN3A9Yu42hiFUwte+bRhiUFWr1EqIQCBmaP5XfPSCQmLChv8HKtuJ+JuXHkKQbeGtGjQFep012e6PZa39TliTveW76X3ecuE3eXiTup6KTiVy0VM6z97MmET3i7eNGNZK3Qqs87rSMxyBnTqWWW2ibpq0xMGXcEzrJjQseE3zAT9kte0f2YMf2WpB+3iE/SZ1WpUmzC0QmQwfRBH6hD81hZgfFyZ+iQ273xP1LuRNhAzG4Zr+QsZLuIWebIXUUr2yYXONhFZF1E1kVkCxHZwrNof09AxOlQp0O/KR366V6y2ScUp0HO9ggCFFjffmlS4dH7WcB2krpDH87k+VVs9dIvB1snA0tXumVZcmk4gRhUbYwnXancCvjYjBHrtjapHSZVJAtobO6qQd5NWTDN0wotJQ052jXl2+hcfokTil+gUFw9bFNk25SL9gt/5K/Lp7ZEMfqQNx4WIgXmxMvqV2rIC/lg5q1wQjPetOyIjTVLZlCvbMXUPh39wFEpckDvaGaStQXXUkTLUXQwCd+AGah2r3OIEzDkyuicBB89T1+6ysRZKlGKk2EfSl99W9orpdemubBF0SduIzahD8wj+CRPmD2wi/0u13Tvkrl3yZya+ULVzOe0vd15zi/4IIo7z+nOc7rznO48pzvP6c5zuvOc7jynO8/poocuevgNRQ/deU7nCHGOkG/qPKd7l8zpQacH3btkZV9OuUH3LpnTvV+z7v2K3yV78Jtcu4U8lmHkIoUWSj9dJtPud3dqySYTkH/b0CvpXMuqT57PZbOd143AHfVyR71clN4pyK83Sv+Zj3r9K9JvTYzyvX5IBLWUeos/t7J2xIDr+p2QhbGboWK8cw/jqAdvE1B4JY8ZYVlcIp77Jc/9JqIwvxMCW0xjiMZGWipUMk6iMYsijLys3H9g0HBy0cnFb1guXuaMMLBG7s77ktwo3jnj0PGR46Nvn48+9pVpx0OOhxwP5V6e3dineOrAhV8d93yZ3LPdBesI1xHuF0q4ZQ+KX/Z57CqnrR9ltOIXcTLbkf7XQPo2xwUkhNkhyV2ov9DAtZnqDc30QMWCq63NLczozAk8nInyQDtSmktT0zMMJhckxvN5xjg6/lPZGI8KpjCj272EmP2/brqLC8+FHo1FwkNc8CyWEmAmXGTCLQk3Jw/QNclNmvSIykli/Gw4EBpGjMMI3gfGLYfnfvMG8bCDBBrOR/CeKRP5NFf2KDxiMgqBszRnPE3ihfdTmigb5RlTFkE4wrhP4QJeemsSSjCsleiRGI8k5RMwWJoEDETLVDNur7Y1VfSesghPWCLGVNNRJJSyNYmeIi/Z2FIlg8UkEGuqE0VwKrMD+2oqkig0mePoUU5m2dXVY/J6IsQkgqaMg2ZbhHBTKWhaaakUnaxdm9VzHyHY8yvyaEwDPJABSCMkbaGKEuOkwycRU9Mm8fmcJGrDp4Vv8JrgiP2FZzQwpzw9PYNO1yL6fTMTzRA0ZZG6qamyF3o3iJCFptNra62LuWmZHMG3k7HOcr5LU1UX+80FF178ZLPaQrhNJuv6Ws+tWiY1Bh/WVpWaSdxXRvDKW6YllUZis3QCsnmnmA+WngUg/2nO8ZhEMdvcLVh3tylPc4+qjTQLQjNdh1gKLW6TcdPn89UbrDneY5UJl92HZL6wmEjQieR2GdMGWyQ7XhDYAqQEPCoRikAdT8SxITd1/G8IdiRLN3F7i0wSFvurFbCeMTKmIsR4h1CGTChGJ7zj2NwW1pT5h5lIUc1qYyZjkgVwvK03q2yViZ0nMvJa3oc4ohppq8PDWDCuFxWG7VjRSi5j4IOzX0j2BWYd4klwc219PnFZbdOwydSO6p5KhtLKBnpWerQ6I1Uf1drFAuPQCoJEMj33Wq9vGh5qjTQq80KE8xTDLELtPRnT75+Nnz89evbP038ePX32/PHR7ZNxcPQ4+OH5k/Hz53RMn3s5ry15jK6xJO1k2ZrzPRovx+B+ecsLbH5TNi5z62NRsDrtUr6AKb1neCO596oz8M/8gT+6vjrzB2suBV+gjhiLUhBtIxVVVhnnIz0p2fLuT00enFB6Ro16tpH6rdRcajKXSxiuQrpg3J4dNvLREvrrGhRrCN1rbEHlpuEZ0mu99j58wHSDaxktFlj8NgGZUlFGlfhr0fCmQEOQZrlDZh7jCNc7mT4sjRnvoJfGAg/J0hwtDxgTbHORdXSFMi0Q0dHv+bnUjA49zCnZvevd+huwGYhEH71Sqz3lcNje0cAeN8ogKjba8gtMGY11LexNQbBdXfYxJ+VWhCb7eGYMOE/Sd2gn0Xd2INYctifpsAyZgk8SY1B4tk38939dVxmB +sidebar_class_name: "post api-method" +info_path: policy-registeredresources +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +UpdateRegisteredResourceValue + + + + + + + + + 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true\n```\n\n"},"actionAttributeValues":{"type":"array","items":{"type":"object","allOf":[{"oneOf":[{"properties":{"actionId":{"type":"string","title":"action_id","format":"uuid"}},"title":"action_id","required":["actionId"]},{"properties":{"actionName":{"type":"string","title":"action_name","maxLength":253,"description":"Action name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored action name will be normalized to lower case.:\n```\nthis.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$')\n```\n\n"}},"title":"action_name","required":["actionName"]}]},{"oneOf":[{"properties":{"attributeValueFqn":{"type":"string","title":"attribute_value_fqn","minLength":1,"format":"uri"}},"title":"attribute_value_fqn","required":["attributeValueFqn"]},{"properties":{"attributeValueId":{"type":"string","title":"attribute_value_id","format":"uuid"}},"title":"attribute_value_id","required":["attributeValueId"]}]}],"title":"ActionAttributeValue","additionalProperties":false},"title":"action_attribute_values","description":"Optional\n Action Attribute Values provided here will replace all existing records in the database. To delete all action attribute values, set this field to an empty list."},"metadata":{"title":"metadata","description":"Optional\n Common metadata","type":"object","properties":{"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional labels"}},"additionalProperties":false},"metadataUpdateBehavior":{"title":"metadata_update_behavior","type":"string","enum":["METADATA_UPDATE_ENUM_UNSPECIFIED","METADATA_UPDATE_ENUM_EXTEND","METADATA_UPDATE_ENUM_REPLACE"]}},"title":"UpdateRegisteredResourceValueRequest","additionalProperties":false}}},"required":true}} +> + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"ActionAttributeValue","additionalProperties":false},"title":"action_attribute_values"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"RegisteredResourceValue","additionalProperties":false}},"title":"UpdateRegisteredResourceValueResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-update-registered-resource.api.mdx b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-update-registered-resource.api.mdx new file mode 100644 index 00000000..927db647 --- /dev/null +++ b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources-registered-resources-service-update-registered-resource.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-registeredresources-registered-resources-service-update-registered-resource +title: "UpdateRegisteredResource" +description: "UpdateRegisteredResource" +sidebar_label: "UpdateRegisteredResource" +hide_title: true +hide_table_of_contents: true +api: eJztPWtz27aWfwXD3ZnYvbL8yOO22k67jKym3jiyR5I72428DEQeSagpgAVAJ2pG/33nACRF6q3YzU2yyJdYxCFwAJwXzgP86Gk6Ul7jrXctYhZOSQdGTGmQEJEOKJHKEJR3W/NEApJqJvhF5DW8xADXZQEsc9j6vIPi/S7IexZC/SaJqIZlAK/mJVTSCWiQiMtHj9MJeA2vKTiHUB9dS6FFKOKj30AqJrhX8xj3Gt4YaATSq3kS/kyZhMhraJlCzVPhGCbUa3z09DTBnng6GRhIzXS8pWvg6cRrvD29rXkRqFCyBOftNbxzGDIORI+B3FtoIobmZ9YbSbLevJoXCq601zidzWpL8+mxCYhUH71RSzPZHfNKJ2sR1RaqRhgnE+XNZrd2tUDplyKa4kCh4Bq4xj9pksQsNPt8/IfCvj4uYyQGf0CocdMkUoVmoLCVRSUYpSXjoxLWLPJq3lDICdVew0tT87uKdSffxFktW7D13Zn2mjehHy6Bj/TYa5w9f7rY4ZX5g8Z9voKqSZtOgExSpckACOWExsmY8nQCkoXEDlgjNI7Fe8ZHZDxNxsAVoTwiKY9AqlBIUGSQasKFJlSZ5R4yqTQRksRUaRKOqaShBlknvTEQpQVigLiT9yyOcWCOSxKzvyAiWpBYvAdJQqqg3ujzd+/e9blif8GBHjN1SH4iJ+Rngn/XJ1SHY1AHT/73LT36yz/6n5OjH24Pfm7MfwVHt9+V2g5//vcnh6RBkD+ynvscV3oCmkZU2w3OVrd4tn5FSVNMJoKTEuhm8ojpAGK1iozyUTOImkejiNlxritdrCOGexqngHOpIisyZEnW8Wy2rushjRWU1sIKqpcwpvdMyFUrE6QGJBjkMLUl7DIx4r1p9fxzv+cHN9fnfq8VtNo3b4Kbdve61bz45aJ17tVWg7T+u9dqr23ttK4v/WbLu8VZ5ditE7Ady/Brl9bOH3uqClLzQCWCK7sBZycn+F91mbtpGIJSVuQ9hiDJdckjiJxdJcmsZomoTGZUSjpF+axhspJu98fFEuoulFxZg6xRztXlJlS8kMkwjak8ONyy4TWPhtjmay3ZINXw22dYAztkeV7Zk+VZCQ5XQ2MPVIcJU6XFZNNQGcSyXkwkhFSjjpmtgJ5T/9v84S2q7+rwSlMeURmV51A82zDkehHR7fntc79zHvjN3sVVe0E6LLaet5qd3697K1p6Hb/dfXPRq0qFEm7lCRaPb9Em2FuXV6f5CjjahxARVO1obKCUHFAF+/DgFl20mfhCCYiAr8tvZw8DqpdQnjcRBZoMpkSBvAdJDoBrpqfk/ViQDMiqawmhkBGY6aHBkEZME7gHrg9Xbe4HOkliMMb1KYrH0/rJycnTZycnp2fGpC6sIRTaR2io4RpYxbIwjezhqmnMmzZMIwP6jNP4F6p7NRZSk3LjFs2/2FNXyzTUaI+lnP2ZQjwlLMLVHE4JJbkYJu+ZHpNi1Hn/c5toz3F9TqwsxG3Jdi+knGh6Z+ZLK3K6IkLzlsAuzjZe2Zu/Rxv5uxh+JU4PxyYTISqhVY04f7iIb9GSn9AeEZv91mbHk8wCUyt7Hkio1IZ6SKGjiTncmYeqRlSaJEjtgymZT9lP9biNJ5U+khEdxECGEGXnd8Rp+CffhBI2Z5r6HhY19f0ytvYx4hDBkKaxJinXLCbwAY1ApmNsMEBVPTgQIga6yynESX4n+b8uyV/zRpJy/Tcb06lkm4CweUnJROisUygXKXntdwnjaAmG0Oc3nYu5Q4Tc05hF5KZzSQ6gPqrXyJOx1olqHB9HMBH1UEyOnxySoUAPCURIfqWFUDCaANeqTlo0HOc/be9KU6mNIwV4ZNdy0f1SOE5qRgHiwZIynjthamuAsYFHRMVUjUEVHpQFh4mZxc+N4+Oy52T+d7/f7x/dfjypvTidVfwnB9hS3/Olw+8OGm/xz38c/nxwXP/OuGEq/pckHcQsfA3TMtfbh8EdTDccKBpm+3B9xvQeXVmxZkkM5A6mJKFMqn2OVDQcQ+VEkz1ZHN5iZsawOzffc8atQGCC10kzlRJ3PJEwBIlur/vCwbqZ7u9g+gCuSWDjwRCbK27D709/OKt5E8bzB6eLM/7w/OQH4nfb9VOSOThQfF633hDg9xCLBGokVSmN4ynu591mvr0zBkQJgadbhvczUZS5JHN5xECSoZDGG4i7YRR2PMKhuTAaJDtcntyWjoIIsTzAHRfvkQFHQjI9nhDEPefLClfPvfQEeCgiiOp9TnrCsnQNDS0FZEKnKEHeSUUbZyfPvn9nEO10/SO0iSLyXtIkwalYC+UdhA0FYXL2/IU8tbCt5gJozfhZJ0ICsTSm8lFohPqMKsIBEJ8Np+zXfje4vnl5edEMXrd+D/zLV6t8ceugOl0/wNlsAXl28sOLDSCtZtBtNa/Pnr/onG4He/r9s13Anp+ddk6rZ/7XVF0XgmUvFTiXL31OfCNiSjxv5KuYAKFKiZAZ0yJXembrhqnUY5A5mYaFzVkwALL3Nlds2TmTy6GKc8Y+XOGckTAReqPBnUEszvuOqvJEUxmTo7mOV4yHYGQtjZVAwpOgJYN7FGyMlt78f6VGP58WXaE7Zyv2tEwk2UPj3trsBrVmXc8QTMmnZ54Gho4WqcWEc6wxmB0wX/vdBjm4aPdanbZ/WSPovse/VlrWud/v6qbTbAW9369biz6/Ukve58LjfADkAqTe1w/Sm3dU3Ww2Ju+oClYZlLgUSN75OsCU+CYiQLrmOPIpRg72WWLGUtd6TJGxYsFHCu30bOm3WhWFdqucZ4uH6/fIv3x11bno/bqoJ+bPS5qh+jDTBfOHrWaAon/p2dPvny09e3526i1FoLv2uA+RFcY5+qq+o+WBW7HdQNoeKLuj6mLzYFQFK1wluK8X5xtIpcTTXYanz9eGsLcGMsrjGg2zOPJraswkVVZcRmYaAwop6FN9NaWY6I211EyAdy4WihPW3uHWfWOszhHiHCGf5gip2I4wtVyZMeVe5uMST2cZRXJaNgIz38h629PwjYXKjjkwd3DWyY0CkrO6YS+gkZWBTg86Pej04AY9iByzxFEm5UAI3QT5t7os9wud7OTLqXaIbhkrjUmIeA0xCWV/xZvr9EL11p3udbr3M+jeZolod+V1ZNwgNJy7lFIpRIURLOuHY/QCoPCRqdI7iLlPsouLiCvJ0ztkGlcTmvD3+tewmRj1s0Er9Xqdi5c3vVbQubnMD8bLTr21YP7lZXD1y0aI9u9bIH69aHX8TvPX381J/GF5ZNXkrXyhfsuC+rvRQ4aBC0F92b4zF4JyISgXgnIhKBeCciEoF4JyISgXgnKuN+d6+5Zdby4E5dxgzg32NYegCufUhhDUl5dc7zSz08xOM28Lii1r5XLVkNObTm9+uXqzcubEqMrW8+bupeguiPAFez9cEMEFEVwQwQURXBDBBRFcEMEFEVwQwbkqnKviW3ZVuCCCc4Y4Z8jXHEQwk/6qAggqNTv+xh5i/u4LAve45ao6U1zc+T1J5nUyoUli7lL6D0LvaIP0jexuWX4y/8VgbNHixb73iBcsZivXFNxCdaEiDLLmIMzbAwXLcgHnJSFV5ian7nKP80ka+hqxe+CLC/Eol3Bl6HbhIf7AYq6vpEiTx+joAX1kM2p90CA5jbsQQ6iF/G2bdzTfOMheDFT25hrSpCQHMGKAkiGDOLKigOCFb2QYU62BQ5QTZweFiAKuzdGTHKg0HBOq+pwMpZgQFl0fX57714e4MfZ27upVtcWzVeQEOLLtOIdDTS8htgfdDbb+zcv/ajV7wRv/+vqi/Sq4um51/N5VZ5UPYjPsRXsrSPuqtwvYRTtoXrV7/kW7a04RC7u687WmxWQnjF/YttPZhk3PMu0r8IurHTO8EHpIQjFJqGRKcLvrc30gQaFURkd2ksRT9CjpMfQ52UJkO9FNn5ODTGQc1vJtt+dzHLsgkkoRSs5YizeGbmKWEhFuPqcuLtB3fe6TYkhUUoyDwuu2sP5DDMmPhdIkVNtbtos5PynYygA86fNYWF/NT+THHKGfyI8Z6iRfymwPfior85I8WaSATBderWCzrCnYyG4ZUJntjHOShlIoe3N4ZfR1zNe8ap9fmKteX15dXbb89tqKl02QfnsbxFWn6oZrVmT2AlksLs5+2++TUMS4h9l1+sVQaplaF9ca79u/Z5G9Mn5pG4ORVTAb2bOINswp0OolQiWUMDBnLL99TmIxYmH1gFdoxf1MzLUzzzDwVogeBXqZOt3lie6s9U1dnrjVb2Ovyd3L7nOXibvLxJ1UdFLxq5aKOdZ+/smER7xdvOxGslboss87ayMJyAnTmWWW2SboxLJe6In1EzkmdEz4LTNht+IV3Y8Zs3dJ9nKD+CT7ABtVio04OgFymC7oA3WIyNMS4xXO0D63Z+N/ZNyJsKGYDBhfylnITxGT3JG7iFZ+TC5xsIvIuoisi8iWIrKlrzN9noCI06FOh35TOvTxvmSzTyhOg5zsEQQosb5906TCo/ezhO0oc4c+nMmLq9g2S78CbJUMrFzplmfJZeEEYlC1MZ5spwor4FMzRqzb2qR2mFSRPKCxfqgaeT9m4bhIK7SU1Odo11Rvo3P5JU4ofoFCcbHYpsy2GRftF/4oPkeb2RLl6EPReVSKFJiKl8W3VJ+X8sHM92kJzXnTsiN2Vq+YQZ2qFbPg0VsQ0Q+blSIH9I7mJllTcC1FPJ9FC5PwDZiBanZah7gAfa6MzknxQ7vZl65ycZZJlPJi2I/zLuQ9VKIouTwKyqJPDGI2og/MI3iUT5g9cIj9Ltd03yVz3yVzauYLVTN/p+3t6jm/4EIUV8/p6jldPaer53T1nK6e09VzunpOV8/poocuevgNRQ9dPadzhDhHyDdVz+m+S+b0oNOD7rtkVV9OtUP3XTKne79m3fsVf5fswd/k2i3kMQ8jlym09PTxMpl2v7tTSzYagfxsU19K55o3PXo+l812XjUDV+rlSr1clN4pyK83Sv83l3r9K9JvTYzyg35IBLWSeos/t7J2zIDrzSchC2MPQ+V45x7GUQf+TEHhlTxmhlVxiXjulzz3q4ij4k4I7DGLIRobaa5QyTCNhyyOMfKycP+BQcPJRScXv2G5eFUwQs8auTufSwqjeOeMQ8dHjo++fT761K9MOx5yPOR4qPDy7MY+5aoDF3513PNlcs92F6wjXEe4XyjhVj0oftXnsauctn6UYMEv4mS2I/2vgfRtjgtIiPIiyU818h2xO2L/6oh9C52X3r0xq7zcQwdUIrja2tPMzMkUmeL8q9NrSWnuBc7KdEy6U4IlqMb+P/5D2TCmCscwodsd4VjgsmqRy9vNhQ6GIuURbnMeLgwx2TM2EcWUm+Ia9L5zUwkQUDlKjSsZJ0KjmHEI4ENoPM9Y2l50iPU8Emg0DeADUya4b26lUlhFFUTAWVYWkeWpw4cxTZUNZA4piyEKMLRZumOaDkzOFEZuUx2IYSApH4HB0uQYIVqmmXF7e7NpoveUxVhEjBhTTYNYKGVbUj1GDrLh06UkLZMjr6lOFcGlzO+kUGORxpEpjsCgSTrJb2cfkrcjIUYx1GUS1psigtulB3UrI5Wio5V7s1jaFIEt0ZJHQxpizREgjZCsh2WUGCctPoqZGteJz6ckVWteLb2DN2HH7C8sQ8KyiaxADOMKZfS7ZiXqEWjKYnW7ocneWV8jQpa6zm5mtlGUumVtBN9Oxjova6gs1ab0hkJc4d1mNnEzgkE6WjXWam7VMt1wpsHWZVVmalOUEbdywLSk0shpli1Avu4UUx6zchfyn6ZUzeRC2u4GYCM65nmWXrfcSb0kKrN9SKTQYpAO6z6fLl7SzvGqtly47D4l84bFRIJOJbfbmHXYIHkFTWgfICVgNVAkQnU8EseG3NTxvyHYkaxcNu/NcklYHm+dbPWMVTEWEUbzhDIUQjH25h0n5i68uizeyaWJqi/3Y/KBWQjHGwayilWZpJBUxl7D+5jEVCNFtXiUCMb1bIlNW1agkqsEeO/8F5K/gem0eMWB+R5DsVx5a90wx9hO6J5KhjLKRjAXRrSaIlMay62zGSZYKAhTyfTUa7y9rXmoK7Jw40sRTTMM89QL7+mQfv98+OLZ0fN/nv7z6NnzF2dHg6fD8Ogs/OHF0+GLF3RIX+T3lJQ/d1Ay7grtPytZfXZlX8KY3jO8/t570+r5537PD26uz/3eihvoZyith6ISsV27qUsrjyuXleU2vPtTk3QplJ5Qoygz9Ddsd6W3QjhgWBS3iXFbo26ElCW5txuw20ByXm09Frc1zxBB46338SNmtNzIeDbDx3+mILP9zOkDf81q3hhoBNJQacTM916i1X7Mj3NjwjvoZOHmQzI3AqtzxRzuQmQcXaNMCUV89FtR+pzJXM/DtKXdh95tvB6bgEj10Ru1OFIBh/0d9WxFWw6xZCPN38Cs5ERvhL0tSZfrqy6mPQ1EZBLcJ8aA8iR9j3YKfW8nYo1QW6yJz5AV+Cg1Ct2zfeK//wOM1it0 +sidebar_class_name: "post api-method" +info_path: policy-registeredresources +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +UpdateRegisteredResource + + + + + + + + + 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true\n```\n\n"},"metadata":{"title":"metadata","description":"Optional\n Common metadata","type":"object","properties":{"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional labels"}},"additionalProperties":false},"metadataUpdateBehavior":{"title":"metadata_update_behavior","type":"string","enum":["METADATA_UPDATE_ENUM_UNSPECIFIED","METADATA_UPDATE_ENUM_EXTEND","METADATA_UPDATE_ENUM_REPLACE"]}},"title":"UpdateRegisteredResourceRequest","additionalProperties":false}}},"required":true}} +> + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"ActionAttributeValue","additionalProperties":false},"title":"action_attribute_values"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"RegisteredResourceValue","additionalProperties":false},"title":"values"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"RegisteredResource","additionalProperties":false}},"title":"UpdateRegisteredResourceResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources.info.mdx b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources.info.mdx new file mode 100644 index 00000000..18e4c762 --- /dev/null +++ b/docs/OpenAPI-clients/policy/registeredresources/policy-registeredresources.info.mdx @@ -0,0 +1,41 @@ +--- +id: policy-registeredresources +title: "policy.registeredresources" +description: "" +sidebar_label: "policy.registeredresources" +hide_title: true +custom_edit_url: null +--- + +import ApiLogo from "@theme/ApiLogo"; +import Heading from "@theme/Heading"; +import SchemaTabs from "@theme/SchemaTabs"; +import TabItem from "@theme/TabItem"; +import Export from "@theme/ApiExplorer/Export"; + + + + + + + + + + + + + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/registeredresources/sidebar.ts b/docs/OpenAPI-clients/policy/registeredresources/sidebar.ts new file mode 100644 index 00000000..5db9bab9 --- /dev/null +++ b/docs/OpenAPI-clients/policy/registeredresources/sidebar.ts @@ -0,0 +1,7 @@ +import type { SidebarsConfig } from "@docusaurus/plugin-content-docs"; + +const sidebar: SidebarsConfig = { + apisidebar: [], +}; + +export default sidebar.apisidebar; diff --git a/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-create-resource-mapping-group.api.mdx b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-create-resource-mapping-group.api.mdx new file mode 100644 index 00000000..e1b5ad8f --- /dev/null +++ b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-create-resource-mapping-group.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-resourcemapping-resource-mapping-service-create-resource-mapping-group +title: "CreateResourceMappingGroup" +description: "CreateResourceMappingGroup" +sidebar_label: "CreateResourceMappingGroup" +hide_title: true +hide_table_of_contents: true +api: eJzFWNtuGzcQ/RWCfUmAlWQ7idPuU10nLQo0iOE4fXEEYUTOaplwyQ0vslVD/14MuauLJctOkbZ5ccQZHs71cLh3PMDM8/KaX1itxIJdorfRCWTvoG2VmfFxwW2LDoKy5nfJS94mxaHrFJusN+w3dvs+oJsrgcNzhxDwnvA3Z2PLC96CgwYDOrLgjhtokJf83BqDIgwunA1WWD34E51X1vCCK8NLXiNIdLzgDr9G5VDyMriIBfeixgZ4ecfDoiUkE5tp0gwq6Eeg0cSGl9fH44JL9MKpljzmJX+DlTLIQo1snrWZrdLPDo21HRovuLDGB14eL5fFjj9XqkEbw+Cd3/Hk6ZZvgTxoaMhaBVOGNZ4vl+McLfThFysXdJCwJqAJ9F9oW61EyvDosyesu12L7PQzikBJc1QPQaEnKfnoWxBItbFS9sFR7azNX6lNlOQFr6xrIPCSx5h+bzty2ed1WXQxPAx8EKDBABJCdqXbtFq7v/HcNo01bEN+2HsNU9R+X5T6ozqNgoOUik4BfbEF8ZBjc9ARyYFtC22bQVgHvFw+BF2B9kjiVQk92IqXuTS2Wuo6h3b8CPzyfhumBd9a47N/J0dH9Gfbiw9RCPQ+N8z3KEO3j2Ae3aUO1qxaFeC3F/i2u9SSKwVGLoMyysxSr87IVqKU3gfWUar/x/VPsCKXMslZZd0jRxXsplaiZk30gU2RRaO+RvxkWItubfq/3k8ilag8C5vo3eIEwg7+WsQ8BjZdMI9ujo49QxNUWLCb2rJOid0orZlDYZ1EScwIhkGUKjCcownP19atooy30LQa0wV5TOV6PDw6Onrx8ujo+MRTb6yITELAAdEuxSi2cteNbnGfG2vRATc6pf/Qjf+R3XxtXWCbwm8gugemjfvc1nd18RSm271itucklk7xDNxGq0smrNYoaI+nvru/y38y4L0VKmU2GomOQd+6uVsJbMifyuOZeB9MSE/aKfAVRB12ufmtc9Z9P2YWVu4lsM2aNDZMKhuNpCR0gxgXYARqpPxE88XYmzwAzkErOQE3iw1ZR46A1MrgBG8Fokwb1oAFB+0Q5GKCt8oHqtUWXaM8DXITiUalDT0hTvC2huhDWqxAaZSTlprN5HAS3tS6LLcxTGw1cWBmmKxU5BGZlcTKBHQGdBLBHJSGqU5kDQEm2qb7LxqIoaY2F1QDfGf8vKqR+QAhekah7Ina1zZqSVQNhlHIWGopKrLrmbUzjUPXiuG5lTjeWRhmIvceZntzs23BGZM4R01JHVQgqNiRaoR1CLsmKcPemplWvh6yM7Ng0T+wdWOPtgK0+gslAyOZRxMIhm6tTfM/pEgMJQZQ2o8PiFilUMuCWbcBPV0kRKEVmjDM/EPqj5dxlt4P1bLomGxPEFecOlUG3CIfNo2zfWft79Y0Tj1Ie/nNc/++TaOFT3eCm6rgwKXLRHUB6OMO2poZu1GhZsB+JnNYqKFn3Cn6/Iyg9e6xswsy3ODzLg/pJTSN1fDMLLY5q3sq9eTydJfSjmyJwxCdyWnsAEtWh9D6cjQSeYEqQdhmJK3wo5kdpXLzox9IbeCwdUilBd2V0jHhVggPPVgbDLXNj+A0LrcQal7y0Te9iUcHj8g3f34QR6d5ye9aDYGq6a2RrVUmLHda9G0mU/a+RXP15lfW72AfL/8omI+iZuBXoeqlw9QYdXZlDk4RP6Vqv39iviW6C2NXukwPTI8iOhUWvLweF5zuicv1k7OzcOfJyF9U8OOr6vTl4NXr49eDl69OTwbTF5UYnIifTl9Up6dQwWl/RW901+YYuppTUjqVqezm3LU/NzshpBB0HwNKPj+mdqUkN2B6mx8rji28VY8HvA0UcWXSZOgS1+S6uf62bym8OHT+uOApk+U1v7ubgsePTi+XtPw1ouuS0ieZfi2L/vsDlZpUngRy/7iz8bmAP+tf18/ZetTc9vILLg5/bOlIk3P6TPL0o5923tYnkq2TVnqEN7giqLXGzpCz3nEmBLbhoO54gxwu3n+44gWfdl9amjQBcQc3NGjATXYkj7r58UprVMZmFtONzDMm/fsbk83wEw== +sidebar_class_name: "post api-method" +info_path: policy-resourcemapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +CreateResourceMappingGroup + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-create-resource-mapping.api.mdx b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-create-resource-mapping.api.mdx new file mode 100644 index 00000000..a3387106 --- /dev/null +++ b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-create-resource-mapping.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-resourcemapping-resource-mapping-service-create-resource-mapping +title: "CreateResourceMapping" +description: "CreateResourceMapping" +sidebar_label: "CreateResourceMapping" +hide_title: true +hide_table_of_contents: true +api: eJztPWt327aSfwWHu+fE7pXkRx430fa2q8hq641j+0hyznYjrwKTIwk1BbAA6ETN1X/fMwBIkdTTcdpNcpEvscAhMADmPRjwY6DpWAXNt8GliFk4I11QIpUhkNc0SRgfB9e1QCQgqWaCn0ZBM0gMYEM6wKmFa2Qvuvd6IO9YCI22BKqh8jCoBQmVdAoaJA7+MeB0CkEzaAvOIdT1Sym0CEVcfwNSMcGDWsB40AwmQCOQQS2Q8HvKJERBU8sUaoEKJzClQfNjoGcJ9sTT6Y2B1EzHW7oGnk6D5tuj61oQgQolS3CyQTM4gRHjQPQEyJ2FJmJkfrreSOJ6C2pBKLjSQfNoPq8tzafPpiBSXX+tlmayO+alTtYiqi1UjTBOpiqYz6/taoHSL0U0w4FCwTVwjX/SJIlZaDb34DeFfX1cxkjc/Aahxk2TSAqagTLvai3ZTarhDY1TQNrI31Ba2m3O5pDDDu8QeMiioBaMhJxSHTSDNDW/y3PqZls8rwUa5FQV+qdS0hkupYZSez7ulH44tc+ODg8Pa8GU8ez3fIGV7XYj9CasxlKkyeZ5G5DhitldmD9oPODZX2TEII7INFWa3ACh5I7GLCJXV6cnzQF/9+7dgCv2B+zpCVP75B//IIfkn/8k+KsxpTqcgNp79Paw/oLWR636T9cfn8/rxZ9P7vPz6Hj+aN8NOuA41yloGlFtycJNLm9bNzlciI0kFNMbiNUqUsvGcBC1gEYRs71elrpYt/KGzhDzMmoiW23X8Xy+rusRjRXMC9SyUpR1LWutRdD1Mq+KLNOgEsGVncbx4SH+V0a2l4YhKGWFy+dgWVmRw1tfYBupm0U7kMbmAUKzqFFLF992jUOql0hr8Ygo0ORmRhTIO5BkD7hmekbeTwRxQOQ9i2MiIRQygggFIuWEphHTBO6A6/0FdvnU4AOdJjEYlXiEK3/UODw8fPzk8PDoWKEyzIVWRDXUUdriGqRJtDwN17hqGotHG6bhgP7Cafw/8qOaCKlJ8eEW1qz21NMyDTXRgqSc/Z5CPCMswtUczQglGeWT90xPSD7qon+SkywOW1JtxT2tKLKt9L2VgarTGANHawsigloRdxuRuqEKSoitxOnh2MxrxnRRCQ1LQywaq/jmTzLT6DNic7+1sTbX+g7N8yVGVBAhzSRUakMJpJXhT4xVZRpVjag0SZBCb2ZkMeVWqifnhPJowAlwehMDGUHkrGXEafQ734QSPsZdDTW7K2+pbalia5sRhwhGNI01SblmMYEPqBOYjvGBAcJVWmzAjRAx0F0UuZfWXlp/bdJ6LCnXu7gHD5CKqWSbgPBxdYqtKJKgFMpFSl61eoRxpSkPYcCvuqfLhn73jOxBY9yokUcTrRPVPDiIYCoaoZgePNonIxHH4j1ESH6FhVAwngLXqkE6NJxkP23vSlOpUTwR4JFdSyTGOJlQnk5BspCEEyppqEHWSEg5QTuTMk4ms2QCKPZWA+MDHhEVUzUB1cj8k7Iz8r9mFj82Dw7e0vofrfr/HNZfXO8t/h4MBoP69cfD2rOjeQFi/8c9fNK450v73+010YW5/tv+j3sHje/2f/z3iguTpDcxC1/BrMj1tnF4C7MVTnUiIUSebprtw/WZ0Dsg0zTWLImB3MKMJJRJtUJwCg4XIxPbqIhQGk4gKslP21Id3mJmxrA7t9hzxq1AYII3SDuVEnc8kTACKSHKYhVbpfktzB7ANQlMN3EEPjae9RnwsZ4EzedHL46Na501LPnWH54eviCt3nnjiDh/B8XnZec1AX4HsUigRlKV0jie4X7ebubbW2NAFBB4vGX4lhNFxHaVySMGkoyENJ427oZR2LHxnbgwGsTFjw6vC84iQiwPcMvFe2TAsZBMT6YEcc/4ssTVi/AYAR6KCKLGgJO+sCxdQ0NLAZnSGUqQd1LR5vHhk+fvDKLdXquONlFE3kvr5zkL5R2ETQVhcvz0mTyysJ12BbRGblJNpkICsTSmslFohPqMKsIBEJ9VeswuRPCq1RteXr08O20PX3V+HbbOfh52zq9eD6/Oe5ed9ulPp52ToLYWqttrDXE2W0CeHL54tgGk0x72Ou3L46fPukfbwR4/f7IL2NPjo+5RcF2MCryi6jIXLPdSgQv5MuCkZURMgeeNfBVTIFQpETJjWmRKz2zdKJV6AjIj0zC3OXMGQPa+R3wjl0OLSMXbrPEag5rVWMJU6I0Gt4OozvuWquJEUxmT+kLHK8ZDMLKWxkog4UnQksEdCjZGC2/+S6nRv06LrtCd8xV7WiQS13iNseZNxFYLrFnXNwSz0IC2dWjoqEot/QkQZww6B/NVq9cke6fn/U73vHVWI53/tn+ttKydROpdXHXbnWH/18tORQoVn2R9VpqzAZALkHpfPUhv3lJ1tdmYvKVquMqgxKVA8s7WAWakZQKEpGfckU8xcrDPAjMWutYTiowVCz5WaKe7pd9qVeTareTP5o3r96h19vNF97T/S1VPLNoLmqHc6HTBorHTHqLoX2p7/PzJUtvT46NgKfXTs+4+RFYYZ+irxo6WB27FdgNpm3Q25LY5w4DEsiJUgvt6erKBVAo83WPofb4yhL0lkF0e12iY6sivqDGTVFFxGZlpDCikoE+N1SxyJuTKWmoIVhALuYd174xFW0ynghMfCPGBkD85EFKyHWFmudIx5b3MxyWeJl0YM6XlrGgEutjIetvT8I2Fcm4OLAKcDXKlgGSsbtgLaGRloNeDXg96PbhBDyLHLHEULogUQrdB/qkhy/ulTnaK5ZQ7xLCMlcYkRLxGmJO+v+LNTz9kEA2ve73u/Qt0b7tAtLvyOjLuMDScu3QuSIgSI1jWDycYBUDhI1OldxBzn2QX5xlXI2aMhEnjkoNtfq9/DR8To342aKV+v3v68qrfGXavzjLHeDmotxasdXY2vPhpI8T5r1sgfjntdFvd9i+/Gk/ckMcny9AgZDJMYyr39gvr+8Yl9XejB4eBT0F92bEzn4LyKSifgvIpKJ+C8ikon4LyKSifgvKhNx96+5ZDbz4F5cNgPgz2Naeg8uDUhhTUl3e43mtmr5m9Zt6WFFvWysWqIa83vd78cvVmyefErMpWf/MuLyHchqdPInzB0Q+fRPBJBJ9E8EkEn0TwSQSfRPBJBJ9E8KEKH6r4lkMVPonggyE+GPI1JxHMpL+qBIJKzY67+9n+5FjQfW65Ks8UF3dxT5J5neBFoOYupf8g9JY2ycDI7o7lJ/NfDMYWzV8cBFvkU/mM7haLzK5cW3AL1YOSMHCPh2H2fKhgWS7gvCSkytzk1FvucTFJQ19jdge8uhCf5RIuh24PHhIPzOf6M95C+Tk6ekAfbkadDxokp3EPYgi1kG+2RUezjQP34lC5N9eQJiUZgBED1F2raYCJ4NgQU62BQ5QRZxeFiAKujetJ9lQaTghVA05GUkwJiy4Pzk5al/u4MfYuXCGLtJW3rSInwJFtxxkcanoJsXV0N9j6Vy//q9PuD1+3Li9Pz38eXlx2uq3+RXdVDGIz7On5VpDzi/4uYKfnw/bFeb91et4zXkRlV9/seiR/cVHryotZlzbdnbTfeDVrzJTGpQ3FNKGSKcHtri/0gQSFUhkD2UkSzzCipCcw4GQLke1ENwNO9pzI2K9l2279cxw7J5JSEUrGWBVHdCOzFIhws59aXaDvBrxF8iFRSTEOCq/bwvoPMSLf50qTUG2wXsz5Uc5WBuDRgMfCxmp+IN9nCP1Avneok2wp3R78UFTmBXlSpQCnCy9WsJl7NNzIbg6oyHYmOElDKZQycyqNvo752hfnJ6f904vz4cuLi7NO63xtxcsmyNb5NoiLbjkM1y7J7ApZVBfnftvfIqGIcQ/dPdb5UGqZWqtrjRdd37HI3cZc3cbh2CqYjeyZZxsWFGj1EqESChgYH6t1fkJiMWZh2cHLteL9TMy1M3cYBCtEjwK9TJ3+8kTva31TlydujdvQ8N5239qMYaq02BhKchDrnbySNMihS3F+27gizo8RlYjKUsoyb9sw5AYDrd86P2l1T4attpHuFZOs8vSk0+7+etlf8aTfbZ33Xp/2y5qggFvJNMiaTZT6gVXhPz/8Ql0vFb1U/AalYoZ1K3Tm+X3MDU6s2MR9ctuJ2TRNb6FoamSydVXM2z0jCcgp084yc7YJBrFsFNp9fMUzoWfCb5kJe6Wo6P2Y0b2bfc+oSVrEfeqIKsXGHIMAGUwP9J7aR+RpgfHyYOiAW9/4b447ETYU0xvGl84sZF7ENAvkVtHK3OQCB/uMrM/I+oxsISNrv5FT/GDNZ77tY/mzZEVLu5IeuV+wpfodNUX26C3NlqotuJYiXnxtrYOH4wyYgWp3O/sYFhlwZeRpKkFlX6BwUctMcuBGZN0ocwynko8oRTey9VwIJoxp38RsTB8Y3/8snxZ54BD3u/TKfy/Efy/E25X/cnalr7P4og+I+joLX2fh6yx8nYWvs/B1Fr7OwtdZ+DoLH9XzUb1vKKrn6yx8IMQHQr6pOgv/vRCvB70e9N8LKcdyyh3674V43fs1696v+HshD/5Wxm4pj0UauVQctWj9fMV+u9+ppSUbj0H+ZVNfKqVcPMoL1j7XKthTSP4Itj+C7bP0XkF+W1n6P/kI9n1K3z+XuDY5yg/6IRnUpOSdQrKdtWMGXG/2hCyMdYaK+c57GEdd+D0FhaXyZoZlcYl43u/w3C8ijvJaTezR5RCNjbRQqGSUxiMWx5h5qdQlGjS8XPRy8RuWixc5I/StkbuzX5IbxTufOPR85Pno2+ejT/36o+chz0Oeh/Ioz27sU6w68OlXzz1fJvdsD8FqkNNdwosO16IZZt40B9LxrpfPW2Kz2efLwVblwEoJqOxsWlZ2ZHC1N1g5SVEsJfqkcxrW0TMcbQ5oZEmw9UPVyPsJCyf5YT4ryQYcqzbLuTMvVrxY+ULFypoqxFUXPxW52jHZw8oRi1cv5Z1HhWuSVLGuMC9iHPDCIa2UR4AX7DnWtdyKnTWCDdP7Zossi7lCw8KViXdBJYKrbf7FfG7IzFTrIUmWZ9yR0lx85uodzLmRBGv5jCF18Juy+SAVTmBKt2sUrBRYRfdFDuRCD0ci5RFuTpZ3CfHUXGxSMyk3VQqo8bg5Uj2kcpyamBxOhEYx4zCED6EJ4SH55h1iYYQEGs2G8IEpkyU1ZfcKy1GGEXDmzpe7A7/wYUJTZTNCI8piiIaYIypcokdvzOETTIGleihGQ0n5GAyW5rAGomUeM26vpzOP6B1lMVZjIsZU02EslLJPUj1BoWbzUEunXcxhY011qgguZaaW1ESkcWROmWP0OZ1m10+OyNuxEOMYGjIJG20RwfVSQ8OqLaXoeOXeVGtEIrC1LrI+oiHSKiCNENfDMkqMkw4fx0xNGqTFZyRVa14tvINX/cXsD6znwPPnrtIGGaSIfs+sRCMCTVmsrjc8spdy1oiQha7d1XM2HN2w0hbBt5Oxzs6HVy2ttXniXIPg5Q32BFwEN+l41ViruVXLdINxiE+XrQtjSCmjAeUN05JKozqZW4Bs3SmeHXN1A+Q/Tc2POVRmu7sBGxo37e6c0nInjYL2cvuQSKHFTTpqtPisegslx7soMuGy+5TMGxYTCTqV3G6j67BJslKE0DYgJWBZRSRCdTAWB4bc1MG/IVhdlm7TDOaZJCwt4SrBGhgrbyIizIkIZciDYgYjOEjMTR+NTIA4ad6odIBHu1gIB+t6t9aNMvn0VMZBM/iYxFQjDXV4lAjG9XyJMTtWhJKLBHj/5CeSvYEnEbE63Fwxmy9Q9rRh2GFiZ3FHJUOpZJM/lRGtbnBqYvnpfI65aQVhKpmeBc2317UAtYPL1LwU0cxhaHRISQuj6xA8HtHnT0fPntSf/v3o7/UnT58d128ej8L6cfji2ePRs2d0RPGYoPN+3masde28GdPH4pbXghWem2lmf7E0sZTUWrljS6uLq+OqFpvB3ZE5kyaUnlKj/qwXspZaSl3l/I4pI9wHxm39rpE7lpDerkFrDSHhlZ8rh76uBWZrm2+Djx8xxX8l4/kcm39PQbpdynYdf81rwQRoBNLQXsTMxdTRamvo48IoCPa6zsTaJwv7ujxBPNSas379EmVDKOL6m7wW1MnOIMBzHLsPvdt4fTYFker6a1UdKYfD/up9W+KTQSzZOos30OhL9EbY64KguLzo4TmQGxGZE79TYwgFkr5He4O+txOx9r2tXsM2JF4+To1iDmyf+O//AFN8sDo= +sidebar_class_name: "post api-method" +info_path: policy-resourcemapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +CreateResourceMapping + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":"circular()","title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"ResourceMappingGroup","required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"}},"title":"CreateResourceMappingResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-delete-resource-mapping-group.api.mdx b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-delete-resource-mapping-group.api.mdx new file mode 100644 index 00000000..181d7246 --- /dev/null +++ b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-delete-resource-mapping-group.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-resourcemapping-resource-mapping-service-delete-resource-mapping-group +title: "DeleteResourceMappingGroup" +description: "DeleteResourceMappingGroup" +sidebar_label: "DeleteResourceMappingGroup" +hide_title: true +hide_table_of_contents: true +api: eJy9V0tvGzcQ/isEe0mAlWQ7idPuqW7iFgFaxLCdXhxBGJGzWiZccsOHbNXQfy+G3NXDkmUHDeqLvORw3vPNzD0PMPO8vOEXViuxYJfobXQC2V/QtsrM+LjgtkUHQVnzQfKSt4lw6DrCJtMN+4fduyt0cyVw+B41Bnxw+YezseUFb8FBgwEdaXDPDTTIS/7OGoMiDC6cDVZYPfgbnVfW8IIrw0teI0h0vOAOv0XlUPIyuIgF96LGBnh5z8OiJU4mNtNEGVTQT7BGExte3hyPCy7RC6daspiX/D1WyiALNbJ5pma2Sp8dN9Z23HjBhTU+8PJ4uSx27LlWDdoYBn/5HUuer/kWk0cVDZmqYMqwxvPlcpy9hT78ZuWCBAlrAppA/0LbaiVShEdfPPG639XITr+gCBQ0R/kQFHq6VXKDxgdHKbPWWkle8Mq6BgIveYzpe1vryz6Iy+X63eNZc5mt4AUHKRXxAH2xoVEF2uOSeG1nRzrwrTU+631ydEQ/27pcRSHQ+xzHH+Edty/v/7tPl0XKLd+CwA8HiVdkkz2up0xZETAyGZRRZpZSaEa6Uqb3NrCu0n0v/im5e+UJ2zTWJLGssu4JUQW7rZWoWRN9YFNk0ahvET8b1qJbq04KNRhAQsgx6ZRYnT1U5F1WYuP+cECEQwgoz8Im9+5wAmGH//qKeQxsumAe3Rwde4EmqLBgt7VlHRG7VVozh8I6iZIKFgyDKFVgOEcTXq61W3kZ76BpNSbcPqZ0PR4eHR29en10dHziCbFXJSch4IDQgHwUW7lrRne4z4z11QEzOqL/0QwNU9R+Xxn1NnUUj2HE42k7Bx2TjG1H2DYzYb62LrDNS0Kag0i0Zv5IE1zj1M1WVXdFNj7IfxdNt9s3S1I8A7dR6pIJqzUKeuOp7h6+8p8NeG+FSpGNRqJj0JdurlZiNnw2ZmfgfRK0k+MriDrsYvO5c9b9OGQWVu4FsM2cNDZMKhuNpCB08wEXYARqpPhE89XY2zyXzEErOQE3iw1pR4aA1MrgBO8EokwP1gwLDtohyMUE75QPlKstukZ5mi8mEo1KD3pAnOBdDdGHdFiB0ignLRWbye4kflPr8r2NYWKriQMzw6SlIotIrXStTEBnQKcrmIPSMNUJrCHARNvU/6KBGGoqc0E5wHemousamQ8Qomfkyh6ofW2jlgTVYBi5jKWSoiS7mVk70zh0rRi+sxLHOwfDDOTew2xvbLY1OGMS56gpqIMKBCU7Uo6wjsOuSsqwczPTytdDdmYWLPpHnm680VaAVv+gZGAk82gCsaGutan+VfLEUGIApf34wBWrFGpZMOs2WE8XiaPQCk0YZvwh8qfTON8+dNWy6JBsjxNXmDpVBtwiC5vG2T5Z+6s1jVOPwl4exR/22zRa+NQT3FQFBy41E9U5oPc7aGtm7FaFmgH7ldRhoYYecafo83RL590MvstkuIHnXRzSgD6N1fDMLLYwq5/ge3B5vknpRdbEYYjO5DB2DEtWh9D6cjQS+YAyQdhmJK3wo5kdpXTzo5+IbOCwdUipBV1L6ZBwe7g/sEc1GGqbd7M0GrcQal7y0XetaqODInLnz3tadJqX/L7VECibzo1srTJhuVOi5xlM2ccWzfX731n/gn26/LNgPoqagV+5qr8dpsKosylzcIrwKWX7Q4m5S3QNY/d2mfYejyI6FRa8vBkXnPrE5XoT6jTsp27+qoKf31Snrwdv3h6/Hbx+c3oymL6qxOBE/HL6qjo9hQpOqWSUqezmFLXf0zsOIYO6jbPk82PiRCFrIPWubl88GIctfquKDXgXyH/KpDnPJeTIWXDzfQs7Lw7JHxc8xaW84ff3U/D4yenlko6/RXSdi/uQ0dey6JdcShypPF3I/cPLxk7KX/Rr4Uu2Hhy3rfyKi8MbfQeBnNMu/nzRz5O3tYdvSVrREb/BNbFaU+yMLOsXZ0JgGw7SjjdK/eLj1TUv+LRb55s0z3AHtzQ2wG02JA+ueRWls3uuwcxi6q8886S/fwFMnV/T +sidebar_class_name: "post api-method" +info_path: policy-resourcemapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +DeleteResourceMappingGroup + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-delete-resource-mapping.api.mdx b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-delete-resource-mapping.api.mdx new file mode 100644 index 00000000..764fcf27 --- /dev/null +++ b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-delete-resource-mapping.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-resourcemapping-resource-mapping-service-delete-resource-mapping +title: "DeleteResourceMapping" +description: "DeleteResourceMapping" +sidebar_label: "DeleteResourceMapping" +hide_title: true +hide_table_of_contents: true +api: eJztPWtz2ziSfwXFu6rYs5L8SOJNtFMzp8iajDeO7JLk1OYinwKRLQljEmAA0Ik2pf9+1QBJkXo79kwlXuRLLKABNIB+oRsNfvU0HSuv/sG7FCHzp6QDSiTSB/KWxjHjY++64okYJNVM8LPAq3uxAazJFDCycLWsYdquC/KW+VA7hRA0LFR6FS+mkkagQeLgXz1OI/DqXlNwDr6uXkqhhS/C6juQignuVTzGvbo3ARqA9CqehE8JkxB4dS0TqHjKn0BEvfpXT09j7Ikn0dBAaqbDLV0DTyKv/uHouuIFoHzJYpysV/dOYcQ4ED0BcmuhiRiZn2lvJE578yqeL7jSXv1oNqsszafHIhCJrr5VSzPZHfNSJ2sR1RaqQhgnkfJms2u7WqD0KxFMcSBfcA1c4580jkPmm809+ENhX1+XMRLDP8DXuGkSSUEzUFjLggKM0tJubIY1C7yKNxIyotqre0lifpex7mSbOJvN260kmI6dgFfxaBAwbE7DywIyIxoqmGE3ZcIwBSoWXFmUjw8P8b8yGt3E90Epu4UPsTBygdrvv5KziheBpgHVdvi0Ji+rbBnAl0A1BA1dbJ0WDqhe2pl5FVGgyXBKFMhbkGQPuGZ6Sj5PBEmByGcWhkSCL2QAAZId5YQmAdMEboHr/Tl2+dTgC43iEIzgOcKVP6odHh4+fXZ4eHSsUOTkhBNQDVWkaVyDJA6Wp5EWrprGvGrDNFKgv3AaIR1CqFaRRTanFGIdua+nlVsaJmaM8kKI2HZC1ERITYqVyDQbmGqxp66Wia+JFiTh7FMC4ZSwAFdzNCWUZJRPPjM9Ifmo8/5JTrI4rNaSDRMN7wzWhT3NawZ2QtvoewdRVJ7GGDjqNAgISibcbURqSBWUEFuJ0/2xmVWMglAx9UtDzAsX8c1rMgX0gNjcbW2sZlvfoalfYkQFAdJMTKU2lEAaGf7E6C5TqCpEJXGMFDqckvmUG4metAnlQZ8T4HQYAhlBkNokiNPoE9+EElbjrvqa3Za31JYsYmuLEYcARjQJNUm4ZiGBL6gTmA6xwgDhKs03YChECJQ7ae2k9SOU1mNJuS5Oh0pJp2jPaohWrs/dpWIi2SYgrF6cYiMIJCiFcpGSN40uYVxpyn3o86vOGYkSpckQCCW3NGQBueqckz2ojWsV8mSidazqBwcBRKLmi+jgyT4ZiTAUnyFA8isshIJxBFyrGmlRf5L9tL0rTaVG8USAB3YtkRjDeEJ5EoFkPvEnVFJfg6wQn3KCdiZlnEym8QRQ7K0GxgoeEBVSNQFVq/f5x48f+1xPmKpFVPsTUHtP/s/M4tf6wcEHWv13o/q/h9WX13vzv/v9fr96/fWwcnI0K0Ds/7qHNbU7Ntr/aa/+Af/82/6vewe1n/Z//e8n+ylefSP54mQYMv8NTItcbwsHNzBdcXSJJfjI03Wzfbg+E3oLJEpCzeIQyA1MSUyZVCsEp+BwMTInyAURSv0JBCX5aUsWh7eYmTHszs33nHErEJjgNdJMpMQdjyWMQEoIshPhVml+A9N7cE0M0SaOwOqKF9Ev58DHeuLVXxy9PK54EeNZwdHijL88P3xJGt127Yik5x0Un5ettwT4LYQihgpJVELDcIr7ebOZb2+MAVFA4OmW4RupKCK2q0weMZBkJCRB4sbdMAo7NGcnLowGSU/ph9eFwyJCLA9ww8VnZMCxkExPIoK4Z3xZ4uq5E4IA90UAQa3PSU9Ylq6goaWARHSKEuSjVLR+fPjsxUeDaKfbqKJNFJDP0p7zUgvlI/h1BX58/PxEHlnYVnMBtEKGiSaRkEAsjalsFBqgPqOKcADEZ5UeswvhvWl0B5dXr87PmoM3rfeDxvnrQat99XZw1e5etppnv521Tr3KWqhOtzHA2WwBeXb48mQDSKs56Laal8fPTzpH28Gevni2C9jz46POkXdd9Aq8oeoyFyx3UoFz+dLnpGFETIHnjXwVERCqlPCZMS0ypWe2bpRIPQGZkamf25w5AyB7b1HLxZnkcmjuqfiQFV6j62jRlxAJvdHgTiEW531DVXGiiQxJda7jFeM+GFlLQyWQ8CRoyeAWBRujhZb/UWr0r9OiK3TnbMWeFokkLbxGj94mYqt41qzrGYKZa0BbOjB0tEgtvQmQ1BhMD5hvGt062Ttr91qdduO8Qlr/sn+ttKxTidS9uOo0W4Pe+8vWghQq1mR9LhRnAyAXIPW+uZfevKHqarMxeUPVYJVBiUuB5J2tA0xJwzgISdccR77FyME+C8xY6FpPKDJWKPhYoZ2eLv1WqyLXbqXzbF64fo8a568vOme93xf1xLy8oBnKhakumBe2mgMU/UtlT188Wyp7fnzkLTnYu/a4D4EVxhn6qraj5YFbsd1A2iadDbmdbR6MqsEKVwnu69npBlIp8HSX4enzjSHsLY7s8rhGwyyO/IYaM0kVFZeRmcaAQgr6Vl/NRaoj+pxcWUsNwQpiIT9h7eDoKHfdFFEkOHGOEOcI+ZMdISXbEaaWK1OmvJP5uMTTpANjprScFo3A1Dey3vY0fGOh0mMOzB2cNXKlgGSsbtgLaGBloNODTg86PbhBDyLHLHEULogUQjdB/qkuy7uFTnby5ZQ7RLeMlcbER7xGGJO+u+LNdHquemtO9zrd+xfo3maBaHfldWTcgW84d+nGiBAlRrCs70/QC4DCRyZK7yDmvskuziOuRswYCZOEpQO2+b2+GVYTo342aKVer3P26qrXGnSuzrOD8bJTby1Y4/x8cPHbRoj2+y0Qv5+1Oo1O8/f35iRuyOObZajnM+knIZV7+4X1fZcG9XejhxQDF4L6vn1nLgTlQlAuBOVCUC4E5UJQLgTlQlAuBOVcb8719phdby4E5dxgzg32I4egcufUhhDU93e53mlmp5mdZt4WFFvWysWsIac3nd78fvVm6cyJUZWt583bPIVwG54uiPAdez9cEMEFEVwQwQURXBDBBRFcEMEFEVwQwbkqnKviMbsqXBDBOUOcM+RHDiKYSf9QAQSVmB1P32f7k31Bd3nlqjxTXNz5O0mmOcHnFs1bSv8g9IbWSd/I7pblJ/NfCMYWzRv2vS3yqXxHd4tFZleuKbiF6kJJGKTVAz+rHyhYlgs4LwmJMi85dZd7nE/S0NeY3QJfXIgHeYQrRbcL9/EH5nN9LUUSP0RH9+gjnVHriwbJadiFEHwt5Ltt3tFs4yBtOFBpyzWkSUkGYMQAJSMGYWBFAREcC0KqNXAIMuLsoBBRwLU5epI9lfgTQlWfk5EUEWHB5cH5aeNyHzfGvjgqZJG28rJV5AQ4su04g0NNLyG0B90Ntv7Vq3+2mr3B28bl5Vn79eDistVp9C46q3wQm2HP2ltB2he9XcDO2oPmRbvXOGt3zSliYVff7XolP59sxPiZrTuabdj09KZ9CX5xtUOmNC6tL6KYSqYEt7s+1wcSFEpldGTHcThFj5KeQJ+TLUS2E930OdlLRcZ+Jdt2ez7HsXMiKSWhZIy1cBDdyCwFItx8Tl1coJ/6vEHyIVFJMQ4Kn9vC/A8xIj/nSpNQbbCez/lJzlYG4Emfh8L6an4hP2cI/UJ+TlEn2VKme/BLUZkX5MkiBaS68GIFm6VVg43slgIV2c44J6kvhVJmTqXR1zFf86J9etY7u2gPXl1cnLca7bUZL5sgG+1tEBedshuuWZLZC2SxuDh32/4G8UWIe5i+FpwPpZapdXGt8TnhWxZAsHIbB2OrYDayZx5tmFOg1UuESihgYM5YjfYpCcWY+eUDXq4V72Zirp15ioG3QvQo0MvU6R5PdGetR/V44la/DfXvbPetjRgmSouNrqQUYv0hryQNcuiSn98WrvDzo0cloLIUsszLNgy5wUDrNdqnjc7poNE00n3BJFuoPW01O+8veytqep1Gu/v2rFfWBAXcSqZBVmy81PfMCn99/wd1nVR0UvERSsUM64afmud3MTc4sWIT9yndToymaXoDRVMjk62rfN5pHYlBRkynlllqm6ATy3qh009cOCZ0TPiYmbBb8orejRnTttlXY+qkQdIPylCl2JijEyCD6YLeU/uIPC0wXu4M7XN7Nv5byp0I64toyPjSnYXsFBFljtxFtLJjcoGDXUTWRWRdRLYQkbXfyCl+sOaBX/tY/vhT0dJeCI/czdmy+LUqRfboDc2Wqim4liKcf9OqhZfjDJiBanZa++gW6XNl5GkiQWVfoEi9lpnkwI3IulHmGs5CPKLk3cjWcy6Y0Kc9DNmY3tO//yCfFrnnEHd79Mp9L8R9L8TZlf9xdqXLs/iuL4i6PAuXZ+HyLFyehcuzcHkWLs/C5Vm4PAvn1XNevUfk1XN5Fs4R4hwhjyrPwn0vxOlBpwfd90LKvpxyh+57IU73/si69wf+Xsi9v5WxW8hjHkYuJUfNSx8u2W/3N7W0ZOMxyL9s6kuplPOqPGHtoVbB3kJyV7DdFWwXpXcK8nFF6f/kK9h3SX1/KHFtYpRf9H0iqHHpdArxdtYOGXC9+SRkYexhqBjvvINx1IFPCShMlTczLItLxPNul+d+F2GQ52pij2kM0dhIc4VKRkk4YmGIkZeFvESDhpOLTi4+Yrl4kTNCzxq5O59LcqN45xuHjo8cHz1+PvrWrz86HnI85Hgo9/Lsxj7FrAMXfnXc831yz3YXrAYZ7eJeTHEtmmGmpbmQjm+9PGyKzeYzXw62KgZWCkBld9OytCODq33BKpUUxVSib7qnYQ96hqPNBY0sCLZ+qAr5PGH+JL/MZyVZn2PWZjl25sSKEyvfqVhZk4W46uGnIlenTHa/dMTi00t550HhmSRVzCvMkxj7vHBJK+EB4AN7KetabsXOat6G6T3aJMvClE8hBA0LE++AigVX284Xs5khM5OthyRZnnFLSvPwWZrvYO6NxJjLZwypgz+UjQcpfwIR3a5RMFNgFd0XOZALPRiJhAe4OVncxcdbc6EJzSTcZCmgxuPmSvWAynFifHI4ERqEjMMAvvjGhYfkm3eIiRESaDAdwBemTJTUpN0rTEcZBMBZer88vfALXyY0UTYiNKIshGCAMaLCI3p0aC6fYAgs0QMxGkjKx2CwNJc1EC1Tzbh9ns5U0VvKQszGRIyppoNQKGVrEj1BoWbjUEu3XcxlY011ogguZaaW1EQkYWBumaP3OYmy5ydH5MNYiHEINRn7taYI4HqpoGbVllJ0vHJvFnNEArC5LrI6oj7SKiCNkLSHZZQYJy0+Dpma1EiDT0mi1jQttMGn/kL2b8znwPvnaaYNMkgR/a5ZiVoAmrJQXW+oso9yVoiQha7Tp+esO7pmpS2Cbydjnd0PX7S01saJcw2CjzfYG3ABDJPxqrFWc6uWyQbjEGuXrQtjSCmjAeWQaUmlUZ0sXYBs3SneHUvzBsj/mJwfc6nMdjcE6xo35ek9peVOagXtle5DLIUWw2RUa/Dp4iuUHN+iyITL7lMyLSwmEnQiud3GtMM6yVIRfFuAlIBpFYHw1cFYHBhyUwf/hWBVWXpN05tlkrAcE14hWD1j5U1EgDERoQx5UIxgeAexeemjlgmQVJrXFjrAq13Mh4N1vVvrRpl4eiJDr+59jUOqkYZaPIgF43q2xJgtK0LJRQy8d/obyVrgTUTMDjdPzOYLlNXWDDtM7CxuqWQolWzwZ2FEqxtSNbFcO5thbFqBn0imp179w3XFQ+2QRmpeiWCaYpidLLynI/ri+ejkWfX534/+Xn32/OS4Onw68qvH/suTp6OTEzqiJ8gomE1YikOtXOSlBcEJpYmGde/2yFwjE0pH1Ggse3BYu8GlrnIWxSgPLh3jNuXWiAq79x/WoLVm773KmqGvK57ZjfoH7+tXjMpfyXA2w+JPCch0YbONwl+zijcBGoA05BIw85Z0sNqA+TrX495eJ7WK9sncJC5PEO+h5txavUR29kVYfZenb6bizvPw6sXuQ+82Xo9FIBJdfasWR8rhsL9qz2blZBBL5sm8Bdppsd4Ie13g7cuLLl7dGIrAXNKNjO3iSfoZTQT62U7EmuQ24QzLvnoh5ePE6FLP9on//h/VVrI3 +sidebar_class_name: "post api-method" +info_path: policy-resourcemapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +DeleteResourceMapping + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":"circular()","title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"ResourceMappingGroup","required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"}},"title":"DeleteResourceMappingResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-get-resource-mapping-group.api.mdx b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-get-resource-mapping-group.api.mdx new file mode 100644 index 00000000..027b2e77 --- /dev/null +++ b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-get-resource-mapping-group.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-resourcemapping-resource-mapping-service-get-resource-mapping-group +title: "GetResourceMappingGroup" +description: "GetResourceMappingGroup" +sidebar_label: "GetResourceMappingGroup" +hide_title: true +hide_table_of_contents: true +api: eJy9V0tvGzcQ/isEe0mAlWQ7idPuqW6SBgEaxLCdXhxBGJGzWiZccsOHbNXQfy+G3NXDkmwHDeqLvORw3vPNzB0PMPO8vObnViuxYBfobXQC2UdoW2VmfFxw26KDoKz5IHnJ20Q4dB1hk+mG/cPu3SW6uRI4fI/h3s17Z2PLC96CgwYDOhJ/xw00yEv+xhqDIgzOnQ1WWD34G51X1vCCK8NLXiNIdLzgDr9H5VDyMriIBfeixgZ4ecfDoiVOJjbTRBlU0I+wRhMbXl4fjwsu0QunWjKXl/wtVsogCzWyeaZmtkqfHTfWdtx4wYU1PvDyeLksduy5Ug3aGAYf/Y4lT9d8i8lBRUOmKpgyrPF8uRxnb6EPf1i5IEHCmoAm0L/QtlqJFN7RV0+87nY1stOvKAIFzVEyBIWebpXcoPHBUb6stVaSF7yyroHASx5j+t7W+qIP4nK5fncgZS6yCbzgIKUiBqDPN9SpQHtcEqPt1EgHvrXGZ6VPjo7oZ1uRyygEep+D+DNc4/Yl/X936LJIieVbEPjhQeIV2WSP3ylNVgSMTAZllJml/JmRrpTmvQ2sq3Hfi39M7l55wjaNNUksq6x7RFTBbmolatZEH9gUWTTqe8QvhrXo1qqTQg0GkBByTDolVmf3FXmTldi4fzggwiEElGdhk3t3OIGww399xTwGNl0wj26Ojj1DE1RYsJvaso6I3SitmUNhnURJ1QqGQZQqMJyjCc/X2q28jLfQtBoTYh9Tuh4Pj46OXrw8Ojo+8YTVq3qTEHBAUEA+iq3cNaM73GfG+uoBMzqi/9EMDVPUfl8Z9TZ1FIcw4nDazkHHJGPbEbbNTJivrQts85KQ5kEkWjM/0AHXOHW9VdVdkY0f5L8LpduNmyUpnoHbKHXJhNUaBb3xVHf3X/kvBry3QqXIRiPRMehLN1crMRs+DbAz6j6K2MnrFUQddoH5nXPW/TxYFlbuRa/NhDQ2TCobjaQIdJMBF2AEaqTgRPPN2Js8kcxBKzkBN4sNaUeGgNTK4ARvBaJMD9YMCw7aIcjFBG+VD5SoLbpGeZosJhKNSg96NJzgbQ3Rh3RYgdIoJy1VmsnuJH5T6/K9jWFiq4kDM8OkpSKLSK10rUxAZ0CnK5iD0jDVCakhwETb1PyigRhqqnFBCcB35qGrGpkPEKJn5MoepX1to5aE02AYuYyleqIMu55ZO9M4dK0YvrESxzsHw4zi3sNsb2y2NThjEueoKaiDCgRlOlKOsI7DrkrKsHdmppWvh+zMLFj0B55uvNFWgFb/oGRgJPNoArGhlrWp/mXyxFBiAKX9+IErVinUsmDWbbCeLhJHoRWaMMzgQ+SPp3G+ve+qZdHB2B4nrgB1qgy4RRY2jbN9svZXa5qlDmJeHsLvN9s0V/jUENxUBQcudRLVOaD3O2hrZuxGhZoB+53UYaGGHm6n6PNcS+fd9L3LZLgB5l0c0mg+jdXwzCy2AKuf3XtwebpJ6UXWxGGIzuQwdgxLVofQ+nI0EvmAMkHYZiSt8KOZHaV086NfiGzgsHVIqQVdP+mQcFPe4fWpwVDbvI+lobiFUPOSj35oPRsd5p8bft7NotO85HethkB59M7I1ioTljvF+S7DKPvUorl6+yfrX7DPF38VzEdRM/ArJ/W3w1QSdbZjDk4RMqU8vy8x94euVezeLtOu41FEp8KCl9fjglOHuFhvP52G/bDNX1Tw66vq9OXg1evj14OXr05PBtMXlRiciN9OX1Snp1DBKRWLMpXdHJ72u3nHIWRQt2WWfH5MnCheDaSu1e2Ih4OwxWxVqAFvAzlPmTTbuQQYOf7XP7ae8+Kg8HHBU0TKa353NwWPn51eLun4e0TXObcPFn0ti36lpZSRytOF3D+tbGyg/Fm/BD5n60lx28RvuHh4f+9gj3PavJ8u+mnytrbuLUkrOuI3uCJWa4qdMWX94kwIbMODtOONCj//dHnFCz7tlvcmzTDcwQ2NCnCTDcmTat496eyOazCzmHoqzzzp71/h8Vdu +sidebar_class_name: "post api-method" +info_path: policy-resourcemapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetResourceMappingGroup + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-get-resource-mapping.api.mdx b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-get-resource-mapping.api.mdx new file mode 100644 index 00000000..22a92586 --- /dev/null +++ b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-get-resource-mapping.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-resourcemapping-resource-mapping-service-get-resource-mapping +title: "GetResourceMapping" +description: "GetResourceMapping" +sidebar_label: "GetResourceMapping" +hide_title: true +hide_table_of_contents: true +api: eJztPWtz2ziSfwXFu6rYs7L8SOJNtFMzp8iajDeO7ZLk1OYinwKRLQljEmAA0Ik2pf9+1QBJkdTTsWcq8SJfYgENoAH0C91o8Kun6Vh5jQ/epQiZPyUdUCKRPpC3NI4ZH3vXNU/EIKlmgp8GXsOLDWBdpoCRhatnDdN2XZC3zIf6a9CVGq/mxVTSCDRIHPmrx2kEXsNrCc7B13uXUmjhi3DvHUjFBPdqHuNew5sADUB6NU/Cp4RJCLyGlgnUPOVPIKJe46unpzH2xJNoaCA10+GGroEnkdf4cHhd8wJQvmQxztRreCcwYhyIngC5tdBEjMzPtDcSp715Nc8XXGmvcTib1Rbm02MRiETvvVULM9ke81InKxHVFqpGGCeR8maza7taoPQrEUxxIF9wDVzjnzSOQ+abnd3/Q2FfXxcxEsM/wNe4aRLpQDNQWMuCAozS0m5shjULvJo3EjKi2mt4SWJ+l7HuZJs4m83bLVJLx2Lv1TwaBAzb0vCygMmIhgpm2EeZKkyBigVXFt+jgwP8r4xDN/F9UMru30OsiqyQ+v2XcVbzItA0oNoOn9bkZbUNA/gSqIagqYut08IB1QvbMq8iCjQZTokCeQuS7ADXTE/J54kgKRD5zMKQSPCFDCBAmqOc0CRgmsAtcL07xy6fGnyhURyCETmHuPKH9YODg6fPDg4OjxQKm5xqAqphDwka1yCJg8VppIXLpjGvWjONFOgvnEZIhxCqZWSRzSmFWEXuq2nlloaJGaO8ECK2nRA1EVKTYiUyzRqmqvbU1TLxNdGCJJx9SiCcEhbgao6mhJKM8slnpickH3XeP8lJFofVWrJhouGdwbqwp3nNwE5oE31vIYfK0xgDR20GAUGxhLuNSA2pghJiS3G6PzazmtEOKqZ+aYh5YRXfvCbTPg+Izd3Wxqq11R2a+gVGVBAgzcRUakMJpJnhT4ziMoWqRlQSx0ihwymZT7mZ6Mk5oTzocwKcDkMgIwhSawRxGn3i61DCatxVX7Pb8pbakiq2thhxCGBEk1CThGsWEviCOoHpECsMEK7SfAOGQoRAuZPWTlo/Qmk9lpTr4nSolHSKxqyGaOn63F0qJpKtA8Lq6hSbQSBBKZSLlLxpdgnjSlPuQ59fdU5JlChNhkAouaUhC8hV54zsQH1cr5EnE61j1djfDyASdV9E+092yUiEofgMAZJfYSEUjCPgWtVJm/qT7KftXWkqNYonAjywa4nEGMYTypMIJPOJP6GS+hpkjfiUE7QzKeNkMo0ngGJvOTBW8ICokKoJqHqjzz9+/NjnesJUPaLan4DaefJ/Zha/Nvb3P9C9fzf3/vdg7+X1zvzvfr/f37v+elA7PpwVIHZ/3cGa+h0b7f600/iAf/5t99ed/fpPu7/+95PdFK++kXxxMgyZ/wamRa63hYMbmC45t8QSfOTphtk+XJ8JvQUSJaFmcQjkBqYkpkyqJYJTcLgYmeNjRYRSfwJBSX7akurwFjMzht25+Z4zbgUCE7xOWomUuOOxhBFICUF2HNwozW9geg+uiSFaxxFYXfMi+uUM+FhPvMaLw5dHNS9iPCs4rM74y/ODl6TZPa8fkvS8g+Lzsv2WAL+FUMRQI4lKaBhOcT9v1vPtjTEgCgg83TB8MxVFxHaVySMGkoyEJEjcuBtGYYfm7MSF0SDpEf3gunBSRIjFAW64+IwMOBaS6UlEEPeML0tcPfdAEOC+CCCo9znpCcvSNTS0FJCITlGCfJSKNo4Onr34aBDtdJt7aBMF5LO057zUQvkIfkOBHx89P5aHFrbdqoDWyDDRJBISiKUxlY1CA9RnVBEOgPgs02N2Ibw3ze7g8urV2Wlr8Kb9ftA8ez1on1+9HVyddy/brdPfTtsnXm0lVKfbHOBsNoA8O3h5vAak3Rp0263Lo+fHncPNYE9fPNsG7PnRYefQuy66BN5QdZkLljupwLl86XPSNCKmwPNGvooICFVK+MyYFpnSM1s3SqSegMzI1M9tzpwBkL03qOXiTHI5NPdUfMgKr9FvVPUlREKvNbhTiOq8b6gqTjSRIdmb63jFuA9G1tJQCSQ8CVoyuEXBxmih5X+UGv3rtOgS3TlbsqdFIkkLr9Gdt47Yap4163qGYOYa0JYODB1VqaU3AZIag+kB802z2yA7p+e9due8eVYj7X/Zv5Za1qlE6l5cdVrtQe/9ZbsihYo1WZ+V4mwA5AKk3jf30ps3VF2tNyZvqBosMyhxKZC8s3WAKWkaByHpmuPItxg52GeBGQtd6wlFxgoFHyu009Ol32hV5NqtdJ7NC1fvUfPs9UXntPd7VU/MywuaoVyY6oJ5Ybs1QNG/UPb0xbOFsudHh96Cd71rj/sQWGGcoa/qW1oeuBWbDaRN0tmQ2+n6wagaLHGV4L6enqwhlQJPdxmePt8Ywt7gyC6PazRMdeQ31JhJqqi4jMw0BhRS0Lf6ai5SHdHn5MpaaghWEAv5CWsLR0e565aIIsGJc4Q4R8if7Agp2Y4wtVyZMuWdzMcFniYdGDOl5bRoBKa+kdW2p+EbC5Uec2Du4KyTKwUkY3XDXkADKwOdHnR60OnBNXoQOWaBo3BBpBC6BfJPdVneLXSylS+n3CG6Zaw0Jj7iNcKY9N0Vb6bTc9Vbd7rX6d6/QPe2CkS7La8j4w58w7kL10WEKDGCZX1/gl4AFD4yUXoLMfdNdnEecTVixkiYJCwdsM3v1c2wmhj1s0Yr9Xqd01dXvfagc3WWHYwXnXorwZpnZ4OL39ZCnL/fAPH7abvT7LR+f29O4oY8vlmGej6TfhJSubNbWN93aVB/O3pIMXAhqO/bd+ZCUC4E5UJQLgTlQlAuBOVCUC4E5UJQzvXmXG+P2fXmQlDODebcYD9yCCp3Tq0JQX1/l+udZnaa2WnmTUGxRa1czBpyetPpze9Xb5bOnBhV2XjevM1TCDfh6YII37H3wwURXBDBBRFcEMEFEVwQwQURXBDBBRGcq8K5Kh6zq8IFEZwzxDlDfuQggpn0DxVAUInZ8fR9tj/ZF3SXV67KM8XFnb+TZJoTfGjRvKX0D0JvaIP0jexuW34y/4VgbNG8Yd/bIJ/Kd3Q3WGR25VqCW6gulIRBWj3ws/qBgkW5gPOSkCjzklN3scf5JA19jdkt8OpCPMgjXCm6XbiPPzCf62spkvghOrpHH+mM2l80SE7DLoTgayHfbfKOZhsHacOBSluuIE1KMgAjBigZMQgDKwqI4FgQUq2BQ5ARZweFiAKuzdGT7KjEnxCq+pyMpIgICy73z06al7u4MfatUSGLtJWXLSMnwJFtxxkcanoJoT3orrH1r179s93qDd42Ly9Pz18PLi7bnWbvorPMB7Ee9vR8I8j5RW8bsNPzQevivNc8Pe+aU0RlV99teyU/n2zE+KmtO5yt2fT0pn0JvrraIVMal9YXUUwlU4LbXZ/rAwkKpTI6suM4nKJHSU+gz8kGItuKbvqc7KQiY7eWbbs9n+PYOZGUklAyxqocRNcyS4EI159Tqwv0U583ST4kKinGQeFzW5j/IUbk51xpEqoN1vM5P8nZygA86fNQWF/NL+TnDKFfyM8p6iRbynQPfikq84I8qVJAqgsvlrBZWjVYy24pUJHtjHOS+lIoZeZUGn0V87Uuzk9Oe6cX54NXFxdn7eb5yoyXdZDN800QF52yG65VktkVsqguzt22v0l8EeIepk8F50OpRWqtrjW+JXzLAgiWbuNgbBXMWvbMow1zCrR6iVAJBQzMGat5fkJCMWZ++YCXa8W7mZgrZ55i4C0RPQr0InW6xxPdWetRPZ640W9D/TvbfSsjhonSYq0rKYVYfcgrSYMcuuTnt4VL/PzoUQmoLIUs87I1Q64x0HrN85Nm52TQbBnpXjHJKrUn7Vbn/WVvSU2v0zzvvj3tlTVBAbeSaZAVGy/1PbPCX9//QV0nFZ1UfIRSMcO66afm+V3MDU6s2MR9SrcTo2ma3kDR1Mhk6zKfd1pHYpAR06llltom6MSyXuj04xaOCR0TPmYm7Ja8ondjxrRt9r2YBmmS9FMyVCk25ugEyGC6oHfULiJPC4yXO0P73J6N/5ZyJ8L6IhoyvnBnITtFRJkjt4pWdkwucLCLyLqIrIvIFiKy9hs5xQ/WPPBrH4tffipa2pXwyN2cLdXvVCmyQ29otlQtwbUU4fxrVm28HGfADFSr095Ft0ifKyNPEwkq+wJF6rXMJAduRNaNMtdwKvGIkncjW8+5YEKf9jBkY3pP//6DfFrknkPc7dEr970Q970QZ1f+x9mVLs/iu74g6vIsXJ6Fy7NweRYuz8LlWbg8C5dn4fIsnFfPefUekVfP5Vk4R4hzhDyqPAv3vRCnB50edN8LKftyyh2674U43fsj694f+Hsh9/5WxnYhj3kYuZQcNS99uGS/7d/U0pKNxyD/sqkvpFLOq/KEtYdaBXsLyV3BdlewXZTeKcjHFaX/k69g3yX1/aHEtYlRftH3iaDGpdMpxJtZO2TA9fqTkIWxh6FivPMOxlEHPiWgMFXezLAsLhHPu12e+12EQZ6riT2mMURjI80VKhkl4YiFIUZeKnmJBg0nF51cfMRy8SJnhJ41crc+l+RG8dY3Dh0fOT56/Hz0rV9/dDzkeMjxUO7l2Y59ilkHLvzquOf75J7NLlgNMtrGvZjiWjTDTEtzIR3fennYFJv1Z74cbFkMrBSAyu6mZWlHBlf7glUqKYqpRN90T8Me9AxHmwsaWRBs9VA18nnC/El+mc9Ksj7HrM1y7MyJFSdWvlOxsiILcdnDT0WuTpnsfumIxaeX8s6DwjNJqphXmCcx9nnhklbCA8AH9lLWtdyKndW9NdN7tEmWhSm/Bl2ZdQdULLjadLiYzQyNmVQ9pMfydNtSmlfP0mQHc2kkxkQ+Y0Xt/6FsMEj5E4joZnWCaQLLiL7IflzowUgkPMCdyYIuPl6ZC01cJuEmRQHVHTf3qQdUjhPjkMOJ0CBkHAbwxTf+O6TdvEPMipBAg+kAvjBlQqQm515hLsogAM7Sy+XpbV/4MqGJsuGgEWUhBAMMEBVe0KNDc/ME41+JHojRQFI+BoOluamBaJlqxu3bdKaK3lIWYiomYkw1HYRCKVuT6AlKNBuEWrjqYm4aa6oTRXApM52kJiIJA3PFHF3PSZS9PTkiH8ZCjEOoy9ivt0QA1wsFdauzlKLjpXtTTRAJwCa6yL0R9ZFQAWmEpD0sosQ4afNxyNSkTpp8ShK1ommhDb7zF7J/YzIHXj5P02yQO4rod81K1APQlIXqek2VfZGzRoQsdJ2+O2d90XUrahF8Mxnr7HJ41cxaGSTO1Qe+3GCvvwUwTMbLxlrOrVomayxDrF00LYwVpYz6k0OmJZVGb7J0AbJ1p3hxLE0aIP9jEn7MjTLb3RCsX9yUp5eUFjupF1RXug+xFFoMk1G9yafVJyg5PkSRCZftp2RaWEwk6ERyu41phw2S5SH4tgApAXMqAuGr/bHYN+Sm9v8LwfZk6SlNb5ZJwnKktCpVPWPfTUSA0RChDG1QjF14+7F546OeSY9UjtcrHeClLubD/tKurVGjTBg9kaHX8L7GIdVIPW0exIJxPVtgybYVnuQiBt47+Y1kLfACIiaFm5dl86XJauuGESZ2CrdUMpRHNuZTGdFqhVRBLNbOZhiSVuAnkump1/hwXfNQL6QBmlcimKYYZgcK7+mIvng+On629/zvh3/fe/b8+Ghv+HTk7x35L4+fjo6P6YgeI4tgEmEp/LR0hRcWBCeU5hc2vNtDc3tMKB1Ro6vseWH51pb6yTkTIzu4bozbNFsjIeyuf1iB04pd92rLxr2ueWYfGh+8r18xDH8lw9kMiz8lINMlzbYIf81q3gRoANIQSsDM49HBcovl61x3ezud1AzaJXMbuDw7vHiac+jeJbKwL8K9d3m+ZiriPA/vWmw/9Hbj9VgEItF7b1V1pBwO+9vr2TScDGLBJJm3QMMs1mthrwssfXnRxbsaQxGYW7mRsVc8ST+jWUA/24lYG9xmmGHZVy+kfJwY/enZPvHf/wODWanS +sidebar_class_name: "post api-method" +info_path: policy-resourcemapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetResourceMapping + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":"circular()","title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"ResourceMappingGroup","required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"}},"title":"GetResourceMappingResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-list-resource-mapping-groups.api.mdx b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-list-resource-mapping-groups.api.mdx new file mode 100644 index 00000000..d639436c --- /dev/null +++ b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-list-resource-mapping-groups.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-resourcemapping-resource-mapping-service-list-resource-mapping-groups +title: "ListResourceMappingGroups" +description: "ListResourceMappingGroups" +sidebar_label: "ListResourceMappingGroups" +hide_title: true +hide_table_of_contents: true +api: eJy9WFtvWzcS/isE96EJ9kiW0z7sCiiw3sRdFGiQwHb2xRaUETnSYctDnvAiW1X13xdD8uhuyQaC9Yt1yOHcON/McJY8wMzz4T3/bLUSC3aD3kYnkH2EtlVmxkcVty06CMqaXyUf8jYR9l0hbDJdvztYzt2imyuB/d+UD3tb/3E2tp5XvAUHDQZ0pMCSG2iQD/l7awyK0PvsbLDC6t5/0XllDa+4MnzIawSJjlfc4beoHEo+DC5ixb2osQE+XPKwaImTic0kUQYV9BnWaGLDh/eXo4pL9MKplgzmQ/4Bp8ogCzWyeaZmdpo+CzfWFm684sIaH/jwcrWqDuy5Uw3aGHof/YElL9d8h8mzioZMVTFlWOP5ajXK3kIf/m3lggQJawKaQD+hbbUS6YIvfvfEa3mokZ38jiLQpTkKh6DQ0y7Z6FsQSKGxJvbBUehs1F+TjZU8UPxT+gH6wXS/2FShlqyJPrAJMmBz0EqyL19+/TB8MF+/fn0wXv2Jb0Kt/Fv2889swP76i9FXv4EgavRvfrgf9P4JvelV75fR8h+r3vbnT6/5vHy3+uFtEfpg+IrCdqYMZOWXaxO3Vp8zkBxy0ptaNSps+VGZgLOdOMgUFZ9a10DIJD++O+FSdouBBcuENVM1iw4lkziFqANLvJiaMmNTEM+VRPlg2Ed4Uk1syr7HQGHUaggktDBiYCRDM7VOoGSTBfMZ754cZKdTj6ftKCSvMeRDVhvlvsp8tao4SKky6ectl05Be6TtTu6z6egmw4Of4bTaTztpwbfW+HyF7wYD+rdrxW0UAr3PCeJ7wM4dzaibY+AcLCjNBGz8eXbqJHiVpEv9Hkin3LQmoEgKoIwys5S0ZmQE5dbOOFZKi+/En5N7VJ6wTWNNEsum1p0RVbHHWol6nXqiUd8iPhjWotuoTgo1GEBCgO0csF7bV+R9VmJr//SFCIcQUF6Fbe5lcQzhgP9mK+G14BEde4MmqLBgj7VlhYg9Kq2ZQ2GdJDAZBoZBlCownKMJbzfarb2MT9C0GlOjcElxfNkfDAY//jQYXL7z1CKsYSwhYI/qD/kotvLQjLJ4zIzN1gkzCtH/0QwNE9RHYbROy5niueTxfNjOQcckY9cRtiuEvrYusO3NVyS7Y4lup2+630F1AdnoJP99Tff7RZZzEQO3BXXJhNUaBZ3xhLv9U/7BgPdWqHSz0Uh0DDroZrQSsz7fsq7D7rhgdzzLWfBlFfoM/qJzaMKn84WsUI5fWtBKnUHJNuqwcpjSHD69RCqRvVjke9Ai6oKZULPSCZb6/vcinVnXdQb+wbDrpk14Q8OMNcgcNkAYmwZ0rBhNJqTgDTaAPqlwpjir6h2RMWGjCRQmhHqHTCsfvlORz5X6bJVPgEy+OCzm185Z9/1KubDyaGHbzlXGhvHURiMJnOWlwgUYgRoJt9H8YexjfiGlVnkMbhYb0o4MAamVwTE+CUSZDmwYVhy0Q5CLMT4pH9KzDF2jPL10xhKNSgfWYMOnGiLFL10mKI1y3FISNtmdxG9iXd63kYJ07MDMMGmpyCJSK21TlLjcFkcDc1AaJjoVcQgw1jY1TNFADDUFgqAI5gfvs7samQ8Qomfkyq6A+9pGLdPrwTByGUuplqLqfmbtTGPftaL/3kocHSz0c4H3nuL7yN3sanDFJM5R06X2piAoCSLFCCscDlVShl2bmVa+7rMrs2DRP3N064y2ArT6E2VqvT3BT5nUzWyrf5s80ZcYQGk/OrGV31gVwX7DerJIHIVWaEI/1yUiPx/GeXffVauqVLgjTlyngoky4BZZ2CTOjsk6jtbUfz+bFvJQYL8PSy2nT72Cm6jgwKUmQxUHdH4Hbc0sp0tg/yJ1WKihq8QT9PmdTetlGnDIpL+V/8o9pFHBJE77V2bBt1NWN0voksvLTUonsiYOQ3QmX2NhOGR1CK0fXlyIvECRIGxzIa3wFzN7kcLNX/yNyHoOW4cUWlBajZIJt+WdGug0GGqbZ0TpKdVCqPmQX7xqZHRxSkLuB/O8KDrNh3zZvUyvjWytMmF1ANDrnErZpxbN3YdfNm/ZLze/VcxHUTPwa0d1u/0EizpbMgenKDulWN+XmGtEKReHu6s0f/EoolNhwYf3o4pTlbjZTGSKhgcTlQ1adluaMigYbN7aA7opZaZ2p+M56vcD/5B9ZRA25PPL1EFZHxownUJn7n2H3Rq9AZ8CeVOlqUm6rWUJifvXTRF5dUL8qOLpkob3fLmcgMcvTq9WtPwtoiv+7u6PvlZVN3mjKJLK04Y83t9uDcr4m5vSOL9lmwZy18g/cHF6zFiyIec0IHy56JfJ2xkO7kha0xG/3h2x2lAcdC+bE1dCYBtO0o62YP/50+0dr/ikzBib1NpwB4/UQcBjNiS/bfIYg9aWXIOZxVRqeeZJf/8DlBb9/Q== +sidebar_class_name: "post api-method" +info_path: policy-resourcemapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +ListResourceMappingGroups + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-list-resource-mappings-by-group-fqns.api.mdx b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-list-resource-mappings-by-group-fqns.api.mdx new file mode 100644 index 00000000..2a86f6b6 --- /dev/null +++ b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-list-resource-mappings-by-group-fqns.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-resourcemapping-resource-mapping-service-list-resource-mappings-by-group-fqns +title: "ListResourceMappingsByGroupFqns" +description: "ListResourceMappingsByGroupFqns" +sidebar_label: "ListResourceMappingsByGroupFqns" +hide_title: true +hide_table_of_contents: true +api: eJztPW1zEzmTf0U1d1Uk+zhOwsLWro9izxjD5iE4OduhjsM5o8y0bW3G0iBpAn5S+e9XLWle7dgOYSk2J74QSy2pJfWbutWa60DTqQpaH4JTEbNwQfqgRCpDIG9pkjA+Dc4bgUhAUs0EP4qCVpAYwKZ0gHML18waunYDkFcshOYxU7pWpV4sXkuRJq8+cRU0goRKOgcNEtG4DjidQ9AKOoJzCPXeqRRahCLeewdSMcGDRsB40ApmQCOQQSOQ8CllEqKgpWUKjUCFM5jToHUd6EWCPfF0fmEgNdPxhq6Bp/Og9eHwvBFEoELJEpx20ApewoRxIHoG5MpCEzExP11vJHG9BY0gFFzpoHV4c9NYms+QzUGkeu+tWprJ9phXOrkVUW2hGoRxMlfBzc25XS1Q+oWIFjhQKLgGrvFPmiQxC8027/+psK/rZYzExZ8Qatw0iUShGSisneBOFlBUSrrA6WmYl8uVlkhRjWDO+JGtO7wpZjex9FCqrE+u7/Z6xMlAyzTUqYRsH/pviaEq8uq/eoQp8mimdaJa+/vPcAdUQkN4vi9BzfefTQ0cFj9/FNyUMNhArH27eEEjoFHEECcan5YWYkJjBTfYYZUoTYFKBFd2uR4fHOB/1bkN0jAEpSz5fKNNqc3FTEStalnagnHG2GPH2eOpbXbbrK/z1lc0TgF7W4uX6W4z+ixaRTnZUCwKbhpBvrNHa4FzsDGLlhgGaScHILj2lHHGp4aoLKWICckWhbhFUdnwm8ZdOV4o5nPBzbBkIuSGoRrk84yFMzJPlSYXQFLOPqUw4iQBWaCOCM1B04hqWt6UvKyOSMciUapfvyGhBKohauty765wTPVS/0UVUaDJxYIokFcgyQ5wzfSCfJ4J4oDIZxbHREIoZAQRCizKCU0jpglcAde7BXb5KsMXOk9iMMrrEMnzsHlwcPDzk4ODw8cK1dZEyDnVQSuIqIY9lIa4RmkSLU/DFa6aRlG1ZhoO6DtOI6YXEK/lZQexhm1vIVvLxjf1hRCJ7YSomZCalCtR5K0ViUXnq0RSRYt/qHC1Y7Lztf0vq4mqDWMVgyJUllg9IqGIYwixjUK+q7dSI06VEiEzO5vyCCShGesWKqRpGC+TCpuV4D3E3Qb29uzr2fevYN96T9b0Ilo4TRQvCItwNScLQgv19ZnpGclHLfovNA4Oq7VkF6mGdwbr0p7mNePtzIqNDFSfxhQ4HmuQt1NmdhuRuqAKKoitxOn+2JStl/IQRWEd38JIcRbvN8TmbmvzVXZPqiBCmkmo1IYSSDvDn5hDiylUDaLSJEEKvViU7LJ2qmc9Qjma/sDpRQxkApE7liJOk098HUpYjbsaanZV3VJbUsfWFiMOEUxoGmuScs1iAl/QIGc6xgoDhKtUbMCFEDFQ7qW1l9YPUFpPJeX6LzZyUsnWAWF1fYrtKJKgjBFHyZv2gDCuNOUhjPhZ/yg/N1FyRWMWkbP+MdmB5rTZKJwEEcxFMxTz/Ue7ZCLiWHyGCMmvtBAKpnPgWjVJl4az7KftXWkqNYonAjyya4nEGCczytM5SBaScEYlDTXIBgkpzw6aZLZIZoBibzUwVvCIqJiqGahma8Q/fvw44nrGVHNOdTgDtfPof80sfm/t73+ge/9q7/3Pwd5v5zvF36PRaLR3fn3Q+OXwpgSx+/sO1jTv2Gj3p53WB/zzH7u/7+w3f9r9/d8f7Tq8RkbyJelFzMI3sChzvS0cX8Jihc8qkRAiT7fM9uH6zOgVkHkaa5bEQC5hQRLKpFohOAWHk4lxHdZEKA1nEFXkpy2pD28xM2PYnSv2nHErEJjgTdJJpcQdTyRMQEqIMlfgRml+CYt7cE0C83UcgdV4AvlyDHyqZ0Hr18PfHhs3Wlaw5Ef78vTgN9Ie9JqHxDmbUHyedt8S4FcQiwQaJFUpjeMF7ufler69NAZECYGfNwzfdqKI2K4yecRAOm8IU7gbRmHHUxyaC6NBnHv24Lx0oESI5QEuufiMDDgVkunZnCDuGV9WuLrwPhPgoYggao44GQrL0g00tBS6YhYoQT5KRVuPD578+tEg2h+099Amishn6U6a1kL5CGFLQZg8fvqLPLSw3U4NtEEuUk3mQhoX0JxqlY1CI9RnVBEOgPis0mN2IYI37cH49OzF8VFn/Kb7ftw+fj3u9s7ejs96g9Nu5+jVUfdl0LgVqj9oj3E2G0CeHPz2yxqQbmc86HZOHz/9pX+4GeznX59sA/b08WH/MDgvew7eUHWaC5Y7qcBCvow4aRsRU+J5I1/FHEjptJ8pPbN1k1TqGciMTMPc5swZANn7Dj6QXA6VvR6u8BxjBlX+lzAXeq3B7SDq876kqjzRVMZkr9DxinF0eBo9pQQSngQtGVyhYGO01PL/lRr9flp0he68WbGnZSJxhec36x1iN43AmnVDQzCFBnSefUNHdWoZzoA4Y9AdMN+0By2yc9Qbdvu99nGDdP/b/rXSsnYSaXBy1u90x8P3p92aFCrXZH3WirMBkAuQet/cS29eUnW23pi8pGq8yqDEpUDyztYBFqRtojNkYI4jX2PkYJ8lZix1rWcUGSsWfKrQTndLv9GqyLVb5TybF96+R+3j1yf9o+EfdT1RlJc0Q7XQ6YKisNsZo+hfKvv51ydLZU8fHwZLkdWBPe5DZIVxhr5qbml54FZsNpA2SWdDbuujSEgsK1wluK9HL9eQSomnBwxPn28MYW+IIlbHNRqmPvIbaswkVVZcRmYaAwop6Gt9NSdOR4w4ObOWmglVFWIhP2H5qJN3hPygjpCK7QgLy5WOKe9kPi7xNOnDlCktF2Uj0PlGbrc9Dd9YqDzomzs4m+RMAclY3bAX0MjKQK8HvR70enCNHkSOWeIoXBAphO6A/EtdlncLnWzly6l2iG4ZK41JiHhN8ELQ3RVvptNz1dv0utfr3u+gezslot2W15Fxx6Hh3KXLHUJUGMGyfjhDLwAKH5kqvYWY+yq7OI+4GjFjJEwaVw7Y5vftzbCaGPWzRisNh/2jF2fD7rh/dpwdjJedereCtY+Pxyev1kL03m+A+OOo22/3O3+8NydxQx5fLUODkMkwjanc2S2t7zsX1N+OHhwGPgT1Y/vOfAjKh6B8CMqHoHwIyoegfAjKh6B8CMq73rzr7SG73nwIyrvBvBvs7xyCyp1Ta0JQP97leq+ZvWb2mnlTUGxZK5ezhrze9Hrzx9WblTMnRlU2njev8hTCTXj6IMIP7P3wQQQfRPBBBB9E8EEEH0TwQQQfRPBBBO+q8K6Kh+yq8EEE7wzxzpC/cxDBTPpvFUBQqdnxt9/l4ba7vHK1/Fpk8U6SaW7ehTRvKf0HoZe0RUZGdnctP5n/YjC2aN5wFGyQT9U7uhssMrtyHcEt1AAqwsBVj8OsfqxgWS7gvCSkyrzkNFjusZikfRyTXQGvL8Q3eYTLoTuA+/gD87kuvbD6tR3dow83o+4XDZLTeAD4yKGQ7zZ5R7ONA9dwrFzLW0iTkgzAiAFKJgziyIoCIjgWxFRr4BBlxNlHIaKAa3P0JDsqDWeEqhEnEynmhEWn+8cv26e7uDH20Wkhy7SVl60iJ8CRbccZnH1ONbYH3TW2/tmLf3Y7w/Hb9unpUe/1+OS0228PT/qrfBDrYY96G0F6J8NtwI56485Jb9g+6g3MKaK2q++2vZK/4c3lpU13N+3XPsMcM6VxaUMxT6hkSnC764U+kKBQKqMjO0nihXtOd8TJBiLbim5GnOw4kbHbyLbdns9x7JxIKkkoGWPVDqJrmaVEhHd7gPSnEW+TfEhUUoyDwue2MP9DTMizXGkSqg3WxZwf5WxlAB6NeCysr+Y5eZYh9Jw8c6iTbCndHjwvK/OSPKlTgNOFJyvYzFWN17KbAyqznXFO0lAKpYh95rg0+m3M1znpvTwaHp30xi9OTo677d6tGS/rINu9TRAn/aobrlOR2TWyqC/O3ba/XXpaFnc7H0otU2t9rfEd+SsWQbRyG4u3uNewZx5tKCiw9ABugYE5Y7V7L0kspiysHvByrXg3E/PWmTsMghWiR4Fepk7/eKI/az2oxxM3+m1oeGe779aIYaq0WOtKchC3H/Iq0iCHrvj5beEKPz96VCIqKyHLvGzNkGsMtGG797Ldfzlud4x0r5lktdqX3U7//elwRc2w3+4N3h4Nq5qghFvFNMiKjZf6nlnhr+//oK6Xil4qPkCpmGHdDp15fhdzgxMrNnGf3HZiNE3TSyibGplsXeXzdnX4MY05084yc7YJOrGsF9o98O+Z0DPhQ2bCQcUrejdmdG2zz2e0SJu4b4pRpdjUfFMngxmA3lG7iDwtMV7uDB1xezb+h+NOhA3F/ILxpTsL2Ski/wJHHa3smFziYB+R9RFZH5EtRWTtB8oqnz27nTmKWEHtWz7l5z3qHxEzY4iLmE3pPd3b3+TLGvccwn8uw38uw5tV3qxaa1b5NIMf+n6kTzPwaQY+zcCnGfg0A59m4NMMfJqBTzPwTi3v1HpATi2fZuAdId4R8qDSDPznMrwe9HrQfy6j6supdug/l+F1799Z9/6NP5dx709FbBfyKMLIldygovTb5bpt/6SUlmw6Bfndpr6USVhU5fla32oV7CUcfwPZ30D2UXqvIB9WlP4vvoF8l8zvbyWuTYzyi75PBDWpnE4h2czaMQOu15+ELIw9DJXjnXcwjvrwKQWFmeJmhlVxiXjeLVHvDxFHeaoi9uhiiMZGKhQqmaTxhMUxRl5qaXkGDS8XvVx8wHLxJGeEoTVytz6X5Ebx1jcOPR95Pnr4fPS1Hz/0POR5yPNQ7uXZjn3KWQc+/Oq558fkns0uWA1yvo170eFaNsNMS3MhHZ86+bYpNuvPfDnYqhhYJQCV3U1zbwURg6t9wMlJinIq0Vfd07AHPcPR5oJGFgS7fagG+Txj4Sy/zGcl2Yhj0mI1dubFihcrP6hYKZwnlXS9Ve8elbnaMdndPCrZGFkWcPnlobzzqPRKkElDqbdSI166pJXyCPB9Oce6lluxs2awZnq1mdUccfeblSI79JJmEXv0RkkRF7Po4s14A2agOv3uLi7AiCtjEqUSVJa2l0k7J3DKi6HMHdzam4eVF5QKgbiJCEqNjpnStaVSLxZmm1594qoPKhFcbTqdmC5drh8SdHW9ulKaV8NctoS5dZJgJqAxw/b/VDaapMIZzOlmfYR5Bqu4psy/XOjxRKQ8wq3NojYh3rmLTWAn5SbHAfUlNxeyx1ROU+PRw4nQKGYcxvAlNA5AJP68Q0yrkECjxRi+MGVirCZnXWEyyzgCztztdHddGL7MaKpsPGlCWQzRGCNMpRfo6IW5uoIBtFSPxWQsKZ+CwdJc9UC0TDXj9m03U0WvKIsxlxMxppqOY6GUrUn1DEWijWIt3ZUxV5U11akiuJSZUlMzkcaRuaOOvut0nr3dOCEfpkJMY2jKJGx2RATnSwVNq/SUotOVe1PPMInAZsrIvQkNkdIBaYS4HpZRYpx0+TRmatYkbb4gqbqlaakNvpMXs39hNgjeXnd5OsheZfQHZiWaEWjKYnW+psq+aNkgQpa6du+2WWd208pqBN9Mxjq7XV63026NMuf6B18+sPfnIrhIp6vGWs2tWqZrTEusXbZNjBmmjP6UF0xLKo3iZW4BsnWnePPMZR2Q/zQZQ+ZKmu3uAqxj3ZS7W07LnTRLus/tQyKFFhfppNnmi/oTjhwfcsiEy/ZTMi0sJhJ0KrndRtdhi2SJDKEtQErApIxIhGp/KvYNuan9f0OwPVl5ijK4ySRhebwNIjYw1uJMRBhbEcoQCsVISLCfmAczmpkocQK+WesMr4ixEPY3j2PtJWUi9KmMg1ZwncRUI111eZQIxvXNErN2rVglJwnw4ctXJGuBdxsx39y82ZovWlbbNCwys/O5opKhpLLhpNqIVl841bFce3OD0W4FYSqZXgStD+eNADWGi/28ENHCYYgdTXCiJlZueAYzITALsRK/WrmoS9NGtF2CYiu4OjTXz4TSc2p0lT1wbLG1lU5zNsU4ES4V4zZp14gLu+sfbkHwll0PGhuROG8EZh9aH4Lra4zwn8n45gaLP6Ug3ZJmW4S/bhrBDGgE0hBKxMyzzNFqY+i60OrBTt9ZWLukMK+rU8U7rTnv7p0ic4ci3nuXp4I64RcEeI1j+6G3G2/I5iBSvfdW1UfK4bC/vaHN8MkgloyVogXafIleC3te4u/TkwFeA7kQkbnwOzeWTCDpZzQY6Gc7EWve2+Q1LLsOYsqnqdGsge0T//0fpaOUaA== +sidebar_class_name: "post api-method" +info_path: policy-resourcemapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +ListResourceMappingsByGroupFqns + + + + + + + + +/resm/'"}},"title":"ListResourceMappingsByGroupFqnsRequest","additionalProperties":false}}},"required":true}} +> + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":"circular(ResourceMapping)","title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"ResourceMappingGroup","required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"mappings"}},"additionalProperties":false}}},"title":"ListResourceMappingsByGroupFqnsResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-list-resource-mappings.api.mdx b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-list-resource-mappings.api.mdx new file mode 100644 index 00000000..d5f41a6b --- /dev/null +++ b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-list-resource-mappings.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-resourcemapping-resource-mapping-service-list-resource-mappings +title: "ListResourceMappings" +description: "ListResourceMappings" +sidebar_label: "ListResourceMappings" +hide_title: true +hide_table_of_contents: true +api: eJztPW1z2zaTfwXDu5nYrSy/JO20uj5PT5HV1hfH9khy5nqRT4HJlYSaBFgAdKL60X+/WQCkSOrVcdpJc8iXWMACWAD7hl0s+BBoOlFB621wJWIWzkgPlMhkCOQ1TVPGJ8FNIxApSKqZ4GdR0ApSA9iUDjCxcM28oWvXB3nPQmieM6VrVSpoBCmVNAENEsd+CDhNIGgFHcE5hPrgSgotQhEfvAGpmOBBI2A8aAVToBHIoBFI+D1jEqKgpWUGjUCFU0ho0HoI9CzFnniW3BpIzXS8pWvgWRK03h7fNIIIVChZinMNWsEpjBkHoqdA7i00EWPz0/VGUtdb0AhCwZUOWsfzeWNpPgOWgMj0wWu1NJPdMa90shZRbaEahHGSqGA+v7GrBUq/FNEMBwoF18A1/knTNGah2dvD3xT29bCMkbj9DUKNmyaREjQDhbUTKbIUKaIAVFoixSxQNyAjFi0hfGn+oPGQ53+RMYM4IkmmNLkFQsk9jVlErq/PTltD/u7duyFX7A/Y01Om9sk//kGOyL/+RfBXM6E6nILae/b26OB7ejBuH/x08/Dd/KD888Vjfh6fzJ/tu0GHPJgjuU4Ypxb5h2J6pdJ1E8TF2LiKMUuYLq0h4xomlf23EI1gLGRCtQV5frJhSUkfNNGChIKP2SSTEJEIxjSLNTF9ETYmXBjivWcRRENOXtMPLMkSV69AI/mkMdU4qOuIUB4R4GMhQ4jI7Ywoy+IKF0iMxwo2z8OBPGYipxZtiOooB/N5I6BRxCzoVWlJxzRWgNX5uKskUM9yRLClk3ld0pgClQqu7O6dHB3hf9UJ9LMwBKWsTPgUnCbr8nPRgkpJZyhUNCRqe09sI7uyCLcyAU0jqmmZ0ouybeQcSqAaorYut3aFI6qXNntRZajOURVIsgdcMz0j76eCOCDynsUxkRAKGSFJcEI5oVnENIF74Hp/gV0xNfhAkzQGo+GOcUuOm0dHR89fHB0dnyjUbQUxRlTDAUpPXIMsjZan4QpXTWNRtWEaDugvnEZMbyFeSRaFcLEQ6/hgPa3c0zgzY1QXQuTiXE2F1KRcuYVl6z31tcxCI8cyzn7PIJ4RFuFqjmeEkpwlyHump6QYddE/KUgWh9VasttMwxuDdWlPi5qRndA2+t7KQPVpTICj8QQRyTJmdhuRuqUKKoitxOnp2MwbxhRRKQ0rQywK6/gWNbmp8wmxedzaWBtqfYemfokRFURIMymV2lACaef4E2MlmULVICpLU6TQ2xlZTLmd6ekF6rkhJ8DpbQxkDJEzfhGn8e98E0pYjbsaanZf3VJbUsfWFiMOuYLOuGYxgQ+oLJiOscIA4SotNuBWiBgo99LaS+svUFpPJOX6TzZyMsk2AWF1fYrtKJKgFMpFSl61+4RxpSkPYcive2fLJ5feOdmD5qTZIM+mWqeqdXgYQSKaoUgOn+2TsYhj8d5a0qWFUDBJgGvVJF0aTvOftnelqdTODI/sWiIxxumU8iwByUISTqmkoQbZICHlaLlryjiZztIpoNhbDYwVPCIqpmoKqpkfuKqnq/81s/ixdXj4lh780T74n6OD72/2Fn8Ph8Phwc3DUePb43kJYv/HPaxpPrLR/ld7LTyT3Xy9/+PeYfOr/R//vX4my25jFr6CWeVIZgpHdzBbcUhOJYTI0y2zfbg+U3oPJMlizdIYyB3MSEqZVCsEp+BwOTa+ipoIpeEUoor8tCX14S1mZgy7c4s9Z9wKBCZ4k3QyKXHHUwljkHh4uy88FZvp/g5mT+CaFJJNHIHVjSChH86BT/Q0aH13/P1JI0gYzwuO6zP+8M3R96Tdv2geE3cQQvF51X1NgN9DLFJokExlNI5nuJ93m/n2zhgQJQSebxm+7UQRsV3l8oiBJGMhjesAd8Mo7HiCQ3NhNIjzBx3dlA6RCLE8wB0X75EBJ0IyPU0I4p7zZYWrF+4uAjwUEUTNIScDYVm6gYaWApLQGUqQd1LR1snRi+/eGUR7/fYB2kQReS/tAdBZKO8gbCkI05NvvpXHFrbbqYE2yG2mSSIkEEtjKh+FRqjPqCIcAPFZpcfsQgSv2v3R1fXL87PO6FX311H7/OdR9+L69ej6on/V7Zz9dNY9DRproXr99ghnswXkxdH3324A6XZG/W7n6uSbb3vH28Gef/diF7BvTo57x8FN2VvwiqqrQrA8SgUu5MuQk7YRMSWeN/JVJECoUiJkxrTIlZ7ZunEm9RRkTqZhYXMWDIDs/Qi/RyGHFi6Mt3nhDTop606GROiNBreDqM/7jqryRDMZk4OFjleMh2BkLY2VQMKToCWDexRsjJZa/r9So3+dFl2hO+cr9rRMJK7wBn3Hm4itEVizbmAIZqEBbenI0FGdWgZTIM4YdAfMV+1+i+ydXQy6vYv2eYN0/9v+tdKydhKpf3nd63RHg1+vujUpVK7J+6wV5wMgFyD1vnqS3ryj6nqzMXlH1WiVQYlLgeSdrwPMSNt4DknfHEc+xsjBPkvMWOpaTykyViz4RKGd7pZ+q1VRaLfKebYoXL9H7fOfL3tng1/qemJRXtIM1UKnCxaF3c4IRf9S2fPvXiyVfXNyHCyFcvr2uA+RFcY5+qq5o+WBW7HdQNomnQ25bQ6ZILGscJXgvp6dbiCVEk/3GZ4+XxnC3uLhro5rNEx95FfUmEmqrLiMzDQGFFLQx/pqSo7+a2upIVhJLBQnrB0cHdWuOyJJBCfeEeIdIX+yI6RiO8LMcqVjykeZj0s8TXowYUrLWdkIdL6R9ban4RsL5Y45sHBwNsm1ApKzumEvoJGVgV4Pej3o9eAGPYgcs8RRuCBSCN0B+ae6LB8XOtnJl1PtEN0yVhqTEPEaY7D68Yq3uM6RQzS97vW69y/QvZ0S0e7K68i4o9Bwbh2pnhAVRrCsH07RC4DCR2ZK7yDmPsouLiKuRswYCZPFlQO2+b2+GVYTo342aKXBoHf28nrQHfWuz/OD8bJTby1Y+/x8dPnTRoiLX7dA/HLW7bV7nV9+NSdxQx4fLUODkMkwi6nc2y+t7xsX1N+NHhwGPgT1efvOfAjKh6B8CMqHoHwIyoegfAjKh6B8CMq73rzr7Ut2vfkQlHeDeTfY3zkEVTinNoSgPr/L9V4ze83sNfO2oNiyVi5nDXm96fXm56s3K2dOjKpsPW/eFymE2/D0QYTP2Pvhgwg+iOCDCD6I4IMIPojggwg+iOCDCN5V4V0VX7KrwgcRvDPEO0P+zkEEM+m/VQBBZWbH/5qH2x7zylV1pri4i3eSTHOC73qat5T+g9A72iJDI7u7lp/MfzEYW7RoOAy2yKfqHd0tFplduY7gFqoPFWHgqkdhXj+ybwsuz0tCpsxLTv3lHheTNPQ1YffA6wvxSR7hcuj24Sn+wGKuP+Ozmp+ioyf04WbU/aBBchr3IYZQC/lmm3c03zhwDUfKtVxDmpTkAEYMUPdOqAEmgmNBTLUGDlFOnD0UIgq4NkdPsqeycEqoGnIyliIhLLo6PD9tX+2bdyvN07ZClmmrKFtFToAj245zONT0EuL8IdC1tv71y//qdgaj1+2rq7OLn0eXV91ee3DZW+WD2Ax7drEV5OJysAvY2cWoc3kxaJ9d9M0porarb3a9kl9MNmH8zNYdzzdsurtpX4Gvr3bMlMalDUWSUsmU4HbXF/pAgkKpjI7sNI1n6FHSUxhysoXIdqKbISd7TmTsN/Jtt+dzHLsgkkoSSs5YtYPoRmYpEeHmc2p9gb4a8jYphkQlxTgofG4L8z/EmPxQKE1CtcF6MednBVsZgGdDHgvrq/kn+SFH6J/kB4c6yZfS7cE/y8q8JE/qFOB04eUKNnNVo43s5oDKbGeckzSUQikzp8ro65ivc3lxejY4u7wYvby8PO+2L9ZmvGyCbF9sg7jsVd1wnYrMrpFFfXEet/1tEooY99C9S10MpZaptb7WpYd0V2zjaGIVzEb2LKINCwq0eolQCSUMzBmrfXFKYjFhYfWAV2jFx5mYa2fuMAhWiB4Fepk6/eOJ/qz1RT2euNVvQ8NH231rI4aZ0mKjK8lBrD/kVaRBAV3x89vCFX5+9KhEVFZClkXZhiE3GGiD9sVpu3c6aneMdK+ZZLXa026n9+vVYEXNoNe+6L8+G1Q1QQm3immQFxsv9ROzwn9++oO6Xip6qfgFSsUc63bozPPHmBucWLGJ++S2E6Npmt5B2dTIZesqn7erIynIhGlnmTnbBJ1Y1gvtvqXimdAz4ZfMhP2KV/RxzOja5p8napE2cV8uokqxCUcnQA7TB72n9hF5WmK8whk65PZs/LXjToQNRXKbf9NlxSkiWXzBqIpWfkwucbCPyPqIrI/IliKy9uM5O37JZhErqH27p/y8R97dgi/RpXsbswl9onv7k3xZ44lD+M9l+M9leLPKm1UbzSqfZvBZ34/0aQY+zcCnGfg0A59m4NMMfJqBTzPwaQbeqeWdWl+QU8unGXhHiHeEfFFpBv5zGV4Pej3oP5dR9eVUO/Sfy/C69++se//Gn8t48qcidgt5LMLIldygRemny3Xb/UkpLdlkAvIvm/pSJuGiqsjX+lSrYC/h+BvI/gayj9J7BfllRen/5BvIj8n8/lTi2sQoP+inRFDTyukU0u2sHTPgevNJyMLYw1A53vkI46gHv2egMFPczLAqLhHPxyXq/SLiqEhVxB5dDNHYSAuFSsZZPGZxjJGXWlqeQcPLRS8Xv2C5eFkwwsAauTufSwqjeOcbh56PPB99+Xz0sR8/9DzkecjzUOHl2Y19ylkHPvzquefz5J7tLlgNMtnFvehwLZthpqW5kI5PnXzaFJvNZ74CbFUMrBKAyu+mubeCiMHVPuDkJEU5leij7mnYg57haHNBIw+CrR+qQd5PWTgtLvNZSTbkmLRYjZ15seLFymcqVhbOk0q63qp3j8pc7ZjscR6VfIw8C7j88lDReVR6JcikodRbqSEvXdLKeAT4vpxjXcut2Fkz2DC92sxqjrinzUqRPXpH84g9eqOkiBez6OLNeANmoDq97j4uwJArYxJlElSetpdLOydwyouhzB3c2puHlReUViZZpnSSp0mXfXiL0q3CxuZtXI7HCspORMY12MP/IipjIEfCgpb4hXH9/GQ5Fmm9dxCRBTrENUaZDh92GRXBdh6yQ2N0mxZ3/aRFgcQsYZp87UYnQuaJi/gYYTdJjXABTrjgeNE7wXApHWuQJMzTWujEBv6EpvFGhC3EVlQHCEZCkXHzcB6KOAkE39p7DJOfM6VrnKB6oFLB1bYT53xuBI9ZBpxQFb2ulOYlOJcBY24SpZjdabbx8DdlCU6FU0jodhsDc0dWScKyTOZCj8Yi4xGyax6JC/EeZWyCdRk3eStoA3FzyX5E5SQzXlqcCI1ixmEEH0Lj1EWBVnSIqTISaDQbwQemTNzcvEOgMEFpFAFnLuPAcRh8mNJM2RjhmLIYohFGDUuvCtJbcx0Jg6IZ0udIUj4Bg6W5voNomWokEHyvz1TRe8pizM9FjKmmo1goZWsyPUUasJHJpftP5vq5pjpTBJcyN1TUVGRxZPIOMB6RJfl7nGPydiLEJIamTMNmR0Rws1TQtIaMUkjaK/amnjUUgc1+kgdjGqL0AqQR4npYRolx0uWTmKlpk7T5jGRqTdNSG3z7MGZ/YIYPZiS43CsUmWX0+2YlmhFoymJ1s6HKvlLaQI5fdO3e4rMBiqbVvwi+nYx1njFQt73X3hwopAC+ZmHvREZwm01WjbWaW7XMNhwXsHbZ3jSmtTI2kbxlWlJpjCnmFiBfd4q3CV0mCflPkwVmrhna7m7BBktMubu5ttxJsyT63D6kUmhxm42bbT6rP8vJ8XGOXLjsPiXTwmIiQWeS2210HbZInpwS2gKkBEy0iUSoDifi0JCbOvw3BDuQledFg3kuCcvjrZKrgTH7pyJCBSuUoQ6KIa3gMDUvnzRz+eEUdLPWA971YyEcruncWrvK3K/IZBy0goc0phopqMujVDCu50ts2bUClFymwAenP5G8Bd5MxdcCzIu7xfLktU3DDFM7iXsqGcokGwysjWg1g1MSy7XzOd5VUBBmkulZ0Hp70whQNzjd/1JEM4chdmRsOTxBLvijar8YPR20jhqB0/itI9wbTDStmDcrl3tpbXBuLge1FdwfG3NJKJ1QM5Y9U67b6UpPBati/A8XkXGbjG1EhiWCt2uwWkMEQWP1yDeNwGxL623w8IDXNa5lPJ9j8e8ZSLfC+Y7hr3kjmAKNQBq6iZh5Yztabdk+LNR5sNdz5vI+WdiI1fnhBeWCaQ+ukKtDER+8KfJ6ndQLAryTs/vQu403YAmITB+8VvWRCjjs72Bg07VyiCUrZdECDfhUb4S9KfH41WUf7/Tcisjc3k6MCRNI+h4tBfreTsSe1WwmIpY9BDHlk8yo1MD2if/+D+Ft7J8= +sidebar_class_name: "post api-method" +info_path: policy-resourcemapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +ListResourceMappings + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":"circular(ResourceMapping)","title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"ResourceMappingGroup","required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"pagination":{"title":"pagination","type":"object","properties":{"currentOffset":{"type":"integer","title":"current_offset","format":"int32","description":"Requested pagination offset"},"nextOffset":{"type":"integer","title":"next_offset","format":"int32","description":"Calculated with request limit + offset or defaults\n Empty when none remain after current page"},"total":{"type":"integer","title":"total","format":"int32","description":"Total count of entire list"}},"additionalProperties":false}},"title":"ListResourceMappingsResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-update-resource-mapping-group.api.mdx b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-update-resource-mapping-group.api.mdx new file mode 100644 index 00000000..ebe0bf7a --- /dev/null +++ b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-update-resource-mapping-group.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-resourcemapping-resource-mapping-service-update-resource-mapping-group +title: "UpdateResourceMappingGroup" +description: "UpdateResourceMappingGroup" +sidebar_label: "UpdateResourceMappingGroup" +hide_title: true +hide_table_of_contents: true +api: eJzFWHtv47gR/yoEW+CSQnKcZDd3K+Bw9SXeIsA+gjyKoonrpamRxTuK1PJhx5vzdy+GlPyIHSdBt23+icUZDuf5myEfqGNjS7NbeqGl4DNyCVZ7w4F8ZHUt1JgOEqprMMwJrc5zmtE6MHZMw1hFvk67sdl3BWYiOHRu6pw5eET8m9G+pgmtmWEVODCowQNVrAKa0VOtFHCXXhjtNNcy/TsYK7SiCRWKZrQEloOhCTXw1QsDOc2c8ZBQy0uoGM0eqJvVKEn5ahQ4nXDyGdGgfEWz28NBQnOw3IgaLaYZPYNCKCCuBDKJ3EQX4bORRupGGk0o18o6mh3O58mGPdeiAu1d+tFuWPJyzdeEPKmoi1wJEYpUls7ng+gtsO5Xnc/wIK6VA+XwJ6trKXiI8MFvFmU9bGqkR78Bdxg0g/ngBFikinyFxzqDKbPUWuQ0oYU2FXM0o96H73WtL9sgzpPgMFszDuc7pS7YhlvkfQ4/mLxT7S9SCJA5qbx1ZASEkQmTIic3N+dn2Z368uXLnbLiG+y5Uth98vPPpEv++IPgV6dijpdg93647abvWFr00veDh5/m6ernm9d8Hh7Nf9hvDr1Trc3PGUsTWrH7D6DGrqTZ0dvj1xutCJN1yZSvwAhO4jEJYVLqqVBjUs7qEpQlTOXEqxyM5dqAJSPviNKOMBsSqxDGOqINkcw6wktmGHdgOuS6BGKdNpCTMVY3Qb3JVEiJxytMASm+QU6cJlJPwRDOLHReHIB/3bL0Wy/9Zzd9N9j7JVt+DdPBX1Zo+7/8+ZGDK3AsZy7mcuPUxdpjR57qqtKKrNB3p79kI5B2W5m0RzUcCWV5LmJsLtZEPBX4CZMe0IB1DXUb4EbwfP6U6IJJCysOiFD8K5RsIrTZ5o6hDyzDUcuTbGjXwCT92L/unfWue8Obi7PedX/Y/3TzcXjz6eqif3r+/rx/RpPtLP1/XPc/PUm97F986J326QCtarV7uoVcRkh70rnRAyhrvVWEBVtrZWMIjrpd/Lfu6CvPOVgbQf17QKXZ1gT/c4D9TriJ1b1gIGgyEwqRAQmxpHVBWhtI0/btKyBs8zweqy1ARaHNM0clZFoKXi4wzSvx1cOdIjWYper/9ZLnBpiDvOdWpTeLQ+Y25C9JxIIjoxmxYCZgyB4oJ9yMTEtNGqYImAa4Njnk2L0RuH0uHIEJKLe/rSLvWVVLCEPcIabrYafb7R6/6XYPjyyOb4v+i2WU4miAPoql/siMZnGbGUvSDjMapv+hGf9HALalNo6sEp/D4hVQe2IiXuLU7VpVN0U22Cl/c7Ran+VJOMUSZlZKPSdcSwkc91isu8e77J1i1mouQmTDbEBYW7rLXt+hL8XsCLzPgnZwfMG8dJvY3DcmdKfvhMxc51sBbDUnlXbDQnuVYxDaLsiZ4iAB4+PV70pP4yUlDJhDZsa+Qu3QEJZLoWAI9xwgDxuWAhPKpAGWz4ZwL6zDXK3BVMLiZWOYgxJhQwuIQ7gvmbcuLBZMSMiHNRabiu5EeSNtIl17N9TF0DA1hqClQItQrUAWyoFRTAYSmzAh2UgGsMZxQOrQ/7xi3pVY5hxzgG5ckeLwx5y3BF3ZArUttZd5M36iy0goKUyy27HWYwkdU/POqc5hsLHQiUBuLRtvjc26Bj2SwwQkBjUtGMdkB8wR0kjYVEko0ldjKWzZIT01I94+sXVlj9S8mWJxTLagHIrBrrWq/lXwRCcHx4S0gx2kOKQnYZ5eiB7NgkQuBSjXifiD7M+ncaQ+dtU8aZBsixMXmDoSiplZPGzkx9vO2l6tYZx6Evbivfxxvw2jhQ09wYyEM8yEZiIaB7R+Z1KrMZkKVxJG/orqEFeyFnFHEG8kYb25kG8K6azgeROHcFsf+aLTU7M1zGqv8y24vNyksCNqYsB5o2IYG4EZKZ2rbXZwwOMCZgLX1UGuuT0Y64OQbvbgT8iWGqgNYGqxpqU0SLh63s5HlQpcqeNDTRiNa4aXRnrwqnebg51HxM4fH228kTSjD7VkDrOpr/JaC+XmGyXaj2BKPtegrs/ek3YHubn8kBDreYmXzNZVLbUTCqOMpkyYEYhPIdsfnxi7RNMwNqnz8AhigXsj3Ixmt4OEYp+4XD6LNBq2Uzc9LthPb4uTN+nbHw9/TN+8PTlKR8cFT4/4u5Pj4uSEFeyEPpq+l7XVvP4svleH0sXUMt9xP3v+jjVHAC/06gS3PcobwUBnNk9fGZ0coiRMl4qFvtmovjMH1uQt0MLBvcPYiXD1Drnx0GTg7eteDmmy6/xBQkNOZLf04WHELNwYOZ/j8lcPpglvmy74NU/a1zZM2lxYJOTbB6eVxzG6175P7ZPl0Lpu5e8w2/202MAvpfgo+PKjX3be2oPg2kkLPpSXXqOoJcfGuLTc0eMcareTd7ACMxefr65pQkfNu2IVZilq2BRHFjaNhsShOV6DcQ1LQI196O00ysS/fwN5W+g9 +sidebar_class_name: "post api-method" +info_path: policy-resourcemapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +UpdateResourceMappingGroup + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-update-resource-mapping.api.mdx b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-update-resource-mapping.api.mdx new file mode 100644 index 00000000..0c8ebbff --- /dev/null +++ b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping-resource-mapping-service-update-resource-mapping.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-resourcemapping-resource-mapping-service-update-resource-mapping +title: "UpdateResourceMapping" +description: "UpdateResourceMapping" +sidebar_label: "UpdateResourceMapping" +hide_title: true +hide_table_of_contents: true +api: eJztPWtz2ziSfwXFu6rYs5L8yGMT3ezMMbIm44tjuyQ5dXORT4HIloQxBTAA6EST1X+/aoCkSOrpODOXeJEvsYAmnv1uNPDZ03SsvOY771JELJiRDiiRyADIGxrHjI+965onYpBUM8FPQ6/pxQawIVPAqYVrZB+m33VB3rIAGldxSDVUKr2aF1NJp6BBYuefPU6n4DW9luAcAl2/lEKLQET1tyAVE9yreYx7TW8CNATp1TwJHxImIfSaWiZQ81QwgSn1mp89PYuxJZ5MhwZSMx1taRp4MvWa746ua14IKpAsxsl6Te8ERowD0RMgtxaaiJH5mbZG4rQ1r+YFgivtNY/m89rSfHpsCiLR9TdqaSa7j7zUyNqBagtVI4yTqfLm82u7WqD0SxHOsKNAcA1c4580jiMWmM09+F1hW5+XRySGv0OgcdMkooJmoLCWhQUYpaXd2GzULPRq3kjIKdVe00sS87s86k62ifOaR7WWbJhoeEujBE43Np3DDm4ReLCi6QvzB436PPuLjBhEIZkmSpMhEEpuacRCcnV1etLs8/fv3/e5Yn/Anp4wtU/+8Q9ySP75T4K/GlOqgwmovUfvDusvaH3k13+5/vx8Xi/+fHKXn0fH80f7aad9jtPXIKeqMGcqJZ0hrmgoledrMaWfTm3d0eHh4XyxOLalKsC69cG+x1Ik8eYVNyAPYZ2noGlItcXudHJ52frJkZaYTgUnbxagm2kjokOI1CoaynpNIWoeDUNm+7ksNbFuLwzO41zKgxXZ+qcNz+frmh7RSEFhLSyLfgkTesuEXLUyg8SADIYZTG1pdCkP9d60e/6J3/MHV5cnfq89aJ9fvRlcnXcv263TX07bJ15tNUj7v3vt87W1nfblmd9qe9fzAqavFC0dy+rWrqudPDZTFiGmQMWCK7v6x4eH+F95jbtJEIBSltl/DRYqK3Lx/jx3O45v7iCQQDWEvi5+nRYOqF6ikUUVUaDJcEYUyFuQZA+4ZnpGPk4ESYHIRxZFREIgZAghCijKCU1CpgncAtf7q/DqE53GERgV5QhX/qhxeHj4+Mnh4dGxQuUkFzGIDHWUfrgGFmEr00gLV01jUbVhGinQXziN/0c2oiZCalKs3MJRqi11tUwCTbQgCWcfEohmhIW4mqMZoSTDfPKR6QnJe120T3KUXdIOinta0QW24vcOSkt5GmPgqP1CSFCHwd3GQQ2pgtLAVo7p/qOZ14wqqWIalLpYFFbHm9dkqupXHM3d1sbqwOsbNPVLhKggRJyJqdQGE4ifjZ8YLdcUqhpRSRwjhg5nZDFlP9GTc0J52OcEOB1GQEYQptYLjmn0gW8aElbjrgaa3Za31JZUR2uLcQwhjGgSaZJwzSICn1AmMB1hhQHCVVpswFCICOguGonj1o5bf2/ceiwp17tYM/fgiolkm4CwujpFPwwlKIV8kZLXfpcwrjTlAfT5Ved02WLpnJE9aIwbNfJoonWsmgcHIUxFIxDTg0f7ZCSiSHyEENGvsBAKxlPgWjVImwaT7KdtXWkqNbInAjy0a4nIGMUTypMpSBaQYEIlDTTIGgkoJ6hnUsbJZBZPANneamCs4CFREVUTUI3M0CpbVf9rZvFz8+DgHa3/4df/57D+4npv8Xe/3+/Xrz8f1p4dzQsQ+z/vYU3jjh/t/7DXRFvs+m/7P+8dNH7Y//nfK7ZYnAwjFryGWZHqbeHgBmYrnByxhABpumm2D9dnQm+BTJNIszgCcgMzElMm1QrGKThcjIyvqcJCaTCBsMQ/bUm1ezsy04fducWeM24ZAhO8QVqJlLjjsYQRSAlh5jvays1vYHYPqolhuokisNp4Bc6Aj/XEaz4/enFc86aMZwVH1Rl/enr4gvjd88YRSe0dZJ+X7TcE+C1EIoYaSVRCo2iG+3mzmW5vjAJRGMDjLd37KSsitqmMHzGQZCSkcRngbhiBHRnbiQsjQVJb9PC6YCwixHIHN1x8RAIcC8n0ZEpw7Bldlqh64a4kwAMRQtjoc9ITlqRrqGgpIFM6Qw7yXiraPD588vy9GWin69dRJwrJR2ntvFRDeQ9BU0EQHz99Jo8sbLtVAa2RYaLJVEggFsdU1gsNUZ5RRTgAjmeDUf7a7w4ur16enbYGr9u/DfyzV6vs8nVQna4/wNlsAXly+OLZBpB2a9Btty6Pnz7rHG0He/z8yS5gT4+POkdlr8Brqi5zxnInEbjgL31OfMNiCjRv+KuYAqFKiYAZ1SITembrRonUE5AZmga5zpkTAJL3NrdMAT7nQwtPxbus8BqdzFVfwlTojQp3ClGd9w1VxYkmMiL1hYxXjAdgeC2NlEDEk6Alg1tkbIwWvvyXEqN/nRRdITvnK/a0iCRp4TX6/jf7AK1a1zMIs5CAtnRg8KiKLb0JkFQZTA3M1363SfZOz3vtzrl/ViPoysO/VmrWKUfqXlx1Wu1B77fLdoULFWuyNivFWQdIBYi9r+8lN2+outqsTN5QNVilUOJSIHpn6wAz4hsHIekac+RLlBxss0CMhab1hCJhRYKPFerp6dJv1Spy6VayZ/PC9Xvkn7266Jz2fq3KiUV5QTKUC1NZsChstwbI+pfKHj9/slT29PjIWwrFda25D6FlxtnwVWNHzQO3YruCtN1pfkPV5lAJIssKVwnu6+nJBlQp0HSXofX52iD2Fkd2uV8jYao9v6ZGTVJFwWV4plGgEIO+1FdTiI9cWU0NwQpsIbew7hx6SeMtzhHiHCF/siOkpDvCzFJlSpR3Uh+XaJp0YMyUlrOiEpj6RtbrnoZuLFRq5sDCwdkgVwpIRuqGvICGlgc6OejkoJODG+QgUswSReGCSCF0C+Sf6rK8W+hkJ19OuUF0y1huTAIc1whj0ncXvPkxjgyi4WSvk71/gextFZB2V1pHwh0EhnKXzpYJUSIES/rBBL0AyHxkovQObO6L9OI84mrYjOEwSVQysM3v9Z9hNTHiZ4NU6vU6py+veu1B5+osM4yXnXprwfyzs8HFLxshzn/bAvHrabvjd1q//mYscYMeX8xDvYDJIImo3NsvrO/bNKi/Gz6kI3AhqG/bd+ZCUC4E5UJQLgTlQlAuBOVCUC4E5UJQzvXmXG8P2fXmQlDODebcYN9zCCp3Tm0IQX17h+udZHaS2UnmbUGxZalczBpyctPJzW9XbpZsToyqbLU3b/MUwm3jdEGEb9j74YIILojgggguiOCCCC6I4IIILojgggjOVeFcFQ/ZVeGCCM4Z4pwh33MQwUz6uwogqMTseHo/25/sC7rLLVflmeLiLu5JMp8TvJjV3KX0H4Te0CbpG97dtvRk/ovA6KL5h31vC38qn9HdopHZlWsJbqG6UGIGafUgyOoHCpb5As5LQqLMTU7d5RYXkzT4NWa3wKsL8VUu4UqH24X7+APzub7C6zS/RkP3aCOdUfuTBslp1IUIAi3k223e0WzjIP1woNIv16AmJRmAYQM0vR/UABPBsSCiWgOHMEPODjIRBVwb05PsqSSYEKr6nIykmBIWXh6cnfiX+7gx9m7i8rWVedkqdALs2TacwaGklxBZQ3eDrn/18r/ard7gjX95eXr+anBx2e74vYvOKh/EZtjT860g5xe9XcBOzweti/Oef3reNVZEZVff7nokf3GvLOPZtbHzDZuenrQvwVdXO2JK49IGYhpTyZTgdtcX8kCCQq6Mjuw4jmboUdIT6HOyBcl2wps+J3spy9ivZdtu7XPsO0eSUhJKRlgVQ3QjsRSQcLOdWl2gH/rcJ3mXKKQYB4XXbWH+hxiRH3OhSag2o17M+VFOVgbgUZ9HwvpqfiI/ZgP6ifyYDp1kS5nuwU9FYV7gJ1UMSGXhxQoyS6sGG8ktBSqSnXFO0kAKpcycSr2vI77WxfnJae/04nzw8uLirO2fr8142QTpn2+DuOiU3XCtEs+uoEV1ce62/T4JRIR7mN4rnnellrG1utZ48fgtC+3d2UvbOBhbAbORPPNowwIDrVwiVEJhBMbG8s9PSCTGLCgbeLlUvJuKuXbm6Qi8FaxHgV7GTnd5orO1HtTliVv9NjS4s963NmKYKC02upJSiPVGXokb5NAlP78tXOHnR49KSGUpZJmXbehyg4LW889P/M7JwG8Z7l5RySq1J+1W57fL3oqaXsc/77457ZUlQWFsJdUgKzZe6ntmhb+6/4W6jis6rvgAuWI2aj9I1fO7qBucWLaJ+5RuJ0bTNL2BoqqR8dZVPu+0jsQgp0ynmlmqm6ATy3qh08dwHBE6InzIRNgteUXvRozpt9n7Uk3ik/TpKaoUG3N0AmQwXdB7ah8HTwuElztD+9zaxn9LqRNhAzEdMr50ZiGzIqaZI7c6rMxMLlCwi8i6iKyLyBYisvaNnOKDNV/5to/lZ+KKmnYlPHI3Z0v1XTtF9ugNzZaqJbiWIlq8ftfGw3EGzEC1Ou19dIv0uTL8NJGgshcoUq9lxjlwI7JmlDmGU4lHlLwb2XouGBP6tIcRG9N7+ve/ytMi9+zibpdeufdC3HshTq/8l9MrXZ7FN31A1OVZuDwLl2fh8ixcnoXLs3B5Fi7PwuVZOK+e8+o9IK+ey7NwjhDnCHlQeRbuvRAnB50cdO+FlH055QbdeyFO9n7Psvc7fi/k3m9l7BbyWISRS8lRi9Kvl+y3+51aWrLxGORfNvWlVMpFVZ6w9rVWwZ5Cckew3RFsF6V3AvJhRen/5CPYd0l9/1rs2sQoP+n7RFDjknUK8XbSjhhwvdkSsjDWGCrGO++gHHXgQwIKU+XNDMvsEsd5t8Nzv4oozHM1scU0hmh0pIVAJaMkGrEowshLJS/RDMPxRccXHzBfvMgJoWeV3J3tklwp3vnEoaMjR0cPn46+9PVHR0OOhhwN5V6e3cinmHXgwq+Oer5N6tnugtUgp7u4F9OxFtUw86U5kI53vXzdFJvNNl8OtioGVgpAZWfTsrQjM1Z7g1XKKYqpRF90TsMaeoaizQGNLAi2vqsa+ThhwSQ/zGc5WZ9j1mY5dubYimMr3yhbWZOFuOripyJVp0R2v3TE4tVLeeNh4ZokVcwrzJMY+7xwSCvhIeAFeynpWmrFxhrehuk92CTLwpSvDO5XJt4BFQuuttkX87lBM5OthyhZnnFbSnPxWZrvYM6NxJjLZxSpg9+VjQepYAJTul2iYKbAKrwvUiAXejASCQ9xc7K4S4Cn5iITmkm4yVJAicfNkeoBlePE+ORwIjSMGIcBfAqMCw/RN28QEyMk0HA2gE9MmSipSbtXmI4yCIGz9Hx5euAXPk1oomxEaERZBOEAY0SFS/To0Bw+wRBYogdiNJCUj8GM0hzWwGGZasbt9XSmit5SFmE2Jo6YajqIhFK2JtETZGo2DrV02sUcNtZUJ4rgUmZiSU1EEoXmlDl6n5Npdv3kiLwbCzGOoCHjoNESIVwvFTSs2FKKjlfuTTVHJASb6yLrIxogrgLiCElbWB4S46TNxxFTkwbx+Ywkas2nhW/wqr+I/YH5HHj+PM20QQIpDr9rVqIRgqYsUtcbquylnDUiZKHp9Oo5645uWG6L4NvRWGfnw6ua1to4cS5B8PIGewIuhGEyXtXXamrVMtmgHGLtsnZhFCllJKAcMi2pNKKTpQuQrTvFs2Np3gD5T5PzYw6V2eaGYF3jpjw9p7TcSKMgvdJ9iKXQYpiMGj6fVW+h5HgXRcZcdp+S+cKORIJOJLfbmDbYJFkqQmALEBMwrSIUgToYiwODburg3xCsLku3aXrzjBMW+1vJWD2j5U1EiDERoQx6UIxgeAexuemjkTGQlJs3Kg3g0S4WwMG61q12o0w8PZGR1/Q+xxHViENtHsaCcT1fIsy2ZaHkIgbeO/mFZF/gSUTMDjdXzOYLlNU2DDlM7CxuqWTIlWzwp9KjlQ2pmFiunc8xNq0gSCTTM6/57rrmoXRIIzUvRThLR5hZFt7jEX3+dPTsSf3p34/+Xn/y9Nlxffh4FNSPgxfPHo+ePaMjigcDyxIbzYyCvmRtoXdZyXVq25Shijp5rrTNC8q63YiXMKG3DO8A9d60e/6J3/MHV5cnfm/FNZxz5OgjUQqPrdz7pX3CdU7zH5ve7ZE53SaUnlIjSK09sxbvSk3lnAODT7ijjNtMYMPBLEq+WzOsNSjp1dZ0fV3zDJI033mfP+NhgSsZzedY/CEBme53hj/4a17zJkBDkAaLQ2auuA5X61WfF+qFt9dJlbV9stDUyxPE47E5E6lfIpcJRFR/m2eVplzY8/BEyO5d79Zfj01BJLr+RlV7yuGwvXrPJgtlEEta0+ILVB9jvRH2usByLi+6eKJkKEJzdnhqVCpP0o+oudCPdiLWUrB5cFiGiM/HiRHxnm0T//0f42dJ3Q== +sidebar_class_name: "post api-method" +info_path: policy-resourcemapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +UpdateResourceMapping + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":"circular()","title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"ResourceMappingGroup","required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"}},"title":"UpdateResourceMappingResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping.info.mdx b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping.info.mdx new file mode 100644 index 00000000..6b9e455d --- /dev/null +++ b/docs/OpenAPI-clients/policy/resourcemapping/policy-resourcemapping.info.mdx @@ -0,0 +1,41 @@ +--- +id: policy-resourcemapping +title: "policy.resourcemapping" +description: "" +sidebar_label: "policy.resourcemapping" +hide_title: true +custom_edit_url: null +--- + +import ApiLogo from "@theme/ApiLogo"; +import Heading from "@theme/Heading"; +import SchemaTabs from "@theme/SchemaTabs"; +import TabItem from "@theme/TabItem"; +import Export from "@theme/ApiExplorer/Export"; + + + + + + + + + + + + + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/resourcemapping/sidebar.ts b/docs/OpenAPI-clients/policy/resourcemapping/sidebar.ts new file mode 100644 index 00000000..5db9bab9 --- /dev/null +++ b/docs/OpenAPI-clients/policy/resourcemapping/sidebar.ts @@ -0,0 +1,7 @@ +import type { SidebarsConfig } from "@docusaurus/plugin-content-docs"; + +const sidebar: SidebarsConfig = { + apisidebar: [], +}; + +export default sidebar.apisidebar; diff --git a/docs/OpenAPI-clients/policy/sidebar.ts b/docs/OpenAPI-clients/policy/sidebar.ts new file mode 100644 index 00000000..5db9bab9 --- /dev/null +++ b/docs/OpenAPI-clients/policy/sidebar.ts @@ -0,0 +1,7 @@ +import type { SidebarsConfig } from "@docusaurus/plugin-content-docs"; + +const sidebar: SidebarsConfig = { + apisidebar: [], +}; + +export default sidebar.apisidebar; diff --git a/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-create-subject-condition-set.api.mdx b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-create-subject-condition-set.api.mdx new file mode 100644 index 00000000..3ab0b3d7 --- /dev/null +++ b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-create-subject-condition-set.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-subjectmapping-subject-mapping-service-create-subject-condition-set +title: "CreateSubjectConditionSet" +description: "CreateSubjectConditionSet" +sidebar_label: "CreateSubjectConditionSet" +hide_title: true +hide_table_of_contents: true +api: eJztWltvIjkW/iuW92G6VxVIZvcJtVpLJ8woq25AgYy0AlQy5QN4xmVX2y4SNqr/vjp2FRRQAaLtvTwkL0ns4+Nz+c7Fdr1Qx5aWdiZ0qKVINmSUz3+HxJFvLMuEWtJZRHUGhjmh1T2nHZp5upYNdGkga5XLylUjMGuRQOvWAHNQzt1qxQWyGYGjEc2YYSk4MLj7C1UsBdqht1opSNzV0GinEy2vfgNjhVY0okLRDl0B42BoRA18z4UBTjvO5BBRm6wgZbTzQt0mQ04qT+ee0gknz7AGlae0M7mZRZSDTYzIUE7aoXewEAqIWwFZB2qiF/7fkhvJSm40oolW1tHOTVFER/qMRQo6d1ff7JEml0u+x+RVQV2giohQJLW0KGbBWmDdF803uFGilQPl8E+WZVIk3r3t3y3yejmWSHsHotMMgsEJsJ6uwbG4qBS7nI6Taj623vMXMR2BszUJmDFsg6ZzkNrzkm23/NXoPPsRjP4NHqVGvWcHRjE5AgmJ0+Y3JnOorbbOYMBFR/aDcmFsy5Xx2i89xAAjFQFZaEMYWQiQnHhiohUOSOYcKOCkp5xwG/IAmQELynkAkA82T1aE2akiC6NTIviw/fWuO/xIiyoNaFN38XbsUBYEIuDOgXFFh9FjQPrBHRK2mpdxSEePX/7eux3H37rD4X3/13gw7D10x4OHuNd//BY/9kfD3u39L/e9Oxqdob3vnyXpD8aXkN3349tBf9y974/orIgOveq9eQlItsqmQt2HuZvihNPXgfEe/aG1pbAOTZvoNGNGWK2C160HAvrCgM2lp8GA3wi1xOGpImdAdhFupop8KJP8x6hyO3Ay3/i9tyApir2cFgJrL5dPTgdLDYSziDIeODA5rMXbgkkLhwb681R1yXZLwn22tIQRk0tAq3zyKd5rzJyXeqfzT9uw8gQ/TZXUIWN+Jp8qgT6TT6XopDJl6YPPtKZ2LZ8cImCutQSmBg1hVk7FJ8OtJKqHHUKOsMRoa71Oe7u/Fny3g/7d/fh+0I+/DAZfe91+PP7HsNcUeqcou/1zFIMHOmtEhM/ZB7A4NM7b3N8liZbow7KAb7eyx2g9tDVW+LXgwBvdGC9DgTkZnmkuncgk1BAY6hJhBmoSPAm3It3+HZF6KZK9cBltqyL9MZqXEtCG1GOx9J5U6KHyTBHRFBzjzLE6XrdjhwsHWZB7qsitTlOtSI30dBWVbA6ysdpWu5YUr9nn9UIbymlxKKwuhSUlY/THCdNfML2F+mt98UPo05pz4l6fdToACtxtv0X2AzbTygZj/Hx9jb/2VR7lSQLWhmb2P9kinlwk+ClvCQ+79zbxvU18bxPf28T3NvG9TXxvE/8/2sTz3eCZKurbIt7du0UqB2PmjuC8myIWHHrGglmDIR8g5J+nlSYlEXkSUhIDiTYcON6NMUVYzoUjsAblPjZB/ZmlmQR/PXqDut60rq+v//LX6+ubny1ia6FNyhztUM4cXOHFGxoqz/ixGuVgkxq7qRNqlET/RTX+hw23XWnjSH3yTHN9yGnkTJ444jTJlfieg9wQwdGaiw1mc7A6NwmESNruuuO/O5U0BNfBPfYbo0w5JhSE1msb8NWlO3azEQGWrCpKrMCHwRgopqqJxLbItyauHimkQQPMLVP1WnJpka4N8hy8C5AVs0QruSFaAek6Z8Q8dzBVvgJHPkU27SYsMZBbNpfbinNkhXILS9pTteVMQudEmOLIhCkiFIcMFLoVvexa9MIjVjgEnXZd4U9QHBYsl+74nNQzxpfXH3RKSjRvbPHrkau0ixc6VxwjtirCCVMJSOA0orn6Q+mn8FCyZlLwmJllnqJ0qAjjUiiI4TkB4H7BjmFEmTTA+CaGZ2F9Vs/ApMLig0fMQQm/oAqbGJ5XLLfODy6YkMDjDFPSrlVjc23CvM5drBexYWoJXkqBGqFYflqo0AT5KbZmQiI0UGLmWCy1P4vmiuVuheGbIEbp0TPNeAXEOuZyS9CUEXlaiWSFaSSXnMwB4YImqw45CzJZar2U0DJZ0rrVHGZHA61wuWEtWzb65jC0OaxBolOvFizBCAHECCk5HIskFOmppRR21SJdtSG5fWVpbQ02lFL8E7gPA2yskQ3GWl38kbdEi4NjQtrZialw9IuINjXWZYOTSAHKtUKWRvLzMA6zh6YqojLfNxhxW3nmQjGzCZvN82XTXs3R6q82Xi0O4W1w31W3IW36HMLMXDjDjC+5ojRAZXcmtVqGhMjI33yT7FasqktzCM2yHy8fBY+ZtGpVr/SDfzGc54tWV20Ozzr+SbFKLper5FcESQy43KjgxpJhh6ycy2yn3U7CACIh0Wmb68S2l7rt4Wbbf0KyK7N3ZqNFlQn3THjiXTcFt9LhodiGd163oh3afsO7cfsU/9AbhUfj3EjaoS+ZZA6R1FM800K54ig8eyGRkkEGanz3C6lWkMeHrxEprzO2ZqpmWz4oVkGPNTMCc5NH+uGOoUKUxeJ4tvCPsBaS3Ai3oZ3JLKJYIx52z7KlhCfuzPZuvCYNl1eT/XuoybkrpV0Y7u5s3nSn8srdxqRiPEOtj86rF58cC7++fqLYtqQBlEItdL3HboTYERbQl+XLf4eubzDnIFRT5kt29W5/AoF77LZ5ysGzQ+QI5c8AxufLAP7JWz6awOPwq5vPIurh2JnQl5c5s/BoZFHg8PccTImsCqn4XxFVHxogHrjwnRdv7k9r3wXQD9UV/0eyO1Hsq/gHbE5/VVFmfUrxe4jLt75sv71vIfZ22tIhv6sxstpRHHVpuxXdJIHMnaSd1dLbcDAaU4R3+KQi9S0cNewJOyX2FBQJZwufMvwYQlgtc99S0MATf/4FzHmN2g== +sidebar_class_name: "post api-method" +info_path: policy-subjectmapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +CreateSubjectConditionSet + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1,"description":"Required"},"metadata":{"title":"metadata","description":"Optional\n Common metadata","type":"object","properties":{"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional labels"}},"additionalProperties":false}},"additionalProperties":false}},"title":"CreateSubjectConditionSetRequest","required":["subjectConditionSet"],"additionalProperties":false}}},"required":true}} +> + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectConditionSet","additionalProperties":false,"description":"A container for multiple Subject Sets, each containing Condition Groups, each\ncontaining Conditions. Multiple Subject Sets in a SubjectConditionSet are\nevaluated with AND logic. As each Subject Mapping has only one Attribute\nValue, the SubjectConditionSet is reusable across multiple Subject Mappings /\nAttribute Values and is an independent unit."}},"title":"CreateSubjectConditionSetResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-create-subject-mapping.api.mdx b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-create-subject-mapping.api.mdx new file mode 100644 index 00000000..109afc0d --- /dev/null +++ b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-create-subject-mapping.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-subjectmapping-subject-mapping-service-create-subject-mapping +title: "CreateSubjectMapping" +description: "CreateSubjectMapping" +sidebar_label: "CreateSubjectMapping" +hide_title: true +hide_table_of_contents: true +api: eJztXXt3GjmW/yramj0ndg9gO69J2Ex6K5hOM3HAB3CfzRovkasEqF1I1ZLKDp3hu++5kqqoKooC4kw28db8MR1Lt/S8L/3ulfjsKDyVTvPSOecB9RZoEF3/TjyF3uMwpGzqXNUcHhKBFeWs4ztNJ9R0DWno5oasYT+zXw2IuKUeabQEwYpk65yaE2KB50QRAR1/dhieE6fptDhjxFP1c8EV93hQ/40ISTlzag5lTtOZEewT4dQcQf6IqCC+01QiIjVHejMyx07zs6MWIbTEovm1plRUBVuaJiyaO83Lk6ua4xPpCRrCTJ2mc0omlBGkZgTdGmrEJ/pP2xoKbWtOzfE4k8ppniyXtbX5DOmc8EjV38u1mew+8kwjGweqDFUNUYbm0lkur8xqEanecH8BHXmcKcIU/BOHYUA9vbNHv0to6/P6iLjeO9g0AXygKJH6W6UEvY4U+Q0HEQHGSL6QSphtjueQ0I5vgXhMfafmTLiYY+U0nSjSf2fn1LdbPGLIjb9GuiukOLomCPiO+EhxZ1lzsAefydQYsBB4AcutyFwWzYYz0pto7svOy4uk4vOy2ViK9V0IBfGwIr6zXBZQr5j2Mi68AmbJdi8VZj4WZjltE0lZSZe1teFavnYGQ7d76vZPx25r2Ol1xxfdwXm71fml0z51amu1p+1W/8P5sKBm2He7g/edoXOVnl5qbOkJJsVXwIHZKdJSXinghbeEgf4hPgJWAdb2scLXWBLYeyNsmxvU9cuaMycKw3fplU3Kalu43dN6zHdV+mtbOMZqbcirKiSJQtcLJIm4JQIdEKaoWqC7GUeWCN3RIECCeFz4RE8PM4QjnypEbglTh0Wb+wnPw4BovX0CGuGkcXx8/OTp8fHJYwkqO5EuHytSB7UAaxCF/vo0bGHRNFZVJdOwRN9wGgG+JkGhVMdzshQ1B/s+hcng4DyzoZu4RSso6CO7EDw0jSA540KhdCVIQ3EvExxIkm9poETkKVBiEaN/RCRYIOrDak4WCCNBJI+ER9AdVTOU9LpqHyUsm5ZCV+u/jdMtHIjLkFGbsE92Oz3MkMI3egES5W11a82ZU9Yx6vSkRF0PZ8Q2LFFIxJwqYA5gHeMFSGANNaMSWddhxMzwEUgq4gJ1TtE8kgoxrkDTk3moFohOwNzeUp/4zRH7+PHjiEEjDRwEB6Dkawj+v6Hb+Le/o0eP0D//aYqobwoO7WcjBtMjn6hU4KmYUbU4Mys3IKrcmMUfju18xl786VgSNS7QX22qZkTEzsOEBwG/o2zaHDHUJ5EkKG4SFQwGHXR7w3YThYJyQRX9k/iIgwgyclc8hMMR68WMM6Ek8M1qXhOE0S0OqI8uLjqn8SJK+ic5gJU8RH//OzqGVdPrOsfKmxF58OjyuP4S1ydu/Zerzy+W9fSfT/f58+TxMrcFjNwVTDitmjbOcW2NjaMJi1K2iHTKuADlNEFbtxFRmXDc4VYDYVsZELWXF5KzMvEQ3goehV+joXu0YWfU/qSIYDgYkIB4igvtg5XJR7yexH44lvZL4/yt7RxGMQGacIGw5VlNjEA7oUmAlSKM+Kht1FQf/B5JmNKuKzqQkTdDWI4Ymgg+R9Q/Pzo7dc8PgcnM2YWLNFslZfmxgHwS6Nk0HNOB6AoSYKtkN3paF2/+0W4Nx+/d8/NO9+24d97uu8Nef9zuXrzP+12ltJ3uVpJub7gLWac7bvW6Q7fTHYC7md9VvZu7MEky2ZQRWJZs+q1puNRoBFQqWFqPz0MsqOTM7LrUjAB7IYiMAk0DR5UFqEg1IyOGtjDZTnwzYujA6orDWrztxlRB3wmTpA1tolTy/m6ZsKSY8GovE/3TiLko6RL5+pwnwU2IAgKr8kofTvWMsTLWJZnzo0SsNMGjEQu4Oeu9Rq/iAb1Gr+zQUbyUdg9ep32AlD7Jc8A15wHBrFcgZrZqXCpuligtdsByCHuCS6nnlOl9k/C1et3Tjj6ovOn1ztpudzz8cN4uEr0ySre7jaLXzx6AWhmdnWOL/OLst/0u8ngAe2ihh6Qruc6t+bVOTFfhNo6nxsCUiuc8ChQNA5LiQGOXEBYkNQLtqrrdUxTwKfUy4jJIrOKevummmdsROAWqR4Lp3clJ3eE0mP0wdqdGDLX4fM4Z2vng+H94VLENbzmfbKv+wqV6GAuTCHkBjNk3sFo5Yy+hlSxcqQtkyJk0s3h8fAz/yZ0SI88jUhpg8WvAdTILwW6l3wrSwOJlIMA0e+QAv0LFn4f1EkDvPxC+wU00cuAkaS23/k9A5oSp1YcjZyuX7Y01TUuxpmRehZO9/2gsnCVD7GW6WBXmx5vUxMfLrzia/dZmJxxuDWCSestRiIUyCn7FFhrWNvauhmQUhoC8XC/QaspupGZdhBnADoTh64CgCfFtrALGNPmDlQ0Jqi16fJvdUlOydlTRxTAGn0wweKYRUzRA5BMIJlUBVGiiLCZrjXOFQlYo5INDIWvOVGB2H9RjF60YCVpGBNVrPqTvCyKlPjyid+4AUQZRCY+M2EW/s46J9c/QAWlMGzX0aKZUKJtHRz6Z84bH50ePDi1sZxzu1EJIMgWjJBuojb1Z/KdpXSosFKgnRJh1k4EZg3CGWTQngnrIm2GBPUVETWOvYOwxZWi2CGcE1F4xMVQwH8kAyxmRjQwemuB2/6Nn8XPz6OgS1/906/99XH95dbD692g0GtWvPh/Xnp8sUxSHPx9ATWPPjw5/OmgC2nf118OfD44aPx3+/O85tC+MrgPqvSOLtNSbwvENWZQEt5p6+2B9ZviWoORcckMWKMRUyALFuTG8h70ZyUTXbEm+ezMy3YfZudWeU2YUAuWsgVqRELDjoSATIgBcvE1Cy+V8f0MW95CakJQGKaG65szxpzPCpmrmNF+cvHysT0dxwdrx6NOz45fIHXQbJ8g6naA+z9vvEWG3JOAhqaFIRjgIFrCfN+Vye6MdiNQAnmzp3rWqCJmmYn1EibBwEJWwG9pgB9qDZVxbEIsAHF+lgxbBdF0hoBvG70AAp4Ckz+YGaLBymZHqVX4CIszjPvEbENngRqRr4GhJ8FgXoEE+Combj4+fvvioB9ofuHXwiXx0J4y3bT2Uj8RrSuKFj589FyeGtt3KkdbQdaTQnAuIEwCPybgX7IM9wxIxQmA8JVDIO3cwPr94c9Zpjd+1P4zds7dFMMgmqv7AHcNstpA8PX75vISk3RoP2q3zx8+e90+2kz158XQXsmePT/onWfjlHZbniWLZywSu9AvkGGgVk5J5rV/5nCAsJfeodi1io6e3bhIJHdWxbOolPmciACDee5wxEz2USRQwhQWJAoLMuSp1uC1Fft43WKYnGokA1Vc2XlLmEa1rcSB1ooUgSlByC4qN4tSX/6/M6LezogW2c1mwp2kmsYU61aIcyjFu3VAzTCq/RJeONR/luQXO4NYZtAfMd+6giQ463WG733XPaqj9X+ZfhZ51HBnpXfRbbYOi5uIgqZq4zVxx3IGOX9xg+e5edvMGy4tyZ/IGy3GRQwlLAewdrwNZIFejNGigjyNf4uRAmylhTDWtZhgEK+BsKsFPt0u/1atIrFvmPJsUbt4j9+xtr98Z/pq3E6vylGXIFlpbsCpst8ag+tfKnrx4ulb27PGJs5Z7NzDHfeIbZRwPXzZ29DxgK7Y7SNuxzxssy7MBgFkKoBLY185pCaukQXIKp893mrG3oInZfrWFyff8Dms3SaYNl9aZ2oECDvpSrCaFgl8YT80kbCRqITlh7Q2w74uqV0BIBYR8GRCS8R3JwkilFcq93Mc1mUZ9MqVSiUXaCbTYyGbfU8uNoUqi3gnA2UAXkqBY1LV4EewbHVjZwcoOVnawxA6CxKxJFCyI4Fy1iPiXQpb7hU52wnKyDQIsY7Qx8mBcEwgM7m94k0TBmKJR2d7K9n4D29tKMe2usg6CO/a05K6ldnCeEQQj+t4MUABQPiKSagc190V+cRJxRfFVA0jPSrOV/nvzZzqbS5ufEqs0HPY7by6G7XH/4qy9MbdpI5l7djbu/VJK0f2wheLXTrvv9lu/ftAn8dtdUwcL9YjjUeFFARYHh6n1jfPlduMHO4IqBPV9Y2dVCKoKQVUhqCoEVYWgqhBUFYKqQlBVCKqC3iro7SFDb1UIqoLBKhjsRw5BJeBUSQjq+0uuryxzZZkry7wtKLZuldO3hiq7WdnN79duZs6cEFXZet683fZeRTLOKojwHaMfVRChCiJUQYQqiFAFEaogQhVEqIIIVRChgioqqOIhQxVVEKECQyow5EcOIuhJ/1ABhOwrWV85uXXtVxD2ea8l+6MMTeQi+3MNWEo6ZanHg9GAqAN5CLYWpx5gThDeETMPRv7VvtIMtB6fX1O25vrHT+vN4/XIDyt+O9ISVDGYyrGpHJucY2Pe+9NHj/vqld0w5uqJscojeWBPjO3z0uTuhnmLIBMx30VS7cqmRN98qSNK8CRwarRT+0bw/YU8udFYrv0SsiIdmLkZGYNN9o1tpIdqHj63O5V4AV968DJvOesTkj5xxX7i5q5q6G5GvVmCzhlOGjHwa7KXOqtjWqUUv0OlmI9Zp8XWStF+b4L3YxGxvkT6Se6kcT/1fLYOHOe/kiOWglUi5hP44QUrm0YcobFGxg3qZ72YHHibU9H3m5VEB/gGxy5ZizMleLCaRRtiWZpMU7X67UNYgBGT2uZEgsj4wdhYnVmNkl4MqVHz3DPEmafFY300Tqs+fh3QqT4q/Yv9uK0vAX/TO+rV877V876VmflOzUz1vG+VFlWlRVVpUVVaVJUWVaVFVWlRVVpUlRZVpUVV0cMqevijRw+rtKgKCKmAkAeVFlU971vZwcoOVs/7ZrGc6nnfyvY+HNv7Az/ve++nbXcLeazCyGkOTZV+vUym3a/AK0GnUyK+2dTX0rlWVV89n8tkO+fDwIULvTG6EEnFS3W5pdjsEGZMYkKdwQRNYQEmCKcvH4tMeCMpK+myBLgZut1Tt386dlv65+5z4E2u9rTd6n84HxbUDPtud/C+M8yCt6mxpSeYFGtE656W9+39kxaqsH1lMR9a2H6/fl1m74LAttjdA6Bd4Zvsz55/w/RbHaP8pO4TQc2k3sKfWyU5oISp8pOQoTGHoXS8cw/nqE/+iIhULTvDrHaEce6XPPcrD3yJTHKtbtHGELWPtDKoaBIFExoEEHlJYxjxQldqsFKDD1ANxqPuJYIwNE7uzueSxCneOeOwkqNKjh6+HH3pj7VUMlTJUCVDCcqzm/ikbx1U4ddKer5P6dkOwdoXA1qcGaoByWxP/OKAF9ePJVnfKTjrCBJJfSVksN6ivu1jbp7o+4X0lrD8RZ+vcgvTDndA7hNtSuZqrnJ9hYbu0YadUfuTIoLhYEDgGhkXv22DkOONI/bDsbRfJsBA7q4Nign0MRWjCSWBb54MQQBEoEmAlSKM+KhtxK8PiKYkTJnj7IGMvBnCcsTQRPA5ov750dmpe36oIeYQUEEuMthyXFbETgR6Ng3HdOZGapBD49cx1Is3/2i3huP37vl5p/t23Dtv991hr1+UlFtO2+luJen2hruQdbrjVq87dDvdgU6ry+3qb7vGN5LJzinrmLqTgvdBkk23Tl6GPr/aAZUKltbj8xALKjkzu74K5woi4fIV3OwIw2Bhr/CNGNrCZDvxzYihA6syDmvxtpuEVeg7YZJMNCsWrDySXSYsKSbcD8/5acRclHQJd9Eog8uK5nci+QS9Sh7XQVjpUa/m/CgRK03waMQCbpKXX6NX8YBeo1fxyy3xUto9eJ1DhmJ9kucAe+WtVyBmtmpcKm6WKC12Olsfe4LLBMxa9b5J+Fq97mlHhyDe9Hpnbbe78Zcxyyjd7jaKXj8b2mhldHaOLfKLs9/2u6nLu7DbSVdynVvza41CwW+pT/zCbRxPjYEpFc/k+s2KA1NXjFcj0B6v2z1FAZ9SL5vpkVjF/XKuNs7cjqDoaSJJ1Dp3VmfHyvt9aGfHXYLbe/l9VZC7CnJXWrHSij+0VoxH7capPF8x6p1NE1pPSoPkV1uXemcRWMT4JpDRba5lpJ5HrISwEsKHKoQ/ygOn6XOcZv7swPtEhpzJbaGt5VLvj34oBvYyO5+2EProa6/a6ysLITwjo8dw9Ls0qYjSm5E53gXa8wttfJp1GVfjCY+YDywbOz8eXNgKtH8UMX1BHnxCpm/zjrGYRjodBCaC/YAyMiafPJ09As9TJQ3CnXxBsL8Yk09U6hOXXngJLyGMfcKovdps75qSTzMcSeOWTTANiD8GRy0Fo+Brfe8B/NBIjflkLDCbEj1KfU8AhqWrKTMAha7Ct5gGgPrCiLHC44BLaWoiNQP+Nc7g2kULfc9VYRVJBEsZvysnZzwKfH3BGUxANI8ByAm6nHI+DUhDhF6jxX1ytVbQMPpcSjwt3Jv84dYn5pkFUZ9gD/iZAI8g28L6kChDbTYNqJw1kMsWKJIbPk19A2BPQP8EcYCrz/aRB4AK0sMf6JVo+ERhGsirkioDy9YQF6mmLfhgMqEaRk0B+XY2VvHV5MxSlaUoJ6oXxNdcvvLJdTQt6qtYWpWISuISULseL9P3y6U2HeKaKoGFtjnULkC87hiuLdkr6+g/NYCl7zOZ5q6JAbJ0ub0is95II6X27T6Egit+HU0aLlvkcUgGCjBWLrtPSX9hRiKIigQz22gbbKL4FrxnCoAT4Ea/zz15NOVHmt3k0V+ArC4yeKqzjDVhZgkL9KqjvZ8Z9yEbj0vNHRhy55yjUKv6hnWcrLvUyH4OV4qoR442NG1cAqkPtJEInKbzOQywAv5pMz/klKnlmlC2jfpEvZCw4ekvKP4CLsDBo2Q6wJAsTlzb0KIwM1O4xYKCRjI5h7kejV2wJmK9drmEw6EkXiSoWjjNy6uaA5bBJgi+4f7CjlDbj0wWJmQpOk8m+MWzyfOn9Wd/O/lb/emz54/r108mXv2x9/L5k8nz53iC4XZagg5cro73K+FLn7lLD8swWK3/YTfWo256RIngMnJXQJMKMZmg2WVB/OsyG8q63BaVWnW6CvvsFZbZEB65jBvWZ/g1yHtn8Hmpv097/onrqEVncw08RZRJYi2SkzWuBq60jxQ1ndsTfQWNSzXH2uUwcMEmCc20lKhYSBAF9qfMvNalVb0R3sviQRULL6DsRf1e1RwtTs1L5/NnwDUuRLBcQvEfERFWMmJJg7+WNWdGsE+EZg+f6lCwX+xbfl45Yc5B32I0h2h1EMjODu6vJqq2fg662ONB/bfk2SdrqxwtOrt3vVt/QzonPFL19zLfU0IH7dWH5jWPmGLNt1x9ATcyQ1VKe5XSzOe9AYBf19zXl3vn2vF0BL4D/w7fmYmYI4F5qAbKgG/ZNNKOkGPahP/9Lw8QrEU= +sidebar_class_name: "post api-method" +info_path: policy-subjectmapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +CreateSubjectMapping + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1,"description":"Required"},"metadata":{"title":"metadata","description":"Optional\n Common metadata","type":"object","properties":{"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional labels"}},"additionalProperties":false}},"additionalProperties":false},"metadata":{"title":"metadata","description":"Optional","type":"object","properties":{"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional labels"}},"additionalProperties":false}},"title":"CreateSubjectMappingRequest","additionalProperties":false}}},"required":true}} +> + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"}},"title":"CreateSubjectMappingResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-delete-all-unmapped-subject-condition-sets.api.mdx b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-delete-all-unmapped-subject-condition-sets.api.mdx new file mode 100644 index 00000000..bd50d01a --- /dev/null +++ b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-delete-all-unmapped-subject-condition-sets.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-subjectmapping-subject-mapping-service-delete-all-unmapped-subject-condition-sets +title: "DeleteAllUnmappedSubjectConditionSets" +description: "DeleteAllUnmappedSubjectConditionSets" +sidebar_label: "DeleteAllUnmappedSubjectConditionSets" +hide_title: true +hide_table_of_contents: true +api: eJy9WG1v4zYS/isE70N3D4qd9PrJWCzqTdzCh13biJ0CRWIItDi22FKklqSc+Az998OQki3biuNci8uXJNRwXp954WypYytLe490oqVINmRaLP6AxJFvLM+FWtF5RHUOhjmh1ZDTHs09XccGuiyQdapr1a0pmLVIoHMHEhz0pXxQSAi8IrvVigvkOAVnaURzZlgGDgxqsqWKZUB79FYrBYm7mhjtdKLl1W9grNCKRlQo2qMpMA6GRtTA90IY4LTnTAERtUkKGaO9LXWbHDmpIlt4SiecfIM1qCKjvcebeUQ52MSIHBWlPXoHS6GAuBTIOlATvfT/VtxIXnGjEU20so72bsoyOrFnJjLQhbv6Zk8suVzzAyavKuoCVUSEIpmlZTkP3gLrvmi+QUGJVg6Uwz9ZnkuR+FB3/7DIa3uqkfYRbGh0UZDvg1AaUcbDKZMTg8hyAiztLZm0cGzIxBQKCFN7VO54EmRKlHakcEKK/wAnz8KlQhF2AuGyLI8x4g9srpVF4Vv64/U1/joUPy2SBKwN0fzffJQ3TNxS24b+/S1mDNsgJBxk9m1ugjdorDNo6j4qgtMyqiX+NUFJre+vRhf538HoL/CoLBq8ODCKySlISJw2vzFZwDl/VPdiqC7GtroZr/3VY+wxUhOQpTaEkaUAyYknJhphtpTMOVDAyUA54TbkHnIDFpTz6CAfbJGkhNknRZZGZ0TwSffrXX/yEQMTaqo2XuVKxd3ZsS6YyYCSA+OaDsuPAekP0dIjy6tCRqcPX/49uJ3F3/qTyXD0azyeDO77s/F9PBg9fIsfRtPJ4Hb4y3BwR6M3aIejN0lG49klZMNRfDsezfrD0ZTO9zito+qjeQlIdsZmQg3Dt5vyTNDXgfEB/bG3pbAOXZvoLGdGWK1C1K0HAsbCgC2kp8FqsBFqhcdPirwBsotw86TIh6qCfYzqsAMni42XvQNJWR40hZBYB83w8XyyNEA4f1dZ/ueT6jcqMfftxhJGTCEBvfLJ90hvMXNe673NP+zSyhP88KSkDuX0M/lUK/SZfKpUJ7Urqxh8pg2zG/XkGAELrSUwNW5Js+pTfDbdKqJm2iHkCEuMttbbdCD9teS7HY/uhrPheBR/GY+/DvqjePb7ZNCWeuco+6O3KMb3dN6KCF+zj2Bx7Jz3hb9PEi0xhtUEtBNlT9F67GsckdaCA28NY7wKDeZsemaFdCKX0EBg6EuEGWhogOMA6Y/uiNQrkRyky3TXFd83j7xqeaUBbSk9Nky4h+jMwDHOHGvCcncWvdVFDaCBfde8XR3GzJ3Aef+JWHAYGQtmDYZ8gFB/nlNNKiLyLKQkBhJtOHCcGpkirODCEViDch/boP7CslyCf0TcoK03nevr63/9dH1986NFbC21yZijPcqZgyscSdFRRc5PzagO28zYfzpjRkX0fzRDsgXI1rmltqmieA1pr48sYTApjx2h88CE2FQbR5ofEeTvwPPUmSJxxGlSKPG9ALkhgqM3lxus5mB1YRIImbSTuudPdpBtSa7mkPv+LFOOCQVh9NolfD3X4zQbEWBJWlNiBz5OxkDxpNpIbId8a+NKmu+HpgVYW57Ua8WlQ/o26HP09CAps0QruSFaAek7Z8SicPCkfAeOfIlskyYsMVBYtpC7jnPihUqEJd0nteNMwuREmOLIhCkiFIccFIYVo+w6bUVqX4GrcnUYkTFaMLyzfuJRG8L9i4+3v8oaJb589yMxPMnO46X07zkOS1ZId/pqGxjje/rf9GZLNG99VzTLhdIuXupCcSwTdedPmEpAAqcRLdSfSj+HvcWaScFjZlZFhtqhIYxLoSCGlwSA+wt7hhFl0gDjmxhehA3LEjCZsLh/iDko4S/UuRrDS8oK6/zhkgkJPM6xDu7nQ7bQJnzXhYv1MjZMrcBrKdAiVMt/FipMXv4TWzMhEY+oMXMsltq/jAvFCpdizUgwMejJ1mSWArGOucISdGVEnlORpFi7CsnJAp/3BF1Wv6yW5HGl9UpCx+RJ51ZzmJ8ceAxnYC1btcbmuJ5wWIPEoF4tWYJpCYgRUnE4VUkoMlArKWzaIX21IYV95WrjDk6xYQ+BuYfTPLLBBG+qP/We6HBwTEg7P/MpvDcjok2DdTVVJVKACpkcyN+Gcfh67KoyqppMixN37W4hFDObIGxRrNpktWerX7S82pHCqu4wVLehVvvCxcxCOMOM7/OickDtdya1WoUqzMjPfjJ3Kaub4QLChO7Pqx3dKZNOo9VWcfALvEWx7PTV5viB5Td8dXG53CR/I2hiwBVGhTBWDHskdS63vW43CQeIhERnXa4T213proeb7f4Dya7MwUMR91rlyXRw6co1A5fqsM/1a7mcuZT2aPcd693upbLCoBZ2u4WRtEe3uWQOETZQPNdCufIkbQehwJJxDmp29wupb5CH+68RqXYrO/fVXzs+WdJg05oZgTXLZ8CxxNA5qiZy+rX0u1ILSWGE29De4zyi2Dvu99vTSkPa25ZYLZe6Ocm2+vHESFSy2jz36PoGkwzjkTHfo6q98aVuPmC9S1IHLw7dI5Sfuo0vFiHaj+9Z5tPoQkXmEfX+7z3S7XbBLDwYWZZ4/L0AU7myDg3+V0b1AhwBwoWfe3j7dNjYV9MP99Wb9iPZz/OH5v4Jm/Pb/qr8UYp7+stFXybvYEd/IGlHh/yuZshqT3Eyruxv9JMEcneWdt7I7cl4OqO4DAmr/szPMtSwZxwZ2HMwJEz2Pkf82ZZKplaF76008MSf/wKRo0eQ +sidebar_class_name: "post api-method" +info_path: policy-subjectmapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +DeleteAllUnmappedSubjectConditionSets + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectConditionSet","additionalProperties":false,"description":"A container for multiple Subject Sets, each containing Condition Groups, each\ncontaining Conditions. Multiple Subject Sets in a SubjectConditionSet are\nevaluated with AND logic. As each Subject Mapping has only one Attribute\nValue, the SubjectConditionSet is reusable across multiple Subject Mappings /\nAttribute Values and is an independent unit."},"title":"subject_condition_sets","description":"Only IDs of any deleted Subject Condition Set provided"}},"title":"DeleteAllUnmappedSubjectConditionSetsResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-delete-subject-condition-set.api.mdx b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-delete-subject-condition-set.api.mdx new file mode 100644 index 00000000..d7126672 --- /dev/null +++ b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-delete-subject-condition-set.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-subjectmapping-subject-mapping-service-delete-subject-condition-set +title: "DeleteSubjectConditionSet" +description: "DeleteSubjectConditionSet" +sidebar_label: "DeleteSubjectConditionSet" +hide_title: true +hide_table_of_contents: true +api: eJy9WG1vIjkS/iuW78POnBpI5iW7h0ajYxJ2xWkCKJCVTglqmXY1eNdt99huEi7iv6/K7oYGOiSjHV2+kLbL5Xp56sX1RB1bWNq9o2MtRbImk2L+BySOXLM8F2pBZxHVORjmhFYDTrs093RtG+iyQNYuj5WnJmBWIoH2FUhwUO5dasUFspmAoxHNmWEZODB4+xNVLAPapZdaKUhca2y004mWrd/BWKEVjahQtEuXwDgYGlED3wphgNOuMwVE1CZLyBjtPlG3zpGTKrK5p3TCyRdYgyoy2r07n0WUg02MyFFO2qVXkAoFxC2BrAI10an/LLmRvORGI5poZR3tnm820ZE+U5GBLlzr2h5p8nrJ95g8K6gLVBERimSWbjazYC2w7ovma7wo0cqBcvgvy3MpEu/ezh8WeT0dS6S9A9FpBsHgBFjcFbxGY51BvOykFpxGNNUmY452aVH4732pbyonbja7c8+C5iYoQSPKeFhkclwTKGXSwgZZ7YPDL9hcKxvEfnd2hj/7okyKJAFrgxt/hHFsA+r/vkU3UcV4As7WiJkxbI3YcpDZly9KKrF+M7rIfwSjv8Gj1Kj/6MAoJicgIXHa/M5kAafsUZ6LoTwY2/JkvPJHD+HGSEVAUm0II6kAyYknJlrhgmTOgQJO+soJtyY3kBuwoJwHAXlji2RJmL1XJDU6I4KPO1+veuO36JiQJ7XxIpcibtcOZcFIBbw5MK7oML0YkH4RNT3QvExUdHL75T/9y2l83RuPB8Pf4tG4f9Objm7i/vD2Or4dTsb9y8Gvg/4VjV6gHQxfJBmOpq8hGwzjy9Fw2hsMJ3S2w2nlVe/N14Bkq2wm1CDsnW9OOH0VGO/RH1pbCuvQtInOcmaE1Sp43XogoC8M2EJ6Ggz6tVALXL5X5AWQvQo394q8KRPa26hyO3AyX/u7tyCpp8Ft4tgrdneng6UGwtnJNHlooH/eqx7ZXkm4LyeWMGIKCWiVT74Geo2Z81LvdP5pG1ae4Kd7JXXImp/Jp0qgz+RTKTqpTFn64DOtqV3LJ4cImGstgalRQ5iVW/HJcCuJ6mGHkCMsMdpar9Pe7c8F3+VoeDWYDkbD+Mto9LXfG8bT/477TaF3irI3fIlidENnjYjwOfsAFofG+T7390iiJfqw7HC2V9ljtB7aGlugleDAG90YL0KBORmeWSGdyCXUEBjqEmEGahI8CLckveEVkXohkr1wmWyr4un+4NWalxLQhtRjsfQeojMDxzhzrA7L7Vr0UhU1gAr2XP10uRgzdwTn3Rax4NAzFswKDHkDIf88LDUpiciDkJIYSLThwLErZIqwggtHYAXKvW2C+iPLcgn+YXCOup63z87O3n84Ozt/ZxFb276OMwctbDnRUEXOj9UoF5vU2G2dUKMk+j+qIdkcZGPfUulUUjyHtOdbltCYbA4NofPAhNilNo7UNxHk34HniTNF4ojTpFDiWwFyTQRHa6ZrzOZgdWESCJG0vXXHn2wh2xBcBy+474wy5ZhQEFqvbcBXz03sZiMCLFlWlFiBD4MxUNyrJhLbJtdNXD1SSIMGmFvu1XPJpU16Nshz8CImS2aJVnJNtALSc86IeeHgXvkKHPkU2XSbsMRAYdlcbivOkRXKKyzp3KstZxI6J8IURyZMEaE45KDQrehl137t+yk8gl58QHl4pqyQ7vid1DfGl9cf9EpKNG9s8euRq7SLU10ojhFbFeGEqQQk4JuyUH8q/RBGBCsmBY+ZWRQZSoeKMC6FghgeEwDuD+wYRpRJA4yvY3gU1mf1HEwmLD71Yw5K+ANV2MTwuGSFdX4xZUICj3NMSbtWjc21Cfu6cLFOY8PUAryUAjVCsfy2UKEJ8ltsxYREaKDEzLFYav8WLRQr3BLDN0GM0qMBxXQJxDrmCkvQlBF5WIpkiWmkkJzMAeGCJqseOSm5W2i9kNA2edK+1BxmRwtt6suZtWzR6JvD0OawAolObaUswQgBxAgpORyLJBTpq4UUdtkmPbUmhX3maO0MNpRS/A+4DwNsrJENxlpd/Im3RJuDY0La2Ymt8PSLiDY11mWDk0gByrVDlkbyl2Ecdg9NtYnKfN9gxG3lmQvFzDpcNi8WTXc1R6sfbTxbHMJUbN9VlyFt+hzCzFw4w4wvuaI0QGV3JrVahITIyL99k+yWrKpLcwjNsl8vx2HHTNq1qlf6wc/K5kXa7qn14VvHD9Oq5PJ6lfyJIIkBVxgV3Fgy7JKlc7ntdjpJWEAkJDrrcJ3YzkJ3PNxs5x9I1jJ7bza6qTLh/pzt+YlmBm6pw4jUhgmnW9Iu7XzHxLRzin/ojcK4tDCSdulTLplDJPUVz7VQbnMUnv2QSMkoBzW9+pVUJ8jtzdeIlOOMrZmq3bYPimXQY8WMwNzkkX54Y6gQZbE43t348aOFpDDCrWn3bhZRrBE3u4FkKWE1/qLvU/bLx/TiQ+vjz+c/tz58vHjXmr9Pk9a75F8X79OLC5ayCwwXoVJd7zMbzXxkD9SnnPt26eocGaG7MubLVjm1PeWFPXbbWHXw6NB6Qvk+2PicEQBw9z0jcxqduHwWUe+S7h19epozC7dGbja4/K0AU1q38hZ+baJqzIyY4cJ3H7y5R6tNhembajD7luy66n0V/4T16Zl6mfkoxWn4669+3X17k/C9m7Z0yK81RVY7iqNOZXeilySQu5O0s1qIj0eTKcWRRBioZ76NoYY9YLfAHoIiob/2YePXnqhkalH4skoDT/z7C7yOAmo= +sidebar_class_name: "post api-method" +info_path: policy-subjectmapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +DeleteSubjectConditionSet + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectConditionSet","additionalProperties":false,"description":"A container for multiple Subject Sets, each containing Condition Groups, each\ncontaining Conditions. Multiple Subject Sets in a SubjectConditionSet are\nevaluated with AND logic. As each Subject Mapping has only one Attribute\nValue, the SubjectConditionSet is reusable across multiple Subject Mappings /\nAttribute Values and is an independent unit."}},"title":"DeleteSubjectConditionSetResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-delete-subject-mapping.api.mdx b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-delete-subject-mapping.api.mdx new file mode 100644 index 00000000..35420e17 --- /dev/null +++ b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-delete-subject-mapping.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-subjectmapping-subject-mapping-service-delete-subject-mapping +title: "DeleteSubjectMapping" +description: "DeleteSubjectMapping" +sidebar_label: "DeleteSubjectMapping" +hide_title: true +hide_table_of_contents: true +api: eJztPW1z2zhzfwXDdib2PZL8ksRPot7cVZF1OTeO7JHkTNPIVWByJeFMAgwAOtHj0X/vLEBSJCVLcpzLJC7yJTawBBbYV+xi4VtP04nymh+8cxEyf0b6ydVf4GvylsYx4xPvsuaJGCTVTPCTwGt6sYFrKAsXWbBG+ln6VR/kDfOhcQwhaCj3eTUvppJGoEHixLcepxF4Ta8tOAdf18+l0MIXYf0dSMUE92oe417TmwINQHo1T8KnhEkIvKaWCdQ85U8hol7z1tOzGEfiSXRlIDXT4YahgSeR1/xwcFnzAlC+ZDGu1Gt6xzBmHIieArmx0ESMza/paCROR/Nqni+40l7zYD6vLa1nwCIQia6/VUsr2R7z0iB3IqotVI0wTiLlzeeXdrdA6VcimOFEvuAauMYfaRyHzDeU3ftL4Vi3yxgJQzskmkQ+0AwU9rKgAKO0tITNsGaBV/PGQkZUe00vSczvZax7GRHn88V3q/ilZ/H3ah4NAoZf0/C8gMuYhgrmOEqZL0yDigVXFuPD/X38r4xFP/F9UMpS8Fvsiyrz+sP3cV7zqNaSXSUa3tEwAQOf9uc9oxvTVd1k5IlWBkPM5wQlFgKixX8Qek2bZOgNpkA6XDM9s/+FEAHXiw+HHqL0UHYoYzYBjkoFAoLcgfwaUE2vqILSilcu9uHYzGtGSFVM/dIUi8YqvnlPpgS+ITb32xurXe4e0PRXh0yUITmJqdRGhgpsYfSHaVQ1opI4FlKTqxlZLLmV6GmXUB4MOQFOr0IgYwhSo4A4jT/xdShhN1LV1+ymTFLbUsXWNiMOAYxpEmqScM1CAl9QMJkOscMA4S4tCHAlRAjUzBWBprhrxdnytk0U8yXgwC1d/DptHFG9hO+iiygwe6dA3oAkO2DF6vNUkBSIfGZhSCT4QgZgiEs5oUnANIEb4Hp3gV2+j/CFRnEIxkwfoLI6aOzv7z99tr9/cKjQQueqNqAa6mgFcA+SOFheRtq4ahmLrjXLSIG+4zJCegWhWqVKszWlEHdZiLsZ02rNeXUjRGwHIWqKslDsRDuzxg5VR+prmfgaJS/h7FMC4YywAHdzPCOUSFAikT6Qz0xPST7rYnySs+y85k0k5bq4HColnaFPoSFauT/314qJZOuAsLu6xFYQSFAK9SIlb1p9wrjSlPsw5Be9ExIlSpMrIJTc0JAF5KJ3SnagMWnUyJOp1rFq7u0FEImGL6K9J7tkLMJQfIYA2a+wEQomaJRUg3SoP81+taMrTaVG9USAB3YvkRnDeEp5EoFkPvGnVFJfg6wRn3KCxp4yTqazeAqo9lYDYwcPiAqpmoJqNIf848ePQ66nTDUiqv0pqJ0n/2tW8Xtzb+8Drf+rVf+f/frLy53Fz8PhcFi/vN2vHR3MCxC7v+9gT+OeH+3+stP8gD/+Y/f3nb3GL7u///uT3RSvodF8cXIVMv8NzIpSbxtH1zBb4T7GEnyU6aYhH+7PlN4AiZJQszgEcg0zElMm1QrFKTicjY0XX1Gh1J9CUNKftqU6vcXMzGEpt6A541YhMMEbpJ1IiRSPJYxBSggyr3yjNr+G2QOkJoZonURgd82L6JdT4BM99ZovDl4e1ryI8azhoLriL8/3X5JWv9s4IKnTierzvPOWAL+BUMRQI4lKaBjOkJ7X6+X22jgQBQSebpi+laoiYofK9BEDScZCEmRupIYx2KHxYLkwFiQ9Ke1fFhx2hFie4JqLzyiAEyGZnkYEcc/ksiTVi4MgAe6LAILGkJOBsCJdQ0dLocc6Qw3yUSraPNx/9uKjQbTXb9XRJwrIZ2m97dRD+Qh+U4EfHz4/kgcWttOugNbIVaJJJCQQy2Mqm4UGaM+oIhwA8Vllx+xGeG9a/dH5xavTk/boTef9qHX6etTpXrwdXXT75532yR8nnWOvdidUr98a4Wo2gDzbf3m0BqTTHvU77fPD50e9g81gT1882wbs+eFB78C7LJ7M3lB1niuWe5nAhX4ZctIyKqYg80a/iggIVUr4zLgWmdEzpBsnUk9BZmzq5z5nLgAo3hvMcnEluR5aHBc/ZI2XeHwvy7+ESOi1DncKUV33NVXFhSYyJPWFjVeM+2B0LQ2VQMaToCWDG1RsjBa+/H9lRr+fFV1hO+craFpkkrTxEqMq65it5lm3bmAYZmEBbevI8FGVW/AMnjqD6QHzTavfJDsn3UGn122d1kjnv+1PKz3rVCP1zy567c5o8P68U9FCxZ5szEpzNgFKAXLvmwfZzWuqLtY7k9dUjVY5lLgVyN7ZPsCMtEyUhvTNceRrnBwcsyCMhaH1lKJghYJPFPrp6dZv9Cpy61Y6z+aNd9Oodfr6rHcy+LNqJxbtBctQbkxtwaKx0x6h6l9qe/ri2VLb88MDbynI2bfHfQisMs7QV40tPQ8kxWYHaZN2Nux2sn4yqkYrQiVI15PjNaxSkOk+w9PnG8PYG6KJ5XmNhanO/IYaN0kVDZfRmcaBQg762ljNWWojhpxcWE8NwQpqIT9hbRHoKA/dFlEkOHGBEBcI+ZsDISXfEWZWKlOhvJf7uCTTpAcTprScFZ3ANDZyt+9p5MZCpcccWAQ4G+RCAclE3YgX0MDqQGcHnR10dnCNHUSJWZIo3BAphG6D/FtDlvdLnWwVyykPiGEZq42Jj3iNMTF4f8Ob2fTc9Dac7XW29zvY3naBabeVdRTckW8kdylrL0RJEKzo+1OMAqDykYnSW6i5r/KL84yrUTNGwyRh6YBtfr/7M+wmxvyssUqDQe/k1cWgM+pdnGYH4+Wg3p1grdPT0dkfayG67zdA/HnS6bV67T/fm5O4YY+v1qGez6SfhFTu7Bb29116W2A7fkgxcCmoHzt25lJQLgXlUlAuBeVSUC4F5VJQLgXlUlAu9OZCb4859OZSUC4M5sJgP3MKKg9OrUlB/XiX651ldpbZWeZNSbFlq1ysGnJ209nNH9duls6cmFXZeN68yWsTN+Hpkgg/cPTDJRFcEsElEVwSwSURXBLBJRFcEsElEVyowoUqHnOowiURXDDEBUN+5iSCWfRPlUAov5L1jS+3Lj03d5/3Wsqv3zVJi6Tv4lGl2ITj6SyD6YPeUbtoaymJQUZMI33yCO+QG7qQfxDcC8ER1hfRFeNLrn+6HaMo248qWikASQFcDsY5Ns6xqTg29r0/c/R4qF7ZLsbsnhhzHskje2LsPi9Nbm+YNwgyyGgbSU13tiD69kuTURJJXMTWNnzTZyLXa78cbJUOLFVGZsEm9CSww6CK+jGnVO4FfO3BC4f17QnJnLgyP/HuqWrk85T50zw6ZzlpyNGvKRd1umOaU4o/oFKs5qyLYptK0fpg5/LzxKmIpL4EeY3CowiVBVkOiC/CEIx7bxLH1a/UkBfCKgkPQBKayaYVRxysUXKDemUvphK8rajoh61KkR16TTOXrC24liJcrKKDuSwDZqDavc4ubsCQK2NzEgkqezA2U2epRiluhjJR88ozxMorRanTkHJR9YmrkE3MUelv9uM2vgT8XWvU3fO+7nlfZ2Z+UDPjnvd116LctSh3Lcpdi3LXoty1KHctyl2Lctei3LUolz102cOfPXvorkW5QIgLhDyqa1HueV9nB50ddM/7lmM57nlfZ3sfj+39iZ/3ffDTttulPBZp5CKHFlq/3U2m7UvgtWSTifnz199n6UvXuRZd3/w+l73tXE0Dr9zoO7MLidJirS5PIe52CEsmMYcuxQRt44qYIJ6+AipL6Y28bc2UawI3g1b3uNU7HrXag5OzbjV4U+k97rR7788HK3oGvVa3//ZkUA7eFnArLjBvNhGtB1re1w+/tODS9s5iPra0/f3mbfG0FgTJklIPA+2aXpf/7Pl3vH5rcpRf9EMyqKWrt/jrRkkOGXC9/iRkYexhqJjvvIdz1INPCSjdTldY1o6I5/0uz/0pwkARe7nWjJjmEI2PtDCoZJyEYxaGmHkpxjCyjXZq0KnBR6gGM6zPckEYWCd363NJ7hRvfePQyZGTo8cvR1/7x1qcDDkZcjKUR3m2E59i1YFLvzrp+TGlZ3MINn0xoC24hepDiTzZiwN+1j9SsEwpPOtISJQpCekvj2iqfWzliakvZDfAq4U+36QKM0W3Dw/JNuVrtaVc32CgB4yRrqjzRYPkNOwDlpEJ+W5TCDkjHKQfjlT6ZR4YqNTakAzAHFMpGTMIA/tkCMFABBmHVGvgEJCOFb8eRjQVcG2Pszsq8aeEqiEnYykiwoLzvdPj1vmuCTHHGBUUshRbztpWsRPgzHbgDM5WpIaVaPxyDPXi1X912oPR29b5+Un39ejsvNNrDc56qy7lroc96W4E6Z4NtgE76Y7aZ91B66TbN9fqKlR9t21+I19sxPiJ7TtY8T5ITvTUySvBV3c7ZErj1voiiqlkSnBL9UU6V4LC4ius7IjjcJaW8A052cBkW/HNkJOdVGXs1jKy2wurOHfOJKVsViZY1Uj2OmEpMOH94jm/DHmL5FNiLRrjWKxo/06kGJNf88d1CNUG68Wan+RiZQCeDHko7OXl38ivGUK/kV+zl1uyrUxp8FslMpTpkyoHpCVvZyvELO0arRW3FKgodua2PvWlUHkwazH7XcLXPusen5gUxKuzs9NOq3vnX8ZcB9nqboI465VTG+2Szq6wRXVz7kf+VqF4F6mdT6WWubW61ySW4oYFEKwk42hiDcxa8czLbxYcWCgxXmBgPN5W95iEYsL88k2P3Cre787VnStPMVj1NJECvcyd7uzovN/HdnbcJrl9L7/PJbldkttpRacVf2qtmGHdyq7yfMOsd/ma0PKlNLz8mvYV3llEFrG+Cd7otmUZhecRnRA6IXysQvizPHBaQPkYQtBQRrwHKhZcbUptzeeGPuahGKRleT0dKc3RNy21NyULMT4jY3DY+0vZq4jKn0JEtwntBSttfJF1udCjsUh4gCybOT8+FmyFxj9KuCmQR5+Qm2reEZWTxFwHwYXQIGQcRvDFN7dH8HmqfECsyZdAg9kIvjBlTlxm4xW+hDAKgLO0tDmtNYUvU5oo65aNKQshGKGjVgij0CtT94B+aKJHYjySlE/AYGnqBBAt0824DVCYLnpDWYhRX8SYajoKhVK2J9FT5F/rDC4VWpg6V011oghuZfaunJqKJAxMgTOagCTKApBj8mEixCSEhoz9RlsEcLnU0LD6XCk6WUmb6uE2APvMgqyPqY/8DMgjJB1hGSXGSYdPQqamDdLiM5KoOz4tfIPBnpD9C8UBS5/TRx4wVFBEv292ohGApixUl2u6bFi2RoQsDJ0GH+xNqIZVUwi+mY11Vppc2qp1V5Rz1Yvia4uvArhKJqvmWi2tWiZr8hLYu5wvM/XlypgOecW0pNLYHJZuQLbvFMuW0pJ18p8mgGXqmexwV2ADWaY9LZFZHqRRUPspHWIptLhKxo0Wn1XjkBwVYKZctl+S+cJiIkEnklsypgM2SVYF79sG5ASs6A+Er/YmYs+wm9r7NwSry1I81ZtnmrB8MFvWq57xfqYiwNt4QhnuoHh3ztuLjapvpI5T6i41yp9jSRHzYe+Ooa1LoMyBNpGh1/Ru45Bq5J8OD2LBuJ4vCWXHqk9yFgMfHP9Bsi+wAA4fJTMJhnxzst6GEYWpXcINlQw1kr1zWJnR2oXURCz3zud4OFTgJ5Lpmdf8cFnz0DKkFwRfiWCWYpgdG72nY/ri+fjoWf35Pw/+WX/2/OiwfvV07NcP/ZdHT8dHR3RMj1BI8BGb0vXHVTu8tB+4nvR5m6Z3c2CKl4TSETXGyh4076JtaaRcOPFqIW4c4/adJ6MkLNk/rEZqNdm92up5L2ueIUTzg3d7iyfiCxnO59j8KQGZ7mlGI/xtXvOmQAOQhlMCZpKIwWqv5HZhvr2dXnq63yULF7K8Oqx8zIW0fo5S7Iuw/i5/MCjVcp6HYY/tp95uvgGLQCS6/lZVZ8rhcLz6wL4DkUEseSWLL7CWL9ZrYS8LMn1+1sewyZUITFloZFwWT9LP6BnQz3Yh1pm0T5xg260XUj5JjAn17Jj47/8AkmGMsw== +sidebar_class_name: "post api-method" +info_path: policy-subjectmapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +DeleteSubjectMapping + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"}},"title":"DeleteSubjectMappingResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-get-subject-condition-set.api.mdx b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-get-subject-condition-set.api.mdx new file mode 100644 index 00000000..b97aedb6 --- /dev/null +++ b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-get-subject-condition-set.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-subjectmapping-subject-mapping-service-get-subject-condition-set +title: "GetSubjectConditionSet" +description: "GetSubjectConditionSet" +sidebar_label: "GetSubjectConditionSet" +hide_title: true +hide_table_of_contents: true +api: eJztPf1zGrmS/4pq7lXF3oexna+3y6WyRzCb5cUBF+Ct2ws+Is80oPUgzUoaJ7wU//tVS5phZsCA13mpJKf8ElvqkVpSf6lb3f4UaDpVQeNdcCFiFi7IIL3+A0JN3tIkYXwaXNUCkYCkmgneiYJGkBi4urJwcwtWd5+5rwYgb1kI9degXUdL8IjhGAPQQS1IqKRz0CBx6k8Bp3MIGkFLcA6hPrqQQotQxEe/gVRM8KAWMB40ghnQCGRQCyT8mTIJUdDQMoVaoMIZzGnQ+BToRYIj8XR+bSA10/GOoYGn86Dx7vSqFkSgQskSxDNoBGcwYRyIngG5tdBETMyvbjSSuNGCWhAKrnTQOF0ua2vrGbI5iFQfvVVrK9kf89IgdyKqLVSNME7mKlgur+xugdKvRLTAiULBNXCNP9IkiVlozvb4D4VjfVrHSJgDxEOTSAmagcJeFhVglJZILCusWRTUgomQc6qDRpCm5vcy1v3sEJfL1XebKaZvVxDUAhrZRhpfFLCZ0FjBEscpU4ZpUIngyuL8+OQE/yvjMUjDEJSyZ/g5dkZtIPmHb+eylg08AK0KwFRKukDC0jBXuycKM7ReS5Emn2OgB4zhVtT+qEFyGg8ghlAL+RuNU9i2H+67MbgPx8p9Ob41n1ZpjZIMgEyEJJRMGMQRMcBEcGyIqdbAISJtrplekD4kEhRwbYiAHKg0nBGqRpxMpJgTFl0cn581Lw7xYKyEFNKg7FDM26q4IJsCzmwHzuBQtkiITSOutLJyJ6WCweWrf7Zbw/Hb5sVFp/t63Lto95vDXn/c7l6+HV92BxftVueXTvssqO2A7XR3gnR7w33AOt1xq9cdNjvdQXC1otPsVM1p7kMk+WLnjHds3+lyy6Hf2oFL8NXdjpnSuLWhmCdUMiW4PXVlCAHPQoJKYwODTL9gfIrNI052ENledDPi5MAJtMNaduwQkeuFmTsnkqIMzAVHSdO9284sBSK82iomqxv0w4g3ST4liYwuUYQSmcaAu/LCKECzYqoN1qs1P8rZygA8GvFYWKn5krzIEHpJXjjUSbaV7gxeBoVlF+RJlQKuhYiB8t4GNnNd463s5oCKbIckR2gohVJmTaXZ72K+Vq971hl2et3xq17vvN3sjoe/X7Q3sd42yGZ3F0SvH1xtpAgjsytkUd2c+x1/k4QixjN05k0+lVqn1upeo/1zyyKINh7jeGoVzFb2nKexZkkMBQq0eolQCQUMPjA9I83uGYnFlIUldhnkWnG7fbD3yh0GwQbRo1D1VqlzDppGVNMiWeZttV1aVAIusKmLX7vGMdVr5LzqIgo0nowCeQuSHICVPx9mgjgg8oHFMZEQChlBhCYh5YSmEdMEboHrw02k/pHOkxjMleAU13paPzk5efL05OT0sULayo26iGo4QnsTNypNovVluMZNy1h1bVmGA/qCy4jpNcQb7ZZsTQ7iLkq722SxhsmyuhEisYMQNRNSk2InEvk96HmgZRpqogVJOfszhXhBWIS7OVmgNAclUhmC5aR81tX4JCfZDcxVub7dk8u4poyDNb1yhs8ummjN1gjQcJZBogauMqOFGPFNIKpO3m4a1VAK2bAClC0jfpdwqZOmsvhU7sJkRhURPF4QwYE0tZbsOtUw4kYD14yI3DQbU0RCquh1nGuctV1wUyhyPOL5yMRaToTyCAehnDAeQQIcjxVPWdeRoKhSImS4kvIt/AF2+T63EZqhubLWXX/ec4c1jhtVWSRBRwJERIv/JPSGNsgoGM4gs6nMfzHMcdmrfQ92Ctc97qhlzKbAUbVBRPDKigSEHHFNFZRWvHGxD8dmWTOeA5XQsDTFqrGKb96TeSY+Izb32xvr8rh7QNO/pgWUOXKSUKktt6/Iwjg1LH/XiEqTBMXj9YKsltxM9ayLzDHiBLhhrwlEzleFOE3+5NtQwm481VCz2/KR2pa1S6RpRhwimFC8M6Rcs5jAR/QVMB1jhwHCXVodgDObAm8qeFPhezMVasFUUv4Qf9Q+UjGVbBsQdq/ZHVEkQSlzrSdvmgPCuNKUhzDil/0OmadKk2sgFG+iLCKX/XNyAPVpvUYezbROVOP4OIK5qIdifvzokExEHIsP9ipU2AgFU1RKqk7aaDC4X+3oSlOpje4G7mwMJMY4mVGezkGykIQzKmmoQdZISHlm/5DZIpkBir3NwNjBI6Jiqmag6o0Rf//+/YjrGVP1OdXhDNTBo/81q/i5cXz8jh79q3n0PydHP10drH4ejUajo6tPJ7Xnp8sCxOHPB9hTv+dHhz8cNN7hj38//PnguP7D4c9/e3To8BoZyZek1zEL38CiyPW2cXwDiw0+7URCiDzdMMeH+zOjt7AynW5gQRLKpNogOAWH3sSEFioilIYziEry07ZUp7eYmTnsya3OnHErEJjgddJKpcQTTyRMQEqIslDBTml+A4sHcE0C820cgd21YE4/ngOf6lnQ+PH0p8fm3po1rN3EPz47+Yk0B936KXF+cBSfF+23BPgtxCKBGklVSuN4ged5s51vb4wBUUDgyY7pm04UETtUJo+YuzYgceNpGIUdT3FqLowGcb6Zk6vCrQUh1ie44eIDMuBUSKZnc+sCcnxZ4upVdIoAD0UEUX3EyVBYljaGvkKLdYES5L1UtPH45OmP7w2i/UHzCG2iiHyQ7tpgLZT3EDYUhMnjZ8/lqYVttyqgNXKdajIXEoilMZXNQiPUZ1QRDoD4bHFSvWkOxheXr847rfGb9u/j5vnrTQ6qu6D6g+YYV7MD5OnJT8+3gLRb40G7dfH42fP+6W6wJz8+3Qfs2ePT/mnZMfaGqotcsNxLBa7ky4iTphExBZ438lXMgazuVrnSM0c3SaWegczINMxtzpwBkL13qOXiSnI5VHTtucYrjCmW+V/CXOitBreDqK77hqriQlMZk6OVjleMh2BkLY2VQMKToCWDWxRsjBa+/H+lRr+cFt2gO5cbzrRIJK7xarnd8YtxGWPWDQ3BrDSgbR0bOqpSC97BnTHoLphvmoMGOeh0h+1+t3leI+3/tj9ttKyzmFXvst9qW/92JUJV6MnGrDRnE5jI0g1Vbx6kN2+outxuTN5QNd5kUOJWIHln+wAL0jSBYzIw15G/YuTgmAVmLAytZxQZKxboE9Ii2/qdVkWu3Ur32bzx7jNqnr/u9TvDX6t6YtVe0AzlRqcLVo3t1hhF/1rbkx+frrU9e3warL28GNjrPkRWGGfoq/qelgcexW4DaZd0NuTW2T4ZVeMNrhI8187ZFlIpelgZ3j7fGMLe8cChPK/RMNWZ31BjJqmi4jIy0xhQSEF/1VfTczpixMmltdQQrCAW8hvWHo6O8tAtMZ8LTrwjxDtC/s2OkJLtCAvLlY4p72U+rvE06cOUKS0XRSPQ+Ubutj0N31io/D1C7uCsk0sFJGN1w15AIysDvR70etDrwS16EDlmjaNwQ6QQugXy3+qyvF/oZC9fTnlAdMtYaUxCxGuCbxXvr3gznZ6r3rrXvV73fgHd2yoQ7b68jow7Dg3nrj0lFqLECJb1wxl6AVD4yFTpPcTcX7KL84irETNGwqRx6YJtfr/7M/POzqifLVppOOx3Xl0O2+P+5Xn7zldnd4I1z8/HvV+2QnR/3wHxa6fdb/Zbv/5ubuK3+z7q3ChHgpDJMI2pPDgs7G/2knE/enAY+BDU1+078yEoH4LyISgfgvIhKB+C8iEoH4LyISjvevOut+/Z9eZDUN4N5t1g33IIKndObQlBfX2P671m9prZa+ZdQbF1rVzMGvJ60+vNr1dvlu6cGFXZed+83VVJJMfTBxG+Yu+HDyL4IIIPIvgggg8i+CCCDyL4IIIPInhXhXdVfM+uCh9E8M4Q7wz5loMIZtHfVABB7Vs+a/V8tVxxq/iYNSsZOM9GqyKc1cR0AD6C4c0CbxZUzAJbwNsY7l+mqJ0v0OX1+XdWoOs+dRr3z9nYwcgg5/twqtvZAuvbL008BksdF7CdutrHD2fyPB9wu/TLwTbJwFJeYbFyKXYYVG1Bd3dSuRXwV68ttka1uV+Y+0pmZd09VY18mLFwlvu2LCWNOElAllMi/SXHC8WvUChWI75FtnVcdL9a5/2MRbKCvoVS4/ngUaEsuAm7Vr9SI15wSqQ8AvyDEo43LTviYPWSGdQvWzEV12dFRD9sVYoc0BuamWQtwbUU8WoVbYwEGTAD1eq3D209ZGV0TipBZeVWM3HmJEpxM2xR4mql4qDk43UO2aLoE9cxm5oYw7/ZjttZR/eLZnj74ri+OK5XM1+pmvHFcf2jIv+oyD8q8o+K/KMi/6jIPyryj4r8oyL/qMhHD3308FuPHvpHRd4R4h0h39WjIl8c1+tBrwd9cdyyL8cXx/W69/vRvd9wcdwHF4bdL+SxCiMXKbTQ+vleMu2fQK4lm05BfrGlrz3nWnV99vdcNKxutmu5R3QhVVpsleUO4m6DsKQSc+iST9A2bvAJ4u0rorIU3sjbtky5xXEzbHbPmv2zcbM17PS6VedNpfes3er/fjHc0DPsN7uDt51h2XlbwK24wLzZeLQeqHlfP/zRgg/be435vYXt7zdvkxMrC/FY3Omho13Tm/IfDf+Cz29NjPKjfkgEtfT0Fn/dyckxA66334QsjL0MFeOd9zCO+vBnCkq33ArL0hHxvN/juV9FHCliH9eaEV0M0dhIK4VKJmk8YXGMkZeiDyPbaC8GvRj8DsVghnUvZ4ShNXL3vpfkRvHeLw49H3k++v756K/+qRPPQ56HPA/lXp792KeYdeDDr557vk7u2e2CdRUDWoJbqAGUjierOBBm/WMF6yeFdx0JqTIpIYP1EU22j808MfmF7BZ4NdHns2RhOnQH8JBoU75Wm8r1GQZ6wBhuRe2PGiSn8QAwjUzI33a5kLODA/fhWLkvc8dAJdeGZADmmkrJhEEc2YIbBB0RZBJTrYFDRNqW/fro0VTAtb3OHqg0nBGqRpxMpJgTFl0cn581Lw6NizlBr6CQJd9y1raJnABntgNncDYjNa5449d9qJev/tluDcdvmxcXne7rce+i3W8Oe/1Nj3K3w3a6O0G6veE+YJ3uuNXrDpud7sA8q6uc6m/7xjfyxc4Z79i+0+WWQ3dGXgm+utsxUxq3NhTzhEqmBLenvgrnSlCYfIWZHUkSL1wK34iTHUS2F92MOMkqnhzWsmO3D1Zx7pxIStGsjLGqnuxtzFIgwvv5c34Y8SbJp8RcNMYxWdH+lUUxIS/y0jSEaoP1as2PcrYyAI9GPBb28fJL8iJD6CV5kVVuybbSncHLimcokydVCnApb70NbOa6xlvZzQEV2c681qehFCp3Zq1mv4v5Wr3uWceEIF71euftZvfOvyu5DbLZ3QXR65dDG62SzK6QRXVz7nf8zULyLp52PpVap9bqXpNEilsWQbTxGMdTq2C2smeefrOiwEKK8QoDY/E2u2ckFlMWll965Frxfm+u7ly5wyDYIHoU6HXq9HdHb/1+b3fHfYLb97L7fJDbB7m9VPRS8ZuWihnWzewpz2eMepefCa0/SsPHr64P6xHNmXaWmbNN8EW3TcsolEf0TOiZ8HtlwnIh0fsxo/s2KwDUIE1yIWIWLjDRiU1NWbIMZgD6QB0i8rTAePlTlBG3d+O/O+5E2FDMrxlfS+JdJVGNd9Y6de8kUhqzf0FEKgjfkZC1wTlZ2rLXoDeA9EElgqtdwbXl0lCIKVWD1FTGty2luXy7ZH+TNJFgIRuzC8d/KPsYUoUzmNN9nIvRRiujyDxc6PFEpDxCpsnMrxBTxmJjoaXcpOijVcpNPvGYymlqHqTgQmgUMw5j+Bia9ytYICsfEKsCSKDRYgwfmTJ3PnP0CmsxjCPgzCVXu2xX+DijqbKG4YSyGKIxmooFRw69NpkXaAmneiwmY0n5FAyWJlMB0TLdjFsXiemit5TF6HdGjKmm41goZXtSPUMOsuboWqqHybTVVKeK4FZmle3UTKRxZFKsUQml88wFOiHvpkJMY6jLJKy3RARXaw11q1GUotONZ1O9XkdgCz3IowkNkaMAaYS4EdZRYpy0+TRmalYnTb4gqbrj08I36G6yHGKSr12ZCXRWFNEfmJ2oR6Api9XVli7rGK4RIQtDO/eHfYtVt4ISwXeTsc6So0tbte2RdC78UYDY9K8IrtPpprk2c6uW6ZbICPauR+xMhrsyykteMy2pNFqPuQ3I9p1i4pRLmif/ZVxoJqPKDncN1pVm2l2Szvog9YLiceeQSKHFdTqpN/mi6gnlKPUy4bL/kswXFhMJOpXcHqMbsEGyPPzQNiAlYE2BSITqeCqODbmp4/9AsCNZ8ugGy0wSlu9MmyRrYCywmYjwRaBQhj4ovt8LjhOjbupODzg1UC/rNExrYiEc3zm4NUyUuVanMg4awackphppqM2jRDCul2uM2bYilPQS4MOzX0j2BabhYWk0E+bINyjrrRt2mNlF3FLJUCrZl4+VGa1ucGpivXe5xCuqgjCVTC+CxrurWoDawT1TfCWihcMwu7wGTyb0x2eT50+Pnv3j9B9HT589f3x0/WQSHj0Of3r+ZPL8OZ3Q58goWEqn9Ahz0x6v7QeuxxXZaQS3pyaFSig9p0Zh2evu3edbGitnUVTduHWM23pTRlTYo3+3Ga3NRx/U7pr5qhaYw2i8Cz59wrv5pYyXS2z+MwXp9jU7J/xtWQtmQCOQhloiZsKZ0Wb76NNKjQcHfednOCQrY7a8PszBzJn16AK5ORTx0W956SIn7YIAHTD7T73ffEM2B5Hqo7eqOlMOh+MdDW1FigxizTpZfYFZhYneCntV4OyL3gAdONciMgmqc2O6BJJ+QAuBfrALsWatLbaCbZ+CmPJpalRpYMfEf/8HkGXqWA== +sidebar_class_name: "post api-method" +info_path: policy-subjectmapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetSubjectConditionSet + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectConditionSet","additionalProperties":false,"description":"A container for multiple Subject Sets, each containing Condition Groups, each\ncontaining Conditions. Multiple Subject Sets in a SubjectConditionSet are\nevaluated with AND logic. As each Subject Mapping has only one Attribute\nValue, the SubjectConditionSet is reusable across multiple Subject Mappings /\nAttribute Values and is an independent unit."},"associatedSubjectMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"attributeValue":{"title":"attribute_value","description":"the Attribute Value mapped to; aka: \"The Entity Entitlement Attribute\"","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"attribute":{"title":"attribute","type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","description":"namespace of the attribute","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name","description":"attribute name"},"rule":{"title":"rule","description":"attribute rule enum","type":"string","enum":["ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED","ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF","ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF","ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY"]},"values":{"type":"array","items":{"type":"object","properties":"circular()","title":"Value","additionalProperties":false},"title":"values"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the attribute. Use kas_keys instead."},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys associated with the attribute"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["rule"],"additionalProperties":false},"value":{"type":"string","title":"value"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the value. Use kas_keys instead."},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"subjectMappings":{"type":"array","items":"circular(SubjectMapping)","title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"title":"action","type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false},"subjectConditionSet":{"title":"subject_condition_set","description":"the reusable SubjectConditionSet mapped to the given Attribute Value","type":"object","properties":{"id":{"type":"string","title":"id"},"subjectSets":{"type":"array","items":{"type":"object","properties":{"conditionGroups":{"type":"array","items":{"type":"object","properties":{"conditions":{"type":"array","items":{"type":"object","properties":{"subjectExternalSelectorValue":{"type":"string","title":"subject_external_selector_value","description":"a selector for a field value on a flattened Entity Representation (such as\n from idP/LDAP)"},"operator":{"title":"operator","description":"the evaluation operator of relation","type":"string","enum":["SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED","SUBJECT_MAPPING_OPERATOR_ENUM_IN","SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN","SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS"]},"subjectExternalValues":{"type":"array","items":{"type":"string","minItems":1},"title":"subject_external_values","minItems":1,"description":"list of comparison values for the result of applying the\n subject_external_selector_value on a flattened Entity Representation\n (Subject), evaluated by the operator"}},"title":"Condition","required":["subjectExternalSelectorValue","operator"],"additionalProperties":false,"description":"*\nA Condition defines a rule of "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"associated_subject_mappings","description":"contextualized Subject Mappings associated with this SubjectConditionSet"}},"title":"GetSubjectConditionSetResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-get-subject-mapping.api.mdx b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-get-subject-mapping.api.mdx new file mode 100644 index 00000000..c6231b89 --- /dev/null +++ b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-get-subject-mapping.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-subjectmapping-subject-mapping-service-get-subject-mapping +title: "GetSubjectMapping" +description: "GetSubjectMapping" +sidebar_label: "GetSubjectMapping" +hide_title: true +hide_table_of_contents: true +api: eJztPW1z2zhzfwXDdib2PZL8ksRPot7cVZF1OTeO7JHkTNPIVWByJeFMAgwAOtHj0X/vLEBSJCVLcpzLJC7yJTawBBbYV+xi4VtP04nymh+8cxEyf0b6ydVf4GvylsYx4xPvsuaJGCTVTPCTwGt6sYFrKAsXWbBG+ln6VR/kDfOh8Rp0ucOreTGVNAINEme99TiNwGt6bcE5+Lp+LoUWvgjr70AqJrhX8xj3mt4UaADSq3kSPiVMQuA1tUyg5il/ChH1mreensU4Ek+iKwOpmQ43DA08ibzmh4PLmheA8iWLcZle0zuGMeNA9BTIjYUmYmx+TUcjcTqaV/N8wZX2mgfzeW1pPQMWgUh0/a1aWsn2mJcGuRNRbaFqhHESKW8+v7S7BUq/EsEMJ/IF18A1/kjjOGS+IeveXwrHul3GSBjaIdEkMoFmoLCXBQUYpaUlbIY1C7yaNxYyotpreklifi9j3cuIOJ8vvltilp5F3qt5NAgYfkrD8wIiYxoqmOMQZaYwDSoWXFl0D/f38b8yCv3E90EpS75vsSmqzOgP38R5zaNaS3aVaHhHwwQMfNqf94xuTFd1h5EhWhkMMZ8TlFUIiBb/Qeg1bZKhN5gC6XDN9Mz+F0IEXC8+HHqI0kN5oYzZBDiqEwgIsgYya0A1vaIKSiteudiHYzOvGQlVMfVLUywaq/jmPZkG+IbY3G9vrGq5e0DTXx0yUYbkJKZSGxkqsIVRHqZR1YhK4lhITa5mZLHkVqKnXUJ5MOQEOL0KgYwhSM0B4jT+xNehhN1IVV+zmzJJbUsVW9uMOAQwpkmoScI1Cwl8QcFkOsQOA4S7tCDAlRAhUDNXBJrirhVny9s2UcyXgAO3dPHrtHFE9RK+iy6iwOydAnkDkuyAFavPU0FSIPKZhSGR4AsZgCEu5YQmAdMEboDr3QV2+T7CFxrFIRgDfYDK6qCxv7//9Nn+/sGhQtuc69mAaqijCcA9SOJgeRlp46plLLrWLCMF+o7LCOkVhGqVKs3WlELcZSHuZkyrNefVjRCxHYSoKcpCsRPtzBo7VB2pr2Xia5S8hLNPCYQzwgLczfGMUCJBiUT6QD4zPSX5rIvxSc6y85o3kZTr4nKolHSGDoWGaOX+3F8rJpKtA8Lu6hJbQSBBKdSLlLxp9QnjSlPuw5Bf9E5IlChNroBQckNDFpCL3inZgcakUSNPplrHqrm3F0AkGr6I9p7skrEIQ/EZAmS/wkYomKBRUg3Sof40+9WOrjSVGtUTAR7YvURmDOMp5UkEkvnEn1JJfQ2yRnzKCRp7yjiZzuIpoNpbDYwdPCAqpGoKqtEc8o8fPw65njLViKj2p6B2nvyvWcXvzb29D7T+r1b9f/brLy93Fj8Ph8Nh/fJ2v3Z0MC9A7P6+gz2Ne360+8tO8wP++I/d33f2Gr/s/v7vT3ZTvIZG88XJVcj8NzArSr1tHF3DbIXvGEvwUaabhny4P1N6AyRKQs3iEMg1zEhMmVQrFKfgcDY2LnxFhVJ/CkFJf9qW6vQWMzOHpdyC5oxbhcAEb5B2IiVSPJYwBikhyFzyjdr8GmYPkJoYonUSgd01L6JfToFP9NRrvjh4eVjzIsazhoPqir88339JWv1u44CkTieqz/POWwL8BkIRQ40kKqFhOEN6Xq+X22vjQBQQeLph+laqiogdKtNHDCQZC0mQuZEaxmCHxoPlwliQ9Ji0f1nw1hFieYJrLj6jAE6EZHoaEcQ9k8uSVC9OgQS4LwIIGkNOBsKKdA0dLYUe6ww1yEepaPNw/9mLjwbRXr9VR58oIJ+l9bZTD+Uj+E0Ffnz4/EgeWNhOuwJaI1eJJpGQQCyPqWwWGqA9o4pwAMRnlR2zG+G9afVH5xevTk/aozed96PW6etRp3vxdnTR7Z932id/nHSOvdqdUL1+a4Sr2QDybP/l0RqQTnvU77TPD58f9Q42gz198WwbsOeHB70D77J4LHtD1XmuWO5lAhf6ZchJy6iYgswb/SoiIFQp4TPjWmRGz5BunEg9BZmxqZ/7nLkAoHhvMMvFleR6aHFc/JA1XuLZvSz/EiKh1zrcKUR13ddUFReayJDUFzZeMe6D0bU0VAIZT4KWDG5QsTFa+PL/lRn9flZ0he2cr6BpkUnSxksMqaxjtppn3bqBYZiFBbStI8NHVW7BM3jqDKYHzDetfpPsnHQHnV63dVojnf+2P630rFON1D+76LU7o8H7805FCxV7sjErzdkEKAXIvW8eZDevqbpY70xeUzVa5VDiViB7Z/sAM9IyURrSN8eRr3FycMyCMBaG1lOKghUKPlHop6dbv9GryK1b6TybN95No9bp67PeyeDPqp1YtBcsQ7kxtQWLxk57hKp/qe3pi2dLbc8PD7ylCGffHvchsMo4Q181tvQ8kBSbHaRN2tmw28n6yagarQiVIF1PjtewSkGm+wxPn28MY2+IJpbnNRamOvMbatwkVTRcRmcaBwo56GtjNWepjRhycmE9NQQrqIX8hLVFoKM8dFtEkeDEBUJcIORvDoSUfEeYWalMhfJe7uOSTJMeTJjSclZ0AtPYyN2+p5EbC5Uec2AR4GyQCwUkE3UjXkADqwOdHXR20NnBNXYQJWZJonBDpBC6DfJvDVneL3WyVSynPCCGZaw2Jj7iNcbE4P0Nb2bTc9PbcLbX2d7vYHvbBabdVtZRcEe+kdyllL0QJUGwou9PMQqAykcmSm+h5r7KL84zrkbNGA2ThKUDtvn97s+wmxjzs8YqDQa9k1cXg86od3GaHYyXg3p3grVOT0dnf6yF6L7fAPHnSafX6rX/fG9O4oY9vlqHej6TfhJSubNb2N936W2B7fghxcCloH7s2JlLQbkUlEtBuRSUS0G5FJRLQbkUlEtBudCbC7095tCbS0G5MJgLg/3MKag8OLUmBfXjXa53ltlZZmeZNyXFlq1ysWrI2U1nN39cu1k6c2JWZeN58yavTdyEp0si/MDRD5dEcEkEl0RwSQSXRHBJBJdEcEkEl0RwoQoXqnjMoQqXRHDBEBcM+ZmTCGbRP1UCofxK1je+3Lr01tx93mspv3vXJC2SvohHlWITjqezDKYPekftoq2lJAYZMY30ySO8Q27oQv5BcC8ER1hfRFeML7n+6XaMomw/qmilACQFcDkY59g4x6bi2Nj3/szR46F6ZbsYs3tizHkkj+yJsfu8NLm9Yd4gyCCjbSQ13dmC6NsvTUZJJHERW9vwTZ+JXK/9crBVOrBUGZkFm9CTwA6DKurHnFK5F/C1By8c1rcnJHPiyvzEu6eqkc9T5k/z6JzlpCFHv6Zc1OmOaU4p/oBKsZqzLoptKkXrg53LbxOnIpL6EuQ1Co8iVBZkOSC+CEMw7r1JHFe/UkNeCKskPABJaCabVhxxsEbJDeqVvZhK8Laioh+2KkV26DXNXLK24FqKcLGKDuayDJiBavc6u7gBQ66MzUkkqOzB2EydpRqluBnKRM0rzxArrxSlTkPKRdUnrkI2MUelv9mP2/gS8HetUXfP+7rnfZ2Z+UHNjHve112Lctei3LUody3KXYty16LctSh3Lcpdi3LXolz20GUPf/bsobsW5QIhLhDyqK5Fued9nR10dtA971uO5bjnfZ3tfTy29yd+3vfBT9tul/JYpJGLHFpo/XY3mbYvgdeSTSbmb19/n6UvXedadH3z+1z2tnM1Dbxyo+/MLiRKi7W6PIW42yEsmcQcuhQTtI0rYoJ4+gqoLKU38rY1U64J3Axa3eNW73jUag9OzrrV4E2l97jT7r0/H6zoGfRa3f7bk0E5eFvArbjAvNlEtB5oeV8//NKCS9s7i/nY0vb3m7fF01oQJEtKPQy0a3pd/rPn3/H6rclRftEPyaCWrt7irxslOWTA9fqTkIWxh6FivvMezlEPPiWgdDtdYVk7Ip73uzz3pwgDRezlWjNimkM0PtLCoJJxEo5ZGGLmpRjDyDbaqUGnBh+hGsywPssFYWCd3K3PJblTvPWNQydHTo4evxx97R9rcTLkZMjJUB7l2U58ilUHLv3qpOfHlJ7NIdj0xYC24BaqDyXyZC8O+Fn/SMEypfCsIyFRpiSkvzyiqfaxlSemvpDdAK8W+nyTKswU3T48JNuUr9WWcn2DgR4wRrqizhcNktOwD1hGJuS7TSHkjHCQfjhS6Zd5YKBSa0MyAHNMpWTMIAzskyEEAxFkHFKtgUNAOlb8ehjRVMC1Pc7uqMSfEqqGnIyliAgLzvdOj1vnuybEHGNUUMhSbDlrW8VOgDPbgTM4W5EaVqLxyzHUi1f/1WkPRm9b5+cn3dejs/NOrzU46626lLse9qS7EaR7NtgG7KQ7ap91B62Tbt9cq6tQ9d22+Y18sRHjJ7bvYMX7IDnRUyevBF/d7ZApjVvriyimkinBLdUX6VwJCouvsLIjjsNZWsI35GQDk23FN0NOdlKVsVvLyG4vrOLcOZOUslmZYFUj2euEpcCE94vn/DLkLZJPibVojGOxov07kWJMfs0f1yFUG6wXa36Si5UBeDLkobCXl38jv2YI/UZ+zV5uybYypcFvlchQpk+qHJCWvJ2tELO0a7RW3FKgotiZ2/rUl0LlwazF7HcJX/use3xiUhCvzs5OO63unX8Zcx1kq7sJ4qxXTm20Szq7whbVzbkf+VuF4l2kdj6VWubW6l6TWIobFkCwkoyjiTUwa8UzL79ZcGChxHiBgfF4W91jEooJ88s3PXKreL87V3euPMVg1dNECvQyd7qzo/N+H9vZcZvk9r38PpfkdklupxWdVvyptWKGdSu7yvMNs97la0LLl9Lw8mvaV3hnEVnE+iZ4o9uWZRSeR3RC6ITwsQrhz/LAaQHl16DLWPdAxYKrTXmt+dwQx7wSg4QsL6YjpTn3pnX2pl4hxjdkDAJ7fyl7D1H5U4joNnG9YKWBL/ItF3o0FgkPkF8zz8fHaq3QOEcJN9Xx6BByU8o7onKSmLsguBAahIzDCL745uoIvk2VD4gF+RJoMBvBF6bMccvsusJnEEYBcJbWNaeFpvBlShNlfbIxZSEEI/TSCjEUemWKHtAJTfRIjEeS8gkYLE2RAKJluhm30QnTRW8oCzHkixhTTUehUMr2JHqKzGs9waUqC1PkqqlOFMGtzB6VU1ORhIGpbkb9n0RZ9HFMPkyEmITQkLHfaIsALpcaGlaZK0UnK2lTPdkGYN9YkPUx9ZGZAXmEpCMso8Q46fBJyNS0QVp8RhJ1x6eFbzDSE7J/oSxg3XP6wgPGCYro981ONALQlIXqck2XjcnWiJCFodPIg70G1bA6CsE3s7HO6pJLW7XufnKud1F2beVVAFfJZNVcq6VVy2RNUgJ7l5NlprhcGbshr5iWVBqDw9INyPadYs1SWq9O/tNEr0wxkx3uCmwUy7Sn9THLgzQKOj+lQyyFFlfJuNHis2oQkqP2y5TL9ksyX1hMJOhEckvGdMAmyUrgfduAnIDl/IHw1d5E7Bl2U3v/hmB1WQqmevNME5aPK3rJFESgpyLAe3hCGdageGvO24uNkm+kLlPqKDXKn2MxEfNhb9W41hNQ5hybyNBrerdxSDVyTocHsWBcz5fEsWMVJzmLgQ+O/yDZF1j3hm+RmbxCvi1Zb8MIwdTif0MlQ11krxpWZrQWITUOy73zOZ4JFfiJZHrmNT9c1jy0Cem9wFcimKUYZqdF7+mYvng+PnpWf/7Pg3/Wnz0/OqxfPR379UP/5dHT8dERHdMjFA98u6Z063HV9i7tB64nfdWm6d0cmJoloXREjZmy58uVVC0Nk8skXifEXWPcvu1kdIMl+IfVGK0muFdbMellzTMkaH7wbm/xCHwhw/kcmz8lINPdzKiDv81r3hRoANLwSMBM1jBY7YbcLky2t9NLj/O7ZOEzlpeGpY65YNbPUXJ9Edbf5S8EpZrN8zDOsf3U2803YBGIRNffqupMORyOVx/Yhx8yiCVPZPEFFu/Fei3sZUGUz8/6GCe5EoGpA42Mm+JJ+hm9AfrZLsR6j/ZNE2y79ULKJ4kxm54dE//9H1JkhE4= +sidebar_class_name: "post api-method" +info_path: policy-subjectmapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetSubjectMapping + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"}},"title":"GetSubjectMappingResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-list-subject-condition-sets.api.mdx b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-list-subject-condition-sets.api.mdx new file mode 100644 index 00000000..0dd81aa2 --- /dev/null +++ b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-list-subject-condition-sets.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-subjectmapping-subject-mapping-service-list-subject-condition-sets +title: "ListSubjectConditionSets" +description: "ListSubjectConditionSets" +sidebar_label: "ListSubjectConditionSets" +hide_title: true +hide_table_of_contents: true +api: eJy9WW1vG7kR/isD9sMl7Vq2c/0kBEEVW3dwkUiGpRxQ2MaCWo4k3nHJPZJrWzX034shudLqxZKCC+ovtpfDeZ+HM+Qr83zmWPee3RoliwWM6snvWHj4yqtK6hl7zJip0HIvjb4RrMuqQNdxka6MZJ20Le0aoX2SBXa+SOfTypXRQhKTEXrHMlZxy0v0aEn4K9O8RNZlV0ZrLPzZrTXeFEad/YbWSaNZxqRmXTZHLtCyjFn8s5YWBet6W2PGXDHHkrPuK/OLijjpupwESi+9OsIadV2y7v3lY8YEusLKihRlXXaNU6kR/BzhKVKDmYZ/EzeoEjeWscJo51n3crnMduwZyxJN7c++uh1LTtd8g8mbivpIlYHUUDq2XD5Gb6Hzn41YkKDCaI/a05+8qpQsQnTPf3fE63VXIxMiSEGzlAteoqPVis+k5lGD15W2ra/bWg7DH5ycdZizkqX0LQWk9jjb8EmkyNjU2JL7SPLzhzclPmgYoQdvoDB6Kme1RQECp7xWHgIvkFPQJgT0SQoUDxq+8hdZ1mVad+jJpZXinoQmRsC1ANRTYwsUMFmAi6nv2DJjZjp1eNiORPI9hlxHtVFsq8yWy4xxEcuMq9uWS6dcOaTlRu5blXkXM4UdYbTcrsDwwVVGuxjBDxcX9GvTiFFdFOhcrJUfkYFuH7asd3Fr+YIKzmPpjnOTokXjvCX4W3tMCgppkvjXBBWNvr9aU1c/gtFf4JEs6r94tJqrESosvLG/cVXjIX+kfTmmjblLO/OnsHU7gzk0BDA1FjhMJSoBgRiMpg+Ke48aBfS1l34Bd1hZdKh9yA545+piDtw9aJhaU4IUt+dfrnu370OthUPK2DYUrb5t60I4iSQ5Mm7oCNwtqga8ti1PxwQbffv87/7VOP/au729GfyaD2/7d73x8C7vD759zb8NRrf9q5tfbvrXLDtCezM4SjIYjk8huxnkV8PBuHczGLHHdZ42UQ3RPCVJVsaWUt/EtcvlgaA/RcYb9NveVtJ5cm1hyopb6YyOUXchESgWFh0BsZkCocFC6hl9ftBwJMlOypsHDe8S1L3PmrBHsCbZqyRpw+MKUTZajfvDxdJKwseD+LntoL8/6B6sRNK5JDU64GBrheSVj6EDCRZzH7Re2/zTqqwCwU8PWpkIp5/gY6PQJ/iYVIfGlSkGn1jL7BaebGfAxBiFXA/3lFlayg+WWyJqlx2lHPDCGueCTRvS3yq+q+Hg+mZ8Mxzkn4fDL/3eIB//57a/r/QOUfYGxyiGd+xxb0YEzN5Ki23nfF/4e1AYRTFM/eVKlNvN1m1ftw7/PWHMZ/GAOVieZa28rBS2MjCeS8AttjR4ln4OvcE1KDOTxUa5jFan4uHG4WTLkwZsD/S4OD9sZmeJngvueTstV9+OdZuFRTKw59u708ec+510Xi+FpjA1fWjhHUb8eZ4bSETwLJUCi4Wxgjo2DVwDr4X0gE+o/ft9qf7Cy0phmMouydbLzsXFxc//vLi4/OAot1a9ouAez6jhJ0fVldg1I33cZ8Z66YAZiej/aIbiE1R7+5ZV7x8p3sq0t1uW2Jgstx1hUm8Nbm6sh/bikY56m9PI27oIY0at5Z81qgVIQd6cLgjN0ZnaFhgraSV1zR9WKbunuNpN7vdXmfZcaoyt16rgm1mfutkMkBfzhpJO4O1ijBQPeh+J68DXfVxDpsAeCwhbHvRb4NKBnov6bF1HwJw7MFotwGiEnvdWTmqPDzqcwFmAyH3SpAOLteMTtTpxdryQRDg4f9ArzhA7pzDmSfoFUgusUFNYKcq+sw+k1ggc4GqZnTIsH0Gp2lrUfnh8pkyU+amzZZr5UMBaHUiblxnT+HKKVCI7WeQVV0Wt1pFPFxRp1P5Hkg7GNkM6Nf39sgqohBo0hd9iySm/ph4tJKPJhFDi3niuDiocKY6qOiYyKEytQ4NK1WwRqKf9MfN2HJqPDtwBtYIrdufqvrWh6/pBU3VhxN7Jrw3o2vh8amotCMib3qzgukCFgmWs1n9o8xzv7Z64kiLndlaXpB0ZwoWSGnN8KRBF2LBmmDGuLHKxyPFFunhZiLaUju7fcoFahg0Nmub4Muc1pS/FkkuFIq/opFp38HxibFw3NeVobrmeYdBSkkWkVlimJLHxgqrW/IlLRYhBGnPPc2XC3UWtee3nlAcFJTDbuTUczxGc5752QK7M4HkuizmdLrUSMEFCEXJZM/tO4X5mzExhx1ZF58oIfNz5EFCmROcovffEZhvxBT6hoqCeTXlBwImUI5A47KokNfT1TEk370BPL6B2b2xt7aE5Q8n/ogjoSPMWsSEIbqs/Cp7oCPRcKvd4YCneCGRU9WvWqe8tlEQdsTaSH0/juLrtqmWW2oA9TlwhwURqbhdR2KSe7ZO1v1rDVdibqBCvqreQMJ6m4WjhdiK95TZ0YjI5oPE7V0bPIlpy+FeYnfycN+3KBOMMFb6nO+pdJp0W/KU4hAvsST3t9PRiewQON9wNuJxuUtgRNbHoa6tjGBPDLsy9r1z3/LyIHygTClOeC1O485k5D+nmzv9GZGd2Y5RnywYJ2/IOvDKU6OcmvlqES82K+znrsvPveMQ4P8A+NszxBaO2inXZa3M/3NeiMlL75U5x9iOMwrBCPb7+ZX2j/O3uSwbpjmvlpGa1E0piHs144lYSMsVr+C2J8XxIR8Xu6jK8CDgsaiv9gnXvHzNGJ8Td+o0gabh7x5/u5S/WV9sXFA6pp2ajq9nn3R0/kB3pCabLni5Dk2ScL3kQlR5QDjh/g9uqQD2+eHKa1GEmsipaQWG//563K5a9LfsxYyEQ3Xv2+jrhDr9ZtVzS5z9rtMmnTYzov2XWvPdQpggZGlGxv11vPc+wd3fpkuE9rPvDTQv/wMXhx62EdozRs9Tpok+Tt/EktSFpRUf8zsbEak2x052sd/SKAit/kPaxVde3w9GY0e1UfNkqQ+vCLH+mDoE/R0PiqBWKJXx7ZYrrWR2OUhZ50s//AKGdSAY= +sidebar_class_name: "post api-method" +info_path: policy-subjectmapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +ListSubjectConditionSets + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectConditionSet","additionalProperties":false,"description":"A container for multiple Subject Sets, each containing Condition Groups, each\ncontaining Conditions. Multiple Subject Sets in a SubjectConditionSet are\nevaluated with AND logic. As each Subject Mapping has only one Attribute\nValue, the SubjectConditionSet is reusable across multiple Subject Mappings /\nAttribute Values and is an independent unit."},"title":"subject_condition_sets"},"pagination":{"title":"pagination","type":"object","properties":{"currentOffset":{"type":"integer","title":"current_offset","format":"int32","description":"Requested pagination offset"},"nextOffset":{"type":"integer","title":"next_offset","format":"int32","description":"Calculated with request limit + offset or defaults\n Empty when none remain after current page"},"total":{"type":"integer","title":"total","format":"int32","description":"Total count of entire list"}},"additionalProperties":false}},"title":"ListSubjectConditionSetsResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-list-subject-mappings.api.mdx b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-list-subject-mappings.api.mdx new file mode 100644 index 00000000..a675c716 --- /dev/null +++ b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-list-subject-mappings.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-subjectmapping-subject-mapping-service-list-subject-mappings +title: "ListSubjectMappings" +description: "ListSubjectMappings" +sidebar_label: "ListSubjectMappings" +hide_title: true +hide_table_of_contents: true +api: eJztPW1z2zaTfwXDu5nYrSy/JOm0uk57iqymvji2R5Iz14t8CkyuJNQkwACgYz0e/febBUCKpGRJTtJMkkO+xAaWwALYN+wu1veBphMVtN4GFyJm4Yz0s+u/IdTkNU1TxifBVSMQKUiqmeAnUdAKUgPXVBYusWBN95n7qg/yloXQPGVKV3tU0AhSKmkCGiTOex9wmkDQCjqCcwj13oUUWoQi3nsDUjHBg0bAeNAKpkAjkEEjkPA+YxKioKVlBo1AhVNIaNC6D/QsxZF4llwbSM10vGFo4FkStN4eXjWCCFQoWYoLDVrBMYwZB6KnQG4tNBFj86sbjaRutKARhIIrHbQO5/PG0noGLAGR6b3Xamkl22NeGeRBRLWFahDGSaKC+fzK7hYo/UJEM5woFFwD1/gjTdOYheZg9/9WONb9MkbCHB4emkQy0AwU9qZ0wji1GNwX2JZa61iemx8obtb6kWOWMF1CgHENk8qeWIhGMBYyodqCPD16cMYhJ33QRAsSCj5mk0xCRCIY0yzWxIxF2JhwYQ70lkUQDTl5Te9YkiWuX4HGLU1jqnFSNxChPCLAx0KGEJHrGVGW6lUwbwRiPFawfh0O5DELObZoQ1RHOZjPGwGNImZBL0pbOqaxAuzO513BlD1LJMGGMeZ15jMNKhVc2cM7OjjA/6r497MwBKUsm3wO4lM1ibL4gEpJZ8hmGhK1eSAWlWCUlijvFvvEIjxIqrVk15mGNzTOoEztRc/o1nTVzw05sp3DEPM5QXEJEdHiPwi9oS0yDAZTIF2umZ7Z/2JIgOvFh8NgI8tsXEYdswlwlOgQkSxjEZJ2RDW9pgoqK1652E/HZt4wIlKlNKxMsWis41v05CL4M2LzuL2xsv3hAU1/fchMmSMnKZXaMFeJLIz0No2qQVSWpkJqlCWLJbczPT1DWTPkBDi9joGMIXIaGXEav+frUMJuPNVQs9vqkdqWOra2GXHIhWTGNYsJ3CHHMh1jhwHCXVocwLUQMVAzVwKa4q6VZyvaNp1YKAEHbuvy165xRPUSvosuI6edHAZJdsCy1YepIA6IfGBxTCSEQkZgDpdyQrOIaQK3wPXuArtiH+GOJmkMxkY6RCl22Dw4OHj67ODg8EiheVSI74hq2EMdjHuQpdHyMlzjqmUsutYswwF9wWXE9BrilaK0UMcW4iHV8TBhWqk5r2+EcOqOqCnyQrlzg5Krj9TXMguN5s84e59BPCMswt0czwglEpTIZAjkA9NTUsy6GJ8UJDtvBBNJuf6HVU0m2Tog7K4vsR1FEpRCuUjJq3afMK405SEM+WXvhCSZ0uQaCCW3NGYRueydkh1oTpoN8mSqdapa+/sRJKIZimT/yS4ZizgWH6w1U9oIBRNUSqpJujSc5r/a0ZWmUjtTKLJ7icQYp1PKswQkC0k4pZKGGmSDhJSj9aQp42Q6S6eAYm81MHbwiKiYqimoZmvI3717N+R6ylQzoTqcgtp58r9mFb+39vff0r1/tff+52Dvl6udxc/D4XC4d3V/0PjpcF6C2P19B3uaj/xo94ed1lv88cfd33f2mz/s/v7vT3YdXkMj+dLsOmbhK5hVzGLTOLqB2QrjPZUQIk+3zPHh/kzpLZAkizVLYyA3MCMpZVKtEJyCw/nY3KFqIpSGU4gq8tO21Ke3mJk57MktzpxxKxCY4E3SyaTEE08ljEGiAX1b3KDW0/0NzD6Ba1JI1nEEdjeChN6dAp/oadD6+fCXo0aQMJ43HNZXfPf84BfS7p81D4mzRlF8XnRfE+C3EIsUGiRTGY3jGZ7nzXq+vTEGRAmBpxumbztRROxQuTxiIMlYSILEjadhFHY8wam5MBrE3VMPrkqGPEIsT3DDxQdkwImQTE8TgrjnfFnh6sU1nAAPRQRRc8jJQFiWbqChpdBinaEEeScVbR0dPPv5nUG012/voU0UkQ/SmuHOQnkHYUtBmB49/0keWthupwbaINeZJomQQCyNqXwWGqE+o4pwAMRnlR6zGxG8avdHF5cvTk86o1fdv0bt05ej7tnl69HlWf+i2zn546R7HDQehOr12yNczQaQZwe//LQGpNsZ9budi6PnP/UON4M9/fnZNmDPjw57h8FV+cb2iqqLQrA8SgUu5MuQk7YRMSWeN/JVJECoUiJkxrTIlZ45unEm9RRkTqZhYXMWDIDs/Yi7ZyGHFvfIt3njFTpPqvwvIRF6rcHtIOrrvqGqvNBMxmRvoeMV4yEYWUtjJZDwJGjJ4BYFG6OlL/9fqdEvp0VX6M75ijMtE4lrvEKf1jpiawTWrBsYglloQNs6MnRUpxa8gztj0F0wX7X7LbJzcjbo9s7apw3S/W/700rL2kmk/vllr9MdDf666NakULknH7PWnE+AXIDU++qT9OYNVZfrjckbqkarDErcCiTvfB9gRtrGfUP65jryMUYOjllixtLQekqRsWLBJwrtdLf1G62KQrtV7rNF48Nn1D59ed47GfxZ1xOL9pJmqDY6XbBo7HZGKPqX2p7+/Gyp7fnRYbDkYu7b6z5EVhjn6KvmlpYHHsVmA2mTdDbkdrJ+MqpGK1wleK4nx2tIpcTTfYa3z1eGsDe4GavzGg1Tn/kVNWaSKisuIzONAYUU9LG+mpKz9dJaaghWEgvFDWsLR0d16I5IEsGJd4R4R8g/7Aip2I4ws1zpmPJR5uMST5MeTJjSclY2Ap1v5GHb0/CNhXLXHFg4OJvkUgHJWd2wF9DIykCvB70e9HpwjR5EjlniKNwQKYTugPxHXZaPC51s5cupDohuGSuNSYh4jTFi+HjFm+v0QvU2ve71uvcL6N5OiWi35XVk3FFoOLeOVE+ICiNY1g+n6AVA4SMzpbcQcx9lFxcRVyNmjITJ4soF2/z+8GfYTYz6WaOVBoPeyYvLQXfUuzzNL8bLTr0Hwdqnp6PzP9ZCnP21AeLPk26v3ev8+Ze5iRvy+GgZGoRMhllM5c5uaX/fuGyB7ejBYeBDUF+378yHoHwIyoegfAjKh6B8CMqHoHwIyoegvOvNu96+Z9ebD0F5N5h3g33LIajCObUmBPX1Jdd7zew1s9fMm4Jiy1q5/GrI602vN79evVm5c2JUZeN987Z4m7gJTx9E+Iq9Hz6I4IMIPojggwg+iOCDCD6I4IMIPojgXRXeVfE9uyp8EME7Q7wz5FsOIphFf1MBhK3LZy3SV6vlwsrJrG6wUbIo71dF2AEQB+AjGN4s8GZBzSywZfSM4f5litr5Al1en39nBboeU6dx+zcbGxgZZLINp7qdLbG+/dLEY0SWlrG1DZ+1yOJ66VeArZKBlXeFuasGvaTYYVBF+VicVGEFfOy1BYcN7f3C3FdyK+vhqRrkw5SF08K3ZSlpyEkKsvok0l9yvFD8CoViPeJbZlvHRetdhUvPBHMWcbYEeYnMowiVJV6OSCjiGEL8xoRd61+pIS85JTIegSQ0503LjjhYs2IG9apWTM31WRPRn7YqRXboDc1Nso7gWop4sYouRoIMmIHq9Lq7uAFDrozOySSovNxqLs6cRClvhjI+51oRXxVUfLzOIVsWfeI6ZhMTY/iH7biNdXS/6AtvXxzXF8f1auYrVTO+OK5PKvJJRT6pyCcV+aQin1Tkk4p8UpFPKvJJRT566KOH33r00CcVeUeId4R8V0lFvjiu14NeD/riuFVfji+O63Xv96N7v+HiuJ9cGHa7kMcijFym0FLr58tk2v4BuZZsMjF/uvvLLH0pnWvR9dnzuWhY32zX8ojoQqa0WCvLHcTDBmFFJRbQFZ+gbVzhE8TbV0RlJbxRtK2Zco3jZtA+O273jkftzuDk/KzuvKn1Hnc7vb8uBit6Br32Wf/1yaDqvC3hVl5g0Ww8Wp+oeV9+etKCD9t7jfm9he0fN2+bEysL8Vjc6aGjXdOb6h8N/4LptyZGeac/JYJaSb3FXzdycsyA6/U3IQtjL0PleOcjjKMevM9A6Y5bYVU6Ip6PS577U8SRIja51ozoYojGRlooVDLO4jGLY4y8lH0Y+UZ7MejF4HcoBnOszwtGGFgjd+t7SWEUb51x6PnI89H3z0cf+6dOPA95HvI8VHh5tmOf8qsDH3713PN1cs9mF6yrGNAR3EL1oXI8ecWBMO8fKVg+KbzrSMiUeRLSXx7RvPaxL0/M+0J2C7z+0OezvMJ06PbhU6JNxVrtU67PMNAnjOFW1L3TIDmN+4DPyIR8s8mFnB8cuA9Hyn1ZOAZqb21IDmCuqZSMGcSRLbhB0BFBxjHVGjhEpGvZr4ceTQVc2+vsjsrCKaFqyMlYioSw6GL/9Lh9sWtczCl6BYWs+JbztlXkBDizHTiHsy9S45o3ftmHevniv7qdweh1++Li5Ozl6Pyi22sPznurknLXw56cbQQ5Ox9sA3ZyNuqcnw3aJ2d9k1ZXO9U328Y3isUmjJ/YvsP5mkN3Rl4Fvr7bMVMatzYUSUolU4LbU1+EcyUofHyFLzvSNJ65J3xDTjYQ2VZ0M+Qkr3iy28iP3Sas4twFkVSiWTlj1T3Z65ilRISP8+f8MORtUkyJb9EYx8eK9q8sijH5tShNQ6g2WC/W/KRgKwPwZMhjYZOXfyO/5gj9Rn7NK7fkW+nO4LeaZyiXJ3UKcE/ezlewmesarWU3B1RmO5OtT0MpVOHMWsz+EPN1zs+OT0wI4sX5+Wm3ffbg35VcB9k+2wRx3quGNjoVmV0ji/rmPO7426XHu3jaxVRqmVrre01SKW5ZBNHKYxxNrIJZy57F85sFBZaeGC8wMBZv++yYxGLCwmqmR6EVH5dz9eDKHQbBCtGjQC9Tp787euv3e7s7bhPcfpTd54PcPsjtpaKXit+0VMyxbuepPJ8x6l1NE1pOSsPkV9eH9YgSpp1l5mwTzOi2zzJK5RE9E3om/F6ZsFpI9HHM6L7NCwC1SJtciJiFM3zoxCamLFkO0we9o3YReVpivCIVZcjt3fhHx50IG4rkmvGlR7xLBU4xW5tOcshy+siidSOX2pIB5+OxgnL+CuMabNx5YRoZyJGwoCVCY1w/PVpOg7WJIxCRBTrEfYyGANxtMyuCbT1lh8aYsVPc+KRFgcQsYZr86GYnQuY1c9Af101Sw5XACRccHToJZurSsQZJwryiAp1YMSs0jdcibCE2ojpAMBKKjBvfEVKzBILupsdkLp8ypauErHqgUsHVpljnfG4Y1uwCrqeKXVdK4wtxtRfMG5YU6wqZU9z/W1l6U+EUErqNrzdaafSVZRkXejQWGY9QhuXWcIgv+GJjMGfcVEzASwI3z7tHVE4ykx+EC6FRzDiM4C406URYr6wYEIs0SKDRbAR3TJkruOFEhaUxRhFw5t66u8fHcDelmbJ2+piyGKIRWu4lvxq9Ng9h8GKSIXmOJOUTMFiahyOIlulG+kCPlemit5TFGAZAjKmmo1goZXsyPUUSsLeDpZc35uGzpjpTBLcyLzSopiKLI/PiHW2CLMk90mPydiLEJIamTMNmR0RwtdTQtApeKaTsFWdT93ZEYOtuyL0xDVHAAdIIcSMso8Q46fJJzNS0Sdp8RjL1wKelb9D7F7N/oXzEt/Cu6gf6jsro981ONCPQlMXqak2X9dM3kOEXQztvlE2Na1q9heCbyVjnb9UrW7UuZ70QAijP7Wu8CK6zyaq5VnOrltmaQBX2LgdQTcEBZWwJec20pNIYIcxtQL7vFN+xuRoG5D+NR9M8cLPDXYP1bJp292ZqeZBmSfK5c0il0OI6GzfbfFZ3THPUiLlw2X5J5guLiQSdSW6P0Q3YInlZhNA2ICVgiYdIhGp/IvYNuan9f0OwPVlxsAfzXBKW51shVgNjDU9FhOpVKEMcFHMpg/3UqP6mU89OOzer3+MTMxbC/uqRrYWojH8jk3HQCu7TmGqkni6PUsG4ni+xZNcKT3KeAh8c/0HyL/A9JNaoM/GmYmvy3qZhhKldwS2VDOWRTUGtzWi1glMQy73zOfoKFISZZHoWtN5eNQLUC07tvxDRzGFoBq/YKUYfB62DRuA0e+sADwFrGVXMmFUbu7QPuA5X5agV3B4aq0gonVAzlfU3PHCilYEKjsQEU9wvxm21r9guAA/77WqcVh920Fg57VUjMNvfehvc36Nb5FLG8zk2v89Aup3MTwZ/mzeCKdAIpKGPiJlIcrTaNL1fqOxgp+dcPLtkYQZWF4fPXwvG3LtAzg1FvPemqBrlJFsQoO9r+6m3m2/AEhCZ3nut6jMVcDjenqkRsoBYskQWX+CDzlSvhb0qMfLFeR99Z9ciMm+DE2OmBJJ+QGuAfrALsTcKW+cG2+6DmPJJZtRmYMfEf/8Hm4KKyw== +sidebar_class_name: "post api-method" +info_path: policy-subjectmapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +ListSubjectMappings + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings"},"pagination":{"title":"pagination","type":"object","properties":{"currentOffset":{"type":"integer","title":"current_offset","format":"int32","description":"Requested pagination offset"},"nextOffset":{"type":"integer","title":"next_offset","format":"int32","description":"Calculated with request limit + offset or defaults\n Empty when none remain after current page"},"total":{"type":"integer","title":"total","format":"int32","description":"Total count of entire list"}},"additionalProperties":false}},"title":"ListSubjectMappingsResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-match-subject-mappings.api.mdx b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-match-subject-mappings.api.mdx new file mode 100644 index 00000000..84c3b3d8 --- /dev/null +++ b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-match-subject-mappings.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-subjectmapping-subject-mapping-service-match-subject-mappings +title: "MatchSubjectMappings" +description: "Find matching Subject Mappings for a given Subject" +sidebar_label: "MatchSubjectMappings" +hide_title: true +hide_table_of_contents: true +api: eJztPW1zGjmTf0U1d3Wx98HYzr7ULre1ewSTXZ44NgU4dXvBR8RMA1oP0qyksc2T4r9ftaQZZgYMOM6mkpzyJbbUI7WkflO3uv0+0HSqgsbboCtiFi5IPx3/CaEmr2mSMD4NrmtBBCqULNFM8KARvGQ8InOqwxnj0yq4IhMhCSVTdgs86wxqgUhAUhygEwWNIDFT1ZXtnttP6w7ajdQHectCqL/GmcpdKqgFCZV0Dhok4v4+4HQOQSNoCc4h1EddKbQIRXz0BqRCtGsBQ9xnQCOQQS2Q8FfKJERBQ8sUaoEKZzCnQeN9oBcJjsTT+dhAaqbjHUMDT+dB4+3p2ladwYRxIHoG5NZCEzExv7rRSOJGC2pBKLjSQeN0uaytrWfA5iBSffRara1kf8xLgzyIqLZQNcI4matguby2uwVKvxDRAicKBdfANf5IkyRmoTnZ4z8VjvV+HSORUUEikQ40A2Xg7KF2S43uEyolXeBaNczV7qHgXoPkNO5DDKEW8g2NUyh8prREWl7tSfbBSLkvRrfmk1owZ/wc+FTP8ChqOeD+I9qBlstVV7+00EWJ/N4+gPt1LaBRxHBjaVzcogmNFVTPr0ncfiyQwGjGeMdtrpleEKoI04pkayVwn0hQhh6PfiEGYSJBpbEe8oQyWSeDGVPkTqRxROZMSvONRZOkCiShWks2TjUoIkFLBrcQkYkUc0L5kNNUz4Rkmmp2C0SJVIZAVBrOEBPKSeesSw46EVjsulLcsgjkIRGSXOHofS0k1Ie8fU/nSQyKMB7GaeTGaJ697B+fnzW7NXL5atCsEdBhnbwUknBxVyMUF8Si1Y7MU6WHHImWMk7GQs8I3bgX/0Go2waUbGZb6kM+5IMZkAcIhjCFgyUQsgkDSbRwI1s0UnCbQiYx1Ro4REOe76QEnBq4NvxjTo4Td2QH2XaZ71nUNSs+rBHKI+TT1TArRIycMb9YHCAi44VpfQh7wYmeUT3kbtZeGaODTLq3kOPv9SESBijIaMJJMkum9aBA8o63RwU2NazVsfx8WmSPTRK+ZyVO8Cgu2DIQidkYJI3jBdJrKjkeW8yUxl2vfELGVEFk9waQjJA6I9Kviqv6kON2rH1OJbhJICLMHGp+5DnZTRjETo2CqgdL3JCyUjINKhFcWRn3/OQE/ysvuZ+GIShl1cdHFMq5pv1gkcyibdKSRUgtuRRZSVfXn/fkcrm8bjyZZgZDzOcE7QiIiBb/SegNbZBhgKfjKNv8F8McuF59OAwQpacto4rZFDiaOhCRNGURatGIaookVVrxxsU+HZtlzZgOKqFhaYpVYxXfvCczTT4iNo/bG2vzPDyg6a8OmSpz5CShUhs5USALY9WYRlUjKk0SITVKxNWSm6meXaBIHXICnI5jIBOInKmKOE3+4ttQwm481RAVXelIbUsVW9uMOEQwoWmsSco1i1EJxSxkOsYOA4S7tDqAsRAxUDPXHDTFXSvOlrftOrFQAg7c1MWvXeOI6jV8V11Egdk7BfIWJDlwuvtuJogDIncsRp0WConiknEUfDSNmCZwC1wfrrDL9xGcgkc76BSl2Gn95OTk2+9OTk6fK7SBJkLOqQ4aQUQ1HKFtinuQJtH6MlzjpmWsurYswwF9wmXEdAzxRlGarclBPKQFHyZMZ4RWN0IkdhCiZsgLxU5UQI/QtX0t01Aj56Wc/ZVCvCDMGHSThbWirNF3x/SM5LOuxic5yS5rwVRSrv9mVZNKtg0Iu9eM6ihCy9Ba1K+afcK40pSHMORXvY4xK8kYcnvzqndODqA+rdfIs5nWiWocH0cwF/VQzI+fHZKJiGNxZ22ywkYomKJSUnXSpuEs+9WOrjSV2lh8wCO7l0iMcTKjPJ2DZCEJZ1TSUIOskZByklm5s0UyAxR7m4GVtSNVTBWaH40hf/fu3ZDrGVN1Z5McPPtfs4pfG8fHb+nRv5pH/3Ny9NP1wern4XA4PLp+f1L74XRZgDj89QB76o/86PCbg8Zb/PEfh78eHNe/Ofz1358dOryGRvIl6Thm4StYFLneNo5uYLHhUptICJGnG+b4cH9m9BbIHC38JAZyAwuC9x21QXAKDpcT41uoiFAaziAqyU/bUp3eYmbmsCe3OnPGrUBAq5m0UinxxBMJE5ASosxXsFOa38DiCVyTwHwbR2B3LZjT++w2/OPpT8/L1+Pqiu+/P/mJNPsX9VPirFEUn932awL8FmKRQI2kKkUrHM/zZjvf3hgDooDAtzumbzpRROxQmTzCa9nEXFaYwtMwCjue4tRcGA3i/Dcn14VLCUKsT3DDxR0y4BRvt7M5Qdwzvixx9co9RYCHIoLI3BaEZekaGlp4jaILlCDvpKKN5yff/fjOINrrN4/sFeROWjPcWSjvIGwoCJPn3/8gTy1su1UBrZFxqslcSCCWxlQ2C41Qn1FFOADis0mP2Y0IXjX7o+7Vi/NOa/Sq/ceoef7bqH1x9Xp0ddHvtludl532WVB7EKrXb45wNTtAvjv56YctIO3WqN9udZ9//0PvdDfYtz9+tw/Y989Pe6fBdfH2+Yqqbi5YHqUCV/JlyEnTiJgCzxv5KuZAqFIiZMa0yJSeObpJKvUMZEamYW5z5gyA7L1DLRdXksuhonfJNV6jU7HM/xLmQm81uB1Edd03VBUXmsqYHK10vGI8BCNraawEEt7KQXTLaOHL/1dq9NNp0Q26c7nhTItE4hqvl9u9jstaYM26gSGYlQa0rSNDR1VqwTu4MwbdBfNVs98gB52LQbt30TyvkfZ/2582WtZOIvUvr3qt9mjwR7ddkULFnmzMSnM2AXIBUu+rJ+nNG6quthuTN1SNNhmUuBVI3tk+wII0jfuG9M115EOMHByzwIyFodGxR8YQC/RJaZFt/U6rItdupfts3vjwGTXPf7vsdQa/V/XEqr2gGcqNThesGtutEYr+tbZvf/xure3756frUaq+ve5DZIVxhr6q72l54FHsNpB2SWdDbp3tk1E12uAqwXPtnG0hlWJ8geHt85Uh7O0qbFme12iY6syvqDGTVFFxGZlpDCikoA/11Vw6HTHk5MpaaghWEAv5DWsPR0d56JaYzwUn3hHiHSF/syOkZDvCwnKlY8pHmY9rPE16MGVKy0XRCHS+kYdtT8M3Fspdc2Dl4KxjPI1krG7YC2hkZaDXg14Pej24RQ8ix6xxFG6IFEK3QP6tLsvHhU728uWUB0S3jJXGJES8JhgxfLzizXR6rnrrXvd63fsJdG+rQLT78joy7ig0nFtFqidEiREs64cz9AKg8JGp0nuIuQ+yi/OIqxEzRsKkcemCbX5/+DPsJkb9bNFKg0Gv8+Jq0B71rs6zi/G6U+9BsOb5+ejy5VaIiz92QPzeafeavdbvf5ibuCGPD5ahQchkmMZUHhwW9veNey2wHz04DHwI6vP2nfkQlA9B+RCUD0H5EJQPQfkQlA9B+RCUd71519vX7HrzISjvBvNusC85BJU7p7aEoD6/x/VeM3vN7DXzrqDYulYuZg15ven15uerN0t3Toyq7Lxv3u7K/M7x9EGEz9j74YMIPojggwg+iOCDCD6I4IMIPojggwjeVeFdFV+zq8IHEbwzxDtDvuQggi3B9iUFEPYun7V6vlouH1Z8zJoVUZuvyl6WEXYAxAH4CIY3C7xZUDELbBk9Y7h/mqJ2vkCX1+dfWYGux9Rp3D9nYwcjg5zvw6luZwusb7808RiRJkVsbcNHLbK4XfrlYJtkYCmvMHPVoJcUOwyqKB/zk8qtgA+9tuCwob1fmPtKZmU9PFWN3M1YOMt9W5aShpwkIMspkf6S44XiZygUqxHfIts6Lnpcoe1exiLOliC/IfPYmr/54BEJRYx1frHyKDJW9Ss15AWnRMojrKid8aZlRxysXjKDemUrpuL6rIjop61KkQN6QzOTDIs/SxGvVtHGSJAtdYxQrV77EDdgyJXROakElZVbzcSZkyjFzVDG51wp4quCko/XOWSLok+MYzY1MYa/2Y7bWUf3k2Z4++K4vjiuVzOfqZrxxXH9oyL/qMg/KvKPivyjIv+oyD8q8o+K/KMi/6jIRw999PBLjx76R0XeEeIdIV/VoyJfHNfrQa8HfXHcsi/HF8f1uvfr0b1fcHHcJxeG3S/ksQojFym00PrxXjLtn0CuJZtOzZ+0/zRLX3vOter66O+5aFjdbNfyiOhCqrTYKssdxMMGYUkl5tAln6Bt3OATxNtXRGUpvJG3bZlyi+Nm0Lw4a/bORs3WoHN5UXXeVHrP2q3eH93Bhp5Br3nRf90ZlJ23BdyKC8ybjUfriZr3t6c/WvBhe68xv7aw/ePmbXJiZaH5U/H29NDRrulN+Y+Gf8LntyZGea+fEkEtPb3FX3dycsyA6+03IQtjL0PFeOcjjKMe/JWC0i23wrJ0RDwf93judxFHitjHtWZEF0M0NtJKoZJJGk9YHGPkpejDyDbai0EvBr9CMZhhfZkzwsAauXvfS3KjeO8Xh56PPB99/Xz0oX/qxPOQ5yHPQ7mXZz/2KWYd+PCr557Pk3t2u2BdxYCW4BaqD6XjySoOhFn/SMH6SeFdR0KqTEpIf31Ek+1jM09MfiG7BV5N9PkoWZgO3T48JdqUr9Wmcn2EgZ4whltR+16D5DTuA6aRCflmlws5OzhwH46U+zJ3DFRybUgGYK6plEwYxJEtuEHQEUEmMdUaOESkbdmvhx5NBVzb6+yBSsMZoWrIyUSKOWFR9/j8rNk9NC7mBL2CQpZ8y1nbJnICnNkOnMHZjNS44o1f96FevfhnuzUYvW52u52L30aX3XavObjsbXqUux22c7ET5OJysA9Y52LUurwYNDsXffOsrnKqb/aNb+SLnTPesX2nyy2H7oy8Enx1t2OmNG5tKOYJlUwJbk99Fc6VoDD5CjM7kiReuBS+ISc7iGwvuhlyklU8Oaxlx24frOLcOZGUolkZY1U92duYpUCEj/PnfDPkTZJPiblojGOyov0ri2JCfs5L0xCqDdarNT/L2coAPBvyWNjHy7+QnzOEfiE/Z5Vbsq10Z/BLxTOUyZMqBbiUt8sNbOa6RlvZzQEV2c681qehFCp3Zq1mf4j5WpcXZx0TgnhxeXnebl48+Hclt0E2L3ZBXPbKoY1WSWZXyKK6OY87/mYheRdPO59KrVNrda9JIsUtiyDaeIyjqVUwW9kzT79ZUWAhxXiFgbF4mxdnJBZTFpZfeuRa8XFvrh5cucMg2CB6FOh16vR3R2/9fm13x32C24+y+3yQ2we5vVT0UvGLlooZ1s3sKc9HjHqXnwmtP0rDx6+uD+sRzZl2lpmzTfBFt03LKJRH9EzomfBrZcJyIdHHMaP7NisA1CBN0hUxCxeY6MSmpixZBtMHfaAOEXlaYLz8KcqQ27vxPxx3Imwo5mPG15J41wqcFpfzGnNEy2tSPVCJ4GpX2Gu5NGdnisjgOZfX2pbSXItdGr5JZ0iwxIzB7/hPZZ8pqnAGc7qP2y/aqP+LZM2FHk1EyiMk58wwCjGZKza2U8pN8jzai9xk+o6onKbmqQguhEYx4zCC+9C8LMHSVfmAmK8vgUaLEdwzZW5j5lAUVkkYRcCZS3t2eahwP6OpsibbhLIYohEacQUXCx2bnAi0UVM9EpORpHwKBkuTQ4BomW7GrfPCdNFbymL0CCPGVNNRLJSyPameIW1bQ3EtCcPkwGqqU0VwK7Oac2om0jgyyc+oHtJ55pyckLdTIaYx1GUS1lsiguu1hrqV9UrR6cazqV58I7AlGOTRhIZI64A0QtwI6ygxTtp8GjM1q5MmX5BUPfBp4Rt0BMXsX8gqmBbtCkCgG6GIft/sRD0CTVmsrrd0WZdtjQhZGNo5JuwrqboVYQi+m4x1lrZc2qptz5dzsYysbROzIhin001zbeZWLdMtMQvsXY+lmdxzZdSKHDMtqTT6iLkNyPadYkqTS2cn/2WcWybXyQ43BuvkMu0ufWZ9kHpBJbhzSKTQYpxO6k2+qPooOQrHTLjsvyTzhcVEgk4lt8foBmyQLEM+tA1ICZjtH4lQHU/FsSE3dfxvCHYkS77WYGkl4Rz0TET4CE8oc/AUn8wFx4mR8HUnhZ0QrpdFLmYSsRCON0njoBZYS0CZe2wq46ARvE9iqpE02jxKBON6ucZvbSsZyWUCfHD2kmRfYN4b1iIzcYV83Vlv3VD5zC7hlkqGwsY+NazMaEW+k/7rvcsl3gkVhKlkehE03l7XAhT67l3gCxEtHIaFiEzxFN++D2BzgKYo/Qu+/gI/YTgAK9yU3kZuOoe1XcNVu9o3jeD21GQ2CaXn1GgrewvdqDSrI71fab7gJeMRMdUYiho+LwNoY0M2gOc6VwYcPlvE02Hc1pAyQsbS1tvNa9pMW0FtM9rXtcCcduNt8P493ravZLxcYvNfKUh3cBkh4G/LWjADGoE0RxQxE6CMNls8xU046DnPwSF5aHWYVZkz+VEXpUAo4qM3eTEiJyWDAF0q+0+933wDNgeR6qPXqjpTDofjHQ1sjYkMYs2qWX2BeYKJ3gp7XRAc3cs+umTGIjIpp3Nj8gSS3qFlQe/sQqyhasunYNv7IKZ8mhoVHNgx8d//AWjsNP4= +sidebar_class_name: "post api-method" +info_path: policy-subjectmapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +Find matching Subject Mappings for a given Subject + + + + + + + + + value result\npair. This would mirror external user attributes retrieved from an\nauthoritative source such as an IDP (Identity Provider) or User Store.\nExamples include such ADFS/LDAP, OKTA, etc. For now, a valid property must\ncontain both a selector expression & a resulting value.\n\nThe external_selector_value is a specifier to select a value from a flattened\nexternal representation of an Entity (such as from idP/LDAP), and the\nexternal_value is the value selected by the external_selector_value on that\nEntity Representation (Subject Context). These mirror the Condition."},"title":"subject_properties","minItems":1}},"title":"MatchSubjectMappingsRequest","additionalProperties":false,"description":"MatchSubjectMappingsRequest liberally returns a list of SubjectMappings based on the provided SubjectProperties.\n The SubjectMappings are returned if an external selector field matches."}}},"required":true}} +> + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings"}},"title":"MatchSubjectMappingsResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-update-subject-condition-set.api.mdx b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-update-subject-condition-set.api.mdx new file mode 100644 index 00000000..f796ddf7 --- /dev/null +++ b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-update-subject-condition-set.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-subjectmapping-subject-mapping-service-update-subject-condition-set +title: "UpdateSubjectConditionSet" +description: "UpdateSubjectConditionSet" +sidebar_label: "UpdateSubjectConditionSet" +hide_title: true +hide_table_of_contents: true +api: eJztWm1vIjkS/iuWT7qdOTWQzEv2Do1WxyTsitMEUCCrOxHUMt0FeNdt99huEi7iv5/K7oamaSCjHd1+yXzJYJfL9fLUi+1+ppYtDG1P6FAJHq3JKJv9BpEltyxNuVzQaUBVCppZrmQvpm2aOrqm8XSJJ2vmy/JVI9ArHkHzPo2ZhXzuWsmYI5sRWBrQlGmWgAWNuz9TyRKgbXqtpITINoZaWRUp0fgVtOFK0oBySdt0CSwGTQOq4WvGNcS0bXUGATXREhJG28/UrlPkJLNk5igtt+IMa5BZQtuTy2lAYzCR5inKSdv0BuZcArFLICtPTdTc/cy5kTTnRgMaKWksbV9uNsGBPmOegMps49YcaPJyyfeYHBXUeqqAcEkSQzebqbcWGPtZxWvcKFLSgrT4X5amgkfOva3fDPJ6PpRIOQei0zSCwXIwOMvjEo2xGvGyk5rHNKBzpRNmaZtmmfu9L/Vd4cRNQHNAjcCaElemNVujySwk5rxEUYGxX7TK0u/B6A/wyDXqPlnQkokRCIis0r8ykcEpw+XrQsgXhiZfGa7c0qoVGSkIyFxpwsicg4iJIyZK4oBg1oKEmHSl5XZN7iDVYEBa53jyxmTRkjDzIMlcq4TweNj6ctMZvkXH+PBX2omci7gdq8qCAATc2TMu6DBqNAg3iJpWNM/jj47uP/+rez0ObzvDYa//SzgYdu8648Fd2O3f34b3/dGwe937ude9ocEZ2l7/LEl/MH4JWa8fXg/6406vP6LTHU4LrzpvvgQkW2UTLnt+7nJzwukrz3iPvmptwY1F00YqSZnmRknvdeOAgL7QYDLhaDDQ11wucPhBkjMgexFuHiR5kyf3t0HhdojJbO323oJks9nLZT6w9nL45HSwlEA4DSiLPQcmhqV4mzNhoGqgvz3IDtluSWKXJQ1hRGcC0CqfXGp3GjPrpN7p/MM2rBzBDw9SKJ8pfyKfCoF+Ip9y0UlhytwHP9GS2qV8UkXATCkBTA5qwiyfCk+GW05UDjuEHGGRVsY4nfZ2PxZ814P+TW/cG/TDz4PBl26nH47/M+zWhd4pyk7/HMXgjk5rEeFydgUWVeN8m/s7JFICfZgX7u1W5hCtVVtjZV/x2BenAzeGC19gToZnkgnLUwElBPq6RJiGkgSP3C5Jp39DhFrwaC9cRtuqSL+P5rkEtCb1GCy9VUaD1O/4IElvvrVJQDSkgkVgCEjLUZsnbiymF2N1FtlMu/Aqukms6sGBEAH5a8klKFIClsXMsnIQbMeqol2rJFGSlOZP12PBZiBq63axVU5xzNLHS7YvzJuqhCo3HskZo2dPOLFkAN85f4YlW/H9nFBQhJkjCWcFzfHIvu2OOzedcSe8H950xrUhXUvS/fe42z86e9cdfulcd/eD+WjHf+c70NMo3iCr/c7eDZhUSeM98O7iAv/s23mURREY43vw79HZmpojyx9vh1+73Ncu97XLfe1yX7vc1y73tcv9c7vcfXSe6TvPVFENqGDHllfngyGzB3DeTREDFj1jQK9Akzfg88/jUpGciDxyIYiGSOkYYrzSY5KwLOaWwAqkfVsH9SeWpALcre4l6nrZvLi4eP/h4uLynUFsbS/lsFdr4H0hGsr3kxU18sE6NXZTJ9TIif6PavyJXb5ZKm1JefJMw1/lNHJnJ2IVyST/moFYEx6jNedrzOZgVKYj8JG03XXHf3cUqgmuyvX7N0aZtIxL8K3XNuD3T3fAomVBiRX48LSHFA+yjsQ0yW0dV4cUUqMB5pYHeSy5NEnHeHkqzxlkyQxRUqyJkkA61mo+yyw8SFeBA5ci63bjhmjIDJuJbcU5sEK+hSGtB7nlTHznRJiMkQmThMsYUpDoVvSybdIXnp/8IejsAcrBc84yYQ/PSV2tXXn9TqekSMW1LX45cqWy4VxlMsaILYpwxGQEAvBBIJO/S/Xo33dWTPA4ZHqRJSgdKsJiwSWE8BQBxG7BjmFAmdDA4nXoLh8wolPQCTf4ThPGILlbUIRNCE9LlhnrBueMC4jDFFPSrlVjM6X9vMpsqOahZnIBTkqOGqFYbppL3wS5KbZiXCA0UGI8mQvlzqKZZJldYvhGiFF68Lo0XgIxltnMEDRlQB6XPFpiGslETGaAcEGTFYecOZkslFoIaOo0al6rGKYHA01/jWIMW9T6phraMaxAoFMbcxZhhABihOQcDkXiknTlQnCzbJKOXJPMHFlaWoMNpeD/hdiFATbWyAZjrSz+yFmiGYNlXJjpiSl/9AuI0iXWeYMTCQ7SNn2WRvLzMPazVVNtgjzf1xhxW3lmXDK99pvNskXdXvXR6q42jhYH/6RZve1yadPlEKZn3GqmXcnluQEKuzOh5MInREb+6Zpku2RFXZqBb5bdeP6WecikWap6uR/cQ+csmzc7cl0967iX0CK5vFwlt8JLosFmWno35gzbZGltatqtVuQHEAmRSlqxikxroVoObqb1FyRr6L0zG90UmbC836nn6ATsUvn3beOfp+2StmnrG567W6f4+97Iv3VnWtA2fU4Fs4ikroxTxaXdHIRn1ydSMkhBjm9+JsUKcn/3JSD5dcbWTMVs0wXF0uuxYppjbnJIr+7oK0ReLA5nN+7t2ECUaW7XtD2ZBhRrxN3uNTmXsLj+ou/n7O8f51cfGh9/vPyx8eHj1bvG7P08aryL/nH1fn51xebsilauwSY1N1qT/cupybl7pl1s7i5yvumi5ciFx6RgPEVTHBxiX3yc3Lj15WPGtk/dnLj2PX91u8FiNFflnr0WsgfYQmzkH0C06eoSGSH0E+ZagPzzhVOI3mO3zXsWniwikUt3ptAu//pgmnzLtyM0OLH5NKAO3u0JfX6eMQP3Wmw2OPw1A50jtUA+/toExfcWCKWYu04uru93S59H0DfFFwpvye6Esq/i77A+/XFJXkUoxc9CXr71y/bb+yRkb6ctHfJrjJHVjuKg69ut6EQRpPYk7bSULoeD0ZhiZPgvSxLXElLNHrHzYo9eEX9WcSnIjSH65SJzLQr1PPHf/wCPCds+ +sidebar_class_name: "post api-method" +info_path: policy-subjectmapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +UpdateSubjectConditionSet + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","description":"Optional\n If provided, replaces entire existing structure of Subject Sets, Condition Groups, & Conditions"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional labels"}},"additionalProperties":false},"metadataUpdateBehavior":{"title":"metadata_update_behavior","type":"string","enum":["METADATA_UPDATE_ENUM_UNSPECIFIED","METADATA_UPDATE_ENUM_EXTEND","METADATA_UPDATE_ENUM_REPLACE"]}},"title":"UpdateSubjectConditionSetRequest","additionalProperties":false}}},"required":true}} +> + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectConditionSet","additionalProperties":false,"description":"A container for multiple Subject Sets, each containing Condition Groups, each\ncontaining Conditions. Multiple Subject Sets in a SubjectConditionSet are\nevaluated with AND logic. As each Subject Mapping has only one Attribute\nValue, the SubjectConditionSet is reusable across multiple Subject Mappings /\nAttribute Values and is an independent unit."}},"title":"UpdateSubjectConditionSetResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-update-subject-mapping.api.mdx b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-update-subject-mapping.api.mdx new file mode 100644 index 00000000..e6a1f8ac --- /dev/null +++ b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping-subject-mapping-service-update-subject-mapping.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-subjectmapping-subject-mapping-service-update-subject-mapping +title: "UpdateSubjectMapping" +description: "UpdateSubjectMapping" +sidebar_label: "UpdateSubjectMapping" +hide_title: true +hide_table_of_contents: true +api: eJztPWuX2jiWf0XrnXNS1QPUI49J2H6sQ9FpNhWKA1TOZkMtEbYAdRnJLcmV0Bn++5wrycY2LqBS6WyS1XyYDtK1Xvd9r67qo6fwTHrNt16PRzRYokEy+Z0ECr3CcUzZzLuqeTwmAivKWSf0ml6s4RrSwC0MWMN+Zr8aEHFDA9K4jEOsSLHPq3kxFnhBFBEw8UeP4QXxml6LM0YCVe8JrnjAo/prIiTlzKt5lHlNb05wSIRX8wT5I6GChF5TiYTUPBnMyQJ7zY+eWsYwEksWEw2pqIp2DE1YsvCab0+ual5IZCBoDDv1mt4ZmVJGkJoTdGOgEZ/qn3Y0FNvRvJoXcCaV1zxZrWob+xnSBeGJqr+SGzvZf+WFQW5dqDJQNUQZWkhvtboyp0Wkes7DJUwUcKYIU/BPHMcRDTRmj36XMNbHzRVxjTtAmgA6UJRI6KVhDkYqYRCbrpqGXs2bcrHAymt6SaJ/F1fdT5G4qnmWllqchRS6B0R1to5vPxgH6RdjSdS4YpYL/Q8cjRjqkzjCAZH6oMgHKhVls5Tc81MjGqL3VM0RRoy8R5yREUvHQVNKohAtEqnQhCCMbnBEQ3R52Tlrjti7d+9GTNI/yYGaU3mIfvoJHaN//hPBr8YCq2BO5MGDt8f1Z7g+9eu/Xn18uqrnfz66y8+T09WDQzvpiME54gBWKXMnh4XASyA7RRayCquckYup5sIifoNEKr7YhgMLsUmNsSABVoDZVQX0mnnfpo1XwDTF6aXCLMTCEEGK9LRty5S1jeVa/vYGQ7975vfPxn5r2Lnoji+7g1671fm10z7zahu9Z+1W/01vWNEz7PvdwavO0LvKby+3tvwGs+Yr4MQ7c1Bxmy8IAzlMQgQMBSweYoUnWBLAvRE6tw+o+1c1b0EUhu/yJ5u11XZwfSAILMBX+a9t4xirjSWvu5AkCk2WSBJxQwQ6IExRtUTv5xxZIPSeRhESJOAiJHp7mCGchFQhckOYOqxC7ge8iCOi9dcJSMaTxvHx8cNHx8cnpxJUVyaDQA/VQTzCGSRaLZW2YRurtrHu2rINC/QFtxHhCYkquTrdk4WoeTg04g1HvQJCb6OWGxwleo7iQfBUDMo5FwrlO4EbqmeZ4kiS8kgDJZJAIcVRwugfCYmWiIZwmtMlwkgQyRMRECOHs1nX46OMZPNc6Gv5d+t2KxfiM2TEJuDJojPADCl8rQ8gHTuVrftoGBhGEBRRqcBmsJ+imIgFVUAjQEFG8cgRM6tGwKCIC9Q5M+qFca1iyCJWS0SnYG3c0JCEqZ7RSkUrm5KiwVF0APK+huD/G3rcf/sJPXgAELqJhqahqD12SIbitlt8seAM7S05/g9p1Q68g0BzB2Cs1udkjm8oF1XHMTbMPp6kMLfrnVftoX/mD/3xZe/MH7bH7e7lq5LyqQRp//ew3b21t9/unfutdlEJVVnbfWP9beeJFYxStKp1g4w5k+bwT4+P4T8lJk6CgEhp7N/PYVXKoqdwfysUcK6UoJNEkdeaTnLYzHrGhoTKFASGop/CIP05An+HhEjx/0D4GjfRyBvOCWobuaH/E5EFYWr94cjbyRx3NgVmW02BbF+Vm73/aqy1IWMcFKZYN5bXm/WkLtRnXM3dzmYvM2lD/0uNchRjoTQP5chCe1+6UdaQTOIYFONkidZb9hM17yLMwhEoGDyJCJqS0LrUsKbpH2zbkqDbGvc3RZSalvJqTTOsISRTnEQKJUzRCJEPwJhURdChgYom84TziOB9VIEzEp2R+G0ZiTVvJjBTd3KN7y4VE0G3AUH3hvkZhoJIqc1E9NIfIMrAaQzIiF32O5uBhv45OiCNWaOGHsyVimXz6CgkC94I+OLowSGa8iji742FmTsISWaglGQDtXEwT3+a0aXCQoF4QoSlgQ+GcBTPMUsWRNAABXMscKCIqGnTGJQ9pgzNl/GcgNirBoYOFiIZYTknslGwW7NgyP/qXfzSPDp6i+t/+vX/Oa4/uzpY/3s0Go3qVx+Pa09OVjmIw18OoKdxx48OfzhoQgjl6u+HvxwcNX44/OVvJSM4TiYRDV6SZZ7rTeP4miy3xB6aGn1wPnN8Q9AiiRSNI4KuyRLFmApZIThvjb7gYE4KwQ/bUp7erEzPYTC3xjllRiBQzhqolQgBGI8FmRIhSJjGNHdK82uyvAfXxGRrDAm6a94CfzgnbKbmXvPpybPTmregLG04Ke/4w+PjZ8gfdBsnyBqdID577VeIsBsS8ZjUUCITHEVLwOf1dr691gZEbgEPd0zvW1GEzFCpPKJEoCkX2gEDbGiFHWkLlnGtQaw/cHyV9ymj2aZAQNeMvwcGnHFB1XyBYO0pXxa4eh1GR4QFPCRhY8TQkBuWroGhJcFiXYIEeSckbp4eP3r6Ti+0P/DrYBOF6L0w1ra1UN6RoClJEJ8+fiJODGy7VQKtoUmi0IILggyNyXQWHII+wxIxQmA9Wxyjl/5g3Lt8ft5pjV+234z98xdVvtFtUP2BP4bd7AB5dPzsyRaQdms8aLd6p4+f9E92gz18+mgfsMenJ/2Tomf2EsteJljupALX8mXEkK9FTI7ntXzlC4KwlDyg2rRIlZ5G3TQRak5ESqZBZnNmDADsvcs1zsdxUzlUiOOaxoo4riALrrYa3BaivO9rLPMbTUSE6msdLykLiJa1OJIcCE8QJSi5AcFGce7L/1dq9Mtp0QrduarAaZ5IbKOOhG+PwxizbqgJJhf+161jTUdlagEf3BqD1sF86Q+a6KDTHbb7Xf+8hiCcAv+qtKzTFMHFZb/VHg/f9Nrl9ECuJx2z1JxOAFwA1PvyXnrzGsvL7cbkNZbjKoMSjgLIOz0HskS+jtKggXZHPsXIgTFzzJgbWs0xMFbE2UyCnW6PfqdVkWm3gj+bNd6OI//8xUW/M/ytrCfW7TnNUGy0umDd2G6NQfRvtD18+mij7fHpibeRIh4Yd5+ERhiny5eNPS0PQMVuA2l34PIay+35UiCWilAJ4LVztoVUcjw9oOB9vtSEvSOaWJxXa5jyzC+xNpNkXnFpmakNKKCgT43V5OLxl8ZSM4H1TCxkHtZfHvN2gRAXCPm0QEjBdiRLw5WWKe9kPm7wNOqTGZVKLPNGoI2N3G57ar4xUNbNIesAZwNdSoJSVtfsRXBoZKDTg04POj24RQ8Cx2xwFByI4Fy1iPhLQ5Z3S53sFcspDghhGSONUQDrmkJi8O6KN7t9lUI0nO51uvcL6N5Wjmj35XVg3HGgOXfjziPnBUYwrB/MIQoAwkckUu0h5j7JLs4yrii9CSaSqOBg69+3fwbdSKufLVppOOx3nl8O2+P+5XnqGG8G9W4F88/Pxxe/boXovtkB8Vun3ff7rd/eaE9ck8cny1AvoCJIIiwODnPn+9reFtiPHuwKXArq646duRSUS0G5FJRLQbkUlEtBuRSUS0G5FJQLvbnQ2/ccenMpKBcGc2GwbzkFlQWntqSgvr7L9U4zO83sNPOupNimVs5XDTm96fTm16s3Cz4nZFV2+ps3WW3irnW6JMJXHP1wSQSXRHBJBJdEcEkEl0RwSQSXRHBJBBeqcKGK7zlU4ZIILhjigiHfchJBb/qbSiAUX8n6zJdbNx7rvct7LcW3g5vIR/ZVYSwlnbHcg6toQNSBPARdi3MP42UR3hHTeEF/t6/nAWzAFxPKNkz/9DHYRXoe5WVZAGQBXA7GGTbOsCkZNua9P+163Feu7Bdjdk+MOYvkO3ti7C4vTe6vmHcwMhGLfTjVnmyO9c2XOqPEkzi/WtPwWZ+J3C79MrAqGViojEyDTWBJQIdeKsjHDFOZFfCpjhcMGxgPSXtcqZ14+1Q19H5Og3kWnTOUNGJg1xSLOp2b5oTiVygUyznrPNtaLtoe7Nz84w6WRawtgV4A80iERY6XQxTwKCL2cWw+ReWv5IjlwioJC4lAOOVNw44wWKNgBvWLVkwpeFsS0ffblUQH+BqnJlmLMyV4tN5FG3JZGkxDtfrtQziAEZNa5ySCyPTB2FScWYmSPwypo+alZ4ilV4hS25ByXvTxSURn2lX6i+24nS8Bf9Eadfe8r3ve16mZr1TNuOd93bUody3KXYty16LctSh3Lcpdi3LXoty1KHctymUPXfbwW88eumtRLhDiAiHf1bUo97yv04NOD7rnfYuxHPe8r9O934/u/Yaf973307b7pTzWaeQ8heZaP99Npv1L4JWgsxkRX2zrG9e51l2f/T6Xue1cTgNXHvSt2YVEKr5VlluI2w3CgkrMoAsxQdNYERME7yvEopDeyNq2TLklcDP0u2d+/2zst4adi245eFPqPWu3+m96w4qeYd/vDl51hsXgbW5t+Q1mzTqidU/N++L+lxZc2t5pzO8tbX+3eX1ma0EALRZ7EGhX+Lr4Z8+/4PVbnaP8oO6TQS1cvYWfOzk5ooSp7Z6QgTHOUD7feQfjqE/+SIhULbvDonSEdd7t8txvPAolMpdr9Yg2h6htpLVCRdMkmtIogsxLPoaRHrQTg04MfodiMF31RcYIQ2Pk7u2XZEbx3jcOHR85Pvr++ehT/1iL4yHHQ46HsijPfuyTrzpw6VfHPV8n9+wOwdoXA1qcGagBKaAnfXEgSPvHkmxiCnwdQRKpS0IGmyPqah9TeaLrC+kNYeVCn89ShWmXOyD3yTZlezWlXJ9hoHuMYXfU/qCIYDgaECgj4+L1rhByijhiPxxL+2UWGCjV2qAUQLupGE0piULzZAiCQASaRlgpwkiI2ob9+hDRlIQp484eyCSYIyxHDE0FXyAa9o7Oz/zeoQ4xxxAV5KIQW07bqsiJwMxm4BTOVKRGpWj8Zgz18vl/tVvD8Su/1+t0X4wveu2+P7zoV13K3Q7b6e4E6V4M9wHrdMeti+7Q73QH+lpdCauv981vZJtdUNYxfScV74NkSLdGXgG+fNoRlQqONuCLGAsqOTNYX6dzBZFQfAWVHXEcLW0J34ihHUS2F92MGDqwIuOwlqLdXFiFuTMiKWSzUsYqR7K3MUuOCO8Wz/lhxHyUTQm1aJRBsaL5O5F8in7MHtdBWOlVr/f8IGMrDfBgxCJuLi//jH5MF/Qz+jF9uSU9SouDn0uRoVSelCnAlrxdVLCZ7RpvZTcLlGc7fVsfB4LLLJi1nv025mtddM86OgXx/OLivO13b/3LmNsg/e4uiIt+MbXRKsjsElmUD+du6PdzxbuA7WwquUmt5bNGseA3NCRhJRrHM6NgtrJnVn6zpsBcifF6Bdri9btnKOIzGhRvemRa8W53rm7duV1B1dNEkqhN6nS+o7N+vzffcZ/k9p3sPpfkdkluJxWdVPympWK6aj+9yvMZs97Fa0Kbl9Lg8qvty72zCCRibBO40W3KMnLPIzomdEz4vTLht/LAaW7Jl5pqigvvExlzJneltlYrjR/9UAzgsrifthDa9bWl9rpkIYZnZPQajn6X5iqiDOZkgfcJ7YWVOj5Puoyr8ZQnLASSTY2fAAq2Im0fJUwXyINNyHQ17xiLWaKvg8BGcBhRRsbkQ6Bvj8DzVNmAUJMvCA6XY/KBSu1x6YOX8BLCOCSM2tJmW2tKPsxxIo1ZNsU0IuEYDLVcGAVPdN0D2KGJGvPpWGA2I3qVuk4AlqW7KTMBCt2FbzCNIOoLK8YKjyMupelJ1Bzo1xiDG4UWus5VYZVIBEeZvisn5zyJQl3gDCogWaQByCl6O+N8FpGGiINGi4fkaqOhYeS5lHhWiZuycxsS88yCqE9xAPRMgEaQHWFzSZShNptFVM4byGdLlMhbPs19A8GeiP4J7AClz/aRBwgV5Jc/0CfRCInCNJJXW7pMWLaGuMgNbYMP5iZUw4gpAN9NxiotTS4c1bYrypnoBfY1xVchmSSzqrmquVWJZEteAno382W6vlxq1SEmVAkstM6h9gDSc8dQtmRL1tF/6gCWrmcyw02ICWTpdlsiszlIIyf2LR5iwRWfJNOGz5blOCQDAZgKl/23pL8wKxFEJYIZNNoBmyitgg9MA1ACVPSHPJBHM36kyU0e/TuA1UUhnuqtUkmYn69Krnra+pnzEG7jcampA8PdOe8o1qK+YQ0nay41ip9DSRENyNEtQxuTQGqHNhGR1/Q+xhFWQD9tFsacMrXaYMq2EZ/oIiZsePYrSr+AAjh4lEwnGLLDSXsbmhXmZgs3WFCQSObOYWlGoxesitjsXa3AOZQkSARVS6/59qrmgWawFwSf83BpV5i6jd7DKX76ePrkUf3xP07+UX/0+MlpffJwGtRPg2dPHk6fPMFTDPVoFWk2uNa45qssYPB27fGv+THvhm/1n2H9eZM2s4lWOVvXYOw5meMbCrFi71V76J/5Q3982TvzhxXh2hXI/Skv3N+sIpENhAJC7Ps8Te/mRFdfcakWWGtb4ynfRpyFkTLpAncjAfOUmYeqtJQzdPu2elHVdOvVque9qnmakppvvY8fwaW/FNFqBc1/JERYokiJDH6tat6c4JAIjbuQ6ixoWG1WfVzbH95B34YnDtHaBi7uDko3MylT74EYCnhUf529eGTFtKdJZP+p95tvSBeEJ6r+SpZnyuBgvPrQPGSRQmyYVesvoBgxVlthr3JCqXcxgLjPhIe6rnWhbS5P4Pdg2uD3ZiPGGjZvtEAb0DybJdoG8MyY8L9/AdZM95s= +sidebar_class_name: "post api-method" +info_path: policy-subjectmapping +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +UpdateSubjectMapping + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"}},"title":"UpdateSubjectMappingResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping.info.mdx b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping.info.mdx new file mode 100644 index 00000000..2ed782d1 --- /dev/null +++ b/docs/OpenAPI-clients/policy/subjectmapping/policy-subjectmapping.info.mdx @@ -0,0 +1,41 @@ +--- +id: policy-subjectmapping +title: "policy.subjectmapping" +description: "" +sidebar_label: "policy.subjectmapping" +hide_title: true +custom_edit_url: null +--- + +import ApiLogo from "@theme/ApiLogo"; +import Heading from "@theme/Heading"; +import SchemaTabs from "@theme/SchemaTabs"; +import TabItem from "@theme/TabItem"; +import Export from "@theme/ApiExplorer/Export"; + + + + + + + + + + + + + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/subjectmapping/sidebar.ts b/docs/OpenAPI-clients/policy/subjectmapping/sidebar.ts new file mode 100644 index 00000000..ab8db364 --- /dev/null +++ b/docs/OpenAPI-clients/policy/subjectmapping/sidebar.ts @@ -0,0 +1,86 @@ +import type { SidebarsConfig } from "@docusaurus/plugin-content-docs"; + +const sidebar: SidebarsConfig = { + apisidebar: [ + { + type: "category", + label: "Policy Subject Mapping", + items: [ + { + type: "doc", + id: "policy-subjectmapping-subject-mapping-service-match-subject-mappings", + label: "MatchSubjectMappings", + className: "api-method post", + }, + { + type: "doc", + id: "policy-subjectmapping-subject-mapping-service-list-subject-mappings", + label: "ListSubjectMappings", + className: "api-method post", + }, + { + type: "doc", + id: "policy-subjectmapping-subject-mapping-service-get-subject-mapping", + label: "GetSubjectMapping", + className: "api-method post", + }, + { + type: "doc", + id: "policy-subjectmapping-subject-mapping-service-create-subject-mapping", + label: "CreateSubjectMapping", + className: "api-method post", + }, + { + type: "doc", + id: "policy-subjectmapping-subject-mapping-service-update-subject-mapping", + label: "UpdateSubjectMapping", + className: "api-method post", + }, + { + type: "doc", + id: "policy-subjectmapping-subject-mapping-service-delete-subject-mapping", + label: "DeleteSubjectMapping", + className: "api-method post", + }, + { + type: "doc", + id: "policy-subjectmapping-subject-mapping-service-list-subject-condition-sets", + label: "ListSubjectConditionSets", + className: "api-method post", + }, + { + type: "doc", + id: "policy-subjectmapping-subject-mapping-service-get-subject-condition-set", + label: "GetSubjectConditionSet", + className: "api-method post", + }, + { + type: "doc", + id: "policy-subjectmapping-subject-mapping-service-create-subject-condition-set", + label: "CreateSubjectConditionSet", + className: "api-method post", + }, + { + type: "doc", + id: "policy-subjectmapping-subject-mapping-service-update-subject-condition-set", + label: "UpdateSubjectConditionSet", + className: "api-method post", + }, + { + type: "doc", + id: "policy-subjectmapping-subject-mapping-service-delete-subject-condition-set", + label: "DeleteSubjectConditionSet", + className: "api-method post", + }, + { + type: "doc", + id: "policy-subjectmapping-subject-mapping-service-delete-all-unmapped-subject-condition-sets", + label: "DeleteAllUnmappedSubjectConditionSets", + className: "api-method post", + }, + ], + }, + ], +}; + +export default sidebar.apisidebar; diff --git a/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-delete-attribute-value.api.mdx b/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-delete-attribute-value.api.mdx new file mode 100644 index 00000000..3857f837 --- /dev/null +++ b/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-delete-attribute-value.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-unsafe-unsafe-service-unsafe-delete-attribute-value +title: "UnsafeDeleteAttributeValue" +description: "UnsafeDeleteAttributeValue" +sidebar_label: "UnsafeDeleteAttributeValue" +hide_title: true +hide_table_of_contents: true +api: eJztPWt327hyfwWX7Tmx98qyndfdVXOyVWQl68aRfSV5223kKjA5krAmAQYAnWhz9N97BgApUk8rzm6TFPkSCxgAA2BemBmAnwJNxypovA0uRMzCKbnkio6A9EDeshCCq1ogUpBUM8FPo6ARpAasnhmwuoV2wO7XCcSgoam1ZNeZhl9pnEFQC1IqaQIaJI72KeA0gaARtATnEOqDCym0CEV88CtIxQQPagHjQSOYAI1ABrVAwvuMSYiChpYZ1AIVTiChQeNToKcp9sSz5NpAaqbjLV0Dz5Kg8fb4qhZEoELJUpxf0AhOYMQ4ED0BcmuhiRiZn643krregloQCq500DiezWpL8+mzBESmD96opZncHfNKJ2sR1RaqRhgniQpmsyu7WqD0CxFNcaBQcA1c4580TWMWmv08/F1hX5+WMRLXv0OocdMk7r5moLCWRSUYpSXj4xLWLApqwUjIhOqgEWSZ+V3Fuus2ccDJ5eXpSb62Ba0QSyyzWjB6zzeNhdUbOn+ZxfGU/DOjMRsxiEiHJkD2Xv6zs49DLgxH9lgd6mSidaoah4fPcCdVSkN4fki1lofPaAGPVc8Pb7HV4TPz3/P9GuE455j9ARHRgsTiA0gSUgX1YDabo7yeObp2sypE/tZM8aoW0ChiOEEaX5T2YkRjBYsL8J/Nbue08+pvfxtwYsZhfEwoX5rvBxbHZCQBSJauWn8yEpJIyBTUyIcJCyckpJwwrqWIshCwSxqGoBRJqZ7gnOEjU2a0/slLRZDaKOP4G3uPzJSjxVHqA06afEpeN3vklaRcK0KVEiGjCPyBYc8TplZjfw24wiGNGB/H03wIXPDZoqgwBSoVXFkifnh0hP9Vl66XmQlZpv4SrGKIw4C57b91YvDeHFZFfAwcpTNEBBkORUBENb2mynBRQbllTOaF98ZmVgsKbikPMS9cxLeoyXn/C2Kz29pYgb2+Q1O/2GWmLJOnVGrDliXyNCLZFKoaUVmaCqnJ9ZTMp9zM9KRDKEcRBZxex0BGEDntekeph7saanZb3VJbsoitLUYcIhjRLNYk45rFBD4iYTNtOMcA4SrNN+BaiBioGSsBTXHVyqMVZdt2LJSAHTd1ubUrHFK9hO+8iigwa6dA3oIke8A101PyYSKIA7JyQEIoZARmc1EsZRHTBG6B6/05dsU6wkeapDEYc+cYmf24fnR09Ojx0dHxQ4XCttBeEdVwgIoV1yBLo+VpuMJV05hXbZiGA/oLpxHTa4jVKtGVz8lBrFM66wnzNlfb1YUQqe2EqAnyQrkS5fQOqq2nZRZq5LyMs/cZxFPCIlzN0ZRQIkGJTIZgtUYx6rx/UpDsrBaMjbIpTYdKSadopmlIVq7P7lIxk2wTEFYvTrEZRRJ1qhgRapQi40pTHsKAX3ZPSZIpjWqPklsas4hcds/IHtTH9Rp5kJsuESSiHork8ME+GYkYLZEIya+0EArGCXCt6qRNw0n+0/auNJUaxRMB7jQwEmOcTijPEpAsJOGEShpqkDVjEzhNTybTdAIo9lYDYwWPiIqpmoCqNwb83bt3A47qvZ5QHU5A7T34HzOLnxuHh2/pwR/Ng/8+Ovjpam/+92AwGBxcfTqqPT2elSD2f97DmvqOjfZ/2Gu8xT//vv/z3mH9h/2f//XBvsNrYCRfml3HLHwN0zLX28LhDUxXWOSphBB5umG2D9dnQm+BJFmsWRoDuYEpSSmTaoXgFBzOR+ZgtCBCaTiBqCI/bcni8BYzM4bdufmeM24FAhO8TlqZlLjjqYQRSAlRftDZKs1vYHoPrkkh2cQRWF0LEvrxDPhYT4LGj8c/PawFCeN5wfHijD8+OfqJNHud+jFxRhuKz4v2GwL8FmKRQo1kKqNxPMX9vNnMtzfGgCgh8GjL8E0niojtKpdHDKSxn43tinSCgi4e49BcGA3iDp9HV6XDAUIsD3DDxQdkwLGQTE8SgrjnfFnh6vnZmgAPRQQRWtd9YVm6hoaWApLQKUqQd1LRxsOjxz++M4h2e80DtIki8kHSNLVnBrRQ3kHYUBCmD588lccWtt1aAK2R60yTREhzaEioVvkoNEJ9RhXhAIjPKj1mFyJ43ewNLy5fnJ22hq/bvw2bZ6+G7c7lm+Flp3fRbp2+PG2fBLW1UN1ec4iz2QLy+OinpxtA2q1hr926ePjkafd4O9ijHx/fBezJw+PucXBVPgW+puqiECw7qcC5fMGDkxExJZ438lUkUD5D5UrPbN0ok3oCMifTsLA5CwZA9t6ilsszKeRQ+dDqCq/QI1LlfwmJ0BsNbgexOO8bqsoTzWRMDuY6XjEegpG1NFYCCU+ClgxuUbAxWmr5/0qN/nVadIXunK3Y0zKRuMKr2Wb3xqwWWLOubwhmrgFt6dDQ0SK19CdAnDHoDpivm70G2Tvt9NvdTvOsRtr/Zf9aaVk7idQ7v+y22sP+bxftBSlUrsn7XCjOB0AuQOp9fS+9eUPV5WZj8oaq4SqDEpcCyTtfB5iSpnXb9Mxx5HOMHOyzxIylrvWEImPFgo8V2ulu6bdaFYV2q5xni8L1e9Q8e3XePe3/sqgn5uUlzVAtdLpgXthuDVH0L5U9+vHxUtmTh8fBkt+4Z4/7EFlhnKOv6ne0PHArthtI26SzIbfTzYNRNVzhKsF9nftjV5BKiad7DE+frw1hb1Zhs+q4RsMsjvyaGjNpjfMPKehzfTXnTkegs9laaghWEgvFCesOjo5q1y2RJIIT7wjxjpA/2RFSsR1harnSMeVO5uMST5MujJnSclo2Ap1vZL3tafjGQrljDswdnHVyqYDkrG7YC2hkZaDXg14Pej24QQ8ixyxxFC6IFEK3QP6pLsvdQid38uVUO0S3jJXGJES8RhhY213x5jq9UL11r3u97v0LdG+rRLR35XVk3GFoOHcpV0GICiNY1g8n6AVA4SMzpe8g5j7LLq6mMxgJk8WVA7b5vb4ZVhOjfjZopX6/e/rist8edi/P8oPxslNvLVjz7Gx4/nIjROe3LRC/nLa7zW7rl9/MSdyQx2fL0CBkMsxiKvf2S+ub5zbdjR4cBj4E9XX7znwIyoegfAjKh6B8CMqHoHwIyoegfAjKu9686+17dr35EJR3g3k32LccgiqcUxtCUF9fcr3XzF4ze828LSi2rJXLt4a83vR68+vVm5UzJ0ZVtp435xcHt+HpgwhfsffDBxF8EMEHEXwQwQcRfBDBBxF8EMEHEbyrwrsqvmdXhQ8ieGeId4Z8y0EEM+lvKoCgMrPjb+wh5k/2BdHqi37lCeY1w/yVq+pMV70xltA0NW8p/RuhN7RBBkZ2ty0/mf9iMLZo0XAQbJFP1RzdLRaZXbmW4BaqBxVh4KqHYV4/VLAsF3Be+E6aecmpt9zjfJKGvsbsFpZeY/sij3A5dHtwH39gMddXUmTpl+joHn24GbU/apCcxj2IIdRC/rrNO5pvHLiGQ+VariFNSnIAIwYoGTGIIysKiOBYEFOtgUOUE2cXhYgCrs3Rk+ypLJwQqgacjKRICIsuDs9Omhf7uDH27Uwhy7RVlK0iJ8CRbcc5HGp6CbE96G6w9S9f/Ee71R++aV5cnHZeDc8v2t1m/7y7ygexGfa0sxWkc96/C9hpZ9g67/Sbp52eOUUs7Oqvd03JLyabMH5q645nGzbdZdpX4BdXO2ZK49KGIkmpZEpwu+tzfSBBoVRGR3aaxlP3nuGAky1Edie6GXCy50TGfi3fdns+x7ELIqlcQskZa+EgupFZSkS423OSPwx4kxRDopJiHBQ+t4X3P8SIPCuUJqHaYD2f84OCrQzAgwGPhfXVPCfPcoSek2cOdZIvpduD52VlXpInixTgdOH5CjZzVcON7OaAymxnnJM0lEIpM6fK6OuYr3XeOTntn553hi/Oz8/azc7aGy+bIJudbRDn3aobrlWR2Qtksbg4u21/k4Qixj10j+AWQ6llal1ca3wl95ZFEK3cxuHYKpiN7FlEG+YUaPUSoRJKGJgzVrNzQmIxZmH1gFdoxd1MzLUzdxgEK0SPAr1Mnf7xRH/W+q4eT9zqt6Hhznbf2ohhprTY6EpyEOsPeRVpUEBX/Py2cIWfHz0qEZWVkGVRtmHIDQZav9k5aXZPhs2Wke4LJtlC7Um71f3tor+ipt9tdnpvTvtVTVDCrWIa5MXGS33PW+Gv7v+grpeKXip+h1Ixx7oZOvN8F3MDn1M35gUaonY7MZqm6Q2UTY1ctq7yebs6koJMmHaWmbNN0IllvdCJ9RN5JvRM+D0zYa/iFd2NGV1b4ho3SJO4D6NQpdjYfNQgh+mB3lP7iDwtMV7hDB1wezb+u+NOhA1Fcs34Us5CfopIckfuIlr5MbnEwT4i6yOyPiJbisjaD30YgfHXBES8DvU69LvSobvF+L5UKE6DTHYIApRY37Y0qfDo/SxhO3bu0PszefEU22bpV4CtkoGVJ90WP49kULUxHrdThRXwuRkj1m1tUjtMqkge0Fg/VP6hpzyt0FLSgKNdU32NzueXeKH4FQrFxcs2ZbZ1XLRb+KObs4izJcrRh6LzqBQpMDdeFlupAS/lg2U8AowxO9607IidVb8U161aMQsevQURfb9ZKbJHb2hukrUEfuMtns+ijUn4BsxAtbrtfVyAAVdG52QSVP6lq1ycOYlSXgxl0n0X8h4qUZRcHg3Lok9cx2xM75lH8EU+YXbPIXZ7XNN/l8x/l8yrma9UzfyZtre/z/kVX0Tx9zn9fU5/n9Pf5/T3Of19Tn+f09/n9Pc5ffTQRw+/o+ihv8/pHSHeEfJd3ef03yXzetDrQf9dsqovp9qh/y6Z173fsu79hr9Ldu9vct0t5DEPI5cptFT65TKZ7v52p5ZsPAb5l019KZ1rXvXF87lstvOqGfirXv6ql4/SewX57Ubp/+SrXv8X6bcmRvlR3yeCWkm9xZ9bWTtmwPXmk5CFsYehcrxzB+OoC+8zUPgkj5lhVVwinrslz/0i4qh4EwJ7dDFEYyPNFSoZZfGIxTFGXhbePzBoeLno5eJ3LBfPC0boWyP3zueSwii+c8ah5yPPR98/H33uV6Y9D3ke8jxUeHnuxj7lWwc+/Oq55+vknh0OQZdc0RGcQAwampXzZRdUKrjaplpmM4O4uaiBk6zOoS2leVvPpbqakGGK1zgMDx3+rqwrUIUTSOj2wyQmia5ayfKecqGHI5HxCPcyd7mFmDARG69cxk2CKp5gucmmG1I5zsxxDCdCo5hxGMLH0Jze8HpY0SHmxEqg0XQIH5kyDnLzsoPCTORhBJy51EKX6wUfJzRT1hk4oiyGaIjuwdI7jfTaxB3R+5npoRgNJeVjMFiaOB2iZaoZty8gmip6S1mMF3EQY6rpMBZK2ZpMT5BNrAtyKdBp8sw01ZkiuJT5vU41EVkcmQRDdDxkSf7C6Yi8HQsxjqEu07DeEhFcLRXUrSBUio5X7s1ienAENs1ZHoxoiHm7gDRCXA/LKDFO2nwcMzWpkyafkkytaVpqg69JxuwPTOXF1EOXZI1n8zL6PbMS9Qg0ZbG62lBl332tESFLXbvXDa0nom75F8G3k7HOUwMXry6vDREUMgnfB7HJDxFcZ+NVY63mVi2zDXIBa5f1lcnvVEamymumJZVGGDO3APm6U0wbcCmj5N9NurfJJ7DdXYP1iphyF6Je7qRekoduH1IptLjORvUmny4+dMrxuZNcuNx9SqaFxUSCziS32+g6bJA8CzW0BUgJmFEbiVAdjsWhITd1+C8IdiArD7YGs1wSlsdbL10DYzxMRIQ+MaEMjVD0YAWHqXlRpp6ZtnXbBQbyWQiHGzu0elKZEEom46ARfEpjqpF22jxKBeN6tsSQbSs6yXkKvH/ykuQtMPkELwSa14uLhclr64YNJhbxWyoZSiPr71sY0eoEpx6Wa2czDEcoCDPJ9DRovL2qBagVnHPuhYimDsM8UBE8GtEfn4yePj548o/jfxw8fvL04cH1o1F48DD86emj0dOndEQxF8Scb0q8hfdJKp7I8jIvLQtOy90waQS3xyZ/QCidUKOvbIRj8/ZW+iu4FH18uIqM2wtXRlrYnX8bbNj5oLZptKtaYPai8Tb49AnDMJcyns2w+H0G0i1rvk34a1YLJkAjkIZYImYeKY9WG9+f5to72Os6H+k+mZtW1Tlh4lHBowcXyMShiA9+Le7rOCEXBBhru/vQdxuvzxIQmT54oxZHKuCwv4O+TcPOIZaMknkLTKVJ9UbYqxIzX5z3MFZ3LSKTlZUYiyWQ9AMaBvSDnYg17ewNAyz7FMSUjzOjQQPbJ/77XxHjED0= +sidebar_class_name: "post api-method" +info_path: policy-unsafe +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +UnsafeDeleteAttributeValue + + + + + + + + +/attr//value/), normalized to lower case."}},"title":"UnsafeDeleteAttributeValueRequest","required":["fqn"],"additionalProperties":false,"description":"WARNING!!\n Deleting an Attribute Value will free up the Attribute Value for reuse, which can introduce an access path to existing TDFs containing the deleted Attribute Value.\n Any KAS Grants associated with this Attribute Value will be cascadingly deleted."}}},"required":true}} +> + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false}},"title":"UnsafeDeleteAttributeValueResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-delete-attribute.api.mdx b/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-delete-attribute.api.mdx new file mode 100644 index 00000000..0d8909f8 --- /dev/null +++ b/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-delete-attribute.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-unsafe-unsafe-service-unsafe-delete-attribute +title: "UnsafeDeleteAttribute" +description: "UnsafeDeleteAttribute" +sidebar_label: "UnsafeDeleteAttribute" +hide_title: true +hide_table_of_contents: true +api: eJztPWt327hyfwWX7Tmx98ryI4+bqDnZKrKSdePIvpKcNrVcBSZHEtYkwAVAx1of/feeAUiKpGRJjrNpkiJfYgGDxwDzwswAvPU0HSuvce6dipD5U3LGFR0B6YG8Zj54FzVPxCCpZoIfBV7Diw1YPTFgdQudAqe/DiEEDU2tJbtMNHg1L6aSRqBB4kC3HqcReA2vJTgHX++cSqGFL8KdDyAVE9yreYx7DW8CNADp1TwJfyRMQuA1tEyg5il/AhH1GreensbYE0+iSwOpmQ7XdA08ibzG+f5FzQtA+ZLFiJrX8A5hxDgQPQFybaGJGJmfaW8kTnvzap4vuNJeY382qy3g02cRiETvvFcLmGw+81Ind05UW6gaYZxEypvNLuxqgdKvRTDFgXzBNXCNf9I4DplvtnL3d4V93S7OSFz+Dr7GTZO48ZqBwloWFGCUloyPC7NmgVfzRkJGVHsNL0nM7/Ksu+kmDjg5Ozs6zNZ2Tiazmjf6g68aBatXdPsmCcMp+WdCQzZiEJAOjYBsvflnZxsHywciZv0YtidbrA51MtE6Vo3d3Ze4kSqmPrzapVrL3Zc0b4RVr7ZrhCOSIfsTAqIFCcVnkMSnCurebDaf6VJG6NqNKRH0uUHqoubRIDBTouFpYd1HNFRQRfk/m93OUeft3/424MQMwfiYUF7A8DMLQzKSACSJy6ts8CAjIYmEREGNfJ4wf0J8ygnjWoog8QH7or4PSpGY6gniCTdMmWH6h28UQZKijONv7DwwaAaVQeoDTj7QMAFFEh6AJHrCVHWOl4CL59OA8XE4zXrCpk0+Je+aPfJWUq4VoUoJn1Ec5jPDOW3emTfDnSnLEFOgYsGVpe6DvT38r7zOvcQsguX2r8FDOTUZ0JRUaEFOPpAFZzUvp+DiEPPCKinlNRk7fsXZVMcaA0c9AgFB+YASK6CaXlIF2cRXdWjqq10myrJhTKW2DL2My1WNqCSOhdTkckrmKDcTPekQylF2AKeXIZARBKmu21AczWoe9TW7Lm+pLanO1hbjHAIY0STUJOGahQRukKSYNjRrgHCV5htwKUQI1IwVgaa4asXR8rJ1O+ZLwI6butg6LRxSvTDfeRVRYNZOgbwGSbaAa6an5PNEkBTIcqAEX8gAzOaiEEkCpglcA9fb89nl6wg3NIpDMMbHPrLZfn1vb+/xk729/QOFMjFXKAHVsIO6DtcgiYNFNNLCZWjMq1agkQJ9QzRCegmhWiY0MpxSiLt0w92EeY1iF8coL4SIbSdETZAXipUoIe+hgXpaJr5Gzks4+yOBcEpYgKs5mhJKJCiRSB+spM5HnfdPcpKd1byxEfAFdKiUdIqWk4Zo6frcXyomkq0Cwuoqis0gkKgBxYhQo4gYV5pyHwb8rHtEokRpVDiUXNOQBeSse0y2oD6u18ijzJwIIBJ1X0S7j7bJSIRoKwRIfoWFUDCOgGtVJ23qT7KftnelqdQongjwVOshMYbxhPIkAsl84k+opL4GWTMaPNXLZDKNJ4BibzkwVvCAqJCqCah6Y8A/ffo04KhS6xHV/gTU1qP/MVj82tjdPac7fzZ3/ntv58XF1vzvwWAw2Lm43as9258VILZ/3cKa+j0bbf+y1TjHP/++/evWbv2X7V//9dF2Oq+BkXxxchky/x1Mi1xvC4dXMF1iJMcSfOTphtk+XJ8JvQYSJaFmcQjkCqYkpkyqJYJTcDgZmbNKRYRSfwJBSX7akurwdmZmDLtz8z1n3AoEJnidtBIpccdjCSOQEoLs7LFWml/B9AFcE0O0iiOwuuZF9OYY+FhPvMbz/RcHNS9iPCvYr2J883TvBWn2OvV9kppLKD5P2+8J8GsIRQw1kqiEhuEU9/NqNd9eGQOiMIHHa4ZvpqKI2K4yecRAGmvX2ItIJyjowjEOzYXRIOl5cO+iYL4jxOIAV1x8RgYcC8n0JCI494wvS1w9P+4S4L4IrEXbF5ala2hoKSARnaIE+SQVbRzsPXn+yUy022vuoE0UkM+SxrE17dFC+QR+Q4EfHzx9JvctbLtVAa2Ry0STSEhj4kdUq2wUGqA+o4pwAJzPMj1mF8J71+wNT89eHx+1hu/aH4fN47fDdufs/fCs0zttt47eHLUPvdqdUN1ec4jYrAF5svfi2QqQdmvYa7dOD54+6+6vB3v8/MkmYE8P9rv73kXxnPaOqtNcsNxLBc7lCx5WjIgp8LyRryKC4rklU3pm60aJ1BOQGZn6uc2ZMwCy9xq1XMQkl0PFs2VaeIFOijL/S4iEXmlwpxBVvK+oKiKayJDszHW8YtwHI2tpqAQSngQtGVyjYGO00PL/lRr9dlp0ie6cLdnTIpGkhRez1V6IWc2zZl3fEMxcA9rSoaGjKrX0J0BSYzA9YL5r9hpk66jTb3c7zeMaaf+X/WupZZ1KpN7JWbfVHvY/nrYrUqhYk/VZKc4GQC5A6n33IL15RdXZamPyiqrhMoMSlwLJO1sHmJKmdbL0zHHkS4wc7LPAjIWu9YQiY4WCjxXa6enSr7Uqcu1WOs/mhXfvUfP47Un3qP9bVU/MywuaoVyY6oJ5Ybs1RNG/UPb4+ZOFsqcH+96CK7dnj/sQWGGcTV/VN7Q8cCvWG0jrpLMht6PVg1E1XOIqwX2du0iXkEqBp3sMT5/vDGGvVmGz8rhGw1RHfkeNmXSHww0p6Et9NSepjkD/r7XUjCtyLhbyE9YGjo5y1y0RRYIT5whxjpC/2BFSsh1harkyZcp7mY8LPE26MGZKy2nRCEx9I3fbnoZvLFR6zIG5g7NOzhSQjNUNewENrAx0etDpQacHV+hB5JgFjsIFkULoFsi/1GV5v9DJRr6ccofolrHSmPg4rxGGtO6veDOdnqveutO9Tvd+A93bKhDtpryOjDv0DecuJBEIUWIEy/r+BL0AKHxkovQGYu6L7OJyioGRMElYOmCb33c3w2pi1M8KrdTvd49en/Xbw+7ZcXYwXnTq3QnWPD4enrxZCdH5uAbit6N2t9lt/fbRnMQNeXw/MvRBoXnPZ9JPQiq3tqu+Fdy6tX4Vyyqb8JILln3HXj4XLHPBMhcsc8EyFyxzwTIXLHPBMhcsc05C5yT8mZ2ELljmHHbOYfcjB8sM0isCZd/fFQCVmB1/bw8xf7EvKPeAfchdVFXf2NDSTRXT8q0j05xENI7NhY1/I/SKNsjAyO625SfzXwjGFs0bDrx7ud7WWGR25VqCW6gelIRBWj30s/qhgkW5gHjh1SlzXaS32OMcSUNfY3YNvLoQX+WmTzrdHjzEH5jj+laKJP4aHT2gjxSj9o0GyWnYgxB8LeSHdd7RbOMgbThUacs7SJOSDMCIAUpGDMLAigIiOBaEVGvgEGTE2UUhooBrc/QkWyrxJ4SqAScjKSLCgtPd48Pm6TZujL0uK2SRtvKyZeQEOLLtOINDTS8htAfdFbb+2ev/aLf6w/fN09OjztvhyWm72+yfdJf5IFbDHnXWgnRO+puAHXWGrZNOv3nU6ZlTRGVXP2zq98+RjRg/snX7sxWbngYUSvDV1Q6Z0ri0vohiKpkS3O76XB9IUCiV0ZEdx+E0veI44GQNkW1ENwNOtlKRsV3Ltt2ez3HsnEhKka6MsSoH0ZXMUiDC+10t/WXAmyQfEpUU46DwTg8GmcSIvMyVJqHazHqO86OcrQzAowEPhfXVvCIvswm9Ii/TqZNsKdM9eFVU5gV5UqWAVBeeLGGztGq4kt1SoCLbGeck9aVQyuBUGv0u5muddA6P+kcnneHrk5PjdrNzZ1htFWSzsw7ipFt2w7VKMrtCFtXFud/2N4kvQtzD9PJ7PpRapNbqWuPt+GsWQLB0G4djq2BWsmcebZhToNVLhEoozMCcsZqdQxKKMfPLB7xcK97PxLwT83QG3hLRo0AvUqe7oenOWj/VDc21fhvq39vuuzNimCgtVrqSUoi7D3klaZBDl/z8tnCJnx89KgGVpZBlXrZiyBUGWr/ZOWx2D4fNlpHuFZOsUnvYbnU/nvaX1PS7zU7v/VG/rAkKcyuZBlmx8VI/MG3i7cNv7Tup6KTiTygVs1k3/dQ8v4+5gS+sGPMCDVG7nRhN0/QKiqZGJluX+bzTOhKDjJhOLbPUNkEnlvVCR9ZP5JjQMeHPzIS9klf0fsyYtiVp4wZpkvQtNKoUG5t3jjKYHugttY2TpwXGy52hA27Pxn9PuRNhfRFdMr6Qs5CdIqLMkVudVnZMLnCwi8i6iKyLyBYisvYdLyMwvk1AxOlQp0N/Kh16vxjf1wrFaZDRPYIABda3LU0qPHo/C7Mdp+7QhzN5ft9rtfTLwZbJwNK9seqLiWaqNsaT7lRuBXxpxoh1W5vUjvyJx9VDZW8/ZmmFlpIGHO2a8pU3l1/ihOJ3KBTLz3qel9g25aL7hT+6GYuktkQx+pB3HhQiBebGS7WVGvBCPph9+5RmvGnZ0byPWjKDumUrpuLRq4joh2GlyBa9oplJ1hL47Gs4x6KNSfgGzEC1uu1tXIABV0bnJBJU9pxmJs5SiVJcDGXSfSt5D6UoSiaPhkXRJy5DNqYPzCP4Ku+kftPbZ+7xU/f4qVMz36macY+fuvuc7j6nu8/p7nO6+5zuPqe7z+nuc7r7nO4+p4seuujhjx49dPc5nSPEOUJ+qvuc7vFTpwedHnSPn5Z9Oe7xU6d7fx7d+wM/fvotHv4shZGLFFoo/XqZTJu/3aklG4/NJ5C/DeoL6Vzzqq+ez2WznZdh4K56uateLkrvFOSPG6X/i696/V+k35oY5Y1+SAS1lHqLP9eydsiA69UnIQtjD0PFeOc9jKP0I+utFMOyuMR53i957jcRBvmbENhjGkM0NtJcoZJREo5YGGLkpfL+gZmGk4tOLv7EcvEkZ4S+NXI3PpfkRvHGGYeOjxwf/fx8lL3jtBkXXefZ1Y6HHA85Hsq9PJuxT/HWgQu/Ou75PrmnSORfqh5cvvl3nCjn8s1dvrnLN3f55i7f3OWbu3xzl2/u8s1dnp3Ls/uZ8+xcvrlzeDiHx4+cb57H6H+obwg5zew0s9PM6zLgF7Vygd+d3nR68zvWm6UzZxKuezOsyElnXNERHEIIGvIXpbqgYsHVupjDbGbwMGoJcS6j1JbSfJMndVkaQRuj0jIOmd3flU0hVv4EIrpeCaGzb9nCFreYCz0ciYQHuACZkPbR8A2Nbky4cTSi5uPGKzKkcpyYNC5EhAYh4zCEG9948vBZubxD9G1KoMF0CDdMGcvBvAit0KM8DICz1EWUntnhZkITZVXyiLIQgiFaFoXvO9FLI63RJZ7ooRgNJeVjMLM00g2nZaoZt19OMlX0mrIQH/DCGVNNh6FQytYkeoJcY1OXF9SD8RdoqhNFcCmz9yDVRCRhYBxFmLCYRNmX0UbkfCzEOIS6jP16SwRwsVBQt3JRKTpeujdVN28A1l0td0bUR/8rII2QtIfFKTFO2nwcMjWpkyafkkTd0bTQBr9CFbI/0SWLLqTUWY7SvDj9nlmJegCaslBdrKiy34urESELXadfRbIZjHXLzgi+nox15uIpLdWqqwW5iMJ3xa0RG8BlMl421nJu1TKBu6UI1i6qL+OnU0bEykumJZVGNrN0AbJ1p2hspa4/8u/GbW+sMNvdJdhsSlOeKvbFTuoF8ZjuQyyFFpfJqN7k0+oH0jg+k54Jl81RMi3sTCToRHK7jWmHDZJ5E31bgJSAntFA+Gp3LHYNuandf0GwHVn60Js3yyRhcbylgtUzZsREBGhNCWXIg2LQxduNzSP09cQ0q9vWaPkwH3bv6ssqS2WiaYkMvYZ3G4dUI8W0eRALxvVsgQ3bVmCSkxh4//ANyVqgoY7PB5pvHebLkdXWDfFP7JyvqWQog2y8qzKi1QSpUlisnc3QG6rATyTTU69xflHzUBekqbyvRTBNZ5iFoL3HI/r86ejZk52n/9j/x86Tp88Odi4fj/ydA//Fs8ejZ8/oiKLdbE5eBY7CaGDpTFFc4YVlQbTS+GDDu9435rBQOqJGS1m/zJ2bWuoqZ0tMBsYFZNxGyo14sPt97q3Yb692x0AXNc/sQOPcu73F+NSZDGczLP4jAZkuZrY5+GtW8yZAA5CGRAJmPmQaLD843841tbfVTS2KbTK3qsro4NEs58edU2RYX4Q7H/IYayrQPA9DJJsPvdl4fRaBSPTOe1UdKYfD/nb61nWeQSwYIPMWeNiI9UrYiwL3np708D7PpQjMuTUy1okn6Wc0Auhni4i16mxUCMtuvZDycWK0pWf7xH//C+PEGDQ= +sidebar_class_name: "post api-method" +info_path: policy-unsafe +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +UnsafeDeleteAttribute + + + + + + + + +/attr/), normalized to lower case."}},"title":"UnsafeDeleteAttributeRequest","required":["fqn"],"additionalProperties":false,"description":"WARNING!!\n Deleting an Attribute will free up the Attribute name for reuse, which can introduce an access path to existing TDFs containing the deleted Attribute name.\n Values under this Attribute will be cascadingly deleted.\n Any KAS Grants associated with this Attribute will be cascadingly deleted."}}},"required":true}} +> + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Value","additionalProperties":false},"title":"values"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the attribute. Use kas_keys instead."},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys associated with the attribute"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["rule"],"additionalProperties":false}},"title":"UnsafeDeleteAttributeResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-delete-kas-key.api.mdx b/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-delete-kas-key.api.mdx new file mode 100644 index 00000000..788963e4 --- /dev/null +++ b/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-delete-kas-key.api.mdx @@ -0,0 +1,73 @@ +--- +id: policy-unsafe-unsafe-service-unsafe-delete-kas-key +title: "UnsafeDeleteKasKey" +description: "--------------------------------------*" +sidebar_label: "UnsafeDeleteKasKey" +hide_title: true +hide_table_of_contents: true +api: eJztGWtz2zbyr6C4L8kNJcuO46b6VEVWcjo/5JHldDK2h7MilhJqEmABULbOo/9+gwdt6mndtdf7Un9JtLtc7Bu7i2dqYKJp+5ZeyYwnc3IjNKRIrlHNeIL0PqIMdaJ4YbgUtE0be/39/U6QM9DkDOdkeNXVd2K/7xo0orJABfa0PqNtWjixmqUTq+mlC8KFX6eYocEz0Gc4pxEtQEGOBpXV6pkKyJG2aVcKgYlpXClpZCKzxjdU2moUUW7VmiIwVDSiCn8ruUJG20aVGFGdTDEH2n6mZl5YTqLMx47ScJO9wRpFmdP27eGaFU8x5QKJmSKZeWoiU/czcCNF4EYjmkihDW0fLhbRmj4jnqMsTeNCr2myv+RLTLYKajxVRLgguaaLxb23FmrzWbK5PSiRwqAw9r9QFBlPnB8PftWW1/O6RHL8KybGOk1ZrxuO2mI5q9Foo7iY1KTmjEY0lSoHQ9u0LN3vZamHwYl3gtzc9E8r29oAWUT0YTf/h90MR1MkDzgnnBHQmk8EMmIkMVOuHfxd76lN7ugDzhuHd/S9OxD0jeI7zwQdl4q/eS5oUipOUqnI45Qn09djx5hJMdHV8VNjCt0+OHgA3cQnyIsMm4nM259an1pOqsXr4etpNPRuXUqH22CYoMx9RIExbuWE7KrmvhQyjat6/NIZXvYvv/7ww50g7iAuJgSc4I88y0gOD0i4IdoaEgzpXH4no9Mv/scjaIIiUfPCICOP3NTUTkAIacgYCcOKYjx33i4yMDZMmnRhtV1ObAfQhRTah9xRq2X/WZb6ukwS1Nqn4B8R2A/o0uTF665gvfEJ6P7ucAUdc+bC7D/nvkembQ7IcN4bouE8fptHJ5tIxc00XxE+hhfEVg7R2tmh5NLO+dfBsD/6x0V8c3l91ev2v/R7pzSqwYfXnfiodfxpDXjc+ulkCdjrxldHH9dhHz4dr8E+Hh3Se6/YtQFT6lWttIf+Fyqd9b7H16PO6OZ6RacaotMd9b/1lmHDwagz6p1WYl1IhqtC5Ra2TSRyXWDCU46aTOWjyy1XADXJQcAEGXmXyQQyIhVRmEuD79/Q4mJw2tuggwN3B5df+l/j4WAwis963+uoq+HgW/+0N9yIHPYuBqPeEvnN5/N+19LFg8vz707/ohxnPDnDedc81Y3g4bG1RWKe3jRFQrRRZWJKhWQMGhmRwhmlUHLGGSrCbcnNURhXKd5MxALzXZlk0RHNuThHMTFT2j7cKuFn0HhybAumZMiIV8w7TJCr3gUJV6etiTsquLWV4jMwuMFYHrHVWoPCM/2fWWv/yrOXyWyX2j91t6oNbj3PczQqWO1RQVHY66q6c5q2bjkosrNQcreIEahiX4q3GGnFYeEbd5LtBisPZXNSXWGEp6TKWpuG54Nu57xJrqeyzBgJ92GhUKMwq7Q+TZp7ud87pytFyifL/veYOPGorar5T0vfzr/Yt+75339DLaLQE2+ncviFu8VTPvlnuLS3UXuq2N3ttUZzPDeOia95aheHisRSowEGBurme4Gt2q0r81wKUsPvtk2iEAyyjqlzD8AYzBr/VxTRaGyfpFHNUJF3KAw3c/I4lSQQ+b5MYSKVjUouCAgCJeOG4AyF2VjifaPpxslDe8UdNlut1ofjVuvwSNuO8cWYDAw27EBhbVQWbF2NANykxitqhxqB6E9UI4MxZnpTE1jpFCi2Jd72gJpBVrozlg0hqzzTU6kMqSPfSu83sz/DCST14jaWMkMQdXU8ydbs7wtmG2XUodPPwY4pJJWlcJ4YnX7Rrp2XpQkjlXVgyu3s/jtzh6QcM6b/SqG/Uuj/lkL7j/17HLVrWPdz7FajBB4Lp3wKZWbWR92eUlL9cYNuUs0YO+JCSBO7WmDjoZoOEhAJZm4MKsWDkI9+QzeDjLMY1KS0TaILZ2AZFxjjU4LI3AevDCMKmUJg8xifuDY2XgpUOdd20xYzFNx9oFDLUiWWyRRKbRwwBZ4hiwsb8KH5svzGUnm8LE0s01iBmKCT8qV3dWguDCoBmUPBDHgG48zNVmAgzqRbJ5QCSjO1qWbrI1vfstpljx8UiTVlFLY92nd4Y7QpaE1GXFjb/dbtRMpJhk1VJM2uZHi/Bmj6mqo1TDb6ZlmCDmE4w8w6tZFCYhtgtDFCAod1kbggPTHJuJ42SUfMSam3fFr7xs2N/F/ICAhGfL8qXJNYF98P0k2GBnim73egfNmP7CT6yjrsg5KMozBNXwMs+dth7LGrplpEoZpsMOJru8gFqLk/bFxONp21OVvddmprPfBL6dWrTxjgQru6rMbcKFCuoPNggMruYFeEfoEG5Gcrjl+weXZj1H7Pa+FhY7rOpFkrX8EPblU9LtNmR8yXFovVLrsqLvur5L7wkig0pRLejYFhm1TrzcQDbCQkMj9gMtEHE3ngwk0f/M2SNRSGUQhCWXeVMEczlf6BwS06C7AzIj3Y8d5wsPG9wV+c/rGhVBlt0+dq89gTrJBcmMVadvV8HSSDAoXdc1ZfkJvheUR0mUwJ6BctXzaZLqanXuAZKG5Li18frJzoC3yo9evYhVvea0xKxc2ctm/vI2pL/PB1nR8krEYw+iGFTx/Tk+PGxx8Pf2wcfzw5aow/pEnjKPnp5EN6cgIp2AWZ262/pkN1BdZSh4tULg2TdYOvGcoqGp5T2nR2aBlYh+XgrqPwGLLRL0t8ak8Tf8ILVkh0g0/G+o4L16IpV3B8nN3uetei0SaN7iPqPN++pc/Pdotyo7LFwoJ/K1EFJ1ZBYX8touotyIYm49oi2OYFfd0+76q9yHuyTRe3ad718BXqI6X2yWr/o/c7b+m5aumkFzrLrzGyrF4p1vqZ1y86SYKF2Ul7XysZV4PrEY3oOLx6ueVpmyp4tD0FPHpFfGfpstPBnmkGYlK6y5d6nvbv322sGNg= +sidebar_class_name: "post api-method" +info_path: policy-unsafe +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +--------------------------------------* + Kas Key RPCs +--------------------------------------- + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-delete-namespace.api.mdx b/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-delete-namespace.api.mdx new file mode 100644 index 00000000..14e78310 --- /dev/null +++ b/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-delete-namespace.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-unsafe-unsafe-service-unsafe-delete-namespace +title: "UnsafeDeleteNamespace" +description: "UnsafeDeleteNamespace" +sidebar_label: "UnsafeDeleteNamespace" +hide_title: true +hide_table_of_contents: true +api: eJztGmtzG7fxryBoZyylR0rUKzanU5eV6VQjR1ZIKW0qsTR42OMhugPOeEhiNPzvnQXuyONDlJTXl9pfLAJ7u4t9Y7EP1LKxoe0req4yEU/IpTQsAdIHfStioIOIqgI0s0LJE07btPBgTefBmgG6BC5/vYMMLJyxHEzBYqARLZhmOVjQSOiBSpYDbdNjJSXEtnGulVWxyho/gDZCSRpRIWmbpsA4aBpRDZ+d0MBp22oHETVxCjmj7QdqJwViki4feUgrbPYEapAup+2r1iCiHEysRYFHo236DhIhgdgUyG2AJirxP0tspCix0YjGShpL263pNFo5z4XIQTnb+M6snOT5nC8geZRRG6AiIiTJDZ1OB0FaYOw/FJ8goVhJC9Lin6woMhF7Ve78ZBDXwypHavQTxBaVplHxVoDBXcFrMMZqIcc1rgWnEU2Uzpmlbeqc/73Ida9U4rUkl5cn7yrZzs1kGtHks9xEBbc3oH3vsmxCvncsE4kA7lGTrfffn20jsRkhsiWa0CSptYVp7+z8VVYbf9uOiMQzZOJn4MQqkqk70CRmBpp0Op0zstbOe0HuC/Z65XkeRJRxLpBjlp3XxJqwzMDyif7V6Z2dnH371VfXkngSQo4Jq/F/J7KMJBqAuMLLsGOtFiNna9KMiLcST9NEhElOfmCZA0MSpYkGZyAid6mIUxIzSYS0WnEXA2GSsDgGY0jBbIpCgHthPA8X794bgubEhMTfSJp7GXBSRgXP8oyuJ2tTELoi7iQHTWwqzPJ5RoByjhkXcpxNKrwo9ulyAPALplDSBNPc293F/xal2Hf+FMFVfwsHmJmJBy0NQdaC3K/2n8UDjEFi2AVO0J3QwTmzbMSM95QQch5H6PeXUToTzLpg2noN1SxnwVyMKwqlLRlNyOyEpONseoYqvZYEJBtlQBLgZWp4pvdOI8piK24XhFiuLHMblpEHDglzmSVOWpERuEclCuutxAOhlOYKGCmVAfO0crAMpVanNlt7SmOxBkTcsfWvy8Uhsyv8zreIAS87A/oWNNkCaYWdkLtUkRIo2LyGWGkOXrnod44LS+AWpN2eczeTI9yzvMjA5+oWGnarubu7u3+wu9vaMxhjZvGXMwsNTA0oA1fw1WOUi+uOMd/acIwS6A88RsZGkJl1blqdqYR4LNY+bpi3GJuQxqIgVBGQEJOiL9Q3MSa9IKL3rXaxRc9zUnx2kE2I4CjNZEIY0WCU0z4O2pTMqM7xk5nJTiM61kza+nGY1myChYaFfK18XhiH0GS02ASE28tH7HCuMWmohDBy2ukTIY1lMoZredk7IbkzFkM8I7csE5xc9j6QLWiOmxF5VSViDrlqxirfebVNEpVh7uVofjVBGBjnIK1pki6L0+pnwG4s09ZnHJA8yBKNMStSJl0OWsQkTplmsQUd+aRXpjKSTooUfJZcC1ymT5Mxk4Jptq/lp0+friUmsWbObJyC2Xr1X3+Kt+2dnSvW+LnT+M9u481ga/739fX1dWPwsBsdtaY1iO23W7jTfOFH219vta/wz79sv93aaX69/fbPr7ZLvq595CvcKBPxKUzqXh8WhzcwWVNTFhpi9Om2Vx/KJ2W3QHKXWVFkQG5gQgomtFkTOJWEj4kv7ZdCKItT4AvxM6wskw+ceRpBc3OdCxkCglCySY6d1qjxQkMCWgOvSvUno/kNTH6F1xSQb/II3I5ozu4/gBzblLZft97sRTQXslpoLZ/4/nD3Den0z5otUhYoGD7Pu98RkLeQqQIi4oxjWTZBfd5s9tsbX0DUGNh/gnynDEUkoKrikQDtC0RfoaGdYKDLxr7+UT6DlNen3UGtHEaIVQI3Ut2hA46VFjbNCfJe+eWCV89vhwRkrDhwrCMvVHDpCCtIAyRnE4wgn7Rh7b3dg9efPKO9fqeBNREnd5oVhS+VfYXyCeK2gbjYOzzSrQDbPV4CjcjIWZIrDSTYmKmoMI75jBkiAZCfdXksCIKedvrD88t/fDg5Hp52fxx2Pnw77J5dfje8POufd49P3p9039HoUahevzPE0zwBcrD75mgDSPd42O8en+8dHvVaT4Ptvz54DtjhXqvXooP6veeUmfNZYHlRCpzHl2tJOj7E1Hzex1eVA2HGqFj40qJKel51idM2BV2ZaTyrOWcOgO79RFqun2QWh+p3tXJxgHf6Rf/XkCu7seAuIZbPfcNM/aBOZ6Qxz/FGyBh8rGWZUWh4GqwWcIuBTbDal/9XafSPy6Jrcud0jU7rRlIuDqabb/XTiIay7sIbzDwDhtWht6Nla7lIgZTFYNkeOe3022Tr5Oyi2zvrfIhI99/hr7WVdRmR+h8ve8fd4cWP592lKFTfqXAuLVcE0AvQek9/Vd68YeZyczF5w8xwXUGJokDzruQAE9IJfYm+v478kiIHcdacsYbapgwdK1NybLBOL0X/ZFUxy24L99nZ4uM66nz49mPv5OKfy3livl7LDIuLZS6YL3aPhxj6V9b2Xx+srB3utehK57MfrvvAQzCu2DfNZ1YeqIqnC6SnorM3t5PNxJgZrmmVoF7nHcU1plLz6b7A2+epN+zNKWy6SNdnmGXKp8yXSaaeuHzM9AUUWtAv7dV8LHMEtktDpYZgtbAwu2E9o9GxiPpY5bmS5Esj5Esj5HduhCzUjjAJXlk65YvKxxWfJj0YC2P1pF4Elr2Rx2tP7zcBqrzmwLzB2SSXBkjl6t69gPEQA7/kwS958Ese3JAH0WNWPAoFopWyx6B/15bly55OntXLWUSIbZkQjUmMfCX4iPTyxFvl9FnqbX7JvV9y7x+Qe49rRvtcX0fHHcbec1fe3JVacITg+nGKXQAMPtoZ+xL2HnlOD0+8TzDs34fLB8LVV+Cu1kr/dm/A2Jxcp8S6OUllh4lykqMZVWkuxkI98w0nJ31j1I+G+C7OkOmxwwaMlzPjmZAwhPvYdx5pVEOIvVgNjE+G/k0eFVOAzoXBDviQgxRlS6vsMcB9ypwJj6MJExnwIVZCSgZxIr6Rz3fYwnd2qJKhZnIMnkufH5Atvy2kBS1Z5rfYLRMZPgAjx8yyYab8S7uTzNkUPdRXW6sJ1vc3LLMO5wj4bALBpMpl3De28GnZ5cR7A9rS1VipcQZNXcTNY8VhsLLQDGHYGDZeq5vltjSH0F7XjYTF2C8GtBFSYlhlSUjSleNMmLRJOnJCnHnk09o3mYrLIRLf8iqb+5gb6+z3vSSaHCwTmRls2CKJgIxHROka6tHEY4wzAdI2Q+hA8KfN2FYtqQVRTaMyCK0R4iwcjoRkoejmMHLjdbTWe6sf3Hg0JIS5ruVrqu8rGh/O9UhYzbTPA6IUQCV3huVq2aokf/fPDL6ODehGYMKoFK6XpdEqkmYtFJd68NNeI5c0O3KyUDpV42BVcHn+kfwXgRMN1mkZ1FgibM9mkuKwgJaAnVyuYrMzVjve3MzOnxCsofFWg6ZV9sKrSFin99g8Xg42VWGYzw8s4agPbdOdDbN9O4/hCok5DPY5ndE2fSgyZtFiupIXSkg7XXHDbgiY5GMB8uLde1J9gVcdHD+JU3x8qcRR7Ta98aeB51umBcag8D63RDFkgjIprO5O/aCcgdhpYSe0fTWIKOaC3nx0ruSwqj/pfsJeHyZHB43Db1rfNA4Oj/Yao/0kbuzFb472k6MjljC8efgZmJpH4evlwq2sLuEVseCxyvfMNr1t+WpVGZszWU0gbVDqAqqZW1q4tyhAIcPLvg8PQd9Xm2Y5afQIoUFEvQbaV/ThAWvqS51Np7j82YEuhVkpB39No2r+EU2EC4MbfP1FvzauSLeq0b5tMq/gFo+Dl9uNw55lQKMUn3SeT/p59BZGNBcozeAQX+MitPoriJUCZP4FXtcKuxF2UPPe84/9CxrRUTnpmfvqhGp2h0UAuwsHCRVkeMXCtQeaMTl2PlvSgBP//Q/Zmx8z +sidebar_class_name: "post api-method" +info_path: policy-unsafe +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +UnsafeDeleteNamespace + + + + + + + + +), normalized to lower case."}},"title":"UnsafeDeleteNamespaceRequest","required":["fqn"],"additionalProperties":false,"description":"WARNING!!\n Deleting a Namespace will free up the Attribute Namespace, Definitions, and Values for reuse, which can introduce an access path to existing TDFs containing the deleted policy.\n Definitions and their Values under this Namespace will be cascadingly deleted."}}},"required":true}} +> + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-reactivate-attribute-value.api.mdx b/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-reactivate-attribute-value.api.mdx new file mode 100644 index 00000000..993f304b --- /dev/null +++ b/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-reactivate-attribute-value.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-unsafe-unsafe-service-unsafe-reactivate-attribute-value +title: "UnsafeReactivateAttributeValue" +description: "UnsafeReactivateAttributeValue" +sidebar_label: "UnsafeReactivateAttributeValue" +hide_title: true +hide_table_of_contents: true +api: eJztPf1zGrmS/4re3FXF3gf4I4lfwm3tHsFslouDXYBzlws+Is80oPWMNJE0jnku/verlmaGGcBg4iSX+JRfYqSW1JL6S90tza2n6Vh59Q/emQiZPyXnXNERkB7Ia+aDd1HxRAySaiZ4O/DqXmzAaokBq1noFDj91QXqa3ZNNTS0luwy0fCOhgl4FS+mkkagQeKItx6nEXh1ryk4B19Xz6TQwhdh9R1IxQT3Kh7jXt2bAA1AehVPwqeESQi8upYJVDzlTyCiXv3W09MYe+JJdGkgNdPhhq6BJ5FX/3BwUfECUL5kMc7Rq3vHMGIciJ4AubbQRIzMz7Q3Eqe9eRXPF1xpr34wm1WW5tNnEYhEV9+qpZncH/NSJ3ciqi1UhTBOIuXNZhd2tUDpVyKY4kC+4Bq4xj9pHIfMN3u695fCvm6XMRKXf4GvcdMkUoBmoLCWBQUYpSXj4wLWLPAq3kjIiGqv7iWJ+V3Guptt4mw2b7eecrp2Jl7Fo0HAsB8anhWwGtFQweI4/9nodtqd13/724CTvGPGx4RykndPTP/Ep5zEApeH0TCcEhEDJ0mMoNT3QSkSUz0hWhC4Ycr00j/+QxFcU8o4/sZdWOi25s1wjmWqNQUqFlzZ9Tzc38f/yrj3EjOqpa+vsWvXhgERLF3w65QjH7zZZcTHwFFYQEBw75EaA6rpJVXgzSoezdaniMm88MHYzCqGBVVM/dIQ88JFfPOajMW/IjbbrY2VHXd3aOoXu0wUBEiVMZXa8EWBBI10MIWqQlQSx0Jqcjkl8yk3Ej3pEMqDASfA6WUIZARBKuwRp9Envg4lrMZdRdYqb6ktWcTWFiMOAYxoEmqScM1CAjdI2EyHWJFJgGC+AZdChEDNWBFoiqtWHC0v27RjvgTsuKGLrdPCIdVL+M6riAKzdgrkNUiyg4JCT8nniSApEPnMwpBI8IUMwGwuyo4kYJrANXC9O8cuX0e4oVEcgtG+B8jsB7X9/f2nz/b3Dw4Vat5ckAZUQxVlPK5BEgfL00gLV01jXrVmGinQd5xGSC8hVKtEVzanFOIuqX83YVrhNltcCBHbToiaIC8UK1FOb6FbelomvkbOSzj7lEA4JSzA1RxNCSUSlEikD+Qz0xOSjzrvn+QkO6t4Y0m5Lk6HSkmnaDFoiFauz/ZSMZFsHRBWL06xEQQSFZ8YEUreNHqEcaUp92HAz7ttEiVKk0sglFzTkAXkvHtCdqA2rlXIk4nWsarv7QUQiZovor0nu2QkwlB8hgDJr7AQCsYRcK1qpEX9SfbT9q40lRrFEwEe2LVEYgzjCeVJBJL5xJ9QSX0NsmJUeKqOyWQaTwDF3mpgrOABUSFVE1C1+oB//PhxwPWEqVpEtT8BtfPkf8wsfq/v7X2g1X82qv+9X315sTP/ezAYDKoXt/uVo4NZAWL39x2sqW3ZaPeXnfoH/PPvu7/v7NV+2f39X5/spngNjOSLk8uQ+W9gWuR6Wzi8gukK4zCW4CNP18324fpM6DWQKAk1i0MgVzAlMWVSrRCcgsPpyNjoCyKU+hMISvLTliwObzEzY9idm+8541YgMMFrpJlIiTseSxiBlBBkNvdGaX4F0wdwTQzROo7A6ooX0ZsT4GM98eovDl4eVryI8azgYHHGN8/3X5JGr1M7IKnRhuLzrPWWAL+GUMRQIYlK0L7E/bxaz7dXxoAoIPB0w/CNVBQR21UmjxhIMhKSIHHjbhiFHY5xaC6MBknPQfsXBXMcIZYHuOLiMzLgWEimJxFB3DO+LHH1/JhHgPsigKA24KQvLEtX0NBSQCI6RQnyUSpaP9x/9uKjQbTba1TRJgrIZ0nj2BrsaKF8BL+uwI8Pnx/JAwvbai6AVshlokkkJBBLYyobhQaoz6giHADxWaXH7EJ4bxq94dn5q5N2c/im9X7YOHk9bHXO3w7PO72zVrP9R7t17FXuhOr2GkOczQaQZ/svj9aAtJrDXqt5dvj8qHuwGezpi2f3AXt+eNA98C6K5643VJ3lgmUrFTiXLwNOGkbEFHjeyFcRAaFKCZ8Z0yJTembrRonUE5AZmfq5zZkzALL3BrVcnEkuh+bHrQ9Z4QUezsv8LyESeq3BnUIszvuKquJEExmS6lzHK8Z9e5ykoRJIeBK0ZHCNgo3RQsv/V2r0+2nRFbpztmJPi0SSFl6gz2QdsVU8a9b1DcHMNaAtHRo6WqSW/gRIagymB8w3jV6d7LQ7/Va30zipkNZ/2b9WWtapROqdnnebrWH//VlrQQoVa7I+F4qzAZALkHrfPEhvXlF1vt6YvKJquMqgxKVA8s7WAaakYX0rPXMc+RIjB/ssMGOhaz2hyFih4GOFdnq69Butily7lc6zeeHde9Q4eX3abff/XNQT8/KCZigXprpgXthqDlH0L5U9ffFsqez54YG35MLs2eM+BFYYZ+ir2j0tD9yKzQbSJulsyK29fjCqhitcJbiv7eM1pFLg6R7D0+cbQ9jrVdisPK7RMIsjv6HGTFJFxWVkpjGgkIK+1FdzmuqIASfn1lJDsIJYyE9Y93B0lLtuiigSnDhHiHOEfGNHSMl2hKnlypQptzIfl3iadGHMlJbTohGY+kbutj0N31io9JgDcwdnjZwrIBmrG/YCGlgZ6PSg04NOD67Rg8gxSxyFCyKF0E2Q39RluV3o5F6+nHKH6Jax0pj4iNcIA2vbK95Mp+eqt+Z0r9O930H3NgtEe19eR8Yd+oZzl2LyQpQYwbK+P0EvAAofmSh9DzH3RXZxHnE1YsZImCQsHbDN77ubYTUx6meNVur3u+1X5/3WsHt+kh2Ml516d4I1Tk6Gp3+shei83wDxZ7vVbXSbf743J3FDHl8sQz2fST8JqdzZLaxvlmZzP3pIMXAhqB/bd+ZCUC4E5UJQLgTlQlAuBOVCUC4E5UJQzvXmXG+P2fXmQlDODebcYD9zCCp3Tq0JQf14yfVOMzvN7DTzpqDYslYu3hpyetPpzR9Xb5bOnBhV2XjenF8c3ISnCyL8wN4PF0RwQQQXRHBBBBdEcEEEF0RwQQQXRHCuCueqeMyuChdEcM4Q5wz5mYMIZtI/VQBBJWbH39pDzDf2BdHy43LFCWY1w+yVq/JMVzzVRSIax+YtpX8j9IrWycDI7pblJ/NfCMYWzRsOvA3yqZyju8EisyvXFNxC9aAkDNLqoZ/VDxUsywWcl4REmZecess9zidp6GvMrmHpKbSv8ghXim4PHuIPzOf6Wook/hodPaCPdEatGw2S07AHIfhayHebvKPZxkHacKjSlneQJiUZgBEDlIwYhIEVBURwLAip1sAhyIizi0JEAdfm6El2VOJPCFUDTkZSRIQFZ3snx42zXdwY+5SjkEXaystWkRPgyLbjDA41vYTQHnTX2Prnr/6j1ewP3zbOztqd18PTs1a30T/trvJBrIdtdzaCdE779wFrd4bN006/0e70zCliYVff3TclP59sxHjb1h3M1mx6mmlfgl9c7ZApjUvriyimkinB7a7P9YEEhVIZHdlxHE7TRwcHnGwgsnvRzYCTnVRk7Faybbfncxw7J5LSJZSMsRYOomuZpUCE68+piwv0y4A3SD4kKinGQeFzW3j/Q4zIr7nSJFQbrOdzfpKzlQF4MuChsL6a38ivGUK/kV9T1Em2lOke/FZU5gV5skgBqS48XcFmadVwLbulQEW2M85J6kuhlJlTafS7mK952jlu99unneGr09OTVqNz542XdZCNziaI027ZDdcsyewFslhcnO22v0F8EeIepu+x5kOpZWpdXGt8sPWaBRCs3Mbh2CqYteyZRxvmFGj1EqESChiYM1ajc0xCMWZ++YCXa8XtTMw7Z55i4K0QPQr0MnW6xxPdWetRPZ640W9D/a3tvjsjhonSYq0rKYW4+5BXkgY5dMnPbwtX+PnRoxJQWQpZ5mVrhlxjoPUbneNG93jYaBrpvmCSLdQet5rd92f9FTX9bqPTe9vulzVBAbeSaZAVGy/1A2+Fv374g7pOKjqp+AilYoZ1w0/N823MDXzz3JgXaIja7cRomqZXUDQ1Mtm6yued1pEYZMR0apmltgk6sawXOrJ+IseEjgkfMxP2Sl7R7ZgxbUvSxnXSIOl3OqhSbGy+PJDB9EDvqF1EnhYYL3eGDrg9G/895U6E9UV0yfhSzkJ2iogyR+4iWtkxucDBLiLrIrIuIluIyNoPfRiB8X0CIk6HOh36qHTodjG+rxWK0yCjLYIABda3LU0qPHo/C9iOU3fow5k8f4ptvfTLwVbJwNKTbovfMDKo2hhPulO5FfClGSPWbW1SO0yqSBbQuHuoCvk8Yf4kTyu0lDTgaNeUX6Nz+SVOKP6AQnHxsk2RbVMu2i780c1YJLUlitGHvPOgECkwN14WW6kBL+SDJTwAjDGnvGnZETurlcygbtmKWfDoLYjoh81KkR16RTOTrCm4liKcz6KFSfgGzEA1u61dXIABV0bnJBJU9qWrTJylEqW4GMqk+y7kPZSiKJk8GhZFn7gM2Zg+MI/gq3zC7IFDbPe4pvsumfsumVMzP6ia+Za2t7vP+QNfRHH3Od19Tnef093ndPc53X1Od5/T3ed09zld9NBFDx9R9NDd53SOEOcIeVT3Od13yZwedHrQfZes7Mspd+i+S+Z078+se3/i75I9+Jtc9wt5zMPIRQotlH69TKb7v92pJRuPQX63qS+lc82rvno+l812XjUDd9XLXfVyUXqnIH/eKP03vur1f5F+a2KUN/ohEdRS6i3+3MjaIQOu15+ELIw9DBXjnVsYR134lIDCJ3nMDMviEvHcLnnuTxEG+ZsQ2GMaQzQ20lyhklESjlgYYuRl4f0Dg4aTi04uPmK5eJozQt8aufc+l+RG8b0zDh0fOT56/Hz0pV+ZdjzkeMjxUO7luR/7FG8duPCr454fk3u2OASdc0VH0M3vUzRKZ8wuqFhwtUm9zGYGeXNZAydankdLSvO+XpruasKGMV7lMHy095ey7kDlTyCimw+UmCi6ajWL+8qFHo5EwgPcz8zt5mPSRGg8cwk3Sap4iuUmo25I5TgxRzKcCA1CxmEIN745weEVsbxDzIuVQIPpEG6YMk5y87qDwmzkYQCcpemFab4X3ExooqxDcERZCMEQXYSFtxrppYk9ogc00UMxGkrKx2CwNLE6RMtUM25fQTRV9JqyEC/jIMZU02EolLI1iZ4gq1g35FKw0+SaaaoTRXAps7udaiKSMDBJhuh8SKLsldMR+TAWYhxCTcZ+rSkCuFgqqFlhqBQdr9ybxRThAGyqs6yOqI+5u4A0QtIellFinLT4OGRqUiMNPiWJuqNpoQ2+KBmyf2I6L6YfponWeD4vot8zK1ELQFMWqos1Vfbt1woRstB1+sKh9UbULA8j+GYy1ll64OL15TvDBLlcwjdCbAJEAJfJeNVYq7lVy2SNbMDaZZ1lcjyVkavykmlJpRHILF2AbN0ppg6kaaPk303Kt8kpsN1dgvWMmPI0TL3cSa0gE9N9iKXQ4jIZ1Rp8uvjYKccnTzLhcv8pmRYWEwk6kdxuY9phnWSZqL4tQErArNpA+GpvLPYMuam9f0Gwqiw92urNMklYHG+9hPWMETERAfrGhDJ0QtGT5e3F5mWZWmLa12w3GNBnPuxt7NTqTGXCKYkMvbp3G4dUIw21eBALxvVsiTFbVoSS0xh4//gPkrXARBS8HGheMs4XKKutGXaYWOSvqWQolazvb2FEqxtSNbFcO5thaEKBn0imp179w0XFQ+2QOupeiWCaYpgFLbynI/ri+ejoWfX5Pw7+UX32/Oiwevl05FcP/ZdHT0dHR3REj5BR8DJJyQ1ZXNuldcB5pNdL6t71gUkeEEpH1CgqG97YvK+lPnMWRScfLh3j9saVERV2yz94a7bcq2wa8aLimU2of/BubzEWcy7D2QyLPyUg0/XM9gd/zSreBGgA0lBJwMxL5cFqC/x2rr69nW7qKN0lc/uqPC/MPsqZtHqGXOyLsPouv7STSjnPw4Db/Ye+33h9FoFIdPWtWhwph8P+qn2bi51BLFkl8xaYTxPrtbAXBU4+O+1hwO5SBCY1KzImiyfpZ7QM6Gc7EWvf2WsGWHbrhZSPE6NCPdsn/vtfuUmTyw== +sidebar_class_name: "post api-method" +info_path: policy-unsafe +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +UnsafeReactivateAttributeValue + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false}},"title":"UnsafeReactivateAttributeValueResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-reactivate-attribute.api.mdx b/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-reactivate-attribute.api.mdx new file mode 100644 index 00000000..91ae826a --- /dev/null +++ b/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-reactivate-attribute.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-unsafe-unsafe-service-unsafe-reactivate-attribute +title: "UnsafeReactivateAttribute" +description: "UnsafeReactivateAttribute" +sidebar_label: "UnsafeReactivateAttribute" +hide_title: true +hide_table_of_contents: true +api: eJztPWt327hyfwWX7Tmx98ryI4lvou7ZrSJrs2oc2UeS06aWq8DkSMKaBLgA6FjXR/+9ZwCSIilZsuNsmrjIl1jA4DlPzAzAW0/TifIa596pCJk/I2dc0TGQPshr5oN3UfNEDJJqJngn8BpebMDqiQGrW+gUOP3VA+prdk01NLWW7DLR4NW8mEoagQaJg916nEbgNbyW4Bx8vXMqhRa+CHc+gFRMcK/mMe41vCnQAKRX8yT8mTAJgdfQMoGap/wpRNRr3Hp6FmNPPIkuDaRmOtzQNfAk8hrn+xc1LwDlSxbj8ryGdwRjxoHoKZBrC03E2PxMeyNx2ptX83zBlfYa+/N5bWk9AxaBSPTOe7W0kvvPvNTJnRPVFqpGGCeR8ubzC7tboPQbEcxwIF9wDVzjnzSOQ+YbdO7+obCv2+UZics/wNeINInI1wwU1rKgAKO0ZHxSmDULvJo3FjKi2mt4SWJ+l2fdy5A4ny/a3Uk0PbsIr+bRIGDYBQ1PCxMa01BBdYj/bPa6ne7bv/1tyEneJ+MTQjnJeyY+5SQWuCeMhuGMiBg4SWIEor4PSpGY6inRgsANU6b94Og3RXAjKeP4G7d+0SGivz7kpIkDAlGaakDSoXxGPtAwAUUSHoAkespUoZ3Bo1kb+czCkHRPBuQSiD+lfAJB3ZvjTpVp3xSoWHBlsXKwt4f/lbehn5hlWCr9GrinOSsjaIo6WuDvR5LOvGZYSMXULw2xKKxiOq/JWPQrzqY61gQ4ykAICNI1clpANb2kCrKJr+vQ1Fe7TBQESGAxldoSwCqqUDWikjgWUpPLGVksuZnoaZdQHgw5AU4vQyBjCFI5jXMa/8nXTQmr5zXP8EcZpbakOltbjHMIYEyTUJOEaxYSuEGSYjrEioyDgwUCLoUIgZqxItAUd604Wl62CWO+BOy4qYut08IR1UvzXVQRBWbvFMhrkGQLeV7PyOepICmQ5TwJvpABGOSiGEgCpglcA9fbi9nl+wg3NIpDMIpzH9lsv763t/f8xd7e/oFCpZkLwoBq2EEZjXuQxMHyMtLCVctYVK1ZRgr0DZcR0ksI1Sqhka0phbhLdN9NmNcoLHGM8kaI2HZC1BR5oViJEvIBCqKvZeJr5LyEsz8TCGeEBbib4xmhRIISifSBfGZ6SvJRF/2TnGTnNW8iKdfF5VAp6Qw1voZo5f48XComkq0DwurqEptBIFGHof4h75p9wrjSlPsw5Ge9DokSpVHJUHJNQxaQs94x2YL6pF4jz6Zax6qxuxtAJOq+iHafbZOxCEPxGQIkv8JGKJhEwLWqkzb1p9lP27vSVGoUTwR4YPcSiTGMp5QnEUjmo4qT1Ncga0Ybp5qVTGfxFFDsrQbGCh4QFVI1BVVvDPmnT5+GHLVqPaLan4LaevY/ZhW/NnZ3z+nOP5s7/7238/pia/H3cDgc7lzc7tUO9+cFiO1ft7Cm/sBG2z9tNc7xz79v/7q1W/9p+9d/fbadzmtoJF+cXIbMfwezItfbwtEVzFYYd7EEH3m6YdCH+zOl10CiJNQsDoFcwYzElEm1QnAKDidjY2NXRCj1pxCU5KctqQ5vZ2bGsJhb4JxxKxCY4HXSSqREjMcSxiAlBJnNvFGaX8HsEVwTQ7SOI7C65kX05hj4RE+9xqv91wc1L2I8K9ivrvjm5d5r0ux36/skNZdQfJ623xPg1xCKGGokUQmaiojPq/V8e2UMiMIEnm8YvpmKImK7yuQRA0nGIjUZkU5Q0IUTHJoLo0HSc8zeRcGcRojlAa64+IwMOBGS6WlEcO4ZX5a4enFMI8B9EUCAZu1AWJauoaGlgER0hhLkk1S0cbD34tUnM9Fev7mDNlFAPksax9bqRgvlE/gNBX588PJQ7lvYdqsCWiOXiSaRkEAsjalsFBqgPqOKcACczyo9ZjfCe9fsj07P3hx3WqN37Y+j5vHbUbt79n501u2ftlud3zrtI692J1Sv3xzhajaAvNh7fbgGpN0a9dut04OXh739zWDPX724D9jLg/3evndRPDe9o+o0FywPUoEL+YInFiNiCjxv5KuIgFClhM+MaZEpPYO6cSL1FGRGpn5uc+YMgOy9QS0XV5LLocVB5zwrvMDDdZn/JURCrzW4U4jquq+oKi40kSHZWeh4xbhvT4Y0VAIJT4KWDK5RsDFaaPn/So1+Oy26QnfOV+C0SCRp4QX6PNYRW82zZt3AEMxCA9rSkaGjKrUMpkBSYzA9YL5r9htkq9MdtHvd5nGNtP/L/rXSsk4lUv/krNdqjwYfT9sVKVSsyfqsFGcDIBcg9b57lN68oupsvTF5RdVolUGJW4Hkne0DzEjTukn65jjyJUYO9llgxkLXekqRsULBJwrt9HTrN1oVuXYrnWfzwrtx1Dx+e9LrDH6v6olFeUEzlAtTXbAobLdGKPqXyp6/erFU9vJg31tyQfbtcR8CK4yz6av6PS0PRMVmA2mTdDbk1lk/GFWjFa4SxGvnaA2pFHi6z/D0+c4Q9noVNi+PazRMdeR31JhJqqi4jMw0BhRS0Jf6ak5SHTHk5MxaaghWEAv5Cesejo5y1y0RRYIT5whxjpC/2BFSsh1hZrkyZcoHmY9LPE16MGFKy1nRCEx9I3fbnoZvLFR6zIGFg7NOzhSQjNUNewENrAx0etDpQacH1+hB5JgljsINkULoFsi/1GX5sNDJvXw55Q7RLWOlMfFxXmMMaT1c8WY6PVe9dad7ne79Brq3VSDa+/I6Mu7IN5y7FFMXosQIlvX9KXoBUPjIROl7iLkvsotpKf5tJEwSlg7Y5vfdzbCaGPWzRisNBr3Om7NBe9Q7O84OxstOvTvBmsfHo5Pf1kJ0P26A+L3T7jV7rd8/mpO4IY/vR4Y+KjTv+Uz6SUjl1nbVt4Ko2+hXsaxyH15ywbLv2MvngmUuWOaCZS5Y5oJlLljmgmUuWOaCZc5J6JyET9lJ6IJlzmHnHHY/crDMLHpNoOz7uwKgEoPx9/YQ8xf7gnIP2IfcRVX1jY0s3VRXWr7aY5qTiMaxubDxb4Re0QYZGtndtvxk/gvB2KJ5w6H3INfbBovM7lxLcAvVh5IwSKtHflY/UrAsF3BdEhJlrov0l3tcLNLQ14RdA69uxFe56ZNOtw+P8Qfma30rRRJ/jY4e0Ue6ovaNBslp2IcQfC3kh03e0QxxkDYcqbTlHaRJSQZgxAAlYwZhYEUBERwLQqo1cAgy4uyhEFHAtTl6ki2V+FNC1ZCTsRQRYcHp7vFR83QbEWOvegpZpK28bBU5AY5sO87gUNNLCO1Bd42tf/bmP9qtweh98/S00307Ojlt95qDk94qH8R62E53I0j3ZHAfsE531DrpDpqdbt+cIipY/XBfv3++2Ijxjq3bn69BehpQKMFXdztkSuPW+iKKqWRKcIv1hT6QoFAqoyM7jsNZeklxyMkGIrsX3Qw52UpFxnYtQ7s9n+PYOZGUIl0ZY1UOomuZpUCE68+p1Q36acibJB8SlRTjoPBODwaZxJj8nCtNQrWZ9WLNz3K2MgDPhjwU1lfzC/k5m9Av5Od06iTbyhQHvxSVeUGeVCkg1YUnK9gsrRqtZbcUqMh2xjlJfSmUMmsqjX4X87VOukedQeekO3pzcnLcbnbvDKutg2x2N0Gc9MpuuFZJZlfIoro5D0N/k/giRByml7bzodQytVb3Gm91X7MAgpVoHE2sglnLnnm0YUGBVi8RKqEwA3PGanaPSCgmzC8f8HKt+DAT886VpzPwVogeBXqZOt0NTXfWelI3NDf6baj/YLvvzohhorRY60pKIe4+5JWkQQ5d8vPbwhV+fvSoBFSWQpZ52Zoh1xhog2b3qNk7GjVbRrpXTLJK7VG71ft4OlhRM+g1u/33nUFZExTmVjINsmLjpX5k2sTbx9/ad1LRScUnKBWzWTf91Dx/iLmBb6QY8wINUYtOjKZpegVFUyOTrat83mkdiUFGTKeWWWqboBPLeqEj6ydyTOiY8CkzYb/kFX0YM6ZtSdq4QZokfceLKsUm5qWiDKYPektt4+RpgfFyZ+iQ27Px31PuRFhfRJeML+UsZKeIKHPkVqeVHZMLHOwisi4i6yKyhYisfcfLCIxvExBxOtTp0CelQx8W4/taoTgNMnpAEKDA+ralSYVH72dhtpPUHfp4Js/ve62XfjnYKhlYujdWffPQTNXGeFJM5VbAl2aMWLe1Se0wqSJZQOPuoWrk85T50zyt0FLSkKNdU77y5vJLnFD8DoVi+VnP8xLbplz0sPBHL2OR1JYoRh/yzoNCpMDceKm2UkNeyAezL5bSjDctO5qXTktmUK9sxVQ8ehUR/bhVKbJFr2hmkrUE11KEi1W0MQnfgBmoVq+9jRsw5MronESCyp7TzMRZKlGKm6FMum8l76EURcnk0ago+sRlyCb0kXkEX+Wd1G96+8w9fuoeP3Vq5jtVM+7xU3ef093ndPc53X1Od5/T3ed09zndfU53n9Pd53TRQxc9/NGjh+4+p3OEOEfIk7rP6R4/dXrQ6UH3+GnZl+MeP3W69+no3h/48dNv8fBnKYxcpNBC6dfLZLr/251assnEfLr32yx9KZ1rUfXV87lstvOqFbirXu6ql4vSOwX540bp/+KrXv8X6bcmRnmjHxNBLaXe4s+NrB0y4Hr9ScjC2MNQMd75AOMo/eB5K11hWVziPB+WPPe7CIP8TQjsMY0hGhtpoVDJOAnHLAwx8lJ5/8BMw8lFJxefsFw8yRlhYI3ce59LcqP43hmHjo8cHz19PsrecbofF13n2dWOhxwPOR7KvTz3Y5/irQMXfnXc831yT5HIv1Q9uHzz7zhRzuWbu3xzl2/u8s1dvrnLN3f55i7f3OWbuzw7l2f3lPPsXL65c3g4h8ePnG+ex+h/qG8IOc3sNLPTzJsy4Je1coHfnd50evM71pulM2cSbnozrMhJZ1zRMfRyFZK/KtUDFQuuNsUd5nOzFqOacN3lZbWlNN/lSd2WRtjGqLiMU2b3D2XTiJU/hYhuVkTo8Fu1uUU0c6FHY5HwADchE9Q+Gr+h0Y8JN85G1H7ceEZGVE4Sk8qFC6FByDiM4MY33jx8Wi7vEP2bEmgwG8ENU8Z6MK9CK/QqjwLgLHUTped2uJnSRFm1PKYshGCE1kXhG0/00khsdIsneiTGI0n5BMwsjYTDaZlqxu3Xk0wVvaYsxEe8cMZU01EolLI1iZ4i59j05SUVYXwGmupEEdzK7E1INRVJGBhnESYtJlH2dbQxOZ8IMQmhLmO/3hIBXCwV1K1sVIpOVuKm6uoNwLqs5c6Y+uiDBaQRkvawPCXGSZtPQqamddLkM5KoO5oW2uCXqEL2T3TLohspdZijRC9Ov292oh6ApixUF2uq7DfjakTIQtfpl5FsFmPdsjSCbyZjnbl5Slu17npBLqbwbXFryAZwmUxWjbWaW7VM4G5JgrXLKsz46pQRs/KSaUmlkc8s3YBs3ykaXKn7j/y7cd0bS8x2dwk2o9KUp8p9uZN6QUSmeIil0OIyGdebfFb9SBrHp9Iz4XL/JZkWdiYSdCK5RWPaYYNkHkXfFiAloHc0EL7anYhdQ25q918QbEeWPvbmzTNJWBzvTuHqGXNiKgK0qoQyJEIx+OLtxuYx+npimtZtD2gBMR921/VnFacykbVEhl7Du41DqpFy2jyIBeN6vsSObSs4yUkMfHD0G8laoNGOTwma7x7m25LV1g0TTO28r6lkKIts7KsyotUIqXJYrp3P0TOqwE8k0zOvcX5R81AnpGm9b0QwS2eYhaO952P66uX48MXOy3/s/2PnxcvDg53L52N/58B/ffh8fHhIx/QQ2QNDgaUDRXFbl/YB15EGBxve9b6xhYXSETXqyTpl1mKz1F3Ok5gNjLvGuA2VG9lgEX3urUG0V1sz2EXNM1vfOPdubzFIdSbD+RyL/0xApruYYQV/zWveFGgA0tBGwMzXTIPVp+fbhar2tnqpWbFNFqZVeUl4PssZcucUOdYX4c6HPNCaSjTPwzjJ/Ye+33gDFoFI9M57VR0ph8P+dgbWf55BLFkgixZ44oj1WtiLAuuenvTxUs+lCMzhNTLmiSfpZ7QC6Ge7EGva2dAQlt16IeWTxKhLz/aJ//4XvBqrAw== +sidebar_class_name: "post api-method" +info_path: policy-unsafe +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +UnsafeReactivateAttribute + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Value","additionalProperties":false},"title":"values"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the attribute. Use kas_keys instead."},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys associated with the attribute"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["rule"],"additionalProperties":false}},"title":"UnsafeReactivateAttributeResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-reactivate-namespace.api.mdx b/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-reactivate-namespace.api.mdx new file mode 100644 index 00000000..c9f671eb --- /dev/null +++ b/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-reactivate-namespace.api.mdx @@ -0,0 +1,71 @@ +--- +id: policy-unsafe-unsafe-service-unsafe-reactivate-namespace +title: "UnsafeReactivateNamespace" +description: "UnsafeReactivateNamespace" +sidebar_label: "UnsafeReactivateNamespace" +hide_title: true +hide_table_of_contents: true +api: eJztWltXIzcS/iuKds8ZyLYbzC0zfpl1GCfhMAGODdnNgtcjt8puhW6pRxfA4fi/7ymp225fMJDby868DJaqS6W6fFUq6ZFaNja0dU0vVCaSCbmSho2A9EDfiQRoP6KqAM2sUPKE0xYtPFnsPFkcqEvi8lcXWGLFHbNwxnIwBUuARrRgmuVgQeNij1SyHGiLHispIbGNC62sSlTW+Am0EUrSiApJWzQFxkHTiGr47IQGTltWO4ioSVLIGW09UjspkJN0+dBTWmGzZ1iDdDltXTf7EeVgEi0K3B5t0Q8wEhKITYHcBWqiRv5nyY0UJTca0URJY2mrOZ1GK/u5FDkoZxs/mpWdvFzyBSZPCmoDVUSEJLmh02k/aAuM/VbxCS6UKGlBWvyTFUUmEm/OnV8M8npclUgNf4HEotE0Gt8KMDgreI3GWC3kuCa14DSiI6VzZmmLOud/L0rdrYw4nc6/e9JpumETNKKMc4EsWHZRE2jEMgPLS/yr3T07Ofv+q69uJJnxFHJMGJkxJgmTpFCoEsGybEJUAZK4gjBJWJKAMaRgNiVWEXgQxn9++eE7Q1CPTEjPTk5I21oths6CIU5y0N4cs1XiG0nauD4QY5kF9CT8ypvOb8cQJjl+JDT5iWWuxkeYmrj3IsvI2fklGQJJUibHwGM6RR0uRoUfMIWSJthrb3cX/1tUUM/5HQb//SO8Qs6CHElLo8pa5P9up1rcwBgk4hFwgj6GXs+ZZUNmgE6jMg6fZujnl1k6AxytXTBtvWXmpq2bKyLGFYXSlgwnZLZD0nY2PUNT3kgCkg0zICPgJWaiTKPPcpNIOD2NqPfVBSWWI8vShmGUgcOIucwSJ63ICDygEYXNcKKKJj43wFCpDJhfKwfLUGv11WZjz1ks0YCM27b+dTk4YHZF3vkUMeB1Z0DfgSZbGIB2Qu5TRUqi4OsaEqU5eONiTDouLIE7kHZ7Lt1Mj/DA8iIDn8Sa6NjNeHd3d/9gd7e5ZzCBzUCJMwsNxEvUgSv46jbKwXXbmE9t2EZJ9BduI2NDyMy6MK32VFI8BaNPO+YdYhKusagIVQQmxKQYC/VJxKRXgHXPapdYjDwnxWcH2YQIjtocTQgjGoxy2uOfTcls1Tl/MnPZaUTHmklb3w7Tmk0w+1rI1+rnlTiELqPFJiKcXt5im3ONCQXBn5y2e0RIY5lM4EZedU9I7oxFWGfkjmWCk6vuR7IF8TiOyJvU2sK0dnY45CpOVL7zZpuMVJape+DofjVFGBjnIK2JSYclafUzcDeWaeszDUgedInOmBUpky4HLRJMKpolFnTkU2OZ5kg6KVJA2FtPjBOSE5Mxk4KJWzfy06dPNxKTV5wzm6Rgtt781+/ifWtn55o1fm03/rPbeNffmv99c3Nz0+g/7kZHzWmNYvv9Fs7Er/xo++ut1jX++Y/t91s78dfb7//+ZruU68YjX+GGmUhOYVKP+jA4uIXJmkKr0JBgTLe8+VA/KbsDkrvMiiIDcgsTUjChzRrgVBLOR77eXYJQlqTAF/AzjCwvHyTzawTLzW0uZAAEoWRMjp3WaPFCwwi0Bl7Vr8+i+S1MfkfUFJBvigicjmjOHj6CHNuUtt423+1FNBeyGmgu7/jhcPcdaffO4iYpCxSEz4vOjwTkHWSqgIg447BuQ3vebo7bW19A1ATYf2b5dglFJLCq8EiAJiNVVmboJwh02djXP8pnkPJMsduvlbZIsbrArVT3GIBjpYVNc4KyV3G5ENXzIxMBmSgOHGvKSxVCOsLK0QDJ2QQR5JM2rLW3e/D2kxe022s3sCbi5F6zogglK1YonyBpGUiKvcMj3Qy0neMl0ogMnSW50kCCj5lqFcYxnzFDJADKsy6PBUXQ03ZvcHH17ceT48Fp5+dB++P3g87Z1Y+Dq7PeRef45LuTzgcaPUnV7bUHuJtnSA523x1tIOkcD3qd44u9w6Nu83my/bcHLyE73Gt2m7RfP8OcMnMxA5ZXpcA5vuBxwUNMLeY9vqocCDNGJcKXFlXS86YbOW1T0JWbJrOacxYAGN7PpOX6TmY4ND9aXFeDfTzoLsa/hlzZjQV3SbG871tm6ht1OiONeY43QpbHNJYZhY6nwWoBdwhsgtW+/L9Ko39dFl2TO6drbFp3knKwj/2HTc4W0VDWXXqHmWfAMDrwfrTsLZcpkLIYLPsxp+1ei2ydnF12umftjxHp/Dv8tbayLhGpd37VPe4MLn++6CyhUH2m4rk0XC2AUYDee/q78uYtM1ebi8lbZgbrCkpUBbp3pQeYkHboWfT8ceS3FDnIsxaMNdY2ZRhYmZJjg3V6qfpnq4pZdls4z84Gn7ZR++P3592Tyx+W88R8vJYZFgfLXDAf7BwPEPpXxvbfHqyMHe416Uo7sBeO+8ADGFfim/iFlQea4vkC6Tl09u52snkxZgZrWiVo15MPG1ylFtM9gafPU+/Ym1PYdHFdn2GWVz5lvkwy9cTlMdMXUOhBv7VXc17miBtJrkKlhmQ1WJidsF7Q6FhkfazyXEnypRHypRHyJzdCFmpHmISoLIPyVeXjSkyTLoyFsXpSLwLL3sjTtaePm0BVHnNg3uCMyZUBUoW6Dy9gPGDglzz4JQ9+yYMb8iBGzEpEoUK0UvYY9J/asnzd1cmLejmLDLEtE9CYJCjXCC+RXp94q5w+S73xl9z7Jff+Bbn3uOa0L411DNxB4iN35X5bqYVACKGfpNgFQPDRztjXiLfhajxc8z4jtL8jLi8JV2+CO1or/cfdA2ODcp0h6y4llR2MlJMcXalKdQkW65lvOjnpm6P+zYTv5AyYHjtswnhdM54JCQN4SHz3kUY1htiP1cD4ZODv7NE4BehcGOyCDzhIUba1yj4DPKTMmXBBOmIiAz7AakjJoE7kN/Q5D9v4zg7UaKDx6t1L6XMEiuWnhbSgJcv8FLtjIsNLYJSYWTbIlL9td5I5m2KU+oprNcn6Hodl1uE7Aw4RuU8FNqFS5TLum1t4vexy4iMC/el6rNQ4g1gXSXysOPRXBuIAxcaw8VrbLLemOYQWu26MWII9Y0AfISWHVZGEJB05zoRJY9KWE+LME5/WvslUwjLxK7aRse1VNvgxP9bF73lNxBwsE5npb5giIwEZj4jSNdbDieeYZAKkjQN8IPnzbmyrttSCqqZRCURrlDiDxKGQLBTeHIZuvG6t9dHqH288CQvhwdPyUdX3Fo2HdD0UVjPtc4EoFVDpnWHJWrYryT/9VYOvZQO7IZjwhgjHy/JolUlcg+PSDv4Z1NCN4racLJRP1TupClxeviX/RZBEg3VaBjOWDFuk6oAmYQA9Abu5XCVmZ6x2vLuZnb8hWUPjyQZdq+yHV0hYX2/TY7UcbKrCazf/AAmfA9EW3dnw+G1nE7+QpMPLN6cz2qKPRcYsek5H8kIJaacr4dgJwEnOC5CXH74j1Rd47MGnKEmKFzGVWqrZ2AdBGuS+Y1ogFoW7uqUVQ0Yok8Pq7NS/JDOQOC3shLau+xHFnNCdvy0rJaxqUbo/Ym8PR0cHjcNvmt80Dg6P9hrD/VHS2EveHe2Pjo7YiB1heODV5cKRrK7WFT3gPsrLzBa9a/pSVRmbM1k9P3rGmgvsZjFp4cGi1oQMV/seG4Khrze9cqTRhsX6EfWqb13Tx0csrK90Np3i8GcHutRiZRX8NY2ql4HoG1wYnODrT/u1h3x0q3pLt03mZdzilvCEu/EZZIlolOK9zsuXftl6C48XF1aa0SG/xmXo91cUKxXI/As8sxV2I22/FroX571LGtFh+QYy9+UJ1eweqwB2HzYSyshwlYVjjzRjcux8uqSBJ/77H/uR1I0= +sidebar_class_name: "post api-method" +info_path: policy-unsafe +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +UnsafeReactivateNamespace + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-update-attribute-value.api.mdx b/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-update-attribute-value.api.mdx new file mode 100644 index 00000000..0ab3139a --- /dev/null +++ b/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-update-attribute-value.api.mdx @@ -0,0 +1,73 @@ +--- +id: policy-unsafe-unsafe-service-unsafe-update-attribute-value +title: "UnsafeUpdateAttributeValue" +description: "--------------------------------------*" +sidebar_label: "UnsafeUpdateAttributeValue" +hide_title: true +hide_table_of_contents: true +api: eJztPWtz2ziSfwXL26rYWUl+5LGJbmrmFFmT8cWRXZI8d3ORT4HJloQxCTAA6EST0n/faoCkSOrpOMklOeRLLKABNIB+obsBfvQ0nSiv+ca7ECHzZ+SSKzoG0gd5y3zwrmpeAMqXLNZMcK/p1Xf693DIye80TID0LtpqyHdrVfdqnohBUhzrNPCaXmyQaiQGqYbFLUUt/XUZB1RDS2vJrhMNZlCv5sVU0gg0SJzbR4/TCLym1xacg6/rF1Jo4Yuw/jtIhfOqeQwnNwUagPRqnoR3CZMQeE0tE6h5yp9CRL3mR0/PYuyJJ9G1gdRMh1u6Bp5EXvPN0dJansCYcSB6CuTWQhMxNj/T3kic9ubVPF9wpb3m0XxeW5rPgEUgEl1/rZZmsjvmpU7WIqotVI0wTiLlzedXdrVA6RcimOFAvuAauMY/aRyHzDf7efCnwr4+LmMkrv8EX+OmSdx9zUBhLQsKMEpLxicFrFng1byxkBHVXtNLEvO7jHUv28R5zbs1dLGhv9uUcCL64Qz4RE+95vGTR+u6HPKc4lI6jxKlyTUQygkN4ynlSQSS+cQOVCM0DMV7xidkOounwBWhPCAJD0AqX0hQ5DrRhAtNqDLrPGZSaSIkCanSxJ9SSX0NskEGUyBKCwkBoTkOBnvynoUh4sBxWUL2FwRECxKK9yCJTxU0mkP+9u3bIddTphoR1f4U1N6D/31D63+16v9zWH9+tfdLc/FrVL96WKjb/+XvD/bTHobcm88Xq7eeF3uWNryaR4OA4TLS8KKwz2MaKqgu83+1et3T7su//W3IiekUF45yUl10M2EJWgrqa3YL4YzQUIMk1PdBKZw9fGDKNB+c/KoIkiZlHH/jIoswMPvA4X2174Y3xwmWBYEpULHgypLo8eEh/ldGvp+YwS3Lfg5GWNBuhVbvzT9lxCfAUfZCQJCdkMEDquk1VYAclBNbEZNF4b2xmdeMVFMx9UtDLAqr+OY1mdT8jNjcbW2sOF7foamvdpkoy58xldowRoEEjcA1hapGVBLHQmpyPSOLKbcSPe0i8Q45AU6vQyBjCFLdiTiN3/FNKGE17qrhm9KW2pIqtrYYcQhgTJNQk4RrFhL4gITNdIgVBghXabEB10KEQM1YEWiKq1YcLS/btmO+BOy4pYut08IR1Uv4LqqIArN2CuQtSLIHXDM9I++ngqRAmRzxhQzAbC5K8SRgmsAtcL2/wC5fR/hAozgEYzodIbMfNQ4PDx89Pjw8OlZoNuW6CWViHdUmrkFiRGRlGmnhqmksqjZMIwX6itMI6TWEapXoyuaUQqwT+9sU8by6ECK2nRA1RV4oVqKcvoNy6WuZ+Bo5L+HsXYJKgwW4muMZoUSCEon0UbfoKclHXfRPcpKd17yJpFwXp0OlpDM0wjREK9fn7lIxkWwTEFZXp9gKAon6T4wJJa9afcK40pT7MOSXvdOFrYJ2AwvIZe+M7EFj0qiRB1OtY9U8OAggEg1fRAcP9slYoPECAZJfYSEUTCLgWjVIh/rT7KftXWkqtdGtwAO7llXLKLdpasSnPFPNmX1UWwOMFTwgKqRqCmqdRWNm8Uvz4KBo2iz+Hg6Hw/rVx8Pa06N5ycDZw5rGHRvtP9xrvsE//7H/y95B42HVTqp5cXIdMv8VzIpcbwtHNzBbYW/HEnzk6abZPlyfKb1FKzPULA6B3MCMxJRJtUJwCg7nY3PsqYhQ6k8hKMlPW1Id3mJmxrA7t9hzxq1AYII3SDuREnc8ljAGiRbpbX7o2Uz3NzC7B9fEEG3iCKwuGfLPjp4f17yI8azgqDrjD08On5NWv9s4IqnRhuLzovOaAL+FUMRQI4lKaBjOcD9vNvPtjTEgCgg82jJ8KxVF6Wkhk0cMJBkLSZC4cTeMwg4nODQXRoOkR8vDq4ItjhDLA9xw8R4ZcCIk09OIIO4ZX5a4enFyJsB9EUDQGHIyEJala2hoKSARnaEEeSsVbR4fPn721iDa67fqaBMF5L2kcWytdrRQ3oLfVODHx0+eyiML22lXQGvmCBQJCcTSmMpGoQHqM6oIB0B8VukxuxDeq1Z/dHH54uy0PXrV+WPUOns56nQvX48uu/2LTvv019POiVdbC9Xrt0Y4my0gjw+fP90A0mmP+p32xfGTp72j7WCPnj3eBezJ8VHvyLsqHrpeUXWRC5Y7qcCFfBly0jIipsDzRr6KCAhVSvjMmBaZ0jNbN06knoLMyNTPbc6cAZC9t6jl4kxyObQ4br3JCq/Q31HmfwmR0BsN7hSiOu8bqooTTWRI6gsdrxj3wchaGiqBhIdHSwa3KNgYLbT8f6VGv54WXaE75yv2tEgkaeEVuqE2EVvNs2bdwBDMQgPa0pGhoyq1GE+LNQbTA+arVr9J9k67g06v2zqrkc5/279WWtapROqfX/bandHgj4tORQoVa7I+K8XZAMgFSL2v7qU3b6i63GxM3lA1WmVQ4lIgeWfrADPSsi6WvjmOfIqRg30WmLHQtZ5SZKxQ8Inx4aRLv9WqyLVb6TybF67fo9bZy/Pe6eC3qp5YlBc0Q7kw1QWLwk57hKJ/qezRs8dLZU+Oj5Y97H173IfACuMMfdXY0fLArdhuIG2TzobcTjcPRtVohasE9/X0ZAOpFHi6z/D0+coQ9mYVNi+PazRMdeRX1JhJqqi4jMw0BhRS0Kf6as5THYH+SGupIVhBLOQnrB0cHeWu2yKKBCfOEeIcIV/YEVKyHWFmuTJlyjuZj0s8TXowYUrLWdEITH0j621PwzcWKj3mwMLB2SCXCkjG6oa9gAZWBjo96PSg04Mb9CByzBJH4YJIIXQb5Bd1Wd4tdLKTL6fcIbplrDQmPuI1xsDa3RVvptNz1dtwutfp3q+ge9sFot2V15FxR77h3KWcBCFKjGBZ35+iFwCFj0yU3kHMfZJdvMhAMNUoYZKwdMA2v9c3w2pi1M8GrTQY9E5fXA46o97lWXYwXnbqrQVrnZ2Nzn/dCNH9YwvEb6edXqvX/u0PcxI35PHJMtTzmfSTkMq9/cL6ZplLu9FDioELQX3bvjMXgnIhKBeCciEoF4JyISgXgnIhKBeCcq4353r7kV1vLgTl3GDODfY9h6By59SGENS3l1zvNLPTzE4zbwuKLWvl4q0hpzed3vx29WbpzIlRla3nzR0vvbogwrft/XBBBBdEcEEEF0RwQQQXRHBBBBdEcEEE56pwroof2VXhggjOGeKcId9zEMFM+rsKIKjE7Phre4j5wr4gWn6vrzjBrGaUvXJVniku7tLbazSOzVtK/07oDW2SoZHdHctP5r8QjC2aNxx6W+RTOUd3i0VmV64tuIXqQ0kYpNUjP6sfKViWCzgvCYkyLzn1l3tcTNLQ14TdwtJ7aJ/lEa4U3T7cxx+Yz/WlFEn8OTq6Rx/pjDofNEhOwz6E4Gshf9/mHc02DtKGI5W2XEOalGQARgxQMmYQBunbfIJjQUi1Bg5BRpw9FCIKuDZHT7KnEn9KqBpyMpYiIiy4ODg7aV3s48bYlzGFLNJWXraKnABHth1ncKjpJYT2oLvB1r988Z+d9mD0unVxcdp9OTq/6PRag/PeKh/EZtjT7laQ7vlgF7DT7qh93h20Trt9c4qo7Orvu6bk55ONGD+1dUfzDZueZtqX4KurHTJ8q3FMfBHFVDIluN31hT6QoFAqoyM7jsNZ+gDhkJMtRLYT3Qw52UtFxn4t23Z7PjevHGZEUrqEkjFW5SC6kVkKRLj5nFpdoIdD3iL5kKikGAeFz23h/Q8xJj/lSpNQbR/AzOf8IGcrA/BgyENhfTU/k58yhH4mP6Wok2wp0z34uajMC/KkSgGpLjxfwWZp1Wgju6VARbYzzknqS6Hso56l0dcxX/u8e3I6OD3vjl6cn591Wt21N142Qba62yDOe2U3XLsksytkUV2cu21/i/gixD1Mn7jNh1LL1Fpda3wD95YF9hnXpW0cTayC2cieebRhQYFWLxEqoYCBOWO1uickFBPmlw94uVa8m4m5duYpBt4K0aNAL1OnezzRnbV+qMcTt/ptqH9nu29txDBRWmx0JaUQ6w95JWmQQ5f8/LZwhZ8fPSoBlaWQZV62YcgNBtqg1T1p9U5GrbaR7hWTrFJ70mn3/rgYrKgZ9Frd/uvTQVkTFHArmQZZsfFS3/NW+Mv7P6jrpKKTij+gVMywbvmpeX4Xc4MTKzZxn9LtxGiapjdQNDUy2brK553WkRhkxHRqmaW2CTqxrBc6sn4ix4SOCX9kJuyXvKJ3Y8a0LUkbN0mLpB9ZoUqxifkKQQbTB72n9hF5WmC83Bk65PZs/I+UOxHWF9E140s5C9kpIsocuVW0smNygYNdRNZFZF1EthCRtR/6MALj6wREnA51OvSH0qF3i/F9rlCcBhndIQhQYH3b0qTCo/ezgO0kdYfen8nzp9g2S78cbJUMLD3pVv2ekUHVxnjSncqtgE/NGLFua5PaYVJFsoDG+qFq5P2U+dM8rdBS0pCjXVN+jc7llzih+A0KxeplmyLbplx0t/BHL2OR1JYoRh/yzoNCpMDceKm2UkNeyAczn44jNONNy47YWaNkBvXKVkzFo1cR0feblSJ79IZmJllbcC1FuJhFB5PwDZiBavc6+7gAQ66MzknwG3jpl64ycZZKlOJi2O/mVfIeSlGUTB6NiqJPXIdsQu+ZR/BZPmF2zyHu9rim+y6Z+y6ZUzPfqJr5kra3u8/5DV9Ecfc53X1Od5/T3ed09zndfU53n9Pd53T3OV300EUPf6DoobvP6RwhzhHyQ93ndN8lc3rQ6UH3XbKyL6fcofsumdO937Pu/Y6/S3bvb3LtFvJYhJGLFFoo/XyZTLu/3aklm0xAfrWpL6VzLao+ez6XzXZeNQN31ctd9XJReqcgv98o/Re+6vV/kX5rYpQf9H0iqKXUW/y5lbVDBlxvPglZGHsYKsY772Ac9eBdAgqf5DEzLItLxPNuyXO/iTDI34TAHtMYorGRFgqVjJNwzMIQIy+V9w8MGk4uOrn4A8vF85wRBtbI3flckhvFO2ccOj5yfPTj89GnfmXa8ZDjIcdDuZdnN/Yp3jpw4VfHPd8m99zhEHTJFR3DpVnOVul82QMVC662qZb53CBuLmrgJMtz6Ehp3tZLU11NyDDGaxyGhw7+VNYVqPwpRHT7YRKTRFetZHFPudCjsUh4gHuZudx8TJgIjVcu4SZBFU+w3GTTjaicJOY4hhOhQcg4jOCDb05veD0s7xBzYiXQYDaCD0wZB7l52UFhJvIoAM7S1MI01ws+TGmirDNwTFkIwQjdg4V3Gum1iTui9zPRIzEeSconYLA0cTpEy1Qzbl9ANFX0lrIQL+IgxlTTUSiUsjWJniKbWBfkUqDT5JlpqhNFcCmze51qKpIwMAmG6HhIouyF0zF5MxFiEkJDxn6jLQK4WipoWEGoFJ2s3JtqenAANs1Z1sfUx7xdQBohaQ/LKDFOOnwSMjVtkBafkUStaVpog69JhuwvTOXF1MM0yRrP5kX0+2YlGgFoykJ1taHKvvtaI0IWuk5fN7SeiIblXwTfTsY6Sw2sXl1eGyLIZRK+D2KTHwK4TiarxlrNrVomG+QC1i7rK5PfqYxMlddMSyqNMGbpAmTrTjFtIE0ZJf9h0r1NPoHt7hqsV8SUpyHq5U4aBXmY7kMshRbXybjR4rPqQ6ccnzvJhMvuUzItLCYSdCK53ca0wybJslB9W4CUgBm1gfDVwUQcGHJTB/+GYHVZerDVm1tJGIGeigAdXUKZjafolvIOYvNMTCMx4rZhpS5G55kPB+tlsFfzrPJTJi6SyNBreh/jkGokiA4PYsG4ni9xWcfKQ3IeAx+c/EqyFphRgrf8zJPE+Wyz2oah7alF/JZKhiLGOvEqI1pBn8r85dr5HGMMCvxEMj3zmm+uah6K+tTj9kIEsxTDLPrgPRrTZ0/GTx/Xn/zz6J/1x0+eHtevH439+rH//Omj8dOndEyfejmDFFgGr4mUHIzFhV5aGOwivTjS9G6PTFqAUDqiRg3ZwMUGnVjt7+NCsXn1nf49HPL0ifPeRVsN+W6t6gs7Bp2EuGOM2xtbRtxYKnvjbaAyr7ZpXlc1z+x784338SPGcS5lOJ9j8bsEZLqFGUngr3nNmwINQBrCDJh55TxYbb0XV2mvlzpZ98m6OWHmUs7k9QuUAr4I67/nF34yIvAwWLf70LuNN2ARiETXX6vqSDkc9lcf2DzuDGLJqlm0wFycWG+EvSoIjovzPgb7rkVg0roiY/J4kr5Hy4K+txOxtqG9ooBlH72Q8kliVLBn+8R//wIEnCSd +sidebar_class_name: "post api-method" +info_path: policy-unsafe +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +--------------------------------------* + Value RPCs +--------------------------------------- + + + + + + + + + + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"additionalProperties":false}},"title":"UnsafeUpdateAttributeValueResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-update-attribute.api.mdx b/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-update-attribute.api.mdx new file mode 100644 index 00000000..d11cc440 --- /dev/null +++ b/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-update-attribute.api.mdx @@ -0,0 +1,73 @@ +--- +id: policy-unsafe-unsafe-service-unsafe-update-attribute +title: "UnsafeUpdateAttribute" +description: "--------------------------------------*" +sidebar_label: "UnsafeUpdateAttribute" +hide_title: true +hide_table_of_contents: true +api: eJztXXt327aS/yq4vHtO7FxJfuRxW92edhVZTb1xbB9J7m438iowOZJQUwALgHZUH333PQOAFEnJkhyn2SSL/BMLb2BmfjOYAcC7QNOxCprvgnMRs3BGLriiIyA9kDcshOCyFkSgQskSzQQPmkF9q39PB5y0tJbsKtVAuudtNeDb1awHtUAkICn2dxwFzSAxA2ukZmANOz43PPfrIomohry/oBYkVNIpaJA4tbuA0ykEzaAtOIdQ18+l0CIUcf1XkAqnVQsYzm0CNAIZ1AIJf6RMQhQ0tUyhFqhwAlMaNO8CPUuwJZ5Or0xJzXS8oWng6TRovjtYWsojGDEORE+A3NjSRIzMT9caSVxrQS0IBVc6aB7M57Wl+fTZFESq62/V0ky2H3mpkXsHqm2pGmGcTFUwn1/a1QKlX4lohh2FgmvgGv+kSRKz0JBy73eFbd0tj0hc/Q6hRqJJJLxmoDCXRYUySkvGx4VRsyioBSMhp1QHzSBNze/yqLsZEec1t2D3N2fya8GUfjgBPtaToHn44lm1wTPzB40HnPxnq3t6fPr6b38bcGK4j/GxWR9sCKlIi/x/y+KYSNBS0FCzG4hnhMYaJKFhCEoRLQh8YMo00j/6WWVsIOKIUB4RDreF1rCLxoCXE8g0VZpcAXZM42RCeToFyUJip1ojNI7FLXYwmSUT4Mo0nPIIpAqFBEWuUk240IQq0/eISaWJkCSmSpNwQiUNNcgG6U+AKC0kRISWh2CmeQWEI1li9idEOLNY3IIkIVXQaA74+/fvB1yxP2FHT5jaJT+SffITwb8bU6rDCaidJ//zjtb/bNX/e7/+/eXOT83Fr2H98mkhb/enf3uyS5oEZdS1POBIbZnGltqOuub3x1ATK34yalYoiNxX4UaHFEGr3+8ev7rod4bdi5POsP/beWfYOb14O7w47Z132sc/H3eOgtr9xVonJ8Ozn9eWOP1tQ4lfjjvdVrf9y2/B5bwW3NA4BXUmEVQWYkSlpDOEHA1TtSxe84V82fpDIS0qbUcJq4kkmFq4mg6WHYOmcUxihkw6IrZ9BCUjhHBLTCX8NSNqItI4Qs60fNsoE9mWLDVCST79uuGBBe0MFjIc8IA/nBUQGynjtmuhwPXZIF1IYhpiuhuF4EaU834ZJ1gCCFNGTFWaJEJqiP6V1QgpxzlaPRnPSAQxaIgGPPurRkIJ1Pxhhd8VlFA3a4ASrQgHHDqVs0YwL1BwpabtWuQPagGNImapeF5A8RGNFVTJvVLaShKGM5nQGyAR5WOQIjULp7AzHuJqXSgUQz0hIU2xVRzqvKq2TYJKsKJhzsP9ffyvPJheaihlFeynUFs5xYoARAumySO1nlNmKqFhqYtFYnW985wMiD7haKp9jYGj6QYRQZWMTBtRTa+oggdo4XKTqbJ6JKFSGxZbKYyqlkkEuZqRxZRbqZ6cIrsPOAFOr2IgI4iceYljGv3B1w0Js+e1wIp3iaQ2pTpam4xjiGBE01iTlGsWE/iALMW0kUtTCFdpQYArIWKgpq8paIqrVuwtT9tEMSfhLV2s7RKHVC+Nd5FFFJi1UyBvQJId4JrpGbmdiAw2MrgLES0McRGh0ohpAjfA9e4qlfaBTpMYzA7jAMXsoLG/v//s+f7+waHC3UVuwyGw1NG8xDVIDc5UpuESV01jkbVmGq7QZ5xGTK8gVqtAI5uTK3EfgN7PmAb0sY/yQginS1HpSU2KmYiQD4DpnpZpqFHyUs7+SFFRsAhXczQjlEhQIpWhg+G810X7JGfZeS0YS8q12sJyeAQqppKtK4TZ1Sm2okiimkYLj7xp9QjjSlMewoBfdI8XJjVqWBaRi+4J2YHGuFEjTyZaJ6q5txfBVDRCMd17sktGAm1siJD9CguhYDwFrlWDdGg4yX7a1pWmUhttDDyya1k14HPTu2b0orMgMjO+dk9hZXW8iqmagMot74qhbWbxU3Nvr2hxL/4eDAaD+uXdfu3lwbxkd+9gTuOBlXaf7jTf4Z//2P1pZ6/x1JjvJbs9Sa9iFr6BWVHqbeLwGmYr9qWJhBBlumnIl9sN0zTWLImBXMOMJJRJtQI4BYezkXEPVCCUhhOISvhpU6rd25GZPizlFjRn3AIC2iaknUqJFE8kjECimXWTOwfW8/01zB4hNQlM10kEZpe2vN8dfH9YC6aMZwkH1Rl/eLH/PWn1ThsHxJlLCJ/nnbcE+A3EIoEaSVVK43iG9LxeL7fXxoAoDODZhu5bDorcpjbDIwaSjIQ0u0ikhlHY8Ri75sJoELex2r8sGLRYYrmDay5uUQDHQjI9mRIceyaXJaleeJgI8FBEEDUGnPSFFekaGloKyJTOEEHeS0Wbh/vPv3tvBtrttepoE0XkVtIksfYvWijvIWwqCJPDFy/lgS3baVeK1sxOfSokEMtjKuuFRlFmwgOOZ80O802rNzy/eHVy3B6+6fw2bJ28XrXBvK9Ut9ca4mw2FHm+//3LNUU67WGv0z4/fPGye7C52LPvnm9T7MXhQfcguCzuXN5QdZ4Dy4NU4AJf0J1pIKYg8wZfxRQIVUqEzJgWmdIzpBulUk9AZmwa5jZnLgAo3hvUcnEmOQ4tNjrvssRL9AuW5V/CVOi1BrcrUZ33NVXFiaYyJvWFjleMh3aPRmMlkPFwB8zgBoGN0ULN/1dq9PNp0RW6c76CpkUmcYmX6K5dx2y1wJp1fcMwCw1oU4eGj6rcYhyC1hh0G8w3rV6T7Byf9jvd09ZJjXT+y/610rJ2iNQ7u+i2nQOqjELFnKzNSnLWgfFVXVP15lF685qqi/XG5DVVw1UGJS4Fsne2DjAjLesJ6pntyMcYOdhmQRgLTesJRcGKBR8bV5Nb+o1WRa7dSvvZPHGNX/Lk9Vn3uP/LkiMyTy9ohnKi0wWLxE57iNC/lPbsu+dLaS8OD5YDUb3MAWbBOBu+amxpeSApNhtIm9DZsNvx+s6oGq5wlSBdj4/WsEpBpnsMd59vDGOvV2Hzcr9Gw1R7fkONmaSKistgpjGgkIM+1ldT8OReWEsti4c43sx3WFs4OspNt8V0KjjxjhDvCPmLHSEl2xFmViqdUD7IfFySadKFMVNazopGoPON3G97Grmxpdw2BxYOTusLz0TdiBfQyGKg14NeD3o9uEYPosQsSZQJIAuh2yD/Upflw0InW/lyyg2iW8aiMQlxXCMMaT1c8WY6PVe9Da97ve79DLq3XWDabWUdBXcYGsldOg4kREkQrOiHE/QCIPjIVOktYO6j7OLyQZmtj6gsqplDCEb9fH2nRr4YDH1UaD4ImQzTmMqd3apvBUm30a9iRWUbWfLBsi/Yy+eDZT5Y5oNlPljmg2U+WOaDZT5Y5oNl3knonYTfspPQB8u8w8477L7mYJmZ9JpA2Zd3BUClhuJv7SbmL/YF5R6wX3MXVdU3NrR8U51p+VabqU6mNEnMhY1/EXpNm2RgsLtj5cn8F4OxRfOKg+BBrrcNFpldubbgtlQPSmDgsodhlj9UsIwL5uofpMpcF+ktt7iYpOGvMbsBXl2IT3LTxw23B4/xB+ZzfS1FmnyKhh7RhptR54MGyWncgxhCLeSvm7yjGeHAVRwqV/Me1qQkK2BggJIRgziyUGDu1pFRTLUGDlHGnF0EEQVcm60n2VFpOCFUDTgZSTElLDrfOzlqne8iYewNdSGLvJWnrWInwJ5tw1k51PQSYrvRXWPrX7z6j067P3zbOj8/Pn09PDvvdFv9s+4qH8T6ssenG4ucnvW3KXZ8OmyfnfZbx6c9s4uoUPXXbf3++WSnjB/bvIP5GqK7gEKpfHW1syuhoZgmVDIleHZBMtMHEhSiMjqykySeuXugA042MNlWfDPgZMdBxm4tI7vdn5vLphmTlCJdmWBVNqJrhaXAhOv3qdUFejrgLZJ3iUqKcVB4p8fddv4hV5qEanvXNp/zk1ysTIEnAx4L66v5kfyQDehH8oMbOsmW0tHgx6IyL+BJlQOcLjxbIWYua7hW3FyhotgZ5yQNpVD2/nCp9/uEr312enTcPz47Hb46OzvptE7vDautK9k63VTirFt2w7VLmF1hi+riPIz8LRKKGGno3pvIu1LL3Fpda3yQ4oZF9k2FJTIOx1bBrBXPPNqw4ECrlwiVUBiB2WO1To9ILMYsLG/wcq34MBPz3pm7EQQroEeBXuZOf0PT77W+qRuaG/02NHyw3XdvxDBVWqx1JbkS92/ySmiQly75+W3iCj8/elQiKkshyzxtTZdrDLR+6/So1T0attoG3SsmWSX3qNPu/nbeX5HT77ZOe2+P+2VNUBhbyTTIko2X+pHHJl4//ta+R0WPit8gKmajboXOPH+IucGJhU2kkyMnRtM0vYaiqZFh6yqft8sjCcgp084yc7aJe+6GKeOOcA/ueCH0QvitCmGv5BV9mDC6usRVbpIWcQ8eUqXY2LzIlJXpgd5Ruzh4WhC83Bk64HZv/A8nnVg2FNMrxpfOLGS7iGnmyK0OK9smFyTYR2R9RNZHZAsRWfuOlwGMzxMQ8TrU69BvSoc+LMb3qUJxGuT0AUGAgujbmuYoPHo/C6MdO3fo44U8v++1Hv3yYqswsHRvrPy2IxAzVBvjcZTKrYCPPTFi3dbmaIc5KpIFNO7vqkZuJyyc5McKLScNONo15Stv/nyJB8UvEBTLz3q+K4mtk6KHhT+6mYg4W6IYfcgbjwqRAnPjpVpLDXjhPJh5RpnQTDatONpHfotmULdsxVQ8ehWIftysFNmh1zQzydqCaynixSw6eAjfFDOl2t3OLi7AgCujc1J8Y9c9p5nBmUOU4mLYN6Qr5x5KUZQMj4ZF6BNXMRvTR54j+CTvpH7W22f+8VP/+KlXM1+omvGPn/r7nP4+p7/P6e9z+vuc/j6nv8/p73P6+5z+PqePHvro4dcePfT3Ob0jxDtCvqn7nP7xU68HvR70j5+WfTn+8VOve78d3fsVP376OR7+LIWRixxaSP10J5m2f7tTSzYem6+Of56pLx3nWmR98vNc9rTzqhn4q17+qpeP0nsF+fVG6f/iq17/F8dvTYzyg35MBLV09BZ/bhTtmAHX63dCtozdDBXjnQ8wjtxnx9tuhmW4xHE+7PDcLyKO8jchsEUXQzQ20kKh4hfnRyyOMfJSef/ADMPjosfFbxgXz3JB6Fsjd+t9SW4Ub33i0MuRl6NvX46yd5y2k6Kb/HS1lyEvQ16Gci/PduJTvHXgw69eer5M6Sky+ceqB3/e/As+KOfPm/vz5v68uT9v7s+b+/Pm/ry5P2/uz5v7c3b+nN23fM7Onzf3Dg/v8Piaz5vnMfqv6htCXjN7zew186YT8MtauSDvXm96vfkF683SnjONN70ZVpSkC67oCC7MEucvSnVBJYKrTTGH+dzMw6glnHN5Sh0pzTd5nMvSAG2CSss4ZPZ+V/YIsQonMKWblRA6+1YtbJHEXOjhSKQ8wgXIQDpEwzc2ujHlxtGImo8br8iQynFqjnHhRGgUMw5D+BAaTx4+K5c3iL5NCTSaDeEDU8ZyMC9CK/QoDyPgzLmI3J4dPkxoqqxKHlEWQzREy6LwfSd6ZdAaXeKpHorRUFI+BjNKg244LJPNuP1yksmiN5TF+IAXjphqOoyFUjYn1ROUGnt0eUk9GH+BpjpVBJcyew9STUQaR8ZRhAcW02n2ZbQReTcWYhxDQyZhoy0iuFxKaFhcVIqOV9Km6uaNwLqrZX1EQ/S/AvIIcS0sD4lx0uHjmKlJg7T4jKTqnqqFOvgVqpj9iS5ZdCE5ZzmieXH4PbMSjQg0ZbG6XJNlvxdXI0IWmnZfRbInGBtWnLH4ZjbWmYuntFTrrhbkEIXvilsjNoKrdLyqr9XSqmUK96MI5i6rL+OnUwZi5RXTkkqDzcwtQLbuFI0t5/oj/27c9sYKs81dgT1NadKdYl9upFGAR0eHRAotrtJRo8Vn1Q+kcXwmPQOX7adkatiRSNCp5JaMrsEmybyJoU1ATkDPaCRCtTcWe4bd1N7fsVhdlj70FswtEk5BT0SEdpJQhvAUwynBXmKel2+kBmkbFnDRpmEh7K2E36AWWDWoTJwslXHQDO6SmGrkhQ6PEsG4ni8JWMdCITlLgPePfiZZDTTB8WFA8xXDfKJZbsOw9cSO+YZKhuhiI1mVHi3GO7hfzp3P0c+pIEwl07Og+e6yFiDKu0O6r0Q0cyPMgsvBsxH97sXo5fP6i38e/LP+/MXLw/rVs1FYPwy/f/ls9PIlHdGX2eueBZEwOq4ZtPr97vGri35n2L046dz7QTYbED+TEUh7i8K0gj5LjBeWdh1FSi0tLzblIojN4ObAGMxC6Sk1esyN8T6Clpq6WyjFoL7Vv6eD4oOP3fO2GvDtatYXZhEeTkayM24j9wauLJe+C9ZwaVC7Z1qXtcDwTfNdcHeH8bILGc/nmPxHCtKxQMZS+GteCyZALSHugoiZD6tGqzfyxUXa6ToLZ5fcNx3cKub4UD9HAAlFXP81j/k6gA0CDNls3/V2/fXZFESq629Vtae8HLZX71tXflZiySBa1MDNT6LXlr0sYM75WQ/vF12JyOyjp8ZaCiS9RXGht3Yi1sq0USpMuwtiysep0d6BbRP//S8VaYMq +sidebar_class_name: "post api-method" +info_path: policy-unsafe +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +--------------------------------------* + Attribute RPCs +--------------------------------------- + + + + + + + + + 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true\n```\n\n"},"rule":{"title":"rule","description":"Optional\n WARNING!!\n Updating the rule of an Attribute will retroactively alter access to existing TDFs of the Attribute name.","type":"string","enum":["ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED","ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF","ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF","ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY"]},"valuesOrder":{"type":"array","items":{"type":"string"},"title":"values_order","description":"Optional\n WARNING!!\n Unsafe reordering requires the full list of values in the new order they should be stored. Updating the order of values in a HIERARCHY-rule Attribute Definition\n will retroactively alter access to existing TDFs containing those values. Replacing values on an attribute in place is not supported; values can be unsafely deleted\n deleted, created, and unsafely re-ordered as necessary."}},"title":"UnsafeUpdateAttributeRequest","additionalProperties":false,"description":"WARNING!!\n Updating an Attribute can have dangerous consequences. Use with caution."}}},"required":true}} +> + + + + "},"title":"conditions","minItems":1},"booleanOperator":{"title":"boolean_operator","description":"the boolean evaluation type across the conditions","type":"string","enum":["CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED","CONDITION_BOOLEAN_TYPE_ENUM_AND","CONDITION_BOOLEAN_TYPE_ENUM_OR"]}},"title":"ConditionGroup","required":["booleanOperator"],"additionalProperties":false,"description":"A collection of Conditions evaluated by the boolean_operator provided"},"title":"condition_groups","minItems":1,"description":"multiple Condition Groups are evaluated with AND logic"}},"title":"SubjectSet","additionalProperties":false,"description":"A collection of Condition Groups"},"title":"subject_sets","minItems":1},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"additionalProperties":false},"actions":{"type":"array","items":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"title":"actions","description":"The actions permitted by subjects in this mapping"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"SubjectMapping","additionalProperties":false,"description":"Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute\nvalue + action(s) combination"},"title":"subject_mappings","description":"subject mapping"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys"},"resourceMappings":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"terms":{"type":"array","items":{"type":"string"},"title":"terms"},"group":{"title":"group","type":"object","properties":{"id":{"type":"string","title":"id"},"namespaceId":{"type":"string","title":"namespace_id","description":"the namespace containing the group of resource mappings"},"name":{"type":"string","title":"name","description":"the common name for the group of resource mappings, which must be unique\n per namespace"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["namespaceId","name"],"additionalProperties":false,"description":"Resource Mapping Groups are namespaced collections of Resource Mappings\nassociated under a common group name."}},"title":"ResourceMapping","required":["attributeValue"],"additionalProperties":false,"description":"Resource Mappings (aka Access Control Resource Encodings aka ACRE) are\nstructures supporting the mapping of Resources and Attribute Values"},"title":"resource_mappings"},"obligations":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"namespace":{"title":"namespace","type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"name":{"type":"string","title":"name","description":"used to partition Attribute Definitions, support by namespace AuthN and\n enable federation"},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the namespace. Use kas_keys instead."},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys for the namespace"},"rootCerts":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"generated uuid in database"},"pem":{"type":"string","title":"pem","description":"PEM format certificate"},"metadata":{"title":"metadata","description":"Optional metadata.","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Certificate","additionalProperties":false},"title":"root_certs","description":"Root certificates for chain of trust"}},"additionalProperties":false},"name":{"type":"string","title":"name"},"values":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligation":{"title":"obligation","type":"object","properties":"circular()","additionalProperties":false},"value":{"type":"string","title":"value"},"triggers":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"obligationValue":{"title":"obligation_value","type":"object","properties":"circular()","additionalProperties":false},"action":{"type":"object","oneOf":[{"properties":{"custom":{"type":"string","title":"custom","description":"Deprecated"}},"title":"custom","required":["custom"]},{"properties":{"standard":{"title":"standard","description":"Deprecated","type":"string","enum":["STANDARD_ACTION_UNSPECIFIED","STANDARD_ACTION_DECRYPT","STANDARD_ACTION_TRANSMIT"]}},"title":"standard","required":["standard"]}],"properties":{"id":{"type":"string","title":"id","description":"Generated uuid in database"},"name":{"type":"string","title":"name"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Action","additionalProperties":false,"description":"An action an entity can take"},"attributeValue":{"title":"attribute_value","type":"object","properties":"circular()","additionalProperties":false},"context":{"type":"array","items":{"type":"object","properties":{"pep":{"title":"pep","type":"object","properties":{"clientId":{"type":"string","title":"client_id","minLength":1}},"additionalProperties":false}},"title":"RequestContext","required":["pep"],"additionalProperties":false,"description":"Holds the context needed for obligation fulfillment"},"title":"context"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationTrigger","additionalProperties":false},"title":"triggers"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"ObligationValue","additionalProperties":false},"title":"values"},"fqn":{"type":"string","title":"fqn"},"metadata":{"title":"metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false,"description":"Struct to uniquely identify a resource with optional additional metadata"}},"title":"Obligation","additionalProperties":false},"title":"obligations"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"Value","additionalProperties":false},"title":"values"},"grants":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","title":"id"},"uri":{"type":"string","title":"uri","description":"Address of a KAS instance\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')\n```\n\n"},"publicKey":{"title":"public_key","description":"Deprecated: KAS can have multiple key pairs","type":"object","oneOf":[{"properties":{"cached":{"title":"cached","description":"public key with additional information. Current preferred version","type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"pem":{"type":"string","title":"pem","maxLength":8192,"minLength":1,"description":"x509 ASN.1 content in PEM envelope, usually"},"kid":{"type":"string","title":"kid","maxLength":32,"minLength":1,"description":"A unique string identifier for this key"},"alg":{"not":{"enum":[0]},"title":"alg","description":"A known algorithm type with any additional parameters encoded.\n To start, these may be `rsa:2048` for RSA-based wrapping and\n `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed.","type":"string","enum":["KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED","KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048","KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1","KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1"]}},"title":"KasPublicKey","additionalProperties":false,"description":"Deprecated\n A KAS public key and some associated metadata for further identifcation"},"title":"keys"}},"additionalProperties":false}},"title":"cached","required":["cached"]},{"properties":{"remote":{"type":"string","title":"remote","description":"kas public key url - optional since can also be retrieved via public key\nURI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.:\n```\nthis.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$')\n```\n\n"}},"title":"remote","required":["remote"]}],"additionalProperties":false},"sourceType":{"title":"source_type","description":"The source of the KAS: (INTERNAL, EXTERNAL)","type":"string","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_INTERNAL","SOURCE_TYPE_EXTERNAL"]},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Kas keys associated with this KAS"},"name":{"type":"string","title":"name","description":"Optional\n Unique name of the KAS instance"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"title":"KeyAccessServer","additionalProperties":false,"description":"Key Access Server Registry"},"title":"grants","description":"Deprecated KAS grants for the attribute. Use kas_keys instead."},"fqn":{"type":"string","title":"fqn"},"active":{"title":"active","description":"active by default until explicitly deactivated","type":"boolean"},"kasKeys":{"type":"array","items":{"type":"object","properties":{"kasUri":{"type":"string","title":"kas_uri","description":"The URL of the Key Access Server"},"publicKey":{"title":"public_key","description":"The public key of the Key that belongs to the KAS","type":"object","properties":{"algorithm":{"title":"algorithm","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_2048","ALGORITHM_RSA_4096","ALGORITHM_EC_P256","ALGORITHM_EC_P384","ALGORITHM_EC_P521"],"description":"Supported key algorithms."},"kid":{"type":"string","title":"kid"},"pem":{"type":"string","title":"pem"}},"additionalProperties":false},"kasId":{"type":"string","title":"kas_id","description":"The ID of the Key Access Server"}},"title":"SimpleKasKey","additionalProperties":false},"title":"kas_keys","description":"Keys associated with the attribute"},"metadata":{"title":"metadata","description":"Common metadata","type":"object","properties":{"createdAt":{"title":"created_at","description":"created_at set by server (entity who created will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"updatedAt":{"title":"updated_at","description":"updated_at set by server (entity who updated will recorded in an audit event)","type":"string","examples":["1s","1.000340012s"],"format":"date-time"},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"optional short description"}},"additionalProperties":false}},"required":["rule"],"additionalProperties":false}},"title":"UnsafeUpdateAttributeResponse","additionalProperties":false}}}},"default":{"description":"Error","content":{"application/json":{"schema":{"type":"object","properties":{"code":{"type":"string","examples":["not_found"],"enum":["canceled","unknown","invalid_argument","deadline_exceeded","not_found","already_exists","permission_denied","resource_exhausted","failed_precondition","aborted","out_of_range","unimplemented","internal","unavailable","data_loss","unauthenticated"],"description":"The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]."},"message":{"type":"string","description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."},"detail":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","format":"binary"},"debug":{"type":"object","additionalProperties":true}},"additionalProperties":true,"description":"Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.","title":"google.protobuf.Any"}},"title":"Connect Error","additionalProperties":true,"description":"Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation"}}}}}} +> + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-update-namespace.api.mdx b/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-update-namespace.api.mdx new file mode 100644 index 00000000..5aead670 --- /dev/null +++ b/docs/OpenAPI-clients/policy/unsafe/policy-unsafe-unsafe-service-unsafe-update-namespace.api.mdx @@ -0,0 +1,73 @@ +--- +id: policy-unsafe-unsafe-service-unsafe-update-namespace +title: "UnsafeUpdateNamespace" +description: "--------------------------------------*" +sidebar_label: "UnsafeUpdateNamespace" +hide_title: true +hide_table_of_contents: true +api: eJztWlt32zYS/isods+J3VKy5VsTvWRVRen6OHV8JLu7XUurQORQRA0CDADKVn303/cMQErU1XYvednkJTIwHAzm8s1ggEdq2djQ5i29UoKHU3IjDYuB9EBPeAh0ENAITKh5ZrmStElrz/r3bV+SS5aCyVgIpHvVNn35vC9rNKAqA81wvfOINmnmBKvnTrC6l68Qr/jrJouYhfl6NKAZ0ywFCxq39kglS4E2aVtJCaGtXWllVahE7WfQBrcVUI57S4BFoGlANXzOuYaINq3OIaAmTCBltPlI7TRDTjJPR47SciueYA0yT2nztrGmyncQcwnEJkAmnpqo2P1ZcCNZwY0GNFTSWNpszGbB2n6ueQoqt7WfzNpOni/5EpOtglpPFRAuSWrobDbw2gJjf1DRFBcKlbQgLf5kWSZ46Ex58KtBXo/rEqnRrxBaNJpGw1sOBmd5VKExVnM5rkjNIxrQWOmUWdqkee7+Xpa6WxpxFhQK287OzQc0ZQ8fQI5tQptHp8fbGPblwrXT3FgyAsLIhAkekUQZi8zq5NwSk6hcRITLUOQREGaJAGYsURJIpGxA7rlNCLAwIQbGKUhL9gQbgdgnxjJtuRwTJiMCMsKfjppJwkSWMJmnoHlIwoRpFlrQddJBRu77uVgNYhU5O15QGSKUHAeECaHukWkyzRKQhoxyS6SyhBln55hrFFQTgQJXFrlGJ1BZTcAEBIlUyrgke/iJoyz3wWILuuAkGRLafS8VOjJH3vFCIfZe+V2NwFb3ZPx6xioNEZFzrd9zIXB7Eh1A8N8gwn0KdQ+ahMxAvdmXnz596kubcFNPmQ0TMHuv/rt3y2q/tWr/Oay9GVR+9/v9fm3weBicNWYViv23OFHf/64YGzweBbO/v9ovePclnc0WLrQRiro+NGhAWRRx9CMmripuHjNhYNXP/tXqXp5f/vjNN31JHD+0E6py4XaoPEla1mo+ym2hEA1WKxZaPgExJUygBVgYgjGoHXjgxnG6fvfelECjROQ8TMJ9hbtz4L4knfKTxUIOCtxGjPvQJsA1+ZmJHAzJZVQY/XLZVFLduyAxRoWcWYi8LyPlhpXpDPW6jMFuwGRKGo8OR4eH+N+y4nq5261Hyz8Dg+Ye50grWFHmmT8MYcsbGIPEzAcRQURDjI2YZSNm4AUgtswyNz44MsQTHNtszICYPMuUtmQ0rQRaK7fJJRq6LwlINhJAYoiK7IwyxZ/lLpFwehZQ75RVJRYjq9L6YZQhgpjlwpJcWi4IPKARuRU44YhQSwsDjJQSwNxaKViGWquuNh97ymKhBmTcstWvi8Ehs2vyLqaIAac7A3oCmuyBtNxOyX2iSEFUBmmodATOuIjlecQtgQlIu7+Qbq5HeGBpJsAVaA107Eb98PDw+OTwsHFksDibp0CEnRpmZ9RB7lBoZRvF4KZtLKZ2bKMg+oLbcLnMbArTck8FxTZ43e6YE0QsXGNZESrzTDB1a0uqk4hJLwDxntV5aDHycsk/54jIPEJtxlPCiAajcu3g0SZkvuqCP5m77CygY82krW6Hac2mWOtZSDfq54U4hC6j+S4inF7dYiuKNCYXTEbkotUjXBrLZAh9edM9XyuNbrofyB7Ux/WAvEqszUzz4CCCVNVDlR682iexwpoEInS/iiKKisIU9U1ZYDjurkoqS6Qn6qOAhExi9WGxYinKnmALMU7IiBjBTAJmWznhdvG2eXDwwrJiz9UVL/xo/9u95i3+/G7/7d5B/dv9t8ulSECzfCR4eAHTatT7weEdTDeU9ZmGEGO66cyH+knYBItaYXkmgNzBlGSMa7MBOJWEj7E7Xa1AKAsTiJbw04+sLu8lc2t4yy1szqUHBK5knbRzrdHimYYYNBaCk/nZarff38H0D0RNBumuiMDppRPD68abo4CmXJYDjdUdP5weviGt3mW9QYoCBeHzqvMTATkBoTIISG5yJsQU7Xm3O27vXAFREeD4ieVbBRQRz6rEIw6axArrNm7QGi5hi7Grf5TLIMUJ9nBQKXeRYn2BO6nuMQDHSnObpARlL+NyKaoXB3QCMlQRRFhwXisf0gGWhgZIyqaIIJ+0Yc2jw5PXn5yg3V6rhjVRRO41y7LilNSX5BOETQNhdnR6phuettNeIQ3cSSdVGoj3MVOuwiLMZ8wQCYDybMpjXhH0otUbXt388OG8Pbzo/DJsffhx2Lm8+Wl4c9m76rTP35933tFgK1W31xribp4gOTl8c7aDpNMe9jrtq6PTs27jabLj1yfPITs9anQbdFA911wwczUHlhelwAW+9CVpOYipxLzDV5UunQrKpOdMF+faJqBLNw3nNec8ADC8n0jL1Z3McWhxtLgtBwfYVlmOfw2psjsL7oJidd93zFQ3mmtBaoscb7gMwWEtE0ah4+G5jcMEgY2zypf/V2n0y2XRDblztsGmVScpBgfY7drlbAH1Zd21c5hFBvSjQ+dHq97iGhy+GCwO5RetXpPsnV9ed7qXrQ8B6fzb/9pYWReI1Pt40213hte/XHVWUKg6U/JcGS4XwChA7734Q3nzjpmb3cXkHTPDTQUlqgLdu9QDTEnL9y967jjye4oc5FkJxgprmzAMLOyHuQZJofonq4p5dls6z84Ht9uo9eHHj93z63+u5onFeCUzLA8WuWAx2GkPEfrXxo5fn6yNnR411vv4PX/ch8iDcSm+qT+z8kBTPF0gPYXOzt3Ody/GzHBDqwTtev5uh6tUYrrH8fR54Rx7dwqbLa/rMszqyhfMlUlmQzuLG+dBv7dX87HIEdj385UaklVgYX7CekajY5l1W6WpkuRrI+RrI+QvboQs1Y4w9VFZBOWLyse1mCZdGHNj9bRaBBa9ke21p4sbT1Ucc2DR4KyTGwOkDHUXXsAij4Ff8+DXPPg1D+7IgxgxaxGFCtFK2Tbov7Rl+bKrk2f1cpYZYlvGozEJUa4YL5FennjLnD5PvfWvufdr7v0CubddcdrnxjoG7jB0kbv2+EGppUDwoR8m2AVA8NG5sS8Rb8t1ub/ifUJgdz9cXBCu3wJ3tFb6z7sDxubkJiNW3UkqO4xVLiN0ozLNhVioC9dwyqVrjLrXOa6LM2R6nGMDxumZRYJLGMJD6DqPNKgwxF6sBhZNh+4CHw2TgU65wQ74MALJi5ZW0WOAh4Tlxl+OxowLiIZYCSnp1Yn8Ri7fYQs/t0MVDzWTY3BSuvyAYrlpLi1oyYSbYhPGBV4Ao8TMsqFQ7qY9lyy3CUaoq7bWE6x/wMFsbgiqMiD3CccGlH8bg40tvFrOU+KiAX3pdqzUWEBdZ2G9rSIYrA3UPQwbw8YbbbPalo7At9d1LWYh9osBfYQUHNZF4pJ05Fhwk9RJS05JbrZ8WvlGqLB4iuJaXkVzH3NjVfye00Q9Asu4MIMdUyTmIKLAvcGZsx5NHcdQcJC27qEDyZ92Y1u2pJZUNQsKENqgxDkcjrhkvuiOYJSPN621OVrdw42tkOCf1q0eU11f0Tg41yNuNdMuD/BCAaXeGZarRauS/MNdM7g61rMbgX/F5MaL0midSb0CxYUd3IO7UR7XW3K6VDqVL/JKcHn+ltwXXhINNtfSm7Fg2CRl9zP0A+gJ2MmNVGgOxurAuZs5+BuS1TSeatC1il64R8IUbKL8S0n31ChjeP1DD3Y8nDzY9nDSp1z/ajLXgjbpYyaYRV/oyChTXNrZWoB1PBSSjxnI63fvSfkFHmLwYUmY4LVKudFytu7cOvEyT5jmiC7+5m1lRY/xBdyvz87cK0QDYa65ndLm7SCgiPLdxbvEQsKysqTHMXt9Gp+d1E6/b3xfOzk9O6qNjuOwdhS+OTuOz85YzPBMUbyzXAQLXkwuHbiqKl7TC+6ruKps0knDFaLK2JTJ8nHRtkS4yqryqvKLvMAt4tvCg0V7cemfCDic8e51u+tdLg22bGsQUGfw5i19fMTi/EaL2QyHP+egC9uVvoB/zYLyLSt6ZMQNTkSbOwZVJe2VjzX3ybbt4Cl558PdAhkpxbuh5y/9vPWWntsurTSnQ361a39nUFKsVTKLL/Dcl9mdtIMKWFx97F3TgI6KV7upK3OoZvdYTbB7vxFfivrrMBx7pILJce7SLvU88d//AKuwzNE= +sidebar_class_name: "post api-method" +info_path: policy-unsafe +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +--------------------------------------* + Namespace RPCs +--------------------------------------- + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/unsafe/policy-unsafe.info.mdx b/docs/OpenAPI-clients/policy/unsafe/policy-unsafe.info.mdx new file mode 100644 index 00000000..ea72acc8 --- /dev/null +++ b/docs/OpenAPI-clients/policy/unsafe/policy-unsafe.info.mdx @@ -0,0 +1,41 @@ +--- +id: policy-unsafe +title: "policy.unsafe" +description: "" +sidebar_label: "policy.unsafe" +hide_title: true +custom_edit_url: null +--- + +import ApiLogo from "@theme/ApiLogo"; +import Heading from "@theme/Heading"; +import SchemaTabs from "@theme/SchemaTabs"; +import TabItem from "@theme/TabItem"; +import Export from "@theme/ApiExplorer/Export"; + + + + + + + + + + + + + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` + \ No newline at end of file diff --git a/docs/OpenAPI-clients/policy/unsafe/sidebar.ts b/docs/OpenAPI-clients/policy/unsafe/sidebar.ts new file mode 100644 index 00000000..5db9bab9 --- /dev/null +++ b/docs/OpenAPI-clients/policy/unsafe/sidebar.ts @@ -0,0 +1,7 @@ +import type { SidebarsConfig } from "@docusaurus/plugin-content-docs"; + +const sidebar: SidebarsConfig = { + apisidebar: [], +}; + +export default sidebar.apisidebar; diff --git a/docs/OpenAPI-clients/wellknownconfiguration/sidebar.ts b/docs/OpenAPI-clients/wellknownconfiguration/sidebar.ts new file mode 100644 index 00000000..86639d57 --- /dev/null +++ b/docs/OpenAPI-clients/wellknownconfiguration/sidebar.ts @@ -0,0 +1,20 @@ +import type { SidebarsConfig } from "@docusaurus/plugin-content-docs"; + +const sidebar: SidebarsConfig = { + apisidebar: [ + { + type: "category", + label: "Well-Known Configuration", + items: [ + { + type: "doc", + id: "wellknownconfiguration-well-known-service-get-well-known-configuration", + label: "GetWellKnownConfiguration", + className: "api-method get", + }, + ], + }, + ], +}; + +export default sidebar.apisidebar; diff --git a/docs/OpenAPI-clients/wellknownconfiguration/wellknownconfiguration-well-known-service-get-well-known-configuration.api.mdx b/docs/OpenAPI-clients/wellknownconfiguration/wellknownconfiguration-well-known-service-get-well-known-configuration.api.mdx new file mode 100644 index 00000000..d8335313 --- /dev/null +++ b/docs/OpenAPI-clients/wellknownconfiguration/wellknownconfiguration-well-known-service-get-well-known-configuration.api.mdx @@ -0,0 +1,63 @@ +--- +id: wellknownconfiguration-well-known-service-get-well-known-configuration +title: "GetWellKnownConfiguration" +description: "GetWellKnownConfiguration" +sidebar_label: "GetWellKnownConfiguration" +hide_title: true +hide_table_of_contents: true +api: eJytV01z3DYM/SsY9ipr0x73VI/rZNJ2mk6ctAevZ4MlIYkxBaoktfbWo//eASXZ+2E7OfRkLQiCwHvAI/2gEtZRLa/V3+Tc2W/s7xguPFe27gMm61ndFMp3NP54b9RS3ZFzt+Ko9/1KCZD3X1HYWk3lO0qPtsOQhQoUO8+Rolo+qJ/evJE/hqIOtsseS3XVa00xqkJpz4k4iQt2nbM6B1l8jeL3oKJuqEX5SruO1FL5zVfSSRWqC5J4suMpB9lmd5uc+Ouj3I7DoDFWltD9eRDQM32o1PL68WDunVNDsfe73VDYt8QULNf7lo33jpD3TRgC7vYN38gkhZ6Gm+IIvy9/oevpCwTqAkXiFAHB7Bhbq9G5HUhwA1vxgrvG6gY0MmwIyKaGwopB6ikAYaxDvsb85WvKWz4D6T5EuyVZ7nUaYxbgA+CKwdmYwFejNZZwDl3wptcUHq1gI9B9RzqRgeQhUgLPJOupoUgrhi0Gi5xk/yYS67yIvJsXwLKRzqAIyEAh+FCueMXwqSH49erDH09AZJ6h8gFmjGwcXXIypbTA1Bq197Wjsgs++U1fldlfDSdYX+XCj8Ae0egDGTCYcIZFe442Jsu1lFBZciaueKKgxU4AeIGnWMJ7huhbAodc91hTLGA+fcXQ2rpJwmHsu84HgXOzEwYxCT+HEJTw1gege2w7RwVYQWuqiuunA8DZW4HwsSKB6zESGUCBfMUwtmmZETeU0Lo4MojpGHwM4iKHbTLjNU0td2dTI5xDhnwuI5Ml1jmp76B2pmTmdspODcMTvS8q1MdJnl6cuQpdpGEYcitU2Lt0qmCX0oT/p34Z2vOapKRQE4FZxNmndeV7NqLaxH0rRo2syZFRheo5C7cqlOUtOmvWGOq+leykEDTOMq3pXhOZvOEpYKHQBUKzW9O9jUmEuaPQ2hit57UhtnlDoOj7oCVIg31M2VihdWTWXSDteYRT4m1yh6pC+T6tfbUOyDXlLK1U1Ob2yrkmCowuL+EWrcONE0cZq7Xz+ZboGfvUEKesAhmAQzqkW2LC1EcQKItp4mLje2dkZkQ3uG8nSfIVXE/jHzpdXnhDNyeGUrSgpRixfpabwwzOwdCWnJB6VqGWKctCBVOE05QswyXXzsamhHPeQR9f2Lq3x3mNzv4rg8kGZCokjEzPfvpXGYlymtObV5ZGicpy/hR6s8sRtbPEqRwVUdy/3cbj6umNqDLsz4FY+dBikrvSMobdeNimr58765Ubcnht9ZiqC88JLefLBMPGpoBhB5GCnQCYcUfnuR5lC+FnSWcUvFndYsYp28fb7Jkgr90457w7kKwLz0w6wSwu319S3jFmEij1gUcap4BLaFLq4nKx0KNBOkH7dmG8jovaL3K7xcUP4nZ2KLhqmJVw/7zXnn8tpcbLW7Km3CGYGrVUi1KelmdZoha+I06mOjt+nUUKWwoxv7v64NRSPXQOkzTJJZvOW07DyeRdjhoJHzriT7+8hXkHfP74ewGx143cYjMC82qZ+73xUXLM74yNG5v4+MRR/Kd74HR1GOR9FuWdZNNOLa9vRNQqv/8Kff5VfVKJZEIhjj+2P8owdD6mFvNdwti+eq8dh3scoET3Seq28hIdcX2YaLlWe7So/M/AM8TcFCoDtbxWDw8bjPQ5uGEQ8z89hanmGUP5NRSqITQUMpO3tBOB1Jq6EeysBaf3peD42DzvLj+pYfgP02GWqQ== +sidebar_class_name: "get api-method" +info_path: wellknownconfiguration +custom_edit_url: null +--- + +import MethodEndpoint from "@theme/ApiExplorer/MethodEndpoint"; +import ParamsDetails from "@theme/ParamsDetails"; +import RequestSchema from "@theme/RequestSchema"; +import StatusCodes from "@theme/StatusCodes"; +import OperationTabs from "@theme/OperationTabs"; +import TabItem from "@theme/TabItem"; +import Heading from "@theme/Heading"; + + + + + + + + + + +GetWellKnownConfiguration + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/OpenAPI-clients/wellknownconfiguration/wellknownconfiguration.info.mdx b/docs/OpenAPI-clients/wellknownconfiguration/wellknownconfiguration.info.mdx new file mode 100644 index 00000000..de955379 --- /dev/null +++ b/docs/OpenAPI-clients/wellknownconfiguration/wellknownconfiguration.info.mdx @@ -0,0 +1,41 @@ +--- +id: wellknownconfiguration +title: "wellknownconfiguration" +description: "" +sidebar_label: "wellknownconfiguration" +hide_title: true +custom_edit_url: null +--- + +import ApiLogo from "@theme/ApiLogo"; +import Heading from "@theme/Heading"; +import SchemaTabs from "@theme/SchemaTabs"; +import TabItem from "@theme/TabItem"; +import Export from "@theme/ApiExplorer/Export"; + + + + + + + + + + + + + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` + \ No newline at end of file diff --git a/docs/components/policy/index.md b/docs/components/policy/index.md deleted file mode 100644 index bcb98c27..00000000 --- a/docs/components/policy/index.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -sidebar_position: 1 -slug: /components/policy ---- -# Policy - -Policy is the all-encompassing name for configuration of cryptographically-bound Attribute Based Access Control (ABAC) within the Platform. - -```mermaid -graph LR; - Data<-- Resource Mappings -->Attributes; - Attributes<-- Subject Mappings -->Entities; -``` - -TDF creation and decryption are driven by the Policy within a Platform instance and the TDF manifest. In other words, on a TDF decryption request, the platform services (KAS, Authorization) compare attributes on the TDF against the requester's entitlements to make a decision to release the key or not. - -Components of Policy include: - -- Attributes - - Namespaces - - Definitions - - Values -- Actions -- Subject Mappings - - Subject Condition Sets -- Registered Resources -- Resource Mappings -- Key Access Grants (KAS Grants) diff --git a/docs/components/policy/key_access_registry.md b/docs/components/policy/key_access_registry.md deleted file mode 100644 index 867b5ba0..00000000 --- a/docs/components/policy/key_access_registry.md +++ /dev/null @@ -1,47 +0,0 @@ -# Key Access Registry - -The Key Access Server (KAS) Registry within the platform policy is a store of known Key Access Servers. - -Within platform policy, a registered KAS instance has the following key attributes: - -1. **URI**: The location where the KAS is accessible. This must be unique among all KAS instances registered in the platform. -2. **Public Key Location**: - 1. **Remote**: A public key available at an endpoint, such as `https://kas-one.com/public_key`. - 2. **Cached**: One or more public keys stored within the platform policy database (see the example below). - -These traits are essential for managing KAS Grants to attributes and their associated key splits in encryption and decryption processes. - -#### Cached Key Example - -```json5 -{ - "cached": { - // One or more known public keys for the KAS - "keys": [ - { - // x509 ASN.1 content in PEM format - "pem": "", - // key identifier - "kid": "", - // key algorithm (see below) - "alg": 1 - } - ] - } -} -``` - -1. The `"pem"` field should contain the full certificate, for example: - `-----BEGIN CERTIFICATE----- -MIIB...5Q= ------END CERTIFICATE----- -`. - -2. The `"kid"` field represents the key identifier, which is primarily used for key rotation. - -3. The `"alg"` field specifies the key algorithm used: - -| Key Algorithm | `alg` Value | -| ----------------- | ----------- | -| `rsa:2048` | 1 | -| `ec:secp256r1` | 5 | diff --git a/docs/components/policy/keymanagement/key_managers.md b/docs/components/policy/keymanagement/key_managers.md deleted file mode 100644 index a7f12a4f..00000000 --- a/docs/components/policy/keymanagement/key_managers.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -sidebar_position: 1 -slug: /components/policy/keymanagement/key_managers ---- - -# Key Managers - -With the new key architecture OpenTDF has added the flexibility for an organization to store keys outside of a key access server or the platform. For example, if you want to use OpenTDF and your encryption keys are stored within AWS KMS, this is now totally possible through **key managers**. - -## What is a key manager? - -A key manager is essentially a client that is used for either performing cryptographic operations or orchestrating the necessary procedures for retrieving the decrypted data encryption key, which can be used for decrypting the TDF. An example of a key manager can be found in the [basic manager](https://github.com/opentdf/platform/blob/main/service/internal/security/basic_manager.go). The basic manager is the default manager, which expects the private key to be stored within the platform and the symmetric key that wraps the private key to be stored within KAS. - -## How do I register a key manager? - -If you have written your own key manager, you can register it with KAS by providing its factory method with a [server option](https://github.com/opentdf/platform/blob/main/service/pkg/server/options.go#L131) (.so), during server startup. By providing a way to instantiate an object of your key manager type we will then use it when necessary. You will also need to configure KAS to use the new key manager. This is done through provider configuration file (.cfg). - -### Provider configurations - -Provider configurations are a way of entangling a key to a specific manager. The [key management proto](https://github.com/opentdf/platform/blob/main/service/policy/keymanagement/key_management.proto#L76) provides specifics on what RPCs are available as well as what is expected within each call. One of the most important parts of the provider configuration is the **name** field. The **name** field is what KAS will look for when trying to instantiate a specific manager. If no manager with that name is found, KAS will attempt to use the default manager. - -The basic flow is as follows: -:::note -In the below example, r1 is just an example key id. -Key managers are a part of KAS, and not external services -although they can reach out to external services to perform -needed operations. -::: - -```mermaid -sequenceDiagram - SDK->>+KAS: Rewrap key (key id=r1) - KAS->>+Platform: Retrieve key (key id=r1) - Platform->>+KAS: Returns key - KAS->>+KAS: Get name of provider config from key - KAS->>+KAS: Instantiate key manager from provider name - KAS->>+Key Manager: Decrypt data encryption key - Key Manager->>+KAS: Return decrypted key - KAS->>+SDK: Return rewrapped data encryption key -``` - -When registering your provider configuration and your key manager the name must match. For example, the [basic manager name](https://github.com/opentdf/platform/blob/main/service/internal/security/basic_manager.go#L23) is **opentdf.io/basic**. For example, if you create a manager with name **opentdf.io/aws**, you would need to create a provider configuration with the same name and tie it to a key when creating the key. In addition, when registering the manager you need to pass in the same name as what the provider configuration expects. - -:::important -If private keys are meant to be stored within the platform database, -there should be no provider configuration added to the key. Since -an empty provider configuration is assumed to be tied to the -default manager. -::: - -:::important -Provider configuration names must be unique. -You cannot delete provider configurations that are tied to keys. -::: - -## Helpful links - -- [key manager interface](https://github.com/opentdf/platform/blob/main/service/trust/key_manager.go#L33). -- [NamedKeyManagerFactory](https://github.com/opentdf/platform/blob/main/service/trust/key_manager.go#L62) -- [KeyManagerFactory](https://github.com/opentdf/platform/blob/main/service/trust/delegating_key_service.go#L21) diff --git a/docs/documentation.mdx b/docs/documentation.mdx new file mode 100644 index 00000000..a30e95e6 --- /dev/null +++ b/docs/documentation.mdx @@ -0,0 +1,229 @@ +--- +title: Documentation +description: Complete OpenTDF documentation - tutorials, guides, concepts, and reference materials. +keywords: + - data-centric security + - zero trust + - trusted data format + - TDF + - ABAC + - attribute-based access control + - OpenTDF + - documentation +sidebar_position: 1 +--- + +import React from "react"; +import Callout from "@site/src/components/Callout"; +import Cards from "@site/src/components/Cards"; + +
+
+
+
+

OpenTDF Documentation

+

+ Complete documentation for OpenTDF - an open source system for implementing data-centric security. + Whether you're just getting started or building advanced integrations, find everything you need + to understand, implement, and deploy OpenTDF's zero-trust data protection. +

+

+ OpenTDF builds upon a decade of experience at Virtru + protecting data objects at scale using the Trusted Data Format + for organizations of all sizes and across all industries. +

+ +
+
+
+
+ +
+ +## Find What You Need + + + +## Learning Paths by Role + +Choose a curated learning path based on your role: + + + +## Quick Start Paths + + + Start with our comprehensive overview: what OpenTDF is, how it works, and why data-centric security matters. + + + + Get hands-on in 30 minutes: set up OpenTDF locally, create policies, and encrypt your first data object. + + + + Learn how to implement PEPs, connect identity providers, and integrate attribute resolution from your directory services. + + + + Explore working examples in Java, Go, Python, and JavaScript for common OpenTDF operations. + + +## Why Zero Trust and OpenTDF? + +Today's cybersecurity landscape is increasingly adopting and requiring **Zero Trust models and frameworks**. Zero Trust operates on the principle of "never trust, always verify," ensuring that every access request is authenticated, authorized, and encrypted, regardless of its origin. + +**OpenTDF implements this model** by providing an open-source framework, specification, and set of services that prioritizes the protection and integrity of data at every stage. By integrating OpenTDF's data security features with a Zero Trust architecture, organizations can: + +- **Enforce strict access controls** with attribute-based policies +- **Ensure data is continuously monitored** throughout its lifecycle +- **Maintain comprehensive visibility** into data interactions +- **Minimize the risk of data breaches** through cryptographic binding +- **Foster a secure environment** where data can be shared and utilized with confidence + +Together, Zero Trust and OpenTDF empower businesses to uphold the highest standards of data security in an interconnected world. + +## Project Overview and Current State + +In 2023, the OpenTDF team undertook a **significant re-architecture** of the OpenTDF platform to enhance its extensibility and interoperability, responding to the evolving needs of our diverse user base and the dynamic cybersecurity landscape. See our [GitHub Organization Page](https://github.com/opentdf/) to navigate the new repositories. + +This comprehensive overhaul involved: +- **Simplifying core service components** for better maintainability +- **Adopting standardized policy schemas** for interoperability +- **Improving platform APIs and SDKs** in both developer experience and capability +- **Focusing on extensibility** to enable customization for specific use cases + +Through the sponsorship of **Virtru** and its partners, the OpenTDF project has been meeting the needs of customers across industries and use cases. Check out [Virtru Data Security Platform](https://www.virtru.com/data-security-platform) for more. + +## What Makes OpenTDF Different + +- **Policy Travels with Data**: Unlike traditional access controls, TDF policies are cryptographically bound to the data itself +- **Zero-Trust by Design**: Data remains protected regardless of network boundaries or storage location +- **Fine-Grained Control**: Attribute-based access control enables precise, contextual authorization decisions +- **Standards-Based**: Built on the proven NIST ABAC model for interoperability and compliance +- **Developer-Friendly**: SDKs for Go, Java, and JavaScript make integration straightforward + +## OpenTDF in Action + +Ideas for leveraging OpenTDF in your own applications: + + + +## Join Our Community + +Virtru, the sponsor of the OpenTDF developer community, would love to hear from you! We're developers, too, and as we mature the project, we're curious what you're building, and what kind of problems you may be encountering or are trying to solve. + +You can provide anonymous feedback or share your contact information for access to curated resources, updates, and responses to your questions. + +- **🗣️ [GitHub Discussions](https://github.com/orgs/opentdf/discussions)** - Join conversations with the community +- **📝 [Share Feedback](https://www.virtru.com/feedback)** - Help us improve OpenTDF +- **🚀 [Showcase](https://github.com/orgs/opentdf/discussions/categories/show-and-tell)** - Show what you're building +- **🗺️ [Roadmap](https://github.com/orgs/opentdf/discussions/1806)** - See what's coming next + +--- + +**Ready to protect your data?** Choose your path above and start building with OpenTDF. + +
diff --git a/docs/explanation/_category_.json b/docs/explanation/_category_.json new file mode 100644 index 00000000..e92fa291 --- /dev/null +++ b/docs/explanation/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Understanding OpenTDF", + "position": 1, + "link": { + "type": "generated-index", + "description": "Learn the core concepts behind OpenTDF, data-centric security, and how the platform implements zero-trust data protection through the Trusted Data Format." + }, + "collapsible": true, + "collapsed": false +} \ No newline at end of file diff --git a/docs/explanation/abac-and-policy/_category_.json b/docs/explanation/abac-and-policy/_category_.json new file mode 100644 index 00000000..21ca272a --- /dev/null +++ b/docs/explanation/abac-and-policy/_category_.json @@ -0,0 +1,8 @@ +{ + "label": "ABAC & Policy", + "position": 1, + "link": { + "type": "generated-index", + "description": "Learn how OpenTDF implements Attribute-Based Access Control (ABAC) for fine-grained, cryptographically enforced data protection." + } +} diff --git a/docs/explanation/abac-and-policy/attributes-and-namespaces.md b/docs/explanation/abac-and-policy/attributes-and-namespaces.md new file mode 100644 index 00000000..0972d9ff --- /dev/null +++ b/docs/explanation/abac-and-policy/attributes-and-namespaces.md @@ -0,0 +1,322 @@ +# Attributes & Namespaces + +OpenTDF uses attributes and namespaces to classify data and express access requirements. Understanding these concepts is essential for designing effective ABAC policies. + +## Namespaces + +Namespaces partition the attribute space by authority or context, enabling multiple divisions or organizations to apply their own attribute schemes to the same data without conflicts. + +**Why Namespaces Matter**: The same data can have attributes from multiple namespaces simultaneously, each representing a different stakeholder's perspective or governance requirements. + +### Real-World Example: Multi-Division Status Tracking + +A product development proposal might be encrypted with multiple "status" attributes from different divisions: +- `engineering.company.com/attr/status/value/in-development` - Engineering tracks technical development status +- `legal.company.com/attr/status/value/under-review` - Legal tracks compliance review status +- `finance.company.com/attr/status/value/budget-approved` - Finance tracks funding status + +Without namespaces, you couldn't have three different "status" attributes—there would be a naming conflict. With namespaces, each division maintains its own independent "status" attribute with its own values and rules. + +```mermaid +graph TD + DATA[Encrypted Document:
Product Development Proposal] + + DATA --> NS1[engineering.company.com/attr/status] + DATA --> NS2[legal.company.com/attr/status] + DATA --> NS3[finance.company.com/attr/status] + + NS1 --> V1[value: in-development] + NS2 --> V2[value: under-review] + NS3 --> V3[value: budget-approved] + + V1 --> P1[Engineering Policy:
Requires project team membership] + V2 --> P2[Legal Policy:
Requires legal review completion] + V3 --> P3[Finance Policy:
Requires budget approval] + + P1 --> ACCESS{Access Granted
if ALL policies pass} + P2 --> ACCESS + P3 --> ACCESS + + style DATA fill:#e1f5ff + style NS1 fill:#fff4e1 + style NS2 fill:#fff4e1 + style NS3 fill:#fff4e1 + style V1 fill:#f0ffe1 + style V2 fill:#f0ffe1 + style V3 fill:#f0ffe1 + style ACCESS fill:#d4edda +``` + +When someone requests access: +- Engineering's policy checks: "Is the technical work complete enough for access?" +- Legal's policy checks: "Has the necessary legal review happened?" +- Finance's policy checks: "Is the funding status appropriate for this access?" + +Each division maintains authority over their own namespace without interfering with others. + +### Namespace Format and Patterns + +**Format**: `/` + +**Common Patterns**: +- `engineering.company.com/attr/status` - Engineering division's status tracking +- `legal.company.com/attr/status` - Legal division's status tracking (different rules, same attribute name) +- `finance.company.com/attr/status` - Finance division's status tracking +- `sales.company.com/attr/region` - Sales division's regional organization + +**Key Properties**: +- **Independent Authority**: Each division controls their own namespace +- **No Naming Conflicts**: `engineering.company.com/attr/status` and `legal.company.com/attr/status` are completely separate attributes +- **Multi-Stakeholder Governance**: Data can satisfy multiple policies from different divisions simultaneously +- **Parallel Workflows**: Different divisions can track the same data through their own processes independently + +**Naming Conventions**: Namespaces can follow hierarchical naming patterns for organizational clarity, though each namespace is independent: +- `example.com/attr/location/country` +- `example.com/attr/location/region` +- `example.com/attr/location/city` + +These path-like names help humans understand relationships, but there's no parent-child functionality in the system—each namespace operates independently. + +--- + +## Attributes + +Attributes are properties defined within namespaces. Each attribute has: + +- **Name**: Identifier (e.g., `department`, `access-level`) +- **Rule**: How values are evaluated (ANY_OF, ALL_OF, HIERARCHY) +- **Values**: Enumerated possible values +- **Metadata**: Description, tags, etc. + +### Attribute Structure + +```mermaid +graph TD + NS[Namespace
example.com/attr/department] + + NS --> ATTR[Attribute Definition
name: department
rule: ANY_OF] + + ATTR --> V1[Value: engineering] + ATTR --> V2[Value: sales] + ATTR --> V3[Value: hr] + + ATTR --> META[Metadata
labels, description] + + style NS fill:#e1f5ff + style ATTR fill:#fff4e1 + style V1 fill:#f0ffe1 + style V2 fill:#f0ffe1 + style V3 fill:#f0ffe1 + style META fill:#ffe1f5 +``` + +### Creating Attributes + +Use the CLI to create attributes within a namespace: + +```bash +# Create attribute with rule +otdfctl policy attributes create \ + --namespace \ + --name department \ + --rule ANY_OF + +# Add values to the attribute +otdfctl policy attributes values create \ + --attribute \ + --value engineering +``` + +--- + +## Attribute Rules + +Attribute definitions include a **rule** that determines how the attribute's values are evaluated during authorization. The rule controls the entitlement logic: how a subject's attributes are matched against the attributes on encrypted TDF data to determine access. + +### ANY_OF + +**Logic**: An entity who is mapped to **any** of the associated values of the attribute on TDF'd resource data will be entitled to take the actions in the mapping. + +**Use Case**: When a subject needs only one of several possible attribute values to access data. + +**Example**: +``` +Attribute Definition: +- Name: team +- Rule: ANY_OF +- Values: [red-team, blue-team, green-team] + +TDF Encrypted With: [team=blue-team] + +Authorization Results: +✓ Subject with team=blue-team → Access GRANTED +✓ Subject with team=red-team AND team=blue-team → Access GRANTED +✗ Subject with team=red-team → Access DENIED +✗ Subject with no team attribute → Access DENIED +``` + +**When to Use**: +- Access based on membership in one of multiple groups +- "Either/or" access requirements +- Attribute represents independent, non-hierarchical categories + +### ALL_OF + +**Logic**: An entity must be mapped to **all** of the associated values of the attribute on TDF'd resource data to be entitled to take the actions in the mapping. + +**Use Case**: When data requires multiple attribute values simultaneously for access (intersection of requirements). + +**Example**: +``` +Attribute Definition: +- Name: certification +- Rule: ALL_OF +- Values: [safety-trained, equipment-certified, background-checked] + +TDF Encrypted With: [certification=safety-trained, certification=equipment-certified] + +Authorization Results: +✓ Subject with [safety-trained, equipment-certified] → Access GRANTED +✓ Subject with [safety-trained, equipment-certified, background-checked] → Access GRANTED +✗ Subject with [safety-trained] only → Access DENIED +✗ Subject with [equipment-certified] only → Access DENIED +✗ Subject with [background-checked] only → Access DENIED +``` + +**When to Use**: +- Access requires multiple qualifications simultaneously +- "And" logic for compound requirements +- Data needs approval from multiple domains +- Cross-functional access control + +### HIERARCHY + +**Logic**: An entity must be mapped to the **same level value or a level above** in hierarchy compared to a given value on TDF'd resource data. + +**Key Concepts**: +- Hierarchical values are ordered by index, with **index 0 being the highest** level and the last index being the lowest +- **Actions propagate down through the hierarchy**: A subject with a higher-level value can access data encrypted with any lower-level value +- Think of it like a membership tier: higher tiers grant access to all lower tier benefits + +**Use Case**: When attributes represent hierarchical levels, organizational tiers, or graduated access. + +**Example**: +``` +Attribute Definition: +- Name: access-level +- Rule: HIERARCHY +- Values (ordered by index): + - [0] platinum (highest) + - [1] gold + - [2] silver + - [3] bronze + - [4] standard (lowest) + +TDF Encrypted With: [access-level=silver] (index 2) + +Authorization Results: +✓ Subject with access-level=platinum (index 0) → Access GRANTED (0 < 2) +✓ Subject with access-level=gold (index 1) → Access GRANTED (1 < 2) +✓ Subject with access-level=silver (index 2) → Access GRANTED (2 = 2) +✗ Subject with access-level=bronze (index 3) → Access DENIED (3 > 2) +✗ Subject with access-level=standard (index 4) → Access DENIED (4 > 2) +``` + +**Action Propagation**: +If you grant a `read` action at `access-level=platinum` (highest level), that permission propagates down to all lower levels. A user with `platinum` access can read: +- platinum content +- gold content +- silver content +- bronze content +- standard content + +**When to Use**: +- Membership or subscription tiers +- Organizational hierarchy (executive → manager → employee) +- Content access levels (premium → pro → basic) +- Geographic scope (global → regional → local) +- Support tiers (priority → standard → community) + +**Important**: The order of values in the attribute definition matters! Reordering values changes the hierarchy and can inadvertently grant or revoke access. + +### Choosing the Right Rule + +| Scenario | Recommended Rule | Reason | +|----------|------------------|--------| +| User belongs to one of several teams | ANY_OF | Only one team membership needed | +| Document requires both legal AND finance approval | ALL_OF | Must have both attributes | +| Subscription tiers (premium, standard, basic) | HIERARCHY | Higher tier = access to lower tier content | +| Geographic regions (independent) | ANY_OF | Regions don't have inherent ordering | +| Job levels (manager → employee → intern) | HIERARCHY | Natural hierarchical progression | +| Multiple independent projects | ANY_OF | Project memberships are separate | + +### Related Documentation + +For practical examples of creating attributes with rules: +- [CLI Reference: Creating Attributes](/explanation/platform-architecture/components/cli/policy/attributes/create) - Command-line examples +- [Tutorial: Your First TDF](/tutorials/your-first-tdf/) - Hands-on attribute creation walkthrough +- [Attributes Deep Dive](/explanation/platform-architecture/components/policy/attributes) - Technical architecture details + +--- + +## Attribute Values + +Each attribute has a set of defined values. Values have: + +- **Value**: The actual value string +- **Index Position** (for HIERARCHY): Order in the list determines privilege level (index 0 = highest) +- **Metadata**: Display name, color, description + +### Hierarchy Example + +```mermaid +graph TD + ATTR[Attribute: access-level
Rule: HIERARCHY] + + ATTR --> V0["Value [0]: executive
(highest privilege)"] + ATTR --> V1["Value [1]: private"] + ATTR --> V2["Value [2]: restricted"] + ATTR --> V3["Value [3]: internal"] + ATTR --> V4["Value [4]: public
(lowest privilege)"] + + V0 -.-> |can access| V1 + V1 -.-> |can access| V2 + V2 -.-> |can access| V3 + V3 -.-> |can access| V4 + + style ATTR fill:#fff4e1 + style V0 fill:#DC143C + style V1 fill:#FF6347 + style V2 fill:#FFA500 + style V3 fill:#FFD700 + style V4 fill:#90EE90 +``` + +### Creating Hierarchical Attributes + +The order you add values determines their hierarchy: + +```bash +# Create attribute with HIERARCHY rule +otdfctl policy attributes create \ + --namespace \ + --name access-level \ + --rule HIERARCHY + +# Add values in order: first = highest privilege +otdfctl policy attributes values create --attribute --value executive +otdfctl policy attributes values create --attribute --value private +otdfctl policy attributes values create --attribute --value restricted +otdfctl policy attributes values create --attribute --value internal +otdfctl policy attributes values create --attribute --value public +``` + +A subject with `access-level=private` (index 1) can access data encrypted with `restricted` (index 2), `internal` (index 3), or `public` (index 4). + +--- + +## Next Steps + +- **[Subject & Resource Mappings](./subject-and-resource-mappings)**: Learn how to map subjects to these attributes +- **[Policy Workflows](./policy-workflows)**: See how attributes work in complete authorization flows +- **[ABAC Overview](./overview)**: Return to ABAC fundamentals diff --git a/docs/explanation/abac-and-policy/index.md b/docs/explanation/abac-and-policy/index.md new file mode 100644 index 00000000..6f92fc57 --- /dev/null +++ b/docs/explanation/abac-and-policy/index.md @@ -0,0 +1,271 @@ +# Attribute-Based Access Control (ABAC) in OpenTDF + +## What is ABAC? + +Attribute-Based Access Control (ABAC) is a flexible authorization model that makes access decisions based on attributes of subjects (users), resources (data), actions, and environmental context. Unlike simpler models like Role-Based Access Control (RBAC), ABAC enables fine-grained, dynamic policies that can express complex authorization requirements. + +### Core Principles + +**Attributes are Key-Value Pairs**: Access decisions are based on attributes like `department=engineering`, `subscription=premium`, or `location=US`. + +**Policy-Based Decisions**: Policies define which combinations of attributes grant access to which resources. + +**Dynamic Evaluation**: Access is evaluated at request time based on current attribute values, enabling real-time enforcement of changing policies. + +**Fine-Grained Control**: Policies can express nuanced requirements like "users with subscription tier 'premium' AND department 'sales' can access this document." + +### Why ABAC for Data-Centric Security? + +Traditional access control models protect resources at the perimeter (firewalls, API gateways). Once data leaves the perimeter, protection is lost. ABAC in OpenTDF binds policies directly to data through cryptographic enforcement, ensuring: + +- **Persistent Protection**: Policies travel with encrypted data +- **Anywhere Enforcement**: Data remains protected regardless of location +- **Dynamic Policies**: Access rules can change without re-encrypting data +- **Zero Trust Architecture**: Never trust, always verify at access time + +### Comparison with Other Models + +| Model | Decision Based On | Granularity | Flexibility | +|-------|------------------|-------------|-------------| +| **DAC** (Discretionary) | Resource owner grants | Per-resource | Low | +| **MAC** (Mandatory) | Security labels | Per-classification | Low | +| **RBAC** (Role-Based) | User roles | Per-role | Medium | +| **ABAC** (Attribute-Based) | Multiple attributes | Per-attribute combination | High | +| **PBAC** (Policy-Based) | Centralized policies | Per-policy | High | + +OpenTDF combines ABAC with PBAC principles: attribute-based decisions enforced through centralized policies. + +### NIST ABAC Model Alignment + +OpenTDF aligns with the [NIST SP 800-162](https://csrc.nist.gov/publications/detail/sp/800-162/final) ABAC model, implementing all core components: + +- **Policy Enforcement Point (PEP)**: Key Access Server +- **Policy Decision Point (PDP)**: Authorization Service +- **Policy Administration Point (PAP)**: Policy Service +- **Policy Information Point (PIP)**: Entity Resolution Service + +--- + +## ABAC Components in OpenTDF + +OpenTDF's ABAC model has four primary components that interact to make access decisions: + +```mermaid +graph TD + Subject[Subject Who] + Resource[Resource What] + Action[Action How] + Environment[Environment When/Where] + Policy[Policy Evaluation] + + Subject -->|Has attributes| Policy + Resource -->|Requires attributes| Policy + Action -->|Specifies operation| Policy + Environment -->|Provides context| Policy + + Policy -->|PERMIT or DENY| Decision[Access Decision] + + style Subject fill:#e1f5ff + style Resource fill:#fff4e1 + style Action fill:#f0ffe1 + style Environment fill:#ffe1f5 + style Policy fill:#e8e8e8 + style Decision fill:#d4edda +``` + +### Subjects (Who) + +Subjects represent entities requesting access to data—typically users, but also services, applications, or devices. + +#### Subject Identity + +Subjects are identified through authentication tokens (JWT, OIDC, SAML) containing identity claims: + +```json +{ + "sub": "user@example.com", + "email": "user@example.com", + "name": "Alice Smith", + "groups": ["engineering", "managers"] +} +``` + +#### Subject Attributes + +Subjects have attributes describing their properties and context: + +- **Identity attributes**: `email`, `username`, `employee_id` +- **Organizational attributes**: `department`, `role`, `title`, `cost_center` +- **Subscription attributes**: `tier`, `plan_type`, `feature_access` +- **Contextual attributes**: `ip_address`, `device_type`, `authentication_method` + +#### Subject Mappings + +Subject Mappings link external identity claims to OpenTDF attributes. They define which subjects possess which attributes. + +Example mapping: "Users in the 'engineering' group get the `department=engineering` attribute." + +For detailed information on subject mappings, see [Subject & Resource Mappings](./subject-and-resource-mappings). + +#### Condition Sets + +Condition Sets allow complex boolean logic for subject mappings: + +- **ALL_OF**: Subject must match all conditions +- **ANY_OF**: Subject must match at least one condition +- **NOT**: Subject must not match condition + +--- + +### Resources (What) + +Resources are the data objects being protected—files, database records, API responses, etc. + +#### Resource Attributes + +When data is encrypted with OpenTDF, it is tagged with attribute values that express access requirements: + +``` +Data Encrypted With: [ + "example.com/attr/department/value/engineering", + "example.com/attr/sensitivity/value/restricted" +] +``` + +These attributes define "who can access this data." + +#### Content Access Schemes + +Organizations can define hierarchical content access schemes: + +```mermaid +graph LR + Public[public
order: 1] + Internal[internal
order: 2] + Restricted[restricted
order: 3] + Private[private
order: 4] + Executive[executive
order: 5] + + Public --> Internal --> Restricted --> Private --> Executive + + style Public fill:#90EE90 + style Internal fill:#FFD700 + style Restricted fill:#FFA500 + style Private fill:#FF6347 + style Executive fill:#DC143C +``` + +With hierarchy rules, a user with `access-level=private` (order 4) can also access `restricted` (order 3), `internal` (order 2), and `public` (order 1) content. + +For detailed information on attributes and hierarchies, see [Attributes & Namespaces](./attributes-and-namespaces). + +--- + +### Actions (How) + +Actions represent what the subject wants to do with the resource. In OpenTDF, the primary actions are: + +- **DECRYPT**: Unwrap the data encryption key to access plaintext +- **ENCRYPT**: Create a new TDF with specific attributes +- **REWRAP**: Request key access for an encrypted TDF + +Action-based policies can enable scenarios like "users can encrypt with 'restricted' but only decrypt 'internal' or lower." + +--- + +### Environment (When/Where) + +Environmental attributes capture the context of an access request: + +- **Time**: `request_time`, `day_of_week`, `business_hours` +- **Location**: `ip_address`, `country`, `region` +- **Device**: `device_type`, `os_version`, `security_posture` +- **Network**: `network_zone`, `vpn_status` + +Policies can incorporate environmental conditions: "Access granted only during business hours from corporate network." + +--- + +## How OpenTDF Services Implement ABAC + +OpenTDF's architecture distributes ABAC functions across specialized services: + +```mermaid +graph LR + Client[Client Application] + KAS[Key Access Server
PEP] + AuthZ[Authorization Service
PDP] + Policy[Policy Service
PAP] + ER[Entity Resolution
PIP] + + Client -->|1. Access Request| KAS + KAS -->|2. Authorize?| AuthZ + AuthZ -->|3. Get Subject Attrs| ER + AuthZ -->|4. Get Policy| Policy + AuthZ -->|5. Decision| KAS + KAS -->|6. Grant/Deny| Client +``` + +### Policy Service (PAP - Policy Administration Point) + +The Policy Service is the single source of truth for: + +- **Attribute Definitions**: Namespaces, attributes, and values +- **Attribute Rules**: Hierarchies and ordering +- **Subject Mappings**: Which subjects get which attributes +- **Resource Mappings**: Applying attributes to resources + +Administrators use the Policy Service to define the ABAC model. + +### Entity Resolution Service (PIP - Policy Information Point) + +The Entity Resolution Service resolves subject attributes at access time: + +1. Receives subject identity (from JWT/OIDC token) +2. Queries external systems (LDAP, SCIM, databases) +3. Applies subject mappings and condition sets +4. Returns attribute list for the subject + +Example: Given `user@example.com`, returns `[department=engineering, access-level=restricted]`. + +### Authorization Service (PDP - Policy Decision Point) + +The Authorization Service makes access decisions: + +1. Receives authorization request (subject + resource attributes + action) +2. Resolves subject attributes via Entity Resolution +3. Evaluates policies (attribute matching, hierarchies, conditions) +4. Returns decision: PERMIT or DENY + +The Authorization Service implements the core ABAC evaluation logic. + +### Key Access Server (PEP - Policy Enforcement Point) + +The Key Access Server enforces authorization decisions: + +1. Receives key access requests from clients trying to decrypt TDFs +2. Extracts resource attributes from the TDF +3. Calls Authorization Service for decision +4. If PERMIT: rewraps and returns the key +5. If DENY: refuses key access + +The KAS ensures only authorized subjects can decrypt protected data. + +--- + +## Next Steps + +Now that you understand ABAC fundamentals and OpenTDF's architecture, explore the policy primitives that bring ABAC to life: + +- **[Attributes & Namespaces](./attributes-and-namespaces)**: Learn how to classify data with attributes, use namespaces for multi-stakeholder governance, and configure attribute rules (ANY_OF, ALL_OF, HIERARCHY) +- **[Subject & Resource Mappings](./subject-and-resource-mappings)**: Understand how to map external identities to attributes and automate resource classification +- **[Obligations](./obligations)**: Discover usage controls beyond simple access decisions +- **[Policy Workflows & Best Practices](./policy-workflows)**: See how all the primitives work together with practical examples and design guidance + +## Learn More + +- **[Platform Architecture](../platform-architecture/index.md)**: How OpenTDF services work together +- **[Trusted Data Format](../trusted-data-format/index.md)**: How policies are cryptographically bound to data +- **[Policy Service API Reference](../../reference/OpenAPI-clients/policy/policy)**: Detailed API documentation +- **[How-To: Implementing a PEP](../../how-to/integration-patterns/implementing-a-pep.mdx)**: Build your own policy enforcement point +- **[Tutorial: Your First TDF](../../tutorials/your-first-tdf/index.mdx)**: Hands-on ABAC policy creation diff --git a/docs/explanation/abac-and-policy/obligations.md b/docs/explanation/abac-and-policy/obligations.md new file mode 100644 index 00000000..680973a1 --- /dev/null +++ b/docs/explanation/abac-and-policy/obligations.md @@ -0,0 +1,140 @@ +# Obligations + +Obligations are policy constructs defined in the NIST ABAC model that enable the Policy Decision Point (PDP) to communicate additional enforcement directives to the Policy Enforcement Point (PEP) alongside an access decision. While attributes determine *whether* access should be granted (PERMIT or DENY), obligations specify *how* the PEP must enforce that access if permitted. + +**Current Implementation Status**: OpenTDF defines the obligation framework and data structures as part of its policy model. However, the Key Access Server (the PEP in OpenTDF) does not currently use obligations in authorization decisions. The obligation model described here represents the conceptual framework available for future enhancements or for organizations building custom PEPs that integrate with OpenTDF's authorization service. + +--- + +## The Role of Obligations in ABAC + +In the NIST ABAC model, authorization decisions can be more than binary PERMIT or DENY. Obligations extend this by allowing the PDP to communicate **"permit, provided these controls are enforced."** This enables fine-grained enforcement policies that go beyond simple access control. + +### Key Characteristics + +- **PDP-to-PEP Directives**: Obligations are instructions from the authorization decision point to the enforcement point +- **Conditional Access**: Access is granted only if the PEP can and will enforce the specified obligations +- **Trust-Based Model**: The PDP cannot compel or verify enforcement; it relies on the PEP to honor obligations faithfully +- **Enforcement Responsibility**: If the PEP cannot enforce an obligation, it should decline to grant access + +--- + +## Obligations vs. Attributes + +Understanding the distinction between obligations and attributes is essential for policy design: + +| Aspect | Attributes | Obligations | +|--------|-----------|-------------| +| **Purpose** | Define authorization criteria | Define enforcement controls | +| **Evaluated By** | PDP during authorization | PEP during access/usage | +| **Decision Role** | Determine PERMIT/DENY | Specify conditions of PERMIT | +| **Example** | `clearance=confidential` | `apply-watermark=true` | +| **Scope** | Subject, resource, environment | Access enforcement, usage controls | + +### Conceptual Example + +Consider a document marked with `classification=sensitive`: +- **Attribute-Based Decision**: "Does the subject have `clearance=sensitive` or higher?" → PERMIT/DENY +- **Obligation-Based Control**: "If permitted, apply watermark and prevent download" → Enforcement directives + +--- + +## Common Obligation Use Cases + +Obligations enable a wide range of data governance and security controls: + +### Digital Rights Management (DRM) + +- Apply visible or invisible watermarks to identify document viewers +- Prevent printing or downloading of sensitive content +- Restrict copy-paste operations +- Expire access after a specified time period + +### Audit and Compliance + +- Log all access events with subject identity and timestamp +- Require multi-factor authentication before granting access +- Trigger notifications when sensitive data is accessed + +### Data Transformation + +- Redact sensitive fields based on subject clearance +- Apply encryption to data at rest after access +- Downsample or compress media based on subject tier + +### Contextual Controls + +- Restrict access to specific device types +- Require network location verification +- Enforce time-of-day access windows + +--- + +## Obligation Structure + +Obligations follow a hierarchical structure similar to attributes: + +- **Namespace**: Organizes obligations by authority (e.g., `example.com/obl/drm`) +- **Definition**: The obligation type (e.g., `watermarking`, `no-download`) +- **Values**: Specific obligation instances that can be applied +- **Triggers**: Conditions under which obligations activate (action, attribute value, PEP identifier) + +### Naming Convention + +Obligations use a distinct naming convention to differentiate them from attributes: +- Obligation definitions: `/obl/` +- Obligation values: `/obl//value/` + +**Example**: +- `https://example.com/obl/drm` (definition) +- `https://example.com/obl/drm/value/watermarking` (value) + +--- + +## When to Use Obligations + +Use obligations when you need to: + +1. **Enforce usage controls** beyond simple access decisions (watermarking, expiration) +2. **Apply conditional policies** that depend on runtime context (device type, network location) +3. **Implement DRM controls** that restrict how data can be used after decryption +4. **Separate concerns** between authorization decisions (PDP) and enforcement mechanisms (PEP) +5. **Maintain flexibility** in enforcement implementation while centralizing policy + +--- + +## Design Considerations + +### Trust Model + +Obligations require trust in the PEP. If you cannot trust the PEP to honor obligations, consider whether the access should be granted at all. This trust model is fundamental to how obligations extend ABAC authorization. + +### PEP Capabilities + +When designing policies with obligations, ensure your PEP can actually enforce the specified obligations. An obligation the PEP cannot fulfill should result in denied access. + +### Policy Complexity + +While obligations enable sophisticated controls, they add complexity to policy evaluation and enforcement. Start with simple attribute-based policies and introduce obligations only when simpler approaches are insufficient. + +### Audit and Verification + +Since the PDP cannot verify obligation enforcement, consider implementing logging and audit mechanisms in your PEP to demonstrate compliance with obligation requirements. + +--- + +## Related Documentation + +For implementation details on obligation composition, triggers, and configuration, see: +- **[Policy: Obligations](/explanation/platform-architecture/components/policy/obligations)**: Technical implementation details +- **[Authorization Service](/explanation/platform-architecture/components/authorization)**: How obligations fit into authorization decisions +- **[Policy Workflows](./policy-workflows)**: See how obligations would integrate into complete authorization flows + +--- + +## Next Steps + +- **[Policy Workflows](./policy-workflows)**: Understand how all ABAC primitives work together +- **[Subject & Resource Mappings](./subject-and-resource-mappings)**: Learn about mapping identities to attributes +- **[Attributes & Namespaces](./attributes-and-namespaces)**: Understand attribute definitions and rules +- **[ABAC Overview](./overview)**: Return to ABAC fundamentals diff --git a/docs/explanation/abac-and-policy/policy-workflows.md b/docs/explanation/abac-and-policy/policy-workflows.md new file mode 100644 index 00000000..773055ac --- /dev/null +++ b/docs/explanation/abac-and-policy/policy-workflows.md @@ -0,0 +1,366 @@ +# Policy Workflows & Best Practices + +This guide demonstrates how ABAC policy primitives work together in OpenTDF, with practical examples and design guidance. + +## Policy Primitives Interoperation + +Here's a step-by-step walkthrough of how ABAC policy primitives work together in OpenTDF: + +```mermaid +sequenceDiagram + participant Admin as Administrator + participant Policy as Policy Service + participant Client as Client App + participant TDF as Encrypted TDF + participant User as User/Subject + participant KAS as Key Access Server + participant AuthZ as Authorization Service + participant ER as Entity Resolution + + Note over Admin,Policy: Setup Phase + Admin->>Policy: 1. Create namespace & attributes + Admin->>Policy: 2. Create subject mappings + + Note over Client,TDF: Encryption Phase + Client->>Client: 3. Encrypt data with attributes + Client->>TDF: Store encrypted TDF + + Note over User,KAS: Access Request Phase + User->>KAS: 4. Request decrypt (JWT + TDF) + KAS->>KAS: 5. Extract subject & resource attrs + + Note over KAS,ER: Authorization Phase + KAS->>AuthZ: 6. Authorize request + AuthZ->>ER: 6a. Resolve subject attributes + ER->>ER: Apply subject mappings + ER-->>AuthZ: Return user attributes + AuthZ->>AuthZ: 6b. Evaluate attribute match + AuthZ-->>KAS: PERMIT/DENY + + Note over KAS,User: Response Phase + alt PERMIT + KAS->>KAS: 7. Rewrap key for user + KAS-->>User: Return key + User->>User: 8. Decrypt TDF + else DENY + KAS-->>User: Access denied + end +``` + +### 1. Administrator Defines Attributes + +Administrator creates a namespace and defines attributes: + +```bash +# Create namespace +otdfctl policy attributes namespaces create \ + --name example.com/attr/department + +# Define attribute with values +otdfctl policy attributes create \ + --namespace example.com/attr/department \ + --name department \ + --rule ANY_OF \ + --values engineering,sales,hr +``` + +### 2. Administrator Creates Subject Mappings + +Administrator maps external identity groups to attributes: + +```bash +# Map "engineering" group to department=engineering attribute +otdfctl policy subject-mappings create \ + --attribute-value example.com/attr/department/value/engineering \ + --subject-condition '{"groups": ["engineering"]}' +``` + +### 3. Client Encrypts Data with Attributes + +Application encrypts sensitive data and tags it with attribute requirements: + +```python +# Encrypt data requiring department=engineering +tdf = TDF.create( + data="Confidential engineering document", + attributes=["example.com/attr/department/value/engineering"] +) +``` + +The TDF now cryptographically binds the policy to the data. + +### 4. Subject Requests Access + +User attempts to decrypt the TDF: + +```python +# User authenticates and requests decrypt +client.decrypt(tdf) +``` + +Client presents authentication token (JWT): + +```json +{ + "sub": "alice@example.com", + "email": "alice@example.com", + "groups": ["engineering", "managers"] +} +``` + +### 5. Key Access Server Receives Request + +KAS receives the decrypt request and extracts: + +- **Subject**: Identity claims from JWT +- **Resource Attributes**: `[department=engineering]` from the TDF +- **Action**: `DECRYPT` + +### 6. Authorization Service Evaluates Policy + +KAS calls Authorization Service, which: + +1. **Resolves Subject Attributes**: + - Calls Entity Resolution Service with subject identity + - Entity Resolution applies subject mappings + - Returns: `[department=engineering]` (Alice is in "engineering" group) + +2. **Evaluates Attribute Match**: + - Data requires: `[department=engineering]` + - Subject has: `[department=engineering]` + - Attribute rule: `ANY_OF` + - **Result**: MATCH + +3. **Returns Decision**: `PERMIT` + +### 7. KAS Grants or Denies Access + +- If `PERMIT`: KAS rewraps the data encryption key with the subject's public key and returns it +- If `DENY`: KAS refuses to provide the key; data remains encrypted + +### 8. Client Decrypts Data + +If granted, client receives the key and decrypts the TDF content. + +--- + +## Policy Design Best Practices + +### Granularity Considerations + +**Too Coarse**: Large, monolithic attributes (e.g., `access=allowed`) provide little control. + +**Too Fine**: Excessive attributes (e.g., per-document attributes) create management overhead. + +**Balanced**: Use namespaces and hierarchies to organize attributes logically. Examples: +- Department-level: `department=engineering` +- Project-level: `project=alpha` +- Access-level: `access-level=restricted` + +### Performance Implications + +- **Minimize External Lookups**: Cache entity resolution results where possible +- **Optimize Attribute Count**: Encrypting with 50+ attributes may impact performance +- **Use Hierarchies**: Hierarchy rules reduce the number of attributes needed + +### Security Best Practices + +- **Least Privilege**: Grant minimum necessary attributes +- **Regular Audits**: Review subject mappings and attribute assignments +- **Separation of Duties**: Different admins for policy definition vs. subject assignment +- **Test Policies**: Validate policies in staging before production + +### Testing Strategies + +1. **Unit Test Policies**: Test individual attribute rules +2. **Integration Test Mappings**: Verify subject mappings resolve correctly +3. **End-to-End Test Scenarios**: Simulate realistic access patterns +4. **Negative Testing**: Ensure unauthorized subjects are denied +5. **Performance Testing**: Load test authorization service under realistic traffic + +--- + +## Examples + +### Example 1: Simple Policy (Single Namespace, Flat Attributes) + +**Scenario**: Small company wants to protect documents by department. + +**Namespace**: +- `company.com/attr/department` + +**Attributes**: +- `department` with values: `engineering`, `sales`, `hr` +- Rule: `ANY_OF` + +**Subject Mapping**: +- JWT contains `"department": "engineering"` +- Map to `department=engineering` + +**Usage**: +- Encrypt document: `attributes=["company.com/attr/department/value/engineering"]` +- User with `department=engineering` can decrypt +- Users from `sales` or `hr` cannot decrypt + +--- + +### Example 2: Intermediate Policy (Multiple Namespaces, Hierarchies) + +**Scenario**: Multi-division company with content access levels and project-based access. + +**Namespaces**: +- `company.com/attr/access-level` +- `company.com/attr/project` + +**Attributes**: + +1. `access-level` (HIERARCHY): + - `public` (order: 1) + - `internal` (order: 2) + - `restricted` (order: 3) + - `private` (order: 4) + +2. `project` (ANY_OF): + - `alpha`, `beta`, `gamma` + +**Subject Mapping**: +- Role assignment results in `access-level=private` +- Project assignment adds `project=alpha` + +**Usage**: +- Encrypt document: `attributes=["company.com/attr/access-level/value/restricted", "company.com/attr/project/value/alpha"]` +- User must have `access-level >= restricted` AND `project=alpha` + +--- + +### Example 3: Complex Policy (Condition Sets, Resource Mappings) + +**Scenario**: Healthcare provider with patient consent, provider credentials, and emergency access. + +**Namespaces**: +- `healthcare.org/attr/consent` +- `healthcare.org/attr/credential` +- `healthcare.org/attr/emergency` + +**Attributes**: + +1. `consent` (ALL_OF): + - `patient-12345-consent` (per-patient consent values) + +2. `credential` (ANY_OF): + - `physician`, `nurse`, `pharmacist` + +3. `emergency` (ANY_OF): + - `emergency-override` + +**Subject Mapping with Condition Sets**: + +- Physicians with active license → `credential=physician` +- Emergency situations → `emergency=emergency-override` + +**Complex Subject Condition**: + +Grant `emergency-override` to physicians who: +- Have `role=physician`, AND +- Are on-call (`on_call=true`), AND +- Request is during off-hours + +**Usage**: +- Encrypt patient record: `attributes=["healthcare.org/attr/consent/value/patient-12345-consent", "healthcare.org/attr/credential/value/physician"]` +- Physician with patient consent can access +- OR emergency override can access regardless of consent + +--- + +## Design Patterns + +### Pattern 1: Hierarchical Access Levels + +**Use Case**: Organization with graduated clearance levels + +**Implementation**: +- Single namespace: `org.com/attr/clearance` +- Attribute with HIERARCHY rule: `executive > private > restricted > internal > public` +- Subject mappings based on role/position + +**Benefits**: Simple to understand, reduces attribute sprawl, natural privilege propagation + +### Pattern 2: Multi-Attribute Intersection + +**Use Case**: Access requires multiple independent qualifications + +**Implementation**: +- Multiple namespaces for different domains (department, project, location) +- ANY_OF rules within each attribute +- Data encrypted with one value from each attribute + +**Benefits**: Fine-grained control, flexible policy composition, aligns with organizational structure + +### Pattern 3: Dynamic Environmental Controls + +**Use Case**: Access restrictions based on context (time, location, device) + +**Implementation**: +- Environmental attributes in subject mappings (ip_address, request_time) +- Condition sets with dynamic claim evaluation +- Real-time attribute resolution + +**Benefits**: Context-aware security, supports zero-trust principles, adapts to threat landscape + +--- + +## Troubleshooting Common Issues + +### Issue: Access Denied When Expected + +**Check**: +1. Verify subject mappings resolve correctly for the user +2. Confirm attribute values match exactly (case-sensitive) +3. Ensure attribute rule type (ANY_OF, ALL_OF, HIERARCHY) is correct +4. Check for missing attributes in either subject or resource + +### Issue: Too Many Attributes on Data + +**Solution**: +- Use hierarchy rules to consolidate levels +- Group related attributes under namespaces +- Consider whether all attributes are necessary + +### Issue: Subject Mapping Not Matching + +**Check**: +1. Verify JWT claims match condition set expectations +2. Check boolean operators (AND vs OR) +3. Ensure claim names are correct (case-sensitive) +4. Test with actual tokens from your IdP + +--- + +## Hands-On Tutorial + +Ready to try ABAC policies yourself? The [Your First TDF Tutorial](../../tutorials/your-first-tdf/index.mdx) walks you through: + +1. Setting up OpenTDF services +2. Creating your first namespace and attributes +3. Defining subject mappings +4. Encrypting data with attributes +5. Testing access control with different users + +--- + +## Learn More + +### Fundamentals +- **[ABAC Overview](./overview)**: Core ABAC concepts and OpenTDF architecture +- **[Attributes & Namespaces](./attributes-and-namespaces)**: Data classification with attributes +- **[Subject & Resource Mappings](./subject-and-resource-mappings)**: Identity-to-attribute mapping + +### Architecture +- **[Platform Architecture](../platform-architecture/index.md)**: How OpenTDF services work together +- **[Trusted Data Format](../trusted-data-format/index.md)**: How policies are cryptographically bound to data +- **[Authorization Service](../platform-architecture/components/authorization.md)**: Policy Decision Point implementation + +### Operations +- **[Policy Service API Reference](../../reference/OpenAPI-clients/policy/policy)**: Detailed API documentation +- **[How-To: Implementing a PEP](../../how-to/integration-patterns/implementing-a-pep.mdx)**: Build your own policy enforcement point +- **[CLI Reference](../platform-architecture/components/cli/policy/)**: Command-line policy management diff --git a/docs/explanation/abac-and-policy/subject-and-resource-mappings.md b/docs/explanation/abac-and-policy/subject-and-resource-mappings.md new file mode 100644 index 00000000..166315c2 --- /dev/null +++ b/docs/explanation/abac-and-policy/subject-and-resource-mappings.md @@ -0,0 +1,193 @@ +# Subject & Resource Mappings + +Mappings bridge the gap between external identity systems and OpenTDF's attribute model. Subject Mappings assign attributes to users based on their identity claims, while Resource Mappings automate attribute assignment to data. + +## Subject Mappings + +Subject Mappings assign attributes to subjects based on their identity claims. + +**Structure**: + +- **Attribute Value**: Which attribute value to assign +- **Subject Condition Set**: Boolean logic defining which subjects match + +### Basic Example + +Assign `department=engineering` to users whose JWT contains `"groups": ["engineering"]`. + +```json +{ + "attributeValue": "example.com/attr/department/value/engineering", + "subjectConditionSet": { + "conditionGroups": [ + { + "booleanOperator": "OR", + "conditions": [ + { + "subjectSets": [ + {"conditionOperator": "IN", "subjectClaim": "groups", "subjectValues": ["engineering"]} + ] + } + ] + } + ] + } +} +``` + +--- + +## Subject Condition Sets + +Subject Condition Sets use boolean operators to combine conditions: + +- **Condition Groups**: Arrays of conditions combined with AND or OR +- **Conditions**: Individual matching rules +- **Subject Sets**: Match claims in the identity token + +### Operators + +- `IN`: Claim value is in the specified list +- `NOT_IN`: Claim value is not in the list +- `EQUALS`: Claim value exactly matches +- `NOT_EQUALS`: Claim value does not match + +### Complex Example + +Assign `access-level=executive` to users who: +- Are in the `executives` group, AND +- Have `employment_status=full-time`, AND +- Have `onboarding_complete=true` + +```json +{ + "conditionGroups": [ + { + "booleanOperator": "AND", + "conditions": [ + {"subjectSets": [{"conditionOperator": "IN", "subjectClaim": "groups", "subjectValues": ["executives"]}]}, + {"subjectSets": [{"conditionOperator": "EQUALS", "subjectClaim": "employment_status", "subjectValues": ["full-time"]}]}, + {"subjectSets": [{"conditionOperator": "EQUALS", "subjectClaim": "onboarding_complete", "subjectValues": ["true"]}]} + ] + } + ] +} +``` + +### Design Considerations + +**Keep Mappings Simple**: Complex condition logic can be difficult to debug and maintain. + +**Use External Systems**: When possible, manage group memberships in your identity provider rather than encoding complex logic in condition sets. + +**Test Thoroughly**: Verify that subject mappings resolve correctly for different user scenarios before deploying to production. + +--- + +## Key Access Grants + +Key Access Grants (currently under development) will enable fine-grained control over which subjects can grant access and under what conditions. + +**Future functionality**: +- Delegate decryption rights +- Grant temporary access +- Conditional grants based on attributes + +**Conceptual Model**: Key Access Grants will extend the authorization model by allowing subjects with appropriate permissions to delegate access rights to other subjects, even if those subjects don't natively satisfy the policy requirements. + +**Use Cases**: +- Emergency access: Security team grants temporary access to incident responders +- Delegation: Manager delegates document access to team member for specific task +- Time-limited grants: Grant access that expires after specified duration + +--- + +## Resource Mappings + +Resource Mappings (currently under development) will automate applying attributes to resources based on resource properties. + +**Future functionality**: +- Automatically tag files based on path, metadata, or content +- Sync resource attributes with external classification systems +- Dynamic attribute assignment based on resource context + +**Conceptual Model**: Resource Mappings will enable policy-driven classification where attributes are automatically assigned to data based on rules, rather than requiring manual attribute selection at encryption time. + +**Use Cases**: +- Path-based classification: Files in `/confidential/` directory automatically get `access-level=private` +- Metadata-based classification: Documents with `classification=secret` metadata automatically mapped to corresponding OpenTDF attributes +- Content-based classification: Data Loss Prevention (DLP) engine scans content and assigns attributes based on detected sensitive information + +--- + +## How Subject Mappings Work in Practice + +When a subject requests access to encrypted data, the Entity Resolution Service: + +1. **Receives Identity**: Extracts claims from the subject's JWT/OIDC token +2. **Evaluates Mappings**: Checks each subject mapping to see if the subject matches +3. **Assigns Attributes**: Collects all attribute values where condition sets match +4. **Returns Attribute List**: Provides the Authorization Service with the subject's effective attributes + +**Example Flow**: + +```mermaid +sequenceDiagram + participant User as User (JWT) + participant ER as Entity Resolution + participant Mappings as Subject Mappings + participant AuthZ as Authorization Service + + User->>ER: JWT: {"groups": ["engineering"], "role": "developer"} + ER->>Mappings: Evaluate all mappings + + Note over Mappings: Mapping 1: groups IN ["engineering"]
→ department=engineering ✓ + Note over Mappings: Mapping 2: role EQUALS "manager"
→ access-level=private ✗ + Note over Mappings: Mapping 3: role EQUALS "developer"
→ access-level=restricted ✓ + + Mappings-->>ER: Matched Attributes + ER->>AuthZ: [department=engineering, access-level=restricted] + AuthZ->>AuthZ: Evaluate against resource requirements + AuthZ-->>User: PERMIT/DENY +``` + +--- + +## Best Practices + +### Start Simple + +Begin with straightforward mappings (single condition, single attribute) before introducing complex boolean logic. + +### Align with Identity Provider + +Map OpenTDF attributes to existing groups and roles in your IdP rather than creating parallel structures. + +### Document Mappings + +Maintain clear documentation of which identity claims map to which attributes and why. + +### Regular Audits + +Periodically review subject mappings to ensure they still align with organizational structure and security requirements. + +### Test with Real Tokens + +Use actual JWT/OIDC tokens from your identity provider to verify mappings resolve correctly. + +--- + +## Related Documentation + +- **[Attributes & Namespaces](./attributes-and-namespaces)**: Understanding attribute definitions that mappings reference +- **[Policy Workflows](./policy-workflows)**: See subject mappings in action within complete authorization flows +- **[Entity Resolution Service](/explanation/platform-architecture/components/entity_resolution)**: Technical details on how entity resolution works +- **[Subject Mappings API](/explanation/platform-architecture/components/policy/subject_mappings)**: Implementation and API details + +--- + +## Next Steps + +- **[Obligations](./obligations)**: Learn about usage controls beyond access decisions +- **[Policy Workflows](./policy-workflows)**: See complete examples of ABAC in action +- **[ABAC Overview](./overview)**: Return to ABAC fundamentals diff --git a/docs/explanation/data-centric-security/_category_.json b/docs/explanation/data-centric-security/_category_.json new file mode 100644 index 00000000..fe196900 --- /dev/null +++ b/docs/explanation/data-centric-security/_category_.json @@ -0,0 +1,8 @@ +{ + "label": "Data-Centric Security", + "position": 1, + "link": { + "type": "generated-index", + "description": "Understand the fundamental shift from perimeter-based security to data-centric protection, where policies travel with data." + } +} \ No newline at end of file diff --git a/docs/explanation/data-centric-security/index.md b/docs/explanation/data-centric-security/index.md new file mode 100644 index 00000000..181a43fa --- /dev/null +++ b/docs/explanation/data-centric-security/index.md @@ -0,0 +1,113 @@ +# What is Data-Centric Security? + +**Data-centric security** represents a fundamental shift in how we protect information. Instead of focusing on securing networks, devices, or applications, data-centric security protects the data itself. This means that access controls, policies, and protections are directly attached to data objects, traveling with them wherever they go. + +## The Traditional Problem + +In traditional **perimeter-based security**, organizations build walls around their networks and systems: + +```mermaid +graph LR + subgraph "Corporate Network" + DB[(Database)] + APP[Application] + FILES[File Server] + end + + FIREWALL[🔥 Firewall] + INTERNET[🌐 Internet] + USER[👤 User] + + INTERNET --> FIREWALL + FIREWALL --> DB + FIREWALL --> APP + FIREWALL --> FILES + USER --> FIREWALL +``` + +**Problems with this approach:** + +- **Data leaves the perimeter**: Once data is shared, copied, or moved, control is lost +- **Insider threats**: Users inside the perimeter have broad access +- **Breach consequences**: If perimeter is breached, all internal data is at risk +- **Remote work challenges**: Extending perimeter to remote users is complex +- **Third-party sharing**: No control once data reaches partners or vendors + +## The Data-Centric Solution + +Data-centric security inverts this model by making **data self-protecting**: + +```mermaid +graph TD + DATA[🔒 Protected Data] + POLICY[📋 Access Policy] + USER1[👤 Alice] + USER2[👤 Bob] + USER3[👤 Charlie] + + DATA -.-> POLICY + POLICY --> USER1 + POLICY --> USER2 + POLICY -.-> USER3 + + classDef granted fill:#90EE90 + classDef denied fill:#FFB6C1 + classDef data fill:#87CEEB + + class USER1,USER2 granted + class USER3 denied + class DATA data +``` + +**Benefits of this approach:** + +- **Policy travels with data**: Controls remain effective regardless of location +- **Fine-grained access**: Decisions based on user, context, and data sensitivity +- **Zero-trust ready**: No assumptions about network security or user location +- **Audit trail**: Complete visibility into who accessed what, when, and where +- **Revocable access**: Policies can be updated or revoked in real-time + +## How OpenTDF Implements Data-Centric Security + +OpenTDF uses the **Trusted Data Format (TDF)** to implement data-centric security: + +1. **Cryptographic Binding**: Access policies are cryptographically bound to encrypted data +2. **Attribute-Based Control**: Fine-grained access decisions using user and data attributes +3. **Key Management**: Centralized key services enforce policy decisions +4. **Standards-Based**: Built on the proven NIST ABAC (Attribute-Based Access Control) model + +## Real-World Example + +Consider a confidential financial report: + +**Traditional Security:** + +- File stored on secure file server +- Access controlled by network permissions +- If shared via email → no control +- If copied to USB → no control +- If partner accesses → no control + +**Data-Centric Security with OpenTDF:** + +- File encrypted as TDF with policy: "Only Finance team members can access" +- Policy travels with the file everywhere +- Authorization checked every time someone tries to open it +- Access can be revoked or modified at any time +- Complete audit trail of all access attempts + +## Zero-Trust Integration + +Data-centric security is a cornerstone of **zero-trust architecture**: + +- **Never trust, always verify**: Every data access request is authenticated and authorized +- **Assume breach**: Data remains protected even if systems are compromised +- **Least privilege**: Users get minimal access needed for their role +- **Context-aware**: Access decisions consider location, time, device, and behavior + +## Next Steps + +- Learn about the [Trusted Data Format](/explanation/trusted-data-format) that makes this possible +- Understand [how OpenTDF fits into Zero-Trust architecture](/explanation/data-centric-security/zero-trust-architecture) +- See the [benefits compared to traditional approaches](/explanation/data-centric-security/traditional-vs-data-centric) +- Explore [real-world use cases](/explanation/data-centric-security/use-cases) diff --git a/docs/explanation/data-centric-security/traditional-vs-data-centric.md b/docs/explanation/data-centric-security/traditional-vs-data-centric.md new file mode 100644 index 00000000..cfebccb1 --- /dev/null +++ b/docs/explanation/data-centric-security/traditional-vs-data-centric.md @@ -0,0 +1,224 @@ +# Traditional vs. Data-Centric Security + +Understanding the fundamental differences between traditional perimeter-based security and data-centric security is crucial for appreciating why OpenTDF represents such a significant advancement in data protection. + +## Traditional Perimeter-Based Security + +Traditional security models are built around the concept of **trusted networks** and **secure perimeters**: + +### Core Assumptions + +- **Network perimeter is secure**: Firewalls and network controls protect internal resources +- **Inside is trusted**: Users and systems inside the network are generally trusted +- **Outside is untrusted**: External networks and users require special access procedures +- **Static access**: Permissions granted based on location and role, remain until revoked + +### Traditional Security Stack + +```mermaid +graph TD + subgraph "Traditional Security Model" + FIREWALL[🔥 Network Firewall] + VPN[🔗 VPN Gateway] + IDS[👁️ Intrusion Detection] + AUTH[🔐 Network Authentication] + + subgraph "Secure Perimeter" + DB[(🗃️ Database)] + FILES[📁 File Servers] + APPS[💻 Applications] + end + + FIREWALL --> AUTH + VPN --> AUTH + IDS --> AUTH + AUTH --> DB + AUTH --> FILES + AUTH --> APPS + end + + EXTERNAL[🌐 External User] --> VPN + INTERNAL[👤 Internal User] --> AUTH +``` + +### Limitations of Traditional Approaches + +#### **1. Perimeter Erosion** + +Modern work patterns have fundamentally broken the perimeter model: + +| **Traditional Assumption** | **Modern Reality** | +|---------------------------|-------------------| +| Users work from office | Remote and hybrid work | +| Corporate-owned devices | BYOD (Bring Your Own Device) | +| Data stays on-premises | Cloud and SaaS applications | +| Closed networks | Internet-connected everything | +| Static infrastructure | Containerized, ephemeral services | + +#### **2. Data Mobility Problems** + +When data moves beyond the secure perimeter: + +- **Email attachments**: No control once sent +- **Cloud storage**: Relies on third-party security +- **Partner sharing**: Access controls don't transfer +- **Mobile devices**: May not meet corporate security standards +- **Offline access**: No way to revoke access to downloaded files + +#### **3. Insider Threat Blindness** + +Traditional models provide little protection against: + +- **Privileged users** with excessive access +- **Compromised credentials** used from inside the network +- **Data exfiltration** by legitimate users +- **Accidental exposure** through oversharing + +## Data-Centric Security Model + +Data-centric security inverts the traditional model by making **data self-protecting**: + +### Core Principles + +- **Data is inherently protected**: Security travels with the data +- **Zero trust**: No assumptions about network, location, or user +- **Context-aware access**: Decisions based on real-time attributes +- **Dynamic control**: Policies can be updated without touching data + +### Data-Centric Security Stack + +```mermaid +graph TD + subgraph "Data-Centric Security Model" + TDF[🔒 Protected Data (TDF)] + POLICY[📋 Cryptographic Policies] + + subgraph "OpenTDF Platform" + KAS[🔑 Key Access Service] + AUTHZ[⚖️ Authorization Service] + ATTR[🏷️ Attribute Authority] + end + + TDF -.-> POLICY + POLICY --> KAS + KAS --> AUTHZ + AUTHZ --> ATTR + end + + ANYWHERE[🌍 Access from Anywhere] --> TDF + ANYTIME[⏰ Access at Any Time] --> TDF + ANYDEVICE[📱 Any Device] --> TDF +``` + +## Side-by-Side Comparison + +### **Data Protection** + +| **Aspect** | **Traditional** | **Data-Centric** | +|------------|----------------|------------------| +| **Protection Location** | Network perimeter | Bound to data object | +| **Data Mobility** | Loses protection when shared | Protection travels with data | +| **Access Control** | Network-based permissions | Cryptographic policy enforcement | +| **Key Management** | Centralized, often static | Distributed, dynamic key access | +| **Policy Updates** | Requires system changes | Real-time policy modifications | + +### **Access Patterns** + +| **Scenario** | **Traditional Approach** | **Data-Centric Approach** | +|--------------|------------------------|--------------------------| +| **Remote Access** | VPN required, full network access | Direct data access with per-object authorization | +| **Partner Sharing** | Dedicated portals or VPN accounts | Share protected files directly | +| **Mobile Devices** | MDM required, device enrollment | App-based access, device-agnostic | +| **Cloud Migration** | Extend perimeter to cloud | Data protection independent of infrastructure | +| **Offline Access** | Cached credentials, limited control | Cryptographic validation, full audit trail | + +### **Security Outcomes** + +| **Security Goal** | **Traditional** | **Data-Centric** | +|------------------|----------------|------------------| +| **Prevent Unauthorized Access** | Network controls | Cryptographic enforcement | +| **Audit Data Access** | Network logs, often incomplete | Complete data access audit trail | +| **Revoke Access** | Change network permissions | Immediate policy updates | +| **Handle Compromised Systems** | Isolate compromised network segments | Individual data objects remain protected | +| **Compliance** | Infrastructure-focused audits | Data-centric compliance evidence | + +## Real-World Comparison: Confidential Document + +Let's trace how a confidential financial report would be handled in each model: + +### **Traditional Security Scenario** + +1. **Creation**: Document saved on secure file server +2. **Access Control**: Windows/LDAP permissions based on AD groups +3. **Sharing Internal**: Users access via network share or email +4. **Sharing External**: Upload to secure portal or send via encrypted email +5. **Problems**: + - Email copy has no access controls + - Downloaded file can be freely shared + - No audit trail once file leaves network + - Cannot revoke access to existing copies + +### **Data-Centric Security Scenario** + +1. **Creation**: Document encrypted as TDF with policy "Finance team, business hours only" +2. **Access Control**: Every open requires authorization check +3. **Sharing Internal**: Share TDF file directly - policy travels with it +4. **Sharing External**: Partner receives TDF file, authorization still required +5. **Benefits**: + - All copies maintain protection + - Complete audit trail regardless of location + - Can revoke access in real-time + - Policy can be updated without re-encrypting + +## Migration Strategies + +### **Hybrid Approach** + +Most organizations transition gradually: + +1. **Start with high-value data**: Protect most sensitive documents first +2. **Layer on existing security**: OpenTDF complements existing controls +3. **Pilot with specific use cases**: External sharing, remote access scenarios +4. **Expand coverage**: Gradually increase percentage of protected data + +### **Integration Points** + +Data-centric security integrates with traditional infrastructure: + +- **Identity providers**: Leverage existing LDAP, Active Directory, SAML +- **Key management**: Can utilize existing HSMs and key vaults +- **Audit systems**: Feed data access logs to existing SIEM platforms +- **Applications**: SDK integration with minimal application changes + +## When to Choose Each Approach + +### **Traditional Security Still Appropriate For:** + +- **Network infrastructure** protection +- **System administration** access +- **Development environments** with low-sensitivity data +- **Legacy applications** that cannot be modified + +### **Data-Centric Security Essential For:** + +- **Sensitive data sharing** with external parties +- **Remote and mobile access** scenarios +- **Cloud and multi-cloud** deployments +- **Regulatory compliance** requirements (GDPR, HIPAA, etc.) +- **Zero-trust architecture** implementations + +## The Future: Data-Centric by Default + +The industry trend is clear: data-centric security is becoming the default for sensitive information: + +- **Regulatory drivers**: Privacy laws require data protection, not just network security +- **Business needs**: Digital transformation demands secure data sharing +- **Threat landscape**: Advanced persistent threats bypass network controls +- **Technology enablement**: Modern compute power makes cryptographic protection practical + +## Next Steps + +- Explore [specific use cases](use-cases) where data-centric security provides clear advantages +- Learn about [Zero-Trust architecture integration](zero-trust-architecture) with OpenTDF +- Understand the [platform architecture](/explanation/platform-architecture) that makes this possible +- Try the [hands-on tutorial](/tutorials/your-first-tdf) to see data-centric security in action diff --git a/docs/explanation/data-centric-security/use-cases.md b/docs/explanation/data-centric-security/use-cases.md new file mode 100644 index 00000000..f2a6f300 --- /dev/null +++ b/docs/explanation/data-centric-security/use-cases.md @@ -0,0 +1,315 @@ +# Real-World Use Cases for Data-Centric Security + +Data-centric security with OpenTDF addresses challenges across industries and use cases where traditional perimeter-based security falls short. This page explores specific scenarios where OpenTDF provides clear advantages. + +## Financial Services + +### **Regulatory Compliance and Data Sharing** + +**Challenge**: Financial institutions must share sensitive customer data with regulators, auditors, and third-party service providers while maintaining strict compliance with regulations like SOX, PCI-DSS, and GDPR. + +**Traditional Approach Problems**: +- Secure portals are cumbersome and limit data utility +- Email encryption only protects data in transit +- No control over data once it reaches external parties +- Difficulty proving compliance with data handling requirements + +**OpenTDF Solution**: +```mermaid +graph LR + BANK[🏦 Bank] --> TDF[🔒 TDF Protected Data] + TDF --> REGULATOR[📋 Regulators] + TDF --> AUDITOR[🔍 Auditors] + TDF --> VENDOR[🏢 Service Providers] + + subgraph "Policy Controls" + ACCESS[Access: Business hours only] + AUDIT[Audit: All access logged] + REVOKE[Revocable: Instant policy updates] + end + + ACCESS -.-> TDF + AUDIT -.-> TDF + REVOKE -.-> TDF +``` + +**Implementation**: +- Customer data encrypted as TDF with policies like "Auditor access during audit period only" +- Real-time revocation when audit completes +- Complete audit trail for compliance reporting +- External parties receive protected data, not raw files + +**Outcomes**: +- 95% reduction in time to share data securely +- 100% audit trail coverage for regulatory compliance +- Eliminated data exposure from uncontrolled sharing + +### **Cross-Border Data Transfer** + +**Challenge**: Global banks need to transfer customer data across jurisdictions while complying with data residency and privacy laws. + +**OpenTDF Solution**: +- TDF policies enforce jurisdiction-specific access rules +- Data can be physically stored in compliant locations +- Access automatically denied if user location violates data residency requirements +- Policy updates handle changing regulatory landscape + +## Healthcare + +### **Patient Data Sharing for Research** + +**Challenge**: Healthcare organizations want to participate in medical research while protecting patient privacy and maintaining HIPAA compliance. + +**Traditional Approach Problems**: +- Data anonymization is complex and potentially reversible +- Research partners require different levels of access +- No way to audit how shared data is actually used +- Difficulty revoking access if research terms change + +**OpenTDF Implementation**: +```yaml +# Example TDF Policy for Medical Research +policy: + attributes: + - "data_type:patient_records" + - "study:cardiology_trial_2024" + - "sensitivity:phi" + rules: + - grant_if: + - user_role: "approved_researcher" + - location: "research_institution" + - purpose: "cardiology_study" + - time_limit: "2024-12-31" + - obligations: + - watermark: "Research Use Only - [USER_ID]" + - audit_frequency: "every_access" +``` + +**Outcomes**: +- Researchers get access to necessary data without full patient records +- Hospital maintains control even after data sharing +- Complete audit trail for HIPAA compliance +- Ability to revoke access if research ethics change + +### **Telemedicine and Remote Care** + +**Challenge**: COVID-19 accelerated telemedicine adoption, but sharing patient data with remote providers creates privacy and security risks. + +**OpenTDF Solution**: +- Patient records protected as TDF files +- Temporary access for consulting physicians +- Location and device-based access controls +- Automatic expiration after consultation period + +## Government and Defense + +### **Classified Information Sharing** + +**Challenge**: Intelligence agencies and defense contractors need to share classified information across organizations and security domains. + +**Traditional Approach Problems**: +- Separate networks for each classification level +- Physical media transfer for cross-domain sharing +- Limited collaboration due to infrastructure constraints +- Manual processes for declassification and sanitization + +**OpenTDF Implementation**: +- Classification levels enforced through TDF policies +- Cross-domain sharing without separate networks +- Dynamic declassification through policy updates +- Multi-level security through attribute-based policies + +**Example Policy Structure**: +```yaml +policy: + attributes: + - "classification:secret" + - "compartment:special_access_program" + - "nationality:us_only" + rules: + - grant_if: + - clearance_level: ">=secret" + - need_to_know: "special_access_program" + - citizenship: "us_citizen" + - location: "approved_facility" +``` + +### **Diplomatic Communications** + +**Challenge**: Diplomatic missions need secure communication that works across different IT infrastructures and potential adversarial environments. + +**OpenTDF Solution**: +- Diplomatic cables protected with TDF +- Access policies based on diplomatic rank and posting +- Communication security independent of local IT infrastructure +- Emergency revocation capabilities for crisis situations + +## Manufacturing and Supply Chain + +### **Intellectual Property Protection** + +**Challenge**: Manufacturing companies sharing design files and specifications with suppliers, partners, and offshore manufacturers while protecting intellectual property. + +**Traditional Problems**: +- CAD files and specifications shared via email or portals +- No control once files reach partner organizations +- Industrial espionage and IP theft risks +- Difficulty managing complex supply chain access needs + +**OpenTDF Solution**: +```mermaid +graph TD + OEM[🏭 OEM Manufacturer] --> TDF[🔒 Protected CAD Files] + + TDF --> SUPPLIER1[🔧 Supplier A: Engines only] + TDF --> SUPPLIER2[⚙️ Supplier B: Components only] + TDF --> PARTNER[🤝 Joint Venture: Full access] + TDF --> OFFSHORE[🌏 Offshore: Limited time access] + + subgraph "Dynamic Policies" + PROJECT[Project-based access] + EXPIRY[Time-limited access] + LOCATION[Geographic restrictions] + AUDIT[Manufacturing audit trail] + end + + PROJECT -.-> TDF + EXPIRY -.-> TDF + LOCATION -.-> TDF + AUDIT -.-> TDF +``` + +**Implementation Example**: +- CAD files protected with supplier-specific policies +- "Engine supplier" can only access engine-related drawings +- Access automatically expires when contract ends +- Geographic restrictions prevent access from certain countries +- Complete audit trail of who accessed what designs + +**Results**: +- 80% reduction in IP theft incidents +- Faster supplier onboarding with secure access +- Improved collaboration without security compromises + +### **IoT and Sensor Data Protection** + +**Challenge**: Manufacturing IoT devices generate sensitive operational data that needs protection across supply chain and operational environments. + +**OpenTDF Solution (using NanoTDF)**: +- Sensor data encrypted at source with lightweight NanoTDF +- Production data protected even in multi-tenant cloud environments +- Real-time policy updates for changing operational needs +- Minimal overhead suitable for resource-constrained devices + +## Legal and Professional Services + +### **Attorney-Client Privilege Protection** + +**Challenge**: Law firms need to share privileged communications and documents with clients, co-counsel, and expert witnesses while maintaining attorney-client privilege. + +**Traditional Problems**: +- Email encryption only protects transmission +- Shared documents lose protection once downloaded +- Difficulty managing access across multiple law firms +- Risk of inadvertent privilege waiver through oversharing + +**OpenTDF Solution**: +- Legal documents protected with TDF policies enforcing privilege rules +- Access limited to authorized attorneys and clients +- Automatic redaction capabilities based on user privileges +- Complete audit trail to demonstrate privilege protection + +**Example Policy**: +```yaml +policy: + attributes: + - "privilege:attorney_client" + - "case:merger_2024" + - "sensitivity:highly_confidential" + rules: + - grant_if: + - role: "case_attorney" + - bar_admission: "active" + - conflict_check: "cleared" + - obligations: + - watermark: "ATTORNEY-CLIENT PRIVILEGED" + - no_forwarding: true + - audit_all_access: true +``` + +### **Cross-Border Legal Discovery** + +**Challenge**: International litigation requires sharing discovery documents across jurisdictions with different data protection laws. + +**OpenTDF Solution**: +- Discovery documents protected with jurisdiction-aware policies +- Automatic compliance with local data protection requirements +- Selective disclosure based on relevance and privilege claims +- Court-ordered access controls enforced cryptographically + +## Technology and SaaS + +### **Customer Data in Multi-Tenant SaaS** + +**Challenge**: SaaS providers need to protect customer data in multi-tenant environments while enabling necessary operational access. + +**OpenTDF Solution**: +- Customer data protected with tenant-specific TDF policies +- Support staff access limited by customer approval and audit requirements +- Data protection independent of underlying cloud infrastructure +- Customer retains control even over data in vendor systems + +### **DevOps and CI/CD Pipeline Security** + +**Challenge**: Protecting sensitive configuration, secrets, and code as they move through development, testing, and production pipelines. + +**OpenTDF Implementation**: +- Configuration files and secrets protected as TDF +- Environment-specific access policies (dev, staging, prod) +- Automatic rotation and revocation capabilities +- Audit trail for compliance and security monitoring + +## Key Success Patterns + +Across all these use cases, successful OpenTDF implementations share common characteristics: + +### **1. Start with High-Value, High-Risk Data** +- Identify data that would cause significant harm if compromised +- Focus on scenarios where traditional security has clear gaps +- Demonstrate value with concrete business outcomes + +### **2. Integrate with Existing Workflows** +- Minimize disruption to established business processes +- Leverage existing identity and attribute systems +- Provide familiar user experiences through SDK integration + +### **3. Plan for Policy Lifecycle Management** +- Establish clear governance for policy creation and updates +- Implement approval workflows for sensitive policy changes +- Regular reviews and audits of policy effectiveness + +### **4. Measure and Monitor** +- Track data access patterns and policy effectiveness +- Monitor for unauthorized access attempts +- Measure business impact: time savings, risk reduction, compliance costs + +## Implementation Considerations + +### **Technical Requirements** +- Identity and attribute sources (LDAP, SAML, etc.) +- Key management infrastructure +- Application integration points +- Audit and monitoring systems + +### **Organizational Requirements** +- Policy governance processes +- User training and change management +- Legal and compliance review procedures +- Incident response plan updates + +## Next Steps + +- Learn about the [technical architecture](/explanation/platform-architecture) that enables these use cases +- Understand [Zero-Trust integration](zero-trust-architecture) for comprehensive security +- Compare [traditional vs. data-centric](traditional-vs-data-centric) approaches in detail +- Try implementing data protection for your use case in our [hands-on tutorial](/tutorials/your-first-tdf) \ No newline at end of file diff --git a/docs/explanation/data-centric-security/zero-trust-architecture.md b/docs/explanation/data-centric-security/zero-trust-architecture.md new file mode 100644 index 00000000..1a039e63 --- /dev/null +++ b/docs/explanation/data-centric-security/zero-trust-architecture.md @@ -0,0 +1,218 @@ +# Zero-Trust Architecture and OpenTDF + +Zero Trust represents a fundamental shift from traditional "trust but verify" security models to "never trust, always verify." OpenTDF is specifically designed to implement the data protection pillars of Zero Trust architecture, ensuring that data remains secure regardless of where it travels or who attempts to access it. + +## Zero Trust Principles + +Zero Trust architecture is built on several core principles: + +### 1. **Never Trust, Always Verify** +Every access request must be authenticated, authorized, and encrypted, regardless of: +- User location (inside or outside the network) +- Device being used +- Previous access history +- Network security posture + +### 2. **Assume Breach** +Operate under the assumption that: +- The network perimeter is already compromised +- Insider threats exist +- Any system could be breached at any time +- Traditional network controls are insufficient + +### 3. **Least Privilege Access** +Grant users and applications: +- Minimum access necessary to perform their job +- Time-limited access when possible +- Context-aware permissions based on risk assessment +- Continuous monitoring and validation + +## How OpenTDF Enables Zero Trust + +OpenTDF implements Zero Trust specifically for data protection through several mechanisms: + +### **Cryptographic Policy Binding** + +Traditional security relies on network controls that can be bypassed. OpenTDF cryptographically binds access policies to data objects: + +```mermaid +graph LR + subgraph "Traditional Zero Trust" + NET[Network Controls] + ID[Identity Verification] + DEV[Device Trust] + end + + subgraph "OpenTDF Zero Trust" + DATA[🔒 Self-Protecting Data] + POLICY[📋 Cryptographic Policy] + KEYS[🔑 Distributed Key Management] + end + + DATA -.-> POLICY + POLICY -.-> KEYS + + classDef opentdf fill:#87CEEB,stroke:#4682B4,stroke-width:2px + class DATA,POLICY,KEYS opentdf +``` + +### **Continuous Authorization** + +Unlike traditional access controls that grant broad permissions, OpenTDF enforces authorization on every data access: + +- **Real-time policy evaluation** for each access attempt +- **Dynamic attribute checking** based on current context +- **Immediate policy updates** without re-encrypting data +- **Granular permissions** down to individual data objects + +### **Context-Aware Access Control** + +OpenTDF policies can incorporate Zero Trust contextual factors: + +```yaml +# Example TDF Policy with Zero Trust Attributes +policy: + attributes: + - "classification:confidential" + - "project:alpha" + rules: + - grant_if: + - user_role: "project_member" + - device_compliance: "managed" + - location: "approved_countries" + - time: "business_hours" + - deny_if: + - risk_score: ">75" + - device_jailbroken: true +``` + +### **Zero Trust Data Mobility** + +Traditional Zero Trust often assumes data stays within controlled environments. OpenTDF extends Zero Trust protection to data wherever it goes: + +- **External sharing**: Partners and vendors receive protected data, not raw files +- **Cloud migration**: Data protection independent of infrastructure +- **Mobile access**: Consistent security across all devices and locations +- **Offline scenarios**: Protection even when disconnected from central systems + +## Zero Trust + OpenTDF Architecture + +A complete Zero Trust implementation with OpenTDF typically includes: + +```mermaid +graph TB + subgraph "Identity & Access" + IDP[Identity Provider] + MFA[Multi-Factor Auth] + RBA[Risk-Based Auth] + end + + subgraph "OpenTDF Platform" + AUTH[Authorization Service] + KAS[Key Access Server] + ATTR[Attribute Authority] + end + + subgraph "Protected Data" + TDF[🔒 TDF Files] + POLICY[📋 Policies] + AUDIT[📊 Audit Logs] + end + + subgraph "Clients & Applications" + SDK[OpenTDF SDK] + APP[Applications] + USERS[End Users] + end + + IDP --> AUTH + MFA --> AUTH + RBA --> AUTH + + AUTH --> KAS + ATTR --> AUTH + + KAS --> TDF + POLICY --> TDF + + SDK --> AUTH + SDK --> KAS + APP --> SDK + USERS --> APP + + classDef identity fill:#FFE4B5 + classDef opentdf fill:#87CEEB + classDef data fill:#98FB98 + classDef client fill:#F0E68C + + class IDP,MFA,RBA identity + class AUTH,KAS,ATTR opentdf + class TDF,POLICY,AUDIT data + class SDK,APP,USERS client +``` + +## Real-World Zero Trust Scenarios + +### **Remote Work Security** + +**Challenge**: Employees access sensitive data from unmanaged devices and networks. + +**OpenTDF Solution**: +- Data protected with TDF regardless of access location +- Policies enforce device compliance requirements +- VPN not required - data is inherently protected +- Real-time policy updates for changing threat landscape + +### **Third-Party Collaboration** + +**Challenge**: Sharing sensitive data with partners while maintaining control. + +**OpenTDF Solution**: +- Partners receive TDF files, not raw data +- Access automatically expires after project completion +- Audit trail shows exactly how partners used the data +- Revocation possible even after data has been shared + +### **Cloud Migration** + +**Challenge**: Maintaining security posture when moving to cloud providers. + +**OpenTDF Solution**: +- Data protection independent of cloud provider security +- Encryption keys managed separately from data storage +- Consistent policy enforcement across multi-cloud environments +- No vendor lock-in for security controls + +## Benefits of OpenTDF in Zero Trust + +1. **Data-Centric Protection**: Security travels with data, not just systems +2. **Reduced Attack Surface**: Encrypted data useless without proper authorization +3. **Simplified Compliance**: Built-in audit trails and policy enforcement +4. **Operational Flexibility**: Share data safely without complex infrastructure +5. **Future-Proof Security**: Standards-based approach adaptable to new threats + +## Implementation Considerations + +When implementing OpenTDF as part of Zero Trust strategy: + +### **Start with High-Value Data** +- Identify most sensitive data assets +- Implement TDF protection for critical documents first +- Expand coverage based on risk assessment + +### **Integrate with Existing Identity Systems** +- Leverage current identity providers and attribute sources +- Align TDF policies with existing role-based access controls +- Ensure consistent user experience across systems + +### **Plan for Policy Management** +- Establish clear governance for TDF policy creation +- Define approval workflows for policy changes +- Implement regular policy reviews and updates + +## Next Steps + +- Learn about [traditional vs. data-centric security approaches](traditional-vs-data-centric) +- Explore [real-world use cases](use-cases) for OpenTDF in Zero Trust environments +- Understand the [platform architecture](/explanation/platform-architecture) that enables these capabilities +- Try implementing Zero Trust data protection in our [tutorial](/tutorials/your-first-tdf) \ No newline at end of file diff --git a/docs/explanation/index.mdx b/docs/explanation/index.mdx new file mode 100644 index 00000000..1c5db371 --- /dev/null +++ b/docs/explanation/index.mdx @@ -0,0 +1,365 @@ +--- +sidebar_position: 1 +--- + +import Cards from "@site/src/components/Cards"; + +# Understanding OpenTDF + +## What is OpenTDF? + +OpenTDF is an **open-source platform** for implementing **data-centric security** using **zero-trust principles**. It enables organizations to cryptographically bind access control policies directly to data, ensuring persistent protection regardless of where data travels or is stored. + +### Project Mission and Vision + +**Mission**: Make data-centric security accessible to every organization through open-source tools and standards. + +**Vision**: A world where sensitive data protects itself—traveling securely across organizations, clouds, and borders while maintaining fine-grained access control. + +### Core Value Proposition + +- **Protect data, not just perimeters**: Policies travel with encrypted data +- **Enforce anywhere**: Authorization decisions made at access time, not just at network boundaries +- **Fine-grained control**: Attribute-based policies enable nuanced access rules +- **Standards-based**: Built on Trusted Data Format (TDF) specifications +- **Open source**: Apache 2.0 licensed, community-driven development + +### Who Should Use OpenTDF? + +OpenTDF is designed for: + +- **Enterprise developers** building data protection into applications +- **Government agencies** sharing classified or sensitive information +- **Healthcare organizations** protecting patient data across partners +- **Financial institutions** securing customer data and transactions +- **SaaS providers** offering data protection to customers +- **Any organization** needing persistent, fine-grained data access control + +--- + +## The Trusted Data Format (TDF) + +At the heart of OpenTDF is the **Trusted Data Format**—a specification for cryptographically binding access policies to encrypted data. + +### What is TDF? + +TDF is a container format that wraps encrypted data with: + +- **Encrypted payload**: The actual data, encrypted with a symmetric key +- **Policy**: Access control rules defined as attribute requirements +- **Key Access Objects (KAOs)**: Encrypted keys and metadata for policy enforcement +- **Manifest**: Structure describing the TDF contents + +### Why Data-Centric Security Matters + +Traditional security models protect the perimeter (firewalls, VPNs, access controls at the gate). Once data crosses the perimeter, protection is often lost. + +**Data-centric security** protects the data itself: + +- **Encrypt once, enforce everywhere**: Data stays encrypted until authorized access +- **Persistent protection**: Policies remain bound to data through its lifecycle +- **Dynamic policies**: Change access rules without re-encrypting data +- **Granular control**: Different policies for different data elements + +### Key Capabilities + +**1. Attribute-Based Access Control (ABAC)** + +Define policies using attributes (user properties, data classifications, environmental context): + +``` +Grant access IF: + User has "department=engineering" AND + User has "clearance=confidential" AND + Access time is "business_hours" +``` + +**2. Split Key Architecture** + +Separate data encryption from policy enforcement: + +- **Data Encryption Key (DEK)**: Encrypts the actual data +- **Key Encryption Key (KEK)**: Provided by Key Access Server only if policy permits +- Authorization decision controls key release, not the encrypted data + +**3. Cryptographic Policy Binding** + +Policies are cryptographically bound to data—tamper-evident and tamper-resistant. + +--- + +## Foundational Services + +OpenTDF implements the NIST ABAC model through four core microservices that work together to enforce policies. + +```mermaid +graph TB + Client[Client Application
PEP] + KAS[Key Access Server
PEP] + AuthZ[Authorization Service
PDP] + Policy[Policy Service
PAP] + ER[Entity Resolution
PIP] + + Client -->|Encrypt/Decrypt| KAS + KAS -->|Authorize| AuthZ + AuthZ -->|Get Policy| Policy + AuthZ -->|Resolve Attributes| ER +``` + +### Policy Service (PAP - Policy Administration Point) + +**Purpose**: Manage attribute definitions, namespaces, values, and subject mappings. + +**Responsibilities**: +- Define attribute namespaces and hierarchies +- Create attributes with rules (ANY_OF, ALL_OF, HIERARCHY) +- Map subjects to attributes via condition sets +- Provide policy query API + +**Learn More**: [Policy Service API Reference](../reference/OpenAPI-clients/policy/policy/) + +--- + +### Authorization Service (PDP - Policy Decision Point) + +**Purpose**: Make access decisions by evaluating policies against subject attributes. + +**Responsibilities**: +- Receive authorization requests (subject + resource + action) +- Resolve subject attributes via Entity Resolution +- Evaluate policies (match subject attributes to resource requirements) +- Return PERMIT or DENY decision + +**Learn More**: [Authorization Service API Reference](../reference/OpenAPI-clients/authorization/v2/authorization-v-2/) + +--- + +### Entity Resolution Service (PIP - Policy Information Point) + +**Purpose**: Resolve subject attributes from external identity and directory services. + +**Responsibilities**: +- Query LDAP, SCIM, databases, or APIs for user attributes +- Apply subject mappings and condition sets +- Cache resolution results for performance +- Return attribute list for authorization evaluation + +**Learn More**: [Entity Service Integration Guide](../how-to/integration-patterns/entity-service-integration.mdx) + +--- + +### Key Access Server (PEP - Policy Enforcement Point) + +**Purpose**: Enforce authorization decisions by controlling access to encryption keys. + +**Responsibilities**: +- Receive key access requests from clients decrypting TDFs +- Call Authorization Service for access decision +- If authorized: rewrap and release data encryption key +- If denied: refuse key access +- Log all access attempts for audit + +**Learn More**: [Key Access Server API Reference](../reference/OpenAPI-clients/kas/kas/) + +--- + +### How They Work Together + +**Encryption Flow**: + +```mermaid +sequenceDiagram + participant Client + participant KAS as Key Access Server + participant TDF as Encrypted TDF + + Client->>Client: 1. Generate random DEK + Client->>Client: 2. Encrypt data with DEK + Client->>KAS: 3. Send DEK + attributes + KAS->>KAS: 4. Encrypt DEK (KEK) + KAS-->>Client: Return encrypted DEK + Client->>TDF: 5. Create TDF:
• Encrypted data
• Encrypted DEK
• Policy (attributes) +``` + +**Decryption Flow**: + +```mermaid +sequenceDiagram + participant Client + participant KAS as Key Access Server + participant AuthZ as Authorization Service + participant ER as Entity Resolution + + Client->>KAS: 1. TDF + JWT token + KAS->>AuthZ: 2. Can this user access? + AuthZ->>ER: 3. What attributes does user have? + ER-->>AuthZ: 4. User attributes + AuthZ->>AuthZ: 5. Evaluate policy + alt User attributes satisfy policy + AuthZ-->>KAS: PERMIT + KAS->>KAS: 6. Rewrap DEK for user + KAS-->>Client: Encrypted DEK + Client->>Client: 7. Decrypt data + else User attributes do not satisfy policy + AuthZ-->>KAS: DENY + KAS-->>Client: Access denied + end +``` + +--- + +## Sample Implementations + +OpenTDF provides multiple ways to integrate data protection: + +### Language SDKs + +Official SDKs for multiple languages: + +| Language | Repository | Status | +|----------|------------|--------| +| **Java** | [opentdf/java-sdk](https://github.com/opentdf/java-sdk) | ✅ Stable | +| **Go** | [opentdf/platform/sdk](https://github.com/opentdf/platform/tree/main/sdk) | ✅ Stable | +| **Python** | [opentdf/client-python](https://github.com/opentdf/client-python) | ✅ Stable | +| **JavaScript/TypeScript** | [opentdf/client-web](https://github.com/opentdf/client-web) | ✅ Stable | + +**Use SDKs to**: +- Encrypt and decrypt data with policies +- Manage policies (create attributes, subject mappings) +- Make authorization decisions +- Integrate OpenTDF into applications + +--- + +### CLI Tools + +**otdfctl**: Command-line tool for managing OpenTDF + +```bash +# Create namespace +otdfctl policy attributes namespaces create --name example.com/attr/department + +# Create attribute +otdfctl policy attributes create \ + --namespace example.com/attr/department \ + --name department \ + --rule ANY_OF \ + --values engineering,sales,hr + +# Encrypt file +otdfctl encrypt --file sensitive.txt --attributes example.com/attr/department/value/engineering + +# Decrypt file +otdfctl decrypt --file sensitive.txt.tdf +``` + +**Learn More**: [otdfctl Documentation](/explanation/platform-architecture/components/cli/) + +--- + +### Reference Implementations + +Explore example applications: + +- **[Java Examples](https://github.com/opentdf/java-sdk/tree/main/examples)**: Complete Java application samples +- **[Web Demo](https://github.com/opentdf/web-demo)**: Interactive browser-based demo +- **[Code Samples](../reference/code-samples/)**: Language-specific examples + +--- + +### Community Examples + +Community-contributed integrations and examples: + +- Plugin for popular frameworks +- Integration with cloud services +- Custom PEP implementations + +**Contribute**: Share your OpenTDF integration in the [community forum](https://github.com/opentdf/community)! + +--- + +This section explains the fundamental concepts that make OpenTDF unique and powerful for protecting sensitive data throughout its lifecycle. + +## Core Concepts + + + +## Why OpenTDF Matters + +In traditional security models, once data leaves a secure perimeter, control is often lost. OpenTDF changes this by: + +- **Binding policy to data**: Access controls are cryptographically attached to data objects +- **Enabling zero-trust data**: Data remains protected regardless of where it travels +- **Providing granular control**: Fine-tuned access decisions based on context and attributes +- **Maintaining compliance**: Comprehensive audit trails and policy enforcement + +## Next Steps + +### For New Users + +1. **Quick Start**: [Your First TDF Tutorial](../tutorials/your-first-tdf/) - Get hands-on in 30 minutes +2. **Deep Dive**: [ABAC and Policy](../explanation/abac-and-policy/) - Understand the policy model +3. **TDF Details**: [Trusted Data Format](../explanation/trusted-data-format/) - Learn about TDF structure and cryptography +4. **Architecture**: [Platform Architecture](../explanation/platform-architecture/) - See how services work together + +### For Developers + +1. **Implement a PEP**: [PEP Implementation Guide](../how-to/integration-patterns/implementing-a-pep.mdx) +2. **Browse Code**: [Code Samples](../reference/code-samples/) - Working examples in multiple languages +3. **Choose Your Path**: [Learning Paths](../learning-paths) - Guided journey by role + +### For Architects + +1. **Design Policies**: [ABAC and Policy](../explanation/abac-and-policy/) - Policy design best practices +2. **Standards Landscape**: [TDF History and Standards](../explanation/trusted-data-format/history-and-standards) - Choose the right format +3. **Integration Patterns**: [Integration Patterns](../how-to/integration-patterns/) - Common scenarios and architectures + +### For Operators + +1. **Deploy**: [Your First TDF Tutorial](../tutorials/your-first-tdf/) - Docker Compose setup +2. **Configure**: [Service Configuration References](../reference/OpenAPI-clients/) - Production settings +3. **Integrate**: [Identity Provider Integration](../how-to/integration-patterns/identity-provider-integration.mdx) - Connect your IdP + +--- + +## Learn More + +- **[Learning Paths](../learning-paths)**: Curated paths by role (Developer, Architect, Operator) +- **[Documentation Hub](../documentation)**: Browse all documentation +- **[Community Forum](https://github.com/opentdf/community)**: Ask questions and share experiences \ No newline at end of file diff --git a/docs/components/_category_.json b/docs/explanation/platform-architecture/components/_category_.json similarity index 96% rename from docs/components/_category_.json rename to docs/explanation/platform-architecture/components/_category_.json index 5cbe4496..5a3a89f6 100644 --- a/docs/components/_category_.json +++ b/docs/explanation/platform-architecture/components/_category_.json @@ -1,6 +1,6 @@ { "label": "Components and Services", - "position": 3, + "position": 2, "link": { "type": "generated-index", "description": "Authorization, Policy, Entity Resolution, Key Access, and a comprehensive command line are the key elements that make up the OpenTDF platform. These components work together to enforce attribute-based access control, manage cryptographic keys, and support secure data sharing through the use of the Trusted Data Format (TDF)." diff --git a/docs/components/authorization.md b/docs/explanation/platform-architecture/components/authorization.md similarity index 100% rename from docs/components/authorization.md rename to docs/explanation/platform-architecture/components/authorization.md diff --git a/docs/components/core/authz.md b/docs/explanation/platform-architecture/components/core/authz.md similarity index 100% rename from docs/components/core/authz.md rename to docs/explanation/platform-architecture/components/core/authz.md diff --git a/docs/components/core/index.md b/docs/explanation/platform-architecture/components/core/index.md similarity index 100% rename from docs/components/core/index.md rename to docs/explanation/platform-architecture/components/core/index.md diff --git a/docs/components/entity_resolution.md b/docs/explanation/platform-architecture/components/entity_resolution.md similarity index 100% rename from docs/components/entity_resolution.md rename to docs/explanation/platform-architecture/components/entity_resolution.md diff --git a/docs/components/key_access.md b/docs/explanation/platform-architecture/components/key_access.md similarity index 57% rename from docs/components/key_access.md rename to docs/explanation/platform-architecture/components/key_access.md index ee6e49c1..20fb7dec 100644 --- a/docs/components/key_access.md +++ b/docs/explanation/platform-architecture/components/key_access.md @@ -35,8 +35,8 @@ KAS offers the following RPC methods: KAS TDF Rewrap 1. The client extracts two pieces of information from the TDF: - 1. [Key Access Object (KAO)](/spec/schema/opentdf/key_access_object): This contains the wrapped key and the policy binding. - 2. The [Policy](/spec/schema/opentdf/policy) from the manifest. + 1. [Key Access Object (KAO)](/reference/trusted-data-format/specifications/schema/opentdf/key_access_object): This contains the wrapped key and the policy binding. + 2. The [Policy](/reference/trusted-data-format/specifications/schema/opentdf/policy) from the manifest. 2. The client generates an ephemeral asymmetric key pair, used to wrap the KAO content (such as an AES encryption key that can access the TDF payload) from KAS. @@ -77,60 +77,3 @@ At this point, the client is ready to make the rewrap request. The following is ``` 6. If the policy is valid and untampered, KAS calls the [Authorization Service](./authorization) to confirm whether the entity is allowed access to the TDF. If authorized, KAS rewraps the symmetric key with the client's public key and returns the newly wrapped key for the client to use in decrypting the TDF. - -### NanoTDF - -KAS NanoTDF Rewrap - -NanoTDF leverages the same KAS Rewrap Endpoint but the request body differs slightly from a TDF Rewrap call. - -1. The client extracts the NanoTDF [Header](/spec/schema/nanotdf#331-header) and from that Header extracts the KAS URL. - -2. The client generates an ephemeral asymmetric key pair, used to wrap the shared secret originally generated on NanoTDF creation. - -3. Because NanoTDF doesn't have the concept of a Key Access Object the client builds one. The Key Access Object is then used to help build a `RequestBody`: - - ```json title="Key Access" - { - "header": "", - "type": "remote", - "url": "https://kas.opentdf.io", - "protocol": "kas" - } - ``` - - ```json title="Request Body" - { - "requestBody": { - "algorithm": "ec:secp256r1", - "keyAccess": "", - "clientPublicKey": "" - } - } - ``` - -4. With this `RequestBody`, the client creates a Signed Request Token, which is a JWT signed with the client's DPoP public key or Ephemeral Key Pair - - :::note - "Demonstration of Proof of Possession" is currently optional due to inconsistencies across identity providers. - ::: - - ```json title="Body of JWT" - { - "requestBody": "" - } - ``` - - At this point, the client is ready to make the rewrap request. The following is an example request body. - - ```json title="Signed Request Token" - { - "signedRequestToken": "" - } - ``` - -1. KAS extracts the encrypted policy in the NanoTDF [Header](/spec/schema/nanotdf#331-header) and verifies the policy binding. - - If ECDSA Binding is enabled KAS will verify the use ECDSA to verify the signature otherwise it defaults to comparing the `GMAC` - -2. If the policy is valid and untampered, KAS calls the [Authorization Service](./authorization) to confirm whether the entity is allowed access to the NanoTDF. If authorized, KAS generates a new shared key with the clients ephemeral public key and uses `AES-GCM` to encrypt the shared secret used to encrypt the NanoTDF payload. - diff --git a/docs/components/policy/actions.md b/docs/explanation/platform-architecture/components/policy/actions.md similarity index 100% rename from docs/components/policy/actions.md rename to docs/explanation/platform-architecture/components/policy/actions.md diff --git a/docs/components/policy/attributes.md b/docs/explanation/platform-architecture/components/policy/attributes.md similarity index 64% rename from docs/components/policy/attributes.md rename to docs/explanation/platform-architecture/components/policy/attributes.md index 58d1451b..d0ee4a23 100644 --- a/docs/components/policy/attributes.md +++ b/docs/explanation/platform-architecture/components/policy/attributes.md @@ -69,6 +69,44 @@ style C fill:#0697e4f5,stroke:#333,stroke-width:1px,color:black These attributes will now be used to drive access decisions based on policies in the platform. +## Attribute Rules + +Attribute definitions include a **rule** that determines how the attribute's values are evaluated during authorization decisions. The rule controls the entitlement logic when matching subject attributes against TDF data attributes. + +### Available Rules + +- **ANY_OF**: Subject needs at least one matching attribute value to access data + - Use for: Independent categories, "either/or" requirements + - Example: Team membership, color preferences + +- **ALL_OF**: Subject must have all attribute values required by the data + - Use for: Compound requirements, "and" logic + - Example: Multi-certification requirements, cross-functional access + +- **HIERARCHY**: Subject needs the same level or higher in an ordered hierarchy + - Use for: Membership tiers, organizational levels, graduated access + - Index 0 = highest level; actions propagate down the hierarchy + - Example: Subscription tiers, job levels, access tiers + +### Detailed Explanation + +For comprehensive explanations with examples and use-case guidance, see: +- **[ABAC & Policy: Attribute Rules](/explanation/abac-and-policy/#attribute-rules)** - Conceptual deep dive with detailed examples +- **[CLI Reference: Creating Attributes](/explanation/platform-architecture/components/cli/policy/attributes/create)** - Command-line usage and syntax + +### Rule Selection Impact + +Choosing the wrong rule can have security implications: +- Changing from `ANY_OF` to `ALL_OF` may inadvertently deny access to legitimate users +- Changing from `HIERARCHY` to `ANY_OF` may grant unintended access across organizational levels +- Reordering hierarchical values changes the access ladder + +See [Unsafe Actions](#unsafe-actions) below for more on modifying rules. + +## Key Association + +Keys can be associated with attributes and values. This allows for more granular access control. For example, you can require that an entity has a specific key in addition to the required attributes. + ## Unsafe Actions Certain actions on policy attributes are considered "unsafe" because they may inadvertently affect access control, potentially granting or removing access unintentionally. Deactivating a Namespace, for example, cascades to deactivate its Definitions and their Values. Similarly, deactivating a Definition deactivates its Values. diff --git a/docs/explanation/platform-architecture/components/policy/index.md b/docs/explanation/platform-architecture/components/policy/index.md new file mode 100644 index 00000000..53fc3832 --- /dev/null +++ b/docs/explanation/platform-architecture/components/policy/index.md @@ -0,0 +1,44 @@ +--- +sidebar_position: 1 +slug: /explanation/platform-architecture/components/policy +--- +# Policy + +Policy is the all-encompassing name for configuration of cryptographically-bound Attribute Based Access Control (ABAC) within the Platform. + +```mermaid +graph TD + subgraph "External Concepts" + ENTITIES[Entities] + DATA[Data] + end + + subgraph "Policy Components" + SM[Subject Mappings] + RM[Resource Mappings] + ATTR[Attributes] + ACTIONS[Actions] + KM[Key Mappings] + end + + ENTITIES --> SM --> ATTR + DATA --> RM + ACTIONS --> RM + RM --> ATTR + ATTR --> KM +``` + +TDF creation and decryption are driven by the Policy within a Platform instance and the TDF manifest. In other words, on a TDF decryption request, the platform services (KAS, Authorization) compare attributes on the TDF against the requester's entitlements to make a decision to release the key or not. + +Components of Policy include: + +- [Attributes](./attributes.md) + - Namespaces + - Definitions + - Values +- [Actions](./actions.md) +- [Subject Mappings](./subject_mappings.md) + - Subject Condition Sets +- [Registered Resources](./registered_resources.md) +- [Resource Mappings](./resource_mappings.md) +- [Key Mappings](./keymanagement/key_mappings.md) \ No newline at end of file diff --git a/docs/components/policy/key_access_grants.md b/docs/explanation/platform-architecture/components/policy/key_access_grants.md similarity index 95% rename from docs/components/policy/key_access_grants.md rename to docs/explanation/platform-architecture/components/policy/key_access_grants.md index 58ff9291..ec6d29ae 100644 --- a/docs/components/policy/key_access_grants.md +++ b/docs/explanation/platform-architecture/components/policy/key_access_grants.md @@ -5,6 +5,12 @@ In v0.7.0 of the platform creating grants is now deprecated in favor of [key mappings](./keymanagement/key_mappings.md). Version 0.7.0 of the platform will error when attempting to assign key access servers to attributes. ::: + +If you currently have Key Access Grants defined, it is recommended to follow the [migration steps](#migration-to-key-mappings). + +:::warning +All migration steps should be completed in one go. As soon as a new key map is created, kas-grants are no longer used; this might result in TDFs being generated without the correct keys being used if the migration is not completed. +::: Key Access Grants (KAS Grants) are associations between a registered Key Access Server (KAS) and an Attribute. These grants can be applied at the namespace, definition, or value level of an attribute. KAS Grants enable key split behaviors on TDFs with attributes, facilitating various collaboration scenarios around shared policies. Grants follow the specificity matrix below, which determines the KAS public keys used for encryption in various KAS grant scenarios: diff --git a/docs/explanation/platform-architecture/components/policy/key_access_registry.md b/docs/explanation/platform-architecture/components/policy/key_access_registry.md new file mode 100644 index 00000000..9e576f9a --- /dev/null +++ b/docs/explanation/platform-architecture/components/policy/key_access_registry.md @@ -0,0 +1,16 @@ +# Key Access Registry + +The Key Access Server (KAS) Registry within the platform policy is a store of known Key Access Servers. + +Within platform policy, a registered KAS instance has the following key attributes: + +1. **URI**: The location where the KAS is accessible. This must be unique among all KAS instances registered in the platform. +2. **Keys**: Each KAS can have multiple keys associated with it. These keys are used to encrypt and decrypt TDFs. + +## Base Key + +A KAS can have a base key, which is the default key that is used for encryption. If no other key is specified, the base key will be used. + +## Key Mappings + +Keys can be mapped to namespaces, attribute definitions, and attribute values. When an SDK client creates a TDF with an attribute that has a mapped key, the client will use the mapped key to encrypt the payload. \ No newline at end of file diff --git a/docs/components/policy/keymanagement/base_key.md b/docs/explanation/platform-architecture/components/policy/keymanagement/base_key.md similarity index 72% rename from docs/components/policy/keymanagement/base_key.md rename to docs/explanation/platform-architecture/components/policy/keymanagement/base_key.md index 35c3efdb..90362f05 100644 --- a/docs/components/policy/keymanagement/base_key.md +++ b/docs/explanation/platform-architecture/components/policy/keymanagement/base_key.md @@ -1,6 +1,6 @@ --- sidebar_position: 1 -slug: /components/policy/keymanagement/base_key +slug: /explanation/platform-architecture/components/policy/keymanagement/base_key --- # Base Key @@ -13,7 +13,7 @@ A base key, or default key, is a key that will be used when no grants or key map You must have admin permission to use any key operations. ::: -When using the [kas-registry proto](https://github.com/opentdf/platform/blob/main/service/policy/kasregistry/key_access_server_registry.proto#L659-L662) and an active connection to the platform you can use the above base key rpcs to set and retrieve the base key. +When using the [kas-registry proto](https://github.com/opentdf/platform/blob/5221cf41079fc43a3966e17c6f3e0d3cf8a16730/service/policy/kasregistry/key_access_server_registry.proto#L692-L696) and an active connection to the platform you can use the above base key rpcs to set and retrieve the base key. [otdfctl base key](https://github.com/opentdf/otdfctl/tree/main/docs/man/policy/kas-registry/key/base) provides documentation on how to set / get base keys with the OpenTDF CLI. @@ -23,9 +23,7 @@ When using the [kas-registry proto](https://github.com/opentdf/platform/blob/mai 1. The passed in kas information list 2. The key algorithm 2. If a base key is not present, the SDK will fallback to using the passed in kas information list and key algorithm. -3. If the base key is not of type ECC, it **cannot** be used with NanoTDF. - 1. If the registered base key is not of type ECC, the SDK will fallback to using the passed in kas url and key type. :::note In upcoming versions of the SDK, post v0.5.0, the SDK will prefer to error when no base key is set; instead of falling back. -::: \ No newline at end of file +::: diff --git a/docs/components/policy/keymanagement/index.md b/docs/explanation/platform-architecture/components/policy/keymanagement/index.md similarity index 87% rename from docs/components/policy/keymanagement/index.md rename to docs/explanation/platform-architecture/components/policy/keymanagement/index.md index 0176cb22..0d32bb69 100644 --- a/docs/components/policy/keymanagement/index.md +++ b/docs/explanation/platform-architecture/components/policy/keymanagement/index.md @@ -1,6 +1,6 @@ --- sidebar_position: 1 -slug: /components/policy/keymanagement +slug: /explanation/platform-architecture/components/policy/keymanagement --- # Key Management @@ -47,7 +47,7 @@ The primary difference is that the **Key Manager** needs to reach out to the KMS ## What is different with the new key architecture? -1. Previously, when starting the platform users would be expected to populate the [startup yaml file](https://github.com/opentdf/platform/blob/main/opentdf-dev.yaml#L150-L158) with asymmetric keys that would be used by KAS for and decryption. Now keys, or their reference, should be stored/registered with the platform via the [kas-registry](https://github.com/opentdf/platform/blob/main/service/policy/kasregistry/key_access_server_registry.proto#L644-L656). +1. Previously, when starting the platform users would be expected to populate the [startup yaml file](https://github.com/opentdf/platform/blob/5221cf41079fc43a3966e17c6f3e0d3cf8a16730/opentdf-dev.yaml#L160-L171) with asymmetric keys that would be used by KAS for and decryption. Now keys, or their reference, should be stored/registered with the platform via the [kas-registry key endpoints](https://github.com/opentdf/platform/blob/main/service/policy/kasregistry/key_access_server_registry.proto#L678-L699). 2. Endpoints for easier management of keys through the kas-registry. 1. Create/Read/Update 2. Key Rotation diff --git a/docs/explanation/platform-architecture/components/policy/keymanagement/key_managers.md b/docs/explanation/platform-architecture/components/policy/keymanagement/key_managers.md new file mode 100644 index 00000000..6011d57e --- /dev/null +++ b/docs/explanation/platform-architecture/components/policy/keymanagement/key_managers.md @@ -0,0 +1,66 @@ +--- +sidebar_position: 1 +slug: /explanation/platform-architecture/components/policy/keymanagement/key_managers +--- + +# Key Managers + +With the new key architecture OpenTDF has added the flexibility for an organization to store keys outside of a key access server or the platform. For example, if you want to use OpenTDF and your encryption keys are stored within AWS KMS, this is now totally possible through **key managers**. + +## What is a key manager? + +A key manager is essentially a client that is used for either performing cryptographic operations or orchestrating the necessary procedures for retrieving the decrypted data encryption key, which can be used for decrypting the TDF. An example of a key manager can be found in the [basic manager](https://github.com/opentdf/platform/blob/main/service/internal/security/basic_manager.go). The basic manager is the default manager, which expects the private key to be stored within the platform and the symmetric key that wraps the private key to be stored within KAS. + +## How do I register a key manager? + +If you have written your own key manager, you can register it with KAS by providing its factory method with a [server option](https://github.com/opentdf/platform/blob/5221cf41079fc43a3966e17c6f3e0d3cf8a16730/service/pkg/server/options.go#L141-L164) (.so), during server startup. By providing a way to instantiate an object of your key manager type we will then use it when necessary. You will also need to configure KAS to use the new key manager. This is done through provider configuration file (.cfg). + +:::important +As of [Service v0.10.0](https://github.com/opentdf/platform/releases/tag/service%2Fv0.10.0) the use of the `name` field is not used for mapping a key to an implementation of that manager. Instead, +the new [manager](https://github.com/opentdf/platform/blob/5221cf41079fc43a3966e17c6f3e0d3cf8a16730/service/policy/keymanagement/key_management.proto#L22) field is used for this purpose. The `name` should +now be treated as a friendly name. +::: + +### Provider configurations + +Provider configurations are a way of entangling a key to a specific manager. The [key management proto](https://github.com/opentdf/platform/blob/5221cf41079fc43a3966e17c6f3e0d3cf8a16730/service/policy/keymanagement/key_management.proto) provides specifics on what RPCs are available as well as what is expected within each call. One of the most important parts of the provider configuration is the **manager** field. The **manager** field is what KAS will look for when trying to instantiate a specific manager. If no manager with that name is found, KAS will attempt to use the default manager. + +The basic flow is as follows: +:::note +In the below example, r1 is just an example key id. +Key managers are a part of KAS, and not external services +although they can reach out to external services to perform +needed operations. +::: + +```mermaid +sequenceDiagram + SDK->>+KAS: Rewrap key (key id=r1) + KAS->>+Platform: Retrieve key (key id=r1) + Platform->>+KAS: Returns key + KAS->>+KAS: Get name of provider config from key + KAS->>+KAS: Instantiate key manager from provider's manager field + KAS->>+Key Manager: Decrypt data encryption key + Key Manager->>+KAS: Return decrypted key + KAS->>+SDK: Return rewrapped data encryption key +``` + +When creating your provider configuration and registering your key manager the [name](https://github.com/opentdf/platform/blob/5221cf41079fc43a3966e17c6f3e0d3cf8a16730/service/trust/key_manager.go#L50) given in the manager factory, must match the [manager](https://github.com/opentdf/platform/blob/5221cf41079fc43a3966e17c6f3e0d3cf8a16730/service/policy/keymanagement/key_management.proto#L22) field given to the provider configuration. For example, if you register a manager with name **opentdf.io/aws** you would need to create a provider configuration with **opentdf.io/aws** as the `manager` field and tie it to a key when creating the key. + +:::important +If private keys are meant to be stored within the platform database, +there should be no provider configuration added to the key. Since +an empty provider configuration is assumed to be tied to the +default manager. +::: + +:::important +Provider configuration names must be unique. +You cannot delete provider configurations that are tied to keys. +::: + +## Helpful links + +- [key manager interface](https://github.com/opentdf/platform/blob/5221cf41079fc43a3966e17c6f3e0d3cf8a16730/service/trust/key_manager.go#L19). +- [NamedKeyManagerFactory](https://github.com/opentdf/platform/blob/5221cf41079fc43a3966e17c6f3e0d3cf8a16730/service/trust/key_manager.go#L49-L58) +- [KeyManagerFactory](https://github.com/opentdf/platform/blob/5221cf41079fc43a3966e17c6f3e0d3cf8a16730/service/trust/delegating_key_service.go#L39-L44) diff --git a/docs/components/policy/keymanagement/key_mappings.md b/docs/explanation/platform-architecture/components/policy/keymanagement/key_mappings.md similarity index 78% rename from docs/components/policy/keymanagement/key_mappings.md rename to docs/explanation/platform-architecture/components/policy/keymanagement/key_mappings.md index d394f7a0..2bdd99be 100644 --- a/docs/components/policy/keymanagement/key_mappings.md +++ b/docs/explanation/platform-architecture/components/policy/keymanagement/key_mappings.md @@ -1,6 +1,6 @@ --- sidebar_position: 1 -slug: /components/policy/keymanagement/key_mappings +slug: /explanation/platform-architecture/components/policy/keymanagement/key_mappings --- # Key mappings @@ -32,7 +32,7 @@ attribute definitions, you can also create mappings for namespaces and attribute values. ::: -1. First you will need to [create a key access server](https://github.com/opentdf/platform/blob/main/service/policy/kasregistry/key_access_server_registry.proto#L630) +1. First you will need to [create a key access server](https://github.com/opentdf/platform/blob/5221cf41079fc43a3966e17c6f3e0d3cf8a16730/service/policy/kasregistry/key_access_server_registry.proto#L59) OpenTDF CLI @@ -40,7 +40,7 @@ OpenTDF CLI otdfctl policy kas-registry create --uri http://example.com/kas --name example-kas ``` -2. Next, you will need to [create a key](https://github.com/opentdf/platform/blob/main/service/policy/kasregistry/key_access_server_registry.proto#L644) +2. Next, you will need to [create a key](https://github.com/opentdf/platform/blob/5221cf41079fc43a3966e17c6f3e0d3cf8a16730/service/policy/kasregistry/key_access_server_registry.proto#L379) OpenTDF CLI @@ -48,7 +48,7 @@ OpenTDF CLI otdfctl key create --key-id "rsa-key-1" --algorithm "rsa:2048" --mode "local" --kas "891cfe85-b381-4f85-9699-5f7dbfe2a9ab" --wrapping-key-id "virtru-stored-key" --wrapping-key "a8c4824daafcfa38ed0d13002e92b08720e6c4fcee67d52e954c1a6e045907d1" ``` -3. [create a namespace](https://github.com/opentdf/platform/blob/main/service/policy/namespaces/namespaces.proto#L180) +3. [create a namespace](https://github.com/opentdf/platform/blob/5221cf41079fc43a3966e17c6f3e0d3cf8a16730/service/policy/namespaces/namespaces.proto#L95) OpenTDF CLI @@ -56,7 +56,7 @@ OpenTDF CLI otdfctl policy attributes namespaces create --name opentdf.io ``` -4. [create an attribute](https://github.com/opentdf/platform/blob/main/service/policy/attributes/attributes.proto#L415) +4. [create an attribute](https://github.com/opentdf/platform/blob/5221cf41079fc43a3966e17c6f3e0d3cf8a16730/service/policy/attributes/attributes.proto#L116) OpenTDF CLI @@ -64,7 +64,7 @@ OpenTDF CLI otdfctl policy attributes create --namespace 3d25d33e-2469-4990-a9ed-fdd13ce74436 --name myattribute --rule ANY_OF ``` -5. [assign a key to an attribute](https://github.com/opentdf/platform/blob/main/service/policy/attributes/attributes.proto#L457) +5. [assign a key to an attribute](https://github.com/opentdf/platform/blob/5221cf41079fc43a3966e17c6f3e0d3cf8a16730/service/policy/attributes/attributes.proto#L356) OpenTDF CLI diff --git a/docs/components/policy/keymanagement/quickstart.md b/docs/explanation/platform-architecture/components/policy/keymanagement/quickstart.md similarity index 99% rename from docs/components/policy/keymanagement/quickstart.md rename to docs/explanation/platform-architecture/components/policy/keymanagement/quickstart.md index e7974cdb..98b5ec1f 100644 --- a/docs/components/policy/keymanagement/quickstart.md +++ b/docs/explanation/platform-architecture/components/policy/keymanagement/quickstart.md @@ -1,6 +1,6 @@ --- sidebar_position: 1 -slug: /components/policy/keymanagement/quickstart +slug: /explanation/platform-architecture/components/policy/keymanagement/quickstart --- # Quickstart for using the new key management architecture diff --git a/docs/explanation/platform-architecture/components/policy/obligations.md b/docs/explanation/platform-architecture/components/policy/obligations.md new file mode 100644 index 00000000..5822f79a --- /dev/null +++ b/docs/explanation/platform-architecture/components/policy/obligations.md @@ -0,0 +1,80 @@ +# Obligations + +Obligations are policy constructs that enable Policy Decision Point(PDP) - to - Policy Enforcement Point (PEP) directives that accompany a decision. They express additional controls the PEP should enforce—such as requiring MFA, applying watermarking, encrypting content, or limiting access by time. In effect, the PDP is saying “permit, provided these controls are enforced.” The PDP cannot compel or verify enforcement; it relies on the PEP to honor the obligations. +If the PEP cannot or will not enforce an obligation, it should decline to grant access. +## Composition + +An obligation consists of: + +1. A Namespace +2. A Definition +3. Values +4. Triggers + +Platform Policy Obligations can contain multiple Namespaces, each with multiple Definitions, and each Definition can have multiple Values. Each Value can have multiple Triggers. Each trigger can have an Action, Attribute Value, and PEP identifier (optional). Not specifying a PEP results in a global obligation that applies across *all* PEPs. + +```mermaid +graph LR; +%% Every definition is namespaced. +Namespace_A-->ObligationDefinition_A; + +%% Define definition and value A. +ObligationDefinition_A-->ObligationValue_A; + +%% Define triggers. +ObligationValue_A-->Trigger_A1 +Trigger_A1-->Action_A1 +Trigger_A1-->AttributeValue_A1 +Trigger_A1-->PEP_A + +ObligationValue_A-->Trigger_A2 +Trigger_A2-->Action_A2 +Trigger_A2-->AttributeValue_A2 + +%% Define definition and value B. +ObligationDefinition_A-->ObligationValue_B; + +%% Define triggers. +ObligationValue_B-->Trigger_B1 +Trigger_B1-->Action_B1 +Trigger_B1-->AttributeValue_B1 + +ObligationValue_B-->Trigger_B2 +Trigger_B2-->Action_B2 +Trigger_B2-->AttributeValue_B2 +Trigger_B2-->PEP_B +``` + +## Standard Obligations + +Standard Obligations are enforced by the Access PDP (Policy Decision Point) when validating whether an Entity of a specified Category can perform an Action on a given Resource. These obligations must be satisfied for access to be granted. + +A Standard Obligation includes: +- **Action**: The specific action being performed (READ, STORE, CREATE, UPDATE, DELETE) +- **Resource Attribute Value**: The data attribute for which this obligation is scoped +- **Obligation Value**: The required obligation value that must be satisfied + +### Examples of Standard Obligations: + +#### Watermarking +Ensure document traceability: +- **Obligation**: `https://example.com/obl/drm/value/watermarking` +- **Applied to**: sensitive documents +- **Condition**: PEP must apply watermark + +#### Prevent Download +Prevent download of plaintext content: +- **Obligation**: `https://example.com/obl/drm/value/no-download` +- **Applied to**: sensitive documents +- **Condition**: PEP must not allow download + +## FQN (Fully Qualified Name) Convention + +Obligations use a specific naming convention to distinguish them from attributes: + +- **Obligation Definition**: `/obl/` +- **Obligation Value**: `/obl//value/` + +For example: +- `https://example.com/obl/drm` (definition) +- `https://example.com/obl/drm/value/watermarking` (value) diff --git a/docs/components/policy/registered_resources.md b/docs/explanation/platform-architecture/components/policy/registered_resources.md similarity index 100% rename from docs/components/policy/registered_resources.md rename to docs/explanation/platform-architecture/components/policy/registered_resources.md diff --git a/docs/components/policy/resource_mappings.md b/docs/explanation/platform-architecture/components/policy/resource_mappings.md similarity index 88% rename from docs/components/policy/resource_mappings.md rename to docs/explanation/platform-architecture/components/policy/resource_mappings.md index e6f14a20..22096aec 100644 --- a/docs/components/policy/resource_mappings.md +++ b/docs/explanation/platform-architecture/components/policy/resource_mappings.md @@ -9,8 +9,12 @@ A Resource Mapping contains: The primary consumer of a Resource Mapping is a Policy Decision Point (PDP), which processes data, applies logic using the known terms, and relies on them to map the data to Attribute Values. By mapping a set of terms to a given attribute value, a Policy Enforcement Point (PEP) can properly apply the TDF to the resource data using the appropriate attribute values. +## Resource Mapping Groups + +Resource Mapping Groups allow you to group resource mappings together. This can be useful for organizing and managing your resource mappings. + # Examples Alice is a system administrator. She defines an Attribute definition called color with values like red, green, blue, purple, etc. For the Attribute Value `https://demo.com/attr/color/value/purple'`, she would define a Resource Mapping for processing data that may involve terms like `indigo`, `lilac`, `plum`, or `lavender`. -Bob is a system administrator in the US Department of Defense (DoD). Bob defines a hierarchical attribute called classification with values of `topsecret`, `secret`, `confidential`, and `unclassified`. He needs to create a resource mapping that defines a normalization of the various short forms and acronyms that map to each of these classification levels. For the `topsecret` attribute value, he might include terms like `ts`, `top secret`, and `top-secret`. Whereas for unclassified he might include `u`, `uc`, or other variations. +Bob is a system administrator in the US Department of Defense (DoD). Bob defines a hierarchical attribute called classification with values of `topsecret`, `secret`, `confidential`, and `unclassified`. He needs to create a resource mapping that defines a normalization of the various short forms and acronyms that map to each of these classification levels. For the `topsecret` attribute value, he might include terms like `ts`, `top secret`, and `top-secret`. Whereas for unclassified he might include `u`, `uc`, or other variations. \ No newline at end of file diff --git a/docs/components/policy/subject_mappings.md b/docs/explanation/platform-architecture/components/policy/subject_mappings.md similarity index 98% rename from docs/components/policy/subject_mappings.md rename to docs/explanation/platform-architecture/components/policy/subject_mappings.md index 5174b0b1..2611de9d 100644 --- a/docs/components/policy/subject_mappings.md +++ b/docs/explanation/platform-architecture/components/policy/subject_mappings.md @@ -18,7 +18,7 @@ e-->f(Attribute Value); A Subject Mapping consists of: -1. A mapped [Attribute Value](./attributes#values) +1. A mapped [Attribute Value](./attributes) 2. A mapped Subject Condition Set 3. One or more policy [Actions](./actions) diff --git a/docs/architecture.mdx b/docs/explanation/platform-architecture/index.md similarity index 77% rename from docs/architecture.mdx rename to docs/explanation/platform-architecture/index.md index 15655104..912a8d2a 100644 --- a/docs/architecture.mdx +++ b/docs/explanation/platform-architecture/index.md @@ -2,7 +2,7 @@ sidebar_position: 3 --- -# Architecture +# Platform Architecture OpenTDF is built on a flexible, service-oriented architecture designed for robust and fine-grained access control. The platform consists of four core components that work together to protect data throughout its lifecycle. This architecture aligns with the well-established [National Institute of Standards and Technology (NIST)](https://www.nist.gov) model for [Attribute-Based Access Control (ABAC)](https://csrc.nist.gov/projects/attribute-based-access-control), ensuring a standards-based and interoperable approach. @@ -46,37 +46,37 @@ graph TD class POLICY,AUTHZ,ERS,KAS opentdfService class ATTR_SOURCES,IDP,CLIENT externalSystem - click POLICY "components/policy/" "Go to Policy Service docs" - click AUTHZ "components/authorization" "Go to Authorization Service docs" - click ERS "components/entity_resolution" "Go to Entity Resolution Service docs" - click KAS "components/key_access" "Go to Key Access Server docs" + click POLICY "/explanation/platform-architecture/components/policy/" "Go to Policy Service docs" + click AUTHZ "/explanation/platform-architecture/components/authorization" "Go to Authorization Service docs" + click ERS "/explanation/platform-architecture/components/entity_resolution" "Go to Entity Resolution Service docs" + click KAS "/explanation/platform-architecture/components/key_access" "Go to Key Access Server docs" ``` -### [Policy Service](components/policy/) +### [Policy Service](/explanation/platform-architecture/components/policy/) The **Policy Service** is where all access control policies are defined and managed. It provides the tools and APIs to create a rich set of policies that govern data access. This includes not only attributes and their values, but also the definitions of **actions, obligations, and key access mappings**. In the context of the NIST ABAC model, the Policy Service functions as the **Policy Administration Point (PAP)**. -### [Authorization Service](components/authorization) +### [Authorization Service](/explanation/platform-architecture/components/authorization) The **Authorization Service** is the core decision-making engine of the platform. It is responsible for evaluating the rich policies from the Policy Service against a set of attributes to render an authorization decision. In the context of the NIST ABAC model, it functions as the **Policy Decision Point (PDP)**. -### [Entity Resolution Service (ERS)](components/entity_resolution) +### [Entity Resolution Service (ERS)](/explanation/platform-architecture/components/entity_resolution) The **Entity Resolution Service** is responsible for gathering the attributes about a subject needed for a decision. By default, it can derive attributes from claims in an authentication token. Optionally, it can be configured to connect to external attribute sources (LDAP, SQL) to "hydrate" the entity with more attributes. In the context of the NIST ABAC model, the ERS functions as the **Policy Information Point (PIP)**. -### [Key Access Server (KAS)](components/key_access) +### [Key Access Server (KAS)](/explanation/platform-architecture/components/key_access) The **Key Access Server (KAS)** enforces access control decisions. Its role is more extensive than a typical enforcement point: -- **Cryptographic Enforcement:** It enforces decisions by granting or withholding cryptographic keys for TDF decryption. -- **Encryption Enablement:** It manages key exchanges and enables various TDF encryption modes. +- **Cryptographic Enforcement:** It enforces decisions by granting or withholding cryptographic keys for TDF decryption. +- **Encryption Enablement:** It manages key exchanges and enables various TDF encryption modes. In the context of the NIST ABAC model, the KAS functions as the **Policy Enforcement Point (PEP)**. -Furthermore, the OpenTDF platform is designed for flexibility. Developers can **build and integrate their own custom PEPs**. These custom enforcement points can leverage the platform's robust Authorization (PDP) and Policy (PAP) services while implementing enforcement logic tailored to specific applications. These custom PEPs can also optionally interface with the KAS to take advantage of its powerful cryptographic capabilities. \ No newline at end of file +Furthermore, the OpenTDF platform is designed for flexibility. Developers can **build and integrate their own custom PEPs**. These custom enforcement points can leverage the platform's robust Authorization (PDP) and Policy (PAP) services while implementing enforcement logic tailored to specific applications. These custom PEPs can also optionally interface with the KAS to take advantage of its powerful cryptographic capabilities. diff --git a/docs/explanation/trusted-data-format/_category_.json b/docs/explanation/trusted-data-format/_category_.json new file mode 100644 index 00000000..7da2582f --- /dev/null +++ b/docs/explanation/trusted-data-format/_category_.json @@ -0,0 +1,8 @@ +{ + "label": "Trusted Data Format", + "position": 2, + "link": { + "type": "generated-index", + "description": "Learn how the Trusted Data Format (TDF) cryptographically binds access control policies to data objects." + } +} \ No newline at end of file diff --git a/docs/explanation/trusted-data-format/cryptographic-binding.md b/docs/explanation/trusted-data-format/cryptographic-binding.md new file mode 100644 index 00000000..5a81988b --- /dev/null +++ b/docs/explanation/trusted-data-format/cryptographic-binding.md @@ -0,0 +1,300 @@ +# Cryptographic Binding in TDF + +Cryptographic binding is the core innovation that makes TDF files self-protecting. Unlike traditional approaches where access controls exist separately from data, TDF cryptographically links policies directly to encrypted data, ensuring that security travels wherever the data goes. + +## What is Cryptographic Binding? + +Cryptographic binding means that access policies are mathematically tied to encrypted data through cryptographic mechanisms. The policy cannot be separated from the data without breaking the encryption, and the data cannot be decrypted without satisfying the policy requirements. + +```mermaid +graph TD + subgraph "Traditional Approach" + DATA1[📄 Plaintext Data] + POLICY1[📋 Separate Policy] + STORAGE1[💾 File System ACLs] + + DATA1 -.-> STORAGE1 + POLICY1 -.-> STORAGE1 + end + + subgraph "TDF Cryptographic Binding" + DATA2[🔒 Encrypted Payload] + POLICY2[📋 Embedded Policy] + MANIFEST[📜 Signed Manifest] + + POLICY2 --> MANIFEST + DATA2 --> MANIFEST + MANIFEST -.-> TDF[🔐 TDF Container] + end + + classDef traditional fill:#FFE4B5,stroke:#DEB887 + classDef tdf fill:#87CEEB,stroke:#4682B4,stroke-width:2px + + class DATA1,POLICY1,STORAGE1 traditional + class DATA2,POLICY2,MANIFEST,TDF tdf +``` + +## How Cryptographic Binding Works + +### 1. **Policy Integration During Encryption** + +When a TDF file is created, the access policy becomes an integral part of the encryption process: + +```mermaid +sequenceDiagram + participant App as Application + participant SDK as OpenTDF SDK + participant Policy as Policy Object + participant Crypto as Cryptographic Engine + participant TDF as TDF File + + App->>SDK: encrypt(data, policy) + SDK->>Policy: embed policy in manifest + SDK->>Crypto: generate data encryption key (DEK) + Crypto->>Crypto: encrypt data with DEK + SDK->>Policy: reference policy in key access info + SDK->>TDF: create TDF container + + Note over Policy,Crypto: Policy controls key access + Note over TDF: Policy travels with encrypted data +``` + +### 2. **Key Splitting and Policy Enforcement** + +TDF uses a split-key approach where the data encryption key (DEK) is protected by both cryptographic wrapping and policy enforcement: + +```yaml +# TDF Manifest Structure (simplified) +manifest: + encryptionInformation: + type: "split" + keyAccess: + - type: "wrapped" + url: "https://kas.example.com" + protocol: "kas" + wrappedKey: "encrypted_dek_material" + policy: + uuid: "policy-12345" + body: + dataAttributes: + - "https://example.com/attr/classification/secret" + dissem: + - "user@example.com" +``` + +The wrapped key can only be unwrapped by the Key Access Server (KAS) after policy validation. + +### 3. **Cryptographic Verification Chain** + +Every TDF access involves multiple cryptographic verifications: + +```mermaid +graph TD + USER[👤 User Request] --> TDF[🔐 TDF File] + TDF --> VERIFY1{Verify TDF Integrity} + VERIFY1 --> POLICY[📋 Extract Policy] + POLICY --> KAS[🔑 Key Access Server] + KAS --> VERIFY2{Verify User Claims} + VERIFY2 --> AUTHZ[⚖️ Authorization Decision] + AUTHZ --> VERIFY3{Policy Satisfied?} + VERIFY3 -->|Yes| UNWRAP[🔓 Unwrap DEK] + VERIFY3 -->|No| DENY[❌ Access Denied] + UNWRAP --> DECRYPT[🔍 Decrypt Data] + + classDef verify fill:#FFE4B5,stroke:#DAA520 + classDef success fill:#98FB98,stroke:#228B22 + classDef failure fill:#FFB6C1,stroke:#DC143C + + class VERIFY1,VERIFY2,VERIFY3 verify + class UNWRAP,DECRYPT success + class DENY failure +``` + +## Types of Cryptographic Binding + +### **Strong Binding (Default)** +- Policy embedded directly in TDF manifest +- Signed manifest ensures integrity +- Cannot modify policy without invalidating TDF +- Suitable for most security-sensitive use cases + +### **Remote Policy Binding** +- Policy UUID embedded in TDF, actual policy stored remotely +- Allows for policy updates without re-encryption +- Requires secure policy server infrastructure +- Used for dynamic policy scenarios + +### **Hybrid Binding** +- Core policy embedded, with references to external policy extensions +- Balances security with flexibility +- Common for complex organizational policies + +## Security Properties + +### **Integrity Protection** + +TDF manifest is cryptographically signed, ensuring: +- **Policy tampering detection**: Any modification to embedded policies is detected +- **Manifest authenticity**: Verification that TDF came from authorized source +- **Version control**: Prevents downgrade attacks on policy versions + +```json +{ + "manifest": { + "payload": { + "type": "reference", + "url": "payload.bin", + "protocol": "zip", + "isEncrypted": true + }, + "encryptionInformation": {...}, + "policy": {...} + }, + "signature": { + "algorithm": "HS256", + "keyAccess": {...}, + "sig": "cryptographic_signature_here" + } +} +``` + +### **Replay Attack Prevention** + +Each TDF contains unique cryptographic material: +- **Unique DEKs**: Each TDF encrypted with unique data encryption key +- **Nonce values**: Prevent cryptographic replay attacks +- **Temporal binding**: Policies can include time-based restrictions + +### **Forward Security** + +Key management designed for forward security: +- **Key rotation**: Regular rotation of key encryption keys (KEKs) +- **Revocation support**: Ability to invalidate specific TDF access +- **Perfect forward secrecy**: Compromise of long-term keys doesn't affect past sessions + +## Implementation Details + +### **Key Wrapping Process** + +1. **Generate DEK**: Create unique symmetric key for data encryption +2. **Encrypt data**: Use DEK to encrypt actual payload +3. **Wrap DEK**: Encrypt DEK with KAS public key +4. **Policy association**: Link wrapped DEK to specific policy requirements +5. **Manifest creation**: Embed all information in signed manifest + +### **Policy Evaluation Integration** + +The cryptographic binding ensures policy evaluation is mandatory: + +```python +# Pseudocode for TDF decryption +def decrypt_tdf(tdf_file, user_context): + manifest = extract_and_verify_manifest(tdf_file) + + # Cryptographic binding ensures this step cannot be bypassed + policy = manifest.policy + key_access_info = manifest.encryption_info.key_access + + # Policy evaluation required for key unwrapping + decision = evaluate_policy(policy, user_context) + if not decision.permit: + raise AccessDeniedException(decision.reason) + + # Only after policy satisfaction can key be unwrapped + dek = request_key_unwrap(key_access_info, user_context, decision) + + # Finally decrypt data + return decrypt_payload(tdf_file.payload, dek) +``` + +## Advanced Binding Techniques + +### **Multi-Authority Binding** + +For high-security scenarios, TDF can require approval from multiple authorities: + +```yaml +keyAccess: + - type: "wrapped" + url: "https://kas1.example.com" # Authority 1 + policy: "classification_policy" + - type: "wrapped" + url: "https://kas2.example.com" # Authority 2 + policy: "need_to_know_policy" + +# Requires BOTH authorities to approve access +splitPolicy: "all_required" +``` + +### **Hierarchical Policy Binding** + +Policies can reference parent policies for organizational hierarchies: + +```yaml +policy: + uuid: "project_alpha_secret" + inherits: + - "organizational_base_policy" + - "project_alpha_policy" + overrides: + - attribute: "classification" + value: "secret" +``` + +### **Conditional Cryptographic Binding** + +Policies can specify different cryptographic requirements based on context: + +```yaml +encryptionPolicy: + default: + algorithm: "AES-256-GCM" + keySize: 256 + highSecurity: + when: + - classification: "top_secret" + algorithm: "AES-256-GCM" + keySize: 256 + additionalProtection: "HSM_required" +``` + +## Benefits Over Traditional Approaches + +### **Tamper Evidence** +- Any modification to policy or binding detected through signature verification +- Cryptographic proof of policy violations +- Immutable audit trail of access decisions + +### **Zero Trust Data** +- No reliance on network perimeter security +- Data protection independent of storage location +- Works equally well in untrusted environments + +### **Scalable Policy Enforcement** +- No need for complex access control infrastructure at every storage location +- Policy decisions centralized but enforcement distributed +- Consistent policy application across heterogeneous environments + +## Limitations and Considerations + +### **Key Management Complexity** +- Requires robust key management infrastructure +- Key escrow and recovery procedures needed +- Operational complexity higher than simple encryption + +### **Performance Considerations** +- Additional cryptographic operations during access +- Network calls to policy decision points +- Caching strategies needed for acceptable performance + +### **Policy Update Challenges** +- Strong binding means policy changes may require re-encryption +- Remote policy binding trades security for flexibility +- Version control and migration strategies essential + +## Next Steps + +- Understand the differences between [TDF and NanoTDF formats](tdf-vs-nanotdf) +- Learn about the complete [TDF lifecycle](tdf-lifecycle) from creation to consumption +- Explore [platform architecture](/explanation/platform-architecture) supporting cryptographic binding +- Try creating cryptographically bound TDF files in our [hands-on tutorial](/tutorials/your-first-tdf) \ No newline at end of file diff --git a/docs/explanation/trusted-data-format/format-variants-and-standards.md b/docs/explanation/trusted-data-format/format-variants-and-standards.md new file mode 100644 index 00000000..365bf1c5 --- /dev/null +++ b/docs/explanation/trusted-data-format/format-variants-and-standards.md @@ -0,0 +1,318 @@ +# TDF Format Variants and Standards + +OpenTDF is part of a broader ecosystem of Trusted Data Format specifications developed by different organizations for various security contexts. Understanding how these formats relate helps organizations choose the right format and ensure interoperability across different security domains. + +## The TDF Family Tree + +```mermaid +graph TD + IC[IC-TDF
Intelligence Community
XML-based] + BASE[BASE-TDF
Base Specification
XML-based] + OPEN[OpenTDF
Open Source
JSON-based] + ZTDF[ZTDF
NATO/ACP-240
JSON-based] + + IC --> BASE + IC --> OPEN + OPEN --> ZTDF + + classDef legacy fill:#FFA07A,stroke:#FF4500 + classDef modern fill:#87CEEB,stroke:#4682B4 + classDef nato fill:#98FB98,stroke:#228B22 + + class IC,BASE legacy + class OPEN modern + class ZTDF nato +``` + +## Format Overview + +| **Format** | **Organization** | **Encoding** | **Primary Use Case** | **Status** | +|------------|------------------|--------------|---------------------|------------| +| **IC-TDF** | US Intelligence Community | XML | Classified information sharing | Legacy/Active | +| **BASE-TDF** | US Intelligence Community | XML | Base specification for IC-TDF | Active | +| **OpenTDF** | Open Source Community | JSON | Modern data-centric security | Active | +| **ZTDF** | NATO (ACP-240) | JSON | Coalition/Allied information sharing | Active | + +## IC-TDF: Intelligence Community Trusted Data Format + +### Overview + +IC-TDF is the **original Trusted Data Format specification** developed by the U.S. Intelligence Community (IC). It established the foundational concepts of binding access control policies cryptographically to encrypted data. + +### Key Characteristics + +- **XML-based manifest structure**: Uses XML encoding for policy and metadata +- **IC-specific attributes**: Designed for intelligence community classification and dissemination controls +- **Mature standard**: Battle-tested in classified environments since its introduction +- **Federated key management**: Supports multi-agency key access controls + +### Typical Use Cases + +- Classified document protection across IC agencies +- Intelligence sharing between allied intelligence services +- Compartmented information handling (SCI, SAP, etc.) +- Cross-domain solution (CDS) implementations + +### Relationship to OpenTDF + +OpenTDF **modernizes the core concepts** established by IC-TDF: + +- Replaces XML with **JSON** for better web technology integration +- Maintains cryptographic binding principles +- Preserves ABAC (Attribute-Based Access Control) model +- Adds support for modern cloud-native architectures + +Organizations migrating from IC-TDF to OpenTDF benefit from: +- Easier integration with modern applications +- Better tooling and developer experience +- Maintained security principles and trust model +- Potential interoperability bridges (contact support@opentdf.io for details) + +## BASE-TDF: Base Specification + +### Overview + +**BASE-TDF** (Trusted Data Format - Base) provides detailed implementation guidance for using XML to encode TDF data within the Intelligence Community. It serves as the foundational specification that IC-TDF implementations build upon. + +### Key Characteristics + +- **XML Data Encoding Specification**: Defines precise XML schemas and encoding rules +- **Reference implementation guidance**: Provides detailed technical requirements +- **Standards compliance**: Aligns with IC data standards and security requirements +- **No proprietary technology**: Freely available specification with no patent restrictions + +### Maintained By + +The Office of the Director of National Intelligence (ODNI) maintains BASE-TDF as part of the IC Technical Specifications. + +### Relationship to OpenTDF + +BASE-TDF and OpenTDF serve similar roles in different communities: + +| **Aspect** | **BASE-TDF** | **OpenTDF** | +|------------|--------------|-------------| +| **Community** | Intelligence Community | Open Source / Commercial | +| **Encoding** | XML | JSON | +| **Governance** | ODNI | OpenTDF Community | +| **Access** | IC Technical Specifications | Public GitHub repository | +| **Focus** | IC compliance requirements | Modern interoperability | + +## ZTDF: Zero Trust Data Format (ACP-240) + +### Overview + +**ZTDF** (Zero Trust Data Format) is a NATO-standardized format defined by **Allied Communication Publication (ACP) 240**. It builds directly upon the OpenTDF specification while adding specific requirements for NATO and Five Eyes (FVEY) coalition information sharing. + +### Key Characteristics + +- **Based on OpenTDF**: Uses JSON-based OpenTDF as its foundation +- **Mandatory cryptographic assertions**: Requires additional cryptographic bindings for NATO use cases +- **Coalition focus**: Designed for secure sharing across allied nations +- **Zero Trust principles**: Aligns with NATO's Zero Trust architecture requirements +- **Standardized by CCEB**: Developed under Combined Communications-Electronics Board sponsorship + +### ACP-240 Requirements + +ACP-240 extends OpenTDF by mandating: + +1. **Enhanced cryptographic assertions**: Additional binding requirements for policy integrity +2. **NATO attribute schema**: Standardized attribute definitions for coalition use +3. **Interoperability requirements**: Specific implementation requirements for allied systems +4. **Audit and logging standards**: Enhanced audit trail requirements for coalition environments + +### Adoption Status + +- **Adopted by NATO**: Official NATO standard for data-centric security +- **U.S. Joint Chiefs of Staff**: Being adopted for coalition operations +- **Allied nations**: Active deployment across Five Eyes and NATO partners +- **Validated in operations**: Proven in exercises like Operation HIGHMAST + +### Relationship to OpenTDF + +ZTDF is a **superset of OpenTDF**: + +```mermaid +graph LR + subgraph "ZTDF (ACP-240)" + ZTDF_CORE[OpenTDF Core
JSON manifest, ABAC, encryption] + ZTDF_EXT[NATO Extensions
Mandatory assertions, coalition attributes] + + ZTDF_CORE --> ZTDF_EXT + end + + classDef opentdf fill:#87CEEB,stroke:#4682B4 + classDef nato fill:#98FB98,stroke:#228B22 + + class ZTDF_CORE opentdf + class ZTDF_EXT nato +``` + +**Key implications**: +- **Forward compatible**: OpenTDF implementations can be extended to support ZTDF +- **Subset compatibility**: Not all OpenTDF files are ZTDF-compliant (missing mandatory assertions) +- **Implementation pathway**: Organizations can start with OpenTDF and add ZTDF requirements as needed + +## Format Selection Guide + +### Choose IC-TDF / BASE-TDF When: + +- Working within the U.S. Intelligence Community +- Handling classified information requiring IC-specific controls +- Integrating with existing IC-TDF infrastructure +- Subject to IC compliance requirements (ICD 503, etc.) + +### Choose OpenTDF When: + +- Building modern, cloud-native applications +- Need open source, community-driven standard +- Want flexibility without military/IC-specific requirements +- Require broad ecosystem of SDKs and tools +- Commercial or open source project requirements + +### Choose ZTDF (ACP-240) When: + +- Sharing information across NATO allies +- Five Eyes coalition collaboration requirements +- Subject to ACP-240 compliance mandates +- Participating in coalition operations +- Need NATO-validated data security standard + +## Interoperability Considerations + +### Cross-Format Compatibility + +```mermaid +graph TD + IC[IC-TDF/BASE-TDF] -.->|Migration
Path| OPEN[OpenTDF] + OPEN -->|Extend with
Assertions| ZTDF[ZTDF] + ZTDF -.->|Subset| OPEN + + classDef legacy fill:#FFA07A,stroke:#FF4500 + classDef modern fill:#87CEEB,stroke:#4682B4 + classDef nato fill:#98FB98,stroke:#228B22 + + class IC legacy + class OPEN modern + class ZTDF nato +``` + +### Migration Strategies + +#### IC-TDF → OpenTDF +- **Policy translation**: Convert XML policies to JSON ABAC format +- **Attribute mapping**: Map IC attributes to OpenTDF attribute schema +- **Re-encryption**: Payload must be re-encrypted in new format +- **Validation**: Ensure policy equivalence after migration + +**Considerations**: Contact support@opentdf.io for interoperability guidance with legacy IC-TDF formats. + +#### OpenTDF → ZTDF +- **Assertion addition**: Add mandatory NATO cryptographic assertions +- **Attribute alignment**: Ensure attributes conform to ACP-240 schema +- **Validation**: Verify compliance with ZTDF specification +- **Testing**: Validate with ZTDF-compliant implementations + +**Implementation**: OpenTDF provides a foundation; ZTDF compliance requires additional implementation work to meet ACP-240 requirements. + +### Hybrid Deployments + +Many organizations operate in multiple security domains: + +```mermaid +graph TD + subgraph "Intelligence Operations" + IC_DOCS[Classified Documents] --> IC_TDF[IC-TDF] + end + + subgraph "Commercial Operations" + COMMERCIAL[Business Data] --> OPENTDF[OpenTDF] + end + + subgraph "Coalition Operations" + COALITION[Allied Sharing] --> ZTDF[ZTDF/ACP-240] + end + + subgraph "OpenTDF Platform" + KAS[Key Access Service] + POLICY[Policy Service] + end + + IC_TDF -.->|Gateway| KAS + OPENTDF --> KAS + ZTDF --> KAS + + IC_TDF -.->|Gateway| POLICY + OPENTDF --> POLICY + ZTDF --> POLICY +``` + +## Standards Bodies and Governance + +| **Format** | **Governing Body** | **Specification Access** | +|------------|-------------------|-------------------------| +| **IC-TDF** | ODNI / IC CIO | [DNI Technical Specifications](https://www.dni.gov/index.php/who-we-are/organizations/ic-cio/ic-technical-specifications/trusted-data-format) | +| **BASE-TDF** | ODNI / IC CIO | [DNI Technical Specifications](https://www.dni.gov/index.php/who-we-are/organizations/ic-cio/ic-technical-specifications/trusted-data-format-base) | +| **OpenTDF** | OpenTDF Community | [GitHub Repository](https://github.com/opentdf/spec) | +| **ZTDF (ACP-240)** | NATO / CCEB | Contact NATO or national defense channels | + +## Implementation Support + +### OpenTDF Ecosystem + +OpenTDF provides comprehensive implementation support: + +- **Open specification**: Publicly available on GitHub +- **Reference implementations**: Platform and SDKs (Java, JavaScript, Go) +- **Community support**: Active open source community +- **Commercial support**: Available from ecosystem partners + +### ZTDF / ACP-240 Implementation + +Organizations implementing ZTDF/ACP-240 should: + +1. **Start with OpenTDF**: Use OpenTDF as the foundation +2. **Understand ACP-240 requirements**: Review NATO specification for mandatory assertions +3. **Add ZTDF extensions**: Implement required cryptographic assertions +4. **Validate compliance**: Test against ZTDF validation tools +5. **Engage with coalition**: Coordinate with allied partners for interoperability + +### IC-TDF Interoperability + +Organizations needing IC-TDF interoperability: + +- **Contact OpenTDF**: Email support@opentdf.io for guidance +- **Gateway solutions**: Explore format translation gateways +- **Attribute mapping**: Work with IC to map attribute schemas +- **Security review**: Ensure cross-domain security requirements are met + +## Future Evolution + +The TDF format family continues to evolve: + +### Convergence Trends +- **JSON adoption**: Movement toward JSON-based formats (OpenTDF, ZTDF) +- **Modern cryptography**: Support for post-quantum cryptographic algorithms +- **Cloud-native features**: Enhanced support for cloud and edge environments +- **Streaming optimizations**: Improved formats for real-time data (NanoTDF) + +### Emerging Standards +- **Post-quantum TDF**: Quantum-resistant cryptographic bindings +- **Confidential computing integration**: TEE and SGX support +- **AI/ML data protection**: Specialized features for ML model and training data protection + +## Next Steps + +- Learn about [OpenTDF's core concepts](index.md) +- Understand [TDF vs NanoTDF](tdf-vs-nanotdf.md) format differences +- Explore the [TDF lifecycle](tdf-lifecycle.md) +- Review the [OpenTDF specification](/reference/trusted-data-format/specifications/) +- Try [your first TDF](/tutorials/your-first-tdf) implementation + +## Sources + +- [DNI: Trusted Data Format](https://www.dni.gov/index.php/who-we-are/organizations/ic-cio/ic-technical-specifications/trusted-data-format) +- [DNI: Trusted Data Format - Base](https://www.dni.gov/index.php/who-we-are/organizations/ic-cio/ic-technical-specifications/trusted-data-format-base) +- [OpenTDF Specification](https://github.com/opentdf/spec) +- [Wikipedia: Trusted Data Format](https://en.wikipedia.org/wiki/Trusted_Data_Format) + +For questions about format interoperability or ZTDF/ACP-240 compliance, contact [support@opentdf.io](mailto:support@opentdf.io). diff --git a/docs/explanation/trusted-data-format/history-and-standards.md b/docs/explanation/trusted-data-format/history-and-standards.md new file mode 100644 index 00000000..db3fdc1a --- /dev/null +++ b/docs/explanation/trusted-data-format/history-and-standards.md @@ -0,0 +1,391 @@ +# TDF History and Standards Landscape + +## Overview + +The Trusted Data Format (TDF) is a family of specifications for protecting sensitive data through cryptographic binding of access policies to encrypted content. This page explores the evolution of TDF, the relationship between different TDF standards, and how OpenTDF fits into the broader ecosystem. + +--- + +## Timeline of TDF Evolution + +### Early Origins (2010s) + +The concept of cryptographically binding policies to data emerged from the need for data-centric security—protecting data itself rather than just the perimeters around it. Traditional security models failed when data moved beyond organizational boundaries (cloud, partners, mobile devices). + +Key insights driving TDF development: + +- **Persistent Protection**: Encryption alone isn't enough; policies must travel with data +- **Dynamic Enforcement**: Access policies should be updatable without re-encrypting data +- **Zero Trust**: Data should be protected regardless of network location +- **Fine-Grained Control**: Policies should support attribute-based access control (ABAC) + +### BASE-TDF: The Foundation + +BASE-TDF (Baseline TDF) established the core specification for trusted data formats: + +- **Policy Binding**: Cryptographically bind policies to encrypted data objects +- **Key Access Objects (KAOs)**: Embed key access policies within the encrypted container +- **Split Key Architecture**: Separate data encryption keys from policy enforcement +- **Manifest Structure**: Standardize TDF container format + +BASE-TDF provided a vendor-neutral specification enabling interoperability across implementations. + +### IC-TDF: Intelligence Community Variant + +The U.S. Intelligence Community adapted TDF for classified information protection: + +- **Enhanced Security Controls**: Additional cryptographic requirements +- **Classification Markings**: Support for security classification levels +- **Cross-Domain Solutions**: Enable secure information sharing across security domains +- **Audit and Compliance**: Enhanced logging and audit capabilities + +IC-TDF extended BASE-TDF with government-specific requirements while maintaining core compatibility. + +### ZTDF/ACP-240: Zero Trust Data Format + +ZTDF (also known as ACP-240) represents NATO's standardization effort for data-centric security: + +- **NATO Interoperability**: Enable secure data sharing across NATO members +- **Zero Trust Architecture**: Align with modern zero trust security principles +- **Standardization**: Formal NATO specification process +- **Coalition Operations**: Support multi-national information sharing + +ZTDF builds on lessons learned from BASE-TDF and IC-TDF, with focus on international interoperability. + +### OpenTDF: Open Source Implementation + +OpenTDF is an open-source implementation of TDF principles: + +- **Open Source**: Apache 2.0 licensed, community-driven +- **Modern Architecture**: Cloud-native, microservices-based +- **Extensible**: Plugin architecture for custom integrations +- **Standards-Based**: Implements core TDF specifications +- **Developer-Friendly**: SDKs for multiple languages, comprehensive APIs + +OpenTDF aims to make data-centric security accessible to any organization. + +--- + +## TDF Format Family + +### Format Comparison + +| Aspect | BASE-TDF | IC-TDF | ZTDF/ACP-240 | OpenTDF | +|--------|----------|---------|--------------|---------| +| **Scope** | Commercial, general use | U.S. Intelligence Community | NATO coalition | Open source implementation | +| **Governance** | Industry consortium | IC standards body | NATO | Open source community | +| **Classification Support** | Basic | Advanced (IC markings) | NATO classifications | Configurable | +| **Cryptography** | Standard algorithms | IC-approved algorithms | NATO-approved algorithms | Configurable | +| **Interoperability** | Baseline spec | Extends BASE-TDF | Extends BASE-TDF | Compatible with BASE-TDF | +| **Licensing** | Specification license | Government | NATO | Apache 2.0 | +| **Use Cases** | Enterprise data protection | Classified info sharing | Coalition operations | General data protection | +| **Maturity** | Established | Mature | Emerging | Active development | + +### Format Capabilities Comparison + +#### BASE-TDF Features + +- ✅ Policy binding to encrypted data +- ✅ Key Access Objects (KAOs) +- ✅ Split key encryption +- ✅ Manifest structure +- ✅ ABAC support +- ❌ Advanced classification markings +- ❌ Cross-domain solutions +- ❌ Government-specific controls + +#### IC-TDF Additional Features + +- ✅ All BASE-TDF features +- ✅ IC classification markings +- ✅ Cross-domain guard integration +- ✅ Enhanced audit logging +- ✅ Sanitization controls +- ✅ IC-approved crypto algorithms +- ❌ NATO interoperability (not primary focus) + +#### ZTDF/ACP-240 Additional Features + +- ✅ BASE-TDF compatibility +- ✅ NATO classification scheme +- ✅ Multi-national interoperability +- ✅ Zero trust architecture alignment +- ✅ Coalition data sharing +- ✅ Federated policy management +- ⚠️ Emerging standard (under development) + +#### OpenTDF Features + +- ✅ BASE-TDF compatible +- ✅ Open source (Apache 2.0) +- ✅ Cloud-native architecture +- ✅ RESTful APIs +- ✅ Multiple SDK languages +- ✅ Plugin architecture +- ✅ Modern ABAC engine +- ✅ Configurable cryptography +- ⚠️ IC-TDF/ZTDF features can be configured but not built-in + +--- + +## Relationship Between Formats + +```mermaid +graph TB + BASE[BASE-TDF
Foundation Spec] + IC[IC-TDF
Intelligence Community] + ZTDF[ZTDF/ACP-240
NATO Standard] + OpenTDF[OpenTDF
Open Source] + + BASE -.->|extends| IC + BASE -.->|builds on| ZTDF + BASE -.->|implements| OpenTDF + + BASE --> Principles[Shared Principles:
• Cryptographic Policy Binding
• Split Key Architecture
• Manifest-Based
• ABAC Support
• Key Access Objects] + + IC --> ICFeatures[IC Features:
• IC Classifications
• Suite B Crypto
• Cross-Domain] + + ZTDF --> ZTDFFeatures[ZTDF Features:
• NATO Classifications
• Coalition Sharing
• Federated Policy] + + OpenTDF --> OpenFeatures[OpenTDF Features:
• Open Source
• Cloud Native
• Multiple SDKs
• Configurable] + + style BASE fill:#e1f5ff + style IC fill:#ffe1e1 + style ZTDF fill:#e1ffe1 + style OpenTDF fill:#f0e1ff +``` + +### Shared Principles + +All TDF formats share foundational principles: + +1. **Cryptographic Policy Binding**: Policies are cryptographically bound to data +2. **Split Key Architecture**: Separate encryption keys from policy enforcement +3. **Manifest-Based**: Structured container format with embedded metadata +4. **ABAC Support**: Attribute-based access control for fine-grained policies +5. **Key Access Objects**: Encapsulate key access policies within TDF + +### Where They Diverge + +#### Cryptographic Requirements + +- **BASE-TDF**: Flexible algorithm selection +- **IC-TDF**: Mandates IC-approved algorithms (Suite B, Commercial National Security Algorithm Suite) +- **ZTDF**: Specifies NATO-approved cryptography +- **OpenTDF**: Configurable, supports modern algorithms (AES-256-GCM, etc.) + +#### Classification and Marking + +- **BASE-TDF**: Generic attribute-based policies +- **IC-TDF**: Supports IC classification markings, portion marking, banner lines +- **ZTDF**: NATO classification scheme (COSMIC, FOCAL, etc.) +- **OpenTDF**: Flexible attribute namespaces (can represent any classification scheme) + +#### Policy Administration + +- **BASE-TDF**: Specification doesn't dictate policy service implementation +- **IC-TDF**: Integrates with IC policy infrastructure +- **ZTDF**: Supports federated policy across NATO members +- **OpenTDF**: Centralized policy service with extensible architecture + +#### Audit and Compliance + +- **BASE-TDF**: Basic audit requirements +- **IC-TDF**: Enhanced audit trail for IC compliance +- **ZTDF**: NATO compliance and audit requirements +- **OpenTDF**: Configurable audit logging and event streaming + +### Interoperability Considerations + +#### BASE-TDF as Common Ground + +BASE-TDF serves as the lowest common denominator for interoperability: + +- **OpenTDF can decrypt BASE-TDF**: If encryption algorithms are supported +- **IC-TDF is a superset**: IC-TDF includes BASE-TDF structures +- **ZTDF builds on BASE-TDF**: Core structures remain compatible + +#### Cross-Format Challenges + +1. **Cryptographic Algorithms**: Different formats may mandate different algorithms +2. **Policy Semantics**: Attribute namespaces and policy rules may differ +3. **Metadata Extensions**: Format-specific extensions may not be understood by other implementations +4. **Key Management**: KAS implementations may have different capabilities + +#### OpenTDF Interoperability Strategy + +OpenTDF aims for broad interoperability: + +- **BASE-TDF Compatibility**: OpenTDF can create and consume BASE-TDF-compliant objects +- **Configurable Crypto**: Support IC-approved and NATO-approved algorithms through configuration +- **Extensible Attributes**: Namespace system supports any attribute scheme (IC, NATO, custom) +- **Plugin Architecture**: Custom plugins can handle format-specific requirements + +--- + +## When to Use Which Format + +### Use BASE-TDF When... + +- Building commercial data protection solutions +- Need vendor neutrality and broad ecosystem support +- Interoperability across multiple implementations is required +- No specific government requirements + +**Example Use Cases**: +- Enterprise data loss prevention +- Cloud data protection +- Partner/vendor data sharing +- Healthcare information exchange + +--- + +### Use IC-TDF When... + +- Working with U.S. classified information +- Must comply with IC security policies +- Integrating with IC infrastructure (cross-domain solutions, guards) +- Require IC-approved cryptography + +**Example Use Cases**: +- Classified intelligence sharing +- Defense programs handling classified data +- Cross-domain data transfer +- IC cloud environments + +--- + +### Use ZTDF/ACP-240 When... + +- NATO coalition operations +- Multi-national information sharing +- Must comply with NATO security standards +- Interoperability across NATO member nations + +**Example Use Cases**: +- NATO military operations +- Coalition intelligence sharing +- NATO partner collaboration +- Allied defense programs + +--- + +### Use OpenTDF When... + +- Need open-source solution with community support +- Want full control over implementation +- Require modern, cloud-native architecture +- Building custom data protection solutions +- Need flexibility and extensibility + +**Example Use Cases**: +- Startups building data protection products +- Enterprises wanting self-hosted solutions +- Development teams needing flexible SDKs +- Organizations requiring custom integrations +- SaaS platforms protecting customer data + +--- + +## Standards Bodies & Governance + +### BASE-TDF Governance + +- **Maintainers**: Industry consortium (historically Virtru, other vendors) +- **Process**: Vendor collaboration, public specification +- **Contributions**: Typically through member organizations +- **Licensing**: Specification available under permissive license + +### IC-TDF Governance + +- **Maintainers**: U.S. Intelligence Community (IC ITE, NSA, others) +- **Process**: Government standards process +- **Contributions**: Limited to IC participants +- **Licensing**: Government specification (public domain or government license) + +### ZTDF/ACP-240 Governance + +- **Maintainers**: NATO Standardization Office (NSO) +- **Process**: NATO Allied Communications Publication (ACP) process +- **Contributions**: NATO member nations and partners +- **Licensing**: NATO publication (restricted or public depending on classification) + +### OpenTDF Governance + +- **Maintainers**: OpenTDF open source community +- **Process**: Open source contribution model (GitHub, RFC process) +- **Contributions**: Open to anyone (CLA required) +- **Licensing**: Apache 2.0 (code), Creative Commons (documentation) + +--- + +## Roadmap and Future Work + +### OpenTDF Future Directions + +**Near-Term**: +- Enhanced ABAC features (resource mappings, delegation) +- Performance optimizations (key caching, batch operations) +- Additional SDK languages (Rust, C#) +- Improved observability (metrics, tracing) + +**Medium-Term**: +- Federation support (multi-tenant, cross-organization) +- Advanced cryptography (post-quantum algorithms, homomorphic encryption) +- Format extensions (streaming TDF, large object support) +- Standards certification (FIPS, Common Criteria) + +**Long-Term**: +- Full IC-TDF compatibility mode +- ZTDF/ACP-240 implementation +- Decentralized policy management (blockchain-based) +- AI/ML-driven policy recommendations + +### Industry Trends + +- **Zero Trust Adoption**: Growing recognition that data must protect itself +- **Quantum-Safe Crypto**: Preparing for post-quantum cryptography +- **Privacy Regulations**: GDPR, CCPA driving data-centric security demand +- **Cloud-Native**: Shift toward microservices and cloud architectures +- **Open Source**: Preference for transparent, community-driven security solutions + +--- + +## Further Reading + +### Specifications + +- [OpenTDF Specification](../../reference/trusted-data-format/specifications/): Detailed TDF format specification +- [Cryptographic Binding](../trusted-data-format/cryptographic-binding/): How policies are cryptographically enforced + +### Architecture + +- [Platform Architecture](../platform-architecture/index.md): How OpenTDF services work together +- [ABAC and Policy](../abac-and-policy/index.md): Attribute-based access control in OpenTDF + +### Tutorials + +- [Your First TDF](../../tutorials/your-first-tdf/index.mdx): Hands-on introduction to creating TDFs + +### Community + +- [OpenTDF GitHub](https://github.com/opentdf): Source code and issue tracking +- [Community Forum](https://github.com/opentdf/community): Discussions and questions +- [Contributing Guide](https://github.com/opentdf/opentdf/blob/main/CONTRIBUTING.md): How to contribute to OpenTDF + +--- + +## Summary + +The TDF family of standards represents a powerful approach to data-centric security: + +- **BASE-TDF**: Foundation for commercial data protection +- **IC-TDF**: Government-grade security for classified information +- **ZTDF/ACP-240**: International coalition information sharing +- **OpenTDF**: Open source implementation for everyone + +All formats share core principles (cryptographic policy binding, split key architecture, ABAC support) while diverging on specifics (crypto requirements, classification schemes, governance). + +OpenTDF provides an open, flexible implementation compatible with BASE-TDF, with the capability to support IC-TDF and ZTDF requirements through configuration and plugins. + +Whether you're protecting corporate data, classified intelligence, or coalition information, there's a TDF format suited to your needs. diff --git a/docs/explanation/trusted-data-format/index.md b/docs/explanation/trusted-data-format/index.md new file mode 100644 index 00000000..b9f15d2d --- /dev/null +++ b/docs/explanation/trusted-data-format/index.md @@ -0,0 +1,140 @@ +# What is the Trusted Data Format (TDF)? + +The **Trusted Data Format (TDF)** is the core innovation that makes data-centric security possible. TDF is a standardized container format that cryptographically binds access control policies directly to encrypted data, creating **self-protecting data objects**. + +## The Core Concept + +Traditional file encryption separates the encrypted data from access controls. TDF changes this by creating a single package that contains: + +1. **Encrypted payload** - The actual data, encrypted with strong cryptography +2. **Policy object** - Access control rules defining who can decrypt the data +3. **Key access information** - References to keys and key servers +4. **Metadata** - Additional information about the data and its protection + +```mermaid +graph TD + subgraph "TDF File" + PAYLOAD[🔒 Encrypted Data] + POLICY[📋 Access Policy] + KEYINFO[🔑 Key Access Info] + METADATA[ℹ️ Metadata] + end + + POLICY -.-> PAYLOAD + KEYINFO -.-> PAYLOAD + METADATA -.-> PAYLOAD + + classDef tdf fill:#87CEEB,stroke:#4682B4,stroke-width:2px + class PAYLOAD,POLICY,KEYINFO,METADATA tdf +``` + +## How TDF Works + +When someone tries to access a TDF file, here's what happens: + +```mermaid +sequenceDiagram + participant User + participant TDF as TDF File + participant KAS as Key Access Server + participant AuthZ as Authorization Service + + User->>TDF: Open TDF file + TDF->>User: Extract policy & key info + User->>KAS: Request decryption key + KAS->>AuthZ: Check authorization + AuthZ->>AuthZ: Evaluate policy against user attributes + AuthZ-->>KAS: Decision (grant/deny) + + alt Authorized + KAS-->>User: Return decryption key + User->>TDF: Decrypt with key + TDF-->>User: Decrypted data + else Denied + KAS-->>User: Access denied + end +``` + +## Key Benefits of TDF + +### 1. **Policy Travels with Data** + +Unlike traditional access controls that exist separately from data, TDF embeds the policy directly in the file. The policy goes wherever the data goes - shared folders, email attachments, cloud storage, partner networks. + +### 2. **Fine-Grained Access Control** + +TDF policies use **Attribute-Based Access Control (ABAC)** to make nuanced decisions based on: + +- User attributes (role, clearance, department) +- Environmental context (location, time, device) +- Data classifications (sensitivity, project, compliance requirements) + +### 3. **Real-Time Policy Updates** + +Even after a TDF is created and shared, policies can be updated in real-time: + +- Revoke access immediately if needed +- Add new authorized users +- Change access conditions (e.g., restrict to business hours) +- Add obligations (e.g., watermarking requirements) + +### 4. **Complete Audit Trail** + +Every access attempt is logged, providing: + +- Who tried to access what data +- When and from where +- Whether access was granted or denied +- What actions were performed + +## TDF vs. NanoTDF + +OpenTDF supports two format variants: + +| Feature | **TDF (Full Format)** | **NanoTDF (Compact)** | +|---------|----------------------|------------------------| +| **Size Overhead** | ~1KB | ~50 bytes | +| **Best For** | Files, documents | IoT, streaming, embedded | +| **Policy Features** | Full ABAC policies | Simple attribute checks | +| **Key Management** | Full key splitting | Simplified key handling | +| **Use Cases** | Document protection, file sharing | Sensor data, real-time streams | + +## Real-World Example + +Consider a medical research document: + +**Without TDF (Traditional):** + +- File encrypted with password or certificate +- Access rules stored separately in system permissions +- If shared outside system → no access control +- No audit trail for external access + +**With TDF:** + +- File packaged as TDF with policy: "Only researchers with IRB approval can access" +- Policy includes obligations: "Must watermark with user ID" +- File can be safely shared with external partners +- All access attempts logged regardless of location +- Access can be revoked instantly if needed + +## Standards and Interoperability + +TDF is built on open standards: + +- **JSON-based manifest** for policy definition +- **Standard encryption algorithms** (AES, RSA, ECC) +- **NIST ABAC model** for access control +- **Open specification** for vendor interoperability + +This ensures that TDF files can be processed by different implementations and integrated into existing security infrastructure. + +OpenTDF is part of a broader family of TDF specifications including IC-TDF, BASE-TDF, and ZTDF (ACP-240). Learn more about [TDF format variants and standards](/explanation/trusted-data-format/format-variants-and-standards). + +## Next Steps + +- Explore [TDF format variants and standards](/explanation/trusted-data-format/format-variants-and-standards) (IC-TDF, BASE-TDF, ZTDF/ACP-240) +- Learn about [cryptographic binding](/explanation/trusted-data-format/cryptographic-binding) in detail +- Understand the [TDF vs NanoTDF comparison](/explanation/trusted-data-format/tdf-vs-nanotdf) +- See the complete [TDF lifecycle](/explanation/trusted-data-format/tdf-lifecycle) from creation to consumption +- Try creating your first TDF in our [tutorial](/tutorials/your-first-tdf) diff --git a/docs/explanation/trusted-data-format/tdf-lifecycle.md b/docs/explanation/trusted-data-format/tdf-lifecycle.md new file mode 100644 index 00000000..efea33f4 --- /dev/null +++ b/docs/explanation/trusted-data-format/tdf-lifecycle.md @@ -0,0 +1,511 @@ +# TDF Lifecycle: From Creation to Consumption + +Understanding the complete lifecycle of a Trusted Data Format (TDF) file helps you implement effective data-centric security. This document traces a TDF from initial creation through consumption, policy updates, and eventual expiration, highlighting the key interactions with OpenTDF platform services. + +## Lifecycle Overview + +```mermaid +graph TD + subgraph "1. Creation Phase" + CREATE[📝 Create TDF] + POLICY[📋 Define Policy] + ENCRYPT[🔒 Encrypt Data] + end + + subgraph "2. Distribution Phase" + SHARE[📤 Share TDF] + STORE[💾 Store/Transit] + RECEIVE[📥 Recipients Receive] + end + + subgraph "3. Access Phase" + REQUEST[🔓 Access Request] + VALIDATE[✅ Validate Policy] + DECRYPT[🔍 Decrypt & Access] + end + + subgraph "4. Management Phase" + UPDATE[🔄 Update Policies] + AUDIT[📊 Audit Access] + REVOKE[❌ Revoke Access] + end + + subgraph "5. Expiration Phase" + EXPIRE[⏰ Policy Expiry] + CLEANUP[🗑️ Key Cleanup] + ARCHIVE[📦 Archive Logs] + end + + CREATE --> SHARE + SHARE --> REQUEST + REQUEST --> UPDATE + UPDATE --> EXPIRE + EXPIRE --> CREATE + + classDef creation fill:#87CEEB + classDef distribution fill:#98FB98 + classDef access fill:#FFE4B5 + classDef management fill:#F0E68C + classDef expiration fill:#FFB6C1 + + class CREATE,POLICY,ENCRYPT creation + class SHARE,STORE,RECEIVE distribution + class REQUEST,VALIDATE,DECRYPT access + class UPDATE,AUDIT,REVOKE management + class EXPIRE,CLEANUP,ARCHIVE expiration +``` + +## Phase 1: Creation + +### **Step 1: Data Preparation** + +The lifecycle begins when an application or user wants to protect data: + +```mermaid +sequenceDiagram + participant User + participant App as Application + participant SDK as OpenTDF SDK + participant Data as Source Data + + User->>App: "Protect this document" + App->>Data: Read source data + Data-->>App: Raw content + App->>SDK: prepare_for_encryption(content) + SDK-->>App: Ready for policy binding +``` + +### **Step 2: Policy Definition** + +Policies can be defined inline or reference existing templates: + +```javascript +// Example: Creating TDF with inline policy +const policy = { + dataAttributes: [ + "https://company.com/attr/classification/confidential", + "https://company.com/attr/department/legal" + ], + dissem: [ + "lawyer1@firm.com", + "lawyer2@firm.com" + ], + conditions: [ + { + operator: "dateRange", + binding: "$.currentTime", + value: ["2024-01-01", "2024-12-31"] + } + ] +}; +``` + +### **Step 3: Encryption Process** + +The SDK orchestrates the encryption with platform services: + +```mermaid +sequenceDiagram + participant SDK as OpenTDF SDK + participant KAS as Key Access Service + participant Policy as Policy Service + participant Crypto as Crypto Engine + + SDK->>Policy: register_policy(policy_definition) + Policy-->>SDK: policy_uuid + + SDK->>Crypto: generate_dek() + Crypto-->>SDK: data_encryption_key + + SDK->>Crypto: encrypt_data(content, dek) + Crypto-->>SDK: encrypted_payload + + SDK->>KAS: wrap_key(dek, policy_uuid) + KAS-->>SDK: wrapped_key_material + + SDK->>SDK: create_tdf_container(payload, policy, wrapped_key) + SDK-->>SDK: complete_tdf_file +``` + +### **Creation Artifacts** + +At the end of creation phase: + +``` +TDF File Contents: +┌─────────────────────────────┐ +│ manifest.json │ +│ ├─ policy: {...} │ +│ ├─ keyAccess: [{...}] │ +│ └─ payload: "payload.bin" │ +├─────────────────────────────┤ +│ payload.bin (encrypted) │ +└─────────────────────────────┘ + +Platform Records: +- Policy Service: Policy definition and UUID +- Key Access Service: Wrapped key material +- Audit Service: TDF creation event +``` + +## Phase 2: Distribution + +### **Secure Sharing** + +TDF files can be shared through any channel because protection is inherent: + +```mermaid +graph LR + TDF[🔐 TDF File] --> EMAIL[📧 Email] + TDF --> CLOUD[☁️ Cloud Storage] + TDF --> PORTAL[🌐 Web Portal] + TDF --> MOBILE[📱 Mobile App] + TDF --> API[🔌 API Transfer] + + EMAIL --> RECIPIENT1[👤 Recipient 1] + CLOUD --> RECIPIENT2[👤 Recipient 2] + PORTAL --> RECIPIENT3[👤 Recipient 3] + MOBILE --> RECIPIENT4[👤 Recipient 4] + API --> RECIPIENT5[👤 Recipient 5] + + classDef tdf fill:#87CEEB + classDef channel fill:#98FB98 + classDef recipient fill:#FFE4B5 + + class TDF tdf + class EMAIL,CLOUD,PORTAL,MOBILE,API channel + class RECIPIENT1,RECIPIENT2,RECIPIENT3,RECIPIENT4,RECIPIENT5 recipient +``` + +### **Distribution Properties** + +- **Channel Agnostic**: Works over email, cloud storage, APIs, etc. +- **No Special Infrastructure**: Recipients don't need secure channels +- **Integrity Preserved**: Cryptographic signatures detect tampering +- **Policy Travels**: Access controls remain with data everywhere + +## Phase 3: Access and Consumption + +### **Access Request Flow** + +When a user attempts to open a TDF file: + +```mermaid +sequenceDiagram + participant User + participant Client as Client App/SDK + participant TDF as TDF File + participant KAS as Key Access Service + participant AuthZ as Authorization Service + participant Attrs as Attribute Authority + participant Audit as Audit Service + + User->>Client: "Open TDF file" + Client->>TDF: Read TDF manifest + TDF-->>Client: Policy & key access info + + Client->>KAS: Request key unwrapping + Note over Client,KAS: Includes user identity & context + + KAS->>AuthZ: Evaluate access policy + AuthZ->>Attrs: Fetch user attributes + Attrs-->>AuthZ: User attribute values + AuthZ->>AuthZ: Apply policy rules + AuthZ-->>KAS: Decision (permit/deny + obligations) + + alt Access Granted + KAS-->>Client: Unwrapped decryption key + Client->>TDF: Decrypt payload + TDF-->>Client: Decrypted content + Client-->>User: Display content + + KAS->>Audit: Log successful access + else Access Denied + KAS-->>Client: Access denied + reason + Client-->>User: Show denial message + + KAS->>Audit: Log denied access attempt + end +``` + +### **Context-Aware Access** + +Access decisions consider multiple factors: + +```yaml +# Example access context evaluation +access_context: + user: + identity: "john.doe@company.com" + roles: ["legal_counsel", "project_alpha"] + clearance: "confidential" + department: "legal" + + environment: + time: "2024-06-15T14:30:00Z" + location: "US" + device: "managed_laptop" + ip_address: "10.0.1.45" + network: "corporate_vpn" + + request: + action: "read" + purpose: "legal_review" + client: "company_document_viewer" + +policy_evaluation: + - check: "user.roles contains 'legal_counsel'" → ✅ PASS + - check: "current_time within business_hours" → ✅ PASS + - check: "location in ['US', 'UK']" → ✅ PASS + - check: "device.managed == true" → ✅ PASS + +result: PERMIT with obligations ["watermark", "audit_all_actions"] +``` + +### **Obligation Enforcement** + +Policies can specify obligations that must be enforced during access: + +- **Watermarking**: Add user identification to displayed content +- **Audit Logging**: Record all user actions with the data +- **Usage Restrictions**: Prevent printing, screenshots, or copying +- **Time Limits**: Automatically close access after specified duration + +## Phase 4: Policy Management + +### **Dynamic Policy Updates** + +One of TDF's key advantages is the ability to update policies without re-encrypting data: + +```mermaid +sequenceDiagram + participant Admin as Policy Admin + participant Policy as Policy Service + participant KAS as Key Access Service + participant Client as Client Apps + participant Audit as Audit Service + + Admin->>Policy: Update policy rules + Policy->>Policy: Validate new policy + Policy->>KAS: Notify policy change + KAS->>KAS: Update access control cache + + Note over Policy,KAS: Policy change takes effect immediately + + Client->>KAS: Next access request + KAS->>Policy: Get current policy (updated) + Policy-->>KAS: New policy rules + KAS-->>Client: Apply new access decision + + KAS->>Audit: Log policy change impact +``` + +### **Common Policy Updates** + +#### **Adding New Users** +```json +{ + "operation": "add_dissem", + "policy_uuid": "legal-doc-123", + "new_users": ["newlawyer@firm.com"], + "effective_immediately": true +} +``` + +#### **Time-Based Restrictions** +```json +{ + "operation": "update_conditions", + "policy_uuid": "project-data-456", + "conditions": [ + { + "operator": "dateRange", + "binding": "$.currentTime", + "value": ["2024-01-01", "2024-06-30"] // Shortened access window + } + ] +} +``` + +#### **Emergency Revocation** +```json +{ + "operation": "revoke_access", + "policy_uuid": "confidential-report-789", + "reason": "security_incident", + "effective_immediately": true +} +``` + +### **Policy Versioning** + +Policies are versioned to maintain audit trails: + +``` +Policy Evolution: +v1.0: Initial policy - Legal team access only +v1.1: Added external counsel to dissemination list +v1.2: Restricted access to business hours only +v1.3: Extended expiration date +v2.0: Added geographic restrictions +v2.1: Emergency revocation - all access suspended +``` + +## Phase 5: Audit and Monitoring + +### **Comprehensive Audit Trail** + +Every interaction with TDF data is logged: + +```mermaid +graph TD + subgraph "Audit Events" + CREATE_EVENT[📝 TDF Creation] + ACCESS_EVENT[🔓 Access Attempts] + POLICY_EVENT[📋 Policy Changes] + KEY_EVENT[🔑 Key Operations] + end + + subgraph "Event Details" + WHO[👤 Who: User identity] + WHAT[📄 What: Resource/action] + WHEN[⏰ When: Timestamp] + WHERE[🌍 Where: Location/device] + WHY[❓ Why: Decision rationale] + end + + CREATE_EVENT --> WHO + ACCESS_EVENT --> WHO + POLICY_EVENT --> WHO + KEY_EVENT --> WHO + + WHO --> WHAT + WHAT --> WHEN + WHEN --> WHERE + WHERE --> WHY + + classDef audit fill:#FFE4B5 + classDef detail fill:#98FB98 + + class CREATE_EVENT,ACCESS_EVENT,POLICY_EVENT,KEY_EVENT audit + class WHO,WHAT,WHEN,WHERE,WHY detail +``` + +### **Audit Event Examples** + +```json +// TDF Access Event +{ + "event_type": "tdf_access_request", + "timestamp": "2024-06-15T14:30:22Z", + "tdf_uuid": "legal-contract-123", + "user": { + "identity": "john.doe@firm.com", + "attributes": ["role:lawyer", "clearance:confidential"] + }, + "context": { + "location": "US", + "device": "managed_laptop_456", + "ip_address": "10.0.1.45" + }, + "decision": { + "result": "permit", + "policy_version": "v2.1", + "obligations": ["watermark", "audit_actions"] + } +} + +// Policy Change Event +{ + "event_type": "policy_update", + "timestamp": "2024-06-15T09:15:30Z", + "policy_uuid": "legal-contract-123", + "admin": "admin@firm.com", + "changes": { + "added_users": ["newlawyer@firm.com"], + "removed_conditions": ["geographic_restriction"] + }, + "reason": "Project team expansion" +} +``` + +## Phase 6: Expiration and Cleanup + +### **Natural Expiration** + +TDF access can expire based on policy conditions: + +```mermaid +sequenceDiagram + participant Client + participant KAS as Key Access Service + participant Policy as Policy Service + participant Audit as Audit Service + + Client->>KAS: Access request for expired TDF + KAS->>Policy: Check policy conditions + Policy-->>KAS: Policy expired (date/condition based) + KAS-->>Client: Access denied - policy expired + KAS->>Audit: Log expiration-based denial + + Note over KAS,Policy: Keys remain available for audit/recovery +``` + +### **Administrative Cleanup** + +After policy expiration, administrators can clean up resources: + +``` +Cleanup Process: +1. Identify expired policies +2. Archive audit logs +3. Backup key material for compliance +4. Remove active key access capabilities +5. Update policy status to "archived" +``` + +### **Long-Term Retention** + +Even after expiration, some data may be retained: + +- **Audit logs**: For compliance and forensic purposes +- **Policy definitions**: Historical record of access controls +- **Key escrow**: For legal discovery or data recovery +- **Usage analytics**: For policy effectiveness analysis + +## Lifecycle Best Practices + +### **Creation Best Practices** + +1. **Policy Templates**: Use standardized policy templates for consistency +2. **Least Privilege**: Start with minimal access, expand as needed +3. **Clear Expiration**: Always set appropriate expiration dates +4. **Meaningful Names**: Use descriptive policy and TDF identifiers + +### **Distribution Best Practices** + +1. **Channel Selection**: Choose appropriate sharing mechanisms +2. **Recipient Preparation**: Ensure recipients have necessary client software +3. **Clear Instructions**: Provide guidance on accessing protected data +4. **Backup Channels**: Have alternative distribution methods ready + +### **Management Best Practices** + +1. **Regular Reviews**: Periodically review and update policies +2. **Automated Expiration**: Use time-based expiration for temporary access +3. **Emergency Procedures**: Have processes for immediate revocation +4. **Change Documentation**: Document all policy changes with rationale + +### **Monitoring Best Practices** + +1. **Real-time Alerts**: Monitor for unusual access patterns +2. **Regular Reporting**: Generate access and policy reports +3. **Compliance Tracking**: Ensure audit logs meet regulatory requirements +4. **Performance Monitoring**: Track TDF access performance and user experience + +## Next Steps + +- Learn about [cryptographic binding](cryptographic-binding) that enables this lifecycle +- Compare [TDF vs NanoTDF](tdf-vs-nanotdf) lifecycle differences +- Understand the [platform architecture](/explanation/platform-architecture) supporting the TDF lifecycle +- Try managing the complete lifecycle in our [hands-on tutorial](/tutorials/your-first-tdf) \ No newline at end of file diff --git a/docs/explanation/trusted-data-format/tdf-vs-nanotdf.md b/docs/explanation/trusted-data-format/tdf-vs-nanotdf.md new file mode 100644 index 00000000..5e006efd --- /dev/null +++ b/docs/explanation/trusted-data-format/tdf-vs-nanotdf.md @@ -0,0 +1,352 @@ +# TDF vs. NanoTDF: Choosing the Right Format + +OpenTDF supports two format variants: the full Trusted Data Format (TDF) and Nano Trusted Data Format (NanoTDF). Each is optimized for different use cases, with tradeoffs between features, security granularity, and overhead. Understanding these differences helps you choose the right format for your specific requirements. + +## Format Overview + +```mermaid +graph TB + subgraph "TDF (Full Format)" + TDF_MANIFEST[📜 Rich JSON Manifest] + TDF_POLICY[📋 Full ABAC Policies] + TDF_KEYS[🔑 Multiple Key Access Methods] + TDF_PAYLOAD[📦 Encrypted Payload] + + TDF_MANIFEST --> TDF_POLICY + TDF_MANIFEST --> TDF_KEYS + TDF_MANIFEST --> TDF_PAYLOAD + end + + subgraph "NanoTDF (Compact)" + NANO_HEADER[📝 Binary Header (~50 bytes)] + NANO_POLICY[🏷️ Simple Attribute Tags] + NANO_KEY[🔐 Single Key Access] + NANO_PAYLOAD[📁 Encrypted Data] + + NANO_HEADER --> NANO_POLICY + NANO_HEADER --> NANO_KEY + NANO_HEADER --> NANO_PAYLOAD + end + + classDef tdf fill:#87CEEB,stroke:#4682B4 + classDef nano fill:#98FB98,stroke:#228B22 + + class TDF_MANIFEST,TDF_POLICY,TDF_KEYS,TDF_PAYLOAD tdf + class NANO_HEADER,NANO_POLICY,NANO_KEY,NANO_PAYLOAD nano +``` + +## Side-by-Side Comparison + +| **Aspect** | **TDF (Full Format)** | **NanoTDF (Compact)** | +|------------|----------------------|------------------------| +| **Header Overhead** | ~1KB+ (JSON manifest) | ~50 bytes (binary header) | +| **Policy Complexity** | Full ABAC with complex rules | Simple attribute-based checks | +| **Key Management** | Multiple KAS, key splitting | Single KAS, simplified keys | +| **Payload Size Impact** | Negligible for files >10KB | Significant for small payloads | +| **Feature Set** | Complete feature set | Essential features only | +| **Processing Speed** | Slower (JSON parsing) | Faster (binary operations) | +| **Ideal Use Cases** | Documents, files, rich policies | IoT data, streams, simple policies | + +## Detailed Comparison + +### Size and Overhead + +#### TDF Format +``` +[TDF File Structure] +┌─────────────────────────────┐ +│ ZIP Container │ +├─────────────────────────────┤ +│ manifest.json (~800-2000B) │ ← JSON manifest +├─────────────────────────────┤ +│ payload.bin (variable) │ ← Encrypted data +└─────────────────────────────┘ +``` + +**Overhead characteristics**: +- **Fixed cost**: ~1KB regardless of payload size +- **Negligible impact**: For files > 10KB (overhead < 10%) +- **JSON flexibility**: Human-readable, extensible structure +- **Multiple files**: Can contain multiple encrypted objects + +#### **NanoTDF Format** +``` +[NanoTDF Structure] +┌──────────────────┐ +│ Header (18B) │ ← Fixed header +├──────────────────┤ +│ KAS Info (~20B) │ ← Key access information +├──────────────────┤ +│ Policy (~10B) │ ← Compact policy representation +├──────────────────┤ +│ Payload (var) │ ← Encrypted data +└──────────────────┘ +``` + +**Overhead characteristics**: +- **Fixed cost**: ~50 bytes total overhead +- **Significant impact**: For payloads < 1KB (overhead can be 5-50%) +- **Binary efficiency**: Optimized for minimal size +- **Single object**: One encrypted payload per NanoTDF + +### **Policy Capabilities** + +#### **TDF Full Policies** + +Rich policy expression with complex logic: + +```json +{ + "policy": { + "uuid": "complex-policy-123", + "body": { + "dataAttributes": [ + "https://example.com/attr/classification/secret", + "https://example.com/attr/project/alpha" + ], + "dissem": [ + "user1@company.com", + "user2@company.com" + ], + "rules": [ + { + "effect": "permit", + "condition": { + "and": [ + {"equals": ["$.user.department", "engineering"]}, + {"dateRange": ["$.current.time", "2024-01-01", "2024-12-31"]}, + {"in": ["$.user.location", ["US", "CA", "UK"]]} + ] + } + } + ] + } + } +} +``` + +**TDF Policy Features**: +- **Complex conditions**: Boolean logic, date ranges, string matching +- **Multiple attributes**: Combine many data and user attributes +- **Obligations**: Watermarking, audit requirements, etc. +- **Dynamic references**: External policy stores, attribute authorities +- **Rich dissemination**: Complex sharing rules and workflows + +#### **NanoTDF Simple Policies** + +Compact attribute-based policies: + +``` +Header Structure (binary): +┌─────────┬─────────┬─────────┬─────────┐ +│ Version │ KAS URL │ Policy │ Binding │ +│ (3B) │ (var) │ (var) │ (var) │ +└─────────┴─────────┴─────────┴─────────┘ + +Policy Section: +- Attribute list: [attr1, attr2, attr3] +- Simple logic: "user must have ALL attributes" +- No complex conditions or obligations +``` + +**NanoTDF Policy Features**: +- **Attribute lists**: Simple "user must have these attributes" +- **Basic logic**: AND/OR operations only +- **No conditions**: Cannot express complex temporal or contextual rules +- **Fixed dissemination**: Predefined sharing patterns +- **Performance optimized**: Fast evaluation for real-time scenarios + +### **Key Management** + +#### **TDF Key Management** +```yaml +# TDF supports multiple key access methods +encryptionInformation: + keyAccess: + - type: "wrapped" + url: "https://kas1.company.com" + wrappedKey: "encrypted_key_material_1" + policy: "primary_policy" + - type: "remote" + url: "https://kas2.partner.com" + keyId: "shared_key_reference" + policy: "partner_policy" + - type: "split" + threshold: 2 + shares: + - url: "https://kas3.backup.com" + - url: "https://kas4.backup.com" +``` + +**TDF Key Features**: +- **Multiple KAS servers**: Redundancy and multi-authority scenarios +- **Key splitting**: Require multiple parties for access (threshold schemes) +- **Hierarchical keys**: Key derivation and rotation strategies +- **Mixed methods**: Different key access methods per policy requirement + +#### **NanoTDF Key Management** +``` +Single KAS approach: +┌─────────────────────────────────────┐ +│ KAS URL: https://kas.company.com │ +│ Wrapped Key: [encrypted_dek] │ +│ Policy Reference: [simple_policy] │ +└─────────────────────────────────────┘ +``` + +**NanoTDF Key Features**: +- **Single KAS**: One key access server per NanoTDF +- **Wrapped keys**: Simple key wrapping, no splitting +- **Fast unwrapping**: Optimized for high-throughput scenarios +- **Minimal metadata**: Reduced key management overhead + +## Use Case Guidelines + +### **Choose TDF (Full Format) When:** + +#### **Document and File Protection** +- **Office documents**: Word, Excel, PDF files +- **Large files**: Where 1KB overhead is negligible +- **Rich sharing**: Complex dissemination workflows +- **Compliance**: Detailed audit and policy requirements + +**Example**: Legal contracts shared with multiple law firms, each with different access levels and time restrictions. + +#### **Complex Policy Requirements** +- **Multi-attribute decisions**: Combine user role, location, time, project, etc. +- **Dynamic policies**: Policies that change without re-encryption +- **Obligations**: Watermarking, audit logging, usage restrictions +- **Multi-authority**: Require approval from multiple policy authorities + +**Example**: Classified intelligence documents requiring approval from multiple agencies based on clearance level, need-to-know, and operational context. + +#### **Enterprise Integration** +- **Rich identity systems**: LDAP, Active Directory with many attributes +- **Complex workflows**: Approval processes, escalation procedures +- **Audit requirements**: Detailed compliance and regulatory reporting +- **Multi-tenant**: Different policy sets per customer or division + +### **Choose NanoTDF When:** + +#### **IoT and Sensor Data** +- **Small payloads**: Sensor readings, telemetry data +- **High frequency**: Thousands of messages per second +- **Resource constraints**: Limited CPU, memory, bandwidth +- **Simple policies**: Basic attribute checking sufficient + +**Example**: Industrial sensors sending encrypted temperature readings where only maintenance personnel should have access. + +#### **Real-Time Streaming** +- **Low latency**: Minimal processing overhead required +- **High throughput**: Process thousands of objects per second +- **Simple decisions**: Fast policy evaluation critical +- **Embedded systems**: Constrained computing environments + +**Example**: Financial trading systems encrypting market data feeds with role-based access controls. + +#### **Mobile and Edge Computing** +- **Bandwidth constraints**: Minimize data transfer overhead +- **Battery life**: Reduce computational overhead +- **Simple policies**: Basic user/role-based access +- **Offline scenarios**: Simplified policy evaluation when disconnected + +**Example**: Field service applications protecting customer data on mobile devices with limited connectivity. + +## Migration and Interoperability + +### **Format Selection Strategy** + +1. **Assess overhead tolerance**: + - Payload size distribution + - Network bandwidth constraints + - Storage cost considerations + +2. **Evaluate policy complexity**: + - Current access control requirements + - Future policy evolution needs + - Compliance and audit requirements + +3. **Consider performance requirements**: + - Throughput and latency needs + - Processing power constraints + - Real-time vs. batch processing + +### **Hybrid Deployments** + +Many organizations use both formats: + +```mermaid +graph TD + subgraph "Document Management" + DOCS[📄 Office Documents] --> TDF[TDF Format] + REPORTS[📊 Reports] --> TDF + end + + subgraph "IoT Platform" + SENSORS[📡 Sensor Data] --> NANO[NanoTDF Format] + TELEMETRY[📈 Telemetry] --> NANO + end + + subgraph "OpenTDF Platform" + KAS[🔑 Key Access Service] + POLICY[📋 Policy Service] + AUDIT[📋 Audit Service] + end + + TDF --> KAS + NANO --> KAS + TDF --> POLICY + NANO --> POLICY + TDF --> AUDIT + NANO --> AUDIT + + classDef tdf fill:#87CEEB + classDef nano fill:#98FB98 + classDef platform fill:#FFE4B5 + + class DOCS,REPORTS,TDF tdf + class SENSORS,TELEMETRY,NANO nano + class KAS,POLICY,AUDIT platform +``` + +### **Format Conversion** + +Converting between formats requires re-encryption: + +**TDF → NanoTDF**: +- Simplify policy to attribute-only checks +- Convert to single KAS if using multiple +- Re-encrypt payload with NanoTDF format +- Verify policy equivalence + +**NanoTDF → TDF**: +- Expand simple policies to full ABAC format +- Add rich policy context if needed +- Re-encrypt with full TDF structure +- Enhance with additional metadata + +## Implementation Considerations + +### **SDK Support** +- **Full TDF**: Supported in all OpenTDF SDKs +- **NanoTDF**: Available in performance-optimized SDKs +- **Auto-selection**: Some SDKs choose format based on payload size + +### **Performance Testing** +Always benchmark with your specific: +- **Payload sizes**: Test with representative data +- **Policy complexity**: Measure evaluation times +- **Network conditions**: Consider latency and bandwidth +- **Processing power**: Test on target hardware + +### **Future Evolution** +- **NanoTDF v2**: Enhanced features while maintaining compact size +- **Hybrid formats**: Best of both approaches +- **Auto-optimization**: Dynamic format selection based on context + +## Next Steps + +- Learn about the complete [TDF lifecycle](tdf-lifecycle) covering both formats +- Understand [cryptographic binding](cryptographic-binding) mechanisms in each format +- Explore the [platform architecture](/explanation/platform-architecture) supporting both formats +- Try both formats in our [hands-on tutorial](/tutorials/your-first-tdf) to see the differences \ No newline at end of file diff --git a/docs/getting-started/_category_.yaml b/docs/getting-started/_category_.yaml deleted file mode 100644 index 951e6775..00000000 --- a/docs/getting-started/_category_.yaml +++ /dev/null @@ -1 +0,0 @@ -position: 2 diff --git a/docs/getting-started/configuration.md b/docs/getting-started/configuration.md new file mode 100644 index 00000000..546d6b5f --- /dev/null +++ b/docs/getting-started/configuration.md @@ -0,0 +1,641 @@ +--- +id: configuration +sidebar_position: 20 +title: Configuration +--- + +# Platform Configuration + +This guide provides details about the configuration setup for the platform, including the logger, services , and server configurations. + +The platform leverages [viper](https://github.com/spf13/viper) to help load configuration. + +- [Deployment Mode](#deployment-mode) + - [Service Negation](#service-negation) + - [SDK Configuration](#sdk-configuration) + - [Logger Configuration](#logger-configuration) + - [Server Configuration](#server-configuration) + - [CORS Configuration](#cors-configuration) + - [Additive Configuration](#additive-configuration) + - [Programmatic Configuration](#programmatic-configuration) + - [Crypto Provider](#crypto-provider) + - [Tracing Configuration](#tracing-configuration) + - [Database Configuration](#database-configuration) + - [Security Configuration](#security-configuration) + - [Services Configuration](#services-configuration) + - [Key Access Server (KAS)](#key-access-server-kas) + - [Authorization](#authorization) + - [Shared Keys (v1 \& v2)](#shared-keys-v1--v2) + - [Authorization v1 Only](#authorization-v1-only) + - [Authorization v2 Only](#authorization-v2-only) + - [Example: Authorization v1](#example-authorization-v1) + - [Example: Authorization v2](#example-authorization-v2) + - [Entity Resolution](#entity-resolution) + - [Shared Keys (v1 \& v2)](#shared-keys-v1--v2-1) + - [Entity Resolution v1 Only](#entity-resolution-v1-only) + - [Entity Resolution v2 Only](#entity-resolution-v2-only) + - [Example: Entity Resolution v1](#example-entity-resolution-v1) + - [Example: Entity Resolution v2](#example-entity-resolution-v2) + - [Policy](#policy) + - [Casbin Endpoint Authorization](#casbin-endpoint-authorization) + - [Key Aspects of Authorization Configuration](#key-aspects-of-authorization-configuration) + - [Configuration in opentdf-example.yaml](#configuration-in-opentdf-exampleyaml) + - [Role Permissions](#role-permissions) + - [Managing Authorization Policy](#managing-authorization-policy) + - [Cache Configuration](#cache-configuration) + +## Deployment Mode + +The platform is designed as a modular monolith, meaning that all services are built into and run from the same binary. However, these services can be grouped and run together based on specific needs. The available service groups are: + +- all: Runs every service that is registered within the platform. +- core: Runs essential services, including policy, authorization, and wellknown services. +- kas: Runs the Key Access Server (KAS) service. + +### Service Negation + +You can exclude specific services from any mode using the negation syntax `-servicename`: + +- **Syntax**: `mode: ,-,-` +- **Constraint**: At least one positive mode must be specified (negation-only modes like `-kas` will result in an error) +- **Available services**: `policy`, `authorization`, `kas`, `entityresolution`, `wellknown` + +**Examples:** +```yaml +# Run all services except Entity Resolution Service +mode: all,-entityresolution + +# Run core services except Policy Service +mode: core,-policy + +# Run all services except both KAS and Entity Resolution +mode: all,-kas,-entityresolution +``` + +| Field | Description | Default | Environment Variable | +| ------ | ---------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -------------------- | +| `mode` | Drives which services to run. Supported modes: `all`, `core`, `kas`. Use `-servicename` to exclude specific services (e.g., `all,-entityresolution`) | `all` | OPENTDF_MODE | + +## SDK Configuration + +The sdk configuration is used when operating the service in mode `kas`. When running in mode `core` or `all` an in-process communication is leveraged over an in-memory grpc server. + +Root level key `sdk_config` + +| Field | Description | Default | Environment Variable | +| ---------------------------- | ------------------------------------------- | ------- | -------------------------------- | +| `core.endpoint` | The core platform endpoint to connect to | | OPENTDF_SDK_CONFIG_ENDPOINT | +| `core.plaintext` | Use a plaintext grpc connection | `false` | OPENTDF_SDK_CONFIG_PLAINTEXT | +| `core.insecure` | Use an insecure tls connection | `false` | | +| `entityresolution.endpoint` | The entityresolution endpoint to connect to | | | +| `entityresolution.plaintext` | Use a plaintext ERS grpc connection | `false` | | +| `entityresolution.insecure` | Use an insecure tls connection | `false` | | +| `client_id` | OAuth client id | | OPENTDF_SDK_CONFIG_CLIENT_ID | +| `client_secret` | The clients credentials | | OPENTDF_SDK_CONFIG_CLIENT_SECRET | + +## Logger Configuration + +The logger configuration is used to define how the application logs its output. + +Root level key `logger` + +| Field | Description | Default | Environment Variable | +| -------- | ---------------------------------------- | -------- | --------------------- | +| `level` | The logging level. | `info` | OPENTDF_LOGGER_LEVEL | +| `type` | The format of the log output. | `json` | OPENTDF_LOGGER_TYPE | +| `output` | Stream output for logs, stderr or stdout | `stdout` | OPENTDF_LOGGER_OUTPUT | + +Example: + +```yaml +logger: + level: debug + type: text + output: stderr +``` + +## Server Configuration + +The server configuration is used to define how the application runs its server. + +Root level key `server` + +| Field | Description | Default | Environment Variable | +| ----------------------- | ------------------------------------------------------------------------------------------------------------- | ------- | ------------------------------------ | +| `auth.audience` | The audience for the IDP. | | OPENTDF_SERVER_AUTH_AUDIENCE | +| `auth.issuer` | The issuer for the IDP. | | OPENTDF_SERVER_AUTH_ISSUER | +| `auth.policy` | The Casbin policy for enforcing authorization on endpoints. Described [below](#casbin-endpoint-authorization) | | | +| `auth.cache_refresh` | Interval in which the IDP jwks should be refreshed | `15m` | OPENTDF_SERVER_AUTH_CACHE_REFRESH | +| `auth.dpopskew` | The amount of time drift allowed between when the client generated a dpop proof and the server time. | `1h` | OPENTDF_SERVER_AUTH | +| `auth.skew` | The amount of time drift allowed between a tokens `exp` claim and the server time. | `1m` | OPENTDF_SERVER_AUTH_SKEW | +| `auth.public_client_id` | [DEPRECATED] The oidc client id. This is leveraged by otdfctl. | | OPENTDF_SERVER_AUTH_PUBLIC_CLIENT_ID | +| `auth.enforceDPoP` | If true, DPoP bindings on Access Tokens are enforced. | `false` | OPENTDF_SERVER_AUTH_ENFORCEDPOP | +| `cryptoProvider` | A list of public/private keypairs and their use. Described [below](#crypto-provider) | empty | | +| `enable_pprof` | Enable golang performance profiling | `false` | OPENTDF_SERVER_ENABLE_PPROF | +| `grpc.reflection` | The configuration for the grpc server. | `true` | OPENTDF_SERVER_GRPC_REFLECTION | +| `public_hostname` | The public facing hostname for the server. | | OPENTDF_SERVER_PUBLIC_HOSTNAME | +| `host` | The host address for the server. | `""` | OPENTDF_SERVER_HOST | +| `port` | The port number for the server. | `9000` | OPENTDF_SERVER_PORT | +| `tls.enabled` | Enable tls. | `false` | OPENTDF_SERVER_TLS_ENABLED | +| `tls.cert` | The path to the tls certificate. | | OPENTDF_SERVER_TLS_CERT | +| `tls.key` | The path to the tls key. | | OPENTDF_SERVER_TLS_KEY | + +Example: + +```yaml +server: + grpc: + reflection: true + port: 8081 + tls: + enabled: true + cert: /path/to/cert + key: /path/to/key + auth: + enabled: true + audience: https://example.com + issuer: https://example.com + cryptoProvider: + standard: + keys: + - kid: r1 + alg: rsa:2048 + private: kas-private.pem + cert: kas-cert.pem + - kid: e1 + alg: ec:secp256r1 + private: kas-ec-private.pem + cert: kas-ec-cert.pem +``` + +### CORS Configuration + +Root level key `server.cors` + +| Field | Description | Default | Environment Variable | +| -------------------------- | ------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------- | +| `enabled` | Enable CORS for the server | `true` | OPENTDF_SERVER_CORS_ENABLED | +| `allowedorigins` | List of allowed origins (`*` for any) | `[]` | OPENTDF_SERVER_CORS_ALLOWEDORIGINS | +| `allowedmethods` | List of allowed HTTP methods | `["GET","POST","PATCH","DELETE","OPTIONS"]` | OPENTDF_SERVER_CORS_ALLOWEDMETHODS | +| `allowedheaders` | List of allowed request headers | `["Accept","Accept-Encoding","Authorization","Connect-Protocol-Version","Content-Length","Content-Type","Dpop","X-CSRF-Token","X-Requested-With","X-Rewrap-Additional-Context"]` | OPENTDF_SERVER_CORS_ALLOWEDHEADERS | +| `exposedheaders` | List of response headers browsers can access | `[]` | OPENTDF_SERVER_CORS_EXPOSEDHEADERS | +| `allowcredentials` | Whether credentials are included in CORS requests | `true` | OPENTDF_SERVER_CORS_ALLOWCREDENTIALS | +| `maxage` | Maximum age (seconds) of preflight cache | `3600` | OPENTDF_SERVER_CORS_MAXAGE | +| `additionalmethods` | Additional methods to append to defaults | `[]` | OPENTDF_SERVER_CORS_ADDITIONALMETHODS | +| `additionalheaders` | Additional headers to append to defaults | `[]` | OPENTDF_SERVER_CORS_ADDITIONALHEADERS | +| `additionalexposedheaders` | Additional exposed headers to append | `[]` | OPENTDF_SERVER_CORS_ADDITIONALEXPOSEDHEADERS | + +#### Additive Configuration + +The `additional*` fields allow operators to extend the default lists without replacing them entirely: + +```yaml +server: + cors: + enabled: true + # Add custom headers without copying all defaults + additionalheaders: + - X-Custom-Header + - X-Another-Header +``` + +To completely replace defaults, use the base fields directly: + +```yaml +server: + cors: + allowedheaders: + - Authorization + - Content-Type + # Only these headers will be allowed +``` + +#### Programmatic Configuration + +For applications embedding the OpenTDF platform, CORS can also be configured programmatically using functional options. These are applied after YAML/environment configuration and follow the same additive semantics: + +```go +import "github.com/opentdf/platform/service/pkg/server" + +err := server.Start( + server.WithConfigFile("opentdf.yaml"), + // Add custom headers for your application + server.WithAdditionalCORSHeaders("X-Custom-Header", "X-App-Version"), + // Add custom methods if needed + server.WithAdditionalCORSMethods("CUSTOM"), + // Expose additional response headers to browsers + server.WithAdditionalCORSExposedHeaders("X-Request-Id", "X-Trace-Id"), +) +``` + +**Configuration Precedence:** + +1. **Defaults** - Built-in default values +2. **YAML/Environment** - Operator configuration via `server.cors.*` fields +3. **Programmatic Options** - Developer overlays via `WithAdditionalCORS*` functions + +All layers are additive. Deduplication is handled automatically (case-insensitive for headers per RFC 7230, case-sensitive for methods per RFC 7231). + +### Crypto Provider + +To configure the Key Access Server, +you must define a set of one or more public keypairs +and a method for loading and using them. + +The crypto provider is implemented as an interface, +allowing multiple implementations. + +Root level key `cryptoProvider` + +Environment Variable: `OPENTDF_SERVER_CRYPTOPROVIDER_STANDARD='[{"alg":"rsa:2048","kid":"k1","private":"kas-private.pem","cert":"kas-cert.pem"}]'` + +| Field | Description | Default | +| ----------------------------------- | ------------------------------------------------------------------------- | ---------- | +| `cryptoProvider.type` | The type of crypto provider to use. | `standard` | +| `cryptoProvider.standard.*.alg` | An enum for the associated crypto type. E.g. `rsa:2048` or `ec:secp256r1` | | +| `cryptoProvider.standard.*.kid` | A short, globally unique, stable identifier for this keypair. | | +| `cryptoProvider.standard.*.private` | Path to the private key as a PEM file. | | +| `cryptoProvider.standard.*.cert` | (Optional) Path to a public cert for the keypair. | | + +### Tracing Configuration + +Root level key `server.trace` + +| Field | Description | Default | Environment Variable | +| ---------------------------- | ------------------------------- | ------- | ---------------------------------- | +| `server.trace.enabled` | Enable distributed tracing | `false` | OPENTDF_SERVER_TRACE_ENABLED | +| `server.trace.provider.name` | Tracing provider (file or otlp) | `otlp` | OPENTDF_SERVER_TRACE_PROVIDER_NAME | + +For file provider: +- `server.trace.provider.file.path`: Path to trace file output +- `server.trace.provider.file.prettyPrint`: Enable pretty-printed JSON +- `server.trace.provider.file.maxSize`: Maximum file size in MB +- `server.trace.provider.file.maxBackups`: Maximum number of backup files +- `server.trace.provider.file.maxAge`: Maximum age of files in days +- `server.trace.provider.file.compress`: Enable compression of trace files + +For OTLP provider: +- `server.trace.provider.otlp.protocol`: Protocol to use (grpc or http/protobuf) +- `server.trace.provider.otlp.endpoint`: Endpoint URL for the collector +- `server.trace.provider.otlp.insecure`: Whether to use an insecure connection +- `server.trace.provider.otlp.headers`: Headers to include in OTLP requests + +Example: + +```yaml +server: + trace: + enabled: true + provider: + name: otlp + otlp: + protocol: grpc + endpoint: "localhost:4317" + insecure: true +``` + +## Database Configuration + +The database configuration is used to define how the application connects to its database. + +Root level key `db` + +| Field | Description | Default | Environment Variables | +| -------------------------------------- | --------------------------------------------- | ----------- | ----------------------------------------------- | +| `host` | The host address for the database. | `localhost` | OPENTDF_DB_HOST | +| `port` | The port number for the database. | `5432` | OPENTDF_DB_PORT | +| `database` | The name of the database. | `opentdf` | OPENTDF_DB_DATABASE | +| `user` | The username for the database. | `postgres` | OPENTDF_DB_USER | +| `password` | The password for the database. | `changeme` | OPENTDF_DB_PASSWORD | +| `sslmode` | The ssl mode for the database | `prefer` | OPENTDF_DB_SSLMODE | +| `schema` | The schema for the database. | `opentdf` | OPENTDF_DB_SCHEMA | +| `runMigration` | Whether to run the database migration or not. | `true` | OPENTDF_DB_RUNMIGRATION | +| `connect_timeout_seconds` | Connection timeout duration (seconds). | `15` | OPENTDF_DB_CONNECT_TIMEOUT_SECONDS | +| `pool` | Pool configuration settings. | | | +| `pool.max_connection_count` | Maximum number of connections per pool. | `4` | OPENTDF_DB_POOL_MAX_CONNECTION_COUNT | +| `pool.min_connection_count` | Minimum number of connections per pool. | `0` | OPENTDF_DB_POOL_MIN_CONNECTION_COUNT | +| `pool.max_connection_lifetime_seconds` | Maximum seconds per connection lifetime. | `3600` | OPENTDF_DB_POOL_MAX_CONNECTION_LIFETIME_SECONDS | +| `pool.min_idle_connections_count` | Minimum number of idle connections per pool. | `0` | OPENTDF_DB_POOL_MIN_IDLE_CONNECTIONS_COUNT | +| `pool.max_connection_idle_seconds` | Maximum seconds allowed for idle connection. | `1800` | OPENTDF_DB_POOL_MAX_CONNECTION_IDLE_SECONDS | +| `pool.health_check_period_seconds` | Interval seconds per health check. | `60` | OPENTDF_DB_POOL_HEALTH_CHECK_PERIOD_SECONDS | + + + + +Example: + +```yaml +db: + host: localhost + port: 5432 + database: opentdf + user: postgres + password: changeme + sslmode: require + schema: opentdf + runMigration: false + connect_timeout_seconds: 15 + pool: + max_connection_count: 4 + min_connection_count: 0 + max_connection_lifetime_seconds: 3600 + min_idle_connections_count: 0 + max_connection_idle_seconds: 1800 + health_check_period_seconds: 60 +``` + +## Security Configuration + +Root level key `security` + +| Field | Description | Default | +| ------------------- | ----------------------------------------------------------------------------------------------- | ------- | +| `unsafe.clock_skew` | Platform-wide maximum tolerated clock skew for token verification (Go duration, use cautiously) | `1m` | + +> **Warning:** Increasing `unsafe.clock_skew` weakens token freshness guarantees. Only raise this value temporarily while you correct clock drift. + +## Services Configuration + +Root level key `services` + +### Key Access Server (KAS) + +Root level key `kas` + +Environment Variable: `OPENTDF_SERVICES_KAS_KEYRING='[{"kid":"k1","alg":"rsa:2048"},{"kid":"k2","alg":"ec:secp256r1"}]'` + +| Field | Description | Default | +| ------------------------ | ------------------------------------------------------------------------------- | -------- | +| `keyring.*.kid` | Which key id this is binding | | +| `keyring.*.alg` | (Optional) Associated algorithm. (Allows reusing KID with different algorithms) | | +| `keyring.*.legacy` | Indicates this may be used for TDFs with no key ID; default if all unspecified. | inferred | +| `preview.ec_tdf_enabled` | Whether tdf based ecc support is enabled. | `false` | +| `preview.key_management` | Whether new key management features are enabled. | `false` | +| `root_key` | Key needed when new key_management functionality is enabled. | | + +Example: + +```yaml +security: + unsafe: + # Increase only when diagnosing clock drift issues + # clock_skew: 90s + +services: + kas: + keyring: + - kid: e2 + alg: ec:secp256r1 + - kid: e1 + alg: ec:secp256r1 + legacy: true + - kid: r2f + alg: rsa:2048 + - kid: r1 + alg: rsa:2048 + legacy: true +``` + +### Authorization + +Root level key `authorization` + +> **Note:** Both Authorization v1 and v2 use the same configuration section, but some keys are version-specific. See below for details. + +#### Shared Keys (v1 & v2) + +| Field | Description | Default | Environment Variables | +| ------------------------------------------------- | ----------- | ------- | --------------------- | +| *(none currently; all keys are version-specific)* | | | | + +#### Authorization v1 Only + +| Field | Description | Default | Environment Variables | +| ------------ | ------------------------ | -------------------------------------- | ----------------------------------------- | +| `rego.path` | Path to rego policy file | Leverages embedded rego policy | OPENTDF_SERVICES_AUTHORIZATION_REGO_PATH | +| `rego.query` | Rego query to execute | `data.opentdf.entitlements.attributes` | OPENTDF_SERVICES_AUTHORIZATION_REGO_QUERY | + +#### Authorization v2 Only + +| Field | Description | Default | Environment Variables | +| ------------------------------------------- | -------------------------------------------------------------- | ------- | --------------------- | +| `entitlement_policy_cache.enabled` | Enable the entitlement policy cache | `false` | | +| `entitlement_policy_cache.refresh_interval` | How often to refresh the entitlement policy cache (e.g. `30s`) | | | + +#### Example: Authorization v1 + +```yaml +services: + authorization: + rego: + path: /path/to/policy.rego + query: data.opentdf.entitlements.attributes +``` + +#### Example: Authorization v2 + +```yaml +services: + authorization: + entitlement_policy_cache: + enabled: false + refresh_interval: 30s +``` + +### Entity Resolution + +Root level key `entityresolution` + +> **Note:** Both Entity Resolution v1 and v2 use the same configuration section. All configuration keys are shared between v1 and v2, except `cache_expiration`, which is only used in v2. + +#### Shared Keys (v1 & v2) + +| Field | Description | Default | Environment Variable | +| ----------------------- | ---------------------------------------------------------------------------------------------- | ---------- | ------------------------------------------------------- | +| `mode` | The mode in which to run ERS (`keycloak` or `claims`) | `keycloak` | OPENTDF_SERVICES_ENTITYRESOLUTION_MODE | +| `url` | Endpoint URL for the entity resolution service (specific to `keycloak` mode) | `""` | OPENTDF_SERVICES_ENTITYRESOLUTION_URL | +| `clientid` | Keycloak client ID for authentication (specific to `keycloak` mode) | `""` | OPENTDF_SERVICES_ENTITYRESOLUTION_CLIENTID | +| `clientsecret` | Keycloak client secret for authentication(specific to `keycloak` mode) | `""` | OPENTDF_SERVICES_ENTITYRESOLUTION_CLIENTSECRET | +| `realm` | Keycloak realm for authentication (specific to `keycloak` mode) | | OPENTDF_SERVICES_ENTITYRESOLUTION_REALM | +| `legacykeycloak` | Enables legacy Keycloak compatibility (`/auth` as base endpoint) (specific to `keycloak` mode) | `false` | OPENTDF_SERVICES_ENTITYRESOLUTION_LEGACYKEYCLOAK | +| `inferid.from.email` | Infer entity IDs from email addresses (specific to `keycloak` mode) | `false` | OPENTDF_SERVICES_ENTITYRESOLUTION_INFERID_FROM_EMAIL | +| `inferid.from.username` | Infer entity IDs from usernames (specific to `keycloak` mode) | `false` | OPENTDF_SERVICES_ENTITYRESOLUTION_INFERID_FROM_USERNAME | +| `inferid.from.clientid` | Infer entity IDs from client IDs (specific to `keycloak` mode) | `false` | OPENTDF_SERVICES_ENTITYRESOLUTION_INFERID_FROM_CLIENTID | + +#### Entity Resolution v1 Only + +| Field | Description | Default | Environment Variables | +| ------------------ | ----------- | ------- | --------------------- | +| *(none currently)* | | | | + +#### Entity Resolution v2 Only + +| Field | Description | Default | Environment Variable | +| ------------------ | ---------------------------------------------------------------------------------------------------------------------- | -------- | -------------------- | +| `cache_expiration` | Cache duration for entity resolution results (e.g., `30s`). Disabled if not set or zero. (specific to `keycloak` mode) | disabled | | + +#### Example: Entity Resolution v1 + +```yaml +services: + entityresolution: + url: http://localhost:8888/auth + clientid: "tdf-entity-resolution" + clientsecret: "secret" + realm: "opentdf" + legacykeycloak: true + inferid: + from: + email: true + username: true +``` + +#### Example: Entity Resolution v2 + +```yaml +services: + entityresolution: + url: http://localhost:8888/auth + clientid: "tdf-entity-resolution" + clientsecret: "secret" + realm: "opentdf" + legacykeycloak: true + inferid: + from: + email: true + username: true + cache_expiration: 30s +``` + + +### Policy + +Root level key `policy` + +| Field | Description | Default | Environment Variables | +| ---------------------------- | ------------------------------------------------------ | ------- | -------------------------------------------------- | +| `list_request_limit_default` | Policy List request limit default when not provided | 1000 | OPENTDF_SERVICES_POLICY_LIST_REQUEST_LIMIT_DEFAULT | +| `list_request_limit_max` | Policy List request limit maximum enforced by services | 2500 | OPENTDF_SERVICES_POLICY_LIST_REQUEST_LIMIT_MAX | + +Example: + +```yaml +services: + policy: + list_request_limit_default: 1000 + list_request_limit_max: 2500 +``` + +### Casbin Endpoint Authorization + +OpenTDF uses Casbin to manage authorization policies. This document provides an overview of how to configure and manage the default authorization policy in OpenTDF. + +#### Key Aspects of Authorization Configuration + +2. **Username Claim**: The claim in the OIDC token that should be used to extract a username. +3. **Group Claim**: The claim in the OIDC token that should be used to find the group claims. +4. **Map (Deprecated)**: Mapping between policy roles and IdP roles. +4. **Extension**: Policy that will extend the builtin policy +4. **CSV**: The authorization policy in CSV format. This will override the builtin policy. +5. **Model**: The Casbin policy model. This should only be set if you have a deep understanding of how casbin works. + +#### Configuration in opentdf-example.yaml + +Below is an example configuration snippet from +opentdf-example.yaml: + +```yaml +server: + auth: + enabled: true + enforceDPoP: false + # public_client_id: 'opentdf-public' # DEPRECATED + audience: 'http://localhost:8080' + issuer: http://keycloak:8888/auth/realms/opentdf + policy: + + ## Deprecated + ## Dot notation is used to access nested claims (i.e. realm_access.roles) + claim: "realm_access.roles" + + ## Dot notation is used to access the username claim + username_claim: "email" + + ## Dot notation is used to access the groups claim + group_claim: "realm_access.roles" + + # Dot notation is used to access the claim the represents the idP client ID + client_id_claim: # azp + + ## Deprecated: Use standard casbin policy groupings (g, , ) + ## Maps the external role to the OpenTDF role + ## Note: left side is used in the policy, right side is the external role + map: + standard: opentdf-standard + admin: opentdf-admin + + ## Policy that will extend the builtin policy. + extension: | + p, role:admin, *, *, allow + p, role:standard, policy:attributes, read, allow + p, role:standard, policy:subject-mappings, read, allow + g, opentdf-admin, role:admin + g, alice@opentdf.io, role:standard + + ## Custom policy (see examples https://github.com/casbin/casbin/tree/master/examples) + ## This will overwrite the builtin policy. Use with caution. + csv: | + p, role:admin, *, *, allow + p, role:standard, policy:attributes, read, allow + p, role:standard, policy:subject-mappings, read, allow + p, role:standard, policy:resource-mappings, read, allow + p, role:standard, policy:kas-registry, read, allow + p, role:unknown, entityresolution.EntityResolutionService.ResolveEntities, write, allow + p, role:unknown, kas.AccessService/Rewrap, *, allow + + ## Custom model (see https://casbin.org/docs/syntax-for-models/) + ## Avoid setting this unless you have a deep understanding of how casbin works. + model: | + [request_definition] + r = sub, res, act, obj + + [policy_definition] + p = sub, res, act, obj, eft + + [role_definition] + g = _, _ + + [policy_effect] + e = some(where (p.eft == allow)) && !some(where (p.eft == deny)) + + [matchers] + m = g(r.sub, p.sub) && globOrRegexMatch(r.res, p.res) && globOrRegexMatch(r.act, p.act) && globOrRegexMatch(r.obj, p.obj) +``` + +#### Role Permissions + +- **Admin**: Can perform all operations. +- **Standard User**: Can read. +- **Public Endpoints**: Accessible without specific roles. + +#### Managing Authorization Policy + +Admins can manage the authorization policy directly in the YAML configuration file. For detailed configuration options, refer to the [Casbin documentation](https://casbin.org/docs/en/syntax-for-models). + +## Cache Configuration + +The platform supports a cache manager to improve performance for frequently accessed data. You can configure the cache backend and its resource usage. + +Root level key `cache` + +| Field | Description | Default | +| -------------------- | -------------------------------------------- | ------- | +| `ristretto.max_cost` | Maximum cost for the cache (e.g. 100mb, 1gb) | `1gb` | + +Example: + +```yaml +cache: + ristretto: + max_cost: 1gb # Maximum cost (i.e. 1mb, 1gb) for the cache (default: 1gb) +``` diff --git a/docs/getting-started/docker-compose.yaml b/docs/getting-started/docker-compose.yaml new file mode 100644 index 00000000..39f505dc --- /dev/null +++ b/docs/getting-started/docker-compose.yaml @@ -0,0 +1,531 @@ +networks: + default: + name: opentdf_platform + +configs: + caddy_config: + content: | + { + log { + level INFO + output stdout + } + } + https://keycloak.opentdf.local:9443 { + tls internal + reverse_proxy keycloak:8888 + } + https://platform.opentdf.local:8443 { + tls internal + reverse_proxy { + to h2c://platform:8080 + transport http { + versions h2c 2 1.1 # Enable gRPC proxying + } + } + } + +services: + caddy: + image: caddy:2.8.4-alpine + command: ['caddy','run', '--config', '/etc/caddy/Caddyfile'] + configs: + - source: caddy_config + target: /etc/caddy/Caddyfile + ports: + - "8443:8443" + - "9443:9443" + - "2019:2019" + volumes: + - caddy_data:/data + depends_on: + ensure-permissions: + condition: service_completed_successfully + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:2019/metrics"] + interval: 5s + timeout: 5s + retries: 3 + restart: unless-stopped + + check-certs: + image: alpine:3.23 + volumes: + - type: volume + source: caddy_data + target: /etc/ssl/certs + volume: + subpath: caddy/certificates/local/keycloak.opentdf.local/ + command: + - sh + - -c + - | + echo "Checking certificates" + ls -alh /etc/ssl/certs + cat /etc/ssl/certs/keycloak.opentdf.local.crt + depends_on: + caddy: + condition: service_healthy + ensure-permissions: + condition: service_completed_successfully + restart: "no" + + ensure-permissions: + image: alpine:3.23 + command: + - 'sh' + - '-c' + - | + chmod -R 755 /data + volumes: + - caddy_data:/data + restart: "no" + + keycloak: + volumes: + - keys:/keys:ro + image: keycloak/keycloak:25.0 + restart: always + depends_on: + fix-keys-permissions: + condition: service_completed_successfully + command: + - "start-dev" + - "--verbose" + - "-Djavax.net.ssl.trustStorePassword=password" + - "-Djavax.net.ssl.HostnameVerifier=AllowAll" + - "-Djavax.net.ssl.trustStore=/keys/ca.jks" + - "--spi-truststore-file-hostname-verification-policy=ANY" + environment: + KC_PROXY: edge + KC_HTTP_RELATIVE_PATH: /auth + KC_HOSTNAME_STRICT: "false" + KC_HOSTNAME_STRICT_BACKCHANNEL: "false" + KC_HOSTNAME_STRICT_HTTPS: "false" + KC_HTTP_ENABLED: "true" + KC_HTTP_PORT: "8888" + KC_HTTPS_PORT: "8443" + KC_HTTP_MANAGEMENT_PORT: "9001" + KEYCLOAK_ADMIN: admin + KEYCLOAK_ADMIN_PASSWORD: changeme + #KC_HOSTNAME_URL: http://localhost:8888/auth + KC_FEATURES: "preview,token-exchange" + KC_HEALTH_ENABLED: "true" + KC_HTTPS_KEY_STORE_PASSWORD: "password" + KC_HTTPS_KEY_STORE_FILE: "/keys/ca.jks" + KC_HTTPS_CERTIFICATE_FILE: "/keys/localhost.crt" + KC_HTTPS_CERTIFICATE_KEY_FILE: "/keys/localhost.key" + KC_HTTPS_CLIENT_AUTH: "request" + ### + # The following environment variable resolves SIGILL with Code 134 when running Java processes on Apple M4 chips + # + # On Apple Silicon (M4 chip): + # export JAVA_OPTS_APPEND="-XX:UseSVE=0" + # docker-compose up + # + # On other architectures: + # export JAVA_OPTS_APPEND="" + # docker-compose up + # + # Or set directly: JAVA_OPTS_APPEND="-XX:UseSVE=0" docker-compose up + JAVA_OPTS_APPEND: "${JAVA_OPTS_APPEND:-}" + ### + # ports: + # - "${KC_EXPOSE_PORT:-8443}:8443" + # - "${KC_EXPOSE_PORT_HTTP:-8888}:8888" + # - "${KC_EXPOSE_PORT_MGMT:-9001}:9001" + healthcheck: + test: + - CMD-SHELL + - | + [ -f /tmp/HealthCheck.java ] || echo "public class HealthCheck { + public static void main(String[] args) throws java.lang.Throwable { + javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true); + javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance(\"SSL\"); + sc.init(null, new javax.net.ssl.TrustManager[]{ + new javax.net.ssl.X509TrustManager() { + public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } + public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {} + public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {} + } + }, new java.security.SecureRandom()); + javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); + java.net.HttpURLConnection conn = (java.net.HttpURLConnection)new java.net.URL(args[0]).openConnection(); + System.exit(java.net.HttpURLConnection.HTTP_OK == conn.getResponseCode() ? 0 : 1); + } + }" > /tmp/HealthCheck.java && java ${JAVA_OPTS_APPEND} /tmp/HealthCheck.java http://localhost:8888/auth 2>/dev/null + interval: 10s + timeout: 10s + retries: 10 + start_period: 3m + opentdfdb: + image: postgres:15-alpine + restart: always + user: postgres + environment: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: changeme + POSTGRES_DB: opentdf + healthcheck: + test: ["CMD-SHELL", "pg_isready"] + interval: 5s + timeout: 5s + retries: 10 + + jaeger: + image: jaegertracing/all-in-one:latest + environment: + COLLECTOR_OTLP_ENABLED: "true" + ports: + - "16686:16686" # Web UI + - "4317:4317" # OTLP gRPC + - "4318:4318" # OTLP HTTP + - "14250:14250" # Model/collector gRPC + profiles: + - tracing + restart: always + + # Provision Keycloak with initial configuration + platform-provision-keycloak: + image: registry.opentdf.io/platform:nightly + command: ["provision", "keycloak", "-e", "https://keycloak.opentdf.local:9443/auth", "-f", "/configs/keycloak_data.yaml"] + depends_on: + keycloak: + condition: service_healthy + opentdfdb: + condition: service_healthy + patch-platform-config: + condition: service_completed_successfully + download-keycloak-data: + condition: service_completed_successfully + generate-keys: + condition: service_completed_successfully + volumes: + - configs:/configs:ro + - keys:/keys:ro + environment: + - OPENTDF_CONFIG_FILE=/configs/opentdf.yaml + restart: "no" + extra_hosts: + - "keycloak.opentdf.local:host-gateway" + # Prepare fixtures directory structure - create symlink to expected location + prepare-fixtures: + image: alpine:3.23 + volumes: + - configs:/configs + depends_on: + download-fixtures: + condition: service_completed_successfully + command: + - sh + - -c + - | + mkdir -p /configs/service/internal/fixtures + cd /configs + ln -sf /configs/service/internal/fixtures ./service + restart: "no" + + # Add sample attributes and metadata + platform-provision-fixtures: + image: registry.opentdf.io/platform:nightly + command: ["provision", "fixtures", "--config-file", "/configs/opentdf.yaml"] + working_dir: /configs + depends_on: + platform-provision-keycloak: + condition: service_completed_successfully + opentdfdb: + condition: service_healthy + prepare-fixtures: + condition: service_completed_successfully + generate-keys: + condition: service_completed_successfully + volumes: + - configs:/configs:ro + - keys:/keys:ro + restart: "no" + + # Prepare CA certificates bundle with Caddy cert + prepare-ca-certs: + image: alpine:3.23 + volumes: + - type: volume + source: caddy_data + target: /caddy-certs + read_only: true + volume: + subpath: caddy/certificates/local/keycloak.opentdf.local + - platform_certs:/etc/ssl/certs + depends_on: + caddy: + condition: service_healthy + command: + - sh + - -c + - | + # Install ca-certificates package + apk add --no-cache ca-certificates + # Copy Caddy certificate to CA bundle + cp /caddy-certs/keycloak.opentdf.local.crt /usr/local/share/ca-certificates/ + update-ca-certificates + # Copy the updated CA bundle to shared volume + cp -r /etc/ssl/certs/* /etc/ssl/certs/ + echo "CA certificates prepared successfully" + restart: "no" + + # Main OpenTDF Platform server + platform: + image: registry.opentdf.io/platform:nightly + command: ["start", "--config-file", "/configs/opentdf.yaml"] + depends_on: + platform-provision-fixtures: + condition: service_completed_successfully + keycloak: + condition: service_healthy + opentdfdb: + condition: service_healthy + generate-keys: + condition: service_completed_successfully + prepare-ca-certs: + condition: service_completed_successfully + ports: + - "8080:8080" + volumes: + - configs:/configs:ro + - keys:/keys:ro + - platform_certs:/etc/ssl/certs:ro + extra_hosts: + - "keycloak.opentdf.local:host-gateway" + restart: unless-stopped + + # Initialize volume permissions + init-volumes: + image: alpine:3.23 + volumes: + - configs:/configs + - keys:/keys + command: + - sh + - -c + - | + chmod 777 /configs /keys + mkdir -p /configs/service/internal/fixtures + chmod -R 777 /configs + restart: "no" + + # Fix keys permissions after generation + fix-keys-permissions: + image: alpine:3.23 + volumes: + - keys:/keys + depends_on: + generate-keys: + condition: service_completed_successfully + command: + - sh + - -c + - | + chmod -R 755 /keys + chmod 644 /keys/* + restart: "no" + + # Download platform configuration file + download-platform-config: + image: alpine:3.23 + volumes: + - configs:/configs + depends_on: + init-volumes: + condition: service_completed_successfully + command: ['wget', '-O', '/configs/opentdf.yaml', 'https://raw.githubusercontent.com/opentdf/platform/main/opentdf-example.yaml'] + restart: "no" + + # Patch platform configuration to use keycloak.opentdf.local:9443 + patch-platform-config: + image: alpine:3.23 + volumes: + - configs:/configs + depends_on: + download-platform-config: + condition: service_completed_successfully + command: + - sh + - -c + - | + apk add --no-cache sed + sed -i 's|http://keycloak:8888|https://keycloak.opentdf.local:9443|g' /configs/opentdf.yaml + echo "Patched opentdf.yaml to use keycloak.opentdf.local:9443" + restart: "no" + + # Download Keycloak provisioning data + download-keycloak-data: + image: alpine:3.23 + volumes: + - configs:/configs + depends_on: + init-volumes: + condition: service_completed_successfully + entrypoint: /bin/sh + command: + - -c + - | + URL='https://raw.githubusercontent.com/opentdf/platform/main/service/cmd/keycloak_data.yaml' + OUTPUT='/configs/keycloak_data.yaml' + MAX_ATTEMPTS=3 + + for i in $$(seq 1 $$MAX_ATTEMPTS); do + echo "Attempt $$i of $$MAX_ATTEMPTS: Downloading keycloak_data.yaml..." + + if wget -O "$$OUTPUT" "$$URL"; then + echo "Download successful" + + # Validate the downloaded file + if [ -f "$$OUTPUT" ] && [ -s "$$OUTPUT" ]; then + if head -1 "$$OUTPUT" | grep -q -E '^(---|\w+:)'; then + echo "Validation passed: File exists, non-empty, and appears to be valid YAML" + exit 0 + else + echo "Validation failed: File does not appear to be valid YAML" + rm -f "$$OUTPUT" + fi + else + echo "Validation failed: File is missing or empty" + fi + else + echo "Download failed (attempt $$i)" + fi + + if [ $$i -lt $$MAX_ATTEMPTS ]; then + echo "Retrying in 2 seconds..." + sleep 2 + fi + done + + echo "ERROR: Failed to download and validate keycloak_data.yaml after $$MAX_ATTEMPTS attempts" + exit 1 + restart: "no" + + # Download fixtures data + download-fixtures: + image: alpine:3.23 + volumes: + - configs:/configs + depends_on: + init-volumes: + condition: service_completed_successfully + command: ['wget', '-O', '/configs/service/internal/fixtures/policy_fixtures.yaml', 'https://raw.githubusercontent.com/opentdf/platform/main/service/internal/fixtures/policy_fixtures.yaml'] + restart: "no" + + # Download init-temp-keys script + download-init-script: + image: alpine:3.23 + volumes: + - configs:/configs + depends_on: + init-volumes: + condition: service_completed_successfully + entrypoint: /bin/sh + command: + - -c + - | + URL='https://raw.githubusercontent.com/opentdf/platform/main/.github/scripts/init-temp-keys.sh' + OUTPUT='/configs/init-temp-keys.sh' + MAX_ATTEMPTS=3 + + for i in $$(seq 1 $$MAX_ATTEMPTS); do + echo "Attempt $$i of $$MAX_ATTEMPTS: Downloading init-temp-keys.sh..." + + if wget -O "$$OUTPUT" "$$URL"; then + echo "Download successful" + + # Validate the downloaded file + if [ -f "$$OUTPUT" ] && [ -s "$$OUTPUT" ]; then + if head -1 "$$OUTPUT" | grep -q '^#!/'; then + echo "Validation passed: File exists, non-empty, and appears to be a shell script" + exit 0 + else + echo "Validation failed: File does not appear to be a valid shell script" + rm -f "$$OUTPUT" + fi + else + echo "Validation failed: File is missing or empty" + fi + else + echo "Download failed (attempt $$i)" + fi + + if [ $$i -lt $$MAX_ATTEMPTS ]; then + echo "Retrying in 2 seconds..." + sleep 2 + fi + done + + echo "ERROR: Failed to download and validate init-temp-keys.sh after $$MAX_ATTEMPTS attempts" + exit 1 + restart: "no" + + # Generate keys without Docker dependency + generate-keys: + image: alpine:3.23 + volumes: + - configs:/configs + - keys:/keys + depends_on: + download-init-script: + condition: service_completed_successfully + init-volumes: + condition: service_completed_successfully + entrypoint: /bin/sh + command: + - -c + - | + apk add --no-cache openssl openjdk11-jre bash + cd /keys + + # Generate KAS RSA private key + openssl genpkey -algorithm RSA -out /keys/kas-private.pem -pkeyopt rsa_keygen_bits:2048 + openssl rsa -in /keys/kas-private.pem -pubout -out /keys/kas-cert.pem + + # Generate ECC Key + openssl ecparam -name prime256v1 > /tmp/ecparams.tmp + openssl req -x509 -nodes -newkey ec:/tmp/ecparams.tmp -subj "/CN=kas" -keyout /keys/kas-ec-private.pem -out /keys/kas-ec-cert.pem -days 365 + + # Generate CA + openssl req -x509 -nodes -newkey RSA:2048 -subj "/CN=ca" -keyout /keys/keycloak-ca-private.pem -out /keys/keycloak-ca.pem -days 365 + + # Generate localhost certificate + printf "subjectAltName=DNS:localhost,IP:127.0.0.1" > /tmp/sanX509.conf + printf "[req]\ndistinguished_name=req_distinguished_name\n[req_distinguished_name]\n[alt_names]\nDNS.1=localhost\nIP.1=127.0.0.1" > /tmp/req.conf + openssl req -new -nodes -newkey rsa:2048 -keyout /keys/localhost.key -out /tmp/localhost.req -batch -subj "/CN=localhost" -config /tmp/req.conf + openssl x509 -req -in /tmp/localhost.req -CA /keys/keycloak-ca.pem -CAkey /keys/keycloak-ca-private.pem -CAcreateserial -out /keys/localhost.crt -days 3650 -sha256 -extfile /tmp/sanX509.conf + + # Generate sample user certificate + openssl req -new -nodes -newkey rsa:2048 -keyout /keys/sampleuser.key -out /tmp/sampleuser.req -batch -subj "/CN=sampleuser" + openssl x509 -req -in /tmp/sampleuser.req -CA /keys/keycloak-ca.pem -CAkey /keys/keycloak-ca-private.pem -CAcreateserial -out /keys/sampleuser.crt -days 3650 + + # Convert to PKCS12 + openssl pkcs12 -export -in /keys/keycloak-ca.pem -inkey /keys/keycloak-ca-private.pem -out /keys/ca.p12 -nodes -passout pass:password + + # Convert PKCS12 to JKS using keytool (no Docker needed) + keytool -importkeystore \ + -srckeystore /keys/ca.p12 \ + -srcstoretype PKCS12 \ + -destkeystore /keys/ca.jks \ + -deststoretype JKS \ + -srcstorepass "password" \ + -deststorepass "password" \ + -noprompt + + echo "Keys generated successfully" + environment: + JAVA_OPTS_APPEND: "${JAVA_OPTS_APPEND:-}" + restart: "no" + +volumes: + keys: + name: opentdf_keys + configs: + name: opentdf_configs + caddy_data: + platform_certs: + name: opentdf_platform_certs + diff --git a/docs/how-to/_category_.json b/docs/how-to/_category_.json new file mode 100644 index 00000000..8fdca4a6 --- /dev/null +++ b/docs/how-to/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "How-to Guides", + "position": 3, + "link": { + "type": "generated-index", + "description": "Practical guides for specific problems and tasks. Find recipes for deployment, integration, troubleshooting, and common use cases." + }, + "collapsible": true, + "collapsed": true +} \ No newline at end of file diff --git a/docs/how-to/index.mdx b/docs/how-to/index.mdx new file mode 100644 index 00000000..c388cc1e --- /dev/null +++ b/docs/how-to/index.mdx @@ -0,0 +1,82 @@ +--- +sidebar_position: 1 +--- + +import Cards from "@site/src/components/Cards"; + +# How-to Guides + +Practical guides for specific tasks like deployment, integration, troubleshooting, and common use cases. These goal-oriented guides assume you understand the basic concepts and provide step-by-step instructions to solve real problems. + +## Integration Patterns + +Learn how to integrate OpenTDF with your existing systems. + + + +## SDK Integration + + + +## Additional Guides + +More how-to guides are available: + +### Getting Started + +- **[Your First TDF](../tutorials/your-first-tdf/)**: Step-by-step tutorial to set up OpenTDF and create your first protected data object + +### Code Samples + +- **[Code Samples Reference](../reference/code-samples/)**: Browse working examples in multiple languages for common operations + +### Coming Soon + +Additional how-to guides in development: + +- **Deployment**: Setting up OpenTDF in production environments (Kubernetes, Docker Swarm) +- **Advanced Configuration**: Performance tuning, high availability, multi-region setups +- **Troubleshooting**: Debugging authorization failures, performance issues, and common errors +- **Policy Management**: Best practices for designing and managing attribute hierarchies +- **Monitoring and Observability**: Setting up metrics, logging, and alerting + +## Need Different Information? + +- **Learning the concepts?** Start with our [explanation section](/explanation) +- **Following a tutorial?** Check our [step-by-step tutorials](/tutorials) +- **Looking for reference details?** Visit our [API documentation](/reference) \ No newline at end of file diff --git a/docs/how-to/integration-patterns/entity-service-integration.mdx b/docs/how-to/integration-patterns/entity-service-integration.mdx new file mode 100644 index 00000000..40e49d81 --- /dev/null +++ b/docs/how-to/integration-patterns/entity-service-integration.mdx @@ -0,0 +1,1162 @@ +# How to Integrate an External Entity Resolution Service + +## Overview + +The Entity Resolution (ER) service is responsible for resolving subject attributes at access time. This guide shows you how to connect your existing identity and directory services (LDAP, SCIM, databases, etc.) to OpenTDF for dynamic attribute resolution. + +## What is Entity Resolution? + +Entity Resolution answers the question: "What attributes does this subject have?" + +When a user requests access to protected data: + +1. **User authenticates** → receives JWT with identity claims +2. **User requests data** → presents JWT to PEP +3. **PEP calls KAS** → KAS calls Authorization Service +4. **Authorization Service calls ER** → "What attributes does user@example.com have?" +5. **ER resolves attributes** → queries LDAP/database/API and returns attributes +6. **Authorization Service evaluates** → compares user attributes to data attributes +7. **KAS grants or denies** → based on evaluation result + +Without ER, authorization can only use claims embedded in the JWT. ER enables dynamic attribute resolution from external authoritative sources. + +--- + +## Integration Patterns + +There are three main patterns for integrating entity resolution: + +### Pattern 1: Built-in ER Service with Custom Plugin + +**How it works**: Extend OpenTDF's built-in Entity Resolution service with a custom plugin that queries your identity source. + +**Best for**: +- Standard identity sources (LDAP, SCIM, databases) +- Organizations running OpenTDF on their infrastructure +- Need for caching and performance optimization +- Centralized attribute resolution logic + +### Pattern 2: External Resolution via API Callbacks + +**How it works**: Configure ER service to call your external API endpoint for attribute resolution. + +**Best for**: +- Custom attribute logic in external systems +- Microservices architecture +- Existing attribute resolution services +- Need for external policy enforcement + +### Pattern 3: Pre-Computed Attributes in Tokens + +**How it works**: Embed attributes directly in JWT claims at authentication time; ER reads from token. + +**Best for**: +- Simple attribute models +- Performance-critical scenarios (no external lookups) +- Trusted IdP with attribute capabilities +- Offline/disconnected scenarios + +--- + +## Pattern 1: Custom ER Plugin (Recommended) + +This is the recommended approach for most organizations. + +### Architecture + +```mermaid +graph LR + AuthZ[Authorization Service] + ER[Entity Resolution Service] + Plugin[Your Custom Plugin] + LDAP[LDAP/AD] + DB[Database] + API[External API] + + AuthZ -->|Resolve attributes| ER + ER -->|Load plugin| Plugin + Plugin -->|Query| LDAP + Plugin -->|Query| DB + Plugin -->|Query| API + Plugin -->|Return attributes| ER + ER -->|Attributes| AuthZ +``` + +### Step 1: Understand the ER Plugin Interface + +OpenTDF's ER service defines a plugin interface for custom attribute resolvers. + +#### Go Plugin Interface + +```go +package entityresolution + +import "context" + +// AttributeResolver is the interface for custom entity resolution plugins +type AttributeResolver interface { + // ResolveAttributes resolves attributes for a given subject + ResolveAttributes(ctx context.Context, req *ResolveRequest) (*ResolveResponse, error) + + // Health checks plugin health + Health(ctx context.Context) error +} + +// ResolveRequest contains subject information +type ResolveRequest struct { + Subject *Subject + EntityID string + SubjectClaims map[string]interface{} +} + +// ResolveResponse contains resolved attributes +type ResolveResponse struct { + Attributes []string // Attribute FQNs: "example.com/attr/department/value/engineering" +} + +// Subject contains subject identifier information +type Subject struct { + Email string + Username string + ID string +} +``` + +### Step 2: Implement Your Custom Resolver + +#### Example: LDAP Attribute Resolver + +```go +package main + +import ( + "context" + "fmt" + + "github.com/go-ldap/ldap/v3" + "github.com/opentdf/platform/service/entityresolution" +) + +type LDAPResolver struct { + ldapURL string + bindDN string + bindPassword string + baseDN string +} + +func NewLDAPResolver(url, bindDN, bindPassword, baseDN string) *LDAPResolver { + return &LDAPResolver{ + ldapURL: url, + bindDN: bindDN, + bindPassword: bindPassword, + baseDN: baseDN, + } +} + +func (r *LDAPResolver) ResolveAttributes(ctx context.Context, req *entityresolution.ResolveRequest) (*entityresolution.ResolveResponse, error) { + // Connect to LDAP + conn, err := ldap.DialURL(r.ldapURL) + if err != nil { + return nil, fmt.Errorf("failed to connect to LDAP: %w", err) + } + defer conn.Close() + + // Bind with service account + err = conn.Bind(r.bindDN, r.bindPassword) + if err != nil { + return nil, fmt.Errorf("LDAP bind failed: %w", err) + } + + // Search for user + searchRequest := ldap.NewSearchRequest( + r.baseDN, + ldap.ScopeWholeSubtree, + ldap.NeverDerefAliases, + 0, 0, false, + fmt.Sprintf("(mail=%s)", req.Subject.Email), + []string{"department", "title", "clearance", "employeeType"}, + nil, + ) + + result, err := conn.Search(searchRequest) + if err != nil { + return nil, fmt.Errorf("LDAP search failed: %w", err) + } + + if len(result.Entries) == 0 { + return &entityresolution.ResolveResponse{Attributes: []string{}}, nil + } + + entry := result.Entries[0] + + // Map LDAP attributes to OpenTDF attributes + attributes := r.mapLDAPAttributesToOpenTDF(entry) + + return &entityresolution.ResolveResponse{Attributes: attributes}, nil +} + +func (r *LDAPResolver) mapLDAPAttributesToOpenTDF(entry *ldap.Entry) []string { + var attributes []string + + // Map department + if dept := entry.GetAttributeValue("department"); dept != "" { + attributes = append(attributes, fmt.Sprintf("example.com/attr/department/value/%s", dept)) + } + + // Map clearance level + if clearance := entry.GetAttributeValue("clearance"); clearance != "" { + attributes = append(attributes, fmt.Sprintf("example.com/attr/clearance/value/%s", clearance)) + } + + // Map employee type + if empType := entry.GetAttributeValue("employeeType"); empType != "" { + attributes = append(attributes, fmt.Sprintf("example.com/attr/employee-type/value/%s", empType)) + } + + return attributes +} + +func (r *LDAPResolver) Health(ctx context.Context) error { + conn, err := ldap.DialURL(r.ldapURL) + if err != nil { + return err + } + defer conn.Close() + return conn.Bind(r.bindDN, r.bindPassword) +} +``` + +#### Example: Database Attribute Resolver + +```go +package main + +import ( + "context" + "database/sql" + "fmt" + + _ "github.com/lib/pq" + "github.com/opentdf/platform/service/entityresolution" +) + +type DatabaseResolver struct { + db *sql.DB +} + +func NewDatabaseResolver(connString string) (*DatabaseResolver, error) { + db, err := sql.Open("postgres", connString) + if err != nil { + return nil, err + } + + return &DatabaseResolver{db: db}, nil +} + +func (r *DatabaseResolver) ResolveAttributes(ctx context.Context, req *entityresolution.ResolveRequest) (*entityresolution.ResolveResponse, error) { + // Query user attributes from database + query := ` + SELECT a.namespace, a.name, av.value + FROM user_attributes ua + JOIN attributes a ON ua.attribute_id = a.id + JOIN attribute_values av ON ua.value_id = av.id + WHERE ua.user_email = $1 + ` + + rows, err := r.db.QueryContext(ctx, query, req.Subject.Email) + if err != nil { + return nil, fmt.Errorf("database query failed: %w", err) + } + defer rows.Close() + + var attributes []string + for rows.Next() { + var namespace, name, value string + if err := rows.Scan(&namespace, &name, &value); err != nil { + return nil, err + } + + // Build attribute FQN + attrFQN := fmt.Sprintf("%s/%s/value/%s", namespace, name, value) + attributes = append(attributes, attrFQN) + } + + return &entityresolution.ResolveResponse{Attributes: attributes}, nil +} + +func (r *DatabaseResolver) Health(ctx context.Context) error { + return r.db.PingContext(ctx) +} +``` + +#### Example: SCIM Attribute Resolver + +```go +package main + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + + "github.com/opentdf/platform/service/entityresolution" +) + +type SCIMResolver struct { + scimEndpoint string + accessToken string +} + +func NewSCIMResolver(endpoint, token string) *SCIMResolver { + return &SCIMResolver{ + scimEndpoint: endpoint, + accessToken: token, + } +} + +func (r *SCIMResolver) ResolveAttributes(ctx context.Context, req *entityresolution.ResolveRequest) (*entityresolution.ResolveResponse, error) { + // Query SCIM endpoint for user + url := fmt.Sprintf("%s/Users?filter=userName eq \"%s\"", r.scimEndpoint, req.Subject.Email) + + httpReq, err := http.NewRequestWithContext(ctx, "GET", url, nil) + if err != nil { + return nil, err + } + + httpReq.Header.Set("Authorization", "Bearer "+r.accessToken) + httpReq.Header.Set("Content-Type", "application/scim+json") + + client := &http.Client{} + resp, err := client.Do(httpReq) + if err != nil { + return nil, fmt.Errorf("SCIM request failed: %w", err) + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + return nil, fmt.Errorf("SCIM returned status %d", resp.StatusCode) + } + + // Parse SCIM response + var scimResp SCIMListResponse + if err := json.NewDecoder(resp.Body).Decode(&scimResp); err != nil { + return nil, err + } + + if len(scimResp.Resources) == 0 { + return &entityresolution.ResolveResponse{Attributes: []string{}}, nil + } + + user := scimResp.Resources[0] + + // Map SCIM attributes to OpenTDF + attributes := r.mapSCIMAttributesToOpenTDF(user) + + return &entityresolution.ResolveResponse{Attributes: attributes}, nil +} + +func (r *SCIMResolver) mapSCIMAttributesToOpenTDF(user SCIMUser) []string { + var attributes []string + + // Map department from organization + if user.Department != "" { + attributes = append(attributes, fmt.Sprintf("example.com/attr/department/value/%s", user.Department)) + } + + // Map roles + for _, role := range user.Roles { + attributes = append(attributes, fmt.Sprintf("example.com/attr/role/value/%s", role.Value)) + } + + // Map groups + for _, group := range user.Groups { + attributes = append(attributes, fmt.Sprintf("example.com/attr/group/value/%s", group.Value)) + } + + return attributes +} + +func (r *SCIMResolver) Health(ctx context.Context) error { + // Ping SCIM service provider config + req, err := http.NewRequestWithContext(ctx, "GET", r.scimEndpoint+"/ServiceProviderConfig", nil) + if err != nil { + return err + } + req.Header.Set("Authorization", "Bearer "+r.accessToken) + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return err + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + return fmt.Errorf("SCIM health check failed: %d", resp.StatusCode) + } + + return nil +} + +// SCIM schema types +type SCIMListResponse struct { + Resources []SCIMUser `json:"Resources"` +} + +type SCIMUser struct { + UserName string `json:"userName"` + Department string `json:"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department"` + Roles []SCIMValue `json:"roles"` + Groups []SCIMValue `json:"groups"` +} + +type SCIMValue struct { + Value string `json:"value"` +} +``` + +### Step 3: Configure ER Service + +Configure the Entity Resolution service to load your custom plugin. + +#### Configuration File (config.yaml) + +```yaml +entityresolution: + # Plugin configuration + plugin: + type: custom + path: /plugins/custom-resolver.so # Path to compiled plugin + config: + # LDAP example + ldap: + url: ldap://ldap.example.com:389 + bind_dn: cn=service,dc=example,dc=com + bind_password: ${LDAP_PASSWORD} + base_dn: ou=users,dc=example,dc=com + + # Or database example + database: + connection_string: postgresql://user:pass@db.example.com:5432/attributes + + # Or SCIM example + scim: + endpoint: https://scim.example.com/scim/v2 + access_token: ${SCIM_TOKEN} + + # Caching configuration + cache: + enabled: true + ttl: 300s # Cache for 5 minutes + max_size: 10000 + + # Attribute mapping (transform external attributes) + attribute_mappings: + - external: ldap.department + internal: example.com/attr/department + - external: ldap.clearance + internal: example.com/attr/clearance +``` + +### Step 4: Build and Deploy Plugin + +#### Build Plugin as Shared Library + +```bash +# Build Go plugin as shared library +go build -buildmode=plugin -o custom-resolver.so ./resolver.go + +# Copy to plugin directory +cp custom-resolver.so /opt/opentdf/plugins/ +``` + +#### Or: Compile into ER Service Binary + +Alternatively, compile your resolver directly into the ER service: + +```go +// In ER service main.go +package main + +import ( + "github.com/opentdf/platform/service/entityresolution" + "your-org/custom-resolver" +) + +func main() { + // Register custom resolver + resolver := customresolver.NewLDAPResolver( + config.LDAP.URL, + config.LDAP.BindDN, + config.LDAP.BindPassword, + config.LDAP.BaseDN, + ) + + // Start ER service with custom resolver + entityresolution.Run(resolver) +} +``` + +### Step 5: Test Resolution + +Test attribute resolution using the ER service API or CLI. + +#### Using otdfctl CLI + +```bash +# Resolve attributes for a user +otdfctl entity resolve --subject user@example.com + +# Output: +# Resolved attributes for user@example.com: +# - example.com/attr/department/value/engineering +# - example.com/attr/clearance/value/confidential +# - example.com/attr/employee-type/value/fulltime +``` + +#### Using API + +```bash +curl -X POST https://opentdf.example.com/api/entityresolution/resolve \ + -H "Content-Type: application/json" \ + -H "Authorization: Bearer $TOKEN" \ + -d '{ + "subject": { + "email": "user@example.com" + } + }' + +# Response: +# { +# "attributes": [ +# "example.com/attr/department/value/engineering", +# "example.com/attr/clearance/value/confidential" +# ] +# } +``` + +--- + +## Pattern 2: External Resolution via API Callback + +In this pattern, the ER service calls your external API endpoint to resolve attributes. + +### Architecture + +```mermaid +graph LR + AuthZ[Authorization Service] + ER[Entity Resolution Service] + YourAPI[Your API Endpoint] + Backend[Your Backend
LDAP/DB/etc] + + AuthZ -->|Resolve| ER + ER -->|HTTP POST| YourAPI + YourAPI -->|Query| Backend + YourAPI -->|Attributes| ER + ER -->|Attributes| AuthZ +``` + +### Step 1: Implement External API Endpoint + +Create an API endpoint that implements the ER resolution interface. + +#### API Contract + +**Request**: +```json +POST /api/resolve-attributes +Content-Type: application/json + +{ + "subject": { + "email": "user@example.com", + "username": "user", + "id": "user-id-123" + }, + "context": { + "ip_address": "192.168.1.1", + "timestamp": "2025-01-21T10:00:00Z" + } +} +``` + +**Response**: +```json +{ + "attributes": [ + "example.com/attr/department/value/engineering", + "example.com/attr/clearance/value/confidential" + ] +} +``` + +#### Example Implementation (Python/FastAPI) + +```python +from fastapi import FastAPI, HTTPException +from pydantic import BaseModel +import ldap + +app = FastAPI() + +class Subject(BaseModel): + email: str + username: str = None + id: str = None + +class ResolveRequest(BaseModel): + subject: Subject + context: dict = {} + +class ResolveResponse(BaseModel): + attributes: list[str] + +@app.post("/api/resolve-attributes", response_model=ResolveResponse) +async def resolve_attributes(request: ResolveRequest): + try: + # Query your backend (LDAP, database, etc.) + attributes = query_ldap_for_attributes(request.subject.email) + + return ResolveResponse(attributes=attributes) + except Exception as e: + raise HTTPException(status_code=500, detail=str(e)) + +def query_ldap_for_attributes(email: str) -> list[str]: + # Connect to LDAP + conn = ldap.initialize("ldap://ldap.example.com") + conn.simple_bind_s("cn=service,dc=example,dc=com", "password") + + # Search for user + result = conn.search_s( + "ou=users,dc=example,dc=com", + ldap.SCOPE_SUBTREE, + f"(mail={email})", + ["department", "clearance"] + ) + + if not result: + return [] + + entry = result[0][1] + + # Map LDAP attributes to OpenTDF + attributes = [] + + if b"department" in entry: + dept = entry[b"department"][0].decode() + attributes.append(f"example.com/attr/department/value/{dept}") + + if b"clearance" in entry: + clearance = entry[b"clearance"][0].decode() + attributes.append(f"example.com/attr/clearance/value/{clearance}") + + return attributes +``` + +### Step 2: Configure ER Service + +Configure the ER service to call your external API. + +```yaml +entityresolution: + external_resolver: + enabled: true + endpoint: https://your-api.example.com/api/resolve-attributes + auth: + type: bearer_token + token: ${API_TOKEN} + timeout: 5s + retry: + max_attempts: 3 + backoff: exponential + + cache: + enabled: true + ttl: 300s +``` + +### Step 3: Secure the Integration + +**Authentication Options**: + +1. **Bearer Token**: +```yaml +auth: + type: bearer_token + token: ${API_TOKEN} +``` + +2. **mTLS**: +```yaml +auth: + type: mtls + client_cert: /path/to/client-cert.pem + client_key: /path/to/client-key.pem + ca_cert: /path/to/ca-cert.pem +``` + +3. **HMAC Signature**: +```yaml +auth: + type: hmac + secret: ${HMAC_SECRET} +``` + +--- + +## Pattern 3: Pre-Computed Attributes in Tokens + +Embed attributes directly in JWT claims at authentication time. + +### Architecture + +```mermaid +sequenceDiagram + participant User + participant IdP as Identity Provider + participant App as Application + participant AuthZ as Authorization Service + participant ER as Entity Resolution + + Note over User,IdP: Authentication Phase + User->>IdP: 1. Login + IdP->>IdP: 2. Query user attributes
(from IdP's directory) + IdP->>IdP: 3. Embed attributes in JWT + IdP-->>User: 4. Return JWT with attributes + + Note over User,ER: Access Request Phase + User->>App: 5. Request access (JWT) + App->>AuthZ: 6. Authorize (JWT + resource) + AuthZ->>ER: 7. Resolve attributes + ER->>ER: 8. Extract from JWT claims
(no external lookup) + ER-->>AuthZ: 9. Return attributes + AuthZ-->>App: PERMIT/DENY +``` + +### Step 1: Configure IdP to Include Attributes + +Configure your identity provider to include attributes as custom claims. + +#### Example: Keycloak Mapper + +In Keycloak, create protocol mappers that add user attributes as JWT claims: + +1. Navigate to **Client → your-client → Mappers** +2. Create mapper: + - **Name**: Department Attribute + - **Mapper Type**: User Attribute + - **User Attribute**: department + - **Token Claim Name**: attributes.department + - **Claim JSON Type**: String + +Resulting JWT: +```json +{ + "sub": "user@example.com", + "email": "user@example.com", + "attributes": { + "department": "engineering", + "clearance": "confidential" + } +} +``` + +### Step 2: Configure ER to Read from Token + +```yaml +entityresolution: + token_claims: + enabled: true + claim_mappings: + - claim_path: attributes.department + attribute: example.com/attr/department/value/{value} + - claim_path: attributes.clearance + attribute: example.com/attr/clearance/value/{value} +``` + +### Advantages and Disadvantages + +**Advantages**: +- ✅ No external lookups (fast) +- ✅ Works offline +- ✅ Simple implementation + +**Disadvantages**: +- ❌ Attributes static until token refresh +- ❌ Token size increases +- ❌ Less flexible than dynamic resolution + +--- + +## Attribute Mapping and Transformation + +### Mapping External Attributes to OpenTDF Namespaces + +External attribute systems often use different naming conventions than OpenTDF. Use attribute mapping to translate. + +#### Configuration + +```yaml +entityresolution: + attribute_mappings: + # Map LDAP 'ou' to OpenTDF department + - external: ldap.ou + namespace: example.com/attr/department + transform: lowercase + + # Map custom claim 'security_clearance' to clearance attribute + - external: jwt.security_clearance + namespace: example.com/attr/clearance + transform: lowercase + + # Map Active Directory groups to roles + - external: ad.memberOf + namespace: example.com/attr/role + transform: extract_cn # Extract CN from DN +``` + +### Transformation Functions + +Common transformation functions: + +| Function | Description | Example | +|----------|-------------|---------| +| `lowercase` | Convert to lowercase | `Engineering` → `engineering` | +| `uppercase` | Convert to uppercase | `secret` → `SECRET` | +| `extract_cn` | Extract CN from LDAP DN | `CN=Admins,OU=Groups` → `admins` | +| `regex_replace` | Regex find/replace | `user@example.com` → `user` | +| `prefix` | Add prefix | `engineering` → `dept-engineering` | +| `suffix` | Add suffix | `user` → `user-external` | + +### Default Values + +Specify default attribute values if resolution fails or attribute is missing: + +```yaml +entityresolution: + attribute_mappings: + - external: ldap.clearance + namespace: example.com/attr/clearance + default: public # Default to 'public' if no clearance found +``` + +--- + +## Caching and Performance + +### Resolution Caching + +Cache attribute resolution results to reduce load on external systems. + +```yaml +entityresolution: + cache: + enabled: true + backend: redis # Options: memory, redis, memcached + ttl: 300s # Cache for 5 minutes + max_size: 10000 # Max cached entries + + redis: + address: redis.example.com:6379 + password: ${REDIS_PASSWORD} + db: 0 +``` + +### Cache Invalidation Strategies + +**Time-Based (TTL)**: +- Simplest approach +- Attributes expire after TTL +- Good for attributes that change infrequently + +**Event-Based**: +- Invalidate cache when attributes change +- Requires integration with identity system events +- Best for real-time accuracy + +**Hybrid**: +- TTL with manual invalidation API +- Balance performance and accuracy + +### Refresh Intervals + +Consider how frequently attributes change: + +| Attribute Type | Typical Change Frequency | Recommended TTL | +|----------------|-------------------------|-----------------| +| Department | Infrequent (weeks/months) | 1 hour - 1 day | +| Role | Occasional (days/weeks) | 5-30 minutes | +| Group Membership | Frequent (hours/days) | 1-10 minutes | +| Security Clearance | Rare (months/years) | 1 day - 1 week | +| Device Posture | Very frequent (minutes) | 30s - 5 minutes or no cache | + +### Fallback Behavior + +Define behavior when external resolution fails: + +```yaml +entityresolution: + fallback: + mode: cached # Options: cached, default, deny + default_attributes: + - example.com/attr/access/value/basic +``` + +**Modes**: +- `cached`: Use last cached value (may be stale) +- `default`: Use configured default attributes +- `deny`: Fail authorization (most secure) + +--- + +## Security Considerations + +### Credential Management + +**Never hardcode credentials**: + +```yaml +# Bad ❌ +ldap: + bind_password: "plaintext-password" + +# Good ✅ +ldap: + bind_password: ${LDAP_PASSWORD} # Environment variable +``` + +Use secrets management tools: +- HashiCorp Vault +- AWS Secrets Manager +- Azure Key Vault +- Kubernetes Secrets + +### TLS/mTLS Configuration + +Always use encrypted connections to external services: + +```yaml +entityresolution: + ldap: + url: ldaps://ldap.example.com:636 # LDAPS, not LDAP + tls: + ca_cert: /path/to/ca.pem + verify: true + + external_resolver: + endpoint: https://api.example.com # HTTPS, not HTTP + tls: + client_cert: /path/to/cert.pem + client_key: /path/to/key.pem +``` + +### Rate Limiting + +Protect external systems from abuse: + +```yaml +entityresolution: + rate_limiting: + enabled: true + max_requests_per_second: 100 + burst: 50 +``` + +### Audit Logging + +Log all resolution attempts for security monitoring: + +```yaml +entityresolution: + audit_log: + enabled: true + log_level: info + include_attributes: true # Be careful with sensitive attributes + destinations: + - type: file + path: /var/log/opentdf/er-audit.log + - type: syslog + endpoint: syslog.example.com:514 +``` + +--- + +## Provider-Specific Examples + +### Azure Active Directory (Azure AD) + +Use Microsoft Graph API to resolve attributes: + +```go +func (r *AzureADResolver) ResolveAttributes(ctx context.Context, req *entityresolution.ResolveRequest) (*entityresolution.ResolveResponse, error) { + // Get access token for Microsoft Graph + token, err := r.getGraphToken() + if err != nil { + return nil, err + } + + // Query Microsoft Graph for user + url := fmt.Sprintf("https://graph.microsoft.com/v1.0/users/%s?$select=department,jobTitle,companyName", req.Subject.Email) + + httpReq, _ := http.NewRequestWithContext(ctx, "GET", url, nil) + httpReq.Header.Set("Authorization", "Bearer "+token) + + resp, err := r.httpClient.Do(httpReq) + if err != nil { + return nil, err + } + defer resp.Body.Close() + + var user MicrosoftGraphUser + json.NewDecoder(resp.Body).Decode(&user) + + // Map to OpenTDF attributes + var attributes []string + if user.Department != "" { + attributes = append(attributes, fmt.Sprintf("example.com/attr/department/value/%s", user.Department)) + } + if user.JobTitle != "" { + attributes = append(attributes, fmt.Sprintf("example.com/attr/title/value/%s", user.JobTitle)) + } + + return &entityresolution.ResolveResponse{Attributes: attributes}, nil +} +``` + +### Okta + +Use Okta API to resolve groups and custom attributes: + +```python +def resolve_okta_attributes(email: str) -> list[str]: + # Find user by email + response = requests.get( + f"https://your-org.okta.com/api/v1/users/{email}", + headers={"Authorization": f"SSWS {okta_api_token}"} + ) + user = response.json() + + # Get user's groups + groups_response = requests.get( + f"https://your-org.okta.com/api/v1/users/{user['id']}/groups", + headers={"Authorization": f"SSWS {okta_api_token}"} + ) + groups = groups_response.json() + + # Map to OpenTDF attributes + attributes = [] + + # Add department from profile + if "department" in user["profile"]: + attributes.append(f"example.com/attr/department/value/{user['profile']['department']}") + + # Add groups + for group in groups: + attributes.append(f"example.com/attr/group/value/{group['profile']['name']}") + + return attributes +``` + +### Google Workspace + +Use Google Directory API: + +```go +func (r *GoogleWorkspaceResolver) ResolveAttributes(ctx context.Context, req *entityresolution.ResolveRequest) (*entityresolution.ResolveResponse, error) { + // Initialize Directory API client + srv, err := admin.NewService(ctx, option.WithCredentialsFile("credentials.json")) + if err != nil { + return nil, err + } + + // Get user + user, err := srv.Users.Get(req.Subject.Email).Do() + if err != nil { + return nil, err + } + + // Map to OpenTDF attributes + var attributes []string + + if user.OrgUnitPath != "" { + attributes = append(attributes, fmt.Sprintf("example.com/attr/org-unit/value/%s", user.OrgUnitPath)) + } + + if customSchemas, ok := user.CustomSchemas["EmployeeData"]; ok { + if dept, ok := customSchemas["department"].(string); ok { + attributes = append(attributes, fmt.Sprintf("example.com/attr/department/value/%s", dept)) + } + } + + return &entityresolution.ResolveResponse{Attributes: attributes}, nil +} +``` + +--- + +## Troubleshooting + +### Common Issues + +#### Connection Failures + +**Symptom**: ER service cannot connect to LDAP/API + +**Solutions**: +- Verify network connectivity (firewall rules, security groups) +- Check endpoint URLs and ports +- Verify TLS certificates +- Test connection with curl/ldapsearch + +#### Attribute Mapping Errors + +**Symptom**: Attributes not resolving correctly + +**Solutions**: +- Enable debug logging to see raw resolution results +- Verify attribute namespace format +- Check attribute value case sensitivity +- Validate attribute mapping configuration + +#### Performance Problems + +**Symptom**: Slow authorization decisions + +**Solutions**: +- Enable caching with appropriate TTL +- Optimize external queries (add indexes, reduce returned fields) +- Use connection pooling +- Consider pre-computed attributes in tokens + +#### Cache Staleness + +**Symptom**: Attributes not updating after changes + +**Solutions**: +- Reduce cache TTL +- Implement event-based cache invalidation +- Add manual cache refresh API +- Monitor attribute change frequency + +--- + +## Related Guides + +- **[Identity Provider Integration](./identity-provider-integration.mdx)**: Set up authentication +- **[Implementing a PEP](./implementing-a-pep.mdx)**: Enforce policies in applications +- **[ABAC and Policy](../../explanation/abac-and-policy/index.md)**: Understanding attributes + +## Reference + +- **[Entity Resolution API](../../reference/OpenAPI-clients/entityresolution/v2/entityresolution-v-2/)**: API documentation +- **[Platform Architecture](../../explanation/platform-architecture/index.md)**: Service interactions + +--- + +## Need Help? + +- [GitHub Discussions](https://github.com/opentdf/community/discussions) +- [Code Samples](../../reference/code-samples/index.mdx) +- [Slack Community](https://opentdf.io/slack) diff --git a/docs/how-to/integration-patterns/identity-provider-integration.mdx b/docs/how-to/integration-patterns/identity-provider-integration.mdx new file mode 100644 index 00000000..dca6c7ba --- /dev/null +++ b/docs/how-to/integration-patterns/identity-provider-integration.mdx @@ -0,0 +1,988 @@ +# How to Integrate with Identity Providers + +## Overview + +This guide shows you how to configure OpenTDF to authenticate users via external identity providers (IdPs) using OpenID Connect (OIDC), SAML 2.0, or OAuth 2.0. Integration with IdPs enables single sign-on (SSO) and provides user identity claims for attribute-based access control. + +## Why Integrate with an IdP? + +Identity provider integration enables: + +- **Single Sign-On (SSO)**: Users authenticate once across multiple applications +- **Centralized Identity Management**: Manage users in your existing directory +- **User Attributes**: Leverage existing user attributes (department, role, etc.) for ABAC +- **Security**: Leverage IdP security features (MFA, conditional access, etc.) +- **Compliance**: Meet requirements for enterprise authentication + +--- + +## Supported Protocols + +OpenTDF supports industry-standard authentication protocols: + +| Protocol | Recommended For | Status | +|----------|----------------|--------| +| **OpenID Connect (OIDC)** | Modern applications, cloud services | ✅ Recommended | +| **OAuth 2.0** | API access, machine-to-machine | ✅ Supported | +| **SAML 2.0** | Enterprise SSO, legacy systems | ✅ Supported | + +**Recommendation**: Use OIDC whenever possible. It's modern, well-supported, and easier to implement than SAML. + +--- + +## Architecture Overview + +```mermaid +sequenceDiagram + participant User + participant App as Application
(PEP) + participant IDP as Identity Provider
(Okta, Azure AD, etc.) + participant AuthZ as OpenTDF
Authorization Service + participant KAS as OpenTDF
Key Access Server + + User->>App: Access application + App->>IDP: Redirect to login + IDP->>User: Prompt for credentials + User->>IDP: Provide credentials + IDP->>IDP: Authenticate user + IDP->>App: Return JWT/SAML token + App->>App: Store token in session + User->>App: Request protected data + App->>KAS: Decrypt request + JWT + KAS->>AuthZ: Validate & authorize + AuthZ->>AuthZ: Validate JWT signature + AuthZ->>AuthZ: Extract claims + AuthZ->>AuthZ: Resolve attributes + AuthZ-->>KAS: PERMIT/DENY + KAS-->>App: Key (if authorized) + App-->>User: Protected data +``` + +--- + +## OIDC Integration (Recommended) + +OpenID Connect is the recommended authentication protocol for modern applications. + +### Prerequisites + +- ✅ Identity provider that supports OIDC (Okta, Auth0, Keycloak, Azure AD, Google, etc.) +- ✅ Administrative access to configure OIDC application +- ✅ OpenTDF Authorization Service running + +### Step 1: Register Application in IdP + +Create a new OIDC application in your identity provider. + +#### Generic OIDC Configuration + +**Application Type**: Web application (for server-side apps) or Single Page Application (for client-side apps) + +**Redirect URIs**: Configure allowed redirect URLs after authentication + +``` +https://your-app.example.com/auth/callback +https://opentdf.example.com/auth/callback +``` + +**Logout URIs**: Configure post-logout redirect URLs + +``` +https://your-app.example.com/logout +``` + +**Scopes**: Request these standard OIDC scopes + +``` +openid +profile +email +``` + +**Grant Types**: Select appropriate grant types + +- Authorization Code Flow (recommended for web apps) +- Client Credentials Flow (for machine-to-machine) + +**Collect Configuration**: +- Client ID: `your-client-id` +- Client Secret: `your-client-secret` +- Issuer URL: `https://your-idp.example.com` (also called "discovery endpoint" or "well-known URL") + +### Step 2: Configure OpenTDF Authorization Service + +Configure the Authorization Service to validate JWT tokens from your IdP. + +#### Configuration File (opentdf.yaml) + +```yaml +services: + authorization: + oidc: + enabled: true + issuer: https://your-idp.example.com + audience: your-client-id + jwks_uri: https://your-idp.example.com/.well-known/jwks.json # Usually auto-discovered + + # Token validation + validation: + clockskew: 60s # Allow 60s clock skew + algorithms: + - RS256 + - ES256 + + # Claim extraction + claims: + subject: sub # Claim containing user ID + email: email # Claim containing user email + name: name # Claim containing user name + groups: groups # Claim containing group membership + + # Attribute mapping (map claims to OpenTDF attributes) + attribute_mappings: + - claim: department + namespace: example.com/attr/department + value_claim: department + - claim: role + namespace: example.com/attr/role + value_claim: role +``` + +### Step 3: Configure Your Application (PEP) + +Integrate OIDC authentication in your application. + +#### Example: Spring Boot (Java) + +**1. Add Dependencies**: + +```xml + + org.springframework.boot + spring-boot-starter-oauth2-client + + + org.springframework.boot + spring-boot-starter-oauth2-resource-server + +``` + +**2. Configure application.yml**: + +```yaml +spring: + security: + oauth2: + client: + registration: + opentdf: + client-id: your-client-id + client-secret: ${OIDC_CLIENT_SECRET} + scope: + - openid + - profile + - email + authorization-grant-type: authorization_code + redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}" + + provider: + opentdf: + issuer-uri: https://your-idp.example.com + user-name-attribute: email + + resourceserver: + jwt: + issuer-uri: https://your-idp.example.com +``` + +**3. Security Configuration**: + +```java +@Configuration +@EnableWebSecurity +public class SecurityConfig { + + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http + .authorizeHttpRequests(authz -> authz + .requestMatchers("/public/**").permitAll() + .anyRequest().authenticated() + ) + .oauth2Login(oauth2 -> oauth2 + .defaultSuccessUrl("/dashboard", true) + ) + .oauth2ResourceServer(oauth2 -> oauth2 + .jwt(jwt -> jwt.jwtAuthenticationConverter(jwtAuthConverter())) + ); + + return http.build(); + } + + private JwtAuthenticationConverter jwtAuthConverter() { + JwtAuthenticationConverter converter = new JwtAuthenticationConverter(); + // Extract authorities/roles from JWT claims + JwtGrantedAuthoritiesConverter authoritiesConverter = new JwtGrantedAuthoritiesConverter(); + authoritiesConverter.setAuthoritiesClaimName("groups"); + authoritiesConverter.setAuthorityPrefix("ROLE_"); + converter.setJwtGrantedAuthoritiesConverter(authoritiesConverter); + return converter; + } +} +``` + +#### Example: Express (Node.js) + +**1. Install Passport.js**: + +```bash +npm install passport passport-openidconnect express-session +``` + +**2. Configure Passport**: + +```javascript +const passport = require('passport'); +const OpenIDConnectStrategy = require('passport-openidconnect').Strategy; + +passport.use('oidc', new OpenIDConnectStrategy({ + issuer: 'https://your-idp.example.com', + clientID: process.env.OIDC_CLIENT_ID, + clientSecret: process.env.OIDC_CLIENT_SECRET, + authorizationURL: 'https://your-idp.example.com/oauth2/authorize', + tokenURL: 'https://your-idp.example.com/oauth2/token', + userInfoURL: 'https://your-idp.example.com/oauth2/userinfo', + callbackURL: 'https://your-app.example.com/auth/callback', + scope: ['openid', 'profile', 'email'] + }, + (issuer, profile, done) => { + return done(null, profile); + } +)); + +// Routes +app.get('/login', passport.authenticate('oidc')); + +app.get('/auth/callback', + passport.authenticate('oidc', { failureRedirect: '/login' }), + (req, res) => { + res.redirect('/dashboard'); + } +); +``` + +#### Example: FastAPI (Python) + +**1. Install Authlib**: + +```bash +pip install authlib +``` + +**2. Configure OAuth**: + +```python +from authlib.integrations.starlette_client import OAuth +from starlette.middleware.sessions import SessionMiddleware + +app.add_middleware(SessionMiddleware, secret_key="your-secret-key") + +oauth = OAuth() +oauth.register( + name='oidc', + client_id=os.getenv('OIDC_CLIENT_ID'), + client_secret=os.getenv('OIDC_CLIENT_SECRET'), + server_metadata_url='https://your-idp.example.com/.well-known/openid-configuration', + client_kwargs={'scope': 'openid profile email'} +) + +@app.get('/login') +async def login(request: Request): + redirect_uri = request.url_for('auth_callback') + return await oauth.oidc.authorize_redirect(request, redirect_uri) + +@app.get('/auth/callback') +async def auth_callback(request: Request): + token = await oauth.oidc.authorize_access_token(request) + user = token['userinfo'] + request.session['user'] = dict(user) + return RedirectResponse(url='/dashboard') +``` + +### Step 4: Map Claims to Attributes + +Map OIDC claims to OpenTDF attributes for policy evaluation. + +#### In OpenTDF Configuration + +```yaml +services: + authorization: + oidc: + attribute_mappings: + # Map 'department' claim to department attribute + - claim: department + namespace: example.com/attr/department + value_claim: department + + # Map 'groups' claim to multiple group attributes + - claim: groups + namespace: example.com/attr/group + value_claim: groups + multi_value: true # Groups is an array + + # Map 'security_level' claim to clearance attribute + - claim: security_level + namespace: example.com/attr/clearance + value_claim: security_level +``` + +#### In Policy Service Subject Mappings + +Alternatively, use Subject Mappings to map claims to attributes: + +```bash +otdfctl policy subject-mappings create \ + --attribute-value example.com/attr/department/value/engineering \ + --subject-condition '{"claim": "department", "operator": "EQUALS", "value": "engineering"}' +``` + +### Step 5: Test Authentication Flow + +**1. Test Login**: + +Navigate to your application's login URL (e.g., `https://your-app.example.com/login`) + +- Should redirect to IdP login page +- Enter credentials +- Should redirect back to application +- Check that user is authenticated + +**2. Verify JWT Token**: + +```bash +# Decode JWT to inspect claims +echo "your-jwt-token" | base64 -d | jq . +``` + +Verify required claims are present: +- `iss` (issuer) +- `sub` (subject) +- `email` +- Custom claims (department, groups, etc.) + +**3. Test Authorization**: + +```bash +# Decrypt TDF with user's JWT token +curl -X POST https://opentdf.example.com/kas/v2/rewrap \ + -H "Authorization: Bearer $JWT_TOKEN" \ + -H "Content-Type: application/json" \ + -d @tdf-request.json +``` + +Should succeed if user has required attributes; fail otherwise. + +--- + +## Provider-Specific Guides + +### Keycloak + +Keycloak is a popular open-source identity and access management solution. + +#### Step 1: Create Realm and Client + +1. **Create Realm** (or use existing): + - Navigate to **Realm Settings** + - Note the realm name (e.g., `opentdf`) + +2. **Create Client**: + - Navigate to **Clients → Create** + - **Client ID**: `opentdf-client` + - **Client Protocol**: `openid-connect` + - **Access Type**: `confidential` + - **Valid Redirect URIs**: `https://your-app.example.com/auth/callback` + - **Save** + +3. **Get Client Secret**: + - Navigate to **Credentials** tab + - Copy **Secret** + +#### Step 2: Configure User Attributes + +1. Navigate to **Users → Select User → Attributes** +2. Add custom attributes: + - `department`: `engineering` + - `clearance`: `confidential` + +#### Step 3: Create Protocol Mappers + +Map user attributes to JWT claims: + +1. Navigate to **Clients → opentdf-client → Mappers → Create** + +**Department Mapper**: +- **Name**: Department +- **Mapper Type**: User Attribute +- **User Attribute**: `department` +- **Token Claim Name**: `department` +- **Claim JSON Type**: String +- **Add to ID token**: ON +- **Add to access token**: ON +- **Add to userinfo**: ON + +**Groups Mapper**: +- **Name**: Groups +- **Mapper Type**: Group Membership +- **Token Claim Name**: `groups` +- **Full group path**: OFF + +#### Step 4: OpenTDF Configuration + +```yaml +services: + authorization: + oidc: + enabled: true + issuer: https://keycloak.example.com/realms/opentdf + audience: opentdf-client + claims: + subject: sub + email: email + groups: groups + attribute_mappings: + - claim: department + namespace: example.com/attr/department + - claim: clearance + namespace: example.com/attr/clearance + - claim: groups + namespace: example.com/attr/group + multi_value: true +``` + +--- + +### Okta + +#### Step 1: Create Application + +1. Log in to Okta Admin Console +2. Navigate to **Applications → Create App Integration** +3. **Sign-in method**: OIDC +4. **Application type**: Web Application +5. **App integration name**: OpenTDF +6. **Grant type**: Authorization Code +7. **Sign-in redirect URIs**: `https://your-app.example.com/auth/callback` +8. **Assignments**: Select users/groups with access + +#### Step 2: Configure Custom Claims + +1. Navigate to **Security → API → Authorization Servers → default** +2. Go to **Claims** tab +3. **Add Claim**: + - **Name**: `department` + - **Include in token type**: Access Token, ID Token + - **Value type**: Expression + - **Value**: `user.department` + +Repeat for other custom attributes (clearance, etc.) + +#### Step 3: OpenTDF Configuration + +```yaml +services: + authorization: + oidc: + enabled: true + issuer: https://your-org.okta.com/oauth2/default + audience: your-okta-client-id + attribute_mappings: + - claim: department + namespace: example.com/attr/department + - claim: groups + namespace: example.com/attr/group + multi_value: true +``` + +--- + +### Azure AD / Microsoft Entra ID + +#### Step 1: Register Application + +1. Log in to Azure Portal +2. Navigate to **Azure Active Directory → App registrations → New registration** +3. **Name**: OpenTDF +4. **Supported account types**: Accounts in this organizational directory only +5. **Redirect URI**: Web - `https://your-app.example.com/auth/callback` +6. **Register** + +#### Step 2: Create Client Secret + +1. Navigate to **Certificates & secrets** +2. **New client secret** +3. Copy the secret value + +#### Step 3: Configure API Permissions + +1. Navigate to **API permissions → Add a permission** +2. Select **Microsoft Graph** +3. Select **Delegated permissions**: + - `User.Read` + - `openid` + - `profile` + - `email` +4. **Grant admin consent** + +#### Step 4: Configure Optional Claims + +1. Navigate to **Token configuration → Add optional claim** +2. **Token type**: ID, Access +3. Select claims: + - `email` + - `family_name` + - `given_name` + - `upn` + +For custom claims, use **App Roles** or **Enterprise Applications → Properties → Assign users and groups**. + +#### Step 5: OpenTDF Configuration + +```yaml +services: + authorization: + oidc: + enabled: true + issuer: https://login.microsoftonline.com/{tenant-id}/v2.0 + audience: your-application-id + claims: + subject: oid # Azure AD uses 'oid' as subject identifier + email: email + groups: groups # Requires group claims configuration + attribute_mappings: + - claim: department + namespace: example.com/attr/department +``` + +**Note**: For group claims, configure **Token configuration → Add groups claim**. + +--- + +### Google Workspace + +#### Step 1: Create OAuth 2.0 Client + +1. Go to [Google Cloud Console](https://console.cloud.google.com/) +2. Navigate to **APIs & Services → Credentials** +3. **Create Credentials → OAuth client ID** +4. **Application type**: Web application +5. **Authorized redirect URIs**: `https://your-app.example.com/auth/callback` +6. Copy **Client ID** and **Client Secret** + +#### Step 2: Configure OAuth Consent Screen + +1. Navigate to **OAuth consent screen** +2. Add scopes: + - `openid` + - `email` + - `profile` + +#### Step 3: OpenTDF Configuration + +```yaml +services: + authorization: + oidc: + enabled: true + issuer: https://accounts.google.com + audience: your-google-client-id.apps.googleusercontent.com + claims: + subject: sub + email: email + name: name +``` + +**Note**: Google Workspace does not include custom attributes in JWT. Use [Entity Resolution](./entity-service-integration.mdx) to query Google Directory API for user attributes. + +--- + +### AWS Cognito + +#### Step 1: Create User Pool + +1. Log in to AWS Console +2. Navigate to **Cognito → User Pools → Create user pool** +3. Configure sign-in options (email, username) +4. Configure MFA and password policies +5. **Create pool** + +#### Step 2: Create App Client + +1. Navigate to **App integration → App clients → Create app client** +2. **App client name**: OpenTDF +3. **Generate client secret**: Yes +4. **Authentication flows**: Authorization code grant +5. **Callback URLs**: `https://your-app.example.com/auth/callback` + +#### Step 3: Configure Custom Attributes + +1. Navigate to **User pool → Sign-up experience → Attributes** +2. Add custom attributes: + - `custom:department` + - `custom:clearance` + +#### Step 4: Configure Hosted UI (optional) + +1. Navigate to **App integration → Domain** +2. Create Cognito domain or custom domain + +#### Step 5: OpenTDF Configuration + +```yaml +services: + authorization: + oidc: + enabled: true + issuer: https://cognito-idp.{region}.amazonaws.com/{user-pool-id} + audience: your-cognito-client-id + claims: + subject: sub + email: email + groups: cognito:groups + attribute_mappings: + - claim: custom:department + namespace: example.com/attr/department +``` + +--- + +## SAML 2.0 Integration + +SAML is commonly used in enterprise environments for SSO. + +### Prerequisites + +- Identity provider that supports SAML 2.0 (Azure AD, Okta, OneLogin, etc.) +- X.509 certificate for signing SAML assertions + +### Step 1: Configure SAML in IdP + +**Service Provider (SP) Configuration**: + +- **Entity ID**: `https://opentdf.example.com/saml/metadata` +- **ACS URL** (Assertion Consumer Service): `https://opentdf.example.com/saml/acs` +- **Single Logout URL**: `https://opentdf.example.com/saml/slo` +- **Name ID Format**: Email or Persistent + +**Attribute Statements** (map IdP attributes to SAML attributes): + +| IdP Attribute | SAML Attribute Name | +|---------------|---------------------| +| email | `email` | +| firstName | `firstName` | +| lastName | `lastName` | +| department | `department` | +| groups | `groups` | + +### Step 2: Configure OpenTDF for SAML + +```yaml +services: + authorization: + saml: + enabled: true + entity_id: https://opentdf.example.com/saml/metadata + acs_url: https://opentdf.example.com/saml/acs + slo_url: https://opentdf.example.com/saml/slo + + # IdP metadata (either URL or file path) + idp_metadata_url: https://your-idp.example.com/saml/metadata + # OR + # idp_metadata_path: /etc/opentdf/idp-metadata.xml + + # Certificate for signing SAML requests + sp_certificate: /etc/opentdf/saml-cert.pem + sp_private_key: /etc/opentdf/saml-key.pem + + # Attribute mapping + attribute_mappings: + - saml_attribute: department + namespace: example.com/attr/department + - saml_attribute: groups + namespace: example.com/attr/group + multi_value: true +``` + +### Step 3: Test SAML Flow + +1. Navigate to SP-initiated SSO URL: `https://opentdf.example.com/saml/login` +2. Should redirect to IdP +3. Authenticate at IdP +4. Should redirect back to OpenTDF with SAML response +5. Verify user is authenticated and attributes are present + +--- + +## Advanced Topics + +### Multi-Tenancy + +Support multiple identity providers for different tenants. + +```yaml +services: + authorization: + oidc: + enabled: true + tenants: + - name: tenant1 + issuer: https://tenant1-idp.example.com + audience: tenant1-client-id + client_secret: ${TENANT1_SECRET} + + - name: tenant2 + issuer: https://tenant2-idp.example.com + audience: tenant2-client-id + client_secret: ${TENANT2_SECRET} + + tenant_resolver: + # Determine tenant from request (domain, header, etc.) + type: domain # Options: domain, header, path + claim: tenant_id # Claim in JWT identifying tenant +``` + +### Federation + +Federate multiple identity providers (e.g., allow users from Okta, Azure AD, Google). + +```yaml +services: + authorization: + oidc: + enabled: true + federation: + - name: okta + issuer: https://your-org.okta.com + audience: okta-client-id + + - name: azure + issuer: https://login.microsoftonline.com/{tenant}/v2.0 + audience: azure-client-id + + - name: google + issuer: https://accounts.google.com + audience: google-client-id.apps.googleusercontent.com +``` + +Users can choose which IdP to authenticate with at login. + +### Just-in-Time (JIT) Provisioning + +Automatically create user records when they first authenticate. + +```yaml +services: + authorization: + oidc: + jit_provisioning: + enabled: true + default_attributes: + - example.com/attr/access/value/basic # Grant basic access by default + sync_attributes: + - department + - role +``` + +### Group/Role Synchronization + +Sync groups from IdP to OpenTDF attributes on each login. + +```yaml +services: + authorization: + oidc: + group_sync: + enabled: true + claim: groups + mapping: + - idp_group: engineering + attributes: + - example.com/attr/department/value/engineering + - idp_group: admins + attributes: + - example.com/attr/role/value/admin +``` + +--- + +## Security Best Practices + +### Token Validation + +Always validate JWT tokens: + +```yaml +services: + authorization: + oidc: + validation: + verify_signature: true + verify_issuer: true + verify_audience: true + verify_expiration: true + clockskew: 60s # Allow 60s clock skew +``` + +### Token Storage + +**Never store tokens in**: +- ❌ Local storage (vulnerable to XSS) +- ❌ URL parameters +- ❌ Unencrypted cookies + +**Preferred storage**: +- ✅ HTTP-only, Secure cookies (for web apps) +- ✅ Secure backend session store +- ✅ Mobile secure storage (Keychain/KeyStore) + +### Refresh Token Handling + +Implement refresh token rotation: + +```yaml +services: + authorization: + oidc: + refresh_tokens: + enabled: true + rotation: true # Issue new refresh token on each refresh + reuse_interval: 5s # Allow brief reuse window + revoke_on_use: true # Revoke old token when used +``` + +### Session Management + +Configure appropriate session timeouts: + +```yaml +services: + authorization: + session: + idle_timeout: 30m # Logout after 30 minutes idle + absolute_timeout: 8h # Force re-authentication after 8 hours + sliding_expiration: true # Extend session on activity +``` + +### Logout Flows + +Implement proper logout: + +```python +@app.get('/logout') +async def logout(request: Request): + # Clear local session + request.session.clear() + + # Build IdP logout URL + idp_logout_url = f"{OIDC_ISSUER}/logout?post_logout_redirect_uri={APP_URL}" + + return RedirectResponse(url=idp_logout_url) +``` + +--- + +## Troubleshooting + +### Common OIDC Errors + +#### Invalid Redirect URI + +**Error**: `redirect_uri_mismatch` + +**Solution**: Ensure redirect URI in app config exactly matches registered URI in IdP (including protocol, domain, path). + +#### Invalid Token + +**Error**: `invalid_token` or `signature verification failed` + +**Solution**: +- Verify issuer URL is correct +- Check JWKS endpoint is accessible +- Ensure system clock is synchronized (NTP) +- Verify token hasn't expired + +#### Missing Claims + +**Error**: Required claim not present in token + +**Solution**: +- Check scope includes necessary scopes (e.g., `profile`, `email`) +- Configure custom claims/mappers in IdP +- Verify claim is included in token type (ID token vs access token) + +### Common SAML Errors + +#### Signature Verification Failed + +**Solution**: +- Verify IdP metadata is up-to-date +- Check certificate validity (not expired) +- Ensure clock synchronization + +#### Attribute Not Found + +**Solution**: +- Verify attribute statements are configured in IdP +- Check attribute name casing (case-sensitive) +- Enable SAML response logging to inspect raw assertions + +### Debugging Tips + +**Enable Debug Logging**: + +```yaml +logging: + level: + authorization: debug + oidc: debug + saml: debug +``` + +**Inspect JWT Tokens**: + +```bash +# Decode JWT +echo "your-jwt-token" | cut -d. -f2 | base64 -d | jq . +``` + +**Test OIDC Discovery**: + +```bash +# Fetch OIDC configuration +curl https://your-idp.example.com/.well-known/openid-configuration | jq . +``` + +**Validate SAML Assertions**: + +Use tools like [SAML Tracer](https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/) browser extension to inspect SAML requests/responses. + +--- + +## Related Guides + +- **[Entity Service Integration](./entity-service-integration.mdx)**: Resolve user attributes from directories +- **[Implementing a PEP](./implementing-a-pep.mdx)**: Enforce policies in applications +- **[ABAC and Policy](../../explanation/abac-and-policy/index.md)**: Understanding attributes + +## Reference + +- **[Authorization Service API](../../reference/OpenAPI-clients/authorization/v2/authorization-v-2/)**: API documentation +- **[Platform Architecture](../../explanation/platform-architecture/index.md)**: Service interactions + +--- + +## Need Help? + +- [GitHub Discussions](https://github.com/opentdf/community/discussions) +- [Slack Community](https://opentdf.io/slack) diff --git a/docs/how-to/integration-patterns/implementing-a-pep.mdx b/docs/how-to/integration-patterns/implementing-a-pep.mdx new file mode 100644 index 00000000..3ec11cdd --- /dev/null +++ b/docs/how-to/integration-patterns/implementing-a-pep.mdx @@ -0,0 +1,914 @@ +# How to Implement a Policy Enforcement Point (PEP) + +## Overview + +A Policy Enforcement Point (PEP) is the component in your application that enforces OpenTDF access policies by encrypting and decrypting data. This guide walks you through implementing a PEP using OpenTDF SDKs. + +## What is a PEP? + +In the OpenTDF architecture, the PEP is responsible for: + +1. **Encrypting data** with attribute-based policies when data is created or stored +2. **Intercepting access requests** when users try to access protected data +3. **Calling the Key Access Server (KAS)** to obtain authorization +4. **Decrypting data** if authorization is granted +5. **Enforcing denial** if authorization is denied + +The PEP acts as the gatekeeper between users and protected data. + +## Architecture Overview + +```mermaid +sequenceDiagram + participant User + participant PEP as Your Application
(PEP) + participant KAS as Key Access Server + participant AuthZ as Authorization Service + participant ER as Entity Resolution + + User->>PEP: Request access to data + PEP->>PEP: Extract user identity (JWT) + PEP->>KAS: Request key access (TDF + JWT) + KAS->>AuthZ: Authorize request + AuthZ->>ER: Resolve user attributes + ER-->>AuthZ: User attributes + AuthZ->>AuthZ: Evaluate policy + AuthZ-->>KAS: PERMIT/DENY + alt PERMIT + KAS-->>PEP: Wrapped key + PEP->>PEP: Decrypt data + PEP-->>User: Return data + else DENY + KAS-->>PEP: Access denied + PEP-->>User: 403 Forbidden + end +``` + +## Prerequisites + +Before implementing a PEP, ensure you have: + +- ✅ OpenTDF platform running (services: KAS, Policy, Authorization, Entity Resolution) +- ✅ Understanding of [ABAC concepts](../../explanation/abac-and-policy) +- ✅ SDK installed for your language (Java, Go, Python, or JavaScript) +- ✅ Authentication system (OIDC/JWT) for user identity +- ✅ Attributes and policies defined in Policy Service + +## PEP Responsibilities + +### 1. Intercept Access Requests + +Your PEP must intercept requests to access protected data. This could be: + +- HTTP API endpoint requests +- File system access operations +- Database query results +- Message queue consumers +- Any data access point in your application + +### 2. Extract Subject Context + +Extract the user's identity and context from the request: + +- **JWT tokens** from Authorization header +- **OIDC tokens** from authenticated session +- **User claims** (email, groups, roles) +- **Request metadata** (IP address, timestamp, device info) + +### 3. Call Key Access Server + +Use the OpenTDF SDK to request key access from KAS: + +- Send the TDF (encrypted data object) +- Include the user's authentication token +- Receive authorization decision and key material + +### 4. Enforce Authorization Decisions + +Based on the KAS response: + +- **If authorized**: Decrypt the data and return to user +- **If denied**: Return 403 Forbidden error +- **If error**: Handle gracefully (retry, fallback, alert) + +### 5. Handle Rewrap Requests + +For multi-user scenarios, handle key rewrapping: + +- User A encrypts data with attributes +- User B requests access +- KAS rewraps key for User B (if authorized) +- User B decrypts with their rewrapped key + +--- + +## Implementation Steps + +### Step 1: Install SDK + +Choose your language and install the OpenTDF SDK. + +#### Java + +```xml + + + io.opentdf + sdk + 0.5.0 + +``` + +```gradle +// Gradle build.gradle +implementation 'io.opentdf:sdk:0.5.0' +``` + +#### Go + +```bash +go get github.com/opentdf/platform/sdk +``` + +#### Python + +```bash +pip install opentdf-client +``` + +#### JavaScript/TypeScript + +```bash +npm install @opentdf/client +``` + +--- + +### Step 2: Configure SDK Client + +Initialize the OpenTDF client with your platform endpoints. + +#### Java + +```java +import io.opentdf.platform.sdk.Config; +import io.opentdf.platform.sdk.SDK; + +public class PEPExample { + private SDK sdk; + + public void initialize() { + Config config = Config.newBuilder() + .platformEndpoint("https://opentdf.example.com") + .clientId("your-client-id") + .clientSecret("your-client-secret") + .build(); + + sdk = new SDK(config); + } +} +``` + +#### Go + +```go +package main + +import ( + "github.com/opentdf/platform/sdk" +) + +func main() { + client, err := sdk.New( + sdk.WithPlatformEndpoint("https://opentdf.example.com"), + sdk.WithClientCredentials("your-client-id", "your-client-secret"), + ) + if err != nil { + panic(err) + } + defer client.Close() +} +``` + +#### Python + +```python +from opentdf import TDFClient + +client = TDFClient( + platform_endpoint="https://opentdf.example.com", + client_id="your-client-id", + client_secret="your-client-secret" +) +``` + +#### JavaScript + +```javascript +import { Client } from '@opentdf/client'; + +const client = new Client({ + platformEndpoint: 'https://opentdf.example.com', + clientId: 'your-client-id', + clientSecret: 'your-client-secret', +}); +``` + +--- + +### Step 3: Extract Subject Context + +Extract user identity from the incoming request. + +#### Java (Spring Boot example) + +```java +import org.springframework.security.core.Authentication; +import org.springframework.security.oauth2.jwt.Jwt; +import org.springframework.web.bind.annotation.*; + +@RestController +@RequestMapping("/api/documents") +public class DocumentController { + + @GetMapping("/{id}") + public ResponseEntity getDocument( + @PathVariable String id, + Authentication authentication) { + + // Extract JWT from authenticated user + Jwt jwt = (Jwt) authentication.getPrincipal(); + String userEmail = jwt.getClaimAsString("email"); + List groups = jwt.getClaimAsStringList("groups"); + + // Create subject context + SubjectContext subject = SubjectContext.builder() + .email(userEmail) + .groups(groups) + .jwt(jwt.getTokenValue()) + .build(); + + // Proceed to decrypt... + } +} +``` + +#### Go (Gin framework example) + +```go +func getDocument(c *gin.Context) { + // Extract JWT from Authorization header + authHeader := c.GetHeader("Authorization") + token := strings.TrimPrefix(authHeader, "Bearer ") + + // Parse JWT claims (use jwt library) + claims, err := parseJWT(token) + if err != nil { + c.JSON(401, gin.H{"error": "Invalid token"}) + return + } + + email := claims["email"].(string) + groups := claims["groups"].([]interface{}) + + // Proceed to decrypt... +} +``` + +#### Python (FastAPI example) + +```python +from fastapi import FastAPI, Depends, HTTPException +from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials + +app = FastAPI() +security = HTTPBearer() + +@app.get("/api/documents/{document_id}") +async def get_document( + document_id: str, + credentials: HTTPAuthorizationCredentials = Depends(security) +): + # Extract JWT token + token = credentials.credentials + + # Parse JWT claims + claims = parse_jwt(token) + user_email = claims.get("email") + user_groups = claims.get("groups", []) + + # Proceed to decrypt... +``` + +--- + +### Step 4: Handle Encryption Requests + +When creating or storing new data, encrypt it with appropriate attributes. + +#### Java + +```java +public String encryptDocument(byte[] data, List attributeValues, Authentication auth) { + try { + // Extract JWT for authorization + Jwt jwt = (Jwt) auth.getPrincipal(); + + // Create TDF with attributes + TDFConfig tdfConfig = TDFConfig.builder() + .attributes(attributeValues) // e.g., ["example.com/attr/department/value/engineering"] + .build(); + + // Encrypt data + TDF tdf = sdk.createTDF(data, tdfConfig, jwt.getTokenValue()); + + // Store TDF (returns TDF file path or bytes) + String tdfId = storeTDF(tdf); + + return tdfId; + } catch (UnauthorizedException e) { + throw new ForbiddenException("Not authorized to encrypt with these attributes"); + } catch (Exception e) { + throw new InternalServerErrorException("Encryption failed", e); + } +} +``` + +#### Go + +```go +func encryptDocument(data []byte, attributes []string, token string) (string, error) { + // Create TDF with attributes + tdf, err := client.CreateTDF( + sdk.WithData(data), + sdk.WithAttributes(attributes), + sdk.WithAuthorization(token), + ) + if err != nil { + return "", fmt.Errorf("encryption failed: %w", err) + } + + // Store TDF + tdfID, err := storeTDF(tdf) + if err != nil { + return "", fmt.Errorf("storage failed: %w", err) + } + + return tdfID, nil +} +``` + +#### Python + +```python +def encrypt_document(data: bytes, attributes: list[str], token: str) -> str: + try: + # Create TDF with attributes + tdf = client.encrypt( + plaintext=data, + attributes=attributes, + authorization=token + ) + + # Store TDF + tdf_id = store_tdf(tdf) + + return tdf_id + except UnauthorizedException: + raise HTTPException(status_code=403, detail="Not authorized to encrypt with these attributes") + except Exception as e: + raise HTTPException(status_code=500, detail=f"Encryption failed: {str(e)}") +``` + +--- + +### Step 5: Handle Decrypt/Access Requests + +When a user requests access to protected data, decrypt it if authorized. + +#### Java + +```java +public byte[] decryptDocument(String tdfId, Authentication auth) { + try { + // Retrieve TDF from storage + TDF tdf = retrieveTDF(tdfId); + + // Extract JWT + Jwt jwt = (Jwt) auth.getPrincipal(); + + // Decrypt TDF (SDK handles KAS authorization internally) + byte[] plaintext = sdk.decrypt(tdf, jwt.getTokenValue()); + + return plaintext; + } catch (UnauthorizedException e) { + throw new ForbiddenException("Access denied: insufficient attributes"); + } catch (NotFoundException e) { + throw new NotFoundException("Document not found"); + } catch (Exception e) { + throw new InternalServerErrorException("Decryption failed", e); + } +} +``` + +#### Go + +```go +func decryptDocument(tdfID string, token string) ([]byte, error) { + // Retrieve TDF from storage + tdf, err := retrieveTDF(tdfID) + if err != nil { + return nil, fmt.Errorf("TDF not found: %w", err) + } + + // Decrypt TDF (SDK calls KAS internally) + plaintext, err := client.Decrypt(tdf, sdk.WithAuthorization(token)) + if err != nil { + if errors.Is(err, sdk.ErrUnauthorized) { + return nil, fmt.Errorf("access denied: %w", err) + } + return nil, fmt.Errorf("decryption failed: %w", err) + } + + return plaintext, nil +} +``` + +#### Python + +```python +def decrypt_document(tdf_id: str, token: str) -> bytes: + try: + # Retrieve TDF from storage + tdf = retrieve_tdf(tdf_id) + + # Decrypt TDF + plaintext = client.decrypt(tdf, authorization=token) + + return plaintext + except UnauthorizedException: + raise HTTPException(status_code=403, detail="Access denied: insufficient attributes") + except NotFoundException: + raise HTTPException(status_code=404, detail="Document not found") + except Exception as e: + raise HTTPException(status_code=500, detail=f"Decryption failed: {str(e)}") +``` + +--- + +### Step 6: Error Handling + +Handle various error scenarios gracefully. + +#### Common Error Types + +| Error | HTTP Status | Meaning | Action | +|-------|-------------|---------|--------| +| `UnauthorizedException` | 403 Forbidden | User lacks required attributes | Deny access, log event | +| `AuthenticationException` | 401 Unauthorized | Invalid or expired token | Prompt re-authentication | +| `NotFoundException` | 404 Not Found | TDF does not exist | Return not found error | +| `NetworkException` | 503 Service Unavailable | KAS unreachable | Retry with backoff, alert ops | +| `DecryptionException` | 500 Internal Server Error | Crypto failure | Log error, alert ops | + +#### Java Error Handling + +```java +public byte[] decryptDocument(String tdfId, Authentication auth) { + try { + TDF tdf = retrieveTDF(tdfId); + Jwt jwt = (Jwt) auth.getPrincipal(); + return sdk.decrypt(tdf, jwt.getTokenValue()); + + } catch (UnauthorizedException e) { + logger.warn("Access denied for user {} to TDF {}: {}", + auth.getName(), tdfId, e.getMessage()); + throw new ForbiddenException("Access denied: " + e.getMessage()); + + } catch (AuthenticationException e) { + logger.warn("Authentication failed for user {}: {}", auth.getName(), e.getMessage()); + throw new UnauthorizedException("Invalid or expired token"); + + } catch (NetworkException e) { + logger.error("Failed to reach KAS: {}", e.getMessage()); + throw new ServiceUnavailableException("Authorization service unavailable, please try again"); + + } catch (Exception e) { + logger.error("Decryption failed for TDF {}: {}", tdfId, e.getMessage(), e); + throw new InternalServerErrorException("Decryption failed"); + } +} +``` + +#### Go Error Handling + +```go +func decryptDocument(tdfID string, token string) ([]byte, error) { + tdf, err := retrieveTDF(tdfID) + if err != nil { + return nil, &NotFoundError{Message: "Document not found"} + } + + plaintext, err := client.Decrypt(tdf, sdk.WithAuthorization(token)) + if err != nil { + switch { + case errors.Is(err, sdk.ErrUnauthorized): + log.Warnf("Access denied to TDF %s: %v", tdfID, err) + return nil, &ForbiddenError{Message: "Access denied"} + + case errors.Is(err, sdk.ErrAuthentication): + log.Warnf("Authentication failed: %v", err) + return nil, &UnauthorizedError{Message: "Invalid or expired token"} + + case errors.Is(err, sdk.ErrNetwork): + log.Errorf("KAS unreachable: %v", err) + return nil, &ServiceUnavailableError{Message: "Authorization service unavailable"} + + default: + log.Errorf("Decryption failed for TDF %s: %v", tdfID, err) + return nil, &InternalError{Message: "Decryption failed"} + } + } + + return plaintext, nil +} +``` + +--- + +### Step 7: Performance Optimization + +#### Caching Strategies + +**1. Token Caching**: Cache JWT parsing results + +```java +// Cache parsed JWTs to avoid repeated parsing +@Cacheable("jwtCache") +public SubjectContext parseJWT(String token) { + // Parse JWT claims + return subjectContext; +} +``` + +**2. TDF Metadata Caching**: Cache TDF metadata (attributes, policies) separately from content + +```java +// Cache TDF metadata +@Cacheable(value = "tdfMetadataCache", key = "#tdfId") +public TDFMetadata getTDFMetadata(String tdfId) { + TDF tdf = retrieveTDF(tdfId); + return tdf.getMetadata(); +} +``` + +**3. Attribute Resolution Caching**: Entity resolution results may be cached by ER service + +No action needed in PEP; configure caching in Entity Resolution service. + +#### Connection Pooling + +Reuse SDK client instances; do not create new clients per request. + +```java +// Good: Single SDK instance (e.g., Spring Bean) +@Bean +public SDK opentdfSDK() { + return new SDK(config); +} + +// Bad: New SDK per request +public byte[] decrypt(String tdfId) { + SDK sdk = new SDK(config); // ❌ Don't do this! + return sdk.decrypt(...); +} +``` + +#### Async Operations + +For high-throughput scenarios, use async/non-blocking operations. + +```java +// Java with CompletableFuture +public CompletableFuture decryptAsync(String tdfId, String token) { + return CompletableFuture.supplyAsync(() -> { + TDF tdf = retrieveTDF(tdfId); + return sdk.decrypt(tdf, token); + }); +} +``` + +```go +// Go with goroutines +func decryptAsync(tdfID string, token string) <-chan Result { + resultChan := make(chan Result) + go func() { + plaintext, err := decryptDocument(tdfID, token) + resultChan <- Result{Data: plaintext, Error: err} + }() + return resultChan +} +``` + +--- + +## Complete Working Example + +Here's a complete PEP implementation in a REST API. + +### Java (Spring Boot) + +```java +package com.example.pep; + +import io.opentdf.platform.sdk.*; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.*; +import org.springframework.security.core.Authentication; +import org.springframework.security.oauth2.jwt.Jwt; +import org.springframework.web.bind.annotation.*; + +import java.util.List; + +@RestController +@RequestMapping("/api/documents") +public class DocumentController { + + @Autowired + private SDK sdk; + + @Autowired + private DocumentStorage storage; + + /** + * Encrypt and store a new document + */ + @PostMapping + public ResponseEntity createDocument( + @RequestBody CreateDocumentRequest request, + Authentication auth) { + + Jwt jwt = (Jwt) auth.getPrincipal(); + + try { + // Encrypt with attributes + TDFConfig config = TDFConfig.builder() + .attributes(request.getAttributes()) + .build(); + + TDF tdf = sdk.createTDF( + request.getData().getBytes(), + config, + jwt.getTokenValue() + ); + + // Store TDF + String documentId = storage.save(tdf); + + return ResponseEntity.ok(new DocumentResponse(documentId)); + + } catch (UnauthorizedException e) { + return ResponseEntity.status(HttpStatus.FORBIDDEN).build(); + } catch (Exception e) { + return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build(); + } + } + + /** + * Decrypt and retrieve a document + */ + @GetMapping("/{id}") + public ResponseEntity getDocument( + @PathVariable String id, + Authentication auth) { + + Jwt jwt = (Jwt) auth.getPrincipal(); + + try { + // Retrieve TDF + TDF tdf = storage.retrieve(id); + + // Decrypt (authorization happens here) + byte[] plaintext = sdk.decrypt(tdf, jwt.getTokenValue()); + + HttpHeaders headers = new HttpHeaders(); + headers.setContentType(MediaType.APPLICATION_OCTET_STREAM); + + return ResponseEntity.ok() + .headers(headers) + .body(plaintext); + + } catch (UnauthorizedException e) { + return ResponseEntity.status(HttpStatus.FORBIDDEN).build(); + } catch (NotFoundException e) { + return ResponseEntity.status(HttpStatus.NOT_FOUND).build(); + } catch (Exception e) { + return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build(); + } + } +} + +// Request/Response DTOs +record CreateDocumentRequest(String data, List attributes) {} +record DocumentResponse(String id) {} +``` + +--- + +## Testing Your PEP + +### Unit Testing + +Test PEP logic in isolation by mocking SDK calls. + +```java +@Test +public void testDecryptAuthorized() { + // Mock SDK + SDK mockSDK = mock(SDK.class); + when(mockSDK.decrypt(any(), any())).thenReturn("plaintext".getBytes()); + + // Test decrypt + byte[] result = controller.decryptDocument("tdf-123", mockAuth); + + assertNotNull(result); + assertEquals("plaintext", new String(result)); +} + +@Test +public void testDecryptUnauthorized() { + SDK mockSDK = mock(SDK.class); + when(mockSDK.decrypt(any(), any())).thenThrow(new UnauthorizedException()); + + assertThrows(ForbiddenException.class, () -> { + controller.decryptDocument("tdf-123", mockAuth); + }); +} +``` + +### Integration Testing + +Test end-to-end with real OpenTDF services. + +```java +@SpringBootTest +@AutoConfigureMockMvc +public class PEPIntegrationTest { + + @Autowired + private MockMvc mockMvc; + + @Test + public void testCreateAndRetrieveDocument() throws Exception { + // Create document + String createRequest = """ + { + "data": "Sensitive document", + "attributes": ["example.com/attr/department/value/engineering"] + } + """; + + String documentId = mockMvc.perform(post("/api/documents") + .contentType(MediaType.APPLICATION_JSON) + .content(createRequest) + .header("Authorization", "Bearer " + getEngineeringUserToken())) + .andExpect(status().isOk()) + .andReturn() + .getResponse() + .getContentAsString(); + + // Retrieve as authorized user + mockMvc.perform(get("/api/documents/" + documentId) + .header("Authorization", "Bearer " + getEngineeringUserToken())) + .andExpect(status().isOk()) + .andExpect(content().bytes("Sensitive document".getBytes())); + + // Retrieve as unauthorized user + mockMvc.perform(get("/api/documents/" + documentId) + .header("Authorization", "Bearer " + getSalesUserToken())) + .andExpect(status().isForbidden()); + } +} +``` + +### Load Testing + +Test PEP performance under load using tools like JMeter, Gatling, or k6. + +```javascript +// k6 load test script +import http from 'k6/http'; +import { check } from 'k6'; + +export let options = { + stages: [ + { duration: '1m', target: 50 }, // Ramp up to 50 users + { duration: '3m', target: 50 }, // Stay at 50 users + { duration: '1m', target: 0 }, // Ramp down + ], +}; + +export default function() { + let response = http.get('https://api.example.com/api/documents/test-doc', { + headers: { 'Authorization': `Bearer ${__ENV.TOKEN}` }, + }); + + check(response, { + 'status is 200': (r) => r.status === 200, + 'response time < 500ms': (r) => r.timings.duration < 500, + }); +} +``` + +--- + +## Production Considerations + +### Monitoring and Logging + +**Log Key Events**: +- Authorization denials (for security monitoring) +- Decryption failures (for operational alerts) +- KAS connectivity issues + +**Metrics to Track**: +- Request latency (encrypt/decrypt operations) +- Authorization denial rate +- Error rates by type +- TDF size distribution + +```java +// Example logging +logger.info("TDF created: tdfId={}, attributes={}, user={}", + tdfId, attributes, user); + +logger.warn("Access denied: tdfId={}, user={}, reason={}", + tdfId, user, reason); + +logger.error("KAS unavailable: endpoint={}, error={}", + kasEndpoint, error); +``` + +### High Availability + +**SDK Resilience**: +- Configure retry policies for transient KAS failures +- Set appropriate timeouts +- Implement circuit breakers for cascading failure protection + +```java +Config config = Config.newBuilder() + .platformEndpoint("https://opentdf.example.com") + .retryPolicy(RetryPolicy.exponentialBackoff(3, 1000)) // 3 retries, 1s initial delay + .timeout(Duration.ofSeconds(10)) + .build(); +``` + +**Multi-Region KAS**: +- Deploy KAS in multiple regions +- Use load balancers or DNS-based failover +- Consider geographic proximity for performance + +### Security Hardening + +**1. Protect JWT Tokens**: +- Use HTTPS for all communications +- Validate JWT signatures +- Check token expiration +- Implement token refresh flows + +**2. Secure TDF Storage**: +- Even though TDFs are encrypted, protect storage from unauthorized deletion/modification +- Use access controls on storage backend +- Enable versioning and backup + +**3. Audit Logging**: +- Log all access attempts (granted and denied) +- Forward logs to SIEM for security monitoring +- Retain logs per compliance requirements + +**4. Rate Limiting**: +- Protect against denial-of-service +- Implement per-user rate limits +- Throttle excessive authorization failures + +--- + +## Related Guides + +- **[Entity Service Integration](./entity-service-integration.mdx)**: Connect attribute sources +- **[Identity Provider Integration](./identity-provider-integration.mdx)**: Set up authentication +- **[ABAC and Policy](../../explanation/abac-and-policy)**: Understand policy model + +## Reference Documentation + +- **[Key Access Server API](../../reference/OpenAPI-clients/kas/kas)**: KAS endpoints +- **[SDK Recipes](../sdk-recipes)**: Common patterns and SDK examples +- **[Platform Architecture](../../explanation/platform-architecture)**: Service interactions + +--- + +## Need Help? + +- [GitHub Discussions](https://github.com/opentdf/community/discussions): Ask implementation questions +- [Code Samples](../../reference/code-samples/index.mdx): More example implementations +- [Slack Community](https://opentdf.io/slack): Real-time help from maintainers diff --git a/docs/how-to/integration-patterns/index.mdx b/docs/how-to/integration-patterns/index.mdx new file mode 100644 index 00000000..77d51fe2 --- /dev/null +++ b/docs/how-to/integration-patterns/index.mdx @@ -0,0 +1,210 @@ +# Integration Patterns + +Learn how to integrate OpenTDF into your applications and infrastructure with these practical guides. + +## Overview + +OpenTDF is designed to integrate seamlessly with your existing systems. Whether you're building a custom application, connecting identity providers, or implementing policy enforcement points, these guides will help you get started. + +## Available Integration Guides + +### Policy Enforcement + +
+ +#### [Implementing a Policy Enforcement Point (PEP)](./implementing-a-pep.mdx) + +Build a custom PEP that enforces OpenTDF policies in your application. Learn how to intercept access requests, call the Key Access Server, and handle authorization decisions. + +**What you'll learn**: +- PEP architecture and responsibilities +- SDK integration patterns +- Handling encrypt and decrypt operations +- Error handling and performance optimization + +**Best for**: Application developers integrating OpenTDF into custom software + +
+ +### Identity and Attributes + +
+ +#### [Entity Service Integration](./entity-service-integration.mdx) + +Connect your existing identity and directory services to OpenTDF for attribute resolution. Support LDAP, SCIM, OIDC claims, and custom sources. + +**What you'll learn**: +- Entity resolution patterns +- Custom resolver implementation +- Attribute mapping and transformation +- Caching and performance optimization + +**Best for**: Platform engineers connecting OpenTDF to existing identity infrastructure + +
+ +
+ +#### [Identity Provider Integration](./identity-provider-integration.mdx) + +Configure OpenTDF to authenticate users via external identity providers using OIDC, SAML, or OAuth 2.0. + +**What you'll learn**: +- OIDC integration (recommended) +- SAML 2.0 integration +- Claim mapping to attributes +- Provider-specific guides (Keycloak, Okta, Azure AD, etc.) + +**Best for**: Security engineers setting up authentication and SSO + +
+ +## Integration Architecture + +OpenTDF's architecture is designed for flexibility: + +```mermaid +graph TB + App[Your Application
PEP] + IDP[Identity Provider
OIDC/SAML] + ER[Entity Resolution
Custom Plugin] + KAS[Key Access Server] + AuthZ[Authorization Service] + Policy[Policy Service] + + App -->|1. User Login| IDP + IDP -->|2. JWT Token| App + App -->|3. Encrypt/Decrypt| KAS + KAS -->|4. Authorize| AuthZ + AuthZ -->|5. Resolve Attrs| ER + ER -->|6. Query| YourLDAP[Your LDAP/DB] + AuthZ -->|7. Get Policy| Policy +``` + +### Integration Points + +1. **Application Layer** (PEP): Your application integrates OpenTDF SDKs to encrypt and decrypt data +2. **Authentication Layer** (IdP): Users authenticate through your identity provider +3. **Authorization Layer** (Entity Resolution): User attributes are resolved from your directory services +4. **Policy Layer** (Policy Service): Administrators manage policies through OpenTDF Policy Service + +## Common Integration Scenarios + +### Scenario 1: Enterprise SaaS Application + +**Goal**: Protect customer data in a multi-tenant SaaS platform + +**Integration Points**: +- PEP: Integrate SDK into application backend +- IdP: Connect to customer identity providers (OIDC federation) +- Entity Resolution: Map customer directory attributes to OpenTDF attributes +- Policy: Allow customers to define their own access policies + +**Guides to Follow**: +1. [Identity Provider Integration](./identity-provider-integration.mdx) +2. [Implementing a PEP](./implementing-a-pep.mdx) +3. [Entity Service Integration](./entity-service-integration.mdx) + +--- + +### Scenario 2: Government/Defense System + +**Goal**: Protect classified information with clearance-based access control + +**Integration Points**: +- PEP: Custom enforcement points in document management system +- IdP: CAC/PIV authentication via SAML +- Entity Resolution: Query security database for clearance levels +- Policy: Hierarchical classification attributes (Unclassified → Secret → Top Secret) + +**Guides to Follow**: +1. [Identity Provider Integration](./identity-provider-integration.mdx) (SAML section) +2. [Entity Service Integration](./entity-service-integration.mdx) (Custom DB resolver) +3. [Implementing a PEP](./implementing-a-pep.mdx) + +--- + +### Scenario 3: Healthcare Data Exchange + +**Goal**: Share patient records while enforcing consent and HIPAA compliance + +**Integration Points**: +- PEP: Integrate into EHR system or health information exchange +- IdP: Provider authentication (OIDC) +- Entity Resolution: Map provider credentials and patient consent +- Policy: Patient consent attributes + provider credentials + +**Guides to Follow**: +1. [Identity Provider Integration](./identity-provider-integration.mdx) +2. [Entity Service Integration](./entity-service-integration.mdx) +3. [Implementing a PEP](./implementing-a-pep.mdx) + +--- + +### Scenario 4: Enterprise File Sharing + +**Goal**: Protect sensitive documents shared internally and with partners + +**Integration Points**: +- PEP: Integrate into file storage backend or sync client +- IdP: Corporate SSO (Azure AD, Okta, Google Workspace) +- Entity Resolution: Sync user attributes from corporate directory +- Policy: Department and project-based access control + +**Guides to Follow**: +1. [Identity Provider Integration](./identity-provider-integration.mdx) (provider-specific guides) +2. [Entity Service Integration](./entity-service-integration.mdx) +3. [Implementing a PEP](./implementing-a-pep.mdx) + +--- + +## SDK Language Support + +OpenTDF provides SDKs in multiple languages for PEP implementation: + +| Language | SDK | Status | Best For | +|----------|-----|--------|----------| +| **Java** | [opentdf/java-sdk](https://github.com/opentdf/java-sdk) | ✅ Stable | Enterprise applications, Android | +| **Go** | [opentdf/platform/sdk](https://github.com/opentdf/platform/tree/main/sdk) | ✅ Stable | Cloud services, microservices | +| **Python** | [opentdf/client-python](https://github.com/opentdf/client-python) | ✅ Stable | Data science, ML pipelines, scripting | +| **JavaScript/TypeScript** | [opentdf/client-web](https://github.com/opentdf/client-web) | ✅ Stable | Web applications, Node.js services | +| **C++** | Coming soon | 🚧 Planned | High-performance applications | +| **.NET/C#** | Coming soon | 🚧 Planned | Windows applications, Azure services | + +Choose your SDK based on your application stack and follow the [Implementing a PEP](./implementing-a-pep.mdx) guide for language-specific examples. + +--- + +## Additional Resources + +### Architecture Documentation + +- [Platform Architecture](../../explanation/platform-architecture): How OpenTDF services work together +- [ABAC and Policy](../../explanation/abac-and-policy): Understanding attribute-based access control + +### API References + +- [Key Access Server API](../../reference/OpenAPI-clients/kas/kas): KAS endpoint documentation +- [Policy Service API](../../reference/OpenAPI-clients/policy/policy): Policy management API +- [Authorization Service API](../../reference/OpenAPI-clients/authorization/v2/authorization-v-2): Authorization endpoint documentation + +### Tutorials + +- [Your First TDF](../../tutorials/your-first-tdf/index.mdx): Hands-on tutorial to get started + +### Code Samples + +- [Code Samples Reference](../../reference/code-samples/index.mdx): Example implementations + +--- + +## Need Help? + +If you're unsure which integration pattern fits your use case, or need help with implementation: + +- [Community Forum](https://github.com/opentdf/community/discussions): Ask questions +- [GitHub Issues](https://github.com/opentdf/platform/issues): Report bugs or request features +- [Slack Community](https://join.slack.com/t/opentdf/shared_invite/...): Real-time chat with maintainers + +We're here to help you successfully integrate OpenTDF! diff --git a/docs/sdks/_category_.json b/docs/how-to/sdk-recipes/_category_.json similarity index 100% rename from docs/sdks/_category_.json rename to docs/how-to/sdk-recipes/_category_.json diff --git a/docs/sdks/authorization.mdx b/docs/how-to/sdk-recipes/authorization.mdx similarity index 99% rename from docs/sdks/authorization.mdx rename to docs/how-to/sdk-recipes/authorization.mdx index ea159be5..5f3bb172 100644 --- a/docs/sdks/authorization.mdx +++ b/docs/how-to/sdk-recipes/authorization.mdx @@ -706,6 +706,8 @@ func getBulkDecisionsV1(client *sdk.SDK) { +#### V2 API (Recommended) + ```java public void getBulkDecisions(SDK sdk) throws ExecutionException, InterruptedException { GetDecisionBulkRequest request = GetDecisionBulkRequest.newBuilder() @@ -762,6 +764,12 @@ public void getBulkDecisions(SDK sdk) throws ExecutionException, InterruptedExce } ``` +#### V1 API (Legacy) + +import GetDecisionsExample from '@site/code_samples/java/get-decisions.mdx'; + + + diff --git a/docs/how-to/sdk-recipes/index.mdx b/docs/how-to/sdk-recipes/index.mdx new file mode 100644 index 00000000..3924a865 --- /dev/null +++ b/docs/how-to/sdk-recipes/index.mdx @@ -0,0 +1,51 @@ +--- +sidebar_position: 1 +--- + +import Cards from "@site/src/components/Cards"; + +# SDK Recipes + +Code examples and patterns for integrating OpenTDF SDKs into your applications. These practical recipes show you how to encrypt, decrypt, and manage TDF files programmatically using the OpenTDF SDKs. + +## Available Recipes + + + +## Getting Started + +1. **Start with [Overview](/how-to/sdk-recipes/overview)** to understand SDK basics and setup +2. **Learn [TDF Operations](/how-to/sdk-recipes/tdf)** to protect your first data file +3. **Explore [Policy Management](/how-to/sdk-recipes/policy)** to control access to your data +4. **Implement [Authorization](/how-to/sdk-recipes/authorization)** for production applications + +## Need Different Information? + +- **New to the concepts?** Check our [explanation section](/explanation) first +- **Following a tutorial?** Try our [step-by-step tutorials](/tutorials) +- **Looking for API details?** Visit the [API reference](/reference) \ No newline at end of file diff --git a/docs/sdks/overview.mdx b/docs/how-to/sdk-recipes/overview.mdx similarity index 62% rename from docs/sdks/overview.mdx rename to docs/how-to/sdk-recipes/overview.mdx index 8b4e6eb2..04bb220b 100644 --- a/docs/sdks/overview.mdx +++ b/docs/how-to/sdk-recipes/overview.mdx @@ -2,11 +2,14 @@ sidebar_position: 1 --- +import useDocusaurusContext from '@docusaurus/useDocusaurusContext'; +import CodeBlock from '@theme/CodeBlock' + # Overview OpenTDF supports native SDKs in the Go, Java and JavaScript languages. -Please refer to the [SDK Feature Matrix](../appendix/matrix.mdx#sdk) in the Appendix for the supported features in each SDK. +Please refer to the [SDK Feature Matrix](../../reference/appendix/matrix.mdx#sdk) in the Appendix for the supported features in each SDK. ## Repositories @@ -29,13 +32,13 @@ go get github.com/opentdf/platform/sdk@latest -```xml - + +{` io.opentdf.platform sdk-pom - 0.2.0-SNAPSHOT - -``` + `}{useDocusaurusContext().siteConfig.customFields.javaSdkVersion}{` +`} + @@ -45,4 +48,4 @@ npm i @opentdf/client ``` - \ No newline at end of file + diff --git a/docs/how-to/sdk-recipes/policy.mdx b/docs/how-to/sdk-recipes/policy.mdx new file mode 100644 index 00000000..beab7c3a --- /dev/null +++ b/docs/how-to/sdk-recipes/policy.mdx @@ -0,0 +1,35 @@ +--- +sidebar_position: 3 +--- + +import CreateNamespace from '../../../code_samples/policy_code/create_namespace.mdx' +import ListNamespaces from '../../../code_samples/policy_code/list_namespaces.mdx' +import CreateAttribute from '../../../code_samples/policy_code/create_attribute.mdx' +import ListAttributes from '../../../code_samples/policy_code/list_attributes.mdx' +import CreateConditionSet from '../../../code_samples/policy_code/create_subject_condition_set.mdx' +import CreateSubjectMapping from '../../../code_samples/policy_code/create_subject_mapping.mdx' +import ListSubjectMapping from '../../../code_samples/policy_code/list_subject_mapping.mdx' + + + + + + + + +# Managing Policy + + + + + + + + + + + + + + + diff --git a/docs/how-to/sdk-recipes/tdf.mdx b/docs/how-to/sdk-recipes/tdf.mdx new file mode 100644 index 00000000..be69b961 --- /dev/null +++ b/docs/how-to/sdk-recipes/tdf.mdx @@ -0,0 +1,10 @@ +--- +sidebar_position: 4 +--- + +import EncryptionTDF from '../../../code_samples/tdf/encryption_ztdf.mdx' + + +# Creating TDF's + + \ No newline at end of file diff --git a/docs/introduction.mdx b/docs/introduction.mdx deleted file mode 100644 index fc62981b..00000000 --- a/docs/introduction.mdx +++ /dev/null @@ -1,73 +0,0 @@ ---- -sidebar_position: 1 ---- - -import React from "react"; -import Callout from "@site/src/components/Callout"; -import Cards from "@site/src/components/Cards"; - -# Welcome to OpenTDF Docs - -Find all the information you need to get started with OpenTDF. - - - This guide will walk you through setting up a new OpenTDF platform locally and - walk you through some of the basic concepts within the OpenTDF platform. - - - - -### Explore by Feature - - diff --git a/docs/learning-paths.mdx b/docs/learning-paths.mdx new file mode 100644 index 00000000..27f1c814 --- /dev/null +++ b/docs/learning-paths.mdx @@ -0,0 +1,556 @@ +# Learning Paths + +Choose a learning path based on your role and goals with OpenTDF. + +## Overview + +OpenTDF serves different audiences with different needs. These curated learning paths guide you through documentation tailored to your role and objectives. + +```mermaid +graph TD + Start[New to OpenTDF?] + Beginner[🚀 Beginner Path
1-2 hours] + Dev[👨‍💻 Developer Path
3-5 hours] + Arch[🏛️ Architect Path
4-6 hours] + Ops[⚙️ Operator Path
3-4 hours] + Sec[🔐 Security Path
2-3 hours] + + Start -->|Start here| Beginner + Beginner -->|Build apps| Dev + Beginner -->|Design systems| Arch + Beginner -->|Deploy & manage| Ops + Beginner -->|Secure systems| Sec + + Dev --> DevGoals[Goals:
• Implement PEP
• Connect IdP
• Integrate attributes] + Arch --> ArchGoals[Goals:
• Design policies
• Plan integrations
• Choose formats] + Ops --> OpsGoals[Goals:
• Deploy services
• Configure systems
• Monitor operations] + Sec --> SecGoals[Goals:
• Harden deployment
• Audit compliance
• Security best practices] + + style Start fill:#e1f5ff + style Beginner fill:#90EE90 + style Dev fill:#FFD700 + style Arch fill:#FFA500 + style Ops fill:#87CEEB + style Sec fill:#FF6B6B +``` + +--- + +## 🚀 Beginner Path: New to OpenTDF + +**Goal**: Understand what OpenTDF is and create your first protected data object. + +**Time**: 1-2 hours + +**Prerequisites**: Basic understanding of encryption and access control concepts + +### Learning Journey + +
+ +#### Step 1: Understand OpenTDF (15 minutes) + +Start by understanding the fundamentals: + +- **[What is OpenTDF?](./explanation/index.mdx)**: Project overview, TDF format, and foundational services +- **[Platform Architecture](./explanation/platform-architecture/index.md)**: How OpenTDF services work together + +**Key Takeaways**: +- OpenTDF cryptographically binds access policies to data +- Split key architecture separates encryption from policy enforcement +- Four core services: Policy, Authorization, Entity Resolution, Key Access + +--- + +#### Step 2: Core Concepts (20 minutes) + +Learn about attribute-based access control: + +- **[ABAC and Policy](./explanation/abac-and-policy/index.md)**: Understand attributes, subject mappings, and policy structure +- **[Trusted Data Format](./explanation/trusted-data-format/index.md)**: How policies are embedded in TDFs + +**Key Takeaways**: +- ABAC enables fine-grained, dynamic access control +- Policies define which attribute combinations grant access +- Attributes can represent roles, clearances, projects, etc. + +--- + +#### Step 3: Hands-On Tutorial (30-45 minutes) + +Get hands-on experience: + +- **[Your First TDF](./tutorials/your-first-tdf/index.mdx)**: Set up OpenTDF, create policies, encrypt and decrypt data + +**What You'll Build**: +- Local OpenTDF environment with Docker +- Sample namespace and attributes +- Encrypted TDF with attribute-based policy +- Working encrypt/decrypt flow + +--- + +#### Step 4: Explore Further (Optional) + +Dive deeper into specific topics: + +- **[TDF History and Standards](./explanation/trusted-data-format/history-and-standards.md)**: Evolution of TDF formats +- **[Code Samples](./reference/code-samples/index.mdx)**: Browse working examples + +
+ +**Next Steps**: Choose a role-specific path below based on how you'll use OpenTDF. + +--- + +## 👨‍💻 Developer Path: Integrating OpenTDF + +**Goal**: Integrate OpenTDF into your application to protect sensitive data. + +**Time**: 3-5 hours + +**Prerequisites**: +- Completed Beginner Path (or equivalent knowledge) +- Programming experience in Java, Go, Python, or JavaScript +- Basic understanding of REST APIs and JWT tokens + +### Learning Journey + +
+ +#### Step 1: Review Core Concepts (15 minutes) + +Refresh fundamentals if needed: + +- **[ABAC and Policy](./explanation/abac-and-policy/index.md)**: Policy structure and evaluation +- **[Platform Architecture](./explanation/platform-architecture/index.md)**: Service interactions + +--- + +#### Step 2: Implement a Policy Enforcement Point (60-90 minutes) + +Learn to enforce policies in your application: + +- **[Implementing a PEP](./how-to/integration-patterns/implementing-a-pep.mdx)**: Complete guide with code examples + +**What You'll Learn**: +- SDK setup and configuration +- Encrypting data with attributes +- Decrypting data with authorization +- Error handling and performance optimization + +**Hands-On**: Build a simple REST API that encrypts/decrypts documents with attribute-based policies. + +--- + +#### Step 3: Authentication Integration (45-60 minutes) + +Connect your identity provider: + +- **[Identity Provider Integration](./how-to/integration-patterns/identity-provider-integration.mdx)**: OIDC, SAML, OAuth 2.0 + +**What You'll Learn**: +- Configure OIDC with Keycloak, Okta, Azure AD, etc. +- Map identity claims to OpenTDF attributes +- Handle authentication flows + +**Hands-On**: Set up OIDC authentication for your test application. + +--- + +#### Step 4: Attribute Resolution (45-60 minutes) + +Connect your user directory: + +- **[Entity Service Integration](./how-to/integration-patterns/entity-service-integration.mdx)**: LDAP, SCIM, custom sources + +**What You'll Learn**: +- Implement custom attribute resolver +- Query LDAP/databases for user attributes +- Configure caching and performance optimization + +**Hands-On**: Build a custom entity resolver that queries your user directory. + +--- + +#### Step 5: Code Samples and Recipes (30 minutes) + +Explore practical examples: + +- **[Code Samples](./reference/code-samples/index.mdx)**: Working examples in multiple languages +- **[SDK Recipes](./how-to/sdk-recipes)**: Common patterns and solutions + +--- + +#### Step 6: Testing and Deployment + +- Test your integration end-to-end +- Review security best practices +- Deploy to staging/production + +
+ +**Next Steps**: +- Explore [Advanced Patterns](./how-to/) +- Review [API References](./reference/OpenAPI-clients/) + +--- + +## 🏛️ Architect Path: Designing OpenTDF Systems + +**Goal**: Design secure, scalable systems using OpenTDF. + +**Time**: 4-6 hours + +**Prerequisites**: +- Understanding of distributed systems +- Security architecture experience +- Familiarity with ABAC concepts + +### Learning Journey + +
+ +#### Step 1: Foundational Understanding (30 minutes) + +Understand OpenTDF architecture: + +- **[Platform Architecture](./explanation/platform-architecture/index.md)**: Service architecture and interactions +- **[ABAC and Policy](./explanation/abac-and-policy/index.md)**: Policy model deep dive + +--- + +#### Step 2: TDF Standards and Formats (45 minutes) + +Understand TDF ecosystem: + +- **[TDF History and Standards](./explanation/trusted-data-format/history-and-standards.md)**: BASE-TDF, IC-TDF, ZTDF, OpenTDF +- **[TDF Specification](./reference/trusted-data-format/specifications/)**: Technical specification + +**Key Decisions**: +- Which TDF format fits your requirements? +- Interoperability needs? +- Cryptographic requirements? + +--- + +#### Step 3: Policy Design (60-90 minutes) + +Design effective policy models: + +- **[ABAC and Policy - Policy Design Best Practices](./explanation/abac-and-policy/index.md#policy-design-best-practices)**: Granularity, performance, security + +**Design Exercises**: +- Map your organization's access control requirements to attributes +- Design namespace hierarchies +- Plan subject mapping strategy +- Consider performance implications + +--- + +#### Step 4: Integration Architecture (60-90 minutes) + +Plan integrations with existing systems: + +- **[Integration Patterns](./how-to/integration-patterns/index.mdx)**: Overview of integration points +- **[PEP Implementation](./how-to/integration-patterns/implementing-a-pep.mdx)**: Application-level enforcement +- **[Entity Resolution](./how-to/integration-patterns/entity-service-integration.mdx)**: Directory integration +- **[Identity Provider](./how-to/integration-patterns/identity-provider-integration.mdx)**: Authentication integration + +**Architecture Decisions**: +- Where to enforce policies (PEPs)? +- How to resolve attributes? +- Single-tenant vs multi-tenant? +- On-premise vs cloud deployment? + +--- + +#### Step 5: Scalability and High Availability (30-45 minutes) + +Design for production scale: + +- **[Configuration Reference](./reference/OpenAPI-clients/)**: Service configuration options +- Review load balancing strategies +- Plan for redundancy and failover +- Consider caching strategies + +--- + +#### Step 6: Security Architecture (45 minutes) + +Harden your deployment: + +- Review security best practices across all guides +- Plan key management strategy +- Design audit and compliance logging +- Consider zero trust architecture alignment + +--- + +#### Step 7: Case Studies + +Learn from example architectures: + +- **[Integration Patterns - Common Scenarios](./how-to/integration-patterns/index.mdx#common-integration-scenarios)**: Enterprise SaaS, Government, Healthcare, File Sharing + +
+ +**Next Steps**: +- Review [API References](./reference/OpenAPI-clients/) +- Plan proof-of-concept deployment + +--- + +## ⚙️ Operator Path: Deploying and Managing OpenTDF + +**Goal**: Deploy, configure, and maintain OpenTDF in production. + +**Time**: 3-4 hours + +**Prerequisites**: +- Experience with container orchestration (Docker, Kubernetes) +- Understanding of infrastructure and DevOps +- Basic understanding of OpenTDF concepts + +### Learning Journey + +
+ +#### Step 1: Quick Start (30 minutes) + +Get OpenTDF running: + +- **[Quick Start Tutorial](./tutorials/your-first-tdf/index.mdx)**: Deploy with Docker Compose +- **[Platform Architecture](./explanation/platform-architecture/index.md)**: Understand service dependencies + +--- + +#### Step 2: Configuration (60-90 minutes) + +Learn service configuration: + +- **[Policy Service Configuration](./reference/OpenAPI-clients/policy/policy/)**: Policy service setup +- **[Authorization Service Configuration](./reference/OpenAPI-clients/authorization/v2/authorization-v-2/)**: Authorization setup +- **[Entity Resolution Configuration](./reference/OpenAPI-clients/entityresolution/v2/entityresolution-v-2/)**: ER setup +- **[Key Access Server Configuration](./reference/OpenAPI-clients/kas/kas/)**: KAS setup + +**Key Configuration Areas**: +- Database connections +- TLS/mTLS certificates +- Authentication backends +- Logging and monitoring + +--- + +#### Step 3: Integration Setup (60-90 minutes) + +Connect external systems: + +- **[Identity Provider Integration](./how-to/integration-patterns/identity-provider-integration.mdx)**: OIDC/SAML setup +- **[Entity Resolution Integration](./how-to/integration-patterns/entity-service-integration.mdx)**: LDAP/directory setup + +--- + +#### Step 4: Production Deployment (45-60 minutes) + +Deploy to production environment: + +- Review high availability configurations +- Set up load balancers +- Configure database replication +- Plan backup and disaster recovery + +**Deployment Options**: +- Docker Compose (development) +- Kubernetes (production) +- Cloud-managed services + +--- + +#### Step 5: Monitoring and Operations (30-45 minutes) + +Operational monitoring: + +- Configure health checks +- Set up metrics collection (Prometheus, etc.) +- Configure log aggregation +- Set up alerting + +**Key Metrics**: +- Authorization request latency +- Policy evaluation errors +- Entity resolution cache hit rate +- KAS key access success/failure rate + +--- + +#### Step 6: Troubleshooting + +Learn common operational issues: + +- Review troubleshooting sections in integration guides +- Debug authorization failures +- Investigate performance issues +- Handle certificate expiration + +
+ +**Next Steps**: +- Set up staging environment +- Plan production rollout +- Document runbooks + +--- + +## 🔐 Security Engineer Path: Securing OpenTDF + +**Goal**: Understand and implement security best practices for OpenTDF. + +**Time**: 2-3 hours + +**Prerequisites**: +- Security engineering experience +- Understanding of cryptography and PKI +- Familiarity with identity and access management + +### Learning Journey + +
+ +#### Step 1: Understand Security Model (30 minutes) + +Learn OpenTDF's security architecture: + +- **[Platform Architecture](./explanation/platform-architecture/index.md)**: Trust boundaries and service interactions +- **[Trusted Data Format](./explanation/trusted-data-format/index.md)**: Cryptographic binding +- **[TDF Specification](./reference/trusted-data-format/specifications/)**: Cryptographic details + +**Key Security Principles**: +- Split key architecture +- Zero trust data protection +- Cryptographic policy binding + +--- + +#### Step 2: Authentication and Authorization (45 minutes) + +Secure identity and access: + +- **[Identity Provider Integration](./how-to/integration-patterns/identity-provider-integration.mdx)**: OIDC/SAML security +- **[Entity Resolution](./how-to/integration-patterns/entity-service-integration.mdx)**: Attribute security + +**Security Checklist**: +- ✅ JWT signature validation +- ✅ Token storage best practices +- ✅ MFA enforcement +- ✅ Session management +- ✅ Credential management + +--- + +#### Step 3: Policy Security (30 minutes) + +Design secure policies: + +- **[ABAC and Policy](./explanation/abac-and-policy/index.md)**: Policy model and best practices + +**Security Considerations**: +- Principle of least privilege +- Separation of duties +- Policy audit trails +- Attribute tampering prevention + +--- + +#### Step 4: Operational Security (45 minutes) + +Secure deployments: + +- Review security sections in all integration guides +- TLS/mTLS configuration +- Secrets management +- Network segmentation +- Audit logging + +**Hardening Checklist**: +- ✅ All communications over TLS +- ✅ Secrets stored securely (Vault, etc.) +- ✅ Network policies (firewalls, security groups) +- ✅ Audit logs sent to SIEM +- ✅ Regular security updates +- ✅ Vulnerability scanning + +--- + +#### Step 5: Compliance and Auditing (30 minutes) + +Enable compliance: + +- Configure comprehensive audit logging +- Plan compliance reporting +- Review data residency requirements + +**Compliance Frameworks**: +- NIST ABAC (SP 800-162) +- GDPR (data protection) +- HIPAA (healthcare) +- FedRAMP (government) + +
+ +**Next Steps**: +- Conduct security assessment +- Develop security runbooks +- Plan penetration testing + +--- + +## 📚 Quick Reference by Topic + +Can't find what you need in the learning paths? Browse by topic: + +### Core Concepts + +- [Platform Architecture](./explanation/platform-architecture/index.md) +- [ABAC and Policy](./explanation/abac-and-policy/index.md) +- [Trusted Data Format](./explanation/trusted-data-format/index.md) +- [TDF History and Standards](./explanation/trusted-data-format/history-and-standards.md) + +### Integration Guides + +- [Implementing a PEP](./how-to/integration-patterns/implementing-a-pep.mdx) +- [Entity Service Integration](./how-to/integration-patterns/entity-service-integration.mdx) +- [Identity Provider Integration](./how-to/integration-patterns/identity-provider-integration.mdx) + +### Tutorials + +- [Your First TDF](./tutorials/your-first-tdf/index.mdx) + +### Reference + +- [Code Samples](./reference/code-samples/index.mdx) +- [API Documentation](./reference/OpenAPI-clients/) +- [SDK Recipes](./how-to/sdk-recipes) +- [TDF Specification](./reference/trusted-data-format/specifications/) + +--- + +## Need Help? + +Still have questions? We're here to help: + +- **[Community Forum](https://github.com/opentdf/community/discussions)**: Ask questions, share experiences +- **[GitHub Issues](https://github.com/opentdf/platform/issues)**: Report bugs or request features +- **[Slack Community](https://opentdf.io/slack)**: Real-time chat with maintainers and users + +## Contribute to Documentation + +Help improve these learning paths: + +- **[Documentation Repository](https://github.com/opentdf/docs)**: Submit improvements +- **Share Feedback**: Let us know what works and what doesn't +- **Add Examples**: Contribute code samples or tutorials + +--- + +**Ready to get started?** Choose a path above and begin your OpenTDF journey! diff --git a/docs/reference/_category_.json b/docs/reference/_category_.json new file mode 100644 index 00000000..9d475cf8 --- /dev/null +++ b/docs/reference/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Reference", + "position": 4, + "link": { + "type": "generated-index", + "description": "Comprehensive reference material including API documentation, specifications, CLI commands, SDK references, and configuration details." + }, + "collapsible": true, + "collapsed": true +} \ No newline at end of file diff --git a/docs/appendix/_category_.yaml b/docs/reference/appendix/_category_.yaml similarity index 100% rename from docs/appendix/_category_.yaml rename to docs/reference/appendix/_category_.yaml diff --git a/docs/appendix/matrix.mdx b/docs/reference/appendix/matrix.mdx similarity index 96% rename from docs/appendix/matrix.mdx rename to docs/reference/appendix/matrix.mdx index 9bbab5e6..9ee2080a 100644 --- a/docs/appendix/matrix.mdx +++ b/docs/reference/appendix/matrix.mdx @@ -58,7 +58,6 @@ Feature matrix for the different SDK versions. | | | | | | **Encrypt/Decrypt**[^103] | Stable | Stable | Stable | | - ZTDF[^110] | Stable | Stable | Stable | -| - NanoTDF[^111] | Stable | Stable | Stable | | - ABAC[^112] | Stable | Stable | Stable | | - Key Access Grants[^140] | Stable | Stable | Stable | | | | | | @@ -71,7 +70,6 @@ Feature matrix for the different SDK versions. [^103]: Encrypt is the ability to encrypt data. [^105]: Service APIs are APIs that are provided by the library to interact with the service. [^110]: Support for the [Zero Trust Data Format](https://github.com/opentdf/spec/tree/main/schema/tdf) utilizing JSON manifests and assertation. -[^111]: Support for the [Nano Trusted Data Format](https://github.com/opentdf/spec/tree/main/schema/nanotdf). [^112]: ABAC is Attribute Based Access Control. [^113]: Dissem is Dissemination List (i.e., email lists). [^120]: Authorization APIs for managing authorization policies. diff --git a/docs/reference/code-samples/index.mdx b/docs/reference/code-samples/index.mdx new file mode 100644 index 00000000..794682b5 --- /dev/null +++ b/docs/reference/code-samples/index.mdx @@ -0,0 +1,230 @@ +# Code Samples + +Browse working code examples for OpenTDF across different languages and use cases. + +## Overview + +This section provides practical code examples to help you integrate OpenTDF into your applications. Code samples are available in the `code_samples/` directory of this repository. + +## Available Code Samples + +### Java SDK Examples + +Comprehensive examples for the Java SDK covering TDF operations and policy management. + +#### TDF Operations + +- **[Encrypt Data](https://github.com/opentdf/docs/blob/main/code_samples/java/encrypt-example.mdx)**: Create and encrypt TDFs with attributes +- **[Decrypt Data](https://github.com/opentdf/docs/blob/main/code_samples/java/decrypt-example.mdx)**: Decrypt TDFs and access protected content +- **[Encrypt Collection](https://github.com/opentdf/docs/blob/main/code_samples/java/encrypt-collection-example.mdx)**: Encrypt multiple files efficiently +- **[Decrypt Collection](https://github.com/opentdf/docs/blob/main/code_samples/java/decrypt-collection-example.mdx)**: Decrypt multiple TDFs in batch +- **[Get Manifest Information](https://github.com/opentdf/docs/blob/main/code_samples/java/get-manifest-information.mdx)**: Extract TDF metadata without decrypting + +#### Policy Management + +- **[Create Namespace](https://github.com/opentdf/docs/blob/main/code_samples/java/create-namespace.mdx)**: Define attribute namespaces +- **[List Namespaces](https://github.com/opentdf/docs/blob/main/code_samples/java/list-namespaces.mdx)**: Retrieve all namespaces +- **[Create Attribute](https://github.com/opentdf/docs/blob/main/code_samples/java/create-attribute.mdx)**: Define attributes with rules and values +- **[List Attributes](https://github.com/opentdf/docs/blob/main/code_samples/java/list-attributes.mdx)**: Retrieve all attributes +- **[Create Subject Condition Set](https://github.com/opentdf/docs/blob/main/code_samples/java/create-subject-condition-set.mdx)**: Define complex subject matching conditions +- **[Create Subject Mapping](https://github.com/opentdf/docs/blob/main/code_samples/java/create-subject-mapping.mdx)**: Map subjects to attributes +- **[List Subject Mappings](https://github.com/opentdf/docs/blob/main/code_samples/java/list-subject-mappings.mdx)**: Retrieve all subject mappings + +#### Authorization + +- **[Get Authorization Decisions](https://github.com/opentdf/docs/blob/main/code_samples/java/get-decisions.mdx)**: Make authorization decisions +- **[Get Entitlements](https://github.com/opentdf/docs/blob/main/code_samples/java/get-entitlements.mdx)**: Retrieve user entitlements + +--- + +### Python Examples + +Policy management examples using Python. + +- **[Create Namespace](https://github.com/opentdf/docs/blob/main/code_samples/policy_code/create_namespace.mdx)**: Define namespaces +- **[Create Attribute](https://github.com/opentdf/docs/blob/main/code_samples/policy_code/create_attribute.mdx)**: Create attributes +- **[Create Subject Condition Set](https://github.com/opentdf/docs/blob/main/code_samples/policy_code/create_subject_condition_set.mdx)**: Define subject conditions +- **[Create Subject Mapping](https://github.com/opentdf/docs/blob/main/code_samples/policy_code/create_subject_mapping.mdx)**: Map subjects to attributes +- **[List Namespaces](https://github.com/opentdf/docs/blob/main/code_samples/policy_code/list_namespaces.mdx)**: Retrieve namespaces +- **[List Attributes](https://github.com/opentdf/docs/blob/main/code_samples/policy_code/list_attributes.mdx)**: Retrieve attributes +- **[List Subject Mappings](https://github.com/opentdf/docs/blob/main/code_samples/policy_code/list_subject_mapping.mdx)**: Retrieve subject mappings + +--- + +### TDF Format Examples + +- **[ZTDF Encryption](https://github.com/opentdf/docs/blob/main/code_samples/tdf/encryption_ztdf.mdx)**: Zero Trust Data Format encryption example + +--- + +### Authorization Examples + +- **[Get Authorization Decision](https://github.com/opentdf/docs/blob/main/code_samples/authorization/get_decision.mdx)**: Request authorization decisions +- **[Get Entitlements](https://github.com/opentdf/docs/blob/main/code_samples/authorization/get_entitlements.mdx)**: Retrieve user entitlements + +--- + +## Example Patterns by Use Case + +### Use Case: Protecting Sensitive Documents + +**Scenario**: Encrypt documents with department-based access control + +**Steps**: +1. [Create namespace](https://github.com/opentdf/docs/blob/main/code_samples/java/create-namespace.mdx) for your organization +2. [Create attribute](https://github.com/opentdf/docs/blob/main/code_samples/java/create-attribute.mdx) for department +3. [Create subject mapping](https://github.com/opentdf/docs/blob/main/code_samples/java/create-subject-mapping.mdx) to assign departments to users +4. [Encrypt document](https://github.com/opentdf/docs/blob/main/code_samples/java/encrypt-example.mdx) with department attribute +5. [Decrypt document](https://github.com/opentdf/docs/blob/main/code_samples/java/decrypt-example.mdx) as authorized user + +--- + +### Use Case: Multi-Level Classification + +**Scenario**: Implement hierarchical classification (public, internal, confidential, secret) + +**Steps**: +1. Create namespace with HIERARCHY rule +2. Create attribute with ordered values (public=1, internal=2, confidential=3, secret=4) +3. Map users to clearance levels via subject mappings +4. Encrypt data with classification level +5. Users with higher clearance can access lower-classified data automatically + +**Example Code**: See [Create Attribute](https://github.com/opentdf/docs/blob/main/code_samples/java/create-attribute.mdx) for hierarchies + +--- + +### Use Case: Project-Based Access Control + +**Scenario**: Restrict data access to project team members + +**Steps**: +1. Create project attribute (project-alpha, project-beta) +2. Create subject mappings linking user groups to projects +3. Encrypt data with project attribute +4. Only users assigned to the project can decrypt + +**Example Code**: See [Subject Condition Sets](https://github.com/opentdf/docs/blob/main/code_samples/java/create-subject-condition-set.mdx) for complex conditions + +--- + +## Code Sample Repositories + +Explore complete working applications and more examples: + +### Official SDK Repositories + +| Language | Repository | Description | +|----------|------------|-------------| +| **Java** | [opentdf/java-sdk](https://github.com/opentdf/java-sdk) | Comprehensive Java SDK with examples | +| **Go** | [opentdf/platform/sdk](https://github.com/opentdf/platform/tree/main/sdk) | Go SDK integrated with platform services | +| **Python** | [opentdf/client-python](https://github.com/opentdf/client-python) | Python client with examples | +| **JavaScript** | [opentdf/client-web](https://github.com/opentdf/client-web) | Web and Node.js SDK with examples | + +### Example Applications + +| Name | Description | Link | +|------|-------------|------| +| **Java Examples** | Complete Java application examples | [View Repository](https://github.com/opentdf/java-sdk/tree/main/examples) | +| **Web Demo** | Interactive web application demo | [View Repository](https://github.com/opentdf/web-demo) | +| **CLI Tool** | Reference CLI implementation | [otdfctl Repository](https://github.com/opentdf/otdfctl) | + +--- + +## Contributing Examples + +Have a useful code example to share? We welcome contributions! + +**How to Contribute**: + +1. Fork the [docs repository](https://github.com/opentdf/docs) +2. Add your example to `code_samples/{language}/` directory +3. Use MDX format for rich formatting +4. Include: + - Clear description of what the example does + - Prerequisites + - Step-by-step code with comments + - Expected output +5. Submit a pull request + +**Example Template**: + +```mdx +# Example: [Title] + +## Description + +Brief description of what this example demonstrates. + +## Prerequisites + +- Prerequisite 1 +- Prerequisite 2 + +## Code + +\`\`\`java +// Your code here with comments +public class Example { + public static void main(String[] args) { + // Step 1: Initialize + // Step 2: Execute + // Step 3: Output + } +} +\`\`\` + +## Expected Output + +\`\`\` +Output here +\`\`\` + +## Related + +- [Related Guide](link) +- [Related API Reference](link) +``` + +--- + +## Testing Code Examples + +All code examples should be tested against the latest OpenTDF release. + +**Testing Checklist**: +- ✅ Code compiles without errors +- ✅ Code runs against OpenTDF platform +- ✅ Expected output is documented +- ✅ Error handling is demonstrated +- ✅ Dependencies are specified + +--- + +## Related Resources + +### How-To Guides + +Learn how to implement common integration patterns: + +- [Implementing a PEP](../../how-to/integration-patterns/implementing-a-pep.mdx): Build custom policy enforcement +- [Entity Service Integration](../../how-to/integration-patterns/entity-service-integration.mdx): Connect attribute sources +- [Identity Provider Integration](../../how-to/integration-patterns/identity-provider-integration.mdx): Set up authentication + +### Tutorials + +Step-by-step tutorials for learning OpenTDF: + +- [Your First TDF](../../tutorials/your-first-tdf/index.mdx): Hands-on introduction + +--- + +## Need Help? + +If you have questions about code examples or need help with implementation: + +- [GitHub Discussions](https://github.com/opentdf/community/discussions): Ask questions +- [GitHub Issues](https://github.com/opentdf/platform/issues): Report bugs +- [Slack Community](https://opentdf.io/slack): Real-time chat + +We're here to help you succeed with OpenTDF! diff --git a/docs/reference/index.mdx b/docs/reference/index.mdx new file mode 100644 index 00000000..3d52c4cd --- /dev/null +++ b/docs/reference/index.mdx @@ -0,0 +1,51 @@ +--- +sidebar_position: 1 +--- + +import Cards from "@site/src/components/Cards"; + +# Reference Documentation + +Complete API documentation, specifications, CLI commands, SDK references, and configuration details. This section provides comprehensive technical information for developers and system administrators. + +## API Documentation + + + +## Available References + +### Platform APIs +- **Policy Service**: Manage attributes, namespaces, and access policies +- **Authorization Service**: Handle access decisions and entitlements +- **Key Access Service**: Control cryptographic key distribution +- **Entity Resolution**: Map entities to attributes for authorization + +### Specifications +- **TDF Format**: Technical specification for Trusted Data Format files +- **Protocol**: Communication protocols between platform services +- **Schema**: JSON schemas and data structure definitions +- **Concepts**: Detailed explanations of core platform concepts + +### CLI Tools +- **otdfctl**: Command-line interface documentation and examples + +## Need Different Information? + +- **Learning the concepts?** Start with our [explanation section](/explanation) +- **Following a tutorial?** Check our [step-by-step tutorials](/tutorials) +- **Looking for practical examples?** Visit our [how-to guides](/how-to) \ No newline at end of file diff --git a/docs/sdks/policy.mdx b/docs/sdks/policy.mdx deleted file mode 100644 index 3b273e43..00000000 --- a/docs/sdks/policy.mdx +++ /dev/null @@ -1,35 +0,0 @@ ---- -sidebar_position: 3 ---- - -import CreateNamespace from '../../code_samples/policy_code/create_namespace.mdx' -import ListNamespaces from '../../code_samples/policy_code/list_namespaces.mdx' -import CreateAttribute from '../../code_samples/policy_code/create_attribute.mdx' -import ListAttributes from '../../code_samples/policy_code/list_attributes.mdx' -import CreateConditionSet from '../../code_samples/policy_code/create_subject_condition_set.mdx' -import CreateSubjectMapping from '../../code_samples/policy_code/create_subject_mapping.mdx' -import ListSubjectMapping from '../../code_samples/policy_code/list_subject_mapping.mdx' - - - - - - - - -# Managing Policy - - - - - - - - - - - - - - - diff --git a/docs/sdks/tdf.mdx b/docs/sdks/tdf.mdx deleted file mode 100644 index 0c441782..00000000 --- a/docs/sdks/tdf.mdx +++ /dev/null @@ -1,10 +0,0 @@ ---- -sidebar_position: 4 ---- - -import EncryptionTDF from '../../code_samples/tdf/encryption_ztdf.mdx' - - -# Creating TDF's - - \ No newline at end of file diff --git a/docs/tutorials/_category_.json b/docs/tutorials/_category_.json new file mode 100644 index 00000000..7dd6574b --- /dev/null +++ b/docs/tutorials/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Learn OpenTDF", + "position": 2, + "link": { + "type": "generated-index", + "description": "Step-by-step tutorials that teach you to use OpenTDF. Start here if you're new to data-centric security or want to build your skills progressively." + }, + "collapsible": true, + "collapsed": false +} \ No newline at end of file diff --git a/docs/tutorials/index.mdx b/docs/tutorials/index.mdx new file mode 100644 index 00000000..7894ae19 --- /dev/null +++ b/docs/tutorials/index.mdx @@ -0,0 +1,34 @@ +--- +sidebar_position: 1 +--- + +import Cards from "@site/src/components/Cards"; + +# Learn OpenTDF + +Step-by-step tutorials that teach you to use OpenTDF. Start here if you're new to data-centric security or want to build your skills progressively. + +## Available Tutorials + + + +## Learning Path + +1. **Start Here**: [Your First TDF](/tutorials/your-first-tdf) - Learn the fundamentals by creating your first protected data file +2. **Coming Soon**: More tutorials covering advanced topics like policy management, SDK integration, and production deployments + +## Need Help? + +- **New to the concepts?** Start with our [explanation section](/explanation) to understand the theory behind data-centric security +- **Looking for specific solutions?** Check our [how-to guides](/how-to) for practical recipes +- **Need reference information?** Visit our [API documentation](/reference) for complete technical details \ No newline at end of file diff --git a/docs/tutorials/your-first-tdf/_category_.json b/docs/tutorials/your-first-tdf/_category_.json new file mode 100644 index 00000000..8f545acf --- /dev/null +++ b/docs/tutorials/your-first-tdf/_category_.json @@ -0,0 +1,8 @@ +{ + "label": "Your First TDF", + "position": 1, + "link": { + "type": "generated-index", + "description": "Learn OpenTDF by creating your first Trusted Data Format file. This tutorial walks you through setting up the platform, creating policies, and encrypting data." + } +} \ No newline at end of file diff --git a/docs/tutorials/your-first-tdf/configuration.md b/docs/tutorials/your-first-tdf/configuration.md new file mode 100644 index 00000000..7dc39caa --- /dev/null +++ b/docs/tutorials/your-first-tdf/configuration.md @@ -0,0 +1,432 @@ +--- +id: configuration +sidebar_position: 20 +title: Configuration +--- + +# Platform Configuration + +This guide provides details about the configuration setup for the platform, including the logger, services , and server configurations. + +The platform leverages [viper](https://github.com/spf13/viper) to help load configuration. + +- [Deployment Mode](#deployment-mode) + - [Service Negation](#service-negation) + - [SDK Configuration](#sdk-configuration) + - [Logger Configuration](#logger-configuration) + - [Server Configuration](#server-configuration) + - [Crypto Provider](#crypto-provider) + - [Database Configuration](#database-configuration) + - [Tracing Configuration](#tracing-configuration) + - [Services Configuration](#services-configuration) + - [Key Access Server (KAS)](#key-access-server-kas) + - [Authorization](#authorization) + - [Policy](#policy) + - [Casbin Endpoint Authorization](#casbin-endpoint-authorization) + - [Key Aspects of Authorization Configuration](#key-aspects-of-authorization-configuration) + - [Configuration in opentdf-example.yaml](#configuration-in-opentdf-exampleyaml) + - [Role Permissions](#role-permissions) + - [Managing Authorization Policy](#managing-authorization-policy) + - [Cache Configuration](#cache-configuration) + +## Deployment Mode + +The platform is designed as a modular monolith, meaning that all services are built into and run from the same binary. However, these services can be grouped and run together based on specific needs. The available service groups are: + +- all: Runs every service that is registered within the platform. +- core: Runs essential services, including policy, authorization, and wellknown services. +- kas: Runs the Key Access Server (KAS) service. + +### Service Negation + +You can exclude specific services from any mode using the negation syntax `-servicename`: + +- **Syntax**: `mode: ,-,-` +- **Constraint**: At least one positive mode must be specified (negation-only modes like `-kas` will result in an error) +- **Available services**: `policy`, `authorization`, `kas`, `entityresolution`, `wellknown` + +**Examples:** +```yaml +# Run all services except Entity Resolution Service +mode: all,-entityresolution + +# Run core services except Policy Service +mode: core,-policy + +# Run all services except both KAS and Entity Resolution +mode: all,-kas,-entityresolution +``` + +| Field | Description | Default | Environment Variable | +| ------ | ----------------------------------------------------------------------------- | ------- | -------------------- | +| `mode` | Drives which services to run. Supported modes: `all`, `core`, `kas`. Use `-servicename` to exclude specific services (e.g., `all,-entityresolution`) | `all` | OPENTDF_MODE | + +## SDK Configuration + +The sdk configuration is used when operating the service in mode `kas`. When running in mode `core` or `all` an in-process communication is leveraged over an in-memory grpc server. + +Root level key `sdk_config` + +| Field | Description | Default | Environment Variable | +| ---------------------------- | ------------------------------------------- | ------- | -------------------------------- | +| `core.endpoint` | The core platform endpoint to connect to | | OPENTDF_SDK_CONFIG_ENDPOINT | +| `core.plaintext` | Use a plaintext grpc connection | `false` | OPENTDF_SDK_CONFIG_PLAINTEXT | +| `core.insecure` | Use an insecure tls connection | `false` | | +| `entityresolution.endpoint` | The entityresolution endpoint to connect to | | | +| `entityresolution.plaintext` | Use a plaintext ERS grpc connection | `false` | | +| `entityresolution.insecure` | Use an insecure tls connection | `false` | | +| `client_id` | OAuth client id | | OPENTDF_SDK_CONFIG_CLIENT_ID | +| `client_secret` | The clients credentials | | OPENTDF_SDK_CONFIG_CLIENT_SECRET | + +## Logger Configuration + +The logger configuration is used to define how the application logs its output. + +Root level key `logger` + +| Field | Description | Default | Environment Variable | +| -------- | -------------------------------- | -------- | --------------------- | +| `level` | The logging level. | `info` | OPENTDF_LOGGER_LEVEL | +| `type` | The format of the log output. | `json` | OPENTDF_LOGGER_TYPE | +| `output` | The output destination for logs. | `stdout` | OPENTDF_LOGGER_OUTPUT | + +Example: + +```yaml +logger: + level: debug + type: text + output: stdout +``` + +## Server Configuration + +The server configuration is used to define how the application runs its server. + +Root level key `server` + +| Field | Description | Default | Environment Variable | +| ----------------------- | ------------------------------------------------------------------------------------------------------------- | ------- | ------------------------------------ | +| `auth.audience` | The audience for the IDP. | | OPENTDF_SERVER_AUTH_AUDIENCE | +| `auth.issuer` | The issuer for the IDP. | | OPENTDF_SERVER_AUTH_ISSUER | +| `auth.policy` | The Casbin policy for enforcing authorization on endpoints. Described [below](#casbin-endpoint-authorization) | | | +| `auth.cache_refresh` | Interval in which the IDP jwks should be refreshed | `15m` | OPENTDF_SERVER_AUTH_CACHE_REFRESH | +| `auth.dpopskew` | The amount of time drift allowed between when the client generated a dpop proof and the server time. | `1h` | OPENTDF_SERVER_AUTH | +| `auth.skew` | The amount of time drift allowed between a tokens `exp` claim and the server time. | `1m` | OPENTDF_SERVER_AUTH_SKEW | +| `auth.public_client_id` | [DEPRECATED] The oidc client id. This is leveraged by otdfctl. | | OPENTDF_SERVER_AUTH_PUBLIC_CLIENT_ID | +| `auth.enforceDPoP` | If true, DPoP bindings on Access Tokens are enforced. | `false` | OPENTDF_SERVER_AUTH_ENFORCEDPOP | +| `cryptoProvider` | A list of public/private keypairs and their use. Described [below](#crypto-provider) | empty | | +| `enable_pprof` | Enable golang performance profiling | `false` | OPENTDF_SERVER_ENABLE_PPROF | +| `grpc.reflection` | The configuration for the grpc server. | `true` | OPENTDF_SERVER_GRPC_REFLECTION | +| `public_hostname` | The public facing hostname for the server. | | OPENTDF_SERVER_PUBLIC_HOSTNAME | +| `host` | The host address for the server. | `""` | OPENTDF_SERVER_HOST | +| `port` | The port number for the server. | `9000` | OPENTDF_SERVER_PORT | +| `tls.enabled` | Enable tls. | `false` | OPENTDF_SERVER_TLS_ENABLED | +| `tls.cert` | The path to the tls certificate. | | OPENTDF_SERVER_TLS_CERT | +| `tls.key` | The path to the tls key. | | OPENTDF_SERVER_TLS_KEY | + +Example: + +```yaml +server: + grpc: + reflection: true + port: 8081 + tls: + enabled: true + cert: /path/to/cert + key: /path/to/key + auth: + enabled: true + audience: https://example.com + issuer: https://example.com + cryptoProvider: + standard: + keys: + - kid: r1 + alg: rsa:2048 + private: kas-private.pem + cert: kas-cert.pem + - kid: e1 + alg: ec:secp256r1 + private: kas-ec-private.pem + cert: kas-ec-cert.pem +``` + +### Crypto Provider + +To configure the Key Access Server, +you must define a set of one or more public keypairs +and a method for loading and using them. + +The crypto provider is implemented as an interface, +allowing multiple implementations. + +Root level key `cryptoProvider` + +Environment Variable: `OPENTDF_SERVER_CRYPTOPROVIDER_STANDARD='[{"alg":"rsa:2048","kid":"k1","private":"kas-private.pem","cert":"kas-cert.pem"}]'` + +| Field | Description | Default | +| ----------------------------------- | ------------------------------------------------------------------------- | ---------- | +| `cryptoProvider.type` | The type of crypto provider to use. | `standard` | +| `cryptoProvider.standard.*.alg` | An enum for the associated crypto type. E.g. `rsa:2048` or `ec:secp256r1` | | +| `cryptoProvider.standard.*.kid` | A short, globally unique, stable identifier for this keypair. | | +| `cryptoProvider.standard.*.private` | Path to the private key as a PEM file. | | +| `cryptoProvider.standard.*.cert` | (Optional) Path to a public cert for the keypair. | | + +## Database Configuration + +The database configuration is used to define how the application connects to its database. + +Root level key `db` + +| Field | Description | Default | Environment Variables | +| -------------------------------------- | --------------------------------------------- | ----------- | ----------------------------------------------- | +| `host` | The host address for the database. | `localhost` | OPENTDF_DB_HOST | +| `port` | The port number for the database. | `5432` | OPENTDF_DB_PORT | +| `database` | The name of the database. | `opentdf` | OPENTDF_DB_DATABASE | +| `user` | The username for the database. | `postgres` | OPENTDF_DB_USER | +| `password` | The password for the database. | `changeme` | OPENTDF_DB_PASSWORD | +| `sslmode` | The ssl mode for the database | `prefer` | OPENTDF_DB_SSLMODE | +| `schema` | The schema for the database. | `opentdf` | OPENTDF_DB_SCHEMA | +| `runMigration` | Whether to run the database migration or not. | `true` | OPENTDF_DB_RUNMIGRATION | +| `connect_timeout_seconds` | Connection timeout duration (seconds). | `15` | OPENTDF_DB_CONNECT_TIMEOUT_SECONDS | +| `pool` | Pool configuration settings. | | | +| `pool.max_connection_count` | Maximum number of connections per pool. | `4` | OPENTDF_DB_POOL_MAX_CONNECTION_COUNT | +| `pool.min_connection_count` | Minimum number of connections per pool. | `0` | OPENTDF_DB_POOL_MIN_CONNECTION_COUNT | +| `pool.max_connection_lifetime_seconds` | Maximum seconds per connection lifetime. | `3600` | OPENTDF_DB_POOL_MAX_CONNECTION_LIFETIME_SECONDS | +| `pool.min_idle_connections_count` | Minimum number of idle connections per pool. | `0` | OPENTDF_DB_POOL_MIN_IDLE_CONNECTIONS_COUNT | +| `pool.max_connection_idle_seconds` | Maximum seconds allowed for idle connection. | `1800` | OPENTDF_DB_POOL_MAX_CONNECTION_IDLE_SECONDS | +| `pool.health_check_period_seconds` | Interval seconds per health check. | `60` | OPENTDF_DB_POOL_HEALTH_CHECK_PERIOD_SECONDS | + + + + +Example: + +```yaml +db: + host: localhost + port: 5432 + database: opentdf + user: postgres + password: changeme + sslmode: require + schema: opentdf + runMigration: false + connect_timeout_seconds: 15 + pool: + max_connection_count: 4 + min_connection_count: 0 + max_connection_lifetime_seconds: 3600 + min_idle_connections_count: 0 + max_connection_idle_seconds: 1800 + health_check_period_seconds: 60 +``` + +### Tracing Configuration + +| Field | Description | Default | Environment Variable | +| --------------------- | ------------------------------- | ------- | ---------------------------------- | +| `trace.enabled` | Enable distributed tracing | `false` | OPENTDF_SERVER_TRACE_ENABLED | +| `trace.provider.name` | Tracing provider (file or otlp) | `otlp` | OPENTDF_SERVER_TRACE_PROVIDER_NAME | + +For file provider: +- `trace.provider.file.path`: Path to trace file output +- `trace.provider.file.prettyPrint`: Enable pretty-printed JSON +- `trace.provider.file.maxSize`: Maximum file size in MB +- `trace.provider.file.maxBackups`: Maximum number of backup files +- `trace.provider.file.maxAge`: Maximum age of files in days +- `trace.provider.file.compress`: Enable compression of trace files + +For OTLP provider: +- `trace.provider.otlp.protocol`: Protocol to use (grpc or http/protobuf) +- `trace.provider.otlp.endpoint`: Endpoint URL for the collector +- `trace.provider.otlp.insecure`: Whether to use an insecure connection +- `trace.provider.otlp.headers`: Headers to include in OTLP requests + +## Services Configuration + +Root level key `services` + +### Key Access Server (KAS) + +Root level key `kas` + +Environment Variable: `OPENTDF_SERVICES_KAS_KEYRING='[{"kid":"k1","alg":"rsa:2048"},{"kid":"k2","alg":"ec:secp256r1"}]'` + +| Field | Description | Default | +| --------------------------------- | ------------------------------------------------------------------------------- | -------- | +| `keyring.*.kid` | Which key id this is binding | | +| `keyring.*.alg` | (Optional) Associated algorithm. (Allows reusing KID with different algorithms) | | +| `keyring.*.legacy` | Indicates this may be used for TDFs with no key ID; default if all unspecified. | inferred | +| `preview_features.ec_tdf_enabled` | Whether tdf based ecc support is enabled. | `false` | +| `preview_features.key_management` | Whether new key management features are enabled. | `false` | +| `root_key` | Key needed when new key_management functionality is enabled. | | + + +Example: + +```yaml +services: + kas: + keyring: + - kid: e2 + alg: ec:secp256r1 + - kid: e1 + alg: ec:secp256r1 + legacy: true + - kid: r2f + alg: rsa:2048 + - kid: r1 + alg: rsa:2048 + legacy: true +``` + +### Authorization + +Root level key `authorization` + +| Field | Description | Default | Environment Variables | +| ------------ | ------------------------------- | -------------------------------------- | ----------------------------------------- | +| `rego.path` | Path to rego policy file | Leverages embedded rego policy | OPENTDF_SERVICES_AUTHORIZATION_REGO_PATH | +| `rego.query` | Rego query to execute in policy | `data.opentdf.entitlements.attributes` | OPENTDF_SERVICES_AUTHORIZATION_REGO_QUERY | + +Example: + +```yaml +services: + authorization: + rego: + path: /path/to/policy.rego + query: data.opentdf.entitlements.attributes +``` + +### Policy + +Root level key `policy` + +| Field | Description | Default | Environment Variables | +| ---------------------------- | ------------------------------------------------------ | ------- | -------------------------------------------------- | +| `list_request_limit_default` | Policy List request limit default when not provided | 1000 | OPENTDF_SERVICES_POLICY_LIST_REQUEST_LIMIT_DEFAULT | +| `list_request_limit_max` | Policy List request limit maximum enforced by services | 2500 | OPENTDF_SERVICES_POLICY_LIST_REQUEST_LIMIT_MAX | + +Example: + +```yaml +services: + policy: + list_request_limit_default: 1000 + list_request_limit_max: 2500 +``` + +### Casbin Endpoint Authorization + +OpenTDF uses Casbin to manage authorization policies. This document provides an overview of how to configure and manage the default authorization policy in OpenTDF. + +#### Key Aspects of Authorization Configuration + +2. **Username Claim**: The claim in the OIDC token that should be used to extract a username. +3. **Group Claim**: The claim in the OIDC token that should be used to find the group claims. +4. **Map (Deprecated)**: Mapping between policy roles and IdP roles. +4. **Extension**: Policy that will extend the builtin policy +4. **CSV**: The authorization policy in CSV format. This will override the builtin policy. +5. **Model**: The Casbin policy model. This should only be set if you have a deep understanding of how casbin works. + +#### Configuration in opentdf-example.yaml + +Below is an example configuration snippet from +opentdf-example.yaml: + +```yaml +server: + auth: + enabled: true + enforceDPoP: false + # public_client_id: 'opentdf-public' # DEPRECATED + audience: 'http://localhost:8080' + issuer: http://keycloak:8888/auth/realms/opentdf + policy: + + ## Deprecated + ## Dot notation is used to access nested claims (i.e. realm_access.roles) + claim: "realm_access.roles" + + ## Dot notation is used to access the username claim + username_claim: "email" + + ## Dot notation is used to access the groups claim + group_claim: "realm_access.roles" + + ## Deprecated: Use standard casbin policy groupings (g, , ) + ## Maps the external role to the OpenTDF role + ## Note: left side is used in the policy, right side is the external role + map: + standard: opentdf-standard + admin: opentdf-admin + + ## Policy that will extend the builtin policy. + extension: | + p, role:admin, *, *, allow + p, role:standard, policy:attributes, read, allow + p, role:standard, policy:subject-mappings, read, allow + g, opentdf-admin, role:admin + g, alice@opentdf.io, role:standard + + ## Custom policy (see examples https://github.com/casbin/casbin/tree/master/examples) + ## This will overwrite the builtin policy. Use with caution. + csv: | + p, role:admin, *, *, allow + p, role:standard, policy:attributes, read, allow + p, role:standard, policy:subject-mappings, read, allow + p, role:standard, policy:resource-mappings, read, allow + p, role:standard, policy:kas-registry, read, allow + p, role:unknown, entityresolution.EntityResolutionService.ResolveEntities, write, allow + p, role:unknown, kas.AccessService/Rewrap, *, allow + + ## Custom model (see https://casbin.org/docs/syntax-for-models/) + ## Avoid setting this unless you have a deep understanding of how casbin works. + model: | + [request_definition] + r = sub, res, act, obj + + [policy_definition] + p = sub, res, act, obj, eft + + [role_definition] + g = _, _ + + [policy_effect] + e = some(where (p.eft == allow)) && !some(where (p.eft == deny)) + + [matchers] + m = g(r.sub, p.sub) && globOrRegexMatch(r.res, p.res) && globOrRegexMatch(r.act, p.act) && globOrRegexMatch(r.obj, p.obj) +``` + +#### Role Permissions + +- **Admin**: Can perform all operations. +- **Standard User**: Can read. +- **Public Endpoints**: Accessible without specific roles. + +#### Managing Authorization Policy + +Admins can manage the authorization policy directly in the YAML configuration file. For detailed configuration options, refer to the [Casbin documentation](https://casbin.org/docs/en/syntax-for-models). + +## Cache Configuration + +The platform supports a cache manager to improve performance for frequently accessed data. You can configure the cache backend and its resource usage. + +Root level key `cache` + +| Field | Description | Default | +|--------------------------|------------------------------------------------------------------|--------------| +| `ristretto.max_cost` | Maximum cost for the cache (e.g. 100mb, 1gb) | `1gb` | + +Example: + +```yaml +cache: + ristretto: + max_cost: 1gb # Maximum cost (i.e. 1mb, 1gb) for the cache (default: 1gb) +``` diff --git a/docs/tutorials/your-first-tdf/docker-compose.yaml b/docs/tutorials/your-first-tdf/docker-compose.yaml new file mode 100644 index 00000000..39f505dc --- /dev/null +++ b/docs/tutorials/your-first-tdf/docker-compose.yaml @@ -0,0 +1,531 @@ +networks: + default: + name: opentdf_platform + +configs: + caddy_config: + content: | + { + log { + level INFO + output stdout + } + } + https://keycloak.opentdf.local:9443 { + tls internal + reverse_proxy keycloak:8888 + } + https://platform.opentdf.local:8443 { + tls internal + reverse_proxy { + to h2c://platform:8080 + transport http { + versions h2c 2 1.1 # Enable gRPC proxying + } + } + } + +services: + caddy: + image: caddy:2.8.4-alpine + command: ['caddy','run', '--config', '/etc/caddy/Caddyfile'] + configs: + - source: caddy_config + target: /etc/caddy/Caddyfile + ports: + - "8443:8443" + - "9443:9443" + - "2019:2019" + volumes: + - caddy_data:/data + depends_on: + ensure-permissions: + condition: service_completed_successfully + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:2019/metrics"] + interval: 5s + timeout: 5s + retries: 3 + restart: unless-stopped + + check-certs: + image: alpine:3.23 + volumes: + - type: volume + source: caddy_data + target: /etc/ssl/certs + volume: + subpath: caddy/certificates/local/keycloak.opentdf.local/ + command: + - sh + - -c + - | + echo "Checking certificates" + ls -alh /etc/ssl/certs + cat /etc/ssl/certs/keycloak.opentdf.local.crt + depends_on: + caddy: + condition: service_healthy + ensure-permissions: + condition: service_completed_successfully + restart: "no" + + ensure-permissions: + image: alpine:3.23 + command: + - 'sh' + - '-c' + - | + chmod -R 755 /data + volumes: + - caddy_data:/data + restart: "no" + + keycloak: + volumes: + - keys:/keys:ro + image: keycloak/keycloak:25.0 + restart: always + depends_on: + fix-keys-permissions: + condition: service_completed_successfully + command: + - "start-dev" + - "--verbose" + - "-Djavax.net.ssl.trustStorePassword=password" + - "-Djavax.net.ssl.HostnameVerifier=AllowAll" + - "-Djavax.net.ssl.trustStore=/keys/ca.jks" + - "--spi-truststore-file-hostname-verification-policy=ANY" + environment: + KC_PROXY: edge + KC_HTTP_RELATIVE_PATH: /auth + KC_HOSTNAME_STRICT: "false" + KC_HOSTNAME_STRICT_BACKCHANNEL: "false" + KC_HOSTNAME_STRICT_HTTPS: "false" + KC_HTTP_ENABLED: "true" + KC_HTTP_PORT: "8888" + KC_HTTPS_PORT: "8443" + KC_HTTP_MANAGEMENT_PORT: "9001" + KEYCLOAK_ADMIN: admin + KEYCLOAK_ADMIN_PASSWORD: changeme + #KC_HOSTNAME_URL: http://localhost:8888/auth + KC_FEATURES: "preview,token-exchange" + KC_HEALTH_ENABLED: "true" + KC_HTTPS_KEY_STORE_PASSWORD: "password" + KC_HTTPS_KEY_STORE_FILE: "/keys/ca.jks" + KC_HTTPS_CERTIFICATE_FILE: "/keys/localhost.crt" + KC_HTTPS_CERTIFICATE_KEY_FILE: "/keys/localhost.key" + KC_HTTPS_CLIENT_AUTH: "request" + ### + # The following environment variable resolves SIGILL with Code 134 when running Java processes on Apple M4 chips + # + # On Apple Silicon (M4 chip): + # export JAVA_OPTS_APPEND="-XX:UseSVE=0" + # docker-compose up + # + # On other architectures: + # export JAVA_OPTS_APPEND="" + # docker-compose up + # + # Or set directly: JAVA_OPTS_APPEND="-XX:UseSVE=0" docker-compose up + JAVA_OPTS_APPEND: "${JAVA_OPTS_APPEND:-}" + ### + # ports: + # - "${KC_EXPOSE_PORT:-8443}:8443" + # - "${KC_EXPOSE_PORT_HTTP:-8888}:8888" + # - "${KC_EXPOSE_PORT_MGMT:-9001}:9001" + healthcheck: + test: + - CMD-SHELL + - | + [ -f /tmp/HealthCheck.java ] || echo "public class HealthCheck { + public static void main(String[] args) throws java.lang.Throwable { + javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true); + javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance(\"SSL\"); + sc.init(null, new javax.net.ssl.TrustManager[]{ + new javax.net.ssl.X509TrustManager() { + public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } + public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {} + public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {} + } + }, new java.security.SecureRandom()); + javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); + java.net.HttpURLConnection conn = (java.net.HttpURLConnection)new java.net.URL(args[0]).openConnection(); + System.exit(java.net.HttpURLConnection.HTTP_OK == conn.getResponseCode() ? 0 : 1); + } + }" > /tmp/HealthCheck.java && java ${JAVA_OPTS_APPEND} /tmp/HealthCheck.java http://localhost:8888/auth 2>/dev/null + interval: 10s + timeout: 10s + retries: 10 + start_period: 3m + opentdfdb: + image: postgres:15-alpine + restart: always + user: postgres + environment: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: changeme + POSTGRES_DB: opentdf + healthcheck: + test: ["CMD-SHELL", "pg_isready"] + interval: 5s + timeout: 5s + retries: 10 + + jaeger: + image: jaegertracing/all-in-one:latest + environment: + COLLECTOR_OTLP_ENABLED: "true" + ports: + - "16686:16686" # Web UI + - "4317:4317" # OTLP gRPC + - "4318:4318" # OTLP HTTP + - "14250:14250" # Model/collector gRPC + profiles: + - tracing + restart: always + + # Provision Keycloak with initial configuration + platform-provision-keycloak: + image: registry.opentdf.io/platform:nightly + command: ["provision", "keycloak", "-e", "https://keycloak.opentdf.local:9443/auth", "-f", "/configs/keycloak_data.yaml"] + depends_on: + keycloak: + condition: service_healthy + opentdfdb: + condition: service_healthy + patch-platform-config: + condition: service_completed_successfully + download-keycloak-data: + condition: service_completed_successfully + generate-keys: + condition: service_completed_successfully + volumes: + - configs:/configs:ro + - keys:/keys:ro + environment: + - OPENTDF_CONFIG_FILE=/configs/opentdf.yaml + restart: "no" + extra_hosts: + - "keycloak.opentdf.local:host-gateway" + # Prepare fixtures directory structure - create symlink to expected location + prepare-fixtures: + image: alpine:3.23 + volumes: + - configs:/configs + depends_on: + download-fixtures: + condition: service_completed_successfully + command: + - sh + - -c + - | + mkdir -p /configs/service/internal/fixtures + cd /configs + ln -sf /configs/service/internal/fixtures ./service + restart: "no" + + # Add sample attributes and metadata + platform-provision-fixtures: + image: registry.opentdf.io/platform:nightly + command: ["provision", "fixtures", "--config-file", "/configs/opentdf.yaml"] + working_dir: /configs + depends_on: + platform-provision-keycloak: + condition: service_completed_successfully + opentdfdb: + condition: service_healthy + prepare-fixtures: + condition: service_completed_successfully + generate-keys: + condition: service_completed_successfully + volumes: + - configs:/configs:ro + - keys:/keys:ro + restart: "no" + + # Prepare CA certificates bundle with Caddy cert + prepare-ca-certs: + image: alpine:3.23 + volumes: + - type: volume + source: caddy_data + target: /caddy-certs + read_only: true + volume: + subpath: caddy/certificates/local/keycloak.opentdf.local + - platform_certs:/etc/ssl/certs + depends_on: + caddy: + condition: service_healthy + command: + - sh + - -c + - | + # Install ca-certificates package + apk add --no-cache ca-certificates + # Copy Caddy certificate to CA bundle + cp /caddy-certs/keycloak.opentdf.local.crt /usr/local/share/ca-certificates/ + update-ca-certificates + # Copy the updated CA bundle to shared volume + cp -r /etc/ssl/certs/* /etc/ssl/certs/ + echo "CA certificates prepared successfully" + restart: "no" + + # Main OpenTDF Platform server + platform: + image: registry.opentdf.io/platform:nightly + command: ["start", "--config-file", "/configs/opentdf.yaml"] + depends_on: + platform-provision-fixtures: + condition: service_completed_successfully + keycloak: + condition: service_healthy + opentdfdb: + condition: service_healthy + generate-keys: + condition: service_completed_successfully + prepare-ca-certs: + condition: service_completed_successfully + ports: + - "8080:8080" + volumes: + - configs:/configs:ro + - keys:/keys:ro + - platform_certs:/etc/ssl/certs:ro + extra_hosts: + - "keycloak.opentdf.local:host-gateway" + restart: unless-stopped + + # Initialize volume permissions + init-volumes: + image: alpine:3.23 + volumes: + - configs:/configs + - keys:/keys + command: + - sh + - -c + - | + chmod 777 /configs /keys + mkdir -p /configs/service/internal/fixtures + chmod -R 777 /configs + restart: "no" + + # Fix keys permissions after generation + fix-keys-permissions: + image: alpine:3.23 + volumes: + - keys:/keys + depends_on: + generate-keys: + condition: service_completed_successfully + command: + - sh + - -c + - | + chmod -R 755 /keys + chmod 644 /keys/* + restart: "no" + + # Download platform configuration file + download-platform-config: + image: alpine:3.23 + volumes: + - configs:/configs + depends_on: + init-volumes: + condition: service_completed_successfully + command: ['wget', '-O', '/configs/opentdf.yaml', 'https://raw.githubusercontent.com/opentdf/platform/main/opentdf-example.yaml'] + restart: "no" + + # Patch platform configuration to use keycloak.opentdf.local:9443 + patch-platform-config: + image: alpine:3.23 + volumes: + - configs:/configs + depends_on: + download-platform-config: + condition: service_completed_successfully + command: + - sh + - -c + - | + apk add --no-cache sed + sed -i 's|http://keycloak:8888|https://keycloak.opentdf.local:9443|g' /configs/opentdf.yaml + echo "Patched opentdf.yaml to use keycloak.opentdf.local:9443" + restart: "no" + + # Download Keycloak provisioning data + download-keycloak-data: + image: alpine:3.23 + volumes: + - configs:/configs + depends_on: + init-volumes: + condition: service_completed_successfully + entrypoint: /bin/sh + command: + - -c + - | + URL='https://raw.githubusercontent.com/opentdf/platform/main/service/cmd/keycloak_data.yaml' + OUTPUT='/configs/keycloak_data.yaml' + MAX_ATTEMPTS=3 + + for i in $$(seq 1 $$MAX_ATTEMPTS); do + echo "Attempt $$i of $$MAX_ATTEMPTS: Downloading keycloak_data.yaml..." + + if wget -O "$$OUTPUT" "$$URL"; then + echo "Download successful" + + # Validate the downloaded file + if [ -f "$$OUTPUT" ] && [ -s "$$OUTPUT" ]; then + if head -1 "$$OUTPUT" | grep -q -E '^(---|\w+:)'; then + echo "Validation passed: File exists, non-empty, and appears to be valid YAML" + exit 0 + else + echo "Validation failed: File does not appear to be valid YAML" + rm -f "$$OUTPUT" + fi + else + echo "Validation failed: File is missing or empty" + fi + else + echo "Download failed (attempt $$i)" + fi + + if [ $$i -lt $$MAX_ATTEMPTS ]; then + echo "Retrying in 2 seconds..." + sleep 2 + fi + done + + echo "ERROR: Failed to download and validate keycloak_data.yaml after $$MAX_ATTEMPTS attempts" + exit 1 + restart: "no" + + # Download fixtures data + download-fixtures: + image: alpine:3.23 + volumes: + - configs:/configs + depends_on: + init-volumes: + condition: service_completed_successfully + command: ['wget', '-O', '/configs/service/internal/fixtures/policy_fixtures.yaml', 'https://raw.githubusercontent.com/opentdf/platform/main/service/internal/fixtures/policy_fixtures.yaml'] + restart: "no" + + # Download init-temp-keys script + download-init-script: + image: alpine:3.23 + volumes: + - configs:/configs + depends_on: + init-volumes: + condition: service_completed_successfully + entrypoint: /bin/sh + command: + - -c + - | + URL='https://raw.githubusercontent.com/opentdf/platform/main/.github/scripts/init-temp-keys.sh' + OUTPUT='/configs/init-temp-keys.sh' + MAX_ATTEMPTS=3 + + for i in $$(seq 1 $$MAX_ATTEMPTS); do + echo "Attempt $$i of $$MAX_ATTEMPTS: Downloading init-temp-keys.sh..." + + if wget -O "$$OUTPUT" "$$URL"; then + echo "Download successful" + + # Validate the downloaded file + if [ -f "$$OUTPUT" ] && [ -s "$$OUTPUT" ]; then + if head -1 "$$OUTPUT" | grep -q '^#!/'; then + echo "Validation passed: File exists, non-empty, and appears to be a shell script" + exit 0 + else + echo "Validation failed: File does not appear to be a valid shell script" + rm -f "$$OUTPUT" + fi + else + echo "Validation failed: File is missing or empty" + fi + else + echo "Download failed (attempt $$i)" + fi + + if [ $$i -lt $$MAX_ATTEMPTS ]; then + echo "Retrying in 2 seconds..." + sleep 2 + fi + done + + echo "ERROR: Failed to download and validate init-temp-keys.sh after $$MAX_ATTEMPTS attempts" + exit 1 + restart: "no" + + # Generate keys without Docker dependency + generate-keys: + image: alpine:3.23 + volumes: + - configs:/configs + - keys:/keys + depends_on: + download-init-script: + condition: service_completed_successfully + init-volumes: + condition: service_completed_successfully + entrypoint: /bin/sh + command: + - -c + - | + apk add --no-cache openssl openjdk11-jre bash + cd /keys + + # Generate KAS RSA private key + openssl genpkey -algorithm RSA -out /keys/kas-private.pem -pkeyopt rsa_keygen_bits:2048 + openssl rsa -in /keys/kas-private.pem -pubout -out /keys/kas-cert.pem + + # Generate ECC Key + openssl ecparam -name prime256v1 > /tmp/ecparams.tmp + openssl req -x509 -nodes -newkey ec:/tmp/ecparams.tmp -subj "/CN=kas" -keyout /keys/kas-ec-private.pem -out /keys/kas-ec-cert.pem -days 365 + + # Generate CA + openssl req -x509 -nodes -newkey RSA:2048 -subj "/CN=ca" -keyout /keys/keycloak-ca-private.pem -out /keys/keycloak-ca.pem -days 365 + + # Generate localhost certificate + printf "subjectAltName=DNS:localhost,IP:127.0.0.1" > /tmp/sanX509.conf + printf "[req]\ndistinguished_name=req_distinguished_name\n[req_distinguished_name]\n[alt_names]\nDNS.1=localhost\nIP.1=127.0.0.1" > /tmp/req.conf + openssl req -new -nodes -newkey rsa:2048 -keyout /keys/localhost.key -out /tmp/localhost.req -batch -subj "/CN=localhost" -config /tmp/req.conf + openssl x509 -req -in /tmp/localhost.req -CA /keys/keycloak-ca.pem -CAkey /keys/keycloak-ca-private.pem -CAcreateserial -out /keys/localhost.crt -days 3650 -sha256 -extfile /tmp/sanX509.conf + + # Generate sample user certificate + openssl req -new -nodes -newkey rsa:2048 -keyout /keys/sampleuser.key -out /tmp/sampleuser.req -batch -subj "/CN=sampleuser" + openssl x509 -req -in /tmp/sampleuser.req -CA /keys/keycloak-ca.pem -CAkey /keys/keycloak-ca-private.pem -CAcreateserial -out /keys/sampleuser.crt -days 3650 + + # Convert to PKCS12 + openssl pkcs12 -export -in /keys/keycloak-ca.pem -inkey /keys/keycloak-ca-private.pem -out /keys/ca.p12 -nodes -passout pass:password + + # Convert PKCS12 to JKS using keytool (no Docker needed) + keytool -importkeystore \ + -srckeystore /keys/ca.p12 \ + -srcstoretype PKCS12 \ + -destkeystore /keys/ca.jks \ + -deststoretype JKS \ + -srcstorepass "password" \ + -deststorepass "password" \ + -noprompt + + echo "Keys generated successfully" + environment: + JAVA_OPTS_APPEND: "${JAVA_OPTS_APPEND:-}" + restart: "no" + +volumes: + keys: + name: opentdf_keys + configs: + name: opentdf_configs + caddy_data: + platform_certs: + name: opentdf_platform_certs + diff --git a/docs/getting-started/index.mdx b/docs/tutorials/your-first-tdf/index.mdx similarity index 81% rename from docs/getting-started/index.mdx rename to docs/tutorials/your-first-tdf/index.mdx index c0622daf..5379f218 100644 --- a/docs/getting-started/index.mdx +++ b/docs/tutorials/your-first-tdf/index.mdx @@ -1,6 +1,32 @@ --- -slug: /getting-started +slug: /tutorials/your-first-tdf --- + +import dockerComposeContent from '!!raw-loader!./docker-compose.yaml'; +import CodeBlock from '@theme/CodeBlock'; + + + # Getting Started This guide will walk you through setting up a new platform locally and walk you through some of the basic concepts within the OpenTDF platform. @@ -14,333 +40,66 @@ This guide will walk you through setting up a new platform locally and walk you - [Podman](https://podman.io/) - [Docker Compose](https://docs.docker.com/compose/) +## Update /etc/hosts + +In order for the services to communicate correctly you will need to update your `/etc/hosts` file. + +```shell +echo -e "127.0.0.1 platform.opentdf.local\n127.0.0.1 keycloak.opentdf.local" | sudo tee -a /etc/hosts +``` + ## Getting the Platform Running The first step is to get the platform running locally. You can use the following docker compose file to get the platform running. This docker compose file will start a local instance of the [platform](https://github.com/opentdf/platform/tree/main), [Keycloak](https://www.keycloak.org/), and a [Postgres](https://www.postgresql.org/) database. -> **Note for Apple M4 chip users:** -> If you are running on an Apple M4 chip, set the Java environment variable before running any commands: -> ```sh -> export JAVA_OPTS_APPEND="-XX:UseSVE=0" -> ``` -> This resolves SIGILL with Code 134 errors when running Java processes (such as Keycloak). - :::warning Not for production use. ::: +Download docker-compose.yaml +
Docker Compose -```yaml -name: opentdf -volumes: - configs: - keys: - caddy_data: -configs: - caddy_config: - content: | - { - log { - level INFO - output stdout - } - } - https://keycloak.opentdf.local:9443 { - tls internal - reverse_proxy keycloak:8888 - } - https://platform.opentdf.local:8443 { - tls internal - reverse_proxy { - to h2c://platform:8080 - transport http { - versions h2c 2 1.1 # Enable gRPC proxying - } - } - - } -services: - caddy: - image: caddy:alpine - command: ['caddy','run', '--config', '/etc/caddy/Caddyfile'] - configs: - - source: caddy_config - target: /etc/caddy/Caddyfile - ports: - - '9443:9443' - - '8443:8443' - volumes: - - caddy_data:/data - restart: unless-stopped - healthcheck: - test: ["CMD-SHELL", "wget -q --server-response --tries=1 http://127.0.0.1:2019/metrics 2>&1 | awk '/^ HTTP/{print $2}' | grep -q '200'"] - interval: 5s - timeout: 5s - retries: 3 - check-certs: - image: bash:latest - volumes: - - type: volume - source: caddy_data - target: /etc/ssl/certs - volume: - subpath: caddy/certificates/local/keycloak.opentdf.local/ - command: - - bash - - -c - - | - echo "Checking certificates" - ls -alh /etc/ssl/certs - cat /etc/ssl/certs/keycloak.opentdf.local.crt - depends_on: - caddy: - condition: service_healthy - ensure-permissions: - condition: service_completed_successfully - ensure-permissions: - image: alpine - command: - - 'sh' - - '-c' - - | - chmod -R 777 /configs - ls -alh /configs - chmod -R 777 /keys - ls -alh /keys - chmod -R 777 /data - ls -alh /data - volumes: - - configs:/configs - - keys:/keys - - caddy_data:/data - - #================================================================ - -# Start Keycloak - - #---------------------------------------------------------------- - keycloak: - image: keycloak/keycloak:25.0 - restart: unless-stopped - command: ['start-dev'] - environment: - KC_DB: postgres - KC_DB_URL_HOST: keycloak-db - KC_DB_URL_PORT: 5432 - KC_DB_URL_DATABASE: keycloak - KC_DB_USERNAME: postgres - KC_DB_PASSWORD: changeme - KC_HOSTNAME: 'https://keycloak.opentdf.local:9443' - KC_HOSTNAME_ADMIN: 'https://keycloak.opentdf.local:9443' - KC_HTTP_ENABLED: 'true' - KC_HTTP_PORT: 8888 - KEYCLOAK_ADMIN: admin - KEYCLOAK_ADMIN_PASSWORD: changeme - KC_FEATURES: 'preview,token-exchange' - KC_HEALTH_ENABLED: 'true' - JAVA_OPTS_APPEND: '${JAVA_OPTS_APPEND:-}' - healthcheck: - test: ['CMD-SHELL', '[ -f /tmp/HealthCheck.java ] || echo "public class HealthCheck { public static void main(String[] args) throws java.lang.Throwable { System.exit(java.net.HttpURLConnection.HTTP_OK == ((java.net.HttpURLConnection)new java.net.URL(args[0]).openConnection()).getResponseCode() ? 0 : 1); } }" > /tmp/HealthCheck.java && java ${JAVA_OPTS_APPEND} /tmp/HealthCheck.java http://localhost:9000/health/ready'] - interval: 5s - timeout: 10s - retries: 3 - start_period: 5m - depends_on: - keycloak-db: - condition: service_healthy - restart: true - keycloak-db: - image: postgres:15-alpine - restart: unless-stopped - environment: - POSTGRES_PASSWORD: changeme - POSTGRES_USER: postgres - POSTGRES_DB: keycloak - healthcheck: - test: ["CMD-SHELL", "pg_isready -U postgres"] - interval: 5s - timeout: 5s - retries: 10 - start_period: 2m - download-keycloak-config: - image: curlimages/curl:latest - volumes: - - configs:/configs - command: ['-o', '/configs/keycloak-config.yaml', 'https://raw.githubusercontent.com/opentdf/platform/main/service/cmd/keycloak_data.yaml'] - depends_on: - ensure-permissions: - condition: service_completed_successfully - #================================================================ - -# Provisioning Keycloak with expected realm, clients, and users - - #---------------------------------------------------------------- - keycloak-provisioning: - image: registry.opentdf.io/platform:nightly - volumes: - - configs:/configs - command: - [ - 'provision', - 'keycloak', - '-e', - 'http://keycloak:8888', - '-f', - '/configs/keycloak-config.yaml', - ] - depends_on: - keycloak: - condition: service_healthy - restart: true - download-keycloak-config: - condition: service_completed_successfully - restart: true - #================================================================ - -# Start the OpenTDF service - - #---------------------------------------------------------------- - download-platform-config: - image: curlimages/curl:latest - volumes: - - configs:/configs - command: ['-o', '/configs/.opentdf.yaml', 'https://raw.githubusercontent.com/opentdf/platform/main/opentdf-dev.yaml'] - depends_on: - ensure-permissions: - condition: service_completed_successfully - modify-platform-config: - image: bash:latest - volumes: - - configs:/configs - command: - - bash - - -c - - | - echo "Modifying /configs/.opentdf.yaml" - echo "$({dockerComposeContent}
-## Update /etc/hosts +### Save the Docker Compose File -In order for the services to communicate correctly you will need to update your `/etc/hosts` file. +Click the **download** button above to save the `docker-compose.yaml` file to your local machine. If you prefer to copy the content manually, save it as `docker-compose.yaml`. + +### Start the Platform + +Once you have the `docker-compose.yaml` file saved, start the platform using the following command: ```shell -echo -e "127.0.0.1 platform.opentdf.local\n127.0.0.1 keycloak.opentdf.local" | sudo tee -a /etc/hosts +# If running on Apple M4 chip +JAVA_OPTS_APPEND="-XX:UseSVE=0" docker compose --file docker-compose.yaml up -d + +# Or on other architectures +docker compose --file docker-compose.yaml up -d ``` +> **Note for Apple M4 chip users:** +> The `JAVA_OPTS_APPEND="-XX:UseSVE=0"` environment variable resolves SIGILL with Code 134 errors when running Java processes (such as Keycloak). + ## Trust Self Signed Certificates -During the bootstrapping process `caddy` will generate self signed certificates. You will either need to trust these certificates on your system or use the `--tls-no-verify` flag on every command. If using the `--tls-no-verify` command it will disable profiles and require that you pass in the host and authentication into each command. +After starting the platform, `caddy` will generate self-signed certificates during the bootstrapping process. You will either need to trust these certificates on your system or use the `--tls-no-verify` flag on every command. If using the `--tls-no-verify` command it will disable profiles and require that you pass in the host and authentication into each command. -Example of extracting the certificate from the container. +First, extract the certificates from the container: ```shell mkdir -p ./opentdf-certs ``` ```shell -docker cp opentdf-caddy-1:/data/caddy/certificates/local/keycloak.opentdf.local/keycloak.opentdf.local.crt ./opentdf-certs +docker compose cp caddy:/data/caddy/certificates/local/keycloak.opentdf.local/keycloak.opentdf.local.crt ./opentdf-certs ``` ```shell -docker cp opentdf-caddy-1:/data/caddy/certificates/local/platform.opentdf.local/platform.opentdf.local.crt ./opentdf-certs +docker compose cp caddy:/data/caddy/certificates/local/platform.opentdf.local/platform.opentdf.local.crt ./opentdf-certs ``` ### Import and Trust Certificates by Operating System @@ -468,7 +227,7 @@ These self-signed certificates are only valid for local development. Never use s Creating a profile allows us to store the host we want to connect to and then to tie our credentials to it when we login. ```shell -otdfctl profile create platform-otdf-local https://platform.otdf.local:8443 +otdfctl profile create platform-otdf-local https://platform.opentdf.local:8443 ``` ## Login to the Platform @@ -585,6 +344,16 @@ You can also create values at the same time when creating the definition. This i ::: +:::info Learn More About Attribute Rules + +We're using the `ANY_OF` rule in this example, which means users need at least one of the attribute values to access data. OpenTDF also supports: +- **ALL_OF**: Require multiple attribute values simultaneously (e.g., multiple certifications) +- **HIERARCHY**: Create ordered levels like membership tiers (platinum > gold > silver) + +For detailed explanations with examples and guidance on choosing the right rule, see [ABAC: Attribute Rules](/explanation/abac-and-policy/#attribute-rules). + +::: + ### Create attribute definition ```shell @@ -785,7 +554,7 @@ Now that we have a few basic resources in place we can show you how to control a ### Encrypt Data Without Attributes -Within the `otdfctl` CLI there is basic functionality to interact with `zTDF` and `nanoTDF`. +Within the `otdfctl` CLI there is basic functionality to interact with `zTDF`. #### Example zTDF encryption @@ -793,12 +562,6 @@ Within the `otdfctl` CLI there is basic functionality to interact with `zTDF` an echo 'my first encrypted tdf' | otdfctl encrypt --profile platform-otdf-local -o example.tdf --tdf-type tdf3 ``` -#### Example nanoTDF encryption - -```shell -echo 'my first encrypted nano tdf' | otdfctl encrypt --profile platform-otdf-local -o example.nano.tdf --tdf-type nano -``` - ### Decrypt Data Without Attributes Because we didn't add any attributes to the data we encrypted, we should be able to decrypt the data without any issues. @@ -812,21 +575,12 @@ otdfctl decrypt --profile platform-otdf-local --tdf-type tdf3 example.tdf my first encrypted tdf ``` -```shell -otdfctl decrypt --profile platform-otdf-local --tdf-type nano example.nano.tdf -``` - -```shell -# Output -my first encrypted nano tdf -``` - ### Encrypt Data With Attributes In this example we will encrypt the data with the attribute `https://opentdf.io/attr/role/value/guest`. First cleanup any existing tdf files from before. ```shell -rm example.tdf example.nano.tdf +rm example.tdf ``` #### Example zTDF encryption with attributes @@ -835,12 +589,6 @@ rm example.tdf example.nano.tdf echo 'my first encrypted tdf' | otdfctl encrypt --profile platform-otdf-local -o example.tdf --tdf-type tdf3 --attr https://opentdf.io/attr/role/value/guest ``` -#### Example nanoTDF encryption with attributes - -```shell -echo 'my first encrypted nano tdf' | otdfctl encrypt --profile platform-otdf-local -o example.nano.tdf --tdf-type nano --attr https://opentdf.io/attr/role/value/guest -``` - ### Decrypt Data With Attributes In this first example we will try to decrypt the data but it will fail because we shouldn't be assigned the entitlement of `https://opentdf.io/attr/role/value/guest` at this point. @@ -857,17 +605,6 @@ ERROR Failed to decrypt file: reader.WriteTo failed: doPayloadKeyUnwrap split rpc error: code = PermissionDenied desc = forbidden ``` -#### Example nanoTDF failed decryption - -```shell -otdfctl decrypt --profile platform-otdf-local --tdf-type nano example.nano.tdf -``` - -```shell -ERROR Failed to decrypt file: readSeeker.Seek failed: error making request to kas: error making rewrap request: rpc error: code = PermissionDenied desc = request error - rpc error: code = PermissionDenied desc = forbidden -``` - What we have to do now is assign the entitlement of `https://opentdf.io/attr/role/value/guest` to the entity by creating a new subject mapping for the condition set we created earlier. #### Create a new subject mapping @@ -906,17 +643,6 @@ otdfctl decrypt --profile platform-otdf-local --tdf-type tdf3 example.tdf my first encrypted tdf ``` -#### Example nanoTDF successful decryption - -```shell -otdfctl decrypt --profile platform-otdf-local --tdf-type nano example.nano.tdf -``` - -```shell -# Output -my first encrypted nano tdf -``` - ## Takeaways and Next Steps In this document you have learned how to create a namespace, attribute, subject mapping, and encrypt/decrypt data with the **OpenTDF Platform**. diff --git a/docusaurus.config.ts b/docusaurus.config.ts index 3657ed13..0f80b9b0 100644 --- a/docusaurus.config.ts +++ b/docusaurus.config.ts @@ -19,7 +19,20 @@ preprocessOpenApiSpecs().catch(error => { process.exit(1); }); -const otdfctl = listRemote.createRepo("opentdf", "otdfctl", "main"); +// Allow overriding upstream branches via environment variables +// Each repo can be independently configured, defaults to 'main' if not set +const platformBranch = process.env.PLATFORM_BRANCH || 'main'; +const specBranch = process.env.SPEC_BRANCH || 'main'; +const otdfctlBranch = process.env.OTDFCTL_BRANCH || 'main'; + +console.log(`Using upstream branches:`); +console.log(` - platform: ${platformBranch}`); +console.log(` - spec: ${specBranch}`); +console.log(` - otdfctl: ${otdfctlBranch}`); + +const otdfctl = listRemote.createRepo("opentdf", "otdfctl", otdfctlBranch); + +const javaSdkVersion = "0.11.1"; const config: Config = { title: "OpenTDF", @@ -32,6 +45,11 @@ const config: Config = { // For GitHub pages deployment, it is often '//' baseUrl: "/", trailingSlash: false, + customFields: { + javaSdkVersion, + googleGtagId: 'G-JH0PNJK88L', + }, + // GitHub pages deployment config. // If you aren't using GitHub pages, you don't need these. organizationName: "opentdf", // Usually your GitHub org/user name. @@ -109,10 +127,14 @@ const config: Config = { }, items: [ { - type: "doc", + to: "/documentation", + position: "left", + label: "Documentation", + }, + { + href: "https://www.virtru.com/partners/", + label: "Partners", position: "left", - docId: "introduction", - label: "Docs", }, { href: "https://github.com/opentdf", @@ -146,12 +168,12 @@ const config: Config = { title: "Support", items: [ { - label: "Getting Started", - to: "/getting-started/configuration", + label: "Tutorials", + to: "/tutorials", }, { label: "Documentation", - to: "/introduction", + to: "/", }, { label: "GitHub Discussions", @@ -172,6 +194,23 @@ const config: Config = { }, ], }, + { + title: "Legal", + items: [ + { + label: "Privacy Policy", + to: "/privacy-policy", + }, + { + label: "Cookie Policy", + to: "/cookie-policy", + }, + { + label: "Terms of Service", + to: "/terms-of-service", + }, + ], + }, ], copyright: ` Copyright © ${new Date().getFullYear()} OpenTDF @@ -218,13 +257,13 @@ const config: Config = { ], "plugin-image-zoom", - ...getSpecDocumentationPlugins(), + ...getSpecDocumentationPlugins(undefined, specBranch), [ "docusaurus-plugin-remote-content", { name: "otdfctl", id: "otdfctl", - outDir: "docs/components/cli", + outDir: "docs/explanation/platform-architecture/components/cli", sourceBaseUrl: listRemote.buildRepoRawBaseUrl(otdfctl), documents: listRemote.listDocuments(otdfctl, ["docs/man/**/*.md"], []), modifyContent: (filename, content) => { @@ -266,6 +305,23 @@ const config: Config = { return { content: "", filename: "" }; } + // For selector generate and test files, link to selectors index page's flattening syntax section + // instead of including it inline + let modifiedContent = rawContent; + if (filename.includes('selectors/generate.md') || filename.includes('selectors/test.md')) { + // Fix inline references to flattening-syntax to point to selectors index page + // Use ./ to reference the current directory's index page + modifiedContent = modifiedContent.replace( + /\(#flattening-syntax\)/g, + '(./#flattening-syntax)' + ); + // Remove the h1 Flattening Syntax section + modifiedContent = modifiedContent.replace( + /\n# Flattening Syntax[\s\S]*$/, + '' + ); + } + // Wrap the content in CommandLineDocs component const nextContent = `--- title: ${commandTitle} @@ -275,7 +331,7 @@ import React from 'react'; import CommandLineDocs from '@site/src/components/CommandLineDocs'; -${rawContent} +${modifiedContent} `; @@ -292,8 +348,8 @@ ${rawContent} // options here name: "platform-configuration", // used by CLI, must be path safe sourceBaseUrl: - "https://raw.githubusercontent.com/opentdf/platform/main/docs/", // the base url for the markdown (gets prepended to all of the documents when fetching) - outDir: "docs/getting-started", // the base directory to output to. + `https://raw.githubusercontent.com/opentdf/platform/${platformBranch}/docs/`, // the base url for the markdown (gets prepended to all of the documents when fetching) + outDir: "docs/how-to/getting-started", // the base directory to output to. documents: ["Configuring.md"], // the file names to download modifyContent: (filename, content) => { let updatedContent = content; @@ -310,12 +366,51 @@ ${updatedContent}`, }, }, ], + [ + "docusaurus-plugin-remote-content", + { + name: "java-sdk-examples", + id: "java-sdk-examples", + sourceBaseUrl: `https://raw.githubusercontent.com/opentdf/java-sdk/refs/tags/v${javaSdkVersion}/`, + documents: [ + "examples/src/main/java/io/opentdf/platform/CreateAttribute.java", + "examples/src/main/java/io/opentdf/platform/CreateNamespace.java", + "examples/src/main/java/io/opentdf/platform/CreateSubjectConditionSet.java", + "examples/src/main/java/io/opentdf/platform/CreateSubjectMapping.java", + "examples/src/main/java/io/opentdf/platform/DecryptCollectionExample.java", + "examples/src/main/java/io/opentdf/platform/DecryptExample.java", + "examples/src/main/java/io/opentdf/platform/EncryptCollectionExample.java", + "examples/src/main/java/io/opentdf/platform/EncryptExample.java", + "examples/src/main/java/io/opentdf/platform/GetDecisions.java", + "examples/src/main/java/io/opentdf/platform/GetEntitlements.java", + "examples/src/main/java/io/opentdf/platform/GetManifestInformation.java", + "examples/src/main/java/io/opentdf/platform/ListAttributes.java", + "examples/src/main/java/io/opentdf/platform/ListNamespaces.java", + "examples/src/main/java/io/opentdf/platform/ListSubjectMappings.java" + ], + outDir: "code_samples/java", + modifyContent: (filename, content) => { + const baseName = + filename.split("/").pop()?.replace(".java", "") || "default"; + const kebabCaseName = + baseName[0].toLowerCase() + + baseName + .slice(1) + .replaceAll(/([A-Z])/g, "-$1") + .toLowerCase(); + return { + content: `\`\`\`java\n${content}\n\`\`\``, + filename: `${kebabCaseName}.mdx`, + }; + }, + }, + ], [ "docusaurus-plugin-openapi-docs", { id: "api", // plugin id docsPluginId: "classic", // configured for preset-classic - config: openApiSpecs + config: openApiSpecs }, ], require.resolve("docusaurus-lunr-search"), diff --git a/package-lock.json b/package-lock.json index d54a5b6f..3a147296 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,6 +9,7 @@ "version": "0.0.0", "dependencies": { "@docusaurus/core": "^3.6.3", + "@docusaurus/plugin-google-gtag": "^3.9.2", "@docusaurus/plugin-ideal-image": "^3.6.3", "@docusaurus/preset-classic": "^3.6.3", "@docusaurus/theme-mermaid": "^3.6.3", @@ -26,7 +27,9 @@ "octokit": "^4.0.2", "plugin-image-zoom": "^1.2.0", "prism-react-renderer": "^2.4.0", + "raw-loader": "^4.0.2", "react": "^18.0.0", + "react-cookie-consent": "^10.0.1", "react-dom": "^18.0.0", "react-error-boundary": "^4.1.2", "react-markdown": "^9.0.1", @@ -3596,23 +3599,556 @@ } }, "node_modules/@docusaurus/plugin-google-gtag": { - "version": "3.8.1", - "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-gtag/-/plugin-google-gtag-3.8.1.tgz", - "integrity": "sha512-tKE8j1cEZCh8KZa4aa80zpSTxsC2/ZYqjx6AAfd8uA8VHZVw79+7OTEP2PoWi0uL5/1Is0LF5Vwxd+1fz5HlKg==", + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-gtag/-/plugin-google-gtag-3.9.2.tgz", + "integrity": "sha512-YJ4lDCphabBtw19ooSlc1MnxtYGpjFV9rEdzjLsUnBCeis2djUyCozZaFhCg6NGEwOn7HDDyMh0yzcdRpnuIvA==", "license": "MIT", "dependencies": { - "@docusaurus/core": "3.8.1", - "@docusaurus/types": "3.8.1", - "@docusaurus/utils-validation": "3.8.1", + "@docusaurus/core": "3.9.2", + "@docusaurus/types": "3.9.2", + "@docusaurus/utils-validation": "3.9.2", "@types/gtag.js": "^0.0.12", "tslib": "^2.6.0" }, "engines": { - "node": ">=18.0" + "node": ">=20.0" + }, + "peerDependencies": { + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + } + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/@docusaurus/babel": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/babel/-/babel-3.9.2.tgz", + "integrity": "sha512-GEANdi/SgER+L7Japs25YiGil/AUDnFFHaCGPBbundxoWtCkA2lmy7/tFmgED4y1htAy6Oi4wkJEQdGssnw9MA==", + "license": "MIT", + "dependencies": { + "@babel/core": "^7.25.9", + "@babel/generator": "^7.25.9", + "@babel/plugin-syntax-dynamic-import": "^7.8.3", + "@babel/plugin-transform-runtime": "^7.25.9", + "@babel/preset-env": "^7.25.9", + "@babel/preset-react": "^7.25.9", + "@babel/preset-typescript": "^7.25.9", + "@babel/runtime": "^7.25.9", + "@babel/runtime-corejs3": "^7.25.9", + "@babel/traverse": "^7.25.9", + "@docusaurus/logger": "3.9.2", + "@docusaurus/utils": "3.9.2", + "babel-plugin-dynamic-import-node": "^2.3.3", + "fs-extra": "^11.1.1", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=20.0" + } + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/@docusaurus/bundler": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/bundler/-/bundler-3.9.2.tgz", + "integrity": "sha512-ZOVi6GYgTcsZcUzjblpzk3wH1Fya2VNpd5jtHoCCFcJlMQ1EYXZetfAnRHLcyiFeBABaI1ltTYbOBtH/gahGVA==", + "license": "MIT", + "dependencies": { + "@babel/core": "^7.25.9", + "@docusaurus/babel": "3.9.2", + "@docusaurus/cssnano-preset": "3.9.2", + "@docusaurus/logger": "3.9.2", + "@docusaurus/types": "3.9.2", + "@docusaurus/utils": "3.9.2", + "babel-loader": "^9.2.1", + "clean-css": "^5.3.3", + "copy-webpack-plugin": "^11.0.0", + "css-loader": "^6.11.0", + "css-minimizer-webpack-plugin": "^5.0.1", + "cssnano": "^6.1.2", + "file-loader": "^6.2.0", + "html-minifier-terser": "^7.2.0", + "mini-css-extract-plugin": "^2.9.2", + "null-loader": "^4.0.1", + "postcss": "^8.5.4", + "postcss-loader": "^7.3.4", + "postcss-preset-env": "^10.2.1", + "terser-webpack-plugin": "^5.3.9", + "tslib": "^2.6.0", + "url-loader": "^4.1.1", + "webpack": "^5.95.0", + "webpackbar": "^6.0.1" + }, + "engines": { + "node": ">=20.0" + }, + "peerDependencies": { + "@docusaurus/faster": "*" + }, + "peerDependenciesMeta": { + "@docusaurus/faster": { + "optional": true + } + } + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/@docusaurus/core": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/core/-/core-3.9.2.tgz", + "integrity": "sha512-HbjwKeC+pHUFBfLMNzuSjqFE/58+rLVKmOU3lxQrpsxLBOGosYco/Q0GduBb0/jEMRiyEqjNT/01rRdOMWq5pw==", + "license": "MIT", + "dependencies": { + "@docusaurus/babel": "3.9.2", + "@docusaurus/bundler": "3.9.2", + "@docusaurus/logger": "3.9.2", + "@docusaurus/mdx-loader": "3.9.2", + "@docusaurus/utils": "3.9.2", + "@docusaurus/utils-common": "3.9.2", + "@docusaurus/utils-validation": "3.9.2", + "boxen": "^6.2.1", + "chalk": "^4.1.2", + "chokidar": "^3.5.3", + "cli-table3": "^0.6.3", + "combine-promises": "^1.1.0", + "commander": "^5.1.0", + "core-js": "^3.31.1", + "detect-port": "^1.5.1", + "escape-html": "^1.0.3", + "eta": "^2.2.0", + "eval": "^0.1.8", + "execa": "5.1.1", + "fs-extra": "^11.1.1", + "html-tags": "^3.3.1", + "html-webpack-plugin": "^5.6.0", + "leven": "^3.1.0", + "lodash": "^4.17.21", + "open": "^8.4.0", + "p-map": "^4.0.0", + "prompts": "^2.4.2", + "react-helmet-async": "npm:@slorber/react-helmet-async@1.3.0", + "react-loadable": "npm:@docusaurus/react-loadable@6.0.0", + "react-loadable-ssr-addon-v5-slorber": "^1.0.1", + "react-router": "^5.3.4", + "react-router-config": "^5.1.1", + "react-router-dom": "^5.3.4", + "semver": "^7.5.4", + "serve-handler": "^6.1.6", + "tinypool": "^1.0.2", + "tslib": "^2.6.0", + "update-notifier": "^6.0.2", + "webpack": "^5.95.0", + "webpack-bundle-analyzer": "^4.10.2", + "webpack-dev-server": "^5.2.2", + "webpack-merge": "^6.0.1" + }, + "bin": { + "docusaurus": "bin/docusaurus.mjs" + }, + "engines": { + "node": ">=20.0" + }, + "peerDependencies": { + "@mdx-js/react": "^3.0.0", + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + } + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/@docusaurus/core/node_modules/webpack-merge": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/webpack-merge/-/webpack-merge-6.0.1.tgz", + "integrity": "sha512-hXXvrjtx2PLYx4qruKl+kyRSLc52V+cCvMxRjmKwoA+CBbbF5GfIBtR6kCvl0fYGqTUPKB+1ktVmTHqMOzgCBg==", + "license": "MIT", + "dependencies": { + "clone-deep": "^4.0.1", + "flat": "^5.0.2", + "wildcard": "^2.0.1" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/@docusaurus/cssnano-preset": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/cssnano-preset/-/cssnano-preset-3.9.2.tgz", + "integrity": "sha512-8gBKup94aGttRduABsj7bpPFTX7kbwu+xh3K9NMCF5K4bWBqTFYW+REKHF6iBVDHRJ4grZdIPbvkiHd/XNKRMQ==", + "license": "MIT", + "dependencies": { + "cssnano-preset-advanced": "^6.1.2", + "postcss": "^8.5.4", + "postcss-sort-media-queries": "^5.2.0", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=20.0" + } + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/@docusaurus/logger": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/logger/-/logger-3.9.2.tgz", + "integrity": "sha512-/SVCc57ByARzGSU60c50rMyQlBuMIJCjcsJlkphxY6B0GV4UH3tcA1994N8fFfbJ9kX3jIBe/xg3XP5qBtGDbA==", + "license": "MIT", + "dependencies": { + "chalk": "^4.1.2", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=20.0" + } + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/@docusaurus/mdx-loader": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/mdx-loader/-/mdx-loader-3.9.2.tgz", + "integrity": "sha512-wiYoGwF9gdd6rev62xDU8AAM8JuLI/hlwOtCzMmYcspEkzecKrP8J8X+KpYnTlACBUUtXNJpSoCwFWJhLRevzQ==", + "license": "MIT", + "dependencies": { + "@docusaurus/logger": "3.9.2", + "@docusaurus/utils": "3.9.2", + "@docusaurus/utils-validation": "3.9.2", + "@mdx-js/mdx": "^3.0.0", + "@slorber/remark-comment": "^1.0.0", + "escape-html": "^1.0.3", + "estree-util-value-to-estree": "^3.0.1", + "file-loader": "^6.2.0", + "fs-extra": "^11.1.1", + "image-size": "^2.0.2", + "mdast-util-mdx": "^3.0.0", + "mdast-util-to-string": "^4.0.0", + "rehype-raw": "^7.0.0", + "remark-directive": "^3.0.0", + "remark-emoji": "^4.0.0", + "remark-frontmatter": "^5.0.0", + "remark-gfm": "^4.0.0", + "stringify-object": "^3.3.0", + "tslib": "^2.6.0", + "unified": "^11.0.3", + "unist-util-visit": "^5.0.0", + "url-loader": "^4.1.1", + "vfile": "^6.0.1", + "webpack": "^5.88.1" + }, + "engines": { + "node": ">=20.0" + }, + "peerDependencies": { + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + } + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/@docusaurus/types": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/types/-/types-3.9.2.tgz", + "integrity": "sha512-Ux1JUNswg+EfUEmajJjyhIohKceitY/yzjRUpu04WXgvVz+fbhVC0p+R0JhvEu4ytw8zIAys2hrdpQPBHRIa8Q==", + "license": "MIT", + "dependencies": { + "@mdx-js/mdx": "^3.0.0", + "@types/history": "^4.7.11", + "@types/mdast": "^4.0.2", + "@types/react": "*", + "commander": "^5.1.0", + "joi": "^17.9.2", + "react-helmet-async": "npm:@slorber/react-helmet-async@1.3.0", + "utility-types": "^3.10.0", + "webpack": "^5.95.0", + "webpack-merge": "^5.9.0" + }, + "peerDependencies": { + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + } + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/@docusaurus/utils": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/utils/-/utils-3.9.2.tgz", + "integrity": "sha512-lBSBiRruFurFKXr5Hbsl2thmGweAPmddhF3jb99U4EMDA5L+e5Y1rAkOS07Nvrup7HUMBDrCV45meaxZnt28nQ==", + "license": "MIT", + "dependencies": { + "@docusaurus/logger": "3.9.2", + "@docusaurus/types": "3.9.2", + "@docusaurus/utils-common": "3.9.2", + "escape-string-regexp": "^4.0.0", + "execa": "5.1.1", + "file-loader": "^6.2.0", + "fs-extra": "^11.1.1", + "github-slugger": "^1.5.0", + "globby": "^11.1.0", + "gray-matter": "^4.0.3", + "jiti": "^1.20.0", + "js-yaml": "^4.1.0", + "lodash": "^4.17.21", + "micromatch": "^4.0.5", + "p-queue": "^6.6.2", + "prompts": "^2.4.2", + "resolve-pathname": "^3.0.0", + "tslib": "^2.6.0", + "url-loader": "^4.1.1", + "utility-types": "^3.10.0", + "webpack": "^5.88.1" + }, + "engines": { + "node": ">=20.0" + } + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/@docusaurus/utils-common": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/utils-common/-/utils-common-3.9.2.tgz", + "integrity": "sha512-I53UC1QctruA6SWLvbjbhCpAw7+X7PePoe5pYcwTOEXD/PxeP8LnECAhTHHwWCblyUX5bMi4QLRkxvyZ+IT8Aw==", + "license": "MIT", + "dependencies": { + "@docusaurus/types": "3.9.2", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=20.0" + } + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/@docusaurus/utils-validation": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/utils-validation/-/utils-validation-3.9.2.tgz", + "integrity": "sha512-l7yk3X5VnNmATbwijJkexdhulNsQaNDwoagiwujXoxFbWLcxHQqNQ+c/IAlzrfMMOfa/8xSBZ7KEKDesE/2J7A==", + "license": "MIT", + "dependencies": { + "@docusaurus/logger": "3.9.2", + "@docusaurus/utils": "3.9.2", + "@docusaurus/utils-common": "3.9.2", + "fs-extra": "^11.2.0", + "joi": "^17.9.2", + "js-yaml": "^4.1.0", + "lodash": "^4.17.21", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=20.0" + } + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/@types/retry": { + "version": "0.12.2", + "resolved": "https://registry.npmjs.org/@types/retry/-/retry-0.12.2.tgz", + "integrity": "sha512-XISRgDJ2Tc5q4TRqvgJtzsRkFYNJzZrhTdtMoGVBttwzzQJkPnS3WWTFc7kuDRoPtPakl+T+OfdEUjYJj7Jbow==", + "license": "MIT" + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/define-lazy-prop": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-3.0.0.tgz", + "integrity": "sha512-N+MeXYoqr3pOgn8xfyRPREN7gHakLYjhsHhWGT3fWAiL4IkAt0iDw14QiiEm2bE30c5XX5q0FtAA3CK5f9/BUg==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/memfs": { + "version": "4.56.9", + "resolved": "https://registry.npmjs.org/memfs/-/memfs-4.56.9.tgz", + "integrity": "sha512-Fo+xSG0MhtaPyEi7B2AEj4omBen3kb5RCeFKaM/YVsxgO8vkcpX0tkheRIoCGqXw9oAnFQRe1oWuR1xq4oE17A==", + "license": "Apache-2.0", + "dependencies": { + "@jsonjoy.com/fs-core": "4.56.9", + "@jsonjoy.com/fs-fsa": "4.56.9", + "@jsonjoy.com/fs-node": "4.56.9", + "@jsonjoy.com/fs-node-builtins": "4.56.9", + "@jsonjoy.com/fs-node-to-fsa": "4.56.9", + "@jsonjoy.com/fs-node-utils": "4.56.9", + "@jsonjoy.com/fs-print": "4.56.9", + "@jsonjoy.com/fs-snapshot": "^4.56.9", + "@jsonjoy.com/json-pack": "^1.11.0", + "@jsonjoy.com/util": "^1.9.0", + "glob-to-regex.js": "^1.0.1", + "thingies": "^2.5.0", + "tree-dump": "^1.0.3", + "tslib": "^2.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/mime-db": { + "version": "1.54.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz", + "integrity": "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/mime-types": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-3.0.2.tgz", + "integrity": "sha512-Lbgzdk0h4juoQ9fCKXW4by0UJqj+nOOrI9MJ1sSj4nI8aI2eo1qmvQEie4VD1glsS250n15LsWsYtCugiStS5A==", + "license": "MIT", + "dependencies": { + "mime-db": "^1.54.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/p-retry": { + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/p-retry/-/p-retry-6.2.1.tgz", + "integrity": "sha512-hEt02O4hUct5wtwg4H4KcWgDdm+l1bOaEy/hWzd8xtXB9BqxTWBBhb+2ImAtH4Cv4rPjV76xN3Zumqk3k3AhhQ==", + "license": "MIT", + "dependencies": { + "@types/retry": "0.12.2", + "is-network-error": "^1.0.0", + "retry": "^0.13.1" + }, + "engines": { + "node": ">=16.17" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/range-parser": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/selfsigned": { + "version": "5.5.0", + "resolved": "https://registry.npmjs.org/selfsigned/-/selfsigned-5.5.0.tgz", + "integrity": "sha512-ftnu3TW4+3eBfLRFnDEkzGxSF/10BJBkaLJuBHZX0kiPS7bRdlpZGu6YGt4KngMkdTwJE6MbjavFpqHvqVt+Ew==", + "license": "MIT", + "dependencies": { + "@peculiar/x509": "^1.14.2", + "pkijs": "^3.3.3" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/webpack-dev-middleware": { + "version": "7.4.5", + "resolved": "https://registry.npmjs.org/webpack-dev-middleware/-/webpack-dev-middleware-7.4.5.tgz", + "integrity": "sha512-uxQ6YqGdE4hgDKNf7hUiPXOdtkXvBJXrfEGYSx7P7LC8hnUYGK70X6xQXUvXeNyBDDcsiQXpG2m3G9vxowaEuA==", + "license": "MIT", + "dependencies": { + "colorette": "^2.0.10", + "memfs": "^4.43.1", + "mime-types": "^3.0.1", + "on-finished": "^2.4.1", + "range-parser": "^1.2.1", + "schema-utils": "^4.0.0" + }, + "engines": { + "node": ">= 18.12.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^5.0.0" + }, + "peerDependenciesMeta": { + "webpack": { + "optional": true + } + } + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/webpack-dev-server": { + "version": "5.2.3", + "resolved": "https://registry.npmjs.org/webpack-dev-server/-/webpack-dev-server-5.2.3.tgz", + "integrity": "sha512-9Gyu2F7+bg4Vv+pjbovuYDhHX+mqdqITykfzdM9UyKqKHlsE5aAjRhR+oOEfXW5vBeu8tarzlJFIZva4ZjAdrQ==", + "license": "MIT", + "dependencies": { + "@types/bonjour": "^3.5.13", + "@types/connect-history-api-fallback": "^1.5.4", + "@types/express": "^4.17.25", + "@types/express-serve-static-core": "^4.17.21", + "@types/serve-index": "^1.9.4", + "@types/serve-static": "^1.15.5", + "@types/sockjs": "^0.3.36", + "@types/ws": "^8.5.10", + "ansi-html-community": "^0.0.8", + "bonjour-service": "^1.2.1", + "chokidar": "^3.6.0", + "colorette": "^2.0.10", + "compression": "^1.8.1", + "connect-history-api-fallback": "^2.0.0", + "express": "^4.22.1", + "graceful-fs": "^4.2.6", + "http-proxy-middleware": "^2.0.9", + "ipaddr.js": "^2.1.0", + "launch-editor": "^2.6.1", + "open": "^10.0.3", + "p-retry": "^6.2.0", + "schema-utils": "^4.2.0", + "selfsigned": "^5.5.0", + "serve-index": "^1.9.1", + "sockjs": "^0.3.24", + "spdy": "^4.0.2", + "webpack-dev-middleware": "^7.4.2", + "ws": "^8.18.0" + }, + "bin": { + "webpack-dev-server": "bin/webpack-dev-server.js" + }, + "engines": { + "node": ">= 18.12.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^5.0.0" + }, + "peerDependenciesMeta": { + "webpack": { + "optional": true + }, + "webpack-cli": { + "optional": true + } + } + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/webpack-dev-server/node_modules/open": { + "version": "10.2.0", + "resolved": "https://registry.npmjs.org/open/-/open-10.2.0.tgz", + "integrity": "sha512-YgBpdJHPyQ2UE5x+hlSXcnejzAvD0b22U2OuAP+8OnlJT+PjWPxtgmGqKKc+RgTM63U9gN0YzrYc71R2WT/hTA==", + "license": "MIT", + "dependencies": { + "default-browser": "^5.2.1", + "define-lazy-prop": "^3.0.0", + "is-inside-container": "^1.0.0", + "wsl-utils": "^0.1.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@docusaurus/plugin-google-gtag/node_modules/ws": { + "version": "8.19.0", + "resolved": "https://registry.npmjs.org/ws/-/ws-8.19.0.tgz", + "integrity": "sha512-blAT2mjOEIi0ZzruJfIhb3nps74PRWTCz1IjglWEEpQl5XS/UNama6u2/rjFkDDouqr4L67ry+1aGIALViWjDg==", + "license": "MIT", + "engines": { + "node": ">=10.0.0" }, "peerDependencies": { - "react": "^18.0.0 || ^19.0.0", - "react-dom": "^18.0.0 || ^19.0.0" + "bufferutil": "^4.0.1", + "utf-8-validate": ">=5.0.2" + }, + "peerDependenciesMeta": { + "bufferutil": { + "optional": true + }, + "utf-8-validate": { + "optional": true + } } }, "node_modules/@docusaurus/plugin-google-tag-manager": { @@ -3764,6 +4300,26 @@ "react-dom": "^18.0.0 || ^19.0.0" } }, + "node_modules/@docusaurus/preset-classic/node_modules/@docusaurus/plugin-google-gtag": { + "version": "3.8.1", + "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-gtag/-/plugin-google-gtag-3.8.1.tgz", + "integrity": "sha512-tKE8j1cEZCh8KZa4aa80zpSTxsC2/ZYqjx6AAfd8uA8VHZVw79+7OTEP2PoWi0uL5/1Is0LF5Vwxd+1fz5HlKg==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.8.1", + "@docusaurus/types": "3.8.1", + "@docusaurus/utils-validation": "3.8.1", + "@types/gtag.js": "^0.0.12", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=18.0" + }, + "peerDependencies": { + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + } + }, "node_modules/@docusaurus/responsive-loader": { "version": "1.7.0", "resolved": "https://registry.npmjs.org/@docusaurus/responsive-loader/-/responsive-loader-1.7.0.tgz", @@ -5039,67 +5595,475 @@ "@types/yargs": "^17.0.8", "chalk": "^4.0.0" }, - "engines": { - "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/@jridgewell/gen-mapping": { + "version": "0.3.5", + "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz", + "integrity": "sha512-IzL8ZoEDIBRWEzlCcRhOaCupYyN5gdIK+Q6fbFdPDg6HqX6jpkItn7DFIpW9LQzXG6Df9sA7+OKnq0qlz/GaQg==", + "dependencies": { + "@jridgewell/set-array": "^1.2.1", + "@jridgewell/sourcemap-codec": "^1.4.10", + "@jridgewell/trace-mapping": "^0.3.24" + }, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/resolve-uri": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==", + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/set-array": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.2.1.tgz", + "integrity": "sha512-R8gLRTZeyp03ymzP/6Lil/28tGeGEzhx1q2k703KGWRAI1VdvPIXdG70VJc2pAMw3NA6JKL5hhFu1sJX0Mnn/A==", + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/source-map": { + "version": "0.3.6", + "resolved": "https://registry.npmjs.org/@jridgewell/source-map/-/source-map-0.3.6.tgz", + "integrity": "sha512-1ZJTZebgqllO79ue2bm3rIGud/bOe0pP5BjSRCRxxYkEZS8STV7zN84UBbiYu7jy+eCKSnVIUgoWWE/tt+shMQ==", + "dependencies": { + "@jridgewell/gen-mapping": "^0.3.5", + "@jridgewell/trace-mapping": "^0.3.25" + } + }, + "node_modules/@jridgewell/sourcemap-codec": { + "version": "1.4.15", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", + "integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==" + }, + "node_modules/@jridgewell/trace-mapping": { + "version": "0.3.25", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz", + "integrity": "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==", + "dependencies": { + "@jridgewell/resolve-uri": "^3.1.0", + "@jridgewell/sourcemap-codec": "^1.4.14" + } + }, + "node_modules/@jsdevtools/ono": { + "version": "7.1.3", + "resolved": "https://registry.npmjs.org/@jsdevtools/ono/-/ono-7.1.3.tgz", + "integrity": "sha512-4JQNk+3mVzK3xh2rqd6RB4J46qUR19azEHBneZyTZM+c456qOrbbM/5xcR8huNCCcbVt7+UmizG6GuUvPvKUYg==", + "license": "MIT" + }, + "node_modules/@jsonjoy.com/base64": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/base64/-/base64-1.1.2.tgz", + "integrity": "sha512-q6XAnWQDIMA3+FTiOYajoYqySkO+JSat0ytXGSuRdq9uXE7o92gzuQwQM14xaCRlBLGq3v5miDGC4vkVTn54xA==", + "license": "Apache-2.0", + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/@jsonjoy.com/buffers": { + "version": "17.65.0", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/buffers/-/buffers-17.65.0.tgz", + "integrity": "sha512-eBrIXd0/Ld3p9lpDDlMaMn6IEfWqtHMD+z61u0JrIiPzsV1r7m6xDZFRxJyvIFTEO+SWdYF9EiQbXZGd8BzPfA==", + "license": "Apache-2.0", + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/@jsonjoy.com/codegen": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/codegen/-/codegen-1.0.0.tgz", + "integrity": "sha512-E8Oy+08cmCf0EK/NMxpaJZmOxPqM+6iSe2S4nlSBrPZOORoDJILxtbSUEDKQyTamm/BVAhIGllOBNU79/dwf0g==", + "license": "Apache-2.0", + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/@jsonjoy.com/fs-core": { + "version": "4.56.9", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-core/-/fs-core-4.56.9.tgz", + "integrity": "sha512-BUkXXWL3I7VZ34cpmP7WSttmP5o+z+lxi3teYMnEcUOKBu7DhCFxCesOevw+UATUewMHRMUtsmFYxOxgV7SQwg==", + "license": "Apache-2.0", + "dependencies": { + "@jsonjoy.com/fs-node-builtins": "4.56.9", + "@jsonjoy.com/fs-node-utils": "4.56.9", + "thingies": "^2.5.0" + }, + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/@jsonjoy.com/fs-fsa": { + "version": "4.56.9", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-fsa/-/fs-fsa-4.56.9.tgz", + "integrity": "sha512-g15wwrvRRsy73p/b93XltxMkARyh3efxZNkrKbiocUNaPnHF+iDXQ1IlBwsTi5zxijdCYOsmVuyEdBX87tLqlw==", + "license": "Apache-2.0", + "dependencies": { + "@jsonjoy.com/fs-core": "4.56.9", + "@jsonjoy.com/fs-node-builtins": "4.56.9", + "@jsonjoy.com/fs-node-utils": "4.56.9", + "thingies": "^2.5.0" + }, + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/@jsonjoy.com/fs-node": { + "version": "4.56.9", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-node/-/fs-node-4.56.9.tgz", + "integrity": "sha512-YiI2iqVMi/Ro9BcqWWLQBv939gje748pC4t376M/goQoLaM0sItsj0bBTiQr4eXyLsLdGw10n/F/kH5/snBe7g==", + "license": "Apache-2.0", + "dependencies": { + "@jsonjoy.com/fs-core": "4.56.9", + "@jsonjoy.com/fs-node-builtins": "4.56.9", + "@jsonjoy.com/fs-node-utils": "4.56.9", + "@jsonjoy.com/fs-print": "4.56.9", + "glob-to-regex.js": "^1.0.0", + "thingies": "^2.5.0" + }, + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/@jsonjoy.com/fs-node-builtins": { + "version": "4.56.9", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-node-builtins/-/fs-node-builtins-4.56.9.tgz", + "integrity": "sha512-q9MEsySAwyhgy1GT1FKfnKJ1a8bJmzbQnMGQA94F663C/wycrSgRrM33byzTAwn6FBRzMfTvABANkYvkOeYGhw==", + "license": "Apache-2.0", + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/@jsonjoy.com/fs-node-to-fsa": { + "version": "4.56.9", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-node-to-fsa/-/fs-node-to-fsa-4.56.9.tgz", + "integrity": "sha512-rOnn9FBLY+JWy0UDSXaYXY45j7FxfRJepRW5pZvNbdAzHYFZ0/M3OQ1+RfZsMYgWeMkaN9pGhOsIj/A7P9pAXA==", + "license": "Apache-2.0", + "dependencies": { + "@jsonjoy.com/fs-fsa": "4.56.9", + "@jsonjoy.com/fs-node-builtins": "4.56.9", + "@jsonjoy.com/fs-node-utils": "4.56.9" + }, + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/@jsonjoy.com/fs-node-utils": { + "version": "4.56.9", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-node-utils/-/fs-node-utils-4.56.9.tgz", + "integrity": "sha512-UMUirCu0jDPyJEsfllKX1SmK9E7ww2VltWiq2qBCy3ZcyHqDuHswPycrxLTwGrLJnGiHPW9f7LOniP7enl9jYQ==", + "license": "Apache-2.0", + "dependencies": { + "@jsonjoy.com/fs-node-builtins": "4.56.9" + }, + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/@jsonjoy.com/fs-print": { + "version": "4.56.9", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-print/-/fs-print-4.56.9.tgz", + "integrity": "sha512-Op6rXFnmhHHAClNvHFGx9zALHgZfyPdPBd0WIf/MBr4DEoShhAj0MZxg0jMO7foqleq2YSNNCNBMFGkmY43wAQ==", + "license": "Apache-2.0", + "dependencies": { + "@jsonjoy.com/fs-node-utils": "4.56.9", + "tree-dump": "^1.1.0" + }, + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/@jsonjoy.com/fs-snapshot": { + "version": "4.56.9", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-snapshot/-/fs-snapshot-4.56.9.tgz", + "integrity": "sha512-nMxEvDku2bCdCCNLkjd9hjPyUng8mLIfok8yAQ0zHNbZqeE44K5CSXnT0o3TGzv/zWynM49rUlF95ZjlNazFAQ==", + "license": "Apache-2.0", + "dependencies": { + "@jsonjoy.com/buffers": "^17.65.0", + "@jsonjoy.com/fs-node-utils": "4.56.9", + "@jsonjoy.com/json-pack": "^17.65.0", + "@jsonjoy.com/util": "^17.65.0" + }, + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/@jsonjoy.com/fs-snapshot/node_modules/@jsonjoy.com/base64": { + "version": "17.65.0", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/base64/-/base64-17.65.0.tgz", + "integrity": "sha512-Xrh7Fm/M0QAYpekSgmskdZYnFdSGnsxJ/tHaolA4bNwWdG9i65S8m83Meh7FOxyJyQAdo4d4J97NOomBLEfkDQ==", + "license": "Apache-2.0", + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/@jsonjoy.com/fs-snapshot/node_modules/@jsonjoy.com/codegen": { + "version": "17.65.0", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/codegen/-/codegen-17.65.0.tgz", + "integrity": "sha512-7MXcRYe7n3BG+fo3jicvjB0+6ypl2Y/bQp79Sp7KeSiiCgLqw4Oled6chVv07/xLVTdo3qa1CD0VCCnPaw+RGA==", + "license": "Apache-2.0", + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/@jsonjoy.com/fs-snapshot/node_modules/@jsonjoy.com/json-pack": { + "version": "17.65.0", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/json-pack/-/json-pack-17.65.0.tgz", + "integrity": "sha512-e0SG/6qUCnVhHa0rjDJHgnXnbsacooHVqQHxspjvlYQSkHm+66wkHw6Gql+3u/WxI/b1VsOdUi0M+fOtkgKGdQ==", + "license": "Apache-2.0", + "dependencies": { + "@jsonjoy.com/base64": "17.65.0", + "@jsonjoy.com/buffers": "17.65.0", + "@jsonjoy.com/codegen": "17.65.0", + "@jsonjoy.com/json-pointer": "17.65.0", + "@jsonjoy.com/util": "17.65.0", + "hyperdyperid": "^1.2.0", + "thingies": "^2.5.0", + "tree-dump": "^1.1.0" + }, + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/@jsonjoy.com/fs-snapshot/node_modules/@jsonjoy.com/json-pointer": { + "version": "17.65.0", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/json-pointer/-/json-pointer-17.65.0.tgz", + "integrity": "sha512-uhTe+XhlIZpWOxgPcnO+iSCDgKKBpwkDVTyYiXX9VayGV8HSFVJM67M6pUE71zdnXF1W0Da21AvnhlmdwYPpow==", + "license": "Apache-2.0", + "dependencies": { + "@jsonjoy.com/util": "17.65.0" + }, + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" } }, - "node_modules/@jridgewell/gen-mapping": { - "version": "0.3.5", - "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz", - "integrity": "sha512-IzL8ZoEDIBRWEzlCcRhOaCupYyN5gdIK+Q6fbFdPDg6HqX6jpkItn7DFIpW9LQzXG6Df9sA7+OKnq0qlz/GaQg==", + "node_modules/@jsonjoy.com/fs-snapshot/node_modules/@jsonjoy.com/util": { + "version": "17.65.0", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/util/-/util-17.65.0.tgz", + "integrity": "sha512-cWiEHZccQORf96q2y6zU3wDeIVPeidmGqd9cNKJRYoVHTV0S1eHPy5JTbHpMnGfDvtvujQwQozOqgO9ABu6h0w==", + "license": "Apache-2.0", "dependencies": { - "@jridgewell/set-array": "^1.2.1", - "@jridgewell/sourcemap-codec": "^1.4.10", - "@jridgewell/trace-mapping": "^0.3.24" + "@jsonjoy.com/buffers": "17.65.0", + "@jsonjoy.com/codegen": "17.65.0" }, "engines": { - "node": ">=6.0.0" + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" } }, - "node_modules/@jridgewell/resolve-uri": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", - "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==", + "node_modules/@jsonjoy.com/json-pack": { + "version": "1.21.0", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/json-pack/-/json-pack-1.21.0.tgz", + "integrity": "sha512-+AKG+R2cfZMShzrF2uQw34v3zbeDYUqnQ+jg7ORic3BGtfw9p/+N6RJbq/kkV8JmYZaINknaEQ2m0/f693ZPpg==", + "license": "Apache-2.0", + "dependencies": { + "@jsonjoy.com/base64": "^1.1.2", + "@jsonjoy.com/buffers": "^1.2.0", + "@jsonjoy.com/codegen": "^1.0.0", + "@jsonjoy.com/json-pointer": "^1.0.2", + "@jsonjoy.com/util": "^1.9.0", + "hyperdyperid": "^1.2.0", + "thingies": "^2.5.0", + "tree-dump": "^1.1.0" + }, "engines": { - "node": ">=6.0.0" + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" } }, - "node_modules/@jridgewell/set-array": { + "node_modules/@jsonjoy.com/json-pack/node_modules/@jsonjoy.com/buffers": { "version": "1.2.1", - "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.2.1.tgz", - "integrity": "sha512-R8gLRTZeyp03ymzP/6Lil/28tGeGEzhx1q2k703KGWRAI1VdvPIXdG70VJc2pAMw3NA6JKL5hhFu1sJX0Mnn/A==", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/buffers/-/buffers-1.2.1.tgz", + "integrity": "sha512-12cdlDwX4RUM3QxmUbVJWqZ/mrK6dFQH4Zxq6+r1YXKXYBNgZXndx2qbCJwh3+WWkCSn67IjnlG3XYTvmvYtgA==", + "license": "Apache-2.0", "engines": { - "node": ">=6.0.0" + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" } }, - "node_modules/@jridgewell/source-map": { - "version": "0.3.6", - "resolved": "https://registry.npmjs.org/@jridgewell/source-map/-/source-map-0.3.6.tgz", - "integrity": "sha512-1ZJTZebgqllO79ue2bm3rIGud/bOe0pP5BjSRCRxxYkEZS8STV7zN84UBbiYu7jy+eCKSnVIUgoWWE/tt+shMQ==", + "node_modules/@jsonjoy.com/json-pointer": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/json-pointer/-/json-pointer-1.0.2.tgz", + "integrity": "sha512-Fsn6wM2zlDzY1U+v4Nc8bo3bVqgfNTGcn6dMgs6FjrEnt4ZCe60o6ByKRjOGlI2gow0aE/Q41QOigdTqkyK5fg==", + "license": "Apache-2.0", "dependencies": { - "@jridgewell/gen-mapping": "^0.3.5", - "@jridgewell/trace-mapping": "^0.3.25" + "@jsonjoy.com/codegen": "^1.0.0", + "@jsonjoy.com/util": "^1.9.0" + }, + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" } }, - "node_modules/@jridgewell/sourcemap-codec": { - "version": "1.4.15", - "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", - "integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==" - }, - "node_modules/@jridgewell/trace-mapping": { - "version": "0.3.25", - "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz", - "integrity": "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==", + "node_modules/@jsonjoy.com/util": { + "version": "1.9.0", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/util/-/util-1.9.0.tgz", + "integrity": "sha512-pLuQo+VPRnN8hfPqUTLTHk126wuYdXVxE6aDmjSeV4NCAgyxWbiOIeNJVtID3h1Vzpoi9m4jXezf73I6LgabgQ==", + "license": "Apache-2.0", "dependencies": { - "@jridgewell/resolve-uri": "^3.1.0", - "@jridgewell/sourcemap-codec": "^1.4.14" + "@jsonjoy.com/buffers": "^1.0.0", + "@jsonjoy.com/codegen": "^1.0.0" + }, + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" } }, - "node_modules/@jsdevtools/ono": { - "version": "7.1.3", - "resolved": "https://registry.npmjs.org/@jsdevtools/ono/-/ono-7.1.3.tgz", - "integrity": "sha512-4JQNk+3mVzK3xh2rqd6RB4J46qUR19azEHBneZyTZM+c456qOrbbM/5xcR8huNCCcbVt7+UmizG6GuUvPvKUYg==", - "license": "MIT" + "node_modules/@jsonjoy.com/util/node_modules/@jsonjoy.com/buffers": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/buffers/-/buffers-1.2.1.tgz", + "integrity": "sha512-12cdlDwX4RUM3QxmUbVJWqZ/mrK6dFQH4Zxq6+r1YXKXYBNgZXndx2qbCJwh3+WWkCSn67IjnlG3XYTvmvYtgA==", + "license": "Apache-2.0", + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } }, "node_modules/@leichtgewicht/ip-codec": { "version": "2.0.5", @@ -5165,6 +6129,18 @@ "langium": "3.3.1" } }, + "node_modules/@noble/hashes": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-1.4.0.tgz", + "integrity": "sha512-V1JJ1WTRUqHHrOSh597hURcMqVKVGL/ea3kv0gSnEdsEZ0/+VyPghM1lMNGc00z7CIQorSvbKpuJkxvuHbvdbg==", + "license": "MIT", + "engines": { + "node": ">= 16" + }, + "funding": { + "url": "https://paulmillr.com/funding/" + } + }, "node_modules/@nodelib/fs.scandir": { "version": "2.1.5", "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", @@ -5895,6 +6871,154 @@ "license": "MIT", "optional": true }, + "node_modules/@peculiar/asn1-cms": { + "version": "2.6.0", + "resolved": "https://registry.npmjs.org/@peculiar/asn1-cms/-/asn1-cms-2.6.0.tgz", + "integrity": "sha512-2uZqP+ggSncESeUF/9Su8rWqGclEfEiz1SyU02WX5fUONFfkjzS2Z/F1Li0ofSmf4JqYXIOdCAZqIXAIBAT1OA==", + "license": "MIT", + "dependencies": { + "@peculiar/asn1-schema": "^2.6.0", + "@peculiar/asn1-x509": "^2.6.0", + "@peculiar/asn1-x509-attr": "^2.6.0", + "asn1js": "^3.0.6", + "tslib": "^2.8.1" + } + }, + "node_modules/@peculiar/asn1-csr": { + "version": "2.6.0", + "resolved": "https://registry.npmjs.org/@peculiar/asn1-csr/-/asn1-csr-2.6.0.tgz", + "integrity": "sha512-BeWIu5VpTIhfRysfEp73SGbwjjoLL/JWXhJ/9mo4vXnz3tRGm+NGm3KNcRzQ9VMVqwYS2RHlolz21svzRXIHPQ==", + "license": "MIT", + "dependencies": { + "@peculiar/asn1-schema": "^2.6.0", + "@peculiar/asn1-x509": "^2.6.0", + "asn1js": "^3.0.6", + "tslib": "^2.8.1" + } + }, + "node_modules/@peculiar/asn1-ecc": { + "version": "2.6.0", + "resolved": "https://registry.npmjs.org/@peculiar/asn1-ecc/-/asn1-ecc-2.6.0.tgz", + "integrity": "sha512-FF3LMGq6SfAOwUG2sKpPXblibn6XnEIKa+SryvUl5Pik+WR9rmRA3OCiwz8R3lVXnYnyRkSZsSLdml8H3UiOcw==", + "license": "MIT", + "dependencies": { + "@peculiar/asn1-schema": "^2.6.0", + "@peculiar/asn1-x509": "^2.6.0", + "asn1js": "^3.0.6", + "tslib": "^2.8.1" + } + }, + "node_modules/@peculiar/asn1-pfx": { + "version": "2.6.0", + "resolved": "https://registry.npmjs.org/@peculiar/asn1-pfx/-/asn1-pfx-2.6.0.tgz", + "integrity": "sha512-rtUvtf+tyKGgokHHmZzeUojRZJYPxoD/jaN1+VAB4kKR7tXrnDCA/RAWXAIhMJJC+7W27IIRGe9djvxKgsldCQ==", + "license": "MIT", + "dependencies": { + "@peculiar/asn1-cms": "^2.6.0", + "@peculiar/asn1-pkcs8": "^2.6.0", + "@peculiar/asn1-rsa": "^2.6.0", + "@peculiar/asn1-schema": "^2.6.0", + "asn1js": "^3.0.6", + "tslib": "^2.8.1" + } + }, + "node_modules/@peculiar/asn1-pkcs8": { + "version": "2.6.0", + "resolved": "https://registry.npmjs.org/@peculiar/asn1-pkcs8/-/asn1-pkcs8-2.6.0.tgz", + "integrity": "sha512-KyQ4D8G/NrS7Fw3XCJrngxmjwO/3htnA0lL9gDICvEQ+GJ+EPFqldcJQTwPIdvx98Tua+WjkdKHSC0/Km7T+lA==", + "license": "MIT", + "dependencies": { + "@peculiar/asn1-schema": "^2.6.0", + "@peculiar/asn1-x509": "^2.6.0", + "asn1js": "^3.0.6", + "tslib": "^2.8.1" + } + }, + "node_modules/@peculiar/asn1-pkcs9": { + "version": "2.6.0", + "resolved": "https://registry.npmjs.org/@peculiar/asn1-pkcs9/-/asn1-pkcs9-2.6.0.tgz", + "integrity": "sha512-b78OQ6OciW0aqZxdzliXGYHASeCvvw5caqidbpQRYW2mBtXIX2WhofNXTEe7NyxTb0P6J62kAAWLwn0HuMF1Fw==", + "license": "MIT", + "dependencies": { + "@peculiar/asn1-cms": "^2.6.0", + "@peculiar/asn1-pfx": "^2.6.0", + "@peculiar/asn1-pkcs8": "^2.6.0", + "@peculiar/asn1-schema": "^2.6.0", + "@peculiar/asn1-x509": "^2.6.0", + "@peculiar/asn1-x509-attr": "^2.6.0", + "asn1js": "^3.0.6", + "tslib": "^2.8.1" + } + }, + "node_modules/@peculiar/asn1-rsa": { + "version": "2.6.0", + "resolved": "https://registry.npmjs.org/@peculiar/asn1-rsa/-/asn1-rsa-2.6.0.tgz", + "integrity": "sha512-Nu4C19tsrTsCp9fDrH+sdcOKoVfdfoQQ7S3VqjJU6vedR7tY3RLkQ5oguOIB3zFW33USDUuYZnPEQYySlgha4w==", + "license": "MIT", + "dependencies": { + "@peculiar/asn1-schema": "^2.6.0", + "@peculiar/asn1-x509": "^2.6.0", + "asn1js": "^3.0.6", + "tslib": "^2.8.1" + } + }, + "node_modules/@peculiar/asn1-schema": { + "version": "2.6.0", + "resolved": "https://registry.npmjs.org/@peculiar/asn1-schema/-/asn1-schema-2.6.0.tgz", + "integrity": "sha512-xNLYLBFTBKkCzEZIw842BxytQQATQv+lDTCEMZ8C196iJcJJMBUZxrhSTxLaohMyKK8QlzRNTRkUmanucnDSqg==", + "license": "MIT", + "dependencies": { + "asn1js": "^3.0.6", + "pvtsutils": "^1.3.6", + "tslib": "^2.8.1" + } + }, + "node_modules/@peculiar/asn1-x509": { + "version": "2.6.0", + "resolved": "https://registry.npmjs.org/@peculiar/asn1-x509/-/asn1-x509-2.6.0.tgz", + "integrity": "sha512-uzYbPEpoQiBoTq0/+jZtpM6Gq6zADBx+JNFP3yqRgziWBxQ/Dt/HcuvRfm9zJTPdRcBqPNdaRHTVwpyiq6iNMA==", + "license": "MIT", + "dependencies": { + "@peculiar/asn1-schema": "^2.6.0", + "asn1js": "^3.0.6", + "pvtsutils": "^1.3.6", + "tslib": "^2.8.1" + } + }, + "node_modules/@peculiar/asn1-x509-attr": { + "version": "2.6.0", + "resolved": "https://registry.npmjs.org/@peculiar/asn1-x509-attr/-/asn1-x509-attr-2.6.0.tgz", + "integrity": "sha512-MuIAXFX3/dc8gmoZBkwJWxUWOSvG4MMDntXhrOZpJVMkYX+MYc/rUAU2uJOved9iJEoiUx7//3D8oG83a78UJA==", + "license": "MIT", + "dependencies": { + "@peculiar/asn1-schema": "^2.6.0", + "@peculiar/asn1-x509": "^2.6.0", + "asn1js": "^3.0.6", + "tslib": "^2.8.1" + } + }, + "node_modules/@peculiar/x509": { + "version": "1.14.3", + "resolved": "https://registry.npmjs.org/@peculiar/x509/-/x509-1.14.3.tgz", + "integrity": "sha512-C2Xj8FZ0uHWeCXXqX5B4/gVFQmtSkiuOolzAgutjTfseNOHT3pUjljDZsTSxXFGgio54bCzVFqmEOUrIVk8RDA==", + "license": "MIT", + "dependencies": { + "@peculiar/asn1-cms": "^2.6.0", + "@peculiar/asn1-csr": "^2.6.0", + "@peculiar/asn1-ecc": "^2.6.0", + "@peculiar/asn1-pkcs9": "^2.6.0", + "@peculiar/asn1-rsa": "^2.6.0", + "@peculiar/asn1-schema": "^2.6.0", + "@peculiar/asn1-x509": "^2.6.0", + "pvtsutils": "^1.3.6", + "reflect-metadata": "^0.2.2", + "tslib": "^2.8.1", + "tsyringe": "^4.10.0" + }, + "engines": { + "node": ">=20.0.0" + } + }, "node_modules/@pkgjs/parseargs": { "version": "0.11.0", "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", @@ -6662,14 +7786,15 @@ } }, "node_modules/@types/express": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz", - "integrity": "sha512-ejlPM315qwLpaQlQDTjPdsUFSc6ZsP4AN6AlWnogPjQ7CVi7PYF3YVz+CY3jE2pwYf7E/7HlDAN0rV2GxTG0HQ==", + "version": "4.17.25", + "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.25.tgz", + "integrity": "sha512-dVd04UKsfpINUnK0yBoYHDF3xu7xVH4BuDotC/xGuycx4CgbP48X/KF/586bcObxT0HENHXEU8Nqtu6NR+eKhw==", + "license": "MIT", "dependencies": { "@types/body-parser": "*", "@types/express-serve-static-core": "^4.17.33", "@types/qs": "*", - "@types/serve-static": "*" + "@types/serve-static": "^1" } }, "node_modules/@types/express-serve-static-core": { @@ -7449,6 +8574,20 @@ "node": ">=8" } }, + "node_modules/asn1js": { + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/asn1js/-/asn1js-3.0.7.tgz", + "integrity": "sha512-uLvq6KJu04qoQM6gvBfKFjlh6Gl0vOKQuR5cJMDHQkmwfMOQeN3F3SHCv9SNYSL+CRoHvOGFfllDlVz03GQjvQ==", + "license": "BSD-3-Clause", + "dependencies": { + "pvtsutils": "^1.3.6", + "pvutils": "^1.1.3", + "tslib": "^2.8.1" + }, + "engines": { + "node": ">=12.0.0" + } + }, "node_modules/astring": { "version": "1.8.6", "resolved": "https://registry.npmjs.org/astring/-/astring-1.8.6.tgz", @@ -7522,13 +8661,13 @@ } }, "node_modules/axios": { - "version": "1.8.2", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.8.2.tgz", - "integrity": "sha512-ls4GYBm5aig9vWx8AWDSGLpnpDQRtWAfrjU+EuytuODrFBkqesN2RkOQCBzrA1RQNHw1SmRMSDDDSwzNAYQ6Rg==", + "version": "1.12.2", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.12.2.tgz", + "integrity": "sha512-vMJzPewAlRyOgxV2dU0Cuz2O8zzzx9VYtbJOaBgXFeLc4IV/Eg50n4LowmehOOR61S8ZMpc2K5Sa7g6A4jfkUw==", "license": "MIT", "dependencies": { "follow-redirects": "^1.15.6", - "form-data": "^4.0.0", + "form-data": "^4.0.4", "proxy-from-env": "^1.1.0" } }, @@ -7763,22 +8902,23 @@ } }, "node_modules/body-parser": { - "version": "1.20.3", - "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.3.tgz", - "integrity": "sha512-7rAxByjUMqQ3/bHJy7D6OGXvx/MMc4IqBn/X0fcM1QUcAItpZrBEYhWGem+tzXH90c+G01ypMcYJBO9Y30203g==", + "version": "1.20.4", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.4.tgz", + "integrity": "sha512-ZTgYYLMOXY9qKU/57FAo8F+HA2dGX7bqGc71txDRC1rS4frdFI5R7NhluHxH6M0YItAP0sHB4uqAOcYKxO6uGA==", + "license": "MIT", "dependencies": { - "bytes": "3.1.2", + "bytes": "~3.1.2", "content-type": "~1.0.5", "debug": "2.6.9", "depd": "2.0.0", - "destroy": "1.2.0", - "http-errors": "2.0.0", - "iconv-lite": "0.4.24", - "on-finished": "2.4.1", - "qs": "6.13.0", - "raw-body": "2.5.2", + "destroy": "~1.2.0", + "http-errors": "~2.0.1", + "iconv-lite": "~0.4.24", + "on-finished": "~2.4.1", + "qs": "~6.14.0", + "raw-body": "~2.5.3", "type-is": "~1.6.18", - "unpipe": "1.0.0" + "unpipe": "~1.0.0" }, "engines": { "node": ">= 0.8", @@ -7801,11 +8941,40 @@ "ms": "2.0.0" } }, + "node_modules/body-parser/node_modules/http-errors": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz", + "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==", + "license": "MIT", + "dependencies": { + "depd": "~2.0.0", + "inherits": "~2.0.4", + "setprototypeof": "~1.2.0", + "statuses": "~2.0.2", + "toidentifier": "~1.0.1" + }, + "engines": { + "node": ">= 0.8" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, "node_modules/body-parser/node_modules/ms": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" }, + "node_modules/body-parser/node_modules/statuses": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz", + "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, "node_modules/bonjour-service": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/bonjour-service/-/bonjour-service-1.2.1.tgz", @@ -7927,6 +9096,21 @@ "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==" }, + "node_modules/bundle-name": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/bundle-name/-/bundle-name-4.1.0.tgz", + "integrity": "sha512-tjwM5exMg6BGRI+kNmTntNsvdZS1X8BFYS6tnJ2hdH0kVxM6/eVZ2xy+FqStSWvYmtfFMDLIxurorHwDKfDz5Q==", + "license": "MIT", + "dependencies": { + "run-applescript": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/bytes": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.0.0.tgz", @@ -7935,6 +9119,15 @@ "node": ">= 0.8" } }, + "node_modules/bytestreamjs": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/bytestreamjs/-/bytestreamjs-2.0.1.tgz", + "integrity": "sha512-U1Z/ob71V/bXfVABvNr/Kumf5VyeQRBEm6Txb0PQ6S7V5GpBM3w4Cbqz/xPDicR5tN0uvDifng8C+5qECeGwyQ==", + "license": "BSD-3-Clause", + "engines": { + "node": ">=6.0.0" + } + }, "node_modules/cacheable-lookup": { "version": "7.0.0", "resolved": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-7.0.0.tgz", @@ -8054,9 +9247,9 @@ } }, "node_modules/caniuse-lite": { - "version": "1.0.30001723", - "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001723.tgz", - "integrity": "sha512-1R/elMjtehrFejxwmexeXAtae5UO9iSyFn6G/I806CYC/BLyyBk1EPhrKBkWhy6wM6Xnm47dSJQec+tLJ39WHw==", + "version": "1.0.30001765", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001765.tgz", + "integrity": "sha512-LWcNtSyZrakjECqmpP4qdg0MMGdN368D7X8XvvAqOcqMv0RxnlqVKZl2V6/mBR68oYMxOZPLw/gO7DuisMHUvQ==", "funding": [ { "type": "opencollective", @@ -9910,6 +11103,34 @@ "node": ">=0.10.0" } }, + "node_modules/default-browser": { + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/default-browser/-/default-browser-5.4.0.tgz", + "integrity": "sha512-XDuvSq38Hr1MdN47EDvYtx3U0MTqpCEn+F6ft8z2vYDzMrvQhVp0ui9oQdqW3MvK3vqUETglt1tVGgjLuJ5izg==", + "license": "MIT", + "dependencies": { + "bundle-name": "^4.1.0", + "default-browser-id": "^5.0.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/default-browser-id": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/default-browser-id/-/default-browser-id-5.0.1.tgz", + "integrity": "sha512-x1VCxdX4t+8wVfd1so/9w+vQ4vx7lKd2Qp5tDRutErwmR85OgmfX7RlLRMWafRMY7hbEiXIbudNrjOAPa/hL8Q==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/default-gateway": { "version": "6.0.3", "resolved": "https://registry.npmjs.org/default-gateway/-/default-gateway-6.0.3.tgz", @@ -12189,39 +13410,39 @@ } }, "node_modules/express": { - "version": "4.21.2", - "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz", - "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==", + "version": "4.22.1", + "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz", + "integrity": "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==", "license": "MIT", "dependencies": { "accepts": "~1.3.8", "array-flatten": "1.1.1", - "body-parser": "1.20.3", - "content-disposition": "0.5.4", + "body-parser": "~1.20.3", + "content-disposition": "~0.5.4", "content-type": "~1.0.4", - "cookie": "0.7.1", - "cookie-signature": "1.0.6", + "cookie": "~0.7.1", + "cookie-signature": "~1.0.6", "debug": "2.6.9", "depd": "2.0.0", "encodeurl": "~2.0.0", "escape-html": "~1.0.3", "etag": "~1.8.1", - "finalhandler": "1.3.1", - "fresh": "0.5.2", - "http-errors": "2.0.0", + "finalhandler": "~1.3.1", + "fresh": "~0.5.2", + "http-errors": "~2.0.0", "merge-descriptors": "1.0.3", "methods": "~1.1.2", - "on-finished": "2.4.1", + "on-finished": "~2.4.1", "parseurl": "~1.3.3", - "path-to-regexp": "0.1.12", + "path-to-regexp": "~0.1.12", "proxy-addr": "~2.0.7", - "qs": "6.13.0", + "qs": "~6.14.0", "range-parser": "~1.2.1", "safe-buffer": "5.2.1", - "send": "0.19.0", - "serve-static": "1.16.2", + "send": "~0.19.0", + "serve-static": "~1.16.2", "setprototypeof": "1.2.0", - "statuses": "2.0.1", + "statuses": "~2.0.1", "type-is": "~1.6.18", "utils-merge": "1.0.1", "vary": "~1.1.2" @@ -12882,6 +14103,22 @@ "node": ">= 6" } }, + "node_modules/glob-to-regex.js": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/glob-to-regex.js/-/glob-to-regex.js-1.2.0.tgz", + "integrity": "sha512-QMwlOQKU/IzqMUOAZWubUOT8Qft+Y0KQWnX9nK3ch0CJg0tTp4TvGZsTfudYKv2NzoQSyPcnA6TYeIQ3jGichQ==", + "license": "Apache-2.0", + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, "node_modules/glob-to-regexp": { "version": "0.4.1", "resolved": "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz", @@ -13020,9 +14257,10 @@ } }, "node_modules/gray-matter/node_modules/js-yaml": { - "version": "3.14.1", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", - "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", + "version": "3.14.2", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz", + "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==", + "license": "MIT", "dependencies": { "argparse": "^1.0.7", "esprima": "^4.0.0" @@ -13841,6 +15079,15 @@ "node": ">=10.17.0" } }, + "node_modules/hyperdyperid": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/hyperdyperid/-/hyperdyperid-1.2.0.tgz", + "integrity": "sha512-Y93lCzHYgGWdrJ66yIktxiaGULYc6oGiABxhcO5AufBeOyoIdZF7bIfLaOrbM0iGIOXQQgxxRrFEnb+Y6w1n4A==", + "license": "MIT", + "engines": { + "node": ">=10.18" + } + }, "node_modules/iconify-icon": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/iconify-icon/-/iconify-icon-2.1.0.tgz", @@ -13857,6 +15104,7 @@ "version": "0.4.24", "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", + "license": "MIT", "dependencies": { "safer-buffer": ">= 2.1.2 < 3" }, @@ -14182,13 +15430,46 @@ "node": ">=0.10.0" } }, - "node_modules/is-hexadecimal": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/is-hexadecimal/-/is-hexadecimal-2.0.1.tgz", - "integrity": "sha512-DgZQp241c8oO6cA1SbTEWiXeoxV42vlcJxgH+B3hi1AiqqKruZR3ZGF8In3fj4+/y/7rHvlOZLZtgJ/4ttYGZg==", + "node_modules/is-hexadecimal": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-hexadecimal/-/is-hexadecimal-2.0.1.tgz", + "integrity": "sha512-DgZQp241c8oO6cA1SbTEWiXeoxV42vlcJxgH+B3hi1AiqqKruZR3ZGF8In3fj4+/y/7rHvlOZLZtgJ/4ttYGZg==", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/is-inside-container": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/is-inside-container/-/is-inside-container-1.0.0.tgz", + "integrity": "sha512-KIYLCCJghfHZxqjYBE7rEy0OBuTd5xCHS7tHVgvCLkx7StIoaxwNW3hCALgEUjFfeRk+MG/Qxmp/vtETEF3tRA==", + "license": "MIT", + "dependencies": { + "is-docker": "^3.0.0" + }, + "bin": { + "is-inside-container": "cli.js" + }, + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-inside-container/node_modules/is-docker": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-3.0.0.tgz", + "integrity": "sha512-eljcgEDlEns/7AXFosB5K/2nCM4P7FQPkGc/DWLy5rmFEWvZayGrik1d9/QIY5nJ4f9YsVvBkA6kJpHn9rISdQ==", + "license": "MIT", + "bin": { + "is-docker": "cli.js" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, "funding": { - "type": "github", - "url": "https://github.com/sponsors/wooorm" + "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/is-installed-globally": { @@ -14206,6 +15487,18 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/is-network-error": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/is-network-error/-/is-network-error-1.3.0.tgz", + "integrity": "sha512-6oIwpsgRfnDiyEDLMay/GqCl3HoAtH5+RUKW29gYkL0QA+ipzpDLA16yQs7/RHCSu+BwgbJaOUqa4A99qNVQVw==", + "license": "MIT", + "engines": { + "node": ">=16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/is-npm": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/is-npm/-/is-npm-6.0.0.tgz", @@ -14418,6 +15711,15 @@ "@sideway/pinpoint": "^2.0.0" } }, + "node_modules/js-cookie": { + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz", + "integrity": "sha512-cEiJEAEoIbWfCZYKWhVwFuvPX1gETRYPw6LlaTKoxD3s2AkXzkCjnp6h0V77ozyqj0jakteJ4YqDJT830+lVGw==", + "license": "MIT", + "engines": { + "node": ">=14" + } + }, "node_modules/js-levenshtein": { "version": "1.1.6", "resolved": "https://registry.npmjs.org/js-levenshtein/-/js-levenshtein-1.1.6.tgz", @@ -15259,9 +16561,10 @@ } }, "node_modules/mdast-util-to-hast": { - "version": "13.1.0", - "resolved": "https://registry.npmjs.org/mdast-util-to-hast/-/mdast-util-to-hast-13.1.0.tgz", - "integrity": "sha512-/e2l/6+OdGp/FB+ctrJ9Avz71AN/GRH3oi/3KAx/kMnoUsD6q0woXlDT8lLEeViVKE7oZxE7RXzvO3T8kF2/sA==", + "version": "13.2.1", + "resolved": "https://registry.npmjs.org/mdast-util-to-hast/-/mdast-util-to-hast-13.2.1.tgz", + "integrity": "sha512-cctsq2wp5vTsLIcaymblUriiTcZd0CwWtCbLvrOzYCDZoWyMNV8sZ7krj09FSnsiJi3WVsHLM4k6Dq/yaPyCXA==", + "license": "MIT", "dependencies": { "@types/hast": "^3.0.0", "@types/mdast": "^4.0.0", @@ -17432,9 +18735,10 @@ } }, "node_modules/node-forge": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.1.tgz", - "integrity": "sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==", + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.2.tgz", + "integrity": "sha512-6xKiQ+cph9KImrRh0VsjH2d8/GXA4FIMlgU4B757iI1ApvcyA9VlouP0yZJha01V+huImO+kKMU7ih+2+E14fw==", + "license": "(BSD-3-Clause OR GPL-2.0)", "engines": { "node": ">= 6.13.0" } @@ -17706,9 +19010,10 @@ } }, "node_modules/object-inspect": { - "version": "1.13.2", - "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.2.tgz", - "integrity": "sha512-IRZSRuzJiynemAXPYtPe5BoI/RESNYR7TYm50MC5Mqbd3Jmw5y790sErYw3V6SryFJD64b74qQQs9wn5Bg/k3g==", + "version": "1.13.4", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz", + "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==", + "license": "MIT", "engines": { "node": ">= 0.4" }, @@ -18319,6 +19624,23 @@ "pathe": "^2.0.3" } }, + "node_modules/pkijs": { + "version": "3.3.3", + "resolved": "https://registry.npmjs.org/pkijs/-/pkijs-3.3.3.tgz", + "integrity": "sha512-+KD8hJtqQMYoTuL1bbGOqxb4z+nZkTAwVdNtWwe8Tc2xNbEmdJYIYoc6Qt0uF55e6YW6KuTHw1DjQ18gMhzepw==", + "license": "BSD-3-Clause", + "dependencies": { + "@noble/hashes": "1.4.0", + "asn1js": "^3.0.6", + "bytestreamjs": "^2.0.1", + "pvtsutils": "^1.3.6", + "pvutils": "^1.1.3", + "tslib": "^2.8.1" + }, + "engines": { + "node": ">=16.0.0" + } + }, "node_modules/plugin-image-zoom": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/plugin-image-zoom/-/plugin-image-zoom-1.2.0.tgz", @@ -19926,9 +21248,9 @@ } }, "node_modules/prebuild-install/node_modules/tar-fs": { - "version": "2.1.3", - "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.3.tgz", - "integrity": "sha512-090nwYJDmlhwFwEW3QQl+vaNnxsO2yVsd45eTKRBzSzu+hlb1w2K9inVq5b0ngXuLVqQ4ApvsUHHnu/zQNkWAg==", + "version": "2.1.4", + "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.4.tgz", + "integrity": "sha512-mDAjwmZdh7LTT6pNleZ05Yt65HC3E+NiQzl672vQG38jIrehtJk/J3mNwIg+vShQPcLF/LV7CMnDW6vjj6sfYQ==", "license": "MIT", "dependencies": { "chownr": "^1.1.1", @@ -20114,12 +21436,31 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/pvtsutils": { + "version": "1.3.6", + "resolved": "https://registry.npmjs.org/pvtsutils/-/pvtsutils-1.3.6.tgz", + "integrity": "sha512-PLgQXQ6H2FWCaeRak8vvk1GW462lMxB5s3Jm673N82zI4vqtVUPuZdffdZbPDFRoU8kAhItWFtPCWiPpp4/EDg==", + "license": "MIT", + "dependencies": { + "tslib": "^2.8.1" + } + }, + "node_modules/pvutils": { + "version": "1.1.5", + "resolved": "https://registry.npmjs.org/pvutils/-/pvutils-1.1.5.tgz", + "integrity": "sha512-KTqnxsgGiQ6ZAzZCVlJH5eOjSnvlyEgx1m8bkRJfOhmGRqfo5KLvmAlACQkrjEtOQ4B7wF9TdSLIs9O90MX9xA==", + "license": "MIT", + "engines": { + "node": ">=16.0.0" + } + }, "node_modules/qs": { - "version": "6.13.0", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz", - "integrity": "sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==", + "version": "6.14.1", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.1.tgz", + "integrity": "sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==", + "license": "BSD-3-Clause", "dependencies": { - "side-channel": "^1.0.6" + "side-channel": "^1.1.0" }, "engines": { "node": ">=0.6" @@ -20191,14 +21532,15 @@ } }, "node_modules/raw-body": { - "version": "2.5.2", - "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", - "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==", + "version": "2.5.3", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz", + "integrity": "sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA==", + "license": "MIT", "dependencies": { - "bytes": "3.1.2", - "http-errors": "2.0.0", - "iconv-lite": "0.4.24", - "unpipe": "1.0.0" + "bytes": "~3.1.2", + "http-errors": "~2.0.1", + "iconv-lite": "~0.4.24", + "unpipe": "~1.0.0" }, "engines": { "node": ">= 0.8" @@ -20208,10 +21550,109 @@ "version": "3.1.2", "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", + "license": "MIT", "engines": { "node": ">= 0.8" } }, + "node_modules/raw-body/node_modules/http-errors": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz", + "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==", + "license": "MIT", + "dependencies": { + "depd": "~2.0.0", + "inherits": "~2.0.4", + "setprototypeof": "~1.2.0", + "statuses": "~2.0.2", + "toidentifier": "~1.0.1" + }, + "engines": { + "node": ">= 0.8" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/raw-body/node_modules/statuses": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz", + "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/raw-loader": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/raw-loader/-/raw-loader-4.0.2.tgz", + "integrity": "sha512-ZnScIV3ag9A4wPX/ZayxL/jZH+euYb6FcUinPcgiQW0+UBtEv0O6Q3lGd3cqJ+GHH+rksEv3Pj99oxJ3u3VIKA==", + "license": "MIT", + "dependencies": { + "loader-utils": "^2.0.0", + "schema-utils": "^3.0.0" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^4.0.0 || ^5.0.0" + } + }, + "node_modules/raw-loader/node_modules/ajv": { + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/raw-loader/node_modules/ajv-keywords": { + "version": "3.5.2", + "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz", + "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==", + "license": "MIT", + "peerDependencies": { + "ajv": "^6.9.1" + } + }, + "node_modules/raw-loader/node_modules/json-schema-traverse": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", + "license": "MIT" + }, + "node_modules/raw-loader/node_modules/schema-utils": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz", + "integrity": "sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg==", + "license": "MIT", + "dependencies": { + "@types/json-schema": "^7.0.8", + "ajv": "^6.12.5", + "ajv-keywords": "^3.5.2" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, "node_modules/rc": { "version": "1.2.8", "resolved": "https://registry.npmjs.org/rc/-/rc-1.2.8.tgz", @@ -20245,6 +21686,22 @@ "node": ">=0.10.0" } }, + "node_modules/react-cookie-consent": { + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/react-cookie-consent/-/react-cookie-consent-10.0.1.tgz", + "integrity": "sha512-qgU7Kr+x9/feKZxaIJbMT+R/xD1lnAQy9MzD4yLooVrkhoUR7XFc8Xv8M+GDQYcjoYh6uszslLGo1k+eU2VLtw==", + "license": "MIT", + "dependencies": { + "js-cookie": "^3.0.5" + }, + "engines": { + "node": ">=20.16" + }, + "peerDependencies": { + "react": ">=18", + "react-dom": ">=18" + } + }, "node_modules/react-dom": { "version": "18.3.1", "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-18.3.1.tgz", @@ -20553,6 +22010,12 @@ "redux": "^4" } }, + "node_modules/reflect-metadata": { + "version": "0.2.2", + "resolved": "https://registry.npmjs.org/reflect-metadata/-/reflect-metadata-0.2.2.tgz", + "integrity": "sha512-urBwgfrvVP/eAyXx4hluJivBKzuEbSQs9rKWCrCkbSxNv8mxPcUZKeuoF3Uy4mJl3Lwprp6yy5/39VWigZ4K6Q==", + "license": "Apache-2.0" + }, "node_modules/reftools": { "version": "1.1.9", "resolved": "https://registry.npmjs.org/reftools/-/reftools-1.1.9.tgz", @@ -21260,6 +22723,18 @@ "node": ">=12.0.0" } }, + "node_modules/run-applescript": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/run-applescript/-/run-applescript-7.1.0.tgz", + "integrity": "sha512-DPe5pVFaAsinSaV6QjQ6gdiedWDcRCbUuiQfQa2wmWV7+xC9bGulGI8+TdRmoFkAPaBXk8CrAbnlY2ISniJ47Q==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/run-parallel": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", @@ -21929,14 +23404,69 @@ "license": "MIT" }, "node_modules/side-channel": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz", - "integrity": "sha512-fDW/EZ6Q9RiO8eFG8Hj+7u/oW+XrPTIChwCOM2+th2A6OblDtYYIpve9m+KvI9Z4C9qSEXlaGR6bTEYHReuglA==", + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz", + "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==", + "license": "MIT", "dependencies": { - "call-bind": "^1.0.7", "es-errors": "^1.3.0", - "get-intrinsic": "^1.2.4", - "object-inspect": "^1.13.1" + "object-inspect": "^1.13.3", + "side-channel-list": "^1.0.0", + "side-channel-map": "^1.0.1", + "side-channel-weakmap": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-list": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz", + "integrity": "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-map": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz", + "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==", + "license": "MIT", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-weakmap": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz", + "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==", + "license": "MIT", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3", + "side-channel-map": "^1.0.1" }, "engines": { "node": ">= 0.4" @@ -22575,9 +24105,9 @@ } }, "node_modules/tar-fs": { - "version": "3.0.9", - "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-3.0.9.tgz", - "integrity": "sha512-XF4w9Xp+ZQgifKakjZYmFdkLoSWd34VGKcsTCwlNWM7QG3ZbaxnTsaBwnjFZqHRf/rROxaR8rXnbtwdvaDI+lA==", + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-3.1.1.tgz", + "integrity": "sha512-LZA0oaPOc2fVo82Txf3gw+AkEd38szODlptMYejQUhndHMLQ9M059uXR+AfS7DNo0NpINvSqDsvyaCrBVkptWg==", "license": "MIT", "dependencies": { "pump": "^3.0.0", @@ -22756,6 +24286,22 @@ "node": ">=0.8" } }, + "node_modules/thingies": { + "version": "2.5.0", + "resolved": "https://registry.npmjs.org/thingies/-/thingies-2.5.0.tgz", + "integrity": "sha512-s+2Bwztg6PhWUD7XMfeYm5qliDdSiZm7M7n8KjTkIsm3l/2lgVRc2/Gx/v+ZX8lT4FMA+i8aQvhcWylldc+ZNw==", + "license": "MIT", + "engines": { + "node": ">=10.18" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "^2" + } + }, "node_modules/thunky": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/thunky/-/thunky-1.1.0.tgz", @@ -22877,6 +24423,22 @@ "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==", "license": "MIT" }, + "node_modules/tree-dump": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/tree-dump/-/tree-dump-1.1.0.tgz", + "integrity": "sha512-rMuvhU4MCDbcbnleZTFezWsaZXRFemSqAM+7jPnzUl1fo9w3YEKOxAeui0fz3OI4EU4hf23iyA7uQRVko+UaBA==", + "license": "Apache-2.0", + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, "node_modules/trim-lines": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/trim-lines/-/trim-lines-3.0.1.tgz", @@ -22911,9 +24473,10 @@ "license": "Apache-2.0" }, "node_modules/tslib": { - "version": "2.6.2", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz", - "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==" + "version": "2.8.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz", + "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==", + "license": "0BSD" }, "node_modules/tsx": { "version": "4.20.3", @@ -22935,6 +24498,24 @@ "fsevents": "~2.3.3" } }, + "node_modules/tsyringe": { + "version": "4.10.0", + "resolved": "https://registry.npmjs.org/tsyringe/-/tsyringe-4.10.0.tgz", + "integrity": "sha512-axr3IdNuVIxnaK5XGEUFTu3YmAQ6lllgrvqfEoR16g/HGnYY/6We4oWENtAnzK6/LpJ2ur9PAb80RBt7/U4ugw==", + "license": "MIT", + "dependencies": { + "tslib": "^1.9.3" + }, + "engines": { + "node": ">= 6.0.0" + } + }, + "node_modules/tsyringe/node_modules/tslib": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==", + "license": "0BSD" + }, "node_modules/tunnel-agent": { "version": "0.6.0", "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz", @@ -24306,6 +25887,36 @@ } } }, + "node_modules/wsl-utils": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/wsl-utils/-/wsl-utils-0.1.0.tgz", + "integrity": "sha512-h3Fbisa2nKGPxCpm89Hk33lBLsnaGBvctQopaBSOW/uIs6FTe1ATyAnKFJrzVs9vpGdsTe73WF3V4lIsk4Gacw==", + "license": "MIT", + "dependencies": { + "is-wsl": "^3.1.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/wsl-utils/node_modules/is-wsl": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-3.1.0.tgz", + "integrity": "sha512-UcVfVfaK4Sc4m7X3dUSoHoozQGBEFeDC+zVo06t98xe8CzHSZZBekNXH+tu0NalHolcJ/QAGqS46Hef7QXBIMw==", + "license": "MIT", + "dependencies": { + "is-inside-container": "^1.0.0" + }, + "engines": { + "node": ">=16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/xdg-basedir": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/xdg-basedir/-/xdg-basedir-5.1.0.tgz", diff --git a/package.json b/package.json index 0607a80f..8b146679 100644 --- a/package.json +++ b/package.json @@ -19,6 +19,7 @@ }, "dependencies": { "@docusaurus/core": "^3.6.3", + "@docusaurus/plugin-google-gtag": "^3.9.2", "@docusaurus/plugin-ideal-image": "^3.6.3", "@docusaurus/preset-classic": "^3.6.3", "@docusaurus/theme-mermaid": "^3.6.3", @@ -36,7 +37,9 @@ "octokit": "^4.0.2", "plugin-image-zoom": "^1.2.0", "prism-react-renderer": "^2.4.0", + "raw-loader": "^4.0.2", "react": "^18.0.0", + "react-cookie-consent": "^10.0.1", "react-dom": "^18.0.0", "react-error-boundary": "^4.1.2", "react-markdown": "^9.0.1", diff --git a/specs/authorization/authorization.openapi.yaml b/specs/authorization/authorization.openapi.yaml deleted file mode 100644 index 582d5392..00000000 --- a/specs/authorization/authorization.openapi.yaml +++ /dev/null @@ -1,838 +0,0 @@ -openapi: 3.1.0 -info: - title: authorization -paths: - /v1/authorization: - post: - tags: - - authorization.AuthorizationService - summary: GetDecisions - operationId: authorization.AuthorizationService.GetDecisions - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.GetDecisionsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.GetDecisionsResponse' - /v1/token/authorization: - post: - tags: - - authorization.AuthorizationService - summary: GetDecisionsByToken - operationId: authorization.AuthorizationService.GetDecisionsByToken - parameters: - - name: decisionRequests.actions.id - in: query - description: Generated uuid in database - schema: - type: string - title: id - description: Generated uuid in database - - name: decisionRequests.actions.standard - in: query - description: Deprecated - schema: - title: standard - description: Deprecated - $ref: '#/components/schemas/policy.Action.StandardAction' - - name: decisionRequests.actions.custom - in: query - description: Deprecated - schema: - type: string - title: custom - description: Deprecated - - name: decisionRequests.actions.name - in: query - schema: - type: string - title: name - - name: decisionRequests.actions.metadata.createdAt.seconds - in: query - description: |- - Represents seconds of UTC time since Unix epoch - 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - 9999-12-31T23:59:59Z inclusive. - schema: - type: - - integer - - string - title: seconds - format: int64 - description: |- - Represents seconds of UTC time since Unix epoch - 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - 9999-12-31T23:59:59Z inclusive. - - name: decisionRequests.actions.metadata.createdAt.nanos - in: query - description: |- - Non-negative fractions of a second at nanosecond resolution. Negative - second values with fractions must still have non-negative nanos values - that count forward in time. Must be from 0 to 999,999,999 - inclusive. - schema: - type: integer - title: nanos - format: int32 - description: |- - Non-negative fractions of a second at nanosecond resolution. Negative - second values with fractions must still have non-negative nanos values - that count forward in time. Must be from 0 to 999,999,999 - inclusive. - - name: decisionRequests.actions.metadata.labels.key - in: query - schema: - type: string - title: key - - name: decisionRequests.actions.metadata.labels.value - in: query - schema: - type: string - title: value - - name: decisionRequests.tokens.id - in: query - description: ephemeral id for tracking between request and response - schema: - type: string - title: id - description: ephemeral id for tracking between request and response - - name: decisionRequests.tokens.jwt - in: query - description: the token - schema: - type: string - title: jwt - description: the token - - name: decisionRequests.resourceAttributes.resourceAttributesId - in: query - schema: - type: string - title: resource_attributes_id - - name: decisionRequests.resourceAttributes.attributeValueFqns - in: query - schema: - type: array - items: - type: string - title: attribute_value_fqns - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.GetDecisionsByTokenResponse' - /v1/entitlements: - post: - tags: - - authorization.AuthorizationService - summary: GetEntitlements - operationId: authorization.AuthorizationService.GetEntitlements - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.GetEntitlementsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.GetEntitlementsResponse' -components: - schemas: - authorization.DecisionResponse.Decision: - type: string - title: Decision - enum: - - DECISION_UNSPECIFIED - - DECISION_DENY - - DECISION_PERMIT - authorization.Entity.Category: - type: string - title: Category - enum: - - CATEGORY_UNSPECIFIED - - CATEGORY_SUBJECT - - CATEGORY_ENVIRONMENT - policy.Action.StandardAction: - type: string - title: StandardAction - enum: - - STANDARD_ACTION_UNSPECIFIED - - STANDARD_ACTION_DECRYPT - - STANDARD_ACTION_TRANSMIT - authorization.DecisionRequest: - type: object - properties: - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - entityChains: - type: array - items: - $ref: '#/components/schemas/authorization.EntityChain' - title: entity_chains - resourceAttributes: - type: array - items: - $ref: '#/components/schemas/authorization.ResourceAttribute' - title: resource_attributes - title: DecisionRequest - additionalProperties: false - description: |- - Example Request Get Decisions to answer the question - Do Bob (represented by entity chain ec1) - and Alice (represented by entity chain ec2) have TRANSMIT authorization for - 2 resources; resource1 (attr-set-1) defined by attributes foo:bar resource2 (attr-set-2) defined by attribute foo:bar, color:red ? - - { - "actions": [ - { - "standard": "STANDARD_ACTION_TRANSMIT" - } - ], - "entityChains": [ - { - "id": "ec1", - "entities": [ - { - "emailAddress": "bob@example.org" - } - ] - }, - { - "id": "ec2", - "entities": [ - { - "userName": "alice@example.org" - } - ] - } - ], - "resourceAttributes": [ - { - "resourceAttributeId": "attr-set-1", - "attributeFqns": [ - "https://www.example.org/attr/foo/value/value1" - ] - }, - { - "resourceAttributeId": "attr-set-2", - "attributeFqns": [ - "https://example.net/attr/attr1/value/value1", - "https://example.net/attr/attr1/value/value2" - ] - } - ] - } - authorization.DecisionResponse: - type: object - properties: - entityChainId: - type: string - title: entity_chain_id - description: ephemeral entity chain id from the request - resourceAttributesId: - type: string - title: resource_attributes_id - description: ephemeral resource attributes id from the request - action: - title: action - description: Action of the decision response - $ref: '#/components/schemas/policy.Action' - decision: - title: decision - description: The decision response - $ref: '#/components/schemas/authorization.DecisionResponse.Decision' - obligations: - type: array - items: - type: string - title: obligations - description: optional list of obligations represented in URI format - title: DecisionResponse - additionalProperties: false - description: |- - Example response for a Decision Request - Do Bob (represented by entity chain ec1) - and Alice (represented by entity chain ec2) have TRANSMIT authorization for - 2 resources; resource1 (attr-set-1) defined by attributes foo:bar resource2 (attr-set-2) defined by attribute foo:bar, color:red ? - - Results: - - bob has permitted authorization to transmit for a resource defined by attr-set-1 attributes and has a watermark obligation - - bob has denied authorization to transmit a for a resource defined by attr-set-2 attributes - - alice has permitted authorization to transmit for a resource defined by attr-set-1 attributes - - alice has denied authorization to transmit a for a resource defined by attr-set-2 attributes - - { - "entityChainId": "ec1", - "resourceAttributesId": "attr-set-1", - "decision": "DECISION_PERMIT", - "obligations": [ - "http://www.example.org/obligation/watermark" - ] - }, - { - "entityChainId": "ec1", - "resourceAttributesId": "attr-set-2", - "decision": "DECISION_PERMIT" - }, - { - "entityChainId": "ec2", - "resourceAttributesId": "attr-set-1", - "decision": "DECISION_PERMIT" - }, - { - "entityChainId": "ec2", - "resourceAttributesId": "attr-set-2", - "decision": "DECISION_DENY" - } - authorization.Entity: - type: object - oneOf: - - properties: - claims: - title: claims - $ref: '#/components/schemas/google.protobuf.Any' - title: claims - required: - - claims - - properties: - clientId: - type: string - title: client_id - title: client_id - required: - - clientId - - properties: - custom: - title: custom - $ref: '#/components/schemas/authorization.EntityCustom' - title: custom - required: - - custom - - properties: - emailAddress: - type: string - title: email_address - description: one of the entity options must be set - title: email_address - required: - - emailAddress - - properties: - remoteClaimsUrl: - type: string - title: remote_claims_url - title: remote_claims_url - required: - - remoteClaimsUrl - - properties: - userName: - type: string - title: user_name - title: user_name - required: - - userName - - properties: - uuid: - type: string - title: uuid - title: uuid - required: - - uuid - properties: - id: - type: string - title: id - description: ephemeral id for tracking between request and response - category: - title: category - $ref: '#/components/schemas/authorization.Entity.Category' - title: Entity - additionalProperties: false - description: PE (Person Entity) or NPE (Non-Person Entity) - authorization.EntityChain: - type: object - properties: - id: - type: string - title: id - description: ephemeral id for tracking between request and response - entities: - type: array - items: - $ref: '#/components/schemas/authorization.Entity' - title: entities - title: EntityChain - additionalProperties: false - description: A set of related PE and NPE - authorization.EntityCustom: - type: object - properties: - extension: - title: extension - $ref: '#/components/schemas/google.protobuf.Any' - title: EntityCustom - additionalProperties: false - description: Entity type for custom entities beyond the standard types - authorization.EntityEntitlements: - type: object - properties: - entityId: - type: string - title: entity_id - attributeValueFqns: - type: array - items: - type: string - title: attribute_value_fqns - title: EntityEntitlements - additionalProperties: false - authorization.GetDecisionsByTokenRequest: - type: object - properties: - decisionRequests: - type: array - items: - $ref: '#/components/schemas/authorization.TokenDecisionRequest' - title: decision_requests - title: GetDecisionsByTokenRequest - additionalProperties: false - authorization.GetDecisionsByTokenResponse: - type: object - properties: - decisionResponses: - type: array - items: - $ref: '#/components/schemas/authorization.DecisionResponse' - title: decision_responses - title: GetDecisionsByTokenResponse - additionalProperties: false - authorization.GetDecisionsRequest: - type: object - properties: - decisionRequests: - type: array - items: - $ref: '#/components/schemas/authorization.DecisionRequest' - title: decision_requests - title: GetDecisionsRequest - additionalProperties: false - authorization.GetDecisionsResponse: - type: object - properties: - decisionResponses: - type: array - items: - $ref: '#/components/schemas/authorization.DecisionResponse' - title: decision_responses - title: GetDecisionsResponse - additionalProperties: false - authorization.GetEntitlementsRequest: - type: object - properties: - entities: - type: array - items: - $ref: '#/components/schemas/authorization.Entity' - title: entities - description: list of requested entities - scope: - title: scope - description: optional attribute fqn as a scope - nullable: true - $ref: '#/components/schemas/authorization.ResourceAttribute' - withComprehensiveHierarchy: - type: boolean - title: with_comprehensive_hierarchy - description: optional parameter to return a full list of entitlements - returns lower hierarchy attributes - nullable: true - title: GetEntitlementsRequest - additionalProperties: false - description: |- - Request to get entitlements for one or more entities for an optional attribute scope - - Example: Get entitlements for bob and alice (both represented using an email address - - { - "entities": [ - { - "id": "e1", - "emailAddress": "bob@example.org" - }, - { - "id": "e2", - "emailAddress": "alice@example.org" - } - ], - "scope": { - "attributeFqns": [ - "https://example.net/attr/attr1/value/value1", - "https://example.net/attr/attr1/value/value2" - ] - } - } - authorization.GetEntitlementsResponse: - type: object - properties: - entitlements: - type: array - items: - $ref: '#/components/schemas/authorization.EntityEntitlements' - title: entitlements - title: GetEntitlementsResponse - additionalProperties: false - description: |- - Example Response for a request of : Get entitlements for bob and alice (both represented using an email address - - { - "entitlements": [ - { - "entityId": "e1", - "attributeValueReferences": [ - { - "attributeFqn": "http://www.example.org/attr/foo/value/bar" - } - ] - }, - { - "entityId": "e2", - "attributeValueReferences": [ - { - "attributeFqn": "http://www.example.org/attr/color/value/red" - } - ] - } - ] - } - authorization.ResourceAttribute: - type: object - properties: - resourceAttributesId: - type: string - title: resource_attributes_id - attributeValueFqns: - type: array - items: - type: string - title: attribute_value_fqns - title: ResourceAttribute - additionalProperties: false - description: A logical bucket of attributes belonging to a "Resource" - authorization.Token: - type: object - properties: - id: - type: string - title: id - description: ephemeral id for tracking between request and response - jwt: - type: string - title: jwt - description: the token - title: Token - additionalProperties: false - authorization.TokenDecisionRequest: - type: object - properties: - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - tokens: - type: array - items: - $ref: '#/components/schemas/authorization.Token' - title: tokens - resourceAttributes: - type: array - items: - $ref: '#/components/schemas/authorization.ResourceAttribute' - title: resource_attributes - title: TokenDecisionRequest - additionalProperties: false - description: |- - Example Request Get Decisions by Token to answer the question - Do Bob and client1 (represented by token tok1) - and Alice and client2 (represented by token tok2) have TRANSMIT authorization for - 2 resources; resource1 (attr-set-1) defined by attributes foo:bar resource2 (attr-set-2) defined by attribute foo:bar, color:red ? - - { - "actions": [ - { - "standard": "STANDARD_ACTION_TRANSMIT" - } - ], - "tokens": [ - { - "id": "tok1", - "jwt": .... - }, - { - "id": "tok2", - "jwt": ..... - } - ], - "resourceAttributes": [ - { - "attributeFqns": [ - "https://www.example.org/attr/foo/value/value1" - ] - }, - { - "attributeFqns": [ - "https://example.net/attr/attr1/value/value1", - "https://example.net/attr/attr1/value/value2" - ] - } - ] - } - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.Action: - type: object - oneOf: - - properties: - custom: - type: string - title: custom - description: Deprecated - title: custom - required: - - custom - - properties: - standard: - title: standard - description: Deprecated - $ref: '#/components/schemas/policy.Action.StandardAction' - title: standard - required: - - standard - properties: - id: - type: string - title: id - description: Generated uuid in database - name: - type: string - title: name - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Action - additionalProperties: false - description: An action an entity can take - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' -security: [] -tags: - - name: authorization.AuthorizationService diff --git a/specs/authorization/v2/authorization.openapi.yaml b/specs/authorization/v2/authorization.openapi.yaml deleted file mode 100644 index 47de4d93..00000000 --- a/specs/authorization/v2/authorization.openapi.yaml +++ /dev/null @@ -1,764 +0,0 @@ -openapi: 3.1.0 -info: - title: authorization.v2 -paths: - /authorization.v2.AuthorizationService/GetDecision: - post: - tags: - - authorization.v2.AuthorizationService - summary: GetDecision - operationId: authorization.v2.AuthorizationService.GetDecision - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.v2.GetDecisionRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.v2.GetDecisionResponse' - /authorization.v2.AuthorizationService/GetDecisionMultiResource: - post: - tags: - - authorization.v2.AuthorizationService - summary: GetDecisionMultiResource - operationId: authorization.v2.AuthorizationService.GetDecisionMultiResource - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.v2.GetDecisionMultiResourceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.v2.GetDecisionMultiResourceResponse' - /authorization.v2.AuthorizationService/GetDecisionBulk: - post: - tags: - - authorization.v2.AuthorizationService - summary: GetDecisionBulk - operationId: authorization.v2.AuthorizationService.GetDecisionBulk - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.v2.GetDecisionBulkRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.v2.GetDecisionBulkResponse' - /authorization.v2.AuthorizationService/GetEntitlements: - post: - tags: - - authorization.v2.AuthorizationService - summary: GetEntitlements - operationId: authorization.v2.AuthorizationService.GetEntitlements - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.v2.GetEntitlementsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/authorization.v2.GetEntitlementsResponse' -components: - schemas: - authorization.v2.Decision: - type: string - title: Decision - enum: - - DECISION_UNSPECIFIED - - DECISION_DENY - - DECISION_PERMIT - entity.Entity.Category: - type: string - title: Category - enum: - - CATEGORY_UNSPECIFIED - - CATEGORY_SUBJECT - - CATEGORY_ENVIRONMENT - policy.Action.StandardAction: - type: string - title: StandardAction - enum: - - STANDARD_ACTION_UNSPECIFIED - - STANDARD_ACTION_DECRYPT - - STANDARD_ACTION_TRANSMIT - authorization.v2.EntityEntitlements: - type: object - properties: - ephemeralId: - type: string - title: ephemeral_id - description: ephemeral id for tracking between request and response - actionsPerAttributeValueFqn: - type: object - title: actions_per_attribute_value_fqn - additionalProperties: - title: value - $ref: '#/components/schemas/authorization.v2.EntityEntitlements.ActionsList' - title: EntityEntitlements - additionalProperties: false - description: Entitlements for a given entity, mapping each attribute value FQN to any entitled actions[] - authorization.v2.EntityEntitlements.ActionsList: - type: object - properties: - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - title: ActionsList - additionalProperties: false - authorization.v2.EntityEntitlements.ActionsPerAttributeValueFqnEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/authorization.v2.EntityEntitlements.ActionsList' - title: ActionsPerAttributeValueFqnEntry - additionalProperties: false - authorization.v2.EntityIdentifier: - type: object - oneOf: - - properties: - entityChain: - title: entity_chain - description: |+ - chain of one or more entities and at most 10 - entities must be provided and between 1 and 10 in count: - ``` - has(this.entities) && this.entities.size() > 0 && this.entities.size() <= 10 - ``` - - $ref: '#/components/schemas/entity.EntityChain' - title: entity_chain - required: - - entityChain - - properties: - registeredResourceValueFqn: - type: string - title: registered_resource_value_fqn - minLength: 1 - format: uri - description: |- - fully qualified name of the registered resource value stored in platform policy, where in - this case the resource acts as and represents a single entity for authorization/entitlement decisioning - title: registered_resource_value_fqn - required: - - registeredResourceValueFqn - - properties: - token: - title: token - description: |+ - access token (JWT), which is used to create an entity chain (comprising one or more entities) - token must be provided: - ``` - has(this.jwt) && this.jwt.size() > 0 - ``` - - $ref: '#/components/schemas/entity.Token' - title: token - required: - - token - title: EntityIdentifier - additionalProperties: false - description: |- - The EntityIdentifier specifies the actor in an entitlement or decision request - the PE, NPE, or PE+NPE being authorized. - The abstraction houses the distinct entity types, PE and/or NPE combinations, or a registered resource value - being treated as an entity in entitlement/authorization decisioning. - authorization.v2.GetDecisionBulkRequest: - type: object - properties: - decisionRequests: - type: array - items: - $ref: '#/components/schemas/authorization.v2.GetDecisionMultiResourceRequest' - title: decision_requests - maxItems: 200 - minItems: 1 - title: GetDecisionBulkRequest - additionalProperties: false - description: |- - Is access allowed? - 1. Multiplexing of a Decision request - This is a more performant bulk request for complex decisioning (i.e. multiple entity chains or actions on - multiple resources) - authorization.v2.GetDecisionBulkResponse: - type: object - properties: - decisionResponses: - type: array - items: - $ref: '#/components/schemas/authorization.v2.GetDecisionMultiResourceResponse' - title: decision_responses - title: GetDecisionBulkResponse - additionalProperties: false - authorization.v2.GetDecisionMultiResourceRequest: - type: object - properties: - entityIdentifier: - title: entity_identifier - description: an entity must be identified for authorization decisioning - $ref: '#/components/schemas/authorization.v2.EntityIdentifier' - action: - title: action - description: name on action is required - $ref: '#/components/schemas/policy.Action' - resources: - type: array - items: - $ref: '#/components/schemas/authorization.v2.Resource' - title: resources - maxItems: 1000 - minItems: 1 - title: GetDecisionMultiResourceRequest - required: - - entityIdentifier - - action - additionalProperties: false - description: |+ - Can the identified entity/entities access? - 1. one entity reference (actor) - 2. one action - 3. multiple resources - Note: this is a more performant bulk request for multiple resource decisions, up to 1000 per request - action.name must be provided: - ``` - has(this.action.name) - ``` - - authorization.v2.GetDecisionMultiResourceResponse: - type: object - properties: - allPermitted: - title: all_permitted - description: convenience flag indicating global resource decisions result (permit/deny) - $ref: '#/components/schemas/google.protobuf.BoolValue' - resourceDecisions: - type: array - items: - $ref: '#/components/schemas/authorization.v2.ResourceDecision' - title: resource_decisions - description: individual resource decisions - title: GetDecisionMultiResourceResponse - additionalProperties: false - authorization.v2.GetDecisionRequest: - type: object - properties: - entityIdentifier: - title: entity_identifier - description: an entity must be identified for authorization decisioning - $ref: '#/components/schemas/authorization.v2.EntityIdentifier' - action: - title: action - description: name on action is required - $ref: '#/components/schemas/policy.Action' - resource: - title: resource - $ref: '#/components/schemas/authorization.v2.Resource' - title: GetDecisionRequest - required: - - entityIdentifier - - action - - resource - additionalProperties: false - description: |+ - Can the identified entity/entities access? - 1. one entity reference (actor) - 2. one action - 3. one resource - action.name must be provided: - ``` - has(this.action.name) - ``` - - authorization.v2.GetDecisionResponse: - type: object - properties: - decision: - title: decision - description: |- - decision on the resource optional list of obligations represented in URI format - repeated string obligations = 2; - $ref: '#/components/schemas/authorization.v2.ResourceDecision' - title: GetDecisionResponse - additionalProperties: false - authorization.v2.GetEntitlementsRequest: - type: object - properties: - entityIdentifier: - title: entity_identifier - description: an entity must be identified for entitlement decisioning - $ref: '#/components/schemas/authorization.v2.EntityIdentifier' - withComprehensiveHierarchy: - type: boolean - title: with_comprehensive_hierarchy - description: |- - optional parameter to return all entitled values for attribute definitions with hierarchy rules, propagating - down the hierarchical values instead of returning solely the value that is directly entitled - nullable: true - title: GetEntitlementsRequest - required: - - entityIdentifier - additionalProperties: false - description: |- - What is permitted to the identified entity/entities (actor), broken down as permitted actions on attribute value FQNs? - - Note: the v1 API parameter 'scope' has been dropped, and it is recommended to use - GetDecision if the resource is known - authorization.v2.GetEntitlementsResponse: - type: object - properties: - entitlements: - type: array - items: - $ref: '#/components/schemas/authorization.v2.EntityEntitlements' - title: entitlements - title: GetEntitlementsResponse - additionalProperties: false - authorization.v2.Resource: - type: object - oneOf: - - properties: - attributeValues: - title: attribute_values - description: |+ - a set of attribute value FQNs, such as those on a TDF, between 1 and 20 in count - if provided, resource.attribute_values must be between 1 and 20 in count with all valid FQNs: - ``` - this.fqns.size() > 0 && this.fqns.size() <= 20 && this.fqns.all(item, item.isUri()) - ``` - - $ref: '#/components/schemas/authorization.v2.Resource.AttributeValues' - title: attribute_values - required: - - attributeValues - - properties: - registeredResourceValueFqn: - type: string - title: registered_resource_value_fqn - minLength: 1 - format: uri - description: fully qualified name of the registered resource value stored in platform policy - title: registered_resource_value_fqn - required: - - registeredResourceValueFqn - properties: - ephemeralId: - type: string - title: ephemeral_id - description: ephemeral id for tracking between request and response - title: Resource - additionalProperties: false - description: Either a set of attribute values (such as those on a TDF) or a registered resource value - authorization.v2.Resource.AttributeValues: - type: object - properties: - fqns: - type: array - items: - type: string - title: fqns - title: AttributeValues - additionalProperties: false - authorization.v2.ResourceDecision: - type: object - properties: - ephemeralResourceId: - type: string - title: ephemeral_resource_id - description: ephemeral id for tracking between request and response - decision: - title: decision - description: decision result - $ref: '#/components/schemas/authorization.v2.Decision' - title: ResourceDecision - additionalProperties: false - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - entity.Entity: - type: object - oneOf: - - properties: - claims: - title: claims - description: used by ERS claims mode - $ref: '#/components/schemas/google.protobuf.Any' - title: claims - required: - - claims - - properties: - clientId: - type: string - title: client_id - title: client_id - required: - - clientId - - properties: - emailAddress: - type: string - title: email_address - title: email_address - required: - - emailAddress - - properties: - userName: - type: string - title: user_name - title: user_name - required: - - userName - properties: - ephemeralId: - type: string - title: ephemeral_id - description: ephemeral id for tracking between request and response - category: - title: category - $ref: '#/components/schemas/entity.Entity.Category' - title: Entity - additionalProperties: false - description: PE (Person Entity) or NPE (Non-Person Entity) - entity.EntityChain: - type: object - properties: - ephemeralId: - type: string - title: ephemeral_id - description: ephemeral id for tracking between request and response - entities: - type: array - items: - $ref: '#/components/schemas/entity.Entity' - title: entities - title: EntityChain - additionalProperties: false - description: A set of related PE and NPE - entity.Token: - type: object - properties: - ephemeralId: - type: string - title: ephemeral_id - description: ephemeral id for tracking between request and response - jwt: - type: string - title: jwt - description: the token - title: Token - required: - - jwt - additionalProperties: false - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. - google.protobuf.BoolValue: - type: boolean - description: |- - Wrapper message for `bool`. - - The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.Action: - type: object - oneOf: - - properties: - custom: - type: string - title: custom - description: Deprecated - title: custom - required: - - custom - - properties: - standard: - title: standard - description: Deprecated - $ref: '#/components/schemas/policy.Action.StandardAction' - title: standard - required: - - standard - properties: - id: - type: string - title: id - description: Generated uuid in database - name: - type: string - title: name - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Action - additionalProperties: false - description: An action an entity can take - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' -security: [] -tags: - - name: authorization.v2.AuthorizationService diff --git a/specs/bookstore.yaml b/specs/bookstore.yaml deleted file mode 100644 index a012b81a..00000000 --- a/specs/bookstore.yaml +++ /dev/null @@ -1,718 +0,0 @@ -openapi: 3.0.0 -servers: - - url: https://api.examplebookstore.com/v1 - description: Production server - - url: https://sandbox.api.examplebookstore.com/v1 - description: Sandbox server - - url: http://localhost:4010 - description: Local development mock server -info: - title: Bookstore API - version: 1.0.0 - description: | - Welcome to the Bookstore API. This API provides access to a rich collection of books, author details, and genre classifications. - You can use this API to browse our catalog, search for specific titles, and manage book-related data. - - ## Key Features: - * Access detailed information about books, including titles, ISBNs, authors, and genres. - * Manage author profiles and their literary works. - * Explore books categorized by various genres. - - This specification is written in OpenAPI 3.0.0 format. - contact: - name: Bookstore API Support - email: support@examplebookstore.com - url: https://developer.examplebookstore.com/support - license: - name: Apache 2.0 - url: "http://www.apache.org/licenses/LICENSE-2.0.html" - x-logo: - url: "https://examplebookstore.com/assets/logo.png" - altText: "Bookstore Logo" -tags: - - name: Books - description: Operations related to books in the catalog. - x-displayName: Books - - name: Authors - description: Operations related to book authors. - x-displayName: Authors - - name: Genres - description: Operations related to book genres. - x-displayName: Genres - - name: Schema-Book - x-displayName: Book Schema - description: | - - - name: Schema-Author - x-displayName: Author Schema - description: | - - - name: Schema-Genre - x-displayName: Genre Schema - description: | - -x-tagGroups: - - name: Core Resources - tags: - - Books - - Authors - - Genres - - name: Data Models - tags: - - Schema-Book - - Schema-Author - - Schema-Genre -paths: - /books: - get: - tags: - - Books - summary: List all books - description: Retrieves a paginated list of all books in the catalog. Supports filtering by genre and author. - operationId: listBooks - parameters: - - name: limit - in: query - description: Maximum number of books to return. - required: false - schema: - type: integer - format: int32 - default: 20 - minimum: 1 - maximum: 100 - - name: offset - in: query - description: Number of books to skip for pagination. - required: false - schema: - type: integer - format: int32 - default: 0 - minimum: 0 - - name: genreId - in: query - description: Filter books by a specific genre ID. - required: false - schema: - type: string - format: uuid - - name: authorId - in: query - description: Filter books by a specific author ID. - required: false - schema: - type: string - format: uuid - responses: - "200": - description: A list of books. - content: - application/json: - schema: - type: array - items: - $ref: "#/components/schemas/Book" - "400": - description: Invalid query parameters. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - post: - tags: - - Books - summary: Add a new book - description: Adds a new book to the catalog. - operationId: createBook - requestBody: - description: Book object to be added. - required: true - content: - application/json: - schema: - $ref: "#/components/schemas/BookInput" - responses: - "201": - description: Book created successfully. - content: - application/json: - schema: - $ref: "#/components/schemas/Book" - "400": - description: Invalid input data for the book. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - "409": - description: A book with the same ISBN already exists. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - "/books/{bookId}": - parameters: - - name: bookId - in: path - required: true - description: Unique identifier of the book. - schema: - type: string - format: uuid - get: - tags: - - Books - summary: Get book by ID - description: Retrieves detailed information for a specific book. - operationId: getBookById - responses: - "200": - description: Detailed information about the book. - content: - application/json: - schema: - $ref: "#/components/schemas/Book" - "404": - description: Book not found. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - put: - tags: - - Books - summary: Update an existing book - description: Updates the information for an existing book. - operationId: updateBook - requestBody: - description: Book object with updated information. - required: true - content: - application/json: - schema: - $ref: "#/components/schemas/BookInput" - responses: - "200": - description: Book updated successfully. - content: - application/json: - schema: - $ref: "#/components/schemas/Book" - "400": - description: Invalid input data for the book. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - "404": - description: Book not found. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - delete: - tags: - - Books - summary: Delete a book - description: Removes a book from the catalog. - operationId: deleteBook - responses: - "204": - description: Book deleted successfully. - "404": - description: Book not found. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - /authors: - get: - tags: - - Authors - summary: List all authors - description: Retrieves a list of all authors. - operationId: listAuthors - parameters: - - name: limit - in: query - description: Maximum number of authors to return. - required: false - schema: - type: integer - format: int32 - default: 20 - - name: offset - in: query - description: Number of authors to skip for pagination. - required: false - schema: - type: integer - format: int32 - default: 0 - responses: - "200": - description: A list of authors. - content: - application/json: - schema: - type: array - items: - $ref: "#/components/schemas/Author" - post: - tags: - - Authors - summary: Add a new author - description: Adds a new author to the system. - operationId: createAuthor - requestBody: - description: Author object to be added. - required: true - content: - application/json: - schema: - $ref: "#/components/schemas/AuthorInput" - responses: - "201": - description: Author created successfully. - content: - application/json: - schema: - $ref: "#/components/schemas/Author" - "400": - description: Invalid input data for the author. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - "/authors/{authorId}": - parameters: - - name: authorId - in: path - required: true - description: Unique identifier of the author. - schema: - type: string - format: uuid - get: - tags: - - Authors - summary: Get author by ID - description: Retrieves detailed information for a specific author. - operationId: getAuthorById - responses: - "200": - description: Detailed information about the author. - content: - application/json: - schema: - $ref: "#/components/schemas/Author" - "404": - description: Author not found. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - put: - tags: - - Authors - summary: Update an existing author - description: Updates the information for an existing author. - operationId: updateAuthor - requestBody: - description: Author object with updated information. - required: true - content: - application/json: - schema: - $ref: "#/components/schemas/AuthorInput" - responses: - "200": - description: Author updated successfully. - content: - application/json: - schema: - $ref: "#/components/schemas/Author" - "400": - description: Invalid input data for the author. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - "404": - description: Author not found. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - delete: - tags: - - Authors - summary: Delete an author - description: Removes an author from the system. Associated books may need to be handled or re-assigned. - operationId: deleteAuthor - responses: - "204": - description: Author deleted successfully. - "404": - description: Author not found. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - /genres: - get: - tags: - - Genres - summary: List all genres - description: Retrieves a list of all book genres. - operationId: listGenres - responses: - "200": - description: A list of genres. - content: - application/json: - schema: - type: array - items: - $ref: "#/components/schemas/Genre" - post: - tags: - - Genres - summary: Add a new genre - description: Adds a new genre to the system. - operationId: createGenre - requestBody: - description: Genre object to be added. - required: true - content: - application/json: - schema: - $ref: "#/components/schemas/GenreInput" - responses: - "201": - description: Genre created successfully. - content: - application/json: - schema: - $ref: "#/components/schemas/Genre" - "400": - description: Invalid input data for the genre. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - "409": - description: A genre with the same name already exists. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - "/genres/{genreId}": - parameters: - - name: genreId - in: path - required: true - description: Unique identifier of the genre. - schema: - type: string - format: uuid - get: - tags: - - Genres - summary: Get genre by ID - description: Retrieves detailed information for a specific genre. - operationId: getGenreById - responses: - "200": - description: Detailed information about the genre. - content: - application/json: - schema: - $ref: "#/components/schemas/Genre" - "404": - description: Genre not found. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - put: - tags: - - Genres - summary: Update an existing genre - description: Updates the information for an existing genre. - operationId: updateGenre - requestBody: - description: Genre object with updated information. - required: true - content: - application/json: - schema: - $ref: "#/components/schemas/GenreInput" - responses: - "200": - description: Genre updated successfully. - content: - application/json: - schema: - $ref: "#/components/schemas/Genre" - "400": - description: Invalid input data for the genre. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - "404": - description: Genre not found. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" - delete: - tags: - - Genres - summary: Delete a genre - description: Removes a genre from the system. - operationId: deleteGenre - responses: - "204": - description: Genre deleted successfully. - "404": - description: Genre not found. - content: - application/json: - schema: - $ref: "#/components/schemas/Error" -components: - schemas: - Book: - type: object - required: - - id - - title - - isbn - - authorIds - - genreIds - properties: - id: - type: string - format: uuid - description: Unique identifier for the book. - readOnly: true - example: "d290f1ee-6c54-4b01-90e6-d701748f0851" - title: - type: string - description: The title of the book. - example: "The Great Novel" - isbn: - type: string - description: International Standard Book Number. - example: "978-3-16-148410-0" - publicationDate: - type: string - format: date - description: The date the book was published. - example: "2023-05-15" - description: - type: string - description: A short summary or description of the book. - example: "An epic tale of adventure and discovery." - coverImageUrl: - type: string - format: url - description: URL to the book's cover image. - example: "https://examplebookstore.com/covers/great-novel.jpg" - authorIds: - type: array - description: List of author IDs associated with this book. - items: - type: string - format: uuid - example: "a1b2c3d4-e5f6-7890-1234-567890abcdef" - genreIds: - type: array - description: List of genre IDs this book belongs to. - items: - type: string - format: uuid - example: "f0e1d2c3-b4a5-6789-0123-456789abcdef" - BookInput: - type: object - required: - - title - - isbn - - authorIds - - genreIds - properties: - title: - type: string - description: The title of the book. - example: "The Great Novel" - isbn: - type: string - description: International Standard Book Number. - example: "978-3-16-148410-0" - publicationDate: - type: string - format: date - description: The date the book was published. - example: "2023-05-15" - description: - type: string - description: A short summary or description of the book. - example: "An epic tale of adventure and discovery." - coverImageUrl: - type: string - format: url - description: URL to the book's cover image. - example: "https://examplebookstore.com/covers/great-novel.jpg" - authorIds: - type: array - description: List of author IDs associated with this book. - items: - type: string - format: uuid - example: "a1b2c3d4-e5f6-7890-1234-567890abcdef" - genreIds: - type: array - description: List of genre IDs this book belongs to. - items: - type: string - format: uuid - example: "f0e1d2c3-b4a5-6789-0123-456789abcdef" - Author: - type: object - required: - - id - - firstName - - lastName - properties: - id: - type: string - format: uuid - description: Unique identifier for the author. - readOnly: true - example: "a1b2c3d4-e5f6-7890-1234-567890abcdef" - firstName: - type: string - description: Author's first name. - example: "Jane" - lastName: - type: string - description: Author's last name. - example: "Doe" - biography: - type: string - description: A short biography of the author. - example: "Jane Doe is a renowned author of contemporary fiction." - birthDate: - type: string - format: date - description: Author's date of birth. - example: "1980-01-20" - AuthorInput: - type: object - required: - - firstName - - lastName - properties: - firstName: - type: string - description: Author's first name. - example: "Jane" - lastName: - type: string - description: Author's last name. - example: "Doe" - biography: - type: string - description: A short biography of the author. - example: "Jane Doe is a renowned author of contemporary fiction." - birthDate: - type: string - format: date - description: Author's date of birth. - example: "1980-01-20" - Genre: - type: object - required: - - id - - name - properties: - id: - type: string - format: uuid - description: Unique identifier for the genre. - readOnly: true - example: "f0e1d2c3-b4a5-6789-0123-456789abcdef" - name: - type: string - description: The name of the genre. - example: "Science Fiction" - description: - type: string - description: A brief description of the genre. - example: "Literature that explores imaginative concepts based on scientific or technological advancements." - GenreInput: - type: object - required: - - name - properties: - name: - type: string - description: The name of the genre. - example: "Science Fiction" - description: - type: string - description: A brief description of the genre. - example: "Literature that explores imaginative concepts based on scientific or technological advancements." - Error: - type: object - required: - - code - - message - properties: - code: - type: string - description: An error code. - example: "NOT_FOUND" - message: - type: string - description: A human-readable error message. - example: "The requested resource was not found." - details: - type: object - additionalProperties: true - description: Additional details about the error. - securitySchemes: - ApiKeyAuth: - type: apiKey - in: header - name: X-API-KEY - description: API key for authentication. Use `test-api-key` for testing purposes. - BearerAuth: - type: http - scheme: bearer - bearerFormat: JWT - description: Bearer token for authentication using JWT. - OAuth2Flow: - type: oauth2 - description: OAuth2 authentication for accessing protected resources. - flows: - authorizationCode: - authorizationUrl: https://auth.examplebookstore.com/oauth/authorize - tokenUrl: https://auth.examplebookstore.com/oauth/token - scopes: - "books:read": Read access to books - "books:write": Write access to books - "authors:read": Read access to authors - "authors:write": Write access to authors - "genres:read": Read access to genres - "genres:write": Write access to genres -security: - - ApiKeyAuth: [] - - BearerAuth: [] - - OAuth2Flow: - - "books:read" - - "authors:read" - - "genres:read" \ No newline at end of file diff --git a/specs/common/common.openapi.yaml b/specs/common/common.openapi.yaml deleted file mode 100644 index b19945f5..00000000 --- a/specs/common/common.openapi.yaml +++ /dev/null @@ -1,171 +0,0 @@ -openapi: 3.1.0 -info: - title: common -paths: {} -components: - schemas: - common.ActiveStateEnum: - type: string - title: ActiveStateEnum - enum: - - ACTIVE_STATE_ENUM_UNSPECIFIED - - ACTIVE_STATE_ENUM_ACTIVE - - ACTIVE_STATE_ENUM_INACTIVE - - ACTIVE_STATE_ENUM_ANY - description: 'buflint ENUM_VALUE_PREFIX: to make sure that C++ scoping rules aren''t violated when users add new enum values to an enum in a given package' - common.MetadataUpdateEnum: - type: string - title: MetadataUpdateEnum - enum: - - METADATA_UPDATE_ENUM_UNSPECIFIED - - METADATA_UPDATE_ENUM_EXTEND - - METADATA_UPDATE_ENUM_REPLACE - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - common.MetadataMutable: - type: object - properties: - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional labels - title: MetadataMutable - additionalProperties: false - common.MetadataMutable.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.Timestamp: - type: string - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. -security: [] diff --git a/specs/entity/entity.openapi.yaml b/specs/entity/entity.openapi.yaml deleted file mode 100644 index 6484c863..00000000 --- a/specs/entity/entity.openapi.yaml +++ /dev/null @@ -1,100 +0,0 @@ -openapi: 3.1.0 -info: - title: entity -paths: {} -components: - schemas: - entity.Entity.Category: - type: string - title: Category - enum: - - CATEGORY_UNSPECIFIED - - CATEGORY_SUBJECT - - CATEGORY_ENVIRONMENT - entity.Entity: - type: object - oneOf: - - properties: - claims: - title: claims - description: used by ERS claims mode - $ref: '#/components/schemas/google.protobuf.Any' - title: claims - required: - - claims - - properties: - clientId: - type: string - title: client_id - title: client_id - required: - - clientId - - properties: - emailAddress: - type: string - title: email_address - title: email_address - required: - - emailAddress - - properties: - userName: - type: string - title: user_name - title: user_name - required: - - userName - properties: - ephemeralId: - type: string - title: ephemeral_id - description: ephemeral id for tracking between request and response - category: - title: category - $ref: '#/components/schemas/entity.Entity.Category' - title: Entity - additionalProperties: false - description: PE (Person Entity) or NPE (Non-Person Entity) - entity.EntityChain: - type: object - properties: - ephemeralId: - type: string - title: ephemeral_id - description: ephemeral id for tracking between request and response - entities: - type: array - items: - $ref: '#/components/schemas/entity.Entity' - title: entities - title: EntityChain - additionalProperties: false - description: A set of related PE and NPE - entity.Token: - type: object - properties: - ephemeralId: - type: string - title: ephemeral_id - description: ephemeral id for tracking between request and response - jwt: - type: string - title: jwt - description: the token - title: Token - required: - - jwt - additionalProperties: false - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] diff --git a/specs/entityresolution/entity_resolution.openapi.yaml b/specs/entityresolution/entity_resolution.openapi.yaml deleted file mode 100644 index d89cbdaa..00000000 --- a/specs/entityresolution/entity_resolution.openapi.yaml +++ /dev/null @@ -1,424 +0,0 @@ -openapi: 3.1.0 -info: - title: entityresolution -paths: - /entityresolution/resolve: - post: - tags: - - entityresolution.EntityResolutionService - summary: ResolveEntities - description: 'Deprecated: use v2 ResolveEntities instead' - operationId: entityresolution.EntityResolutionService.ResolveEntities - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/entityresolution.ResolveEntitiesRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/entityresolution.ResolveEntitiesResponse' - /entityresolution/entitychain: - post: - tags: - - entityresolution.EntityResolutionService - summary: CreateEntityChainFromJwt - description: 'Deprecated: use v2 CreateEntityChainsFromTokens instead' - operationId: entityresolution.EntityResolutionService.CreateEntityChainFromJwt - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/entityresolution.CreateEntityChainFromJwtRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/entityresolution.CreateEntityChainFromJwtResponse' -components: - schemas: - authorization.Entity.Category: - type: string - title: Category - enum: - - CATEGORY_UNSPECIFIED - - CATEGORY_SUBJECT - - CATEGORY_ENVIRONMENT - google.protobuf.NullValue: - type: string - title: NullValue - enum: - - NULL_VALUE - description: |- - `NullValue` is a singleton enumeration to represent the null value for the - `Value` type union. - - The JSON representation for `NullValue` is JSON `null`. - authorization.Entity: - type: object - oneOf: - - properties: - claims: - title: claims - $ref: '#/components/schemas/google.protobuf.Any' - title: claims - required: - - claims - - properties: - clientId: - type: string - title: client_id - title: client_id - required: - - clientId - - properties: - custom: - title: custom - $ref: '#/components/schemas/authorization.EntityCustom' - title: custom - required: - - custom - - properties: - emailAddress: - type: string - title: email_address - description: one of the entity options must be set - title: email_address - required: - - emailAddress - - properties: - remoteClaimsUrl: - type: string - title: remote_claims_url - title: remote_claims_url - required: - - remoteClaimsUrl - - properties: - userName: - type: string - title: user_name - title: user_name - required: - - userName - - properties: - uuid: - type: string - title: uuid - title: uuid - required: - - uuid - properties: - id: - type: string - title: id - description: ephemeral id for tracking between request and response - category: - title: category - $ref: '#/components/schemas/authorization.Entity.Category' - title: Entity - additionalProperties: false - description: PE (Person Entity) or NPE (Non-Person Entity) - authorization.EntityChain: - type: object - properties: - id: - type: string - title: id - description: ephemeral id for tracking between request and response - entities: - type: array - items: - $ref: '#/components/schemas/authorization.Entity' - title: entities - title: EntityChain - additionalProperties: false - description: A set of related PE and NPE - authorization.EntityCustom: - type: object - properties: - extension: - title: extension - $ref: '#/components/schemas/google.protobuf.Any' - title: EntityCustom - additionalProperties: false - description: Entity type for custom entities beyond the standard types - authorization.Token: - type: object - properties: - id: - type: string - title: id - description: ephemeral id for tracking between request and response - jwt: - type: string - title: jwt - description: the token - title: Token - additionalProperties: false - entityresolution.CreateEntityChainFromJwtRequest: - type: object - properties: - tokens: - type: array - items: - $ref: '#/components/schemas/authorization.Token' - title: tokens - title: CreateEntityChainFromJwtRequest - additionalProperties: false - description: |- - Example: Get Entity chains for tokens aaaaaa and bbbbbb - { - "tokens": [ - "aaaaaaa", - "bbbbbbbb" - ] - } - entityresolution.CreateEntityChainFromJwtResponse: - type: object - properties: - entityChains: - type: array - items: - $ref: '#/components/schemas/authorization.EntityChain' - title: entity_chains - title: CreateEntityChainFromJwtResponse - additionalProperties: false - description: |- - Example: Return the entity chains from the provided tokens - { - "entity_chains": [ - { - "id": "tok1", - "entities": [ - { - "clientId": "client1" - } - ] - }, - { - "id": "tok2", - "entities": [ - { - "userName": "alice", - "clientId": "client2" - } - ] - } - ] - } - entityresolution.EntityNotFoundError: - type: object - properties: - code: - type: integer - title: code - format: int32 - message: - type: string - title: message - details: - type: array - items: - $ref: '#/components/schemas/google.protobuf.Any' - title: details - entity: - type: string - title: entity - title: EntityNotFoundError - additionalProperties: false - entityresolution.EntityRepresentation: - type: object - properties: - additionalProps: - type: array - items: - $ref: '#/components/schemas/google.protobuf.Struct' - title: additional_props - originalId: - type: string - title: original_id - description: ephemeral entity id from the request - title: EntityRepresentation - additionalProperties: false - entityresolution.ResolveEntitiesRequest: - type: object - properties: - entities: - type: array - items: - $ref: '#/components/schemas/authorization.Entity' - title: entities - title: ResolveEntitiesRequest - additionalProperties: false - description: |- - Example: Get idp attributes for bob and alice (both represented using an email address - { - "entities": [ - { - "id": "e1", - "emailAddress": "bob@example.org" - }, - { - "id": "e2", - "emailAddress": "alice@example.org" - } - ] - } - entityresolution.ResolveEntitiesResponse: - type: object - properties: - entityRepresentations: - type: array - items: - $ref: '#/components/schemas/entityresolution.EntityRepresentation' - title: entity_representations - title: ResolveEntitiesResponse - additionalProperties: false - description: |- - Example: Get idp attributes for bob and alice - { - "entity_representations": [ - { - "idp_entity_id": "e1", - "additional_props": {"someAttr1":"someValue1"} - }, - { - "idp_entity_id": "e2", - "additional_props": {"someAttr2":"someValue2"} - } - ] - } - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. - google.protobuf.ListValue: - type: object - properties: - values: - type: array - items: - $ref: '#/components/schemas/google.protobuf.Value' - title: values - description: Repeated field of dynamically typed values. - title: ListValue - additionalProperties: false - description: |- - `ListValue` is a wrapper around a repeated field of values. - - The JSON representation for `ListValue` is JSON array. - google.protobuf.Struct: - type: object - additionalProperties: - $ref: '#/components/schemas/google.protobuf.Value' - description: |- - `Struct` represents a structured data value, consisting of fields - which map to dynamically typed values. In some languages, `Struct` - might be supported by a native representation. For example, in - scripting languages like JS a struct is represented as an - object. The details of that representation are described together - with the proto support for the language. - - The JSON representation for `Struct` is JSON object. - google.protobuf.Struct.FieldsEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/google.protobuf.Value' - title: FieldsEntry - additionalProperties: false - google.protobuf.Value: - oneOf: - - type: "null" - - type: number - - type: string - - type: boolean - - type: array - - type: object - additionalProperties: true - description: |- - `Value` represents a dynamically typed value which can be either - null, a number, a string, a boolean, a recursive struct value, or a - list of values. A producer of value is expected to set one of these - variants. Absence of any variant indicates an error. - - The JSON representation for `Value` is JSON value. - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' -security: [] -tags: - - name: entityresolution.EntityResolutionService diff --git a/specs/entityresolution/v2/entity_resolution.openapi.yaml b/specs/entityresolution/v2/entity_resolution.openapi.yaml deleted file mode 100644 index c4a839fc..00000000 --- a/specs/entityresolution/v2/entity_resolution.openapi.yaml +++ /dev/null @@ -1,360 +0,0 @@ -openapi: 3.1.0 -info: - title: entityresolution.v2 -paths: - /entityresolution.v2.EntityResolutionService/ResolveEntities: - post: - tags: - - entityresolution.v2.EntityResolutionService - summary: ResolveEntities - operationId: entityresolution.v2.EntityResolutionService.ResolveEntities - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/entityresolution.v2.ResolveEntitiesRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/entityresolution.v2.ResolveEntitiesResponse' - /entityresolution.v2.EntityResolutionService/CreateEntityChainsFromTokens: - post: - tags: - - entityresolution.v2.EntityResolutionService - summary: CreateEntityChainsFromTokens - operationId: entityresolution.v2.EntityResolutionService.CreateEntityChainsFromTokens - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/entityresolution.v2.CreateEntityChainsFromTokensRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/entityresolution.v2.CreateEntityChainsFromTokensResponse' -components: - schemas: - entity.Entity.Category: - type: string - title: Category - enum: - - CATEGORY_UNSPECIFIED - - CATEGORY_SUBJECT - - CATEGORY_ENVIRONMENT - google.protobuf.NullValue: - type: string - title: NullValue - enum: - - NULL_VALUE - description: |- - `NullValue` is a singleton enumeration to represent the null value for the - `Value` type union. - - The JSON representation for `NullValue` is JSON `null`. - entity.Entity: - type: object - oneOf: - - properties: - claims: - title: claims - description: used by ERS claims mode - $ref: '#/components/schemas/google.protobuf.Any' - title: claims - required: - - claims - - properties: - clientId: - type: string - title: client_id - title: client_id - required: - - clientId - - properties: - emailAddress: - type: string - title: email_address - title: email_address - required: - - emailAddress - - properties: - userName: - type: string - title: user_name - title: user_name - required: - - userName - properties: - ephemeralId: - type: string - title: ephemeral_id - description: ephemeral id for tracking between request and response - category: - title: category - $ref: '#/components/schemas/entity.Entity.Category' - title: Entity - additionalProperties: false - description: PE (Person Entity) or NPE (Non-Person Entity) - entity.EntityChain: - type: object - properties: - ephemeralId: - type: string - title: ephemeral_id - description: ephemeral id for tracking between request and response - entities: - type: array - items: - $ref: '#/components/schemas/entity.Entity' - title: entities - title: EntityChain - additionalProperties: false - description: A set of related PE and NPE - entity.Token: - type: object - properties: - ephemeralId: - type: string - title: ephemeral_id - description: ephemeral id for tracking between request and response - jwt: - type: string - title: jwt - description: the token - title: Token - required: - - jwt - additionalProperties: false - entityresolution.v2.CreateEntityChainsFromTokensRequest: - type: object - properties: - tokens: - type: array - items: - $ref: '#/components/schemas/entity.Token' - title: tokens - title: CreateEntityChainsFromTokensRequest - additionalProperties: false - description: Create an entity chain for each token (JWT) in the request. - entityresolution.v2.CreateEntityChainsFromTokensResponse: - type: object - properties: - entityChains: - type: array - items: - $ref: '#/components/schemas/entity.EntityChain' - title: entity_chains - title: CreateEntityChainsFromTokensResponse - additionalProperties: false - entityresolution.v2.EntityNotFoundError: - type: object - properties: - code: - type: integer - title: code - format: int32 - message: - type: string - title: message - details: - type: array - items: - $ref: '#/components/schemas/google.protobuf.Any' - title: details - entity: - type: string - title: entity - title: EntityNotFoundError - additionalProperties: false - entityresolution.v2.EntityRepresentation: - type: object - properties: - originalId: - type: string - title: original_id - description: ephemeral entity id from the request - additionalProps: - type: array - items: - $ref: '#/components/schemas/google.protobuf.Struct' - title: additional_props - title: EntityRepresentation - additionalProperties: false - entityresolution.v2.ResolveEntitiesRequest: - type: object - properties: - entities: - type: array - items: - $ref: '#/components/schemas/entity.Entity' - title: entities - minItems: 1 - title: ResolveEntitiesRequest - required: - - entities - additionalProperties: false - description: Resolve a set of entities to their representations. - entityresolution.v2.ResolveEntitiesResponse: - type: object - properties: - entityRepresentations: - type: array - items: - $ref: '#/components/schemas/entityresolution.v2.EntityRepresentation' - title: entity_representations - title: ResolveEntitiesResponse - additionalProperties: false - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. - google.protobuf.ListValue: - type: object - properties: - values: - type: array - items: - $ref: '#/components/schemas/google.protobuf.Value' - title: values - description: Repeated field of dynamically typed values. - title: ListValue - additionalProperties: false - description: |- - `ListValue` is a wrapper around a repeated field of values. - - The JSON representation for `ListValue` is JSON array. - google.protobuf.Struct: - type: object - additionalProperties: - $ref: '#/components/schemas/google.protobuf.Value' - description: |- - `Struct` represents a structured data value, consisting of fields - which map to dynamically typed values. In some languages, `Struct` - might be supported by a native representation. For example, in - scripting languages like JS a struct is represented as an - object. The details of that representation are described together - with the proto support for the language. - - The JSON representation for `Struct` is JSON object. - google.protobuf.Struct.FieldsEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/google.protobuf.Value' - title: FieldsEntry - additionalProperties: false - google.protobuf.Value: - oneOf: - - type: "null" - - type: number - - type: string - - type: boolean - - type: array - - type: object - additionalProperties: true - description: |- - `Value` represents a dynamically typed value which can be either - null, a number, a string, a boolean, a recursive struct value, or a - list of values. A producer of value is expected to set one of these - variants. Absence of any variant indicates an error. - - The JSON representation for `Value` is JSON value. - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' -security: [] -tags: - - name: entityresolution.v2.EntityResolutionService diff --git a/specs/kas/kas.openapi.yaml b/specs/kas/kas.openapi.yaml deleted file mode 100644 index 681fa230..00000000 --- a/specs/kas/kas.openapi.yaml +++ /dev/null @@ -1,503 +0,0 @@ -openapi: 3.1.0 -info: - title: kas -paths: - /kas/v2/kas_public_key: - get: - tags: - - kas.AccessService - summary: PublicKey - operationId: kas.AccessService.PublicKey - parameters: - - name: algorithm - in: query - schema: - type: string - title: algorithm - - name: fmt - in: query - schema: - type: string - title: fmt - - name: v - in: query - schema: - type: string - title: v - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/kas.PublicKeyResponse' - /kas/kas_public_key: - get: - tags: - - kas.AccessService - summary: LegacyPublicKey - description: |- - Endpoint intended for gRPC Gateway's REST endpoint to provide v1 compatibility with older TDF clients - - This endpoint is not recommended for use in new applications, prefer the v2 endpoint ('PublicKey') instead. - - buf:lint:ignore RPC_RESPONSE_STANDARD_NAME - operationId: kas.AccessService.LegacyPublicKey - parameters: - - name: algorithm - in: query - schema: - type: string - title: algorithm - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/google.protobuf.StringValue' - /kas/v2/rewrap: - post: - tags: - - kas.AccessService - summary: Rewrap - operationId: kas.AccessService.Rewrap - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/kas.RewrapRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/kas.RewrapResponse' -components: - schemas: - google.protobuf.NullValue: - type: string - title: NullValue - enum: - - NULL_VALUE - description: |- - `NullValue` is a singleton enumeration to represent the null value for the - `Value` type union. - - The JSON representation for `NullValue` is JSON `null`. - google.protobuf.ListValue: - type: object - properties: - values: - type: array - items: - $ref: '#/components/schemas/google.protobuf.Value' - title: values - description: Repeated field of dynamically typed values. - title: ListValue - additionalProperties: false - description: |- - `ListValue` is a wrapper around a repeated field of values. - - The JSON representation for `ListValue` is JSON array. - google.protobuf.StringValue: - type: string - description: |- - Wrapper message for `string`. - - The JSON representation for `StringValue` is JSON string. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Struct: - type: object - additionalProperties: - $ref: '#/components/schemas/google.protobuf.Value' - description: |- - `Struct` represents a structured data value, consisting of fields - which map to dynamically typed values. In some languages, `Struct` - might be supported by a native representation. For example, in - scripting languages like JS a struct is represented as an - object. The details of that representation are described together - with the proto support for the language. - - The JSON representation for `Struct` is JSON object. - google.protobuf.Struct.FieldsEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/google.protobuf.Value' - title: FieldsEntry - additionalProperties: false - google.protobuf.Value: - oneOf: - - type: "null" - - type: number - - type: string - - type: boolean - - type: array - - type: object - additionalProperties: true - description: |- - `Value` represents a dynamically typed value which can be either - null, a number, a string, a boolean, a recursive struct value, or a - list of values. A producer of value is expected to set one of these - variants. Absence of any variant indicates an error. - - The JSON representation for `Value` is JSON value. - kas.InfoRequest: - type: object - title: InfoRequest - additionalProperties: false - description: Intentionally empty. May include features later. - kas.InfoResponse: - type: object - properties: - version: - type: string - title: version - title: InfoResponse - additionalProperties: false - description: Service application level metadata - kas.KeyAccess: - type: object - properties: - encryptedMetadata: - type: string - title: encrypted_metadata - policyBinding: - title: policy_binding - $ref: '#/components/schemas/kas.PolicyBinding' - protocol: - type: string - title: protocol - type: - type: string - title: key_type - url: - type: string - title: kas_url - kid: - type: string - title: kid - sid: - type: string - title: split_id - wrappedKey: - type: string - title: wrapped_key - format: byte - header: - type: string - title: header - format: byte - description: header is only used for NanoTDFs - ephemeralPublicKey: - type: string - title: ephemeral_public_key - description: |- - For wrapping with an ECDH derived key, when type=ec-wrapped. - Should be a PEM-encoded PKCS#8 (asn.1) value. - title: KeyAccess - additionalProperties: false - kas.KeyAccessRewrapResult: - type: object - oneOf: - - properties: - error: - type: string - title: error - title: error - required: - - error - - properties: - kasWrappedKey: - type: string - title: kas_wrapped_key - format: byte - title: kas_wrapped_key - required: - - kasWrappedKey - properties: - metadata: - type: object - title: metadata - additionalProperties: - title: value - $ref: '#/components/schemas/google.protobuf.Value' - keyAccessObjectId: - type: string - title: key_access_object_id - status: - type: string - title: status - title: KeyAccessRewrapResult - additionalProperties: false - kas.KeyAccessRewrapResult.MetadataEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/google.protobuf.Value' - title: MetadataEntry - additionalProperties: false - kas.LegacyPublicKeyRequest: - type: object - properties: - algorithm: - type: string - title: algorithm - title: LegacyPublicKeyRequest - additionalProperties: false - kas.PolicyBinding: - type: object - properties: - alg: - type: string - title: algorithm - hash: - type: string - title: hash - title: PolicyBinding - additionalProperties: false - kas.PolicyRewrapResult: - type: object - properties: - policyId: - type: string - title: policy_id - results: - type: array - items: - $ref: '#/components/schemas/kas.KeyAccessRewrapResult' - title: results - title: PolicyRewrapResult - additionalProperties: false - kas.PublicKeyRequest: - type: object - properties: - algorithm: - type: string - title: algorithm - fmt: - type: string - title: fmt - v: - type: string - title: v - title: PublicKeyRequest - additionalProperties: false - kas.PublicKeyResponse: - type: object - properties: - publicKey: - type: string - title: public_key - kid: - type: string - title: kid - title: PublicKeyResponse - additionalProperties: false - kas.RewrapRequest: - type: object - properties: - signedRequestToken: - type: string - title: signed_request_token - title: RewrapRequest - additionalProperties: false - kas.RewrapResponse: - type: object - properties: - metadata: - type: object - title: metadata - additionalProperties: - title: value - $ref: '#/components/schemas/google.protobuf.Value' - deprecated: true - entityWrappedKey: - type: string - title: entity_wrapped_key - format: byte - deprecated: true - sessionPublicKey: - type: string - title: session_public_key - schemaVersion: - type: string - title: schema_version - deprecated: true - responses: - type: array - items: - $ref: '#/components/schemas/kas.PolicyRewrapResult' - title: responses - description: New Rewrap API changes - title: RewrapResponse - additionalProperties: false - kas.RewrapResponse.MetadataEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/google.protobuf.Value' - title: MetadataEntry - additionalProperties: false - kas.UnsignedRewrapRequest: - type: object - properties: - clientPublicKey: - type: string - title: client_public_key - requests: - type: array - items: - $ref: '#/components/schemas/kas.UnsignedRewrapRequest.WithPolicyRequest' - title: requests - keyAccess: - title: key_access - description: Used for legacy non-bulk requests - deprecated: true - $ref: '#/components/schemas/kas.KeyAccess' - policy: - type: string - title: policy - description: Used for legacy non-bulk requests - deprecated: true - algorithm: - type: string - title: algorithm - description: Used for legacy non-bulk requests - deprecated: true - title: UnsignedRewrapRequest - additionalProperties: false - kas.UnsignedRewrapRequest.WithKeyAccessObject: - type: object - properties: - keyAccessObjectId: - type: string - title: key_access_object_id - keyAccessObject: - title: key_access_object - $ref: '#/components/schemas/kas.KeyAccess' - title: WithKeyAccessObject - additionalProperties: false - kas.UnsignedRewrapRequest.WithPolicy: - type: object - properties: - id: - type: string - title: id - body: - type: string - title: body - title: WithPolicy - additionalProperties: false - kas.UnsignedRewrapRequest.WithPolicyRequest: - type: object - properties: - keyAccessObjects: - type: array - items: - $ref: '#/components/schemas/kas.UnsignedRewrapRequest.WithKeyAccessObject' - title: key_access_objects - policy: - title: policy - $ref: '#/components/schemas/kas.UnsignedRewrapRequest.WithPolicy' - algorithm: - type: string - title: algorithm - title: WithPolicyRequest - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: kas.AccessService - description: Get app info from the root path diff --git a/specs/petstore.yaml b/specs/petstore.yaml deleted file mode 100644 index c31ac04a..00000000 --- a/specs/petstore.yaml +++ /dev/null @@ -1,1271 +0,0 @@ -openapi: 3.0.0 -servers: - - url: https://petstore.swagger.io/v2 - description: Default server - - url: https://petstore.swagger.io/sandbox - description: Sandbox server - - url: http://127.0.0.1:4010 - description: Prism Mock API (local) -info: - description: | - This is a sample server Petstore server. - You can find out more about Swagger at - [http://swagger.io](http://swagger.io) or on [irc.freenode.net, #swagger](http://swagger.io/irc/). - For this sample, you can use the api key `special-key` to test the authorization filters. - - ## Introduction - This API is documented in **OpenAPI format** and is based on - [Petstore sample](http://petstore.swagger.io/) provided by [swagger.io](http://swagger.io) team. - It was **extended** to illustrate features of [generator-openapi-repo](https://github.com/Rebilly/generator-openapi-repo) - tool and [ReDoc](https://github.com/Redocly/redoc) documentation. In addition to standard - OpenAPI syntax we use a few [vendor extensions](https://github.com/Redocly/redoc/blob/master/docs/redoc-vendor-extensions.md). - - ## OpenAPI Specification - This API is documented in **OpenAPI format** and is based on - [Petstore sample](http://petstore.swagger.io/) provided by [swagger.io](http://swagger.io) team. - It was **extended** to illustrate features of [generator-openapi-repo](https://github.com/Rebilly/generator-openapi-repo) - tool and [ReDoc](https://github.com/Redocly/redoc) documentation. In addition to standard - OpenAPI syntax we use a few [vendor extensions](https://github.com/Redocly/redoc/blob/master/docs/redoc-vendor-extensions.md). - - ## Cross-Origin Resource Sharing - This API features Cross-Origin Resource Sharing (CORS) implemented in compliance with [W3C spec](https://www.w3.org/TR/cors/). - And that allows cross-domain communication from the browser. - All responses have a wildcard same-origin which makes them completely public and accessible to everyone, including any code on any site. - - ## Authentication - - Petstore offers two forms of authentication: - - API Key - - OAuth2 - - OAuth2 - an open protocol to allow secure authorization in a simple - and standard method from web, mobile and desktop applications. - - version: 2.0.0 - title: Swagger Petstore YAML - termsOfService: "http://swagger.io/terms/" - contact: - name: API Support - email: apiteam@swagger.io - url: https://github.com/Redocly/redoc - x-logo: - url: "https://redocly.github.io/redoc/petstore-logo.png" - altText: Petstore logo - x-dark-logo: - url: "/img/petstore-logo-dark.png" - altText: "Petstore dark logo" - license: - name: Apache 2.0 - url: "http://www.apache.org/licenses/LICENSE-2.0.html" -externalDocs: - description: Find out how to create Github repo for your OpenAPI spec. - url: "https://github.com/Rebilly/generator-openapi-repo" -tags: - - name: pet - description: Everything about your Pets - x-displayName: Pets - - name: store - description: Access to Petstore orders - x-displayName: Petstore Orders - - name: user - description: Operations about user - x-displayName: Users - - name: pet_model - x-displayName: The Pet Model - description: | - - - name: store_model - x-displayName: The Order Model - description: | - -x-tagGroups: - - name: General - tags: - - pet - - store - - name: User Management - tags: - - user - - name: Models - tags: - - pet_model - - store_model -paths: - /pet: - parameters: - - name: Accept-Language - in: header - description: "The language you prefer for messages. Supported values are en-AU, en-CA, en-GB, en-US" - example: en-US - required: false - schema: - type: string - default: en-AU - - name: cookieParam - in: cookie - description: Some cookie - required: true - schema: - type: integer - format: int64 - post: - tags: - - pet - summary: Add a new pet to the store - description: Add new pet to the store inventory. - operationId: addPet - responses: - "405": - description: Invalid input - security: - - petstore_auth: - - "write:pets" - - "read:pets" - - api_key: [] - - ApiKeyAuth: [] - - BasicAuth: [] - - BearerAuth: [] - - OAuth2: [] - - OpenID: [] - - x-codeSamples: - - lang: "C#" - source: | - PetStore.v1.Pet pet = new PetStore.v1.Pet(); - pet.setApiKey("your api key"); - pet.petType = PetStore.v1.Pet.TYPE_DOG; - pet.name = "Rex"; - // set other fields - PetStoreResponse response = pet.create(); - if (response.statusCode == HttpStatusCode.Created) - { - // Successfully created - } - else - { - // Something wrong -- check response for errors - Console.WriteLine(response.getRawResponse()); - } - - lang: PHP - label: Custom - source: | - $form = new \PetStore\Entities\Pet(); - $form->setPetType("Dog"); - $form->setName("Rex"); - // set other fields - try { - $pet = $client->pets()->create($form); - } catch (UnprocessableEntityException $e) { - var_dump($e->getErrors()); - } - requestBody: - $ref: "#/components/requestBodies/Pet" - put: - tags: - - pet - summary: Update an existing pet - description: "" - operationId: updatePet - responses: - "400": - description: Invalid ID supplied - "404": - description: Pet not found - "405": - description: Validation exception - security: - - petstore_auth: - - "write:pets" - - "read:pets" - x-codeSamples: - - lang: PHP - source: | - $form = new \PetStore\Entities\Pet(); - $form->setPetId(1); - $form->setPetType("Dog"); - $form->setName("Rex"); - // set other fields - try { - $pet = $client->pets()->update($form); - } catch (UnprocessableEntityException $e) { - var_dump($e->getErrors()); - } - requestBody: - $ref: "#/components/requestBodies/Pet" - "/pet/{petId}": - get: - tags: - - pet - summary: Find pet by ID - description: Returns a single pet - operationId: getPetById - parameters: - - name: petId - in: path - description: ID of pet to return - required: true - deprecated: true - schema: - type: integer - format: int64 - responses: - "200": - description: successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/Pet" - application/xml: - schema: - $ref: "#/components/schemas/Pet" - - "400": - description: Invalid ID supplied - "404": - description: Pet not found - security: - - api_key: [] - post: - tags: - - pet - summary: Updates a pet in the store with form data - description: "" - operationId: updatePetWithForm - parameters: - - name: petId - in: path - description: ID of pet that needs to be updated - required: true - schema: - type: integer - format: int64 - responses: - "405": - description: Invalid input - security: - - petstore_auth: - - "write:pets" - - "read:pets" - requestBody: - content: - application/x-www-form-urlencoded: - schema: - type: object - properties: - name: - description: Updated name of the pet - type: string - status: - description: Updated status of the pet - type: string - delete: - tags: - - pet - summary: Deletes a pet - description: "" - operationId: deletePet - parameters: - - name: api_key - in: header - required: false - schema: - type: string - example: "Bearer " - - name: petId - in: path - description: Pet id to delete - required: true - schema: - type: integer - format: int64 - responses: - "400": - description: Invalid pet value - security: - - petstore_auth: - - "write:pets" - - "read:pets" - "/pet/{petId}/uploadImage": - post: - tags: - - pet - summary: uploads an image - description: "" - operationId: uploadFile - parameters: - - name: petId - in: path - description: ID of pet to update - required: true - schema: - type: integer - format: int64 - responses: - "200": - description: successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/ApiResponse" - security: - - petstore_auth: - - "write:pets" - - "read:pets" - requestBody: - content: - application/octet-stream: - schema: - type: string - format: binary - /pet/findByStatus: - get: - tags: - - pet - summary: Finds Pets by status - description: Multiple status values can be provided with comma separated strings - operationId: findPetsByStatus - parameters: - - name: status - in: query - description: Status values that need to be considered for filter - required: true - style: form - schema: - type: array - minItems: 1 - maxItems: 3 - items: - type: string - enum: - - available - - pending - - sold - default: available - responses: - "200": - description: successful operation - content: - application/json: - schema: - type: array - items: - $ref: "#/components/schemas/Pet" - application/xml: - schema: - type: array - items: - $ref: "#/components/schemas/Pet" - "400": - description: Invalid status value - security: - - api_key: [] - /pet/findByTags: - get: - tags: - - pet - summary: Finds Pets by tags - description: >- - Multiple tags can be provided with comma separated strings. Use tag1, - tag2, tag3 for testing. - operationId: findPetsByTags - deprecated: true - parameters: - - name: tags - in: query - description: Tags to filter by - required: true - style: form - schema: - type: array - items: - type: string - responses: - "200": - description: successful operation - content: - application/json: - schema: - type: array - items: - $ref: "#/components/schemas/Pet" - application/xml: - schema: - type: array - items: - $ref: "#/components/schemas/Pet" - "400": - description: Invalid tag value - security: - - petstore_auth: - - "write:pets" - - "read:pets" - /store/inventory: - get: - tags: - - store - summary: Returns pet inventories by status - description: Returns a map of status codes to quantities - operationId: getInventory - responses: - "200": - description: successful operation - content: - application/json: - schema: - type: object - additionalProperties: - type: integer - format: int32 - security: - - api_key: [] - /store/order: - post: - tags: - - store - summary: Place an order for a pet - description: "" - operationId: placeOrder - responses: - "200": - description: successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/Order" - application/xml: - schema: - $ref: "#/components/schemas/Order" - "400": - description: Invalid Order - content: - application/json: - example: - status: 400 - message: "Invalid Order" - requestBody: - content: - application/json: - schema: - $ref: "#/components/schemas/Order" - examples: - OrderDelivered: - summary: Order delivered - value: - quantity: 4 - shipDate: 2022-10-12 - status: delivered - requestId: 444-4444-444-4444 - OrderPlaced: - summary: Order placed - value: - quantity: 10 - shipDate: 2022-10-01 - status: placed - requestId: 111-222-333-444 - OrderApproved: - summary: Order approved - value: - quantity: 1000 - shipDate: 2022-09-01 - status: approved - requestId: 000-111-222-333 - description: order placed for purchasing the pet - required: true - "/store/order/{orderId}": - get: - tags: - - store - summary: Find purchase order by ID - description: >- - For valid response try integer IDs with value <= 5 or > 10. Other values - will generated exceptions - operationId: getOrderById - parameters: - - name: orderId - in: path - description: ID of pet that needs to be fetched - required: true - schema: - type: integer - format: int64 - minimum: 1 - maximum: 5 - responses: - "200": - description: successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/Order" - application/xml: - schema: - $ref: "#/components/schemas/Order" - "400": - description: Invalid ID supplied - "404": - description: Order not found - delete: - tags: - - store - summary: Delete purchase order by ID - description: >- - For valid response try integer IDs with value < 1000. Anything above - 1000 or nonintegers will generate API errors - operationId: deleteOrder - parameters: - - name: orderId - in: path - description: ID of the order that needs to be deleted - required: true - schema: - type: string - minimum: 1 - responses: - "400": - description: Invalid ID supplied - "404": - description: Order not found - /store/subscribe: - post: - tags: - - store - summary: Subscribe to the Store events - description: Add subscription for a store events - requestBody: - content: - application/json: - schema: - type: object - properties: - callbackUrl: - type: string - format: uri - description: This URL will be called by the server when the desired event will occur - example: https://myserver.com/send/callback/here - eventName: - type: string - description: Event name for the subscription - enum: - - orderInProgress - - orderShipped - - orderDelivered - example: orderInProgress - required: - - callbackUrl - - eventName - responses: - "201": - description: Subscription added - content: - application/json: - schema: - type: object - properties: - subscriptionId: - type: string - example: AAA-123-BBB-456 - callbacks: - orderInProgress: - "{$request.body#/callbackUrl}?event={$request.body#/eventName}": - servers: - - url: //callback-url.path-level/v1 - description: Path level server 1 - - url: //callback-url.path-level/v2 - description: Path level server 2 - post: - summary: Order in Progress (Summary) - description: A callback triggered every time an Order is updated status to "inProgress" (Description) - externalDocs: - description: Find out more - url: "https://more-details.com/demo" - requestBody: - content: - application/json: - schema: - type: object - properties: - orderId: - type: string - example: "123" - timestamp: - type: string - format: date-time - example: "2018-10-19T16:46:45Z" - status: - type: string - example: "inProgress" - application/xml: - schema: - type: object - properties: - orderId: - type: string - example: "123" - example: | - - - 123 - inProgress - 2018-10-19T16:46:45Z - - responses: - "200": - description: Callback successfully processed and no retries will be performed - content: - application/json: - schema: - type: object - properties: - someProp: - type: string - example: "123" - "299": - description: Response for cancelling subscription - "500": - description: Callback processing failed and retries will be performed - x-codeSamples: - - lang: "C#" - source: | - PetStore.v1.Pet pet = new PetStore.v1.Pet(); - pet.setApiKey("your api key"); - pet.petType = PetStore.v1.Pet.TYPE_DOG; - pet.name = "Rex"; - // set other fields - PetStoreResponse response = pet.create(); - if (response.statusCode == HttpStatusCode.Created) - { - // Successfully created - } - else - { - // Something wrong -- check response for errors - Console.WriteLine(response.getRawResponse()); - } - - lang: PHP - source: | - $form = new \PetStore\Entities\Pet(); - $form->setPetType("Dog"); - $form->setName("Rex"); - // set other fields - try { - $pet = $client->pets()->create($form); - } catch (UnprocessableEntityException $e) { - var_dump($e->getErrors()); - } - put: - description: Order in Progress (Only Description) - servers: - - url: //callback-url.operation-level/v1 - description: Operation level server 1 (Operation override) - - url: //callback-url.operation-level/v2 - description: Operation level server 2 (Operation override) - requestBody: - content: - application/json: - schema: - type: object - properties: - orderId: - type: string - example: "123" - timestamp: - type: string - format: date-time - example: "2018-10-19T16:46:45Z" - status: - type: string - example: "inProgress" - application/xml: - schema: - type: object - properties: - orderId: - type: string - example: "123" - example: | - - - 123 - inProgress - 2018-10-19T16:46:45Z - - responses: - "200": - description: Callback successfully processed and no retries will be performed - content: - application/json: - schema: - type: object - properties: - someProp: - type: string - example: "123" - orderShipped: - "{$request.body#/callbackUrl}?event={$request.body#/eventName}": - post: - description: A callback triggered every time an Order is shipped to the recipient - requestBody: - content: - application/json: - schema: - type: object - properties: - orderId: - type: string - example: "123" - timestamp: - type: string - format: date-time - example: "2018-10-19T16:46:45Z" - estimatedDeliveryDate: - type: string - format: date-time - example: "2018-11-11T16:00:00Z" - responses: - "200": - description: Callback successfully processed and no retries will be performed - orderDelivered: - "http://notificationServer.com?url={$request.body#/callbackUrl}&event={$request.body#/eventName}": - post: - deprecated: true - summary: Order delivered - description: A callback triggered every time an Order is delivered to the recipient - requestBody: - content: - application/json: - schema: - type: object - properties: - orderId: - type: string - example: "123" - timestamp: - type: string - format: date-time - example: "2018-10-19T16:46:45Z" - responses: - "200": - description: Callback successfully processed and no retries will be performed - /user: - post: - tags: - - user - summary: Create user - description: This can only be done by the logged in user. - operationId: createUser - responses: - default: - description: successful operation - requestBody: - content: - application/json: - schema: - $ref: "#/components/schemas/User" - description: Created user object - required: true - "/user/{username}": - get: - tags: - - user - summary: Get user by user name - description: "" - operationId: getUserByName - parameters: - - name: username - in: path - description: "The name that needs to be fetched. Use user1 for testing. " - required: true - schema: - type: string - responses: - "200": - description: successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/User" - application/xml: - schema: - $ref: "#/components/schemas/User" - "400": - description: Invalid username supplied - "404": - description: User not found - put: - tags: - - user - summary: Updated user - description: This can only be done by the logged in user. - operationId: updateUser - parameters: - - name: username - in: path - description: name that need to be deleted - required: true - schema: - type: string - responses: - "400": - description: Invalid user supplied - "404": - description: User not found - requestBody: - content: - application/json: - schema: - $ref: "#/components/schemas/User" - description: Updated user object - required: true - delete: - tags: - - user - summary: Delete user - description: This can only be done by the logged in user. - operationId: deleteUser - parameters: - - name: username - in: path - description: The name that needs to be deleted - required: true - schema: - type: string - responses: - "400": - description: Invalid username supplied - "404": - description: User not found - /user/createWithArray: - post: - tags: - - user - summary: Creates list of users with given input array - description: "" - operationId: createUsersWithArrayInput - responses: - default: - description: successful operation - requestBody: - $ref: "#/components/requestBodies/UserArray" - /user/createWithList: - post: - tags: - - user - summary: Creates list of users with given input list - description: "" - operationId: createUsersWithListInput - responses: - default: - description: successful operation - requestBody: - $ref: "#/components/requestBodies/UserArray" - /user/login: - get: - tags: - - user - summary: Logs user into the system - description: "" - operationId: loginUser - parameters: - - name: username - in: query - description: The user name for login - required: true - schema: - type: string - - name: password - in: query - description: The password for login in clear text - required: true - schema: - type: string - responses: - "200": - description: successful operation - headers: - X-Rate-Limit: - description: calls per hour allowed by the user - schema: - type: integer - format: int32 - X-Expires-After: - description: date in UTC when token expires - schema: - type: string - format: date-time - content: - application/json: - schema: - type: string - examples: - response: - value: OK - application/xml: - schema: - type: string - examples: - response: - value: OK - text/plain: - examples: - response: - value: OK - "400": - description: Invalid username/password supplied - /user/logout: - get: - tags: - - user - summary: Logs out current logged in user session - description: "" - operationId: logoutUser - responses: - default: - description: successful operation -components: - schemas: - ApiResponse: - type: object - properties: - code: - type: integer - format: int32 - type: - type: string - message: - type: string - Cat: - x-tags: - - pet - description: A representation of a cat - allOf: - - $ref: "#/components/schemas/Pet" - - type: object - properties: - huntingSkill: - type: string - description: The measured skill for hunting - default: lazy - example: adventurous - enum: - - clueless - - lazy - - adventurous - - aggressive - required: - - huntingSkill - Category: - type: object - properties: - id: - description: Category ID - allOf: - - $ref: "#/components/schemas/Id" - name: - description: Category name - type: string - minLength: 1 - sub: - description: Test Sub Category - type: object - properties: - prop1: - type: string - description: Dumb Property - xml: - name: Category - Dog: - description: A representation of a dog - allOf: - - $ref: "#/components/schemas/Pet" - - type: object - properties: - packSize: - type: integer - format: int32 - description: The size of the pack the dog is from - default: 1 - minimum: 1 - required: - - packSize - HoneyBee: - description: A representation of a honey bee - allOf: - - $ref: "#/components/schemas/Pet" - - type: object - properties: - honeyPerDay: - type: number - description: Average amount of honey produced per day in ounces - example: 3.14 - multipleOf: .01 - default: 0 - required: - - honeyPerDay - Id: - type: integer - format: int64 - readOnly: true - Order: - type: object - properties: - id: - description: Order ID - allOf: - - $ref: "#/components/schemas/Id" - petId: - description: Pet ID - allOf: - - $ref: "#/components/schemas/Id" - quantity: - type: integer - format: int32 - minimum: 1 - default: 1 - shipDate: - description: Estimated ship date - type: string - format: date-time - status: - type: string - description: Order Status - enum: - - placed - - approved - - delivered - complete: - description: Indicates whenever order was completed or not - type: boolean - default: false - readOnly: true - requestId: - description: Unique Request Id - type: string - writeOnly: true - xml: - name: Order - Pet: - type: object - required: - - name - - photoUrls - - tags - discriminator: - propertyName: petType - mapping: - cat: "#/components/schemas/Cat" - dog: "#/components/schemas/Dog" - bee: "#/components/schemas/HoneyBee" - properties: - id: - externalDocs: - description: "Find more info here" - url: "https://example.com" - description: Pet ID - allOf: - - $ref: "#/components/schemas/Id" - category: - description: Categories this pet belongs to - allOf: - - $ref: "#/components/schemas/Category" - name: - description: The name given to a pet - type: string - example: Guru - photoUrls: - description: The list of URL to a cute photos featuring pet - type: array - maxItems: 20 - xml: - name: photoUrl - wrapped: true - items: - type: string - format: url - friend: - allOf: - - $ref: "#/components/schemas/Pet" - tags: - description: Tags attached to the pet - type: array - minItems: 1 - xml: - name: tag - wrapped: true - items: - $ref: "#/components/schemas/Tag" - status: - type: string - description: Pet status in the store - enum: - - available - - pending - - sold - petType: - description: Type of a pet - type: string - oneOf: - - $ref: "#/components/schemas/Cat" - - $ref: "#/components/schemas/Dog" - - $ref: "#/components/schemas/HoneyBee" - xml: - name: Pet - Tag: - type: object - properties: - id: - description: Tag ID - allOf: - - $ref: "#/components/schemas/Id" - name: - description: Tag name - type: string - minLength: 1 - xml: - name: Tag - User: - type: object - properties: - id: - $ref: "#/components/schemas/Id" - pet: - oneOf: - - $ref: "#/components/schemas/Pet" - - $ref: "#/components/schemas/Tag" - username: - description: User supplied username - type: string - minLength: 4 - example: John78 - firstName: - description: User first name - type: string - minLength: 1 - example: John - lastName: - description: User last name - type: string - minLength: 1 - example: Smith - email: - description: User email address - type: string - format: email - example: john.smith@example.com - password: - type: string - description: >- - User password, MUST contain a mix of upper and lower case letters, - as well as digits - format: password - minLength: 8 - pattern: "/(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])/" - example: drowssaP123 - phone: - description: User phone number in international format - type: string - pattern: '/^\+(?:[0-9]-?){6,14}[0-9]$/' - example: +1-202-555-0192 - userStatus: - description: User status - type: integer - format: int32 - xml: - name: User - requestBodies: - Pet: - content: - application/json: - schema: - allOf: - - description: My Pet - title: Pettie - - $ref: "#/components/schemas/Pet" - example: - category: - name: Great Dane - sub: - prop1: Just a test property - name: Pepper - photoUrls: - - https://assets.orvis.com/is/image/orvisprd/great-dane - tags: - - name: Great Danes - status: pending - petType: - huntingSkill: lazy - application/xml: - schema: - type: "object" - properties: - name: - type: string - description: hooray - description: Pet object that needs to be added to the store - required: true - UserArray: - content: - application/json: - schema: - type: array - items: - $ref: "#/components/schemas/User" - description: List of user object - required: true - securitySchemes: - petstore_auth: - description: | - Get access to data while protecting your account credentials. - OAuth2 is also a safer and more secure way to give you access. - type: oauth2 - flows: - implicit: - authorizationUrl: "http://petstore.swagger.io/api/oauth/dialog" - scopes: - "write:pets": modify pets in your account - "read:pets": read your pets - api_key: - description: > - For this sample, you can use the api key `special-key` to test the - authorization filters. - type: apiKey - name: api_key - in: header - BasicAuth: - type: http - scheme: basic - BearerAuth: - type: http - scheme: bearer - ApiKeyAuth: - type: apiKey - in: header - name: X-API-Key - OpenID: - type: openIdConnect - openIdConnectUrl: https://example.com/.well-known/openid-configuration - OAuth2: - type: oauth2 - flows: - authorizationCode: - authorizationUrl: https://example.com/oauth/authorize - tokenUrl: https://example.com/oauth/token - scopes: - read: Grants read access - write: Grants write access - admin: Grants access to admin operations -x-webhooks: - newPet: - post: - summary: New pet - description: Information about a new pet in the systems - operationId: newPet - tags: - - pet - requestBody: - content: - application/json: - schema: - $ref: "#/components/schemas/Pet" - responses: - "200": - description: Return a 200 status to indicate that the data was received successfully diff --git a/specs/policy/actions/actions.openapi.yaml b/specs/policy/actions/actions.openapi.yaml deleted file mode 100644 index 3f4f2245..00000000 --- a/specs/policy/actions/actions.openapi.yaml +++ /dev/null @@ -1,1155 +0,0 @@ -openapi: 3.1.0 -info: - title: policy.actions -paths: - /policy.actions.ActionService/GetAction: - post: - tags: - - policy.actions.ActionService - summary: GetAction - operationId: policy.actions.ActionService.GetAction - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.actions.GetActionRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.actions.GetActionResponse' - /policy.actions.ActionService/ListActions: - post: - tags: - - policy.actions.ActionService - summary: ListActions - operationId: policy.actions.ActionService.ListActions - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.actions.ListActionsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.actions.ListActionsResponse' - /policy.actions.ActionService/CreateAction: - post: - tags: - - policy.actions.ActionService - summary: CreateAction - operationId: policy.actions.ActionService.CreateAction - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.actions.CreateActionRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.actions.CreateActionResponse' - /policy.actions.ActionService/UpdateAction: - post: - tags: - - policy.actions.ActionService - summary: UpdateAction - operationId: policy.actions.ActionService.UpdateAction - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.actions.UpdateActionRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.actions.UpdateActionResponse' - /policy.actions.ActionService/DeleteAction: - post: - tags: - - policy.actions.ActionService - summary: DeleteAction - operationId: policy.actions.ActionService.DeleteAction - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.actions.DeleteActionRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.actions.DeleteActionResponse' -components: - schemas: - common.MetadataUpdateEnum: - type: string - title: MetadataUpdateEnum - enum: - - METADATA_UPDATE_ENUM_UNSPECIFIED - - METADATA_UPDATE_ENUM_EXTEND - - METADATA_UPDATE_ENUM_REPLACE - policy.Action.StandardAction: - type: string - title: StandardAction - enum: - - STANDARD_ACTION_UNSPECIFIED - - STANDARD_ACTION_DECRYPT - - STANDARD_ACTION_TRANSMIT - policy.Algorithm: - type: string - title: Algorithm - enum: - - ALGORITHM_UNSPECIFIED - - ALGORITHM_RSA_2048 - - ALGORITHM_RSA_4096 - - ALGORITHM_EC_P256 - - ALGORITHM_EC_P384 - - ALGORITHM_EC_P521 - description: Supported key algorithms. - policy.AttributeRuleTypeEnum: - type: string - title: AttributeRuleTypeEnum - enum: - - ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED - - ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF - - ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF - - ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY - policy.ConditionBooleanTypeEnum: - type: string - title: ConditionBooleanTypeEnum - enum: - - CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED - - CONDITION_BOOLEAN_TYPE_ENUM_AND - - CONDITION_BOOLEAN_TYPE_ENUM_OR - policy.KasPublicKeyAlgEnum: - type: string - title: KasPublicKeyAlgEnum - enum: - - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 - policy.SourceType: - type: string - title: SourceType - enum: - - SOURCE_TYPE_UNSPECIFIED - - SOURCE_TYPE_INTERNAL - - SOURCE_TYPE_EXTERNAL - description: |- - Describes whether this kas is managed by the organization or if they imported - the kas information from an external party. These two modes are necessary in order - to encrypt a tdf dek with an external parties kas public key. - policy.SubjectMappingOperatorEnum: - type: string - title: SubjectMappingOperatorEnum - enum: - - SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED - - SUBJECT_MAPPING_OPERATOR_ENUM_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - common.MetadataMutable: - type: object - properties: - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional labels - title: MetadataMutable - additionalProperties: false - common.MetadataMutable.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.BoolValue: - type: boolean - description: |- - Wrapper message for `bool`. - - The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.Action: - type: object - oneOf: - - properties: - custom: - type: string - title: custom - description: Deprecated - title: custom - required: - - custom - - properties: - standard: - title: standard - description: Deprecated - $ref: '#/components/schemas/policy.Action.StandardAction' - title: standard - required: - - standard - properties: - id: - type: string - title: id - description: Generated uuid in database - name: - type: string - title: name - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Action - additionalProperties: false - description: An action an entity can take - policy.Attribute: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - description: namespace of the attribute - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - description: attribute name - rule: - title: rule - description: attribute rule enum - $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' - values: - type: array - items: - $ref: '#/components/schemas/policy.Value' - title: values - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the attribute. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys associated with the attribute - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Attribute - required: - - rule - additionalProperties: false - policy.Condition: - type: object - properties: - subjectExternalSelectorValue: - type: string - title: subject_external_selector_value - description: |- - a selector for a field value on a flattened Entity Representation (such as - from idP/LDAP) - operator: - title: operator - description: the evaluation operator of relation - $ref: '#/components/schemas/policy.SubjectMappingOperatorEnum' - subjectExternalValues: - type: array - items: - type: string - minItems: 1 - title: subject_external_values - minItems: 1 - description: |- - list of comparison values for the result of applying the - subject_external_selector_value on a flattened Entity Representation - (Subject), evaluated by the operator - title: Condition - required: - - subjectExternalSelectorValue - - operator - additionalProperties: false - description: |- - * - A Condition defines a rule of - policy.ConditionGroup: - type: object - properties: - conditions: - type: array - items: - $ref: '#/components/schemas/policy.Condition' - title: conditions - minItems: 1 - booleanOperator: - title: boolean_operator - description: the boolean evaluation type across the conditions - $ref: '#/components/schemas/policy.ConditionBooleanTypeEnum' - title: ConditionGroup - required: - - booleanOperator - additionalProperties: false - description: A collection of Conditions evaluated by the boolean_operator provided - policy.KasPublicKey: - type: object - properties: - pem: - type: string - title: pem - maxLength: 8192 - minLength: 1 - description: x509 ASN.1 content in PEM envelope, usually - kid: - type: string - title: kid - maxLength: 32 - minLength: 1 - description: A unique string identifier for this key - alg: - not: - enum: - - 0 - title: alg - description: |- - A known algorithm type with any additional parameters encoded. - To start, these may be `rsa:2048` for encrypting ZTDF files and - `ec:secp256r1` for nanoTDF, but more formats may be added as needed. - $ref: '#/components/schemas/policy.KasPublicKeyAlgEnum' - title: KasPublicKey - additionalProperties: false - description: |- - Deprecated - A KAS public key and some associated metadata for further identifcation - policy.KasPublicKeySet: - type: object - properties: - keys: - type: array - items: - $ref: '#/components/schemas/policy.KasPublicKey' - title: keys - title: KasPublicKeySet - additionalProperties: false - description: |- - Deprecated - A list of known KAS public keys - policy.KeyAccessServer: - type: object - properties: - id: - type: string - title: id - uri: - type: string - title: uri - description: |+ - Address of a KAS instance - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$') - ``` - - publicKey: - title: public_key - description: Deprecated - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: 'The source of the KAS: (INTERNAL, EXTERNAL)' - $ref: '#/components/schemas/policy.SourceType' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Kas keys associated with this KAS - name: - type: string - title: name - description: |- - Optional - Unique name of the KAS instance - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyAccessServer - additionalProperties: false - description: Key Access Server Registry - policy.Namespace: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - name: - type: string - title: name - description: |- - used to partition Attribute Definitions, support by namespace AuthN and - enable federation - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the namespace. Use kas_keys instead. - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys for the namespace - title: Namespace - additionalProperties: false - policy.PageRequest: - type: object - properties: - limit: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - offset: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided - title: PageRequest - additionalProperties: false - policy.PageResponse: - type: object - properties: - currentOffset: - type: integer - title: current_offset - format: int32 - description: Requested pagination offset - nextOffset: - type: integer - title: next_offset - format: int32 - description: |- - Calculated with request limit + offset or defaults - Empty when none remain after current page - total: - type: integer - title: total - format: int32 - description: Total count of entire list - title: PageResponse - additionalProperties: false - policy.PublicKey: - type: object - oneOf: - - properties: - cached: - title: cached - description: public key with additional information. Current preferred version - $ref: '#/components/schemas/policy.KasPublicKeySet' - title: cached - required: - - cached - - properties: - remote: - type: string - title: remote - description: |+ - kas public key url - optional since can also be retrieved via public key - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$') - ``` - - title: remote - required: - - remote - title: PublicKey - additionalProperties: false - description: Deprecated - policy.ResourceMapping: - type: object - properties: - id: - type: string - title: id - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - terms: - type: array - items: - type: string - title: terms - group: - title: group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: ResourceMapping - required: - - attributeValue - additionalProperties: false - description: |- - Resource Mappings (aka Access Control Resource Encodings aka ACRE) are - structures supporting the mapping of Resources and Attribute Values - policy.ResourceMappingGroup: - type: object - properties: - id: - type: string - title: id - namespaceId: - type: string - title: namespace_id - description: the namespace containing the group of resource mappings - name: - type: string - title: name - description: |- - the common name for the group of resource mappings, which must be unique - per namespace - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: ResourceMappingGroup - required: - - namespaceId - - name - additionalProperties: false - description: |- - Resource Mapping Groups are namespaced collections of Resource Mappings - associated under a common group name. - policy.SimpleKasKey: - type: object - properties: - kasUri: - type: string - title: kas_uri - description: The URL of the Key Access Server - publicKey: - title: public_key - description: The public key of the Key that belongs to the KAS - $ref: '#/components/schemas/policy.SimpleKasPublicKey' - kasId: - type: string - title: kas_id - description: The ID of the Key Access Server - title: SimpleKasKey - additionalProperties: false - policy.SimpleKasPublicKey: - type: object - properties: - algorithm: - title: algorithm - $ref: '#/components/schemas/policy.Algorithm' - kid: - type: string - title: kid - pem: - type: string - title: pem - title: SimpleKasPublicKey - additionalProperties: false - policy.SubjectConditionSet: - type: object - properties: - id: - type: string - title: id - subjectSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectSet' - title: subject_sets - minItems: 1 - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectConditionSet - additionalProperties: false - description: |- - A container for multiple Subject Sets, each containing Condition Groups, each - containing Conditions. Multiple Subject Sets in a SubjectConditionSet are - evaluated with AND logic. As each Subject Mapping has only one Attribute - Value, the SubjectConditionSet is reusable across multiple Subject Mappings / - Attribute Values and is an independent unit. - policy.SubjectMapping: - type: object - properties: - id: - type: string - title: id - attributeValue: - title: attribute_value - description: 'the Attribute Value mapped to; aka: "The Entity Entitlement Attribute"' - $ref: '#/components/schemas/policy.Value' - subjectConditionSet: - title: subject_condition_set - description: the reusable SubjectConditionSet mapped to the given Attribute Value - $ref: '#/components/schemas/policy.SubjectConditionSet' - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - description: The actions permitted by subjects in this mapping - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectMapping - additionalProperties: false - description: |- - Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute - value + action(s) combination - policy.SubjectSet: - type: object - properties: - conditionGroups: - type: array - items: - $ref: '#/components/schemas/policy.ConditionGroup' - title: condition_groups - minItems: 1 - description: multiple Condition Groups are evaluated with AND logic - title: SubjectSet - additionalProperties: false - description: A collection of Condition Groups - policy.Value: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - value: - type: string - title: value - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the value. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - subjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: subject_mappings - description: subject mapping - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - resourceMappings: - type: array - items: - $ref: '#/components/schemas/policy.ResourceMapping' - title: resource_mappings - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Value - additionalProperties: false - policy.actions.CreateActionRequest: - type: object - properties: - name: - type: string - title: name - maxLength: 253 - description: |+ - Required - Action name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored action name will be normalized to lower case.: - ``` - this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - metadata: - title: metadata - description: Optional - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateActionRequest - required: - - name - additionalProperties: false - description: |- - Create a new Custom action name with optional metadata. - Creation of Standard actions is not supported. - policy.actions.CreateActionResponse: - type: object - properties: - action: - title: action - $ref: '#/components/schemas/policy.Action' - title: CreateActionResponse - additionalProperties: false - policy.actions.DeleteActionRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeleteActionRequest - additionalProperties: false - description: 'Custom only: deletion of Standard actions is not supported.' - policy.actions.DeleteActionResponse: - type: object - properties: - action: - title: action - $ref: '#/components/schemas/policy.Action' - title: DeleteActionResponse - additionalProperties: false - policy.actions.GetActionRequest: - type: object - oneOf: - - properties: - id: - type: string - title: id - format: uuid - title: id - required: - - id - - properties: - name: - type: string - title: name - maxLength: 253 - description: |+ - Action name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored action name will be normalized to lower case.: - ``` - this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - title: name - required: - - name - title: GetActionRequest - additionalProperties: false - policy.actions.GetActionResponse: - type: object - properties: - action: - title: action - $ref: '#/components/schemas/policy.Action' - subjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: subject_mappings - description: Subject Mappings driving entitlement to the action - title: GetActionResponse - additionalProperties: false - policy.actions.ListActionsRequest: - type: object - properties: - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListActionsRequest - additionalProperties: false - policy.actions.ListActionsResponse: - type: object - properties: - actionsStandard: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions_standard - actionsCustom: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions_custom - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListActionsResponse - additionalProperties: false - policy.actions.UpdateActionRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - name: - type: string - title: name - maxLength: 253 - description: |+ - Optional - Custom actions only: replaces the existing action name - Action name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored action name will be normalized to lower case.: - ``` - size(this) == 0 || this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateActionRequest - additionalProperties: false - description: |- - Metadata may be updated for either Custom or Standard actions. - Names may only be updated for Custom actions. - policy.actions.UpdateActionResponse: - type: object - properties: - action: - title: action - $ref: '#/components/schemas/policy.Action' - title: UpdateActionResponse - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: policy.actions.ActionService diff --git a/specs/policy/attributes/attributes.openapi.yaml b/specs/policy/attributes/attributes.openapi.yaml deleted file mode 100644 index 07039613..00000000 --- a/specs/policy/attributes/attributes.openapi.yaml +++ /dev/null @@ -1,2192 +0,0 @@ -openapi: 3.1.0 -info: - title: policy.attributes -paths: - /policy.attributes.AttributesService/ListAttributes: - post: - tags: - - policy.attributes.AttributesService - summary: ListAttributes - description: |- - --------------------------------------* - Attribute RPCs - --------------------------------------- - operationId: policy.attributes.AttributesService.ListAttributes - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.ListAttributesRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.ListAttributesResponse' - /policy.attributes.AttributesService/ListAttributeValues: - post: - tags: - - policy.attributes.AttributesService - summary: ListAttributeValues - operationId: policy.attributes.AttributesService.ListAttributeValues - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.ListAttributeValuesRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.ListAttributeValuesResponse' - /policy.attributes.AttributesService/GetAttribute: - post: - tags: - - policy.attributes.AttributesService - summary: GetAttribute - operationId: policy.attributes.AttributesService.GetAttribute - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.GetAttributeRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.GetAttributeResponse' - /attributes/*/fqn: - get: - tags: - - policy.attributes.AttributesService - summary: GetAttributeValuesByFqns - operationId: policy.attributes.AttributesService.GetAttributeValuesByFqns - parameters: - - name: fqns - in: query - description: |- - Required - Fully Qualified Names of attribute values (i.e. https:///attr//value/), normalized to lower case. - schema: - type: array - items: - type: string - maxItems: 250 - minItems: 1 - title: fqns - maxItems: 250 - minItems: 1 - description: |- - Required - Fully Qualified Names of attribute values (i.e. https:///attr//value/), normalized to lower case. - - name: withValue.withKeyAccessGrants - in: query - description: Deprecated - schema: - type: boolean - title: with_key_access_grants - description: Deprecated - - name: withValue.withSubjectMaps - in: query - schema: - type: boolean - title: with_subject_maps - - name: withValue.withResourceMaps - in: query - schema: - type: boolean - title: with_resource_maps - - name: withValue.withAttribute.withKeyAccessGrants - in: query - description: Deprecated - schema: - type: boolean - title: with_key_access_grants - description: Deprecated - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.GetAttributeValuesByFqnsResponse' - /policy.attributes.AttributesService/CreateAttribute: - post: - tags: - - policy.attributes.AttributesService - summary: CreateAttribute - operationId: policy.attributes.AttributesService.CreateAttribute - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.CreateAttributeRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.CreateAttributeResponse' - /policy.attributes.AttributesService/UpdateAttribute: - post: - tags: - - policy.attributes.AttributesService - summary: UpdateAttribute - operationId: policy.attributes.AttributesService.UpdateAttribute - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.UpdateAttributeRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.UpdateAttributeResponse' - /policy.attributes.AttributesService/DeactivateAttribute: - post: - tags: - - policy.attributes.AttributesService - summary: DeactivateAttribute - operationId: policy.attributes.AttributesService.DeactivateAttribute - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.DeactivateAttributeRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.DeactivateAttributeResponse' - /policy.attributes.AttributesService/GetAttributeValue: - post: - tags: - - policy.attributes.AttributesService - summary: GetAttributeValue - description: |- - --------------------------------------* - Value RPCs - --------------------------------------- - operationId: policy.attributes.AttributesService.GetAttributeValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.GetAttributeValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.GetAttributeValueResponse' - /policy.attributes.AttributesService/CreateAttributeValue: - post: - tags: - - policy.attributes.AttributesService - summary: CreateAttributeValue - operationId: policy.attributes.AttributesService.CreateAttributeValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.CreateAttributeValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.CreateAttributeValueResponse' - /policy.attributes.AttributesService/UpdateAttributeValue: - post: - tags: - - policy.attributes.AttributesService - summary: UpdateAttributeValue - operationId: policy.attributes.AttributesService.UpdateAttributeValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.UpdateAttributeValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.UpdateAttributeValueResponse' - /policy.attributes.AttributesService/DeactivateAttributeValue: - post: - tags: - - policy.attributes.AttributesService - summary: DeactivateAttributeValue - operationId: policy.attributes.AttributesService.DeactivateAttributeValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.DeactivateAttributeValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.DeactivateAttributeValueResponse' - /policy.attributes.AttributesService/AssignKeyAccessServerToAttribute: - post: - tags: - - policy.attributes.AttributesService - summary: AssignKeyAccessServerToAttribute - description: |- - --------------------------------------* - Attribute <> Key Access Server RPCs - --------------------------------------- - operationId: policy.attributes.AttributesService.AssignKeyAccessServerToAttribute - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.AssignKeyAccessServerToAttributeRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.AssignKeyAccessServerToAttributeResponse' - deprecated: true - /policy.attributes.AttributesService/RemoveKeyAccessServerFromAttribute: - post: - tags: - - policy.attributes.AttributesService - summary: RemoveKeyAccessServerFromAttribute - operationId: policy.attributes.AttributesService.RemoveKeyAccessServerFromAttribute - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.RemoveKeyAccessServerFromAttributeRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.RemoveKeyAccessServerFromAttributeResponse' - deprecated: true - /policy.attributes.AttributesService/AssignKeyAccessServerToValue: - post: - tags: - - policy.attributes.AttributesService - summary: AssignKeyAccessServerToValue - operationId: policy.attributes.AttributesService.AssignKeyAccessServerToValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.AssignKeyAccessServerToValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.AssignKeyAccessServerToValueResponse' - deprecated: true - /policy.attributes.AttributesService/RemoveKeyAccessServerFromValue: - post: - tags: - - policy.attributes.AttributesService - summary: RemoveKeyAccessServerFromValue - operationId: policy.attributes.AttributesService.RemoveKeyAccessServerFromValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.RemoveKeyAccessServerFromValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.RemoveKeyAccessServerFromValueResponse' - deprecated: true - /policy.attributes.AttributesService/AssignPublicKeyToAttribute: - post: - tags: - - policy.attributes.AttributesService - summary: AssignPublicKeyToAttribute - operationId: policy.attributes.AttributesService.AssignPublicKeyToAttribute - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.AssignPublicKeyToAttributeRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.AssignPublicKeyToAttributeResponse' - /policy.attributes.AttributesService/RemovePublicKeyFromAttribute: - post: - tags: - - policy.attributes.AttributesService - summary: RemovePublicKeyFromAttribute - operationId: policy.attributes.AttributesService.RemovePublicKeyFromAttribute - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.RemovePublicKeyFromAttributeRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.RemovePublicKeyFromAttributeResponse' - /policy.attributes.AttributesService/AssignPublicKeyToValue: - post: - tags: - - policy.attributes.AttributesService - summary: AssignPublicKeyToValue - operationId: policy.attributes.AttributesService.AssignPublicKeyToValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.AssignPublicKeyToValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.AssignPublicKeyToValueResponse' - /policy.attributes.AttributesService/RemovePublicKeyFromValue: - post: - tags: - - policy.attributes.AttributesService - summary: RemovePublicKeyFromValue - operationId: policy.attributes.AttributesService.RemovePublicKeyFromValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.RemovePublicKeyFromValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.attributes.RemovePublicKeyFromValueResponse' -components: - schemas: - common.ActiveStateEnum: - type: string - title: ActiveStateEnum - enum: - - ACTIVE_STATE_ENUM_UNSPECIFIED - - ACTIVE_STATE_ENUM_ACTIVE - - ACTIVE_STATE_ENUM_INACTIVE - - ACTIVE_STATE_ENUM_ANY - description: 'buflint ENUM_VALUE_PREFIX: to make sure that C++ scoping rules aren''t violated when users add new enum values to an enum in a given package' - common.MetadataUpdateEnum: - type: string - title: MetadataUpdateEnum - enum: - - METADATA_UPDATE_ENUM_UNSPECIFIED - - METADATA_UPDATE_ENUM_EXTEND - - METADATA_UPDATE_ENUM_REPLACE - policy.Action.StandardAction: - type: string - title: StandardAction - enum: - - STANDARD_ACTION_UNSPECIFIED - - STANDARD_ACTION_DECRYPT - - STANDARD_ACTION_TRANSMIT - policy.Algorithm: - type: string - title: Algorithm - enum: - - ALGORITHM_UNSPECIFIED - - ALGORITHM_RSA_2048 - - ALGORITHM_RSA_4096 - - ALGORITHM_EC_P256 - - ALGORITHM_EC_P384 - - ALGORITHM_EC_P521 - description: Supported key algorithms. - policy.AttributeRuleTypeEnum: - type: string - title: AttributeRuleTypeEnum - enum: - - ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED - - ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF - - ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF - - ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY - policy.ConditionBooleanTypeEnum: - type: string - title: ConditionBooleanTypeEnum - enum: - - CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED - - CONDITION_BOOLEAN_TYPE_ENUM_AND - - CONDITION_BOOLEAN_TYPE_ENUM_OR - policy.KasPublicKeyAlgEnum: - type: string - title: KasPublicKeyAlgEnum - enum: - - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 - policy.SourceType: - type: string - title: SourceType - enum: - - SOURCE_TYPE_UNSPECIFIED - - SOURCE_TYPE_INTERNAL - - SOURCE_TYPE_EXTERNAL - description: |- - Describes whether this kas is managed by the organization or if they imported - the kas information from an external party. These two modes are necessary in order - to encrypt a tdf dek with an external parties kas public key. - policy.SubjectMappingOperatorEnum: - type: string - title: SubjectMappingOperatorEnum - enum: - - SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED - - SUBJECT_MAPPING_OPERATOR_ENUM_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - common.MetadataMutable: - type: object - properties: - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional labels - title: MetadataMutable - additionalProperties: false - common.MetadataMutable.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.BoolValue: - type: boolean - description: |- - Wrapper message for `bool`. - - The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.Action: - type: object - oneOf: - - properties: - custom: - type: string - title: custom - description: Deprecated - title: custom - required: - - custom - - properties: - standard: - title: standard - description: Deprecated - $ref: '#/components/schemas/policy.Action.StandardAction' - title: standard - required: - - standard - properties: - id: - type: string - title: id - description: Generated uuid in database - name: - type: string - title: name - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Action - additionalProperties: false - description: An action an entity can take - policy.Attribute: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - description: namespace of the attribute - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - description: attribute name - rule: - title: rule - description: attribute rule enum - $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' - values: - type: array - items: - $ref: '#/components/schemas/policy.Value' - title: values - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the attribute. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys associated with the attribute - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Attribute - required: - - rule - additionalProperties: false - policy.AttributeValueSelector: - type: object - properties: - withKeyAccessGrants: - type: boolean - title: with_key_access_grants - description: Deprecated - withSubjectMaps: - type: boolean - title: with_subject_maps - withResourceMaps: - type: boolean - title: with_resource_maps - withAttribute: - title: with_attribute - $ref: '#/components/schemas/policy.AttributeValueSelector.AttributeSelector' - title: AttributeValueSelector - additionalProperties: false - policy.AttributeValueSelector.AttributeSelector: - type: object - properties: - withKeyAccessGrants: - type: boolean - title: with_key_access_grants - description: Deprecated - withNamespace: - title: with_namespace - $ref: '#/components/schemas/policy.AttributeValueSelector.AttributeSelector.NamespaceSelector' - title: AttributeSelector - additionalProperties: false - policy.AttributeValueSelector.AttributeSelector.NamespaceSelector: - type: object - title: NamespaceSelector - additionalProperties: false - policy.Condition: - type: object - properties: - subjectExternalSelectorValue: - type: string - title: subject_external_selector_value - description: |- - a selector for a field value on a flattened Entity Representation (such as - from idP/LDAP) - operator: - title: operator - description: the evaluation operator of relation - $ref: '#/components/schemas/policy.SubjectMappingOperatorEnum' - subjectExternalValues: - type: array - items: - type: string - minItems: 1 - title: subject_external_values - minItems: 1 - description: |- - list of comparison values for the result of applying the - subject_external_selector_value on a flattened Entity Representation - (Subject), evaluated by the operator - title: Condition - required: - - subjectExternalSelectorValue - - operator - additionalProperties: false - description: |- - * - A Condition defines a rule of - policy.ConditionGroup: - type: object - properties: - conditions: - type: array - items: - $ref: '#/components/schemas/policy.Condition' - title: conditions - minItems: 1 - booleanOperator: - title: boolean_operator - description: the boolean evaluation type across the conditions - $ref: '#/components/schemas/policy.ConditionBooleanTypeEnum' - title: ConditionGroup - required: - - booleanOperator - additionalProperties: false - description: A collection of Conditions evaluated by the boolean_operator provided - policy.KasPublicKey: - type: object - properties: - pem: - type: string - title: pem - maxLength: 8192 - minLength: 1 - description: x509 ASN.1 content in PEM envelope, usually - kid: - type: string - title: kid - maxLength: 32 - minLength: 1 - description: A unique string identifier for this key - alg: - not: - enum: - - 0 - title: alg - description: |- - A known algorithm type with any additional parameters encoded. - To start, these may be `rsa:2048` for encrypting ZTDF files and - `ec:secp256r1` for nanoTDF, but more formats may be added as needed. - $ref: '#/components/schemas/policy.KasPublicKeyAlgEnum' - title: KasPublicKey - additionalProperties: false - description: |- - Deprecated - A KAS public key and some associated metadata for further identifcation - policy.KasPublicKeySet: - type: object - properties: - keys: - type: array - items: - $ref: '#/components/schemas/policy.KasPublicKey' - title: keys - title: KasPublicKeySet - additionalProperties: false - description: |- - Deprecated - A list of known KAS public keys - policy.KeyAccessServer: - type: object - properties: - id: - type: string - title: id - uri: - type: string - title: uri - description: |+ - Address of a KAS instance - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$') - ``` - - publicKey: - title: public_key - description: Deprecated - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: 'The source of the KAS: (INTERNAL, EXTERNAL)' - $ref: '#/components/schemas/policy.SourceType' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Kas keys associated with this KAS - name: - type: string - title: name - description: |- - Optional - Unique name of the KAS instance - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyAccessServer - additionalProperties: false - description: Key Access Server Registry - policy.Namespace: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - name: - type: string - title: name - description: |- - used to partition Attribute Definitions, support by namespace AuthN and - enable federation - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the namespace. Use kas_keys instead. - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys for the namespace - title: Namespace - additionalProperties: false - policy.PageRequest: - type: object - properties: - limit: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - offset: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided - title: PageRequest - additionalProperties: false - policy.PageResponse: - type: object - properties: - currentOffset: - type: integer - title: current_offset - format: int32 - description: Requested pagination offset - nextOffset: - type: integer - title: next_offset - format: int32 - description: |- - Calculated with request limit + offset or defaults - Empty when none remain after current page - total: - type: integer - title: total - format: int32 - description: Total count of entire list - title: PageResponse - additionalProperties: false - policy.PublicKey: - type: object - oneOf: - - properties: - cached: - title: cached - description: public key with additional information. Current preferred version - $ref: '#/components/schemas/policy.KasPublicKeySet' - title: cached - required: - - cached - - properties: - remote: - type: string - title: remote - description: |+ - kas public key url - optional since can also be retrieved via public key - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$') - ``` - - title: remote - required: - - remote - title: PublicKey - additionalProperties: false - description: Deprecated - policy.ResourceMapping: - type: object - properties: - id: - type: string - title: id - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - terms: - type: array - items: - type: string - title: terms - group: - title: group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: ResourceMapping - required: - - attributeValue - additionalProperties: false - description: |- - Resource Mappings (aka Access Control Resource Encodings aka ACRE) are - structures supporting the mapping of Resources and Attribute Values - policy.ResourceMappingGroup: - type: object - properties: - id: - type: string - title: id - namespaceId: - type: string - title: namespace_id - description: the namespace containing the group of resource mappings - name: - type: string - title: name - description: |- - the common name for the group of resource mappings, which must be unique - per namespace - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: ResourceMappingGroup - required: - - namespaceId - - name - additionalProperties: false - description: |- - Resource Mapping Groups are namespaced collections of Resource Mappings - associated under a common group name. - policy.SimpleKasKey: - type: object - properties: - kasUri: - type: string - title: kas_uri - description: The URL of the Key Access Server - publicKey: - title: public_key - description: The public key of the Key that belongs to the KAS - $ref: '#/components/schemas/policy.SimpleKasPublicKey' - kasId: - type: string - title: kas_id - description: The ID of the Key Access Server - title: SimpleKasKey - additionalProperties: false - policy.SimpleKasPublicKey: - type: object - properties: - algorithm: - title: algorithm - $ref: '#/components/schemas/policy.Algorithm' - kid: - type: string - title: kid - pem: - type: string - title: pem - title: SimpleKasPublicKey - additionalProperties: false - policy.SubjectConditionSet: - type: object - properties: - id: - type: string - title: id - subjectSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectSet' - title: subject_sets - minItems: 1 - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectConditionSet - additionalProperties: false - description: |- - A container for multiple Subject Sets, each containing Condition Groups, each - containing Conditions. Multiple Subject Sets in a SubjectConditionSet are - evaluated with AND logic. As each Subject Mapping has only one Attribute - Value, the SubjectConditionSet is reusable across multiple Subject Mappings / - Attribute Values and is an independent unit. - policy.SubjectMapping: - type: object - properties: - id: - type: string - title: id - attributeValue: - title: attribute_value - description: 'the Attribute Value mapped to; aka: "The Entity Entitlement Attribute"' - $ref: '#/components/schemas/policy.Value' - subjectConditionSet: - title: subject_condition_set - description: the reusable SubjectConditionSet mapped to the given Attribute Value - $ref: '#/components/schemas/policy.SubjectConditionSet' - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - description: The actions permitted by subjects in this mapping - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectMapping - additionalProperties: false - description: |- - Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute - value + action(s) combination - policy.SubjectSet: - type: object - properties: - conditionGroups: - type: array - items: - $ref: '#/components/schemas/policy.ConditionGroup' - title: condition_groups - minItems: 1 - description: multiple Condition Groups are evaluated with AND logic - title: SubjectSet - additionalProperties: false - description: A collection of Condition Groups - policy.Value: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - value: - type: string - title: value - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the value. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - subjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: subject_mappings - description: subject mapping - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - resourceMappings: - type: array - items: - $ref: '#/components/schemas/policy.ResourceMapping' - title: resource_mappings - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Value - additionalProperties: false - policy.attributes.AssignKeyAccessServerToAttributeRequest: - type: object - properties: - attributeKeyAccessServer: - title: attribute_key_access_server - description: Required - $ref: '#/components/schemas/policy.attributes.AttributeKeyAccessServer' - title: AssignKeyAccessServerToAttributeRequest - additionalProperties: false - policy.attributes.AssignKeyAccessServerToAttributeResponse: - type: object - properties: - attributeKeyAccessServer: - title: attribute_key_access_server - $ref: '#/components/schemas/policy.attributes.AttributeKeyAccessServer' - title: AssignKeyAccessServerToAttributeResponse - additionalProperties: false - policy.attributes.AssignKeyAccessServerToValueRequest: - type: object - properties: - valueKeyAccessServer: - title: value_key_access_server - description: Required - $ref: '#/components/schemas/policy.attributes.ValueKeyAccessServer' - title: AssignKeyAccessServerToValueRequest - additionalProperties: false - policy.attributes.AssignKeyAccessServerToValueResponse: - type: object - properties: - valueKeyAccessServer: - title: value_key_access_server - $ref: '#/components/schemas/policy.attributes.ValueKeyAccessServer' - title: AssignKeyAccessServerToValueResponse - additionalProperties: false - policy.attributes.AssignPublicKeyToAttributeRequest: - type: object - properties: - attributeKey: - title: attribute_key - description: Required - $ref: '#/components/schemas/policy.attributes.AttributeKey' - title: AssignPublicKeyToAttributeRequest - required: - - attributeKey - additionalProperties: false - policy.attributes.AssignPublicKeyToAttributeResponse: - type: object - properties: - attributeKey: - title: attribute_key - description: Required - $ref: '#/components/schemas/policy.attributes.AttributeKey' - title: AssignPublicKeyToAttributeResponse - additionalProperties: false - policy.attributes.AssignPublicKeyToValueRequest: - type: object - properties: - valueKey: - title: value_key - description: Required - $ref: '#/components/schemas/policy.attributes.ValueKey' - title: AssignPublicKeyToValueRequest - required: - - valueKey - additionalProperties: false - policy.attributes.AssignPublicKeyToValueResponse: - type: object - properties: - valueKey: - title: value_key - description: Required - $ref: '#/components/schemas/policy.attributes.ValueKey' - title: AssignPublicKeyToValueResponse - additionalProperties: false - policy.attributes.AttributeKey: - type: object - properties: - attributeId: - type: string - title: attribute_id - format: uuid - description: Required - keyId: - type: string - title: key_id - format: uuid - description: Required - title: AttributeKey - required: - - attributeId - - keyId - additionalProperties: false - policy.attributes.AttributeKeyAccessServer: - type: object - properties: - attributeId: - type: string - title: attribute_id - format: uuid - description: Required - keyAccessServerId: - type: string - title: key_access_server_id - format: uuid - description: Required - title: AttributeKeyAccessServer - additionalProperties: false - description: Deprecated - policy.attributes.CreateAttributeRequest: - type: object - properties: - namespaceId: - type: string - title: namespace_id - format: uuid - description: Required - name: - type: string - title: name - maxLength: 253 - description: |+ - Required - Attribute name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored attribute name will be normalized to lower case.: - ``` - this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - rule: - title: rule - description: Required - $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' - values: - type: array - items: - type: string - maxLength: 253 - pattern: ^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$ - uniqueItems: true - title: values - uniqueItems: true - description: |- - Optional - Attribute values (when provided) must be alphanumeric strings, allowing hyphens and underscores but not as the first or last character. - The stored attribute value will be normalized to lower case. - metadata: - title: metadata - description: Optional - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateAttributeRequest - required: - - name - - rule - additionalProperties: false - policy.attributes.CreateAttributeResponse: - type: object - properties: - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - title: CreateAttributeResponse - additionalProperties: false - policy.attributes.CreateAttributeValueRequest: - type: object - properties: - attributeId: - type: string - title: attribute_id - format: uuid - description: Required - value: - type: string - title: value - maxLength: 253 - description: |+ - Required - Attribute value must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored attribute value will be normalized to lower case.: - ``` - this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateAttributeValueRequest - required: - - value - additionalProperties: false - policy.attributes.CreateAttributeValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.Value' - title: CreateAttributeValueResponse - additionalProperties: false - policy.attributes.DeactivateAttributeRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeactivateAttributeRequest - additionalProperties: false - policy.attributes.DeactivateAttributeResponse: - type: object - properties: - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - title: DeactivateAttributeResponse - additionalProperties: false - policy.attributes.DeactivateAttributeValueRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeactivateAttributeValueRequest - additionalProperties: false - policy.attributes.DeactivateAttributeValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.Value' - title: DeactivateAttributeValueResponse - additionalProperties: false - policy.attributes.GetAttributeRequest: - type: object - oneOf: - - properties: - attributeId: - type: string - title: attribute_id - format: uuid - description: 'option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field' - title: attribute_id - required: - - attributeId - - properties: - fqn: - type: string - title: fqn - minLength: 1 - format: uri - title: fqn - required: - - fqn - properties: - id: - type: string - title: id - format: uuid - description: Deprecated - deprecated: true - title: GetAttributeRequest - additionalProperties: false - description: |+ - Either use deprecated 'id' field or one of 'attribute_id' or 'fqn', but not both: - ``` - !(has(this.id) && (has(this.attribute_id) || has(this.fqn))) - ``` - - Either id or one of attribute_id or fqn must be set: - ``` - has(this.id) || has(this.attribute_id) || has(this.fqn) - ``` - - policy.attributes.GetAttributeResponse: - type: object - properties: - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - title: GetAttributeResponse - additionalProperties: false - policy.attributes.GetAttributeValueRequest: - type: object - oneOf: - - properties: - fqn: - type: string - title: fqn - minLength: 1 - format: uri - title: fqn - required: - - fqn - - properties: - valueId: - type: string - title: value_id - format: uuid - description: 'option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field' - title: value_id - required: - - valueId - properties: - id: - type: string - title: id - format: uuid - description: Deprecated - deprecated: true - title: GetAttributeValueRequest - additionalProperties: false - description: |+ - / - / Value RPC messages - / - Either use deprecated 'id' field or one of 'value_id' or 'fqn', but not both: - ``` - !(has(this.id) && (has(this.value_id) || has(this.fqn))) - ``` - - Either id or one of value_id or fqn must be set: - ``` - has(this.id) || has(this.value_id) || has(this.fqn) - ``` - - policy.attributes.GetAttributeValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.Value' - title: GetAttributeValueResponse - additionalProperties: false - policy.attributes.GetAttributeValuesByFqnsRequest: - type: object - properties: - fqns: - type: array - items: - type: string - maxItems: 250 - minItems: 1 - title: fqns - maxItems: 250 - minItems: 1 - description: |- - Required - Fully Qualified Names of attribute values (i.e. https:///attr//value/), normalized to lower case. - withValue: - title: with_value - description: |- - Optional - This attribute value selector is not used currently, but left here for future use. - $ref: '#/components/schemas/policy.AttributeValueSelector' - title: GetAttributeValuesByFqnsRequest - additionalProperties: false - policy.attributes.GetAttributeValuesByFqnsResponse: - type: object - properties: - fqnAttributeValues: - type: object - title: fqn_attribute_values - additionalProperties: - title: value - $ref: '#/components/schemas/policy.attributes.GetAttributeValuesByFqnsResponse.AttributeAndValue' - description: map of FQNs to complete attributes and the one selected value - title: GetAttributeValuesByFqnsResponse - additionalProperties: false - policy.attributes.GetAttributeValuesByFqnsResponse.AttributeAndValue: - type: object - properties: - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - value: - title: value - $ref: '#/components/schemas/policy.Value' - title: AttributeAndValue - additionalProperties: false - policy.attributes.GetAttributeValuesByFqnsResponse.FqnAttributeValuesEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/policy.attributes.GetAttributeValuesByFqnsResponse.AttributeAndValue' - title: FqnAttributeValuesEntry - additionalProperties: false - policy.attributes.ListAttributeValuesRequest: - type: object - properties: - attributeId: - type: string - title: attribute_id - format: uuid - description: Required - state: - title: state - description: |- - Optional - ACTIVE by default when not specified - $ref: '#/components/schemas/common.ActiveStateEnum' - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListAttributeValuesRequest - additionalProperties: false - policy.attributes.ListAttributeValuesResponse: - type: object - properties: - values: - type: array - items: - $ref: '#/components/schemas/policy.Value' - title: values - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListAttributeValuesResponse - additionalProperties: false - policy.attributes.ListAttributesRequest: - type: object - properties: - state: - title: state - description: |- - Optional - ACTIVE by default when not specified - $ref: '#/components/schemas/common.ActiveStateEnum' - namespace: - type: string - title: namespace - description: |- - Optional - Namespace ID or name - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListAttributesRequest - additionalProperties: false - policy.attributes.ListAttributesResponse: - type: object - properties: - attributes: - type: array - items: - $ref: '#/components/schemas/policy.Attribute' - title: attributes - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListAttributesResponse - additionalProperties: false - policy.attributes.RemoveKeyAccessServerFromAttributeRequest: - type: object - properties: - attributeKeyAccessServer: - title: attribute_key_access_server - description: Required - $ref: '#/components/schemas/policy.attributes.AttributeKeyAccessServer' - title: RemoveKeyAccessServerFromAttributeRequest - additionalProperties: false - policy.attributes.RemoveKeyAccessServerFromAttributeResponse: - type: object - properties: - attributeKeyAccessServer: - title: attribute_key_access_server - $ref: '#/components/schemas/policy.attributes.AttributeKeyAccessServer' - title: RemoveKeyAccessServerFromAttributeResponse - additionalProperties: false - policy.attributes.RemoveKeyAccessServerFromValueRequest: - type: object - properties: - valueKeyAccessServer: - title: value_key_access_server - description: Required - $ref: '#/components/schemas/policy.attributes.ValueKeyAccessServer' - title: RemoveKeyAccessServerFromValueRequest - additionalProperties: false - policy.attributes.RemoveKeyAccessServerFromValueResponse: - type: object - properties: - valueKeyAccessServer: - title: value_key_access_server - $ref: '#/components/schemas/policy.attributes.ValueKeyAccessServer' - title: RemoveKeyAccessServerFromValueResponse - additionalProperties: false - policy.attributes.RemovePublicKeyFromAttributeRequest: - type: object - properties: - attributeKey: - title: attribute_key - description: Required - $ref: '#/components/schemas/policy.attributes.AttributeKey' - title: RemovePublicKeyFromAttributeRequest - required: - - attributeKey - additionalProperties: false - policy.attributes.RemovePublicKeyFromAttributeResponse: - type: object - properties: - attributeKey: - title: attribute_key - description: Required - $ref: '#/components/schemas/policy.attributes.AttributeKey' - title: RemovePublicKeyFromAttributeResponse - additionalProperties: false - policy.attributes.RemovePublicKeyFromValueRequest: - type: object - properties: - valueKey: - title: value_key - description: Required - $ref: '#/components/schemas/policy.attributes.ValueKey' - title: RemovePublicKeyFromValueRequest - required: - - valueKey - additionalProperties: false - policy.attributes.RemovePublicKeyFromValueResponse: - type: object - properties: - valueKey: - title: value_key - description: Required - $ref: '#/components/schemas/policy.attributes.ValueKey' - title: RemovePublicKeyFromValueResponse - additionalProperties: false - policy.attributes.UpdateAttributeRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - metadata: - title: metadata - description: Optional - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateAttributeRequest - additionalProperties: false - policy.attributes.UpdateAttributeResponse: - type: object - properties: - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - title: UpdateAttributeResponse - additionalProperties: false - policy.attributes.UpdateAttributeValueRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateAttributeValueRequest - additionalProperties: false - policy.attributes.UpdateAttributeValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.Value' - title: UpdateAttributeValueResponse - additionalProperties: false - policy.attributes.ValueKey: - type: object - properties: - valueId: - type: string - title: value_id - format: uuid - description: Required - keyId: - type: string - title: key_id - format: uuid - description: Required (The id listed in the AsymmetricKeys object) - title: ValueKey - required: - - valueId - - keyId - additionalProperties: false - policy.attributes.ValueKeyAccessServer: - type: object - properties: - valueId: - type: string - title: value_id - format: uuid - description: Required - keyAccessServerId: - type: string - title: key_access_server_id - format: uuid - description: Required - title: ValueKeyAccessServer - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: policy.attributes.AttributesService - description: |- - / - / Attribute Service - / diff --git a/specs/policy/kasregistry/key_access_server_registry.openapi.yaml b/specs/policy/kasregistry/key_access_server_registry.openapi.yaml deleted file mode 100644 index a676adf8..00000000 --- a/specs/policy/kasregistry/key_access_server_registry.openapi.yaml +++ /dev/null @@ -1,2230 +0,0 @@ -openapi: 3.1.0 -info: - title: policy.kasregistry -paths: - /key-access-servers: - get: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: ListKeyAccessServers - operationId: policy.kasregistry.KeyAccessServerRegistryService.ListKeyAccessServers - parameters: - - name: pagination.limit - in: query - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - schema: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - - name: pagination.offset - in: query - description: |- - Optional - Defaulted if not provided - schema: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.ListKeyAccessServersResponse' - /policy.kasregistry.KeyAccessServerRegistryService/GetKeyAccessServer: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: GetKeyAccessServer - operationId: policy.kasregistry.KeyAccessServerRegistryService.GetKeyAccessServer - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.GetKeyAccessServerRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.GetKeyAccessServerResponse' - /policy.kasregistry.KeyAccessServerRegistryService/CreateKeyAccessServer: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: CreateKeyAccessServer - operationId: policy.kasregistry.KeyAccessServerRegistryService.CreateKeyAccessServer - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.CreateKeyAccessServerRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.CreateKeyAccessServerResponse' - /policy.kasregistry.KeyAccessServerRegistryService/UpdateKeyAccessServer: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: UpdateKeyAccessServer - operationId: policy.kasregistry.KeyAccessServerRegistryService.UpdateKeyAccessServer - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.UpdateKeyAccessServerRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.UpdateKeyAccessServerResponse' - /policy.kasregistry.KeyAccessServerRegistryService/DeleteKeyAccessServer: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: DeleteKeyAccessServer - operationId: policy.kasregistry.KeyAccessServerRegistryService.DeleteKeyAccessServer - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.DeleteKeyAccessServerRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.DeleteKeyAccessServerResponse' - /policy.kasregistry.KeyAccessServerRegistryService/ListKeyAccessServerGrants: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: ListKeyAccessServerGrants - description: Deprecated - operationId: policy.kasregistry.KeyAccessServerRegistryService.ListKeyAccessServerGrants - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.ListKeyAccessServerGrantsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.ListKeyAccessServerGrantsResponse' - deprecated: true - /policy.kasregistry.KeyAccessServerRegistryService/CreateKey: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: CreateKey - description: |- - KAS Key Management - Request to create a new key in the Key Access Service. - operationId: policy.kasregistry.KeyAccessServerRegistryService.CreateKey - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.CreateKeyRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.CreateKeyResponse' - /policy.kasregistry.KeyAccessServerRegistryService/GetKey: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: GetKey - description: Request to retrieve a key from the Key Access Service. - operationId: policy.kasregistry.KeyAccessServerRegistryService.GetKey - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.GetKeyRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.GetKeyResponse' - /policy.kasregistry.KeyAccessServerRegistryService/ListKeys: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: ListKeys - description: Request to list keys in the Key Access Service. - operationId: policy.kasregistry.KeyAccessServerRegistryService.ListKeys - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.ListKeysRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.ListKeysResponse' - /policy.kasregistry.KeyAccessServerRegistryService/UpdateKey: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: UpdateKey - description: Request to update a key in the Key Access Service. - operationId: policy.kasregistry.KeyAccessServerRegistryService.UpdateKey - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.UpdateKeyRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.UpdateKeyResponse' - /policy.kasregistry.KeyAccessServerRegistryService/RotateKey: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: RotateKey - description: Request to rotate a key in the Key Access Service. - operationId: policy.kasregistry.KeyAccessServerRegistryService.RotateKey - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.RotateKeyRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.RotateKeyResponse' - /policy.kasregistry.KeyAccessServerRegistryService/SetBaseKey: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: SetBaseKey - description: Request to set the default a default kas key. - operationId: policy.kasregistry.KeyAccessServerRegistryService.SetBaseKey - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.SetBaseKeyRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.SetBaseKeyResponse' - /policy.kasregistry.KeyAccessServerRegistryService/GetBaseKey: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: GetBaseKey - description: Get Default kas keys - operationId: policy.kasregistry.KeyAccessServerRegistryService.GetBaseKey - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.GetBaseKeyRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.GetBaseKeyResponse' - /policy.kasregistry.KeyAccessServerRegistryService/ListKeyMappings: - post: - tags: - - policy.kasregistry.KeyAccessServerRegistryService - summary: ListKeyMappings - description: Request to list key mappings in the Key Access Service. - operationId: policy.kasregistry.KeyAccessServerRegistryService.ListKeyMappings - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.ListKeyMappingsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.kasregistry.ListKeyMappingsResponse' -components: - schemas: - common.MetadataUpdateEnum: - type: string - title: MetadataUpdateEnum - enum: - - METADATA_UPDATE_ENUM_UNSPECIFIED - - METADATA_UPDATE_ENUM_EXTEND - - METADATA_UPDATE_ENUM_REPLACE - policy.Algorithm: - type: string - title: Algorithm - enum: - - ALGORITHM_UNSPECIFIED - - ALGORITHM_RSA_2048 - - ALGORITHM_RSA_4096 - - ALGORITHM_EC_P256 - - ALGORITHM_EC_P384 - - ALGORITHM_EC_P521 - description: Supported key algorithms. - policy.KasPublicKeyAlgEnum: - type: string - title: KasPublicKeyAlgEnum - enum: - - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 - policy.KeyMode: - type: string - title: KeyMode - enum: - - KEY_MODE_UNSPECIFIED - - KEY_MODE_CONFIG_ROOT_KEY - - KEY_MODE_PROVIDER_ROOT_KEY - - KEY_MODE_REMOTE - - KEY_MODE_PUBLIC_KEY_ONLY - description: Describes the management and operational mode of a cryptographic key. - policy.KeyStatus: - type: string - title: KeyStatus - enum: - - KEY_STATUS_UNSPECIFIED - - KEY_STATUS_ACTIVE - - KEY_STATUS_ROTATED - description: The status of the key - policy.SourceType: - type: string - title: SourceType - enum: - - SOURCE_TYPE_UNSPECIFIED - - SOURCE_TYPE_INTERNAL - - SOURCE_TYPE_EXTERNAL - description: |- - Describes whether this kas is managed by the organization or if they imported - the kas information from an external party. These two modes are necessary in order - to encrypt a tdf dek with an external parties kas public key. - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - common.MetadataMutable: - type: object - properties: - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional labels - title: MetadataMutable - additionalProperties: false - common.MetadataMutable.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.BoolValue: - type: boolean - description: |- - Wrapper message for `bool`. - - The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.AsymmetricKey: - type: object - properties: - id: - type: string - title: id - description: Required - keyId: - type: string - title: key_id - description: Required - keyAlgorithm: - title: key_algorithm - description: Required - $ref: '#/components/schemas/policy.Algorithm' - keyStatus: - title: key_status - description: Required - $ref: '#/components/schemas/policy.KeyStatus' - keyMode: - title: key_mode - description: Required Specifies how the key is managed (local or remote) - $ref: '#/components/schemas/policy.KeyMode' - publicKeyCtx: - title: public_key_ctx - description: Required Specific structure based on key provider implementation - $ref: '#/components/schemas/policy.PublicKeyCtx' - privateKeyCtx: - title: private_key_ctx - description: Optional Specific structure based on key provider implementation - $ref: '#/components/schemas/policy.PrivateKeyCtx' - providerConfig: - title: provider_config - description: Optional Configuration for the key provider - $ref: '#/components/schemas/policy.KeyProviderConfig' - legacy: - type: boolean - title: legacy - description: Optional Indicates a key may be found in TDFs without key identifiers - metadata: - title: metadata - description: Common metadata fields - $ref: '#/components/schemas/common.Metadata' - title: AsymmetricKey - additionalProperties: false - policy.KasKey: - type: object - properties: - kasId: - type: string - title: kas_id - key: - title: key - $ref: '#/components/schemas/policy.AsymmetricKey' - kasUri: - type: string - title: kas_uri - title: KasKey - additionalProperties: false - policy.KasPublicKey: - type: object - properties: - pem: - type: string - title: pem - maxLength: 8192 - minLength: 1 - description: x509 ASN.1 content in PEM envelope, usually - kid: - type: string - title: kid - maxLength: 32 - minLength: 1 - description: A unique string identifier for this key - alg: - not: - enum: - - 0 - title: alg - description: |- - A known algorithm type with any additional parameters encoded. - To start, these may be `rsa:2048` for encrypting ZTDF files and - `ec:secp256r1` for nanoTDF, but more formats may be added as needed. - $ref: '#/components/schemas/policy.KasPublicKeyAlgEnum' - title: KasPublicKey - additionalProperties: false - description: |- - Deprecated - A KAS public key and some associated metadata for further identifcation - policy.KasPublicKeySet: - type: object - properties: - keys: - type: array - items: - $ref: '#/components/schemas/policy.KasPublicKey' - title: keys - title: KasPublicKeySet - additionalProperties: false - description: |- - Deprecated - A list of known KAS public keys - policy.Key: - type: object - properties: - id: - type: string - title: id - description: the database record ID, not the key ID (`kid`) - isActive: - title: is_active - $ref: '#/components/schemas/google.protobuf.BoolValue' - wasMapped: - title: was_mapped - $ref: '#/components/schemas/google.protobuf.BoolValue' - publicKey: - title: public_key - $ref: '#/components/schemas/policy.KasPublicKey' - kas: - title: kas - $ref: '#/components/schemas/policy.KeyAccessServer' - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Key - additionalProperties: false - policy.KeyAccessServer: - type: object - properties: - id: - type: string - title: id - uri: - type: string - title: uri - description: |+ - Address of a KAS instance - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$') - ``` - - publicKey: - title: public_key - description: Deprecated - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: 'The source of the KAS: (INTERNAL, EXTERNAL)' - $ref: '#/components/schemas/policy.SourceType' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Kas keys associated with this KAS - name: - type: string - title: name - description: |- - Optional - Unique name of the KAS instance - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyAccessServer - additionalProperties: false - description: Key Access Server Registry - policy.KeyProviderConfig: - type: object - properties: - id: - type: string - title: id - name: - type: string - title: name - configJson: - type: string - title: config_json - format: byte - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyProviderConfig - additionalProperties: false - policy.PageRequest: - type: object - properties: - limit: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - offset: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided - title: PageRequest - additionalProperties: false - policy.PageResponse: - type: object - properties: - currentOffset: - type: integer - title: current_offset - format: int32 - description: Requested pagination offset - nextOffset: - type: integer - title: next_offset - format: int32 - description: |- - Calculated with request limit + offset or defaults - Empty when none remain after current page - total: - type: integer - title: total - format: int32 - description: Total count of entire list - title: PageResponse - additionalProperties: false - policy.PrivateKeyCtx: - type: object - properties: - keyId: - type: string - title: key_id - minLength: 1 - description: Required Key ID for the symmetric key wrapping this key. - wrappedKey: - type: string - title: wrapped_key - description: Optional Base64 encoded wrapped key. Conditionally required if key_mode is LOCAL. Should not be present if key_mode is REMOTE. - title: PrivateKeyCtx - additionalProperties: false - policy.PublicKey: - type: object - oneOf: - - properties: - cached: - title: cached - description: public key with additional information. Current preferred version - $ref: '#/components/schemas/policy.KasPublicKeySet' - title: cached - required: - - cached - - properties: - remote: - type: string - title: remote - description: |+ - kas public key url - optional since can also be retrieved via public key - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$') - ``` - - title: remote - required: - - remote - title: PublicKey - additionalProperties: false - description: Deprecated - policy.PublicKeyCtx: - type: object - properties: - pem: - type: string - title: pem - minLength: 1 - description: Required Base64 encoded public key in PEM format - title: PublicKeyCtx - additionalProperties: false - policy.SimpleKasKey: - type: object - properties: - kasUri: - type: string - title: kas_uri - description: The URL of the Key Access Server - publicKey: - title: public_key - description: The public key of the Key that belongs to the KAS - $ref: '#/components/schemas/policy.SimpleKasPublicKey' - kasId: - type: string - title: kas_id - description: The ID of the Key Access Server - title: SimpleKasKey - additionalProperties: false - policy.SimpleKasPublicKey: - type: object - properties: - algorithm: - title: algorithm - $ref: '#/components/schemas/policy.Algorithm' - kid: - type: string - title: kid - pem: - type: string - title: pem - title: SimpleKasPublicKey - additionalProperties: false - policy.kasregistry.ActivatePublicKeyRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - title: ActivatePublicKeyRequest - additionalProperties: false - policy.kasregistry.ActivatePublicKeyResponse: - type: object - properties: - key: - title: key - $ref: '#/components/schemas/policy.Key' - title: ActivatePublicKeyResponse - additionalProperties: false - policy.kasregistry.ChangeMappings: - type: object - properties: - id: - type: string - title: id - fqn: - type: string - title: fqn - title: ChangeMappings - additionalProperties: false - description: |- - * - Simplified information about the resources that were rotated as part of the key rotation process. - policy.kasregistry.CreateKeyAccessServerRequest: - type: object - properties: - uri: - type: string - title: uri - description: |+ - Required - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.isUri() - ``` - - publicKey: - title: public_key - description: Deprecated - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: Optional - $ref: '#/components/schemas/policy.SourceType' - name: - type: string - title: name - maxLength: 253 - description: |+ - Optional - Registered KAS name must be an alphanumeric string, allowing hyphens, and underscores but not as the first or last character. The stored KAS name will be normalized to lower case.: - ``` - size(this) > 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true - ``` - - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateKeyAccessServerRequest - additionalProperties: false - policy.kasregistry.CreateKeyAccessServerResponse: - type: object - properties: - keyAccessServer: - title: key_access_server - $ref: '#/components/schemas/policy.KeyAccessServer' - title: CreateKeyAccessServerResponse - additionalProperties: false - policy.kasregistry.CreateKeyRequest: - type: object - properties: - kasId: - type: string - title: kas_id - format: uuid - description: Required The unique identifier of the Key Access Server - keyId: - type: string - title: key_id - minLength: 1 - description: Required A user-defined identifier for the key - keyAlgorithm: - title: key_algorithm - description: |+ - Required The algorithm to be used for the key - The key_algorithm must be one of the defined values.: - ``` - this in [1, 2, 3, 4, 5] - ``` - - $ref: '#/components/schemas/policy.Algorithm' - keyMode: - title: key_mode - description: |+ - Required The mode of the key (e.g., local or external) - The key_mode must be one of the defined values (1-4).: - ``` - this >= 1 && this <= 4 - ``` - - $ref: '#/components/schemas/policy.KeyMode' - publicKeyCtx: - title: public_key_ctx - description: Required Context or additional data specific to the public key, based on the key provider implementation - $ref: '#/components/schemas/policy.PublicKeyCtx' - privateKeyCtx: - title: private_key_ctx - description: Conditionally Required Context or additional data specific to the private key, based on the key provider implementation - $ref: '#/components/schemas/policy.PrivateKeyCtx' - providerConfigId: - type: string - title: provider_config_id - description: Optional Configuration ID for the key provider, if applicable - legacy: - type: boolean - title: legacy - description: Optional Whether the key is a legacy key - metadata: - title: metadata - description: Common metadata Mutable metadata for the key - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateKeyRequest - required: - - publicKeyCtx - additionalProperties: false - description: |+ - Create a new asymmetric key for the specified Key Access Server (KAS) - The wrapped_key is required if key_mode is KEY_MODE_CONFIG_ROOT_KEY or KEY_MODE_PROVIDER_ROOT_KEY. The wrapped_key must be empty if key_mode is KEY_MODE_REMOTE or KEY_MODE_PUBLIC_KEY_ONLY.: - ``` - ((this.key_mode == 1 || this.key_mode == 2) && this.private_key_ctx.wrapped_key != '') || ((this.key_mode == 3 || this.key_mode == 4) && this.private_key_ctx.wrapped_key == '') - ``` - - Provider config id is required if key_mode is KEY_MODE_PROVIDER_ROOT_KEY or KEY_MODE_REMOTE. It must be empty for KEY_MODE_CONFIG_ROOT_KEY and KEY_MODE_PUBLIC_KEY_ONLY.: - ``` - ((this.key_mode == 1 || this.key_mode == 4) && this.provider_config_id == '') || ((this.key_mode == 2 || this.key_mode == 3) && this.provider_config_id != '') - ``` - - private_key_ctx must not be set if key_mode is KEY_MODE_PUBLIC_KEY_ONLY.: - ``` - !(this.key_mode == 4 && has(this.private_key_ctx)) - ``` - - policy.kasregistry.CreateKeyResponse: - type: object - properties: - kasKey: - title: kas_key - description: The created asymmetric key for a KAS. - $ref: '#/components/schemas/policy.KasKey' - title: CreateKeyResponse - additionalProperties: false - description: Response to a CreateKeyRequest, containing the created asymmetric key - policy.kasregistry.CreatePublicKeyRequest: - type: object - properties: - kasId: - type: string - title: kas_id - format: uuid - description: Required - key: - title: key - description: Required - $ref: '#/components/schemas/policy.KasPublicKey' - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: CreatePublicKeyRequest - required: - - key - additionalProperties: false - policy.kasregistry.CreatePublicKeyResponse: - type: object - properties: - key: - title: key - $ref: '#/components/schemas/policy.Key' - title: CreatePublicKeyResponse - additionalProperties: false - policy.kasregistry.DeactivatePublicKeyRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - title: DeactivatePublicKeyRequest - additionalProperties: false - policy.kasregistry.DeactivatePublicKeyResponse: - type: object - properties: - key: - title: key - $ref: '#/components/schemas/policy.Key' - title: DeactivatePublicKeyResponse - additionalProperties: false - policy.kasregistry.DeleteKeyAccessServerRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeleteKeyAccessServerRequest - additionalProperties: false - policy.kasregistry.DeleteKeyAccessServerResponse: - type: object - properties: - keyAccessServer: - title: key_access_server - $ref: '#/components/schemas/policy.KeyAccessServer' - title: DeleteKeyAccessServerResponse - additionalProperties: false - policy.kasregistry.GetBaseKeyRequest: - type: object - title: GetBaseKeyRequest - additionalProperties: false - policy.kasregistry.GetBaseKeyResponse: - type: object - properties: - baseKey: - title: base_key - description: The current base key - $ref: '#/components/schemas/policy.SimpleKasKey' - title: GetBaseKeyResponse - additionalProperties: false - policy.kasregistry.GetKeyAccessServerRequest: - type: object - oneOf: - - properties: - kasId: - type: string - title: kas_id - format: uuid - description: 'option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field' - title: kas_id - required: - - kasId - - properties: - name: - type: string - title: name - minLength: 1 - title: name - required: - - name - - properties: - uri: - type: string - title: uri - minLength: 1 - format: uri - title: uri - required: - - uri - properties: - id: - type: string - title: id - format: uuid - description: Deprecated - deprecated: true - title: GetKeyAccessServerRequest - additionalProperties: false - description: |+ - Either use deprecated 'id' field or one of 'kas_id' or 'uri', but not both: - ``` - !(has(this.id) && (has(this.kas_id) || has(this.uri) || has(this.name))) - ``` - - Either id or one of kas_id or uri must be set: - ``` - has(this.id) || has(this.kas_id) || has(this.uri) || has(this.name) - ``` - - policy.kasregistry.GetKeyAccessServerResponse: - type: object - properties: - keyAccessServer: - title: key_access_server - $ref: '#/components/schemas/policy.KeyAccessServer' - title: GetKeyAccessServerResponse - additionalProperties: false - policy.kasregistry.GetKeyRequest: - type: object - oneOf: - - properties: - id: - type: string - title: id - format: uuid - description: The unique identifier of the key to retrieve - title: id - required: - - id - - properties: - key: - title: key - $ref: '#/components/schemas/policy.kasregistry.KasKeyIdentifier' - title: key - required: - - key - title: GetKeyRequest - additionalProperties: false - description: Retrieve an existing asymmetric key from the Key Management System - policy.kasregistry.GetKeyResponse: - type: object - properties: - kasKey: - title: kas_key - description: The requested asymmetric key for a KAS. - $ref: '#/components/schemas/policy.KasKey' - title: GetKeyResponse - additionalProperties: false - description: Response to a GetKeyRequest, containing the requested asymmetric key - policy.kasregistry.GetPublicKeyRequest: - type: object - oneOf: - - properties: - id: - type: string - title: id - format: uuid - title: id - required: - - id - title: GetPublicKeyRequest - additionalProperties: false - policy.kasregistry.GetPublicKeyResponse: - type: object - properties: - key: - title: key - $ref: '#/components/schemas/policy.Key' - title: GetPublicKeyResponse - additionalProperties: false - policy.kasregistry.GrantedPolicyObject: - type: object - properties: - id: - type: string - title: id - fqn: - type: string - title: fqn - title: GrantedPolicyObject - additionalProperties: false - description: Can be namespace, attribute definition, or value - policy.kasregistry.KasKeyIdentifier: - type: object - oneOf: - - properties: - kasId: - type: string - title: kas_id - format: uuid - title: kas_id - required: - - kasId - - properties: - name: - type: string - title: name - minLength: 1 - title: name - required: - - name - - properties: - uri: - type: string - title: uri - minLength: 1 - format: uri - title: uri - required: - - uri - properties: - kid: - type: string - title: kid - minLength: 1 - description: Required Key ID of the key in question - title: KasKeyIdentifier - additionalProperties: false - description: Nested message for specifying the active key using KAS ID and Key ID - policy.kasregistry.KeyAccessServerGrants: - type: object - properties: - keyAccessServer: - title: key_access_server - $ref: '#/components/schemas/policy.KeyAccessServer' - namespaceGrants: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.GrantedPolicyObject' - title: namespace_grants - attributeGrants: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.GrantedPolicyObject' - title: attribute_grants - valueGrants: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.GrantedPolicyObject' - title: value_grants - title: KeyAccessServerGrants - additionalProperties: false - description: Deprecated - policy.kasregistry.KeyMapping: - type: object - properties: - kid: - type: string - title: kid - kasUri: - type: string - title: kas_uri - namespaceMappings: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.MappedPolicyObject' - title: namespace_mappings - description: List of namespaces mapped to the key - attributeMappings: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.MappedPolicyObject' - title: attribute_mappings - description: List of attribute definitions mapped to the key - valueMappings: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.MappedPolicyObject' - title: value_mappings - description: List of attribute values mapped to the key - title: KeyMapping - additionalProperties: false - policy.kasregistry.ListKeyAccessServerGrantsRequest: - type: object - properties: - kasId: - type: string - title: kas_id - description: |+ - Optional - Filter LIST by ID of a registered Key Access Server. - If neither is provided, grants from all registered KASs to policy attribute - objects are returned. - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - kasUri: - type: string - title: kas_uri - description: |+ - Optional - Filter LIST by URI of a registered Key Access Server. - If none is provided, grants from all registered KASs to policy attribute - objects are returned. - Optional URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - size(this) == 0 || this.isUri() - ``` - - kasName: - type: string - title: kas_name - maxLength: 253 - description: |+ - Optional - Filter LIST by name of a registered Key Access Server. - If none are provided, grants from all registered KASs to policy attribute - objects are returned. - Registered KAS name must be an alphanumeric string, allowing hyphens, and underscores but not as the first or last character. The stored KAS name will be normalized to lower case.: - ``` - size(this) == 0 || this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListKeyAccessServerGrantsRequest - additionalProperties: false - description: |- - LIST of KAS Grants returns flat response of grants to all policy objects. It - does not employ selectors for grants to specific policy objects or build the - attribute tree relation. If grants to a known namespace, attribute, or value - are needed, use the respective GET request to the specific policy object. - policy.kasregistry.ListKeyAccessServerGrantsResponse: - type: object - properties: - grants: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.KeyAccessServerGrants' - title: grants - deprecated: true - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListKeyAccessServerGrantsResponse - additionalProperties: false - description: Deprecated - policy.kasregistry.ListKeyAccessServersRequest: - type: object - properties: - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListKeyAccessServersRequest - additionalProperties: false - policy.kasregistry.ListKeyAccessServersResponse: - type: object - properties: - keyAccessServers: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: key_access_servers - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListKeyAccessServersResponse - additionalProperties: false - policy.kasregistry.ListKeyMappingsRequest: - type: object - oneOf: - - properties: - id: - type: string - title: id - format: uuid - description: The unique identifier of the key to retrieve - title: id - required: - - id - - properties: - key: - title: key - $ref: '#/components/schemas/policy.kasregistry.KasKeyIdentifier' - title: key - required: - - key - properties: - pagination: - title: pagination - description: Pagination request for the list of keys - $ref: '#/components/schemas/policy.PageRequest' - title: ListKeyMappingsRequest - additionalProperties: false - policy.kasregistry.ListKeyMappingsResponse: - type: object - properties: - keyMappings: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.KeyMapping' - title: key_mappings - description: The list of key mappings - pagination: - title: pagination - description: Pagination response for the list of keys - $ref: '#/components/schemas/policy.PageResponse' - title: ListKeyMappingsResponse - additionalProperties: false - policy.kasregistry.ListKeysRequest: - type: object - oneOf: - - properties: - kasId: - type: string - title: kas_id - format: uuid - description: Filter keys by the KAS ID - title: kas_id - required: - - kasId - - properties: - kasName: - type: string - title: kas_name - minLength: 1 - description: Filter keys by the KAS name - title: kas_name - required: - - kasName - - properties: - kasUri: - type: string - title: kas_uri - minLength: 1 - format: uri - description: Filter keys by the KAS URI - title: kas_uri - required: - - kasUri - properties: - keyAlgorithm: - title: key_algorithm - description: |+ - Filter keys by algorithm - The key_algorithm must be one of the defined values.: - ``` - this in [0, 1, 2, 3, 4, 5] - ``` - - $ref: '#/components/schemas/policy.Algorithm' - legacy: - type: boolean - title: legacy - description: Optional Filter for legacy keys - nullable: true - pagination: - title: pagination - description: Optional Pagination request for the list of keys - $ref: '#/components/schemas/policy.PageRequest' - title: ListKeysRequest - additionalProperties: false - description: List all asymmetric keys managed by a specific Key Access Server or with a given algorithm - policy.kasregistry.ListKeysResponse: - type: object - properties: - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.KasKey' - title: kas_keys - description: The list of kas keys - pagination: - title: pagination - description: Pagination response for the list of keys - $ref: '#/components/schemas/policy.PageResponse' - title: ListKeysResponse - additionalProperties: false - description: Response to a ListKeysRequest, containing the list of asymmetric keys and pagination information - policy.kasregistry.ListPublicKeyMappingRequest: - type: object - oneOf: - - properties: - kasId: - type: string - title: kas_id - format: uuid - description: Optional - title: kas_id - required: - - kasId - - properties: - kasName: - type: string - title: kas_name - minLength: 1 - description: Optional - title: kas_name - required: - - kasName - - properties: - kasUri: - type: string - title: kas_uri - minLength: 1 - format: uri - description: Optional - title: kas_uri - required: - - kasUri - properties: - publicKeyId: - type: string - title: public_key_id - format: uuid - description: Optional Public Key ID - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListPublicKeyMappingRequest - additionalProperties: false - policy.kasregistry.ListPublicKeyMappingResponse: - type: object - properties: - publicKeyMappings: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.ListPublicKeyMappingResponse.PublicKeyMapping' - title: public_key_mappings - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListPublicKeyMappingResponse - additionalProperties: false - policy.kasregistry.ListPublicKeyMappingResponse.Association: - type: object - properties: - id: - type: string - title: id - fqn: - type: string - title: fqn - title: Association - additionalProperties: false - policy.kasregistry.ListPublicKeyMappingResponse.PublicKey: - type: object - properties: - key: - title: key - $ref: '#/components/schemas/policy.Key' - values: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.ListPublicKeyMappingResponse.Association' - title: values - definitions: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.ListPublicKeyMappingResponse.Association' - title: definitions - namespaces: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.ListPublicKeyMappingResponse.Association' - title: namespaces - title: PublicKey - additionalProperties: false - policy.kasregistry.ListPublicKeyMappingResponse.PublicKeyMapping: - type: object - properties: - kasId: - type: string - title: kas_id - kasName: - type: string - title: kas_name - kasUri: - type: string - title: kas_uri - publicKeys: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.ListPublicKeyMappingResponse.PublicKey' - title: public_keys - title: PublicKeyMapping - additionalProperties: false - policy.kasregistry.ListPublicKeysRequest: - type: object - oneOf: - - properties: - kasId: - type: string - title: kas_id - format: uuid - description: Optional - title: kas_id - required: - - kasId - - properties: - kasName: - type: string - title: kas_name - minLength: 1 - description: Optional - title: kas_name - required: - - kasName - - properties: - kasUri: - type: string - title: kas_uri - minLength: 1 - format: uri - description: Optional - title: kas_uri - required: - - kasUri - properties: - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListPublicKeysRequest - additionalProperties: false - policy.kasregistry.ListPublicKeysResponse: - type: object - properties: - keys: - type: array - items: - $ref: '#/components/schemas/policy.Key' - title: keys - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListPublicKeysResponse - additionalProperties: false - policy.kasregistry.MappedPolicyObject: - type: object - properties: - id: - type: string - title: id - description: The unique identifier of the policy object - fqn: - type: string - title: fqn - description: The fully qualified name of the policy object - title: MappedPolicyObject - additionalProperties: false - policy.kasregistry.RotateKeyRequest: - type: object - oneOf: - - properties: - id: - type: string - title: id - format: uuid - description: Current Active Key UUID - title: id - required: - - id - - properties: - key: - title: key - description: Alternative way to specify the active key using KAS ID and Key ID - $ref: '#/components/schemas/policy.kasregistry.KasKeyIdentifier' - title: key - required: - - key - properties: - newKey: - title: new_key - description: Information about the new key to be rotated in - $ref: '#/components/schemas/policy.kasregistry.RotateKeyRequest.NewKey' - title: RotateKeyRequest - additionalProperties: false - description: |+ - For the new key, the wrapped_key is required if key_mode is KEY_MODE_CONFIG_ROOT_KEY or KEY_MODE_PROVIDER_ROOT_KEY. The wrapped_key must be empty if key_mode is KEY_MODE_REMOTE or KEY_MODE_PUBLIC_KEY_ONLY.: - ``` - ((this.new_key.key_mode == 1 || this.new_key.key_mode == 2) && this.new_key.private_key_ctx.wrapped_key != '') || ((this.new_key.key_mode == 3 || this.new_key.key_mode == 4) && this.new_key.private_key_ctx.wrapped_key == '') - ``` - - For the new key, provider config id is required if key_mode is KEY_MODE_PROVIDER_ROOT_KEY or KEY_MODE_REMOTE. It must be empty for KEY_MODE_CONFIG_ROOT_KEY and KEY_MODE_PUBLIC_KEY_ONLY.: - ``` - ((this.new_key.key_mode == 1 || this.new_key.key_mode == 4) && this.new_key.provider_config_id == '') || ((this.new_key.key_mode == 2 || this.new_key.key_mode == 3) && this.new_key.provider_config_id != '') - ``` - - private_key_ctx must not be set if key_mode is KEY_MODE_PUBLIC_KEY_ONLY.: - ``` - !(this.new_key.key_mode == 4 && has(this.new_key.private_key_ctx)) - ``` - - policy.kasregistry.RotateKeyRequest.NewKey: - type: object - properties: - keyId: - type: string - title: key_id - minLength: 1 - description: Required - algorithm: - title: algorithm - description: |+ - Required - The key_algorithm must be one of the defined values.: - ``` - this in [1, 2, 3, 4, 5] - ``` - - $ref: '#/components/schemas/policy.Algorithm' - keyMode: - title: key_mode - description: |+ - Required - The new key_mode must be one of the defined values (1-4).: - ``` - this in [1, 2, 3, 4] - ``` - - $ref: '#/components/schemas/policy.KeyMode' - publicKeyCtx: - title: public_key_ctx - description: Required - $ref: '#/components/schemas/policy.PublicKeyCtx' - privateKeyCtx: - title: private_key_ctx - description: Required - $ref: '#/components/schemas/policy.PrivateKeyCtx' - providerConfigId: - type: string - title: provider_config_id - description: Conditionally Required. Validation handled by message-level CEL - metadata: - title: metadata - description: Common metadata fields - $ref: '#/components/schemas/common.MetadataMutable' - title: NewKey - required: - - publicKeyCtx - additionalProperties: false - description: Nested message for specifying the new key details - policy.kasregistry.RotateKeyResponse: - type: object - properties: - kasKey: - title: kas_key - description: The newly rotated Kas Key - $ref: '#/components/schemas/policy.KasKey' - rotatedResources: - title: rotated_resources - description: All resources that were rotated as part of the key rotation process - $ref: '#/components/schemas/policy.kasregistry.RotatedResources' - title: RotateKeyResponse - additionalProperties: false - description: Response message for the RotateKey request - policy.kasregistry.RotatedResources: - type: object - properties: - rotatedOutKey: - title: rotated_out_key - description: The old key that was rotated out - $ref: '#/components/schemas/policy.KasKey' - attributeDefinitionMappings: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.ChangeMappings' - title: attribute_definition_mappings - attributeValueMappings: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.ChangeMappings' - title: attribute_value_mappings - namespaceMappings: - type: array - items: - $ref: '#/components/schemas/policy.kasregistry.ChangeMappings' - title: namespace_mappings - title: RotatedResources - additionalProperties: false - description: All resources that were rotated as part of the key rotation process - policy.kasregistry.SetBaseKeyRequest: - type: object - oneOf: - - properties: - id: - type: string - title: id - format: uuid - description: Current Key UUID tp be set as default - title: id - required: - - id - - properties: - key: - title: key - description: Alternative way to specify the key using KAS ID and Key ID - $ref: '#/components/schemas/policy.kasregistry.KasKeyIdentifier' - title: key - required: - - key - title: SetBaseKeyRequest - additionalProperties: false - description: |- - Sets the specified key as the base key for the Key Access Server - Note: The key must be active. - policy.kasregistry.SetBaseKeyResponse: - type: object - properties: - newBaseKey: - title: new_base_key - description: The key that was set as base - $ref: '#/components/schemas/policy.SimpleKasKey' - previousBaseKey: - title: previous_base_key - description: The previous base key, if any - $ref: '#/components/schemas/policy.SimpleKasKey' - title: SetBaseKeyResponse - additionalProperties: false - policy.kasregistry.UpdateKeyAccessServerRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - uri: - type: string - title: uri - description: |+ - Optional - Optional URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - size(this) == 0 || this.isUri() - ``` - - publicKey: - title: public_key - description: |- - Deprecated - Optional - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: |- - Optional - Using UNSPECIFIED will result in a successful update, - but will not actually update the underlying source. - You should not update KAS's from INTERNAL/EXTERNAL - to unspecified. - $ref: '#/components/schemas/policy.SourceType' - name: - type: string - title: name - maxLength: 253 - description: |+ - Optional - Registered KAS name must be an alphanumeric string, allowing hyphens, and underscores but not as the first or last character. The stored KAS name will be normalized to lower case.: - ``` - size(this) == 0 || this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateKeyAccessServerRequest - additionalProperties: false - policy.kasregistry.UpdateKeyAccessServerResponse: - type: object - properties: - keyAccessServer: - title: key_access_server - $ref: '#/components/schemas/policy.KeyAccessServer' - title: UpdateKeyAccessServerResponse - additionalProperties: false - policy.kasregistry.UpdateKeyRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required The unique identifier of the key to update - metadata: - title: metadata - description: |- - Optional - Common metadata Mutable metadata for the key - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - description: The behavior for updating the metadata - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateKeyRequest - additionalProperties: false - description: |+ - Update an existing asymmetric key in the Key Management System - Metadata update behavior must be either APPEND or REPLACE, when updating metadata.: - ``` - ((!has(this.metadata)) || (has(this.metadata) && this.metadata_update_behavior != 0)) - ``` - - policy.kasregistry.UpdateKeyResponse: - type: object - properties: - kasKey: - title: kas_key - description: The updated kas key - $ref: '#/components/schemas/policy.KasKey' - title: UpdateKeyResponse - additionalProperties: false - description: Response to an UpdateKeyRequest, containing the updated asymmetric key - policy.kasregistry.UpdatePublicKeyRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdatePublicKeyRequest - additionalProperties: false - policy.kasregistry.UpdatePublicKeyResponse: - type: object - properties: - key: - title: key - $ref: '#/components/schemas/policy.Key' - title: UpdatePublicKeyResponse - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: policy.kasregistry.KeyAccessServerRegistryService diff --git a/specs/policy/keymanagement/key_management.openapi.yaml b/specs/policy/keymanagement/key_management.openapi.yaml deleted file mode 100644 index e481df3b..00000000 --- a/specs/policy/keymanagement/key_management.openapi.yaml +++ /dev/null @@ -1,603 +0,0 @@ -openapi: 3.1.0 -info: - title: policy.keymanagement -paths: - /policy.keymanagement.KeyManagementService/CreateProviderConfig: - post: - tags: - - policy.keymanagement.KeyManagementService - summary: CreateProviderConfig - description: |- - Key Management - Provider Management - operationId: policy.keymanagement.KeyManagementService.CreateProviderConfig - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.keymanagement.CreateProviderConfigRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.keymanagement.CreateProviderConfigResponse' - /policy.keymanagement.KeyManagementService/GetProviderConfig: - post: - tags: - - policy.keymanagement.KeyManagementService - summary: GetProviderConfig - operationId: policy.keymanagement.KeyManagementService.GetProviderConfig - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.keymanagement.GetProviderConfigRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.keymanagement.GetProviderConfigResponse' - /policy.keymanagement.KeyManagementService/ListProviderConfigs: - post: - tags: - - policy.keymanagement.KeyManagementService - summary: ListProviderConfigs - operationId: policy.keymanagement.KeyManagementService.ListProviderConfigs - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.keymanagement.ListProviderConfigsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.keymanagement.ListProviderConfigsResponse' - /policy.keymanagement.KeyManagementService/UpdateProviderConfig: - post: - tags: - - policy.keymanagement.KeyManagementService - summary: UpdateProviderConfig - operationId: policy.keymanagement.KeyManagementService.UpdateProviderConfig - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.keymanagement.UpdateProviderConfigRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.keymanagement.UpdateProviderConfigResponse' - /policy.keymanagement.KeyManagementService/DeleteProviderConfig: - post: - tags: - - policy.keymanagement.KeyManagementService - summary: DeleteProviderConfig - operationId: policy.keymanagement.KeyManagementService.DeleteProviderConfig - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.keymanagement.DeleteProviderConfigRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.keymanagement.DeleteProviderConfigResponse' -components: - schemas: - common.MetadataUpdateEnum: - type: string - title: MetadataUpdateEnum - enum: - - METADATA_UPDATE_ENUM_UNSPECIFIED - - METADATA_UPDATE_ENUM_EXTEND - - METADATA_UPDATE_ENUM_REPLACE - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - common.MetadataMutable: - type: object - properties: - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional labels - title: MetadataMutable - additionalProperties: false - common.MetadataMutable.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.KeyProviderConfig: - type: object - properties: - id: - type: string - title: id - name: - type: string - title: name - configJson: - type: string - title: config_json - format: byte - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyProviderConfig - additionalProperties: false - policy.PageRequest: - type: object - properties: - limit: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - offset: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided - title: PageRequest - additionalProperties: false - policy.PageResponse: - type: object - properties: - currentOffset: - type: integer - title: current_offset - format: int32 - description: Requested pagination offset - nextOffset: - type: integer - title: next_offset - format: int32 - description: |- - Calculated with request limit + offset or defaults - Empty when none remain after current page - total: - type: integer - title: total - format: int32 - description: Total count of entire list - title: PageResponse - additionalProperties: false - policy.keymanagement.CreateProviderConfigRequest: - type: object - properties: - name: - type: string - title: name - description: |- - Required - The name of the key provider. (e.g. "AWS KMS", "Google Cloud KMS", "Azure Key Vault") - configJson: - type: string - title: config_json - format: byte - description: |- - Required - JSON configuration for the key provider. This is unique to individual key providers. - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateProviderConfigRequest - required: - - name - - configJson - additionalProperties: false - description: Provider Configuration Requests and Response Messages - policy.keymanagement.CreateProviderConfigResponse: - type: object - properties: - providerConfig: - title: provider_config - $ref: '#/components/schemas/policy.KeyProviderConfig' - title: CreateProviderConfigResponse - additionalProperties: false - policy.keymanagement.DeleteProviderConfigRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeleteProviderConfigRequest - additionalProperties: false - description: In order to delete a provider configuration you must first delete all keys associated with the provider. - policy.keymanagement.DeleteProviderConfigResponse: - type: object - properties: - providerConfig: - title: provider_config - $ref: '#/components/schemas/policy.KeyProviderConfig' - title: DeleteProviderConfigResponse - additionalProperties: false - policy.keymanagement.GetProviderConfigRequest: - type: object - oneOf: - - properties: - id: - type: string - title: id - format: uuid - title: id - required: - - id - - properties: - name: - type: string - title: name - minLength: 1 - title: name - required: - - name - title: GetProviderConfigRequest - additionalProperties: false - policy.keymanagement.GetProviderConfigResponse: - type: object - properties: - providerConfig: - title: provider_config - $ref: '#/components/schemas/policy.KeyProviderConfig' - title: GetProviderConfigResponse - additionalProperties: false - policy.keymanagement.ListProviderConfigsRequest: - type: object - properties: - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListProviderConfigsRequest - additionalProperties: false - policy.keymanagement.ListProviderConfigsResponse: - type: object - properties: - providerConfigs: - type: array - items: - $ref: '#/components/schemas/policy.KeyProviderConfig' - title: provider_configs - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListProviderConfigsResponse - additionalProperties: false - policy.keymanagement.UpdateProviderConfigRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - name: - type: string - title: name - description: Optional - configJson: - type: string - title: config_json - format: byte - description: Optional - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateProviderConfigRequest - additionalProperties: false - policy.keymanagement.UpdateProviderConfigResponse: - type: object - properties: - providerConfig: - title: provider_config - $ref: '#/components/schemas/policy.KeyProviderConfig' - title: UpdateProviderConfigResponse - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: policy.keymanagement.KeyManagementService diff --git a/specs/policy/namespaces/namespaces.openapi.yaml b/specs/policy/namespaces/namespaces.openapi.yaml deleted file mode 100644 index e5c3dfa3..00000000 --- a/specs/policy/namespaces/namespaces.openapi.yaml +++ /dev/null @@ -1,1072 +0,0 @@ -openapi: 3.1.0 -info: - title: policy.namespaces -paths: - /policy.namespaces.NamespaceService/GetNamespace: - post: - tags: - - policy.namespaces.NamespaceService - summary: GetNamespace - operationId: policy.namespaces.NamespaceService.GetNamespace - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.GetNamespaceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.GetNamespaceResponse' - /policy.namespaces.NamespaceService/ListNamespaces: - post: - tags: - - policy.namespaces.NamespaceService - summary: ListNamespaces - operationId: policy.namespaces.NamespaceService.ListNamespaces - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.ListNamespacesRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.ListNamespacesResponse' - /policy.namespaces.NamespaceService/CreateNamespace: - post: - tags: - - policy.namespaces.NamespaceService - summary: CreateNamespace - operationId: policy.namespaces.NamespaceService.CreateNamespace - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.CreateNamespaceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.CreateNamespaceResponse' - /policy.namespaces.NamespaceService/UpdateNamespace: - post: - tags: - - policy.namespaces.NamespaceService - summary: UpdateNamespace - operationId: policy.namespaces.NamespaceService.UpdateNamespace - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.UpdateNamespaceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.UpdateNamespaceResponse' - /policy.namespaces.NamespaceService/DeactivateNamespace: - post: - tags: - - policy.namespaces.NamespaceService - summary: DeactivateNamespace - operationId: policy.namespaces.NamespaceService.DeactivateNamespace - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.DeactivateNamespaceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.DeactivateNamespaceResponse' - /policy.namespaces.NamespaceService/AssignKeyAccessServerToNamespace: - post: - tags: - - policy.namespaces.NamespaceService - summary: AssignKeyAccessServerToNamespace - description: |- - --------------------------------------* - Namespace <> Key Access Server RPCs - --------------------------------------- - operationId: policy.namespaces.NamespaceService.AssignKeyAccessServerToNamespace - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.AssignKeyAccessServerToNamespaceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.AssignKeyAccessServerToNamespaceResponse' - deprecated: true - /policy.namespaces.NamespaceService/RemoveKeyAccessServerFromNamespace: - post: - tags: - - policy.namespaces.NamespaceService - summary: RemoveKeyAccessServerFromNamespace - operationId: policy.namespaces.NamespaceService.RemoveKeyAccessServerFromNamespace - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.RemoveKeyAccessServerFromNamespaceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.RemoveKeyAccessServerFromNamespaceResponse' - deprecated: true - /policy.namespaces.NamespaceService/AssignPublicKeyToNamespace: - post: - tags: - - policy.namespaces.NamespaceService - summary: AssignPublicKeyToNamespace - description: |- - --------------------------------------* - Namespace <> Key RPCs - --------------------------------------- - operationId: policy.namespaces.NamespaceService.AssignPublicKeyToNamespace - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.AssignPublicKeyToNamespaceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.AssignPublicKeyToNamespaceResponse' - /policy.namespaces.NamespaceService/RemovePublicKeyFromNamespace: - post: - tags: - - policy.namespaces.NamespaceService - summary: RemovePublicKeyFromNamespace - operationId: policy.namespaces.NamespaceService.RemovePublicKeyFromNamespace - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.RemovePublicKeyFromNamespaceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.namespaces.RemovePublicKeyFromNamespaceResponse' -components: - schemas: - common.ActiveStateEnum: - type: string - title: ActiveStateEnum - enum: - - ACTIVE_STATE_ENUM_UNSPECIFIED - - ACTIVE_STATE_ENUM_ACTIVE - - ACTIVE_STATE_ENUM_INACTIVE - - ACTIVE_STATE_ENUM_ANY - description: 'buflint ENUM_VALUE_PREFIX: to make sure that C++ scoping rules aren''t violated when users add new enum values to an enum in a given package' - common.MetadataUpdateEnum: - type: string - title: MetadataUpdateEnum - enum: - - METADATA_UPDATE_ENUM_UNSPECIFIED - - METADATA_UPDATE_ENUM_EXTEND - - METADATA_UPDATE_ENUM_REPLACE - policy.Algorithm: - type: string - title: Algorithm - enum: - - ALGORITHM_UNSPECIFIED - - ALGORITHM_RSA_2048 - - ALGORITHM_RSA_4096 - - ALGORITHM_EC_P256 - - ALGORITHM_EC_P384 - - ALGORITHM_EC_P521 - description: Supported key algorithms. - policy.KasPublicKeyAlgEnum: - type: string - title: KasPublicKeyAlgEnum - enum: - - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 - policy.SourceType: - type: string - title: SourceType - enum: - - SOURCE_TYPE_UNSPECIFIED - - SOURCE_TYPE_INTERNAL - - SOURCE_TYPE_EXTERNAL - description: |- - Describes whether this kas is managed by the organization or if they imported - the kas information from an external party. These two modes are necessary in order - to encrypt a tdf dek with an external parties kas public key. - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - common.MetadataMutable: - type: object - properties: - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional labels - title: MetadataMutable - additionalProperties: false - common.MetadataMutable.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.BoolValue: - type: boolean - description: |- - Wrapper message for `bool`. - - The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.KasPublicKey: - type: object - properties: - pem: - type: string - title: pem - maxLength: 8192 - minLength: 1 - description: x509 ASN.1 content in PEM envelope, usually - kid: - type: string - title: kid - maxLength: 32 - minLength: 1 - description: A unique string identifier for this key - alg: - not: - enum: - - 0 - title: alg - description: |- - A known algorithm type with any additional parameters encoded. - To start, these may be `rsa:2048` for encrypting ZTDF files and - `ec:secp256r1` for nanoTDF, but more formats may be added as needed. - $ref: '#/components/schemas/policy.KasPublicKeyAlgEnum' - title: KasPublicKey - additionalProperties: false - description: |- - Deprecated - A KAS public key and some associated metadata for further identifcation - policy.KasPublicKeySet: - type: object - properties: - keys: - type: array - items: - $ref: '#/components/schemas/policy.KasPublicKey' - title: keys - title: KasPublicKeySet - additionalProperties: false - description: |- - Deprecated - A list of known KAS public keys - policy.KeyAccessServer: - type: object - properties: - id: - type: string - title: id - uri: - type: string - title: uri - description: |+ - Address of a KAS instance - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$') - ``` - - publicKey: - title: public_key - description: Deprecated - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: 'The source of the KAS: (INTERNAL, EXTERNAL)' - $ref: '#/components/schemas/policy.SourceType' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Kas keys associated with this KAS - name: - type: string - title: name - description: |- - Optional - Unique name of the KAS instance - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyAccessServer - additionalProperties: false - description: Key Access Server Registry - policy.Namespace: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - name: - type: string - title: name - description: |- - used to partition Attribute Definitions, support by namespace AuthN and - enable federation - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the namespace. Use kas_keys instead. - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys for the namespace - title: Namespace - additionalProperties: false - policy.PageRequest: - type: object - properties: - limit: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - offset: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided - title: PageRequest - additionalProperties: false - policy.PageResponse: - type: object - properties: - currentOffset: - type: integer - title: current_offset - format: int32 - description: Requested pagination offset - nextOffset: - type: integer - title: next_offset - format: int32 - description: |- - Calculated with request limit + offset or defaults - Empty when none remain after current page - total: - type: integer - title: total - format: int32 - description: Total count of entire list - title: PageResponse - additionalProperties: false - policy.PublicKey: - type: object - oneOf: - - properties: - cached: - title: cached - description: public key with additional information. Current preferred version - $ref: '#/components/schemas/policy.KasPublicKeySet' - title: cached - required: - - cached - - properties: - remote: - type: string - title: remote - description: |+ - kas public key url - optional since can also be retrieved via public key - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$') - ``` - - title: remote - required: - - remote - title: PublicKey - additionalProperties: false - description: Deprecated - policy.SimpleKasKey: - type: object - properties: - kasUri: - type: string - title: kas_uri - description: The URL of the Key Access Server - publicKey: - title: public_key - description: The public key of the Key that belongs to the KAS - $ref: '#/components/schemas/policy.SimpleKasPublicKey' - kasId: - type: string - title: kas_id - description: The ID of the Key Access Server - title: SimpleKasKey - additionalProperties: false - policy.SimpleKasPublicKey: - type: object - properties: - algorithm: - title: algorithm - $ref: '#/components/schemas/policy.Algorithm' - kid: - type: string - title: kid - pem: - type: string - title: pem - title: SimpleKasPublicKey - additionalProperties: false - policy.namespaces.AssignKeyAccessServerToNamespaceRequest: - type: object - properties: - namespaceKeyAccessServer: - title: namespace_key_access_server - $ref: '#/components/schemas/policy.namespaces.NamespaceKeyAccessServer' - title: AssignKeyAccessServerToNamespaceRequest - additionalProperties: false - policy.namespaces.AssignKeyAccessServerToNamespaceResponse: - type: object - properties: - namespaceKeyAccessServer: - title: namespace_key_access_server - $ref: '#/components/schemas/policy.namespaces.NamespaceKeyAccessServer' - title: AssignKeyAccessServerToNamespaceResponse - additionalProperties: false - policy.namespaces.AssignPublicKeyToNamespaceRequest: - type: object - properties: - namespaceKey: - title: namespace_key - $ref: '#/components/schemas/policy.namespaces.NamespaceKey' - title: AssignPublicKeyToNamespaceRequest - required: - - namespaceKey - additionalProperties: false - description: Assign Key to Namespace - policy.namespaces.AssignPublicKeyToNamespaceResponse: - type: object - properties: - namespaceKey: - title: namespace_key - $ref: '#/components/schemas/policy.namespaces.NamespaceKey' - title: AssignPublicKeyToNamespaceResponse - additionalProperties: false - policy.namespaces.CreateNamespaceRequest: - type: object - properties: - name: - type: string - title: name - maxLength: 253 - description: |+ - Required - Namespace must be a valid hostname. It should include at least one dot, with each segment (label) starting and ending with an alphanumeric character. Each label must be 1 to 63 characters long, allowing hyphens but not as the first or last character. The top-level domain (the last segment after the final dot) must consist of at least two alphabetic characters. The stored namespace will be normalized to lower case.: - ``` - this.matches('^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,}$') - ``` - - metadata: - title: metadata - description: Optional - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateNamespaceRequest - required: - - name - additionalProperties: false - policy.namespaces.CreateNamespaceResponse: - type: object - properties: - namespace: - title: namespace - $ref: '#/components/schemas/policy.Namespace' - title: CreateNamespaceResponse - additionalProperties: false - policy.namespaces.DeactivateNamespaceRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeactivateNamespaceRequest - additionalProperties: false - policy.namespaces.DeactivateNamespaceResponse: - type: object - title: DeactivateNamespaceResponse - additionalProperties: false - policy.namespaces.GetNamespaceRequest: - type: object - oneOf: - - properties: - fqn: - type: string - title: fqn - minLength: 1 - format: uri - title: fqn - required: - - fqn - - properties: - namespaceId: - type: string - title: namespace_id - format: uuid - description: 'option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field' - title: namespace_id - required: - - namespaceId - properties: - id: - type: string - title: id - format: uuid - description: Deprecated - deprecated: true - title: GetNamespaceRequest - additionalProperties: false - description: |+ - Either use deprecated 'id' field or one of 'namespace_id' or 'fqn', but not both: - ``` - !(has(this.id) && (has(this.namespace_id) || has(this.fqn))) - ``` - - Either id or one of namespace_id or fqn must be set: - ``` - has(this.id) || has(this.namespace_id) || has(this.fqn) - ``` - - policy.namespaces.GetNamespaceResponse: - type: object - properties: - namespace: - title: namespace - $ref: '#/components/schemas/policy.Namespace' - title: GetNamespaceResponse - additionalProperties: false - policy.namespaces.ListNamespacesRequest: - type: object - properties: - state: - title: state - description: |- - Optional - ACTIVE by default when not specified - $ref: '#/components/schemas/common.ActiveStateEnum' - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListNamespacesRequest - additionalProperties: false - policy.namespaces.ListNamespacesResponse: - type: object - properties: - namespaces: - type: array - items: - $ref: '#/components/schemas/policy.Namespace' - title: namespaces - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListNamespacesResponse - additionalProperties: false - policy.namespaces.NamespaceKey: - type: object - properties: - namespaceId: - type: string - title: namespace_id - format: uuid - description: Required - keyId: - type: string - title: key_id - format: uuid - description: Required (The id from the Asymmetric Key object) - title: NamespaceKey - required: - - namespaceId - - keyId - additionalProperties: false - policy.namespaces.NamespaceKeyAccessServer: - type: object - properties: - namespaceId: - type: string - title: namespace_id - format: uuid - description: Required - keyAccessServerId: - type: string - title: key_access_server_id - format: uuid - description: Required - title: NamespaceKeyAccessServer - additionalProperties: false - description: Deprecated - policy.namespaces.RemoveKeyAccessServerFromNamespaceRequest: - type: object - properties: - namespaceKeyAccessServer: - title: namespace_key_access_server - $ref: '#/components/schemas/policy.namespaces.NamespaceKeyAccessServer' - title: RemoveKeyAccessServerFromNamespaceRequest - additionalProperties: false - policy.namespaces.RemoveKeyAccessServerFromNamespaceResponse: - type: object - properties: - namespaceKeyAccessServer: - title: namespace_key_access_server - $ref: '#/components/schemas/policy.namespaces.NamespaceKeyAccessServer' - title: RemoveKeyAccessServerFromNamespaceResponse - additionalProperties: false - policy.namespaces.RemovePublicKeyFromNamespaceRequest: - type: object - properties: - namespaceKey: - title: namespace_key - $ref: '#/components/schemas/policy.namespaces.NamespaceKey' - title: RemovePublicKeyFromNamespaceRequest - required: - - namespaceKey - additionalProperties: false - policy.namespaces.RemovePublicKeyFromNamespaceResponse: - type: object - properties: - namespaceKey: - title: namespace_key - $ref: '#/components/schemas/policy.namespaces.NamespaceKey' - title: RemovePublicKeyFromNamespaceResponse - additionalProperties: false - policy.namespaces.UpdateNamespaceRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - metadata: - title: metadata - description: Optional - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateNamespaceRequest - additionalProperties: false - policy.namespaces.UpdateNamespaceResponse: - type: object - properties: - namespace: - title: namespace - $ref: '#/components/schemas/policy.Namespace' - title: UpdateNamespaceResponse - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: policy.namespaces.NamespaceService diff --git a/specs/policy/objects.openapi.yaml b/specs/policy/objects.openapi.yaml deleted file mode 100644 index e0bc4d1c..00000000 --- a/specs/policy/objects.openapi.yaml +++ /dev/null @@ -1,1010 +0,0 @@ -openapi: 3.1.0 -info: - title: policy -paths: {} -components: - schemas: - policy.Action.StandardAction: - type: string - title: StandardAction - enum: - - STANDARD_ACTION_UNSPECIFIED - - STANDARD_ACTION_DECRYPT - - STANDARD_ACTION_TRANSMIT - policy.Algorithm: - type: string - title: Algorithm - enum: - - ALGORITHM_UNSPECIFIED - - ALGORITHM_RSA_2048 - - ALGORITHM_RSA_4096 - - ALGORITHM_EC_P256 - - ALGORITHM_EC_P384 - - ALGORITHM_EC_P521 - description: Supported key algorithms. - policy.AttributeRuleTypeEnum: - type: string - title: AttributeRuleTypeEnum - enum: - - ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED - - ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF - - ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF - - ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY - policy.ConditionBooleanTypeEnum: - type: string - title: ConditionBooleanTypeEnum - enum: - - CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED - - CONDITION_BOOLEAN_TYPE_ENUM_AND - - CONDITION_BOOLEAN_TYPE_ENUM_OR - policy.KasPublicKeyAlgEnum: - type: string - title: KasPublicKeyAlgEnum - enum: - - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 - policy.KeyMode: - type: string - title: KeyMode - enum: - - KEY_MODE_UNSPECIFIED - - KEY_MODE_CONFIG_ROOT_KEY - - KEY_MODE_PROVIDER_ROOT_KEY - - KEY_MODE_REMOTE - - KEY_MODE_PUBLIC_KEY_ONLY - description: Describes the management and operational mode of a cryptographic key. - policy.KeyStatus: - type: string - title: KeyStatus - enum: - - KEY_STATUS_UNSPECIFIED - - KEY_STATUS_ACTIVE - - KEY_STATUS_ROTATED - description: The status of the key - policy.SourceType: - type: string - title: SourceType - enum: - - SOURCE_TYPE_UNSPECIFIED - - SOURCE_TYPE_INTERNAL - - SOURCE_TYPE_EXTERNAL - description: |- - Describes whether this kas is managed by the organization or if they imported - the kas information from an external party. These two modes are necessary in order - to encrypt a tdf dek with an external parties kas public key. - policy.SubjectMappingOperatorEnum: - type: string - title: SubjectMappingOperatorEnum - enum: - - SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED - - SUBJECT_MAPPING_OPERATOR_ENUM_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.BoolValue: - type: boolean - description: |- - Wrapper message for `bool`. - - The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.Action: - type: object - oneOf: - - properties: - custom: - type: string - title: custom - description: Deprecated - title: custom - required: - - custom - - properties: - standard: - title: standard - description: Deprecated - $ref: '#/components/schemas/policy.Action.StandardAction' - title: standard - required: - - standard - properties: - id: - type: string - title: id - description: Generated uuid in database - name: - type: string - title: name - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Action - additionalProperties: false - description: An action an entity can take - policy.AsymmetricKey: - type: object - properties: - id: - type: string - title: id - description: Required - keyId: - type: string - title: key_id - description: Required - keyAlgorithm: - title: key_algorithm - description: Required - $ref: '#/components/schemas/policy.Algorithm' - keyStatus: - title: key_status - description: Required - $ref: '#/components/schemas/policy.KeyStatus' - keyMode: - title: key_mode - description: Required Specifies how the key is managed (local or remote) - $ref: '#/components/schemas/policy.KeyMode' - publicKeyCtx: - title: public_key_ctx - description: Required Specific structure based on key provider implementation - $ref: '#/components/schemas/policy.PublicKeyCtx' - privateKeyCtx: - title: private_key_ctx - description: Optional Specific structure based on key provider implementation - $ref: '#/components/schemas/policy.PrivateKeyCtx' - providerConfig: - title: provider_config - description: Optional Configuration for the key provider - $ref: '#/components/schemas/policy.KeyProviderConfig' - legacy: - type: boolean - title: legacy - description: Optional Indicates a key may be found in TDFs without key identifiers - metadata: - title: metadata - description: Common metadata fields - $ref: '#/components/schemas/common.Metadata' - title: AsymmetricKey - additionalProperties: false - policy.Attribute: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - description: namespace of the attribute - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - description: attribute name - rule: - title: rule - description: attribute rule enum - $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' - values: - type: array - items: - $ref: '#/components/schemas/policy.Value' - title: values - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the attribute. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys associated with the attribute - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Attribute - required: - - rule - additionalProperties: false - policy.Condition: - type: object - properties: - subjectExternalSelectorValue: - type: string - title: subject_external_selector_value - description: |- - a selector for a field value on a flattened Entity Representation (such as - from idP/LDAP) - operator: - title: operator - description: the evaluation operator of relation - $ref: '#/components/schemas/policy.SubjectMappingOperatorEnum' - subjectExternalValues: - type: array - items: - type: string - minItems: 1 - title: subject_external_values - minItems: 1 - description: |- - list of comparison values for the result of applying the - subject_external_selector_value on a flattened Entity Representation - (Subject), evaluated by the operator - title: Condition - required: - - subjectExternalSelectorValue - - operator - additionalProperties: false - description: |- - * - A Condition defines a rule of - policy.ConditionGroup: - type: object - properties: - conditions: - type: array - items: - $ref: '#/components/schemas/policy.Condition' - title: conditions - minItems: 1 - booleanOperator: - title: boolean_operator - description: the boolean evaluation type across the conditions - $ref: '#/components/schemas/policy.ConditionBooleanTypeEnum' - title: ConditionGroup - required: - - booleanOperator - additionalProperties: false - description: A collection of Conditions evaluated by the boolean_operator provided - policy.KasKey: - type: object - properties: - kasId: - type: string - title: kas_id - key: - title: key - $ref: '#/components/schemas/policy.AsymmetricKey' - kasUri: - type: string - title: kas_uri - title: KasKey - additionalProperties: false - policy.KasPublicKey: - type: object - properties: - pem: - type: string - title: pem - maxLength: 8192 - minLength: 1 - description: x509 ASN.1 content in PEM envelope, usually - kid: - type: string - title: kid - maxLength: 32 - minLength: 1 - description: A unique string identifier for this key - alg: - not: - enum: - - 0 - title: alg - description: |- - A known algorithm type with any additional parameters encoded. - To start, these may be `rsa:2048` for encrypting ZTDF files and - `ec:secp256r1` for nanoTDF, but more formats may be added as needed. - $ref: '#/components/schemas/policy.KasPublicKeyAlgEnum' - title: KasPublicKey - additionalProperties: false - description: |- - Deprecated - A KAS public key and some associated metadata for further identifcation - policy.KasPublicKeySet: - type: object - properties: - keys: - type: array - items: - $ref: '#/components/schemas/policy.KasPublicKey' - title: keys - title: KasPublicKeySet - additionalProperties: false - description: |- - Deprecated - A list of known KAS public keys - policy.Key: - type: object - properties: - id: - type: string - title: id - description: the database record ID, not the key ID (`kid`) - isActive: - title: is_active - $ref: '#/components/schemas/google.protobuf.BoolValue' - wasMapped: - title: was_mapped - $ref: '#/components/schemas/google.protobuf.BoolValue' - publicKey: - title: public_key - $ref: '#/components/schemas/policy.KasPublicKey' - kas: - title: kas - $ref: '#/components/schemas/policy.KeyAccessServer' - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Key - additionalProperties: false - policy.KeyAccessServer: - type: object - properties: - id: - type: string - title: id - uri: - type: string - title: uri - description: |+ - Address of a KAS instance - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$') - ``` - - publicKey: - title: public_key - description: Deprecated - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: 'The source of the KAS: (INTERNAL, EXTERNAL)' - $ref: '#/components/schemas/policy.SourceType' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Kas keys associated with this KAS - name: - type: string - title: name - description: |- - Optional - Unique name of the KAS instance - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyAccessServer - additionalProperties: false - description: Key Access Server Registry - policy.KeyProviderConfig: - type: object - properties: - id: - type: string - title: id - name: - type: string - title: name - configJson: - type: string - title: config_json - format: byte - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyProviderConfig - additionalProperties: false - policy.Namespace: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - name: - type: string - title: name - description: |- - used to partition Attribute Definitions, support by namespace AuthN and - enable federation - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the namespace. Use kas_keys instead. - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys for the namespace - title: Namespace - additionalProperties: false - policy.Obligation: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - values: - type: array - items: - $ref: '#/components/schemas/policy.ObligationValue' - title: values - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Obligation - additionalProperties: false - policy.ObligationTrigger: - type: object - properties: - id: - type: string - title: id - obligationValue: - title: obligation_value - $ref: '#/components/schemas/policy.ObligationValue' - action: - title: action - $ref: '#/components/schemas/policy.Action' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: ObligationTrigger - additionalProperties: false - policy.ObligationValue: - type: object - properties: - id: - type: string - title: id - obligation: - title: obligation - $ref: '#/components/schemas/policy.Obligation' - value: - type: string - title: value - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: ObligationValue - additionalProperties: false - policy.PrivateKeyCtx: - type: object - properties: - keyId: - type: string - title: key_id - minLength: 1 - description: Required Key ID for the symmetric key wrapping this key. - wrappedKey: - type: string - title: wrapped_key - description: Optional Base64 encoded wrapped key. Conditionally required if key_mode is LOCAL. Should not be present if key_mode is REMOTE. - title: PrivateKeyCtx - additionalProperties: false - policy.PublicKey: - type: object - oneOf: - - properties: - cached: - title: cached - description: public key with additional information. Current preferred version - $ref: '#/components/schemas/policy.KasPublicKeySet' - title: cached - required: - - cached - - properties: - remote: - type: string - title: remote - description: |+ - kas public key url - optional since can also be retrieved via public key - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$') - ``` - - title: remote - required: - - remote - title: PublicKey - additionalProperties: false - description: Deprecated - policy.PublicKeyCtx: - type: object - properties: - pem: - type: string - title: pem - minLength: 1 - description: Required Base64 encoded public key in PEM format - title: PublicKeyCtx - additionalProperties: false - policy.RegisteredResource: - type: object - properties: - id: - type: string - title: id - name: - type: string - title: name - values: - type: array - items: - $ref: '#/components/schemas/policy.RegisteredResourceValue' - title: values - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: RegisteredResource - additionalProperties: false - policy.RegisteredResourceValue: - type: object - properties: - id: - type: string - title: id - value: - type: string - title: value - resource: - title: resource - $ref: '#/components/schemas/policy.RegisteredResource' - actionAttributeValues: - type: array - items: - $ref: '#/components/schemas/policy.RegisteredResourceValue.ActionAttributeValue' - title: action_attribute_values - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: RegisteredResourceValue - additionalProperties: false - policy.RegisteredResourceValue.ActionAttributeValue: - type: object - properties: - id: - type: string - title: id - action: - title: action - $ref: '#/components/schemas/policy.Action' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: ActionAttributeValue - additionalProperties: false - policy.ResourceMapping: - type: object - properties: - id: - type: string - title: id - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - terms: - type: array - items: - type: string - title: terms - group: - title: group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: ResourceMapping - required: - - attributeValue - additionalProperties: false - description: |- - Resource Mappings (aka Access Control Resource Encodings aka ACRE) are - structures supporting the mapping of Resources and Attribute Values - policy.ResourceMappingGroup: - type: object - properties: - id: - type: string - title: id - namespaceId: - type: string - title: namespace_id - description: the namespace containing the group of resource mappings - name: - type: string - title: name - description: |- - the common name for the group of resource mappings, which must be unique - per namespace - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: ResourceMappingGroup - required: - - namespaceId - - name - additionalProperties: false - description: |- - Resource Mapping Groups are namespaced collections of Resource Mappings - associated under a common group name. - policy.SimpleKasKey: - type: object - properties: - kasUri: - type: string - title: kas_uri - description: The URL of the Key Access Server - publicKey: - title: public_key - description: The public key of the Key that belongs to the KAS - $ref: '#/components/schemas/policy.SimpleKasPublicKey' - kasId: - type: string - title: kas_id - description: The ID of the Key Access Server - title: SimpleKasKey - additionalProperties: false - policy.SimpleKasPublicKey: - type: object - properties: - algorithm: - title: algorithm - $ref: '#/components/schemas/policy.Algorithm' - kid: - type: string - title: kid - pem: - type: string - title: pem - title: SimpleKasPublicKey - additionalProperties: false - policy.SubjectConditionSet: - type: object - properties: - id: - type: string - title: id - subjectSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectSet' - title: subject_sets - minItems: 1 - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectConditionSet - additionalProperties: false - description: |- - A container for multiple Subject Sets, each containing Condition Groups, each - containing Conditions. Multiple Subject Sets in a SubjectConditionSet are - evaluated with AND logic. As each Subject Mapping has only one Attribute - Value, the SubjectConditionSet is reusable across multiple Subject Mappings / - Attribute Values and is an independent unit. - policy.SubjectMapping: - type: object - properties: - id: - type: string - title: id - attributeValue: - title: attribute_value - description: 'the Attribute Value mapped to; aka: "The Entity Entitlement Attribute"' - $ref: '#/components/schemas/policy.Value' - subjectConditionSet: - title: subject_condition_set - description: the reusable SubjectConditionSet mapped to the given Attribute Value - $ref: '#/components/schemas/policy.SubjectConditionSet' - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - description: The actions permitted by subjects in this mapping - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectMapping - additionalProperties: false - description: |- - Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute - value + action(s) combination - policy.SubjectProperty: - type: object - properties: - externalSelectorValue: - type: string - title: external_selector_value - minLength: 1 - externalValue: - type: string - title: external_value - title: SubjectProperty - required: - - externalSelectorValue - additionalProperties: false - description: |- - A property of a Subject/Entity as its selector expression -> value result - pair. This would mirror external user attributes retrieved from an - authoritative source such as an IDP (Identity Provider) or User Store. - Examples include such ADFS/LDAP, OKTA, etc. For now, a valid property must - contain both a selector expression & a resulting value. - - The external_selector_value is a specifier to select a value from a flattened - external representation of an Entity (such as from idP/LDAP), and the - external_value is the value selected by the external_selector_value on that - Entity Representation (Subject Context). These mirror the Condition. - policy.SubjectSet: - type: object - properties: - conditionGroups: - type: array - items: - $ref: '#/components/schemas/policy.ConditionGroup' - title: condition_groups - minItems: 1 - description: multiple Condition Groups are evaluated with AND logic - title: SubjectSet - additionalProperties: false - description: A collection of Condition Groups - policy.SymmetricKey: - type: object - properties: - id: - type: string - title: id - keyId: - type: string - title: key_id - keyStatus: - title: key_status - $ref: '#/components/schemas/policy.KeyStatus' - keyMode: - title: key_mode - description: Specifies how the key is managed (local or remote) - $ref: '#/components/schemas/policy.KeyMode' - keyCtx: - type: string - title: key_ctx - format: byte - description: Specific structure based on key provider implementation - providerConfig: - title: provider_config - description: Configuration for the key provider - $ref: '#/components/schemas/policy.KeyProviderConfig' - metadata: - title: metadata - description: Common metadata fields - $ref: '#/components/schemas/common.Metadata' - title: SymmetricKey - additionalProperties: false - policy.Value: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - value: - type: string - title: value - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the value. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - subjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: subject_mappings - description: subject mapping - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - resourceMappings: - type: array - items: - $ref: '#/components/schemas/policy.ResourceMapping' - title: resource_mappings - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Value - additionalProperties: false -security: [] diff --git a/specs/policy/obligations/obligations.openapi.yaml b/specs/policy/obligations/obligations.openapi.yaml deleted file mode 100644 index 46256da0..00000000 --- a/specs/policy/obligations/obligations.openapi.yaml +++ /dev/null @@ -1,1729 +0,0 @@ -openapi: 3.1.0 -info: - title: policy.obligations -paths: - /policy.obligations.Service/ListObligations: - post: - tags: - - policy.obligations.Service - summary: ListObligations - operationId: policy.obligations.Service.ListObligations - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.ListObligationsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.ListObligationsResponse' - /policy.obligations.Service/GetObligation: - post: - tags: - - policy.obligations.Service - summary: GetObligation - operationId: policy.obligations.Service.GetObligation - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.GetObligationRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.GetObligationResponse' - /policy.obligations.Service/GetObligationsByFQNs: - post: - tags: - - policy.obligations.Service - summary: GetObligationsByFQNs - operationId: policy.obligations.Service.GetObligationsByFQNs - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.GetObligationsByFQNsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.GetObligationsByFQNsResponse' - /policy.obligations.Service/CreateObligation: - post: - tags: - - policy.obligations.Service - summary: CreateObligation - operationId: policy.obligations.Service.CreateObligation - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.CreateObligationRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.CreateObligationResponse' - /policy.obligations.Service/UpdateObligation: - post: - tags: - - policy.obligations.Service - summary: UpdateObligation - operationId: policy.obligations.Service.UpdateObligation - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.UpdateObligationRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.UpdateObligationResponse' - /policy.obligations.Service/DeleteObligation: - post: - tags: - - policy.obligations.Service - summary: DeleteObligation - operationId: policy.obligations.Service.DeleteObligation - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.DeleteObligationRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.DeleteObligationResponse' - /policy.obligations.Service/GetObligationValue: - post: - tags: - - policy.obligations.Service - summary: GetObligationValue - operationId: policy.obligations.Service.GetObligationValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.GetObligationValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.GetObligationValueResponse' - /policy.obligations.Service/GetObligationValuesByFQNs: - post: - tags: - - policy.obligations.Service - summary: GetObligationValuesByFQNs - operationId: policy.obligations.Service.GetObligationValuesByFQNs - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.GetObligationValuesByFQNsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.GetObligationValuesByFQNsResponse' - /policy.obligations.Service/CreateObligationValue: - post: - tags: - - policy.obligations.Service - summary: CreateObligationValue - operationId: policy.obligations.Service.CreateObligationValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.CreateObligationValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.CreateObligationValueResponse' - /policy.obligations.Service/UpdateObligationValue: - post: - tags: - - policy.obligations.Service - summary: UpdateObligationValue - operationId: policy.obligations.Service.UpdateObligationValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.UpdateObligationValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.UpdateObligationValueResponse' - /policy.obligations.Service/DeleteObligationValue: - post: - tags: - - policy.obligations.Service - summary: DeleteObligationValue - operationId: policy.obligations.Service.DeleteObligationValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.DeleteObligationValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.DeleteObligationValueResponse' - /policy.obligations.Service/AddObligationTrigger: - post: - tags: - - policy.obligations.Service - summary: AddObligationTrigger - operationId: policy.obligations.Service.AddObligationTrigger - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.AddObligationTriggerRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.AddObligationTriggerResponse' - /policy.obligations.Service/RemoveObligationTrigger: - post: - tags: - - policy.obligations.Service - summary: RemoveObligationTrigger - operationId: policy.obligations.Service.RemoveObligationTrigger - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.RemoveObligationTriggerRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.obligations.RemoveObligationTriggerResponse' -components: - schemas: - common.MetadataUpdateEnum: - type: string - title: MetadataUpdateEnum - enum: - - METADATA_UPDATE_ENUM_UNSPECIFIED - - METADATA_UPDATE_ENUM_EXTEND - - METADATA_UPDATE_ENUM_REPLACE - policy.Action.StandardAction: - type: string - title: StandardAction - enum: - - STANDARD_ACTION_UNSPECIFIED - - STANDARD_ACTION_DECRYPT - - STANDARD_ACTION_TRANSMIT - policy.Algorithm: - type: string - title: Algorithm - enum: - - ALGORITHM_UNSPECIFIED - - ALGORITHM_RSA_2048 - - ALGORITHM_RSA_4096 - - ALGORITHM_EC_P256 - - ALGORITHM_EC_P384 - - ALGORITHM_EC_P521 - description: Supported key algorithms. - policy.AttributeRuleTypeEnum: - type: string - title: AttributeRuleTypeEnum - enum: - - ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED - - ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF - - ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF - - ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY - policy.ConditionBooleanTypeEnum: - type: string - title: ConditionBooleanTypeEnum - enum: - - CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED - - CONDITION_BOOLEAN_TYPE_ENUM_AND - - CONDITION_BOOLEAN_TYPE_ENUM_OR - policy.KasPublicKeyAlgEnum: - type: string - title: KasPublicKeyAlgEnum - enum: - - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 - policy.SourceType: - type: string - title: SourceType - enum: - - SOURCE_TYPE_UNSPECIFIED - - SOURCE_TYPE_INTERNAL - - SOURCE_TYPE_EXTERNAL - description: |- - Describes whether this kas is managed by the organization or if they imported - the kas information from an external party. These two modes are necessary in order - to encrypt a tdf dek with an external parties kas public key. - policy.SubjectMappingOperatorEnum: - type: string - title: SubjectMappingOperatorEnum - enum: - - SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED - - SUBJECT_MAPPING_OPERATOR_ENUM_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - common.MetadataMutable: - type: object - properties: - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional labels - title: MetadataMutable - additionalProperties: false - common.MetadataMutable.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.BoolValue: - type: boolean - description: |- - Wrapper message for `bool`. - - The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.Action: - type: object - oneOf: - - properties: - custom: - type: string - title: custom - description: Deprecated - title: custom - required: - - custom - - properties: - standard: - title: standard - description: Deprecated - $ref: '#/components/schemas/policy.Action.StandardAction' - title: standard - required: - - standard - properties: - id: - type: string - title: id - description: Generated uuid in database - name: - type: string - title: name - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Action - additionalProperties: false - description: An action an entity can take - policy.Attribute: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - description: namespace of the attribute - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - description: attribute name - rule: - title: rule - description: attribute rule enum - $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' - values: - type: array - items: - $ref: '#/components/schemas/policy.Value' - title: values - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the attribute. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys associated with the attribute - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Attribute - required: - - rule - additionalProperties: false - policy.Condition: - type: object - properties: - subjectExternalSelectorValue: - type: string - title: subject_external_selector_value - description: |- - a selector for a field value on a flattened Entity Representation (such as - from idP/LDAP) - operator: - title: operator - description: the evaluation operator of relation - $ref: '#/components/schemas/policy.SubjectMappingOperatorEnum' - subjectExternalValues: - type: array - items: - type: string - minItems: 1 - title: subject_external_values - minItems: 1 - description: |- - list of comparison values for the result of applying the - subject_external_selector_value on a flattened Entity Representation - (Subject), evaluated by the operator - title: Condition - required: - - subjectExternalSelectorValue - - operator - additionalProperties: false - description: |- - * - A Condition defines a rule of - policy.ConditionGroup: - type: object - properties: - conditions: - type: array - items: - $ref: '#/components/schemas/policy.Condition' - title: conditions - minItems: 1 - booleanOperator: - title: boolean_operator - description: the boolean evaluation type across the conditions - $ref: '#/components/schemas/policy.ConditionBooleanTypeEnum' - title: ConditionGroup - required: - - booleanOperator - additionalProperties: false - description: A collection of Conditions evaluated by the boolean_operator provided - policy.KasPublicKey: - type: object - properties: - pem: - type: string - title: pem - maxLength: 8192 - minLength: 1 - description: x509 ASN.1 content in PEM envelope, usually - kid: - type: string - title: kid - maxLength: 32 - minLength: 1 - description: A unique string identifier for this key - alg: - not: - enum: - - 0 - title: alg - description: |- - A known algorithm type with any additional parameters encoded. - To start, these may be `rsa:2048` for encrypting ZTDF files and - `ec:secp256r1` for nanoTDF, but more formats may be added as needed. - $ref: '#/components/schemas/policy.KasPublicKeyAlgEnum' - title: KasPublicKey - additionalProperties: false - description: |- - Deprecated - A KAS public key and some associated metadata for further identifcation - policy.KasPublicKeySet: - type: object - properties: - keys: - type: array - items: - $ref: '#/components/schemas/policy.KasPublicKey' - title: keys - title: KasPublicKeySet - additionalProperties: false - description: |- - Deprecated - A list of known KAS public keys - policy.KeyAccessServer: - type: object - properties: - id: - type: string - title: id - uri: - type: string - title: uri - description: |+ - Address of a KAS instance - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$') - ``` - - publicKey: - title: public_key - description: Deprecated - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: 'The source of the KAS: (INTERNAL, EXTERNAL)' - $ref: '#/components/schemas/policy.SourceType' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Kas keys associated with this KAS - name: - type: string - title: name - description: |- - Optional - Unique name of the KAS instance - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyAccessServer - additionalProperties: false - description: Key Access Server Registry - policy.Namespace: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - name: - type: string - title: name - description: |- - used to partition Attribute Definitions, support by namespace AuthN and - enable federation - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the namespace. Use kas_keys instead. - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys for the namespace - title: Namespace - additionalProperties: false - policy.Obligation: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - values: - type: array - items: - $ref: '#/components/schemas/policy.ObligationValue' - title: values - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Obligation - additionalProperties: false - policy.ObligationTrigger: - type: object - properties: - id: - type: string - title: id - obligationValue: - title: obligation_value - $ref: '#/components/schemas/policy.ObligationValue' - action: - title: action - $ref: '#/components/schemas/policy.Action' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: ObligationTrigger - additionalProperties: false - policy.ObligationValue: - type: object - properties: - id: - type: string - title: id - obligation: - title: obligation - $ref: '#/components/schemas/policy.Obligation' - value: - type: string - title: value - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: ObligationValue - additionalProperties: false - policy.PageRequest: - type: object - properties: - limit: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - offset: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided - title: PageRequest - additionalProperties: false - policy.PageResponse: - type: object - properties: - currentOffset: - type: integer - title: current_offset - format: int32 - description: Requested pagination offset - nextOffset: - type: integer - title: next_offset - format: int32 - description: |- - Calculated with request limit + offset or defaults - Empty when none remain after current page - total: - type: integer - title: total - format: int32 - description: Total count of entire list - title: PageResponse - additionalProperties: false - policy.PublicKey: - type: object - oneOf: - - properties: - cached: - title: cached - description: public key with additional information. Current preferred version - $ref: '#/components/schemas/policy.KasPublicKeySet' - title: cached - required: - - cached - - properties: - remote: - type: string - title: remote - description: |+ - kas public key url - optional since can also be retrieved via public key - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$') - ``` - - title: remote - required: - - remote - title: PublicKey - additionalProperties: false - description: Deprecated - policy.ResourceMapping: - type: object - properties: - id: - type: string - title: id - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - terms: - type: array - items: - type: string - title: terms - group: - title: group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: ResourceMapping - required: - - attributeValue - additionalProperties: false - description: |- - Resource Mappings (aka Access Control Resource Encodings aka ACRE) are - structures supporting the mapping of Resources and Attribute Values - policy.ResourceMappingGroup: - type: object - properties: - id: - type: string - title: id - namespaceId: - type: string - title: namespace_id - description: the namespace containing the group of resource mappings - name: - type: string - title: name - description: |- - the common name for the group of resource mappings, which must be unique - per namespace - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: ResourceMappingGroup - required: - - namespaceId - - name - additionalProperties: false - description: |- - Resource Mapping Groups are namespaced collections of Resource Mappings - associated under a common group name. - policy.SimpleKasKey: - type: object - properties: - kasUri: - type: string - title: kas_uri - description: The URL of the Key Access Server - publicKey: - title: public_key - description: The public key of the Key that belongs to the KAS - $ref: '#/components/schemas/policy.SimpleKasPublicKey' - kasId: - type: string - title: kas_id - description: The ID of the Key Access Server - title: SimpleKasKey - additionalProperties: false - policy.SimpleKasPublicKey: - type: object - properties: - algorithm: - title: algorithm - $ref: '#/components/schemas/policy.Algorithm' - kid: - type: string - title: kid - pem: - type: string - title: pem - title: SimpleKasPublicKey - additionalProperties: false - policy.SubjectConditionSet: - type: object - properties: - id: - type: string - title: id - subjectSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectSet' - title: subject_sets - minItems: 1 - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectConditionSet - additionalProperties: false - description: |- - A container for multiple Subject Sets, each containing Condition Groups, each - containing Conditions. Multiple Subject Sets in a SubjectConditionSet are - evaluated with AND logic. As each Subject Mapping has only one Attribute - Value, the SubjectConditionSet is reusable across multiple Subject Mappings / - Attribute Values and is an independent unit. - policy.SubjectMapping: - type: object - properties: - id: - type: string - title: id - attributeValue: - title: attribute_value - description: 'the Attribute Value mapped to; aka: "The Entity Entitlement Attribute"' - $ref: '#/components/schemas/policy.Value' - subjectConditionSet: - title: subject_condition_set - description: the reusable SubjectConditionSet mapped to the given Attribute Value - $ref: '#/components/schemas/policy.SubjectConditionSet' - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - description: The actions permitted by subjects in this mapping - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectMapping - additionalProperties: false - description: |- - Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute - value + action(s) combination - policy.SubjectSet: - type: object - properties: - conditionGroups: - type: array - items: - $ref: '#/components/schemas/policy.ConditionGroup' - title: condition_groups - minItems: 1 - description: multiple Condition Groups are evaluated with AND logic - title: SubjectSet - additionalProperties: false - description: A collection of Condition Groups - policy.Value: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - value: - type: string - title: value - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the value. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - subjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: subject_mappings - description: subject mapping - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - resourceMappings: - type: array - items: - $ref: '#/components/schemas/policy.ResourceMapping' - title: resource_mappings - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Value - additionalProperties: false - policy.obligations.AddObligationTriggerRequest: - type: object - properties: - obligationValueId: - type: string - title: obligation_value_id - description: Required - actionId: - type: string - title: action_id - attributeValueId: - type: string - title: attribute_value_id - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: AddObligationTriggerRequest - additionalProperties: false - description: Triggers - policy.obligations.AddObligationTriggerResponse: - type: object - properties: - trigger: - title: trigger - $ref: '#/components/schemas/policy.ObligationTrigger' - title: AddObligationTriggerResponse - additionalProperties: false - policy.obligations.CreateObligationRequest: - type: object - oneOf: - - properties: - fqn: - type: string - title: fqn - title: fqn - required: - - fqn - - properties: - id: - type: string - title: id - title: id - required: - - id - properties: - name: - type: string - title: name - values: - type: array - items: - type: string - title: values - description: Optional - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateObligationRequest - additionalProperties: false - policy.obligations.CreateObligationResponse: - type: object - properties: - obligation: - title: obligation - $ref: '#/components/schemas/policy.Obligation' - title: CreateObligationResponse - additionalProperties: false - policy.obligations.CreateObligationValueRequest: - type: object - oneOf: - - properties: - fqn: - type: string - title: fqn - title: fqn - required: - - fqn - - properties: - id: - type: string - title: id - title: id - required: - - id - properties: - value: - type: string - title: value - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateObligationValueRequest - additionalProperties: false - policy.obligations.CreateObligationValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.ObligationValue' - title: CreateObligationValueResponse - additionalProperties: false - policy.obligations.DeleteObligationRequest: - type: object - oneOf: - - properties: - fqn: - type: string - title: fqn - title: fqn - required: - - fqn - - properties: - id: - type: string - title: id - title: id - required: - - id - title: DeleteObligationRequest - additionalProperties: false - policy.obligations.DeleteObligationResponse: - type: object - properties: - obligation: - title: obligation - $ref: '#/components/schemas/policy.Obligation' - title: DeleteObligationResponse - additionalProperties: false - policy.obligations.DeleteObligationValueRequest: - type: object - oneOf: - - properties: - fqn: - type: string - title: fqn - title: fqn - required: - - fqn - - properties: - id: - type: string - title: id - title: id - required: - - id - title: DeleteObligationValueRequest - additionalProperties: false - policy.obligations.DeleteObligationValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.ObligationValue' - title: DeleteObligationValueResponse - additionalProperties: false - policy.obligations.GetObligationRequest: - type: object - oneOf: - - properties: - fqn: - type: string - title: fqn - title: fqn - required: - - fqn - - properties: - id: - type: string - title: id - title: id - required: - - id - title: GetObligationRequest - additionalProperties: false - description: Definitions - policy.obligations.GetObligationResponse: - type: object - properties: - obligation: - title: obligation - $ref: '#/components/schemas/policy.Obligation' - title: GetObligationResponse - additionalProperties: false - policy.obligations.GetObligationValueRequest: - type: object - oneOf: - - properties: - fqn: - type: string - title: fqn - title: fqn - required: - - fqn - - properties: - id: - type: string - title: id - title: id - required: - - id - title: GetObligationValueRequest - additionalProperties: false - description: Values - policy.obligations.GetObligationValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.ObligationValue' - title: GetObligationValueResponse - additionalProperties: false - policy.obligations.GetObligationValuesByFQNsRequest: - type: object - properties: - fqns: - type: array - items: - type: string - title: fqns - title: GetObligationValuesByFQNsRequest - additionalProperties: false - policy.obligations.GetObligationValuesByFQNsResponse: - type: object - properties: - fqnValueMap: - type: object - title: fqn_value_map - additionalProperties: - title: value - $ref: '#/components/schemas/policy.ObligationValue' - title: GetObligationValuesByFQNsResponse - additionalProperties: false - policy.obligations.GetObligationValuesByFQNsResponse.FqnValueMapEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/policy.ObligationValue' - title: FqnValueMapEntry - additionalProperties: false - policy.obligations.GetObligationsByFQNsRequest: - type: object - properties: - fqns: - type: array - items: - type: string - title: fqns - title: GetObligationsByFQNsRequest - additionalProperties: false - policy.obligations.GetObligationsByFQNsResponse: - type: object - properties: - fqnObligationMap: - type: object - title: fqn_obligation_map - additionalProperties: - title: value - $ref: '#/components/schemas/policy.Obligation' - title: GetObligationsByFQNsResponse - additionalProperties: false - policy.obligations.GetObligationsByFQNsResponse.FqnObligationMapEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/policy.Obligation' - title: FqnObligationMapEntry - additionalProperties: false - policy.obligations.ListObligationsRequest: - type: object - oneOf: - - properties: - fqn: - type: string - title: fqn - title: fqn - required: - - fqn - - properties: - id: - type: string - title: id - title: id - required: - - id - properties: - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListObligationsRequest - additionalProperties: false - policy.obligations.ListObligationsResponse: - type: object - properties: - obligations: - type: array - items: - $ref: '#/components/schemas/policy.Obligation' - title: obligations - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListObligationsResponse - additionalProperties: false - policy.obligations.RemoveObligationTriggerRequest: - type: object - properties: - id: - type: string - title: id - title: RemoveObligationTriggerRequest - additionalProperties: false - policy.obligations.RemoveObligationTriggerResponse: - type: object - properties: - trigger: - title: trigger - $ref: '#/components/schemas/policy.ObligationTrigger' - title: RemoveObligationTriggerResponse - additionalProperties: false - policy.obligations.UpdateObligationRequest: - type: object - properties: - id: - type: string - title: id - description: Required - name: - type: string - title: name - description: Optional - metadata: - title: metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateObligationRequest - additionalProperties: false - policy.obligations.UpdateObligationResponse: - type: object - properties: - obligation: - title: obligation - $ref: '#/components/schemas/policy.Obligation' - title: UpdateObligationResponse - additionalProperties: false - policy.obligations.UpdateObligationValueRequest: - type: object - properties: - id: - type: string - title: id - description: Required - value: - type: string - title: value - description: Optional - metadata: - title: metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateObligationValueRequest - additionalProperties: false - policy.obligations.UpdateObligationValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.ObligationValue' - title: UpdateObligationValueResponse - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: policy.obligations.Service - description: |- - / - / Obligation Service - / diff --git a/specs/policy/registeredresources/registered_resources.openapi.yaml b/specs/policy/registeredresources/registered_resources.openapi.yaml deleted file mode 100644 index 7bc73e2c..00000000 --- a/specs/policy/registeredresources/registered_resources.openapi.yaml +++ /dev/null @@ -1,1679 +0,0 @@ -openapi: 3.1.0 -info: - title: policy.registeredresources -paths: - /policy.registeredresources.RegisteredResourcesService/CreateRegisteredResource: - post: - tags: - - policy.registeredresources.RegisteredResourcesService - summary: CreateRegisteredResource - operationId: policy.registeredresources.RegisteredResourcesService.CreateRegisteredResource - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.CreateRegisteredResourceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.CreateRegisteredResourceResponse' - /policy.registeredresources.RegisteredResourcesService/GetRegisteredResource: - post: - tags: - - policy.registeredresources.RegisteredResourcesService - summary: GetRegisteredResource - operationId: policy.registeredresources.RegisteredResourcesService.GetRegisteredResource - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.GetRegisteredResourceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.GetRegisteredResourceResponse' - /policy.registeredresources.RegisteredResourcesService/ListRegisteredResources: - post: - tags: - - policy.registeredresources.RegisteredResourcesService - summary: ListRegisteredResources - operationId: policy.registeredresources.RegisteredResourcesService.ListRegisteredResources - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.ListRegisteredResourcesRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.ListRegisteredResourcesResponse' - /policy.registeredresources.RegisteredResourcesService/UpdateRegisteredResource: - post: - tags: - - policy.registeredresources.RegisteredResourcesService - summary: UpdateRegisteredResource - operationId: policy.registeredresources.RegisteredResourcesService.UpdateRegisteredResource - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.UpdateRegisteredResourceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.UpdateRegisteredResourceResponse' - /policy.registeredresources.RegisteredResourcesService/DeleteRegisteredResource: - post: - tags: - - policy.registeredresources.RegisteredResourcesService - summary: DeleteRegisteredResource - operationId: policy.registeredresources.RegisteredResourcesService.DeleteRegisteredResource - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.DeleteRegisteredResourceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.DeleteRegisteredResourceResponse' - /policy.registeredresources.RegisteredResourcesService/CreateRegisteredResourceValue: - post: - tags: - - policy.registeredresources.RegisteredResourcesService - summary: CreateRegisteredResourceValue - operationId: policy.registeredresources.RegisteredResourcesService.CreateRegisteredResourceValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.CreateRegisteredResourceValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.CreateRegisteredResourceValueResponse' - /policy.registeredresources.RegisteredResourcesService/GetRegisteredResourceValue: - post: - tags: - - policy.registeredresources.RegisteredResourcesService - summary: GetRegisteredResourceValue - operationId: policy.registeredresources.RegisteredResourcesService.GetRegisteredResourceValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.GetRegisteredResourceValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.GetRegisteredResourceValueResponse' - /policy.registeredresources.RegisteredResourcesService/GetRegisteredResourceValuesByFQNs: - post: - tags: - - policy.registeredresources.RegisteredResourcesService - summary: GetRegisteredResourceValuesByFQNs - operationId: policy.registeredresources.RegisteredResourcesService.GetRegisteredResourceValuesByFQNs - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.GetRegisteredResourceValuesByFQNsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.GetRegisteredResourceValuesByFQNsResponse' - /policy.registeredresources.RegisteredResourcesService/ListRegisteredResourceValues: - post: - tags: - - policy.registeredresources.RegisteredResourcesService - summary: ListRegisteredResourceValues - operationId: policy.registeredresources.RegisteredResourcesService.ListRegisteredResourceValues - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.ListRegisteredResourceValuesRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.ListRegisteredResourceValuesResponse' - /policy.registeredresources.RegisteredResourcesService/UpdateRegisteredResourceValue: - post: - tags: - - policy.registeredresources.RegisteredResourcesService - summary: UpdateRegisteredResourceValue - operationId: policy.registeredresources.RegisteredResourcesService.UpdateRegisteredResourceValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.UpdateRegisteredResourceValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.UpdateRegisteredResourceValueResponse' - /policy.registeredresources.RegisteredResourcesService/DeleteRegisteredResourceValue: - post: - tags: - - policy.registeredresources.RegisteredResourcesService - summary: DeleteRegisteredResourceValue - operationId: policy.registeredresources.RegisteredResourcesService.DeleteRegisteredResourceValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.DeleteRegisteredResourceValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.registeredresources.DeleteRegisteredResourceValueResponse' -components: - schemas: - common.MetadataUpdateEnum: - type: string - title: MetadataUpdateEnum - enum: - - METADATA_UPDATE_ENUM_UNSPECIFIED - - METADATA_UPDATE_ENUM_EXTEND - - METADATA_UPDATE_ENUM_REPLACE - policy.Action.StandardAction: - type: string - title: StandardAction - enum: - - STANDARD_ACTION_UNSPECIFIED - - STANDARD_ACTION_DECRYPT - - STANDARD_ACTION_TRANSMIT - policy.Algorithm: - type: string - title: Algorithm - enum: - - ALGORITHM_UNSPECIFIED - - ALGORITHM_RSA_2048 - - ALGORITHM_RSA_4096 - - ALGORITHM_EC_P256 - - ALGORITHM_EC_P384 - - ALGORITHM_EC_P521 - description: Supported key algorithms. - policy.AttributeRuleTypeEnum: - type: string - title: AttributeRuleTypeEnum - enum: - - ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED - - ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF - - ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF - - ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY - policy.ConditionBooleanTypeEnum: - type: string - title: ConditionBooleanTypeEnum - enum: - - CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED - - CONDITION_BOOLEAN_TYPE_ENUM_AND - - CONDITION_BOOLEAN_TYPE_ENUM_OR - policy.KasPublicKeyAlgEnum: - type: string - title: KasPublicKeyAlgEnum - enum: - - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 - policy.SourceType: - type: string - title: SourceType - enum: - - SOURCE_TYPE_UNSPECIFIED - - SOURCE_TYPE_INTERNAL - - SOURCE_TYPE_EXTERNAL - description: |- - Describes whether this kas is managed by the organization or if they imported - the kas information from an external party. These two modes are necessary in order - to encrypt a tdf dek with an external parties kas public key. - policy.SubjectMappingOperatorEnum: - type: string - title: SubjectMappingOperatorEnum - enum: - - SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED - - SUBJECT_MAPPING_OPERATOR_ENUM_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - common.MetadataMutable: - type: object - properties: - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional labels - title: MetadataMutable - additionalProperties: false - common.MetadataMutable.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.BoolValue: - type: boolean - description: |- - Wrapper message for `bool`. - - The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.Action: - type: object - oneOf: - - properties: - custom: - type: string - title: custom - description: Deprecated - title: custom - required: - - custom - - properties: - standard: - title: standard - description: Deprecated - $ref: '#/components/schemas/policy.Action.StandardAction' - title: standard - required: - - standard - properties: - id: - type: string - title: id - description: Generated uuid in database - name: - type: string - title: name - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Action - additionalProperties: false - description: An action an entity can take - policy.Attribute: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - description: namespace of the attribute - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - description: attribute name - rule: - title: rule - description: attribute rule enum - $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' - values: - type: array - items: - $ref: '#/components/schemas/policy.Value' - title: values - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the attribute. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys associated with the attribute - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Attribute - required: - - rule - additionalProperties: false - policy.Condition: - type: object - properties: - subjectExternalSelectorValue: - type: string - title: subject_external_selector_value - description: |- - a selector for a field value on a flattened Entity Representation (such as - from idP/LDAP) - operator: - title: operator - description: the evaluation operator of relation - $ref: '#/components/schemas/policy.SubjectMappingOperatorEnum' - subjectExternalValues: - type: array - items: - type: string - minItems: 1 - title: subject_external_values - minItems: 1 - description: |- - list of comparison values for the result of applying the - subject_external_selector_value on a flattened Entity Representation - (Subject), evaluated by the operator - title: Condition - required: - - subjectExternalSelectorValue - - operator - additionalProperties: false - description: |- - * - A Condition defines a rule of - policy.ConditionGroup: - type: object - properties: - conditions: - type: array - items: - $ref: '#/components/schemas/policy.Condition' - title: conditions - minItems: 1 - booleanOperator: - title: boolean_operator - description: the boolean evaluation type across the conditions - $ref: '#/components/schemas/policy.ConditionBooleanTypeEnum' - title: ConditionGroup - required: - - booleanOperator - additionalProperties: false - description: A collection of Conditions evaluated by the boolean_operator provided - policy.KasPublicKey: - type: object - properties: - pem: - type: string - title: pem - maxLength: 8192 - minLength: 1 - description: x509 ASN.1 content in PEM envelope, usually - kid: - type: string - title: kid - maxLength: 32 - minLength: 1 - description: A unique string identifier for this key - alg: - not: - enum: - - 0 - title: alg - description: |- - A known algorithm type with any additional parameters encoded. - To start, these may be `rsa:2048` for encrypting ZTDF files and - `ec:secp256r1` for nanoTDF, but more formats may be added as needed. - $ref: '#/components/schemas/policy.KasPublicKeyAlgEnum' - title: KasPublicKey - additionalProperties: false - description: |- - Deprecated - A KAS public key and some associated metadata for further identifcation - policy.KasPublicKeySet: - type: object - properties: - keys: - type: array - items: - $ref: '#/components/schemas/policy.KasPublicKey' - title: keys - title: KasPublicKeySet - additionalProperties: false - description: |- - Deprecated - A list of known KAS public keys - policy.KeyAccessServer: - type: object - properties: - id: - type: string - title: id - uri: - type: string - title: uri - description: |+ - Address of a KAS instance - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$') - ``` - - publicKey: - title: public_key - description: Deprecated - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: 'The source of the KAS: (INTERNAL, EXTERNAL)' - $ref: '#/components/schemas/policy.SourceType' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Kas keys associated with this KAS - name: - type: string - title: name - description: |- - Optional - Unique name of the KAS instance - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyAccessServer - additionalProperties: false - description: Key Access Server Registry - policy.Namespace: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - name: - type: string - title: name - description: |- - used to partition Attribute Definitions, support by namespace AuthN and - enable federation - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the namespace. Use kas_keys instead. - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys for the namespace - title: Namespace - additionalProperties: false - policy.PageRequest: - type: object - properties: - limit: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - offset: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided - title: PageRequest - additionalProperties: false - policy.PageResponse: - type: object - properties: - currentOffset: - type: integer - title: current_offset - format: int32 - description: Requested pagination offset - nextOffset: - type: integer - title: next_offset - format: int32 - description: |- - Calculated with request limit + offset or defaults - Empty when none remain after current page - total: - type: integer - title: total - format: int32 - description: Total count of entire list - title: PageResponse - additionalProperties: false - policy.PublicKey: - type: object - oneOf: - - properties: - cached: - title: cached - description: public key with additional information. Current preferred version - $ref: '#/components/schemas/policy.KasPublicKeySet' - title: cached - required: - - cached - - properties: - remote: - type: string - title: remote - description: |+ - kas public key url - optional since can also be retrieved via public key - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$') - ``` - - title: remote - required: - - remote - title: PublicKey - additionalProperties: false - description: Deprecated - policy.RegisteredResource: - type: object - properties: - id: - type: string - title: id - name: - type: string - title: name - values: - type: array - items: - $ref: '#/components/schemas/policy.RegisteredResourceValue' - title: values - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: RegisteredResource - additionalProperties: false - policy.RegisteredResourceValue: - type: object - properties: - id: - type: string - title: id - value: - type: string - title: value - resource: - title: resource - $ref: '#/components/schemas/policy.RegisteredResource' - actionAttributeValues: - type: array - items: - $ref: '#/components/schemas/policy.RegisteredResourceValue.ActionAttributeValue' - title: action_attribute_values - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: RegisteredResourceValue - additionalProperties: false - policy.RegisteredResourceValue.ActionAttributeValue: - type: object - properties: - id: - type: string - title: id - action: - title: action - $ref: '#/components/schemas/policy.Action' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: ActionAttributeValue - additionalProperties: false - policy.ResourceMapping: - type: object - properties: - id: - type: string - title: id - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - terms: - type: array - items: - type: string - title: terms - group: - title: group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: ResourceMapping - required: - - attributeValue - additionalProperties: false - description: |- - Resource Mappings (aka Access Control Resource Encodings aka ACRE) are - structures supporting the mapping of Resources and Attribute Values - policy.ResourceMappingGroup: - type: object - properties: - id: - type: string - title: id - namespaceId: - type: string - title: namespace_id - description: the namespace containing the group of resource mappings - name: - type: string - title: name - description: |- - the common name for the group of resource mappings, which must be unique - per namespace - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: ResourceMappingGroup - required: - - namespaceId - - name - additionalProperties: false - description: |- - Resource Mapping Groups are namespaced collections of Resource Mappings - associated under a common group name. - policy.SimpleKasKey: - type: object - properties: - kasUri: - type: string - title: kas_uri - description: The URL of the Key Access Server - publicKey: - title: public_key - description: The public key of the Key that belongs to the KAS - $ref: '#/components/schemas/policy.SimpleKasPublicKey' - kasId: - type: string - title: kas_id - description: The ID of the Key Access Server - title: SimpleKasKey - additionalProperties: false - policy.SimpleKasPublicKey: - type: object - properties: - algorithm: - title: algorithm - $ref: '#/components/schemas/policy.Algorithm' - kid: - type: string - title: kid - pem: - type: string - title: pem - title: SimpleKasPublicKey - additionalProperties: false - policy.SubjectConditionSet: - type: object - properties: - id: - type: string - title: id - subjectSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectSet' - title: subject_sets - minItems: 1 - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectConditionSet - additionalProperties: false - description: |- - A container for multiple Subject Sets, each containing Condition Groups, each - containing Conditions. Multiple Subject Sets in a SubjectConditionSet are - evaluated with AND logic. As each Subject Mapping has only one Attribute - Value, the SubjectConditionSet is reusable across multiple Subject Mappings / - Attribute Values and is an independent unit. - policy.SubjectMapping: - type: object - properties: - id: - type: string - title: id - attributeValue: - title: attribute_value - description: 'the Attribute Value mapped to; aka: "The Entity Entitlement Attribute"' - $ref: '#/components/schemas/policy.Value' - subjectConditionSet: - title: subject_condition_set - description: the reusable SubjectConditionSet mapped to the given Attribute Value - $ref: '#/components/schemas/policy.SubjectConditionSet' - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - description: The actions permitted by subjects in this mapping - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectMapping - additionalProperties: false - description: |- - Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute - value + action(s) combination - policy.SubjectSet: - type: object - properties: - conditionGroups: - type: array - items: - $ref: '#/components/schemas/policy.ConditionGroup' - title: condition_groups - minItems: 1 - description: multiple Condition Groups are evaluated with AND logic - title: SubjectSet - additionalProperties: false - description: A collection of Condition Groups - policy.Value: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - value: - type: string - title: value - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the value. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - subjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: subject_mappings - description: subject mapping - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - resourceMappings: - type: array - items: - $ref: '#/components/schemas/policy.ResourceMapping' - title: resource_mappings - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Value - additionalProperties: false - policy.registeredresources.ActionAttributeValue: - type: object - allOf: - - oneOf: - - properties: - actionId: - type: string - title: action_id - format: uuid - title: action_id - required: - - actionId - - properties: - actionName: - type: string - title: action_name - maxLength: 253 - description: |+ - Action name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored action name will be normalized to lower case.: - ``` - this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - title: action_name - required: - - actionName - - oneOf: - - properties: - attributeValueFqn: - type: string - title: attribute_value_fqn - minLength: 1 - format: uri - title: attribute_value_fqn - required: - - attributeValueFqn - - properties: - attributeValueId: - type: string - title: attribute_value_id - format: uuid - title: attribute_value_id - required: - - attributeValueId - title: ActionAttributeValue - additionalProperties: false - policy.registeredresources.CreateRegisteredResourceRequest: - type: object - properties: - name: - type: string - title: name - maxLength: 253 - description: |+ - Required - Registered Resource Name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored name will be normalized to lower case.: - ``` - this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - values: - type: array - items: - type: string - maxLength: 253 - pattern: ^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$ - uniqueItems: true - title: values - uniqueItems: true - description: "Optional \n Registered Resource Values (when provided) must be alphanumeric strings, allowing hyphens and underscores but not as the first or last character.\n The stored value will be normalized to lower case." - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateRegisteredResourceRequest - required: - - name - additionalProperties: false - policy.registeredresources.CreateRegisteredResourceResponse: - type: object - properties: - resource: - title: resource - $ref: '#/components/schemas/policy.RegisteredResource' - title: CreateRegisteredResourceResponse - additionalProperties: false - policy.registeredresources.CreateRegisteredResourceValueRequest: - type: object - properties: - resourceId: - type: string - title: resource_id - format: uuid - description: Required - value: - type: string - title: value - maxLength: 253 - description: |+ - Required - Registered Resource Value must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored value will be normalized to lower case.: - ``` - this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - actionAttributeValues: - type: array - items: - $ref: '#/components/schemas/policy.registeredresources.ActionAttributeValue' - title: action_attribute_values - description: |- - Optional - The associated Action <> AttributeValue combinations to be utilized in authorization/entitlement decisioning - (i.e. action read -> attribute value https://example.com/attr/department/value/marketing) - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateRegisteredResourceValueRequest - required: - - value - additionalProperties: false - policy.registeredresources.CreateRegisteredResourceValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.RegisteredResourceValue' - title: CreateRegisteredResourceValueResponse - additionalProperties: false - policy.registeredresources.DeleteRegisteredResourceRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeleteRegisteredResourceRequest - additionalProperties: false - policy.registeredresources.DeleteRegisteredResourceResponse: - type: object - properties: - resource: - title: resource - $ref: '#/components/schemas/policy.RegisteredResource' - title: DeleteRegisteredResourceResponse - additionalProperties: false - policy.registeredresources.DeleteRegisteredResourceValueRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeleteRegisteredResourceValueRequest - additionalProperties: false - policy.registeredresources.DeleteRegisteredResourceValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.RegisteredResourceValue' - title: DeleteRegisteredResourceValueResponse - additionalProperties: false - policy.registeredresources.GetRegisteredResourceRequest: - type: object - oneOf: - - properties: - id: - type: string - title: id - format: uuid - title: id - required: - - id - - properties: - name: - type: string - title: name - maxLength: 253 - description: |+ - Registered Resource Name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored name will be normalized to lower case.: - ``` - size(this) > 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true - ``` - - title: name - required: - - name - title: GetRegisteredResourceRequest - additionalProperties: false - policy.registeredresources.GetRegisteredResourceResponse: - type: object - properties: - resource: - title: resource - $ref: '#/components/schemas/policy.RegisteredResource' - title: GetRegisteredResourceResponse - additionalProperties: false - policy.registeredresources.GetRegisteredResourceValueRequest: - type: object - oneOf: - - properties: - fqn: - type: string - title: fqn - minLength: 1 - format: uri - title: fqn - required: - - fqn - - properties: - id: - type: string - title: id - format: uuid - title: id - required: - - id - title: GetRegisteredResourceValueRequest - additionalProperties: false - policy.registeredresources.GetRegisteredResourceValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.RegisteredResourceValue' - title: GetRegisteredResourceValueResponse - additionalProperties: false - policy.registeredresources.GetRegisteredResourceValuesByFQNsRequest: - type: object - properties: - fqns: - type: array - items: - type: string - minLength: 1 - format: uri - minItems: 1 - uniqueItems: true - title: fqns - minItems: 1 - uniqueItems: true - description: Required - title: GetRegisteredResourceValuesByFQNsRequest - additionalProperties: false - policy.registeredresources.GetRegisteredResourceValuesByFQNsResponse: - type: object - properties: - fqnValueMap: - type: object - title: fqn_value_map - additionalProperties: - title: value - $ref: '#/components/schemas/policy.RegisteredResourceValue' - title: GetRegisteredResourceValuesByFQNsResponse - additionalProperties: false - policy.registeredresources.GetRegisteredResourceValuesByFQNsResponse.FqnValueMapEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/policy.RegisteredResourceValue' - title: FqnValueMapEntry - additionalProperties: false - policy.registeredresources.ListRegisteredResourceValuesRequest: - type: object - properties: - resourceId: - type: string - title: resource_id - description: |+ - Optional - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListRegisteredResourceValuesRequest - additionalProperties: false - policy.registeredresources.ListRegisteredResourceValuesResponse: - type: object - properties: - values: - type: array - items: - $ref: '#/components/schemas/policy.RegisteredResourceValue' - title: values - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListRegisteredResourceValuesResponse - additionalProperties: false - policy.registeredresources.ListRegisteredResourcesRequest: - type: object - properties: - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListRegisteredResourcesRequest - additionalProperties: false - policy.registeredresources.ListRegisteredResourcesResponse: - type: object - properties: - resources: - type: array - items: - $ref: '#/components/schemas/policy.RegisteredResource' - title: resources - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListRegisteredResourcesResponse - additionalProperties: false - policy.registeredresources.UpdateRegisteredResourceRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - name: - type: string - title: name - maxLength: 253 - description: |+ - Optional - Registered Resource Name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored name will be normalized to lower case.: - ``` - size(this) > 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true - ``` - - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateRegisteredResourceRequest - additionalProperties: false - policy.registeredresources.UpdateRegisteredResourceResponse: - type: object - properties: - resource: - title: resource - $ref: '#/components/schemas/policy.RegisteredResource' - title: UpdateRegisteredResourceResponse - additionalProperties: false - policy.registeredresources.UpdateRegisteredResourceValueRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - value: - type: string - title: value - maxLength: 253 - description: |+ - Optional - Registered Resource Value must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored value will be normalized to lower case.: - ``` - size(this) > 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true - ``` - - actionAttributeValues: - type: array - items: - $ref: '#/components/schemas/policy.registeredresources.ActionAttributeValue' - title: action_attribute_values - description: |- - Optional - Action Attribute Values provided here will replace all existing records in the database. To delete all action attribute values, set this field to an empty list. - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateRegisteredResourceValueRequest - additionalProperties: false - policy.registeredresources.UpdateRegisteredResourceValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.RegisteredResourceValue' - title: UpdateRegisteredResourceValueResponse - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: policy.registeredresources.RegisteredResourcesService - description: Registered Resources diff --git a/specs/policy/resourcemapping/resource_mapping.openapi.yaml b/specs/policy/resourcemapping/resource_mapping.openapi.yaml deleted file mode 100644 index 7e13ecdd..00000000 --- a/specs/policy/resourcemapping/resource_mapping.openapi.yaml +++ /dev/null @@ -1,1563 +0,0 @@ -openapi: 3.1.0 -info: - title: policy.resourcemapping -paths: - /policy.resourcemapping.ResourceMappingService/ListResourceMappingGroups: - post: - tags: - - policy.resourcemapping.ResourceMappingService - summary: ListResourceMappingGroups - operationId: policy.resourcemapping.ResourceMappingService.ListResourceMappingGroups - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.ListResourceMappingGroupsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.ListResourceMappingGroupsResponse' - /policy.resourcemapping.ResourceMappingService/GetResourceMappingGroup: - post: - tags: - - policy.resourcemapping.ResourceMappingService - summary: GetResourceMappingGroup - operationId: policy.resourcemapping.ResourceMappingService.GetResourceMappingGroup - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.GetResourceMappingGroupRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.GetResourceMappingGroupResponse' - /policy.resourcemapping.ResourceMappingService/CreateResourceMappingGroup: - post: - tags: - - policy.resourcemapping.ResourceMappingService - summary: CreateResourceMappingGroup - operationId: policy.resourcemapping.ResourceMappingService.CreateResourceMappingGroup - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.CreateResourceMappingGroupRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.CreateResourceMappingGroupResponse' - /policy.resourcemapping.ResourceMappingService/UpdateResourceMappingGroup: - post: - tags: - - policy.resourcemapping.ResourceMappingService - summary: UpdateResourceMappingGroup - operationId: policy.resourcemapping.ResourceMappingService.UpdateResourceMappingGroup - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.UpdateResourceMappingGroupRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.UpdateResourceMappingGroupResponse' - /policy.resourcemapping.ResourceMappingService/DeleteResourceMappingGroup: - post: - tags: - - policy.resourcemapping.ResourceMappingService - summary: DeleteResourceMappingGroup - operationId: policy.resourcemapping.ResourceMappingService.DeleteResourceMappingGroup - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.DeleteResourceMappingGroupRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.DeleteResourceMappingGroupResponse' - /policy.resourcemapping.ResourceMappingService/ListResourceMappings: - post: - tags: - - policy.resourcemapping.ResourceMappingService - summary: ListResourceMappings - operationId: policy.resourcemapping.ResourceMappingService.ListResourceMappings - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.ListResourceMappingsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.ListResourceMappingsResponse' - /policy.resourcemapping.ResourceMappingService/ListResourceMappingsByGroupFqns: - post: - tags: - - policy.resourcemapping.ResourceMappingService - summary: ListResourceMappingsByGroupFqns - operationId: policy.resourcemapping.ResourceMappingService.ListResourceMappingsByGroupFqns - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.ListResourceMappingsByGroupFqnsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.ListResourceMappingsByGroupFqnsResponse' - /policy.resourcemapping.ResourceMappingService/GetResourceMapping: - post: - tags: - - policy.resourcemapping.ResourceMappingService - summary: GetResourceMapping - operationId: policy.resourcemapping.ResourceMappingService.GetResourceMapping - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.GetResourceMappingRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.GetResourceMappingResponse' - /policy.resourcemapping.ResourceMappingService/CreateResourceMapping: - post: - tags: - - policy.resourcemapping.ResourceMappingService - summary: CreateResourceMapping - operationId: policy.resourcemapping.ResourceMappingService.CreateResourceMapping - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.CreateResourceMappingRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.CreateResourceMappingResponse' - /policy.resourcemapping.ResourceMappingService/UpdateResourceMapping: - post: - tags: - - policy.resourcemapping.ResourceMappingService - summary: UpdateResourceMapping - operationId: policy.resourcemapping.ResourceMappingService.UpdateResourceMapping - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.UpdateResourceMappingRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.UpdateResourceMappingResponse' - /policy.resourcemapping.ResourceMappingService/DeleteResourceMapping: - post: - tags: - - policy.resourcemapping.ResourceMappingService - summary: DeleteResourceMapping - operationId: policy.resourcemapping.ResourceMappingService.DeleteResourceMapping - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.DeleteResourceMappingRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.resourcemapping.DeleteResourceMappingResponse' -components: - schemas: - common.MetadataUpdateEnum: - type: string - title: MetadataUpdateEnum - enum: - - METADATA_UPDATE_ENUM_UNSPECIFIED - - METADATA_UPDATE_ENUM_EXTEND - - METADATA_UPDATE_ENUM_REPLACE - policy.Action.StandardAction: - type: string - title: StandardAction - enum: - - STANDARD_ACTION_UNSPECIFIED - - STANDARD_ACTION_DECRYPT - - STANDARD_ACTION_TRANSMIT - policy.Algorithm: - type: string - title: Algorithm - enum: - - ALGORITHM_UNSPECIFIED - - ALGORITHM_RSA_2048 - - ALGORITHM_RSA_4096 - - ALGORITHM_EC_P256 - - ALGORITHM_EC_P384 - - ALGORITHM_EC_P521 - description: Supported key algorithms. - policy.AttributeRuleTypeEnum: - type: string - title: AttributeRuleTypeEnum - enum: - - ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED - - ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF - - ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF - - ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY - policy.ConditionBooleanTypeEnum: - type: string - title: ConditionBooleanTypeEnum - enum: - - CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED - - CONDITION_BOOLEAN_TYPE_ENUM_AND - - CONDITION_BOOLEAN_TYPE_ENUM_OR - policy.KasPublicKeyAlgEnum: - type: string - title: KasPublicKeyAlgEnum - enum: - - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 - policy.SourceType: - type: string - title: SourceType - enum: - - SOURCE_TYPE_UNSPECIFIED - - SOURCE_TYPE_INTERNAL - - SOURCE_TYPE_EXTERNAL - description: |- - Describes whether this kas is managed by the organization or if they imported - the kas information from an external party. These two modes are necessary in order - to encrypt a tdf dek with an external parties kas public key. - policy.SubjectMappingOperatorEnum: - type: string - title: SubjectMappingOperatorEnum - enum: - - SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED - - SUBJECT_MAPPING_OPERATOR_ENUM_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - common.MetadataMutable: - type: object - properties: - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional labels - title: MetadataMutable - additionalProperties: false - common.MetadataMutable.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.BoolValue: - type: boolean - description: |- - Wrapper message for `bool`. - - The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.Action: - type: object - oneOf: - - properties: - custom: - type: string - title: custom - description: Deprecated - title: custom - required: - - custom - - properties: - standard: - title: standard - description: Deprecated - $ref: '#/components/schemas/policy.Action.StandardAction' - title: standard - required: - - standard - properties: - id: - type: string - title: id - description: Generated uuid in database - name: - type: string - title: name - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Action - additionalProperties: false - description: An action an entity can take - policy.Attribute: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - description: namespace of the attribute - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - description: attribute name - rule: - title: rule - description: attribute rule enum - $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' - values: - type: array - items: - $ref: '#/components/schemas/policy.Value' - title: values - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the attribute. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys associated with the attribute - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Attribute - required: - - rule - additionalProperties: false - policy.Condition: - type: object - properties: - subjectExternalSelectorValue: - type: string - title: subject_external_selector_value - description: |- - a selector for a field value on a flattened Entity Representation (such as - from idP/LDAP) - operator: - title: operator - description: the evaluation operator of relation - $ref: '#/components/schemas/policy.SubjectMappingOperatorEnum' - subjectExternalValues: - type: array - items: - type: string - minItems: 1 - title: subject_external_values - minItems: 1 - description: |- - list of comparison values for the result of applying the - subject_external_selector_value on a flattened Entity Representation - (Subject), evaluated by the operator - title: Condition - required: - - subjectExternalSelectorValue - - operator - additionalProperties: false - description: |- - * - A Condition defines a rule of - policy.ConditionGroup: - type: object - properties: - conditions: - type: array - items: - $ref: '#/components/schemas/policy.Condition' - title: conditions - minItems: 1 - booleanOperator: - title: boolean_operator - description: the boolean evaluation type across the conditions - $ref: '#/components/schemas/policy.ConditionBooleanTypeEnum' - title: ConditionGroup - required: - - booleanOperator - additionalProperties: false - description: A collection of Conditions evaluated by the boolean_operator provided - policy.KasPublicKey: - type: object - properties: - pem: - type: string - title: pem - maxLength: 8192 - minLength: 1 - description: x509 ASN.1 content in PEM envelope, usually - kid: - type: string - title: kid - maxLength: 32 - minLength: 1 - description: A unique string identifier for this key - alg: - not: - enum: - - 0 - title: alg - description: |- - A known algorithm type with any additional parameters encoded. - To start, these may be `rsa:2048` for encrypting ZTDF files and - `ec:secp256r1` for nanoTDF, but more formats may be added as needed. - $ref: '#/components/schemas/policy.KasPublicKeyAlgEnum' - title: KasPublicKey - additionalProperties: false - description: |- - Deprecated - A KAS public key and some associated metadata for further identifcation - policy.KasPublicKeySet: - type: object - properties: - keys: - type: array - items: - $ref: '#/components/schemas/policy.KasPublicKey' - title: keys - title: KasPublicKeySet - additionalProperties: false - description: |- - Deprecated - A list of known KAS public keys - policy.KeyAccessServer: - type: object - properties: - id: - type: string - title: id - uri: - type: string - title: uri - description: |+ - Address of a KAS instance - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$') - ``` - - publicKey: - title: public_key - description: Deprecated - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: 'The source of the KAS: (INTERNAL, EXTERNAL)' - $ref: '#/components/schemas/policy.SourceType' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Kas keys associated with this KAS - name: - type: string - title: name - description: |- - Optional - Unique name of the KAS instance - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyAccessServer - additionalProperties: false - description: Key Access Server Registry - policy.Namespace: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - name: - type: string - title: name - description: |- - used to partition Attribute Definitions, support by namespace AuthN and - enable federation - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the namespace. Use kas_keys instead. - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys for the namespace - title: Namespace - additionalProperties: false - policy.PageRequest: - type: object - properties: - limit: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - offset: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided - title: PageRequest - additionalProperties: false - policy.PageResponse: - type: object - properties: - currentOffset: - type: integer - title: current_offset - format: int32 - description: Requested pagination offset - nextOffset: - type: integer - title: next_offset - format: int32 - description: |- - Calculated with request limit + offset or defaults - Empty when none remain after current page - total: - type: integer - title: total - format: int32 - description: Total count of entire list - title: PageResponse - additionalProperties: false - policy.PublicKey: - type: object - oneOf: - - properties: - cached: - title: cached - description: public key with additional information. Current preferred version - $ref: '#/components/schemas/policy.KasPublicKeySet' - title: cached - required: - - cached - - properties: - remote: - type: string - title: remote - description: |+ - kas public key url - optional since can also be retrieved via public key - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$') - ``` - - title: remote - required: - - remote - title: PublicKey - additionalProperties: false - description: Deprecated - policy.ResourceMapping: - type: object - properties: - id: - type: string - title: id - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - terms: - type: array - items: - type: string - title: terms - group: - title: group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: ResourceMapping - required: - - attributeValue - additionalProperties: false - description: |- - Resource Mappings (aka Access Control Resource Encodings aka ACRE) are - structures supporting the mapping of Resources and Attribute Values - policy.ResourceMappingGroup: - type: object - properties: - id: - type: string - title: id - namespaceId: - type: string - title: namespace_id - description: the namespace containing the group of resource mappings - name: - type: string - title: name - description: |- - the common name for the group of resource mappings, which must be unique - per namespace - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: ResourceMappingGroup - required: - - namespaceId - - name - additionalProperties: false - description: |- - Resource Mapping Groups are namespaced collections of Resource Mappings - associated under a common group name. - policy.SimpleKasKey: - type: object - properties: - kasUri: - type: string - title: kas_uri - description: The URL of the Key Access Server - publicKey: - title: public_key - description: The public key of the Key that belongs to the KAS - $ref: '#/components/schemas/policy.SimpleKasPublicKey' - kasId: - type: string - title: kas_id - description: The ID of the Key Access Server - title: SimpleKasKey - additionalProperties: false - policy.SimpleKasPublicKey: - type: object - properties: - algorithm: - title: algorithm - $ref: '#/components/schemas/policy.Algorithm' - kid: - type: string - title: kid - pem: - type: string - title: pem - title: SimpleKasPublicKey - additionalProperties: false - policy.SubjectConditionSet: - type: object - properties: - id: - type: string - title: id - subjectSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectSet' - title: subject_sets - minItems: 1 - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectConditionSet - additionalProperties: false - description: |- - A container for multiple Subject Sets, each containing Condition Groups, each - containing Conditions. Multiple Subject Sets in a SubjectConditionSet are - evaluated with AND logic. As each Subject Mapping has only one Attribute - Value, the SubjectConditionSet is reusable across multiple Subject Mappings / - Attribute Values and is an independent unit. - policy.SubjectMapping: - type: object - properties: - id: - type: string - title: id - attributeValue: - title: attribute_value - description: 'the Attribute Value mapped to; aka: "The Entity Entitlement Attribute"' - $ref: '#/components/schemas/policy.Value' - subjectConditionSet: - title: subject_condition_set - description: the reusable SubjectConditionSet mapped to the given Attribute Value - $ref: '#/components/schemas/policy.SubjectConditionSet' - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - description: The actions permitted by subjects in this mapping - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectMapping - additionalProperties: false - description: |- - Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute - value + action(s) combination - policy.SubjectSet: - type: object - properties: - conditionGroups: - type: array - items: - $ref: '#/components/schemas/policy.ConditionGroup' - title: condition_groups - minItems: 1 - description: multiple Condition Groups are evaluated with AND logic - title: SubjectSet - additionalProperties: false - description: A collection of Condition Groups - policy.Value: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - value: - type: string - title: value - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the value. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - subjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: subject_mappings - description: subject mapping - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - resourceMappings: - type: array - items: - $ref: '#/components/schemas/policy.ResourceMapping' - title: resource_mappings - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Value - additionalProperties: false - policy.resourcemapping.CreateResourceMappingGroupRequest: - type: object - properties: - namespaceId: - type: string - title: namespace_id - format: uuid - description: Required - name: - type: string - title: name - description: Required - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateResourceMappingGroupRequest - required: - - name - additionalProperties: false - policy.resourcemapping.CreateResourceMappingGroupResponse: - type: object - properties: - resourceMappingGroup: - title: resource_mapping_group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: CreateResourceMappingGroupResponse - additionalProperties: false - policy.resourcemapping.CreateResourceMappingRequest: - type: object - properties: - attributeValueId: - type: string - title: attribute_value_id - format: uuid - description: Required - terms: - type: array - items: - type: string - maxItems: 1000 - minItems: 1 - title: terms - maxItems: 1000 - minItems: 1 - description: Required - groupId: - type: string - title: group_id - description: |+ - Optional - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - metadata: - title: metadata - description: Optional - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateResourceMappingRequest - additionalProperties: false - policy.resourcemapping.CreateResourceMappingResponse: - type: object - properties: - resourceMapping: - title: resource_mapping - $ref: '#/components/schemas/policy.ResourceMapping' - title: CreateResourceMappingResponse - additionalProperties: false - policy.resourcemapping.DeleteResourceMappingGroupRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeleteResourceMappingGroupRequest - additionalProperties: false - policy.resourcemapping.DeleteResourceMappingGroupResponse: - type: object - properties: - resourceMappingGroup: - title: resource_mapping_group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: DeleteResourceMappingGroupResponse - additionalProperties: false - policy.resourcemapping.DeleteResourceMappingRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeleteResourceMappingRequest - additionalProperties: false - policy.resourcemapping.DeleteResourceMappingResponse: - type: object - properties: - resourceMapping: - title: resource_mapping - $ref: '#/components/schemas/policy.ResourceMapping' - title: DeleteResourceMappingResponse - additionalProperties: false - policy.resourcemapping.GetResourceMappingGroupRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: GetResourceMappingGroupRequest - additionalProperties: false - policy.resourcemapping.GetResourceMappingGroupResponse: - type: object - properties: - resourceMappingGroup: - title: resource_mapping_group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: GetResourceMappingGroupResponse - additionalProperties: false - policy.resourcemapping.GetResourceMappingRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: GetResourceMappingRequest - additionalProperties: false - policy.resourcemapping.GetResourceMappingResponse: - type: object - properties: - resourceMapping: - title: resource_mapping - $ref: '#/components/schemas/policy.ResourceMapping' - title: GetResourceMappingResponse - additionalProperties: false - policy.resourcemapping.ListResourceMappingGroupsRequest: - type: object - properties: - namespaceId: - type: string - title: namespace_id - description: |+ - Optional - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListResourceMappingGroupsRequest - additionalProperties: false - policy.resourcemapping.ListResourceMappingGroupsResponse: - type: object - properties: - resourceMappingGroups: - type: array - items: - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: resource_mapping_groups - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListResourceMappingGroupsResponse - additionalProperties: false - policy.resourcemapping.ListResourceMappingsByGroupFqnsRequest: - type: object - properties: - fqns: - type: array - items: - type: string - minItems: 1 - title: fqns - minItems: 1 - description: |- - Required - Structure of the RM Group FQN is 'https:///resm/' - title: ListResourceMappingsByGroupFqnsRequest - additionalProperties: false - policy.resourcemapping.ListResourceMappingsByGroupFqnsResponse: - type: object - properties: - fqnResourceMappingGroups: - type: object - title: fqn_resource_mapping_groups - additionalProperties: - title: value - $ref: '#/components/schemas/policy.resourcemapping.ResourceMappingsByGroup' - title: ListResourceMappingsByGroupFqnsResponse - additionalProperties: false - policy.resourcemapping.ListResourceMappingsByGroupFqnsResponse.FqnResourceMappingGroupsEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/policy.resourcemapping.ResourceMappingsByGroup' - title: FqnResourceMappingGroupsEntry - additionalProperties: false - policy.resourcemapping.ListResourceMappingsRequest: - type: object - properties: - groupId: - type: string - title: group_id - description: |+ - Optional - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListResourceMappingsRequest - additionalProperties: false - policy.resourcemapping.ListResourceMappingsResponse: - type: object - properties: - resourceMappings: - type: array - items: - $ref: '#/components/schemas/policy.ResourceMapping' - title: resource_mappings - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListResourceMappingsResponse - additionalProperties: false - policy.resourcemapping.ResourceMappingsByGroup: - type: object - properties: - group: - title: group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - mappings: - type: array - items: - $ref: '#/components/schemas/policy.ResourceMapping' - title: mappings - title: ResourceMappingsByGroup - additionalProperties: false - policy.resourcemapping.UpdateResourceMappingGroupRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - namespaceId: - type: string - title: namespace_id - description: |+ - Optional - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - name: - type: string - title: name - maxLength: 253 - description: |+ - Optional - Optional field must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored group name will be normalized to lower case.: - ``` - size(this) == 0 || this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateResourceMappingGroupRequest - additionalProperties: false - policy.resourcemapping.UpdateResourceMappingGroupResponse: - type: object - properties: - resourceMappingGroup: - title: resource_mapping_group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: UpdateResourceMappingGroupResponse - additionalProperties: false - policy.resourcemapping.UpdateResourceMappingRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - attributeValueId: - type: string - title: attribute_value_id - description: |+ - Optional - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - terms: - type: array - items: - type: string - maxItems: 1000 - title: terms - maxItems: 1000 - description: Optional - groupId: - type: string - title: group_id - description: |+ - Optional - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - metadata: - title: metadata - description: |- - Optional - Common Metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateResourceMappingRequest - additionalProperties: false - policy.resourcemapping.UpdateResourceMappingResponse: - type: object - properties: - resourceMapping: - title: resource_mapping - $ref: '#/components/schemas/policy.ResourceMapping' - title: UpdateResourceMappingResponse - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: policy.resourcemapping.ResourceMappingService - description: Resource Mapping Groups diff --git a/specs/policy/selectors.openapi.yaml b/specs/policy/selectors.openapi.yaml deleted file mode 100644 index 3a430300..00000000 --- a/specs/policy/selectors.openapi.yaml +++ /dev/null @@ -1,152 +0,0 @@ -openapi: 3.1.0 -info: - title: policy -paths: {} -components: - schemas: - policy.AttributeDefinitionSelector: - type: object - properties: - withKeyAccessGrants: - type: boolean - title: with_key_access_grants - description: Deprecated - withNamespace: - title: with_namespace - $ref: '#/components/schemas/policy.AttributeDefinitionSelector.NamespaceSelector' - withValues: - title: with_values - $ref: '#/components/schemas/policy.AttributeDefinitionSelector.ValueSelector' - title: AttributeDefinitionSelector - additionalProperties: false - policy.AttributeDefinitionSelector.NamespaceSelector: - type: object - title: NamespaceSelector - additionalProperties: false - policy.AttributeDefinitionSelector.ValueSelector: - type: object - properties: - withKeyAccessGrants: - type: boolean - title: with_key_access_grants - description: Deprecated - withSubjectMaps: - type: boolean - title: with_subject_maps - withResourceMaps: - type: boolean - title: with_resource_maps - title: ValueSelector - additionalProperties: false - policy.AttributeNamespaceSelector: - type: object - properties: - withAttributes: - title: with_attributes - $ref: '#/components/schemas/policy.AttributeNamespaceSelector.AttributeSelector' - title: AttributeNamespaceSelector - additionalProperties: false - policy.AttributeNamespaceSelector.AttributeSelector: - type: object - properties: - withKeyAccessGrants: - type: boolean - title: with_key_access_grants - description: Deprecated - withValues: - title: with_values - $ref: '#/components/schemas/policy.AttributeNamespaceSelector.AttributeSelector.ValueSelector' - title: AttributeSelector - additionalProperties: false - policy.AttributeNamespaceSelector.AttributeSelector.ValueSelector: - type: object - properties: - withKeyAccessGrants: - type: boolean - title: with_key_access_grants - description: Deprecated - withSubjectMaps: - type: boolean - title: with_subject_maps - withResourceMaps: - type: boolean - title: with_resource_maps - title: ValueSelector - additionalProperties: false - policy.AttributeValueSelector: - type: object - properties: - withKeyAccessGrants: - type: boolean - title: with_key_access_grants - description: Deprecated - withSubjectMaps: - type: boolean - title: with_subject_maps - withResourceMaps: - type: boolean - title: with_resource_maps - withAttribute: - title: with_attribute - $ref: '#/components/schemas/policy.AttributeValueSelector.AttributeSelector' - title: AttributeValueSelector - additionalProperties: false - policy.AttributeValueSelector.AttributeSelector: - type: object - properties: - withKeyAccessGrants: - type: boolean - title: with_key_access_grants - description: Deprecated - withNamespace: - title: with_namespace - $ref: '#/components/schemas/policy.AttributeValueSelector.AttributeSelector.NamespaceSelector' - title: AttributeSelector - additionalProperties: false - policy.AttributeValueSelector.AttributeSelector.NamespaceSelector: - type: object - title: NamespaceSelector - additionalProperties: false - policy.PageRequest: - type: object - properties: - limit: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - offset: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided - title: PageRequest - additionalProperties: false - policy.PageResponse: - type: object - properties: - currentOffset: - type: integer - title: current_offset - format: int32 - description: Requested pagination offset - nextOffset: - type: integer - title: next_offset - format: int32 - description: |- - Calculated with request limit + offset or defaults - Empty when none remain after current page - total: - type: integer - title: total - format: int32 - description: Total count of entire list - title: PageResponse - additionalProperties: false -security: [] diff --git a/specs/policy/subjectmapping/subject_mapping.openapi.yaml b/specs/policy/subjectmapping/subject_mapping.openapi.yaml deleted file mode 100644 index 69d6ed37..00000000 --- a/specs/policy/subjectmapping/subject_mapping.openapi.yaml +++ /dev/null @@ -1,1603 +0,0 @@ -openapi: 3.1.0 -info: - title: policy.subjectmapping -paths: - /policy.subjectmapping.SubjectMappingService/MatchSubjectMappings: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: MatchSubjectMappings - description: Find matching Subject Mappings for a given Subject - operationId: policy.subjectmapping.SubjectMappingService.MatchSubjectMappings - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.MatchSubjectMappingsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.MatchSubjectMappingsResponse' - /policy.subjectmapping.SubjectMappingService/ListSubjectMappings: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: ListSubjectMappings - operationId: policy.subjectmapping.SubjectMappingService.ListSubjectMappings - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.ListSubjectMappingsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.ListSubjectMappingsResponse' - /policy.subjectmapping.SubjectMappingService/GetSubjectMapping: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: GetSubjectMapping - operationId: policy.subjectmapping.SubjectMappingService.GetSubjectMapping - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.GetSubjectMappingRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.GetSubjectMappingResponse' - /policy.subjectmapping.SubjectMappingService/CreateSubjectMapping: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: CreateSubjectMapping - operationId: policy.subjectmapping.SubjectMappingService.CreateSubjectMapping - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.CreateSubjectMappingRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.CreateSubjectMappingResponse' - /policy.subjectmapping.SubjectMappingService/UpdateSubjectMapping: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: UpdateSubjectMapping - operationId: policy.subjectmapping.SubjectMappingService.UpdateSubjectMapping - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.UpdateSubjectMappingRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.UpdateSubjectMappingResponse' - /policy.subjectmapping.SubjectMappingService/DeleteSubjectMapping: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: DeleteSubjectMapping - operationId: policy.subjectmapping.SubjectMappingService.DeleteSubjectMapping - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.DeleteSubjectMappingRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.DeleteSubjectMappingResponse' - /policy.subjectmapping.SubjectMappingService/ListSubjectConditionSets: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: ListSubjectConditionSets - operationId: policy.subjectmapping.SubjectMappingService.ListSubjectConditionSets - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.ListSubjectConditionSetsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.ListSubjectConditionSetsResponse' - /policy.subjectmapping.SubjectMappingService/GetSubjectConditionSet: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: GetSubjectConditionSet - operationId: policy.subjectmapping.SubjectMappingService.GetSubjectConditionSet - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.GetSubjectConditionSetRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.GetSubjectConditionSetResponse' - /policy.subjectmapping.SubjectMappingService/CreateSubjectConditionSet: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: CreateSubjectConditionSet - operationId: policy.subjectmapping.SubjectMappingService.CreateSubjectConditionSet - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.CreateSubjectConditionSetRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.CreateSubjectConditionSetResponse' - /policy.subjectmapping.SubjectMappingService/UpdateSubjectConditionSet: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: UpdateSubjectConditionSet - operationId: policy.subjectmapping.SubjectMappingService.UpdateSubjectConditionSet - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.UpdateSubjectConditionSetRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.UpdateSubjectConditionSetResponse' - /policy.subjectmapping.SubjectMappingService/DeleteSubjectConditionSet: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: DeleteSubjectConditionSet - operationId: policy.subjectmapping.SubjectMappingService.DeleteSubjectConditionSet - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.DeleteSubjectConditionSetRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.DeleteSubjectConditionSetResponse' - /policy.subjectmapping.SubjectMappingService/DeleteAllUnmappedSubjectConditionSets: - post: - tags: - - policy.subjectmapping.SubjectMappingService - summary: DeleteAllUnmappedSubjectConditionSets - operationId: policy.subjectmapping.SubjectMappingService.DeleteAllUnmappedSubjectConditionSets - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.DeleteAllUnmappedSubjectConditionSetsRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.subjectmapping.DeleteAllUnmappedSubjectConditionSetsResponse' -components: - schemas: - common.MetadataUpdateEnum: - type: string - title: MetadataUpdateEnum - enum: - - METADATA_UPDATE_ENUM_UNSPECIFIED - - METADATA_UPDATE_ENUM_EXTEND - - METADATA_UPDATE_ENUM_REPLACE - policy.Action.StandardAction: - type: string - title: StandardAction - enum: - - STANDARD_ACTION_UNSPECIFIED - - STANDARD_ACTION_DECRYPT - - STANDARD_ACTION_TRANSMIT - policy.Algorithm: - type: string - title: Algorithm - enum: - - ALGORITHM_UNSPECIFIED - - ALGORITHM_RSA_2048 - - ALGORITHM_RSA_4096 - - ALGORITHM_EC_P256 - - ALGORITHM_EC_P384 - - ALGORITHM_EC_P521 - description: Supported key algorithms. - policy.AttributeRuleTypeEnum: - type: string - title: AttributeRuleTypeEnum - enum: - - ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED - - ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF - - ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF - - ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY - policy.ConditionBooleanTypeEnum: - type: string - title: ConditionBooleanTypeEnum - enum: - - CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED - - CONDITION_BOOLEAN_TYPE_ENUM_AND - - CONDITION_BOOLEAN_TYPE_ENUM_OR - policy.KasPublicKeyAlgEnum: - type: string - title: KasPublicKeyAlgEnum - enum: - - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 - policy.SourceType: - type: string - title: SourceType - enum: - - SOURCE_TYPE_UNSPECIFIED - - SOURCE_TYPE_INTERNAL - - SOURCE_TYPE_EXTERNAL - description: |- - Describes whether this kas is managed by the organization or if they imported - the kas information from an external party. These two modes are necessary in order - to encrypt a tdf dek with an external parties kas public key. - policy.SubjectMappingOperatorEnum: - type: string - title: SubjectMappingOperatorEnum - enum: - - SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED - - SUBJECT_MAPPING_OPERATOR_ENUM_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - common.MetadataMutable: - type: object - properties: - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional labels - title: MetadataMutable - additionalProperties: false - common.MetadataMutable.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.BoolValue: - type: boolean - description: |- - Wrapper message for `bool`. - - The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.Action: - type: object - oneOf: - - properties: - custom: - type: string - title: custom - description: Deprecated - title: custom - required: - - custom - - properties: - standard: - title: standard - description: Deprecated - $ref: '#/components/schemas/policy.Action.StandardAction' - title: standard - required: - - standard - properties: - id: - type: string - title: id - description: Generated uuid in database - name: - type: string - title: name - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Action - additionalProperties: false - description: An action an entity can take - policy.Attribute: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - description: namespace of the attribute - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - description: attribute name - rule: - title: rule - description: attribute rule enum - $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' - values: - type: array - items: - $ref: '#/components/schemas/policy.Value' - title: values - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the attribute. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys associated with the attribute - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Attribute - required: - - rule - additionalProperties: false - policy.Condition: - type: object - properties: - subjectExternalSelectorValue: - type: string - title: subject_external_selector_value - description: |- - a selector for a field value on a flattened Entity Representation (such as - from idP/LDAP) - operator: - title: operator - description: the evaluation operator of relation - $ref: '#/components/schemas/policy.SubjectMappingOperatorEnum' - subjectExternalValues: - type: array - items: - type: string - minItems: 1 - title: subject_external_values - minItems: 1 - description: |- - list of comparison values for the result of applying the - subject_external_selector_value on a flattened Entity Representation - (Subject), evaluated by the operator - title: Condition - required: - - subjectExternalSelectorValue - - operator - additionalProperties: false - description: |- - * - A Condition defines a rule of - policy.ConditionGroup: - type: object - properties: - conditions: - type: array - items: - $ref: '#/components/schemas/policy.Condition' - title: conditions - minItems: 1 - booleanOperator: - title: boolean_operator - description: the boolean evaluation type across the conditions - $ref: '#/components/schemas/policy.ConditionBooleanTypeEnum' - title: ConditionGroup - required: - - booleanOperator - additionalProperties: false - description: A collection of Conditions evaluated by the boolean_operator provided - policy.KasPublicKey: - type: object - properties: - pem: - type: string - title: pem - maxLength: 8192 - minLength: 1 - description: x509 ASN.1 content in PEM envelope, usually - kid: - type: string - title: kid - maxLength: 32 - minLength: 1 - description: A unique string identifier for this key - alg: - not: - enum: - - 0 - title: alg - description: |- - A known algorithm type with any additional parameters encoded. - To start, these may be `rsa:2048` for encrypting ZTDF files and - `ec:secp256r1` for nanoTDF, but more formats may be added as needed. - $ref: '#/components/schemas/policy.KasPublicKeyAlgEnum' - title: KasPublicKey - additionalProperties: false - description: |- - Deprecated - A KAS public key and some associated metadata for further identifcation - policy.KasPublicKeySet: - type: object - properties: - keys: - type: array - items: - $ref: '#/components/schemas/policy.KasPublicKey' - title: keys - title: KasPublicKeySet - additionalProperties: false - description: |- - Deprecated - A list of known KAS public keys - policy.KeyAccessServer: - type: object - properties: - id: - type: string - title: id - uri: - type: string - title: uri - description: |+ - Address of a KAS instance - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$') - ``` - - publicKey: - title: public_key - description: Deprecated - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: 'The source of the KAS: (INTERNAL, EXTERNAL)' - $ref: '#/components/schemas/policy.SourceType' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Kas keys associated with this KAS - name: - type: string - title: name - description: |- - Optional - Unique name of the KAS instance - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyAccessServer - additionalProperties: false - description: Key Access Server Registry - policy.Namespace: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - name: - type: string - title: name - description: |- - used to partition Attribute Definitions, support by namespace AuthN and - enable federation - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the namespace. Use kas_keys instead. - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys for the namespace - title: Namespace - additionalProperties: false - policy.PageRequest: - type: object - properties: - limit: - type: integer - title: limit - format: int32 - description: |- - Optional - Set to configured default limit if not provided - Maximum limit set in platform config and enforced by services - offset: - type: integer - title: offset - format: int32 - description: |- - Optional - Defaulted if not provided - title: PageRequest - additionalProperties: false - policy.PageResponse: - type: object - properties: - currentOffset: - type: integer - title: current_offset - format: int32 - description: Requested pagination offset - nextOffset: - type: integer - title: next_offset - format: int32 - description: |- - Calculated with request limit + offset or defaults - Empty when none remain after current page - total: - type: integer - title: total - format: int32 - description: Total count of entire list - title: PageResponse - additionalProperties: false - policy.PublicKey: - type: object - oneOf: - - properties: - cached: - title: cached - description: public key with additional information. Current preferred version - $ref: '#/components/schemas/policy.KasPublicKeySet' - title: cached - required: - - cached - - properties: - remote: - type: string - title: remote - description: |+ - kas public key url - optional since can also be retrieved via public key - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$') - ``` - - title: remote - required: - - remote - title: PublicKey - additionalProperties: false - description: Deprecated - policy.ResourceMapping: - type: object - properties: - id: - type: string - title: id - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - terms: - type: array - items: - type: string - title: terms - group: - title: group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: ResourceMapping - required: - - attributeValue - additionalProperties: false - description: |- - Resource Mappings (aka Access Control Resource Encodings aka ACRE) are - structures supporting the mapping of Resources and Attribute Values - policy.ResourceMappingGroup: - type: object - properties: - id: - type: string - title: id - namespaceId: - type: string - title: namespace_id - description: the namespace containing the group of resource mappings - name: - type: string - title: name - description: |- - the common name for the group of resource mappings, which must be unique - per namespace - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: ResourceMappingGroup - required: - - namespaceId - - name - additionalProperties: false - description: |- - Resource Mapping Groups are namespaced collections of Resource Mappings - associated under a common group name. - policy.SimpleKasKey: - type: object - properties: - kasUri: - type: string - title: kas_uri - description: The URL of the Key Access Server - publicKey: - title: public_key - description: The public key of the Key that belongs to the KAS - $ref: '#/components/schemas/policy.SimpleKasPublicKey' - kasId: - type: string - title: kas_id - description: The ID of the Key Access Server - title: SimpleKasKey - additionalProperties: false - policy.SimpleKasPublicKey: - type: object - properties: - algorithm: - title: algorithm - $ref: '#/components/schemas/policy.Algorithm' - kid: - type: string - title: kid - pem: - type: string - title: pem - title: SimpleKasPublicKey - additionalProperties: false - policy.SubjectConditionSet: - type: object - properties: - id: - type: string - title: id - subjectSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectSet' - title: subject_sets - minItems: 1 - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectConditionSet - additionalProperties: false - description: |- - A container for multiple Subject Sets, each containing Condition Groups, each - containing Conditions. Multiple Subject Sets in a SubjectConditionSet are - evaluated with AND logic. As each Subject Mapping has only one Attribute - Value, the SubjectConditionSet is reusable across multiple Subject Mappings / - Attribute Values and is an independent unit. - policy.SubjectMapping: - type: object - properties: - id: - type: string - title: id - attributeValue: - title: attribute_value - description: 'the Attribute Value mapped to; aka: "The Entity Entitlement Attribute"' - $ref: '#/components/schemas/policy.Value' - subjectConditionSet: - title: subject_condition_set - description: the reusable SubjectConditionSet mapped to the given Attribute Value - $ref: '#/components/schemas/policy.SubjectConditionSet' - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - description: The actions permitted by subjects in this mapping - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectMapping - additionalProperties: false - description: |- - Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute - value + action(s) combination - policy.SubjectProperty: - type: object - properties: - externalSelectorValue: - type: string - title: external_selector_value - minLength: 1 - externalValue: - type: string - title: external_value - title: SubjectProperty - required: - - externalSelectorValue - additionalProperties: false - description: |- - A property of a Subject/Entity as its selector expression -> value result - pair. This would mirror external user attributes retrieved from an - authoritative source such as an IDP (Identity Provider) or User Store. - Examples include such ADFS/LDAP, OKTA, etc. For now, a valid property must - contain both a selector expression & a resulting value. - - The external_selector_value is a specifier to select a value from a flattened - external representation of an Entity (such as from idP/LDAP), and the - external_value is the value selected by the external_selector_value on that - Entity Representation (Subject Context). These mirror the Condition. - policy.SubjectSet: - type: object - properties: - conditionGroups: - type: array - items: - $ref: '#/components/schemas/policy.ConditionGroup' - title: condition_groups - minItems: 1 - description: multiple Condition Groups are evaluated with AND logic - title: SubjectSet - additionalProperties: false - description: A collection of Condition Groups - policy.Value: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - value: - type: string - title: value - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the value. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - subjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: subject_mappings - description: subject mapping - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - resourceMappings: - type: array - items: - $ref: '#/components/schemas/policy.ResourceMapping' - title: resource_mappings - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Value - additionalProperties: false - policy.subjectmapping.CreateSubjectConditionSetRequest: - type: object - properties: - subjectConditionSet: - title: subject_condition_set - $ref: '#/components/schemas/policy.subjectmapping.SubjectConditionSetCreate' - title: CreateSubjectConditionSetRequest - required: - - subjectConditionSet - additionalProperties: false - policy.subjectmapping.CreateSubjectConditionSetResponse: - type: object - properties: - subjectConditionSet: - title: subject_condition_set - $ref: '#/components/schemas/policy.SubjectConditionSet' - title: CreateSubjectConditionSetResponse - additionalProperties: false - policy.subjectmapping.CreateSubjectMappingRequest: - type: object - properties: - attributeValueId: - type: string - title: attribute_value_id - format: uuid - description: |- - Required - Attribute Value to be mapped to - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - minItems: 1 - description: |+ - Required - The actions permitted by subjects in this mapping - Action name or ID must not be empty if provided: - ``` - this.all(item, item.name != '' || item.id != '') - ``` - - existingSubjectConditionSetId: - type: string - title: existing_subject_condition_set_id - description: |+ - Either of the following: - Reuse existing SubjectConditionSet (NOTE: prioritized over new_subject_condition_set) - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - newSubjectConditionSet: - title: new_subject_condition_set - description: 'Create new SubjectConditionSet (NOTE: ignored if existing_subject_condition_set_id is provided)' - $ref: '#/components/schemas/policy.subjectmapping.SubjectConditionSetCreate' - metadata: - title: metadata - description: Optional - $ref: '#/components/schemas/common.MetadataMutable' - title: CreateSubjectMappingRequest - additionalProperties: false - policy.subjectmapping.CreateSubjectMappingResponse: - type: object - properties: - subjectMapping: - title: subject_mapping - $ref: '#/components/schemas/policy.SubjectMapping' - title: CreateSubjectMappingResponse - additionalProperties: false - policy.subjectmapping.DeleteAllUnmappedSubjectConditionSetsRequest: - type: object - title: DeleteAllUnmappedSubjectConditionSetsRequest - additionalProperties: false - description: Prune any Subject Condition Sets not utilized within a Subject Mapping - policy.subjectmapping.DeleteAllUnmappedSubjectConditionSetsResponse: - type: object - properties: - subjectConditionSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectConditionSet' - title: subject_condition_sets - description: Only IDs of any deleted Subject Condition Set provided - title: DeleteAllUnmappedSubjectConditionSetsResponse - additionalProperties: false - policy.subjectmapping.DeleteSubjectConditionSetRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeleteSubjectConditionSetRequest - additionalProperties: false - policy.subjectmapping.DeleteSubjectConditionSetResponse: - type: object - properties: - subjectConditionSet: - title: subject_condition_set - description: Only ID of deleted Subject Condition Set provided - $ref: '#/components/schemas/policy.SubjectConditionSet' - title: DeleteSubjectConditionSetResponse - additionalProperties: false - policy.subjectmapping.DeleteSubjectMappingRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: DeleteSubjectMappingRequest - additionalProperties: false - policy.subjectmapping.DeleteSubjectMappingResponse: - type: object - properties: - subjectMapping: - title: subject_mapping - description: Only ID of the updated Subject Mapping provided - $ref: '#/components/schemas/policy.SubjectMapping' - title: DeleteSubjectMappingResponse - additionalProperties: false - policy.subjectmapping.GetSubjectConditionSetRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: GetSubjectConditionSetRequest - additionalProperties: false - policy.subjectmapping.GetSubjectConditionSetResponse: - type: object - properties: - subjectConditionSet: - title: subject_condition_set - $ref: '#/components/schemas/policy.SubjectConditionSet' - associatedSubjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: associated_subject_mappings - description: contextualized Subject Mappings associated with this SubjectConditionSet - title: GetSubjectConditionSetResponse - additionalProperties: false - policy.subjectmapping.GetSubjectMappingRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: GetSubjectMappingRequest - additionalProperties: false - policy.subjectmapping.GetSubjectMappingResponse: - type: object - properties: - subjectMapping: - title: subject_mapping - $ref: '#/components/schemas/policy.SubjectMapping' - title: GetSubjectMappingResponse - additionalProperties: false - policy.subjectmapping.ListSubjectConditionSetsRequest: - type: object - properties: - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListSubjectConditionSetsRequest - additionalProperties: false - policy.subjectmapping.ListSubjectConditionSetsResponse: - type: object - properties: - subjectConditionSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectConditionSet' - title: subject_condition_sets - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListSubjectConditionSetsResponse - additionalProperties: false - policy.subjectmapping.ListSubjectMappingsRequest: - type: object - properties: - pagination: - title: pagination - description: Optional - $ref: '#/components/schemas/policy.PageRequest' - title: ListSubjectMappingsRequest - additionalProperties: false - policy.subjectmapping.ListSubjectMappingsResponse: - type: object - properties: - subjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: subject_mappings - pagination: - title: pagination - $ref: '#/components/schemas/policy.PageResponse' - title: ListSubjectMappingsResponse - additionalProperties: false - policy.subjectmapping.MatchSubjectMappingsRequest: - type: object - properties: - subjectProperties: - type: array - items: - $ref: '#/components/schemas/policy.SubjectProperty' - title: subject_properties - minItems: 1 - title: MatchSubjectMappingsRequest - additionalProperties: false - description: |- - MatchSubjectMappingsRequest liberally returns a list of SubjectMappings based on the provided SubjectProperties. - The SubjectMappings are returned if an external selector field matches. - policy.subjectmapping.MatchSubjectMappingsResponse: - type: object - properties: - subjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: subject_mappings - title: MatchSubjectMappingsResponse - additionalProperties: false - policy.subjectmapping.SubjectConditionSetCreate: - type: object - properties: - subjectSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectSet' - title: subject_sets - minItems: 1 - description: Required - metadata: - title: metadata - description: |- - Optional - Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - title: SubjectConditionSetCreate - additionalProperties: false - policy.subjectmapping.UpdateSubjectConditionSetRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - subjectSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectSet' - title: subject_sets - description: |- - Optional - If provided, replaces entire existing structure of Subject Sets, Condition Groups, & Conditions - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateSubjectConditionSetRequest - additionalProperties: false - policy.subjectmapping.UpdateSubjectConditionSetResponse: - type: object - properties: - subjectConditionSet: - title: subject_condition_set - description: Only ID of updated Subject Condition Set provided - $ref: '#/components/schemas/policy.SubjectConditionSet' - title: UpdateSubjectConditionSetResponse - additionalProperties: false - policy.subjectmapping.UpdateSubjectMappingRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - subjectConditionSetId: - type: string - title: subject_condition_set_id - description: |+ - Optional - Replaces the existing SubjectConditionSet id with a new one - Optional field must be a valid UUID: - ``` - size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') - ``` - - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - description: |+ - Optional - Replaces entire list of actions permitted by subjects - Action name or ID must not be empty if provided: - ``` - this.size() == 0 || this.all(item, item.name != '' || item.id != '') - ``` - - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.MetadataMutable' - metadataUpdateBehavior: - title: metadata_update_behavior - $ref: '#/components/schemas/common.MetadataUpdateEnum' - title: UpdateSubjectMappingRequest - additionalProperties: false - policy.subjectmapping.UpdateSubjectMappingResponse: - type: object - properties: - subjectMapping: - title: subject_mapping - description: Only ID of the updated Subject Mapping provided - $ref: '#/components/schemas/policy.SubjectMapping' - title: UpdateSubjectMappingResponse - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: policy.subjectmapping.SubjectMappingService diff --git a/specs/policy/unsafe/unsafe.openapi.yaml b/specs/policy/unsafe/unsafe.openapi.yaml deleted file mode 100644 index 2ff949d0..00000000 --- a/specs/policy/unsafe/unsafe.openapi.yaml +++ /dev/null @@ -1,1555 +0,0 @@ -openapi: 3.1.0 -info: - title: policy.unsafe -paths: - /policy.unsafe.UnsafeService/UnsafeUpdateNamespace: - post: - tags: - - policy.unsafe.UnsafeService - summary: UnsafeUpdateNamespace - description: |- - --------------------------------------* - Namespace RPCs - --------------------------------------- - operationId: policy.unsafe.UnsafeService.UnsafeUpdateNamespace - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeUpdateNamespaceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeUpdateNamespaceResponse' - /policy.unsafe.UnsafeService/UnsafeReactivateNamespace: - post: - tags: - - policy.unsafe.UnsafeService - summary: UnsafeReactivateNamespace - operationId: policy.unsafe.UnsafeService.UnsafeReactivateNamespace - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeReactivateNamespaceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeReactivateNamespaceResponse' - /policy.unsafe.UnsafeService/UnsafeDeleteNamespace: - post: - tags: - - policy.unsafe.UnsafeService - summary: UnsafeDeleteNamespace - operationId: policy.unsafe.UnsafeService.UnsafeDeleteNamespace - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteNamespaceRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteNamespaceResponse' - /policy.unsafe.UnsafeService/UnsafeUpdateAttribute: - post: - tags: - - policy.unsafe.UnsafeService - summary: UnsafeUpdateAttribute - description: |- - --------------------------------------* - Attribute RPCs - --------------------------------------- - operationId: policy.unsafe.UnsafeService.UnsafeUpdateAttribute - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeUpdateAttributeRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeUpdateAttributeResponse' - /policy.unsafe.UnsafeService/UnsafeReactivateAttribute: - post: - tags: - - policy.unsafe.UnsafeService - summary: UnsafeReactivateAttribute - operationId: policy.unsafe.UnsafeService.UnsafeReactivateAttribute - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeReactivateAttributeRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeReactivateAttributeResponse' - /policy.unsafe.UnsafeService/UnsafeDeleteAttribute: - post: - tags: - - policy.unsafe.UnsafeService - summary: UnsafeDeleteAttribute - operationId: policy.unsafe.UnsafeService.UnsafeDeleteAttribute - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteAttributeRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteAttributeResponse' - /policy.unsafe.UnsafeService/UnsafeUpdateAttributeValue: - post: - tags: - - policy.unsafe.UnsafeService - summary: UnsafeUpdateAttributeValue - description: |- - --------------------------------------* - Value RPCs - --------------------------------------- - operationId: policy.unsafe.UnsafeService.UnsafeUpdateAttributeValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeUpdateAttributeValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeUpdateAttributeValueResponse' - /policy.unsafe.UnsafeService/UnsafeReactivateAttributeValue: - post: - tags: - - policy.unsafe.UnsafeService - summary: UnsafeReactivateAttributeValue - operationId: policy.unsafe.UnsafeService.UnsafeReactivateAttributeValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeReactivateAttributeValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeReactivateAttributeValueResponse' - /policy.unsafe.UnsafeService/UnsafeDeleteAttributeValue: - post: - tags: - - policy.unsafe.UnsafeService - summary: UnsafeDeleteAttributeValue - operationId: policy.unsafe.UnsafeService.UnsafeDeleteAttributeValue - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteAttributeValueRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteAttributeValueResponse' - /policy.unsafe.UnsafeService/UnsafeDeleteKasKey: - post: - tags: - - policy.unsafe.UnsafeService - summary: UnsafeDeleteKasKey - description: |- - --------------------------------------* - Kas Key RPCs - --------------------------------------- - operationId: policy.unsafe.UnsafeService.UnsafeDeleteKasKey - parameters: - - name: Connect-Protocol-Version - in: header - required: true - schema: - $ref: '#/components/schemas/connect-protocol-version' - - name: Connect-Timeout-Ms - in: header - schema: - $ref: '#/components/schemas/connect-timeout-header' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteKasKeyRequest' - required: true - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/policy.unsafe.UnsafeDeleteKasKeyResponse' -components: - schemas: - policy.Action.StandardAction: - type: string - title: StandardAction - enum: - - STANDARD_ACTION_UNSPECIFIED - - STANDARD_ACTION_DECRYPT - - STANDARD_ACTION_TRANSMIT - policy.Algorithm: - type: string - title: Algorithm - enum: - - ALGORITHM_UNSPECIFIED - - ALGORITHM_RSA_2048 - - ALGORITHM_RSA_4096 - - ALGORITHM_EC_P256 - - ALGORITHM_EC_P384 - - ALGORITHM_EC_P521 - description: Supported key algorithms. - policy.AttributeRuleTypeEnum: - type: string - title: AttributeRuleTypeEnum - enum: - - ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED - - ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF - - ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF - - ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY - policy.ConditionBooleanTypeEnum: - type: string - title: ConditionBooleanTypeEnum - enum: - - CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED - - CONDITION_BOOLEAN_TYPE_ENUM_AND - - CONDITION_BOOLEAN_TYPE_ENUM_OR - policy.KasPublicKeyAlgEnum: - type: string - title: KasPublicKeyAlgEnum - enum: - - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 - - KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 - - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 - policy.KeyMode: - type: string - title: KeyMode - enum: - - KEY_MODE_UNSPECIFIED - - KEY_MODE_CONFIG_ROOT_KEY - - KEY_MODE_PROVIDER_ROOT_KEY - - KEY_MODE_REMOTE - - KEY_MODE_PUBLIC_KEY_ONLY - description: Describes the management and operational mode of a cryptographic key. - policy.KeyStatus: - type: string - title: KeyStatus - enum: - - KEY_STATUS_UNSPECIFIED - - KEY_STATUS_ACTIVE - - KEY_STATUS_ROTATED - description: The status of the key - policy.SourceType: - type: string - title: SourceType - enum: - - SOURCE_TYPE_UNSPECIFIED - - SOURCE_TYPE_INTERNAL - - SOURCE_TYPE_EXTERNAL - description: |- - Describes whether this kas is managed by the organization or if they imported - the kas information from an external party. These two modes are necessary in order - to encrypt a tdf dek with an external parties kas public key. - policy.SubjectMappingOperatorEnum: - type: string - title: SubjectMappingOperatorEnum - enum: - - SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED - - SUBJECT_MAPPING_OPERATOR_ENUM_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN - - SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS - common.Metadata: - type: object - properties: - createdAt: - title: created_at - description: created_at set by server (entity who created will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - updatedAt: - title: updated_at - description: updated_at set by server (entity who updated will recorded in an audit event) - $ref: '#/components/schemas/google.protobuf.Timestamp' - labels: - type: object - title: labels - additionalProperties: - type: string - title: value - description: optional short description - title: Metadata - additionalProperties: false - description: Struct to uniquely identify a resource with optional additional metadata - common.Metadata.LabelsEntry: - type: object - properties: - key: - type: string - title: key - value: - type: string - title: value - title: LabelsEntry - additionalProperties: false - google.protobuf.BoolValue: - type: boolean - description: |- - Wrapper message for `bool`. - - The JSON representation for `BoolValue` is JSON `true` and `false`. - - Not recommended for use in new APIs, but still useful for legacy APIs and - has no plan to be removed. - google.protobuf.Timestamp: - type: string - examples: - - 1s - - 1.000340012s - format: date-time - description: |- - A Timestamp represents a point in time independent of any time zone or local - calendar, encoded as a count of seconds and fractions of seconds at - nanosecond resolution. The count is relative to an epoch at UTC midnight on - January 1, 1970, in the proleptic Gregorian calendar which extends the - Gregorian calendar backwards to year one. - - All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap - second table is needed for interpretation, using a [24-hour linear - smear](https://developers.google.com/time/smear). - - The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By - restricting to that range, we ensure that we can convert to and from [RFC - 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. - - # Examples - - Example 1: Compute Timestamp from POSIX `time()`. - - Timestamp timestamp; - timestamp.set_seconds(time(NULL)); - timestamp.set_nanos(0); - - Example 2: Compute Timestamp from POSIX `gettimeofday()`. - - struct timeval tv; - gettimeofday(&tv, NULL); - - Timestamp timestamp; - timestamp.set_seconds(tv.tv_sec); - timestamp.set_nanos(tv.tv_usec * 1000); - - Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. - - FILETIME ft; - GetSystemTimeAsFileTime(&ft); - UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; - - // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z - // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. - Timestamp timestamp; - timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); - timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); - - Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. - - long millis = System.currentTimeMillis(); - - Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) - .setNanos((int) ((millis % 1000) * 1000000)).build(); - - Example 5: Compute Timestamp from Java `Instant.now()`. - - Instant now = Instant.now(); - - Timestamp timestamp = - Timestamp.newBuilder().setSeconds(now.getEpochSecond()) - .setNanos(now.getNano()).build(); - - Example 6: Compute Timestamp from current time in Python. - - timestamp = Timestamp() - timestamp.GetCurrentTime() - - # JSON Mapping - - In JSON format, the Timestamp type is encoded as a string in the - [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the - format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" - where {year} is always expressed using four digits while {month}, {day}, - {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional - seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), - are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone - is required. A proto3 JSON serializer should always use UTC (as indicated by - "Z") when printing the Timestamp type and a proto3 JSON parser should be - able to accept both UTC and other timezones (as indicated by an offset). - - For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past - 01:30 UTC on January 15, 2017. - - In JavaScript, one can convert a Date object to this format using the - standard - [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) - method. In Python, a standard `datetime.datetime` object can be converted - to this format using - [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with - the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use - the Joda Time's [`ISODateTimeFormat.dateTime()`]( - http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() - ) to obtain a formatter capable of generating timestamps in this format. - policy.Action: - type: object - oneOf: - - properties: - custom: - type: string - title: custom - description: Deprecated - title: custom - required: - - custom - - properties: - standard: - title: standard - description: Deprecated - $ref: '#/components/schemas/policy.Action.StandardAction' - title: standard - required: - - standard - properties: - id: - type: string - title: id - description: Generated uuid in database - name: - type: string - title: name - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: Action - additionalProperties: false - description: An action an entity can take - policy.AsymmetricKey: - type: object - properties: - id: - type: string - title: id - description: Required - keyId: - type: string - title: key_id - description: Required - keyAlgorithm: - title: key_algorithm - description: Required - $ref: '#/components/schemas/policy.Algorithm' - keyStatus: - title: key_status - description: Required - $ref: '#/components/schemas/policy.KeyStatus' - keyMode: - title: key_mode - description: Required Specifies how the key is managed (local or remote) - $ref: '#/components/schemas/policy.KeyMode' - publicKeyCtx: - title: public_key_ctx - description: Required Specific structure based on key provider implementation - $ref: '#/components/schemas/policy.PublicKeyCtx' - privateKeyCtx: - title: private_key_ctx - description: Optional Specific structure based on key provider implementation - $ref: '#/components/schemas/policy.PrivateKeyCtx' - providerConfig: - title: provider_config - description: Optional Configuration for the key provider - $ref: '#/components/schemas/policy.KeyProviderConfig' - legacy: - type: boolean - title: legacy - description: Optional Indicates a key may be found in TDFs without key identifiers - metadata: - title: metadata - description: Common metadata fields - $ref: '#/components/schemas/common.Metadata' - title: AsymmetricKey - additionalProperties: false - policy.Attribute: - type: object - properties: - id: - type: string - title: id - namespace: - title: namespace - description: namespace of the attribute - $ref: '#/components/schemas/policy.Namespace' - name: - type: string - title: name - description: attribute name - rule: - title: rule - description: attribute rule enum - $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' - values: - type: array - items: - $ref: '#/components/schemas/policy.Value' - title: values - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the attribute. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys associated with the attribute - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Attribute - required: - - rule - additionalProperties: false - policy.Condition: - type: object - properties: - subjectExternalSelectorValue: - type: string - title: subject_external_selector_value - description: |- - a selector for a field value on a flattened Entity Representation (such as - from idP/LDAP) - operator: - title: operator - description: the evaluation operator of relation - $ref: '#/components/schemas/policy.SubjectMappingOperatorEnum' - subjectExternalValues: - type: array - items: - type: string - minItems: 1 - title: subject_external_values - minItems: 1 - description: |- - list of comparison values for the result of applying the - subject_external_selector_value on a flattened Entity Representation - (Subject), evaluated by the operator - title: Condition - required: - - subjectExternalSelectorValue - - operator - additionalProperties: false - description: |- - * - A Condition defines a rule of - policy.ConditionGroup: - type: object - properties: - conditions: - type: array - items: - $ref: '#/components/schemas/policy.Condition' - title: conditions - minItems: 1 - booleanOperator: - title: boolean_operator - description: the boolean evaluation type across the conditions - $ref: '#/components/schemas/policy.ConditionBooleanTypeEnum' - title: ConditionGroup - required: - - booleanOperator - additionalProperties: false - description: A collection of Conditions evaluated by the boolean_operator provided - policy.KasKey: - type: object - properties: - kasId: - type: string - title: kas_id - key: - title: key - $ref: '#/components/schemas/policy.AsymmetricKey' - kasUri: - type: string - title: kas_uri - title: KasKey - additionalProperties: false - policy.KasPublicKey: - type: object - properties: - pem: - type: string - title: pem - maxLength: 8192 - minLength: 1 - description: x509 ASN.1 content in PEM envelope, usually - kid: - type: string - title: kid - maxLength: 32 - minLength: 1 - description: A unique string identifier for this key - alg: - not: - enum: - - 0 - title: alg - description: |- - A known algorithm type with any additional parameters encoded. - To start, these may be `rsa:2048` for encrypting ZTDF files and - `ec:secp256r1` for nanoTDF, but more formats may be added as needed. - $ref: '#/components/schemas/policy.KasPublicKeyAlgEnum' - title: KasPublicKey - additionalProperties: false - description: |- - Deprecated - A KAS public key and some associated metadata for further identifcation - policy.KasPublicKeySet: - type: object - properties: - keys: - type: array - items: - $ref: '#/components/schemas/policy.KasPublicKey' - title: keys - title: KasPublicKeySet - additionalProperties: false - description: |- - Deprecated - A list of known KAS public keys - policy.KeyAccessServer: - type: object - properties: - id: - type: string - title: id - uri: - type: string - title: uri - description: |+ - Address of a KAS instance - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$') - ``` - - publicKey: - title: public_key - description: Deprecated - $ref: '#/components/schemas/policy.PublicKey' - sourceType: - title: source_type - description: 'The source of the KAS: (INTERNAL, EXTERNAL)' - $ref: '#/components/schemas/policy.SourceType' - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Kas keys associated with this KAS - name: - type: string - title: name - description: |- - Optional - Unique name of the KAS instance - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyAccessServer - additionalProperties: false - description: Key Access Server Registry - policy.KeyProviderConfig: - type: object - properties: - id: - type: string - title: id - name: - type: string - title: name - configJson: - type: string - title: config_json - format: byte - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: KeyProviderConfig - additionalProperties: false - policy.Namespace: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - name: - type: string - title: name - description: |- - used to partition Attribute Definitions, support by namespace AuthN and - enable federation - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the namespace. Use kas_keys instead. - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - description: Keys for the namespace - title: Namespace - additionalProperties: false - policy.PrivateKeyCtx: - type: object - properties: - keyId: - type: string - title: key_id - minLength: 1 - description: Required Key ID for the symmetric key wrapping this key. - wrappedKey: - type: string - title: wrapped_key - description: Optional Base64 encoded wrapped key. Conditionally required if key_mode is LOCAL. Should not be present if key_mode is REMOTE. - title: PrivateKeyCtx - additionalProperties: false - policy.PublicKey: - type: object - oneOf: - - properties: - cached: - title: cached - description: public key with additional information. Current preferred version - $ref: '#/components/schemas/policy.KasPublicKeySet' - title: cached - required: - - cached - - properties: - remote: - type: string - title: remote - description: |+ - kas public key url - optional since can also be retrieved via public key - URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.: - ``` - this.matches('^https://[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?)*(/.*)?$') - ``` - - title: remote - required: - - remote - title: PublicKey - additionalProperties: false - description: Deprecated - policy.PublicKeyCtx: - type: object - properties: - pem: - type: string - title: pem - minLength: 1 - description: Required Base64 encoded public key in PEM format - title: PublicKeyCtx - additionalProperties: false - policy.ResourceMapping: - type: object - properties: - id: - type: string - title: id - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - attributeValue: - title: attribute_value - $ref: '#/components/schemas/policy.Value' - terms: - type: array - items: - type: string - title: terms - group: - title: group - $ref: '#/components/schemas/policy.ResourceMappingGroup' - title: ResourceMapping - required: - - attributeValue - additionalProperties: false - description: |- - Resource Mappings (aka Access Control Resource Encodings aka ACRE) are - structures supporting the mapping of Resources and Attribute Values - policy.ResourceMappingGroup: - type: object - properties: - id: - type: string - title: id - namespaceId: - type: string - title: namespace_id - description: the namespace containing the group of resource mappings - name: - type: string - title: name - description: |- - the common name for the group of resource mappings, which must be unique - per namespace - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: ResourceMappingGroup - required: - - namespaceId - - name - additionalProperties: false - description: |- - Resource Mapping Groups are namespaced collections of Resource Mappings - associated under a common group name. - policy.SimpleKasKey: - type: object - properties: - kasUri: - type: string - title: kas_uri - description: The URL of the Key Access Server - publicKey: - title: public_key - description: The public key of the Key that belongs to the KAS - $ref: '#/components/schemas/policy.SimpleKasPublicKey' - kasId: - type: string - title: kas_id - description: The ID of the Key Access Server - title: SimpleKasKey - additionalProperties: false - policy.SimpleKasPublicKey: - type: object - properties: - algorithm: - title: algorithm - $ref: '#/components/schemas/policy.Algorithm' - kid: - type: string - title: kid - pem: - type: string - title: pem - title: SimpleKasPublicKey - additionalProperties: false - policy.SubjectConditionSet: - type: object - properties: - id: - type: string - title: id - subjectSets: - type: array - items: - $ref: '#/components/schemas/policy.SubjectSet' - title: subject_sets - minItems: 1 - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectConditionSet - additionalProperties: false - description: |- - A container for multiple Subject Sets, each containing Condition Groups, each - containing Conditions. Multiple Subject Sets in a SubjectConditionSet are - evaluated with AND logic. As each Subject Mapping has only one Attribute - Value, the SubjectConditionSet is reusable across multiple Subject Mappings / - Attribute Values and is an independent unit. - policy.SubjectMapping: - type: object - properties: - id: - type: string - title: id - attributeValue: - title: attribute_value - description: 'the Attribute Value mapped to; aka: "The Entity Entitlement Attribute"' - $ref: '#/components/schemas/policy.Value' - subjectConditionSet: - title: subject_condition_set - description: the reusable SubjectConditionSet mapped to the given Attribute Value - $ref: '#/components/schemas/policy.SubjectConditionSet' - actions: - type: array - items: - $ref: '#/components/schemas/policy.Action' - title: actions - description: The actions permitted by subjects in this mapping - metadata: - title: metadata - $ref: '#/components/schemas/common.Metadata' - title: SubjectMapping - additionalProperties: false - description: |- - Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute - value + action(s) combination - policy.SubjectSet: - type: object - properties: - conditionGroups: - type: array - items: - $ref: '#/components/schemas/policy.ConditionGroup' - title: condition_groups - minItems: 1 - description: multiple Condition Groups are evaluated with AND logic - title: SubjectSet - additionalProperties: false - description: A collection of Condition Groups - policy.Value: - type: object - properties: - id: - type: string - title: id - description: generated uuid in database - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - value: - type: string - title: value - grants: - type: array - items: - $ref: '#/components/schemas/policy.KeyAccessServer' - title: grants - description: Deprecated KAS grants for the value. Use kas_keys instead. - fqn: - type: string - title: fqn - active: - title: active - description: active by default until explicitly deactivated - $ref: '#/components/schemas/google.protobuf.BoolValue' - subjectMappings: - type: array - items: - $ref: '#/components/schemas/policy.SubjectMapping' - title: subject_mappings - description: subject mapping - kasKeys: - type: array - items: - $ref: '#/components/schemas/policy.SimpleKasKey' - title: kas_keys - resourceMappings: - type: array - items: - $ref: '#/components/schemas/policy.ResourceMapping' - title: resource_mappings - metadata: - title: metadata - description: Common metadata - $ref: '#/components/schemas/common.Metadata' - title: Value - additionalProperties: false - policy.unsafe.UnsafeDeleteAttributeRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: |- - Required - UUID of the Attribute - fqn: - type: string - title: fqn - description: |- - Required - Fully Qualified Name (FQN) of Attribute Definition (i.e. https:///attr/), normalized to lower case. - title: UnsafeDeleteAttributeRequest - required: - - fqn - additionalProperties: false - description: |- - WARNING!! - Deleting an Attribute will free up the Attribute name for reuse, which can introduce an access path to existing TDFs containing the deleted Attribute name. - Values under this Attribute will be cascadingly deleted. - Any KAS Grants associated with this Attribute will be cascadingly deleted. - policy.unsafe.UnsafeDeleteAttributeResponse: - type: object - properties: - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - title: UnsafeDeleteAttributeResponse - additionalProperties: false - policy.unsafe.UnsafeDeleteAttributeValueRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: |- - Required - UUID of the Attribute Value - fqn: - type: string - title: fqn - description: |- - Required - Fully Qualified Name (FQN) of Attribute Value (i.e. https:///attr//value/), normalized to lower case. - title: UnsafeDeleteAttributeValueRequest - required: - - fqn - additionalProperties: false - description: |- - WARNING!! - Deleting an Attribute Value will free up the Attribute Value for reuse, which can introduce an access path to existing TDFs containing the deleted Attribute Value. - Any KAS Grants associated with this Attribute Value will be cascadingly deleted. - policy.unsafe.UnsafeDeleteAttributeValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.Value' - title: UnsafeDeleteAttributeValueResponse - additionalProperties: false - policy.unsafe.UnsafeDeleteKasKeyRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: |- - Required - UUID of the Key - kid: - type: string - title: kid - description: |- - Required - The key id assigned to this key (Ex: "key-1") - kasUri: - type: string - title: kas_uri - description: |- - Required - The kas uri for which this key belongs (Ex: "https://kas.example.com:8080") - title: UnsafeDeleteKasKeyRequest - required: - - kid - - kasUri - additionalProperties: false - description: |- - WARNING!! - Deleting a key will make it so that ANY TDF that was encrypted with this key cannot be decrypted by the platform. - policy.unsafe.UnsafeDeleteKasKeyResponse: - type: object - properties: - key: - title: key - $ref: '#/components/schemas/policy.KasKey' - title: UnsafeDeleteKasKeyResponse - additionalProperties: false - policy.unsafe.UnsafeDeleteNamespaceRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: |- - Required - UUID of the Namespace - fqn: - type: string - title: fqn - description: |- - Required - Fully Qualified Name (FQN) of Namespace (i.e. https://), normalized to lower case. - title: UnsafeDeleteNamespaceRequest - required: - - fqn - additionalProperties: false - description: |- - WARNING!! - Deleting a Namespace will free up the Attribute Namespace, Definitions, and Values for reuse, which can introduce an access path to existing TDFs containing the deleted policy. - Definitions and their Values under this Namespace will be cascadingly deleted. - policy.unsafe.UnsafeDeleteNamespaceResponse: - type: object - properties: - namespace: - title: namespace - $ref: '#/components/schemas/policy.Namespace' - title: UnsafeDeleteNamespaceResponse - additionalProperties: false - policy.unsafe.UnsafeReactivateAttributeRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: UnsafeReactivateAttributeRequest - additionalProperties: false - description: |- - WARNING!! - Reactivating an Attribute can potentially open up an access path to existing TDFs containing the Attribute name. - Active state of any Values under this Attribute Definition will NOT be changed. - policy.unsafe.UnsafeReactivateAttributeResponse: - type: object - properties: - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - title: UnsafeReactivateAttributeResponse - additionalProperties: false - policy.unsafe.UnsafeReactivateAttributeValueRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: UnsafeReactivateAttributeValueRequest - additionalProperties: false - description: |- - WARNING!! - Reactivating an Attribute Value can potentially open up an access path to existing TDFs containing the Attribute Value. - policy.unsafe.UnsafeReactivateAttributeValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.Value' - title: UnsafeReactivateAttributeValueResponse - additionalProperties: false - policy.unsafe.UnsafeReactivateNamespaceRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - title: UnsafeReactivateNamespaceRequest - additionalProperties: false - description: |- - WARNING!! - Reactivating a Namespace can potentially open up an access path to existing TDFs containing any Attributes under the Namespace. - Active state of any Definitions and their Values under this Namespace will NOT be changed. - policy.unsafe.UnsafeReactivateNamespaceResponse: - type: object - properties: - namespace: - title: namespace - $ref: '#/components/schemas/policy.Namespace' - title: UnsafeReactivateNamespaceResponse - additionalProperties: false - policy.unsafe.UnsafeUpdateAttributeRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - name: - type: string - title: name - maxLength: 253 - description: |+ - Optional - WARNING!! - Updating the name of an Attribute will retroactively alter access to existing TDFs of the old and new Attribute name. - Attribute name must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored attribute name will be normalized to lower case.: - ``` - size(this) > 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true - ``` - - rule: - title: rule - description: |- - Optional - WARNING!! - Updating the rule of an Attribute will retroactively alter access to existing TDFs of the Attribute name. - $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' - valuesOrder: - type: array - items: - type: string - title: values_order - description: |- - Optional - WARNING!! - Unsafe reordering requires the full list of values in the new order they should be stored. Updating the order of values in a HIERARCHY-rule Attribute Definition - will retroactively alter access to existing TDFs containing those values. Replacing values on an attribute in place is not supported; values can be unsafely deleted - deleted, created, and unsafely re-ordered as necessary. - title: UnsafeUpdateAttributeRequest - additionalProperties: false - description: |- - WARNING!! - Updating an Attribute can have dangerous consequences. Use with caution. - policy.unsafe.UnsafeUpdateAttributeResponse: - type: object - properties: - attribute: - title: attribute - $ref: '#/components/schemas/policy.Attribute' - title: UnsafeUpdateAttributeResponse - additionalProperties: false - policy.unsafe.UnsafeUpdateAttributeValueRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - value: - type: string - title: value - maxLength: 253 - description: |+ - Required - Attribute Value must be an alphanumeric string, allowing hyphens and underscores but not as the first or last character. The stored attribute value will be normalized to lower case.: - ``` - this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') - ``` - - title: UnsafeUpdateAttributeValueRequest - additionalProperties: false - description: |- - WARNING!! - Updating an Attribute Value will retroactively alter access to existing TDFs containing the old and new Attribute Value. - policy.unsafe.UnsafeUpdateAttributeValueResponse: - type: object - properties: - value: - title: value - $ref: '#/components/schemas/policy.Value' - title: UnsafeUpdateAttributeValueResponse - additionalProperties: false - policy.unsafe.UnsafeUpdateNamespaceRequest: - type: object - properties: - id: - type: string - title: id - format: uuid - description: Required - name: - type: string - title: name - maxLength: 253 - description: |+ - Required - Namespace must be a valid hostname. It should include at least one dot, with each segment (label) starting and ending with an alphanumeric character. Each label must be 1 to 63 characters long, allowing hyphens but not as the first or last character. The top-level domain (the last segment after the final dot) must consist of at least two alphabetic characters. The stored namespace will be normalized to lower case.: - ``` - this.matches('^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,}$') - ``` - - title: UnsafeUpdateNamespaceRequest - additionalProperties: false - description: |- - WARNING!! - Updating the Namespace of an Attribute will retroactively alter access to existing TDFs of the old and new Namespace name. - Existing Attribute Definitions and their Values under the Namespace will now be associated with the new Namespace name. - policy.unsafe.UnsafeUpdateNamespaceResponse: - type: object - properties: - namespace: - title: namespace - $ref: '#/components/schemas/policy.Namespace' - title: UnsafeUpdateNamespaceResponse - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: policy.unsafe.UnsafeService - description: |- - / - / Unsafe Service - / diff --git a/specs/wellknownconfiguration/wellknown_configuration.openapi.yaml b/specs/wellknownconfiguration/wellknown_configuration.openapi.yaml deleted file mode 100644 index dcac72a4..00000000 --- a/specs/wellknownconfiguration/wellknown_configuration.openapi.yaml +++ /dev/null @@ -1,184 +0,0 @@ -openapi: 3.1.0 -info: - title: wellknownconfiguration -paths: - /.well-known/opentdf-configuration: - get: - tags: - - wellknownconfiguration.WellKnownService - summary: GetWellKnownConfiguration - operationId: wellknownconfiguration.WellKnownService.GetWellKnownConfiguration - responses: - default: - description: Error - content: - application/json: - schema: - $ref: '#/components/schemas/connect.error' - "200": - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/wellknownconfiguration.GetWellKnownConfigurationResponse' -components: - schemas: - google.protobuf.NullValue: - type: string - title: NullValue - enum: - - NULL_VALUE - description: |- - `NullValue` is a singleton enumeration to represent the null value for the - `Value` type union. - - The JSON representation for `NullValue` is JSON `null`. - google.protobuf.ListValue: - type: object - properties: - values: - type: array - items: - $ref: '#/components/schemas/google.protobuf.Value' - title: values - description: Repeated field of dynamically typed values. - title: ListValue - additionalProperties: false - description: |- - `ListValue` is a wrapper around a repeated field of values. - - The JSON representation for `ListValue` is JSON array. - google.protobuf.Struct: - type: object - additionalProperties: - $ref: '#/components/schemas/google.protobuf.Value' - description: |- - `Struct` represents a structured data value, consisting of fields - which map to dynamically typed values. In some languages, `Struct` - might be supported by a native representation. For example, in - scripting languages like JS a struct is represented as an - object. The details of that representation are described together - with the proto support for the language. - - The JSON representation for `Struct` is JSON object. - google.protobuf.Struct.FieldsEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/google.protobuf.Value' - title: FieldsEntry - additionalProperties: false - google.protobuf.Value: - oneOf: - - type: "null" - - type: number - - type: string - - type: boolean - - type: array - - type: object - additionalProperties: true - description: |- - `Value` represents a dynamically typed value which can be either - null, a number, a string, a boolean, a recursive struct value, or a - list of values. A producer of value is expected to set one of these - variants. Absence of any variant indicates an error. - - The JSON representation for `Value` is JSON value. - wellknownconfiguration.GetWellKnownConfigurationRequest: - type: object - title: GetWellKnownConfigurationRequest - additionalProperties: false - wellknownconfiguration.GetWellKnownConfigurationResponse: - type: object - properties: - configuration: - title: configuration - $ref: '#/components/schemas/google.protobuf.Struct' - title: GetWellKnownConfigurationResponse - additionalProperties: false - wellknownconfiguration.WellKnownConfig: - type: object - properties: - configuration: - type: object - title: configuration - additionalProperties: - title: value - $ref: '#/components/schemas/google.protobuf.Struct' - title: WellKnownConfig - additionalProperties: false - wellknownconfiguration.WellKnownConfig.ConfigurationEntry: - type: object - properties: - key: - type: string - title: key - value: - title: value - $ref: '#/components/schemas/google.protobuf.Struct' - title: ConfigurationEntry - additionalProperties: false - connect-protocol-version: - type: number - title: Connect-Protocol-Version - enum: - - 1 - description: Define the version of the Connect protocol - const: 1 - connect-timeout-header: - type: number - title: Connect-Timeout-Ms - description: Define the timeout, in ms - connect.error: - type: object - properties: - code: - type: string - examples: - - not_found - enum: - - canceled - - unknown - - invalid_argument - - deadline_exceeded - - not_found - - already_exists - - permission_denied - - resource_exhausted - - failed_precondition - - aborted - - out_of_range - - unimplemented - - internal - - unavailable - - data_loss - - unauthenticated - description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. - message: - type: string - description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. - detail: - $ref: '#/components/schemas/google.protobuf.Any' - title: Connect Error - additionalProperties: true - description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' - google.protobuf.Any: - type: object - properties: - type: - type: string - value: - type: string - format: binary - debug: - type: object - additionalProperties: true - additionalProperties: true - description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. -security: [] -tags: - - name: wellknownconfiguration.WellKnownService diff --git a/src/css/custom.css b/src/css/custom.css index 066b404f..6cd7bdd0 100644 --- a/src/css/custom.css +++ b/src/css/custom.css @@ -4,6 +4,9 @@ * work well for content-centric websites. */ +/* Import marketing styles for homepage */ +@import './marketing.css'; + /* You can override the default Infima variables here. */ /* :root { --ifm-color-primary: #2e8555; @@ -200,6 +203,54 @@ a[class*="embed_documentation_footer-"] { } } +/************** +** COOKIE CONSENT BANNER +***************/ + +.cookie-consent-banner { + background: #1c1e21; + align-items: center; + padding: 1rem; +} + +.cookie-consent-banner a { + color: var(--ifm-color-primary); + text-decoration: underline; +} + +.cookie-consent-banner a:hover { + color: var(--ifm-color-primary-light); +} + +.cookie-consent-accept-button { + background: var(--ifm-color-primary); + color: #fff; + font-size: 14px; + padding: 10px 24px; + border-radius: 4px; + border: none; + cursor: pointer; +} + +.cookie-consent-accept-button:hover { + background: var(--ifm-color-primary-dark); +} + +.cookie-consent-decline-button { + background: transparent; + color: #fff; + font-size: 14px; + padding: 10px 24px; + border-radius: 4px; + border: 1px solid #fff; + cursor: pointer; + margin-left: 10px; +} + +.cookie-consent-decline-button:hover { + background: rgba(255, 255, 255, 0.1); +} + /************** ** HOMEPAGE @@ -239,6 +290,54 @@ Breakpoints: --vds-homepage-body-line-height: 1.5; } +/* Hero section styling for homepage */ +.hero { + background: linear-gradient(135deg, var(--ifm-color-primary) 0%, var(--ifm-color-primary-dark) 100%); + color: white; + padding: 4rem 0; + margin-bottom: 0; +} + +.hero__title { + font-size: 3rem; + font-weight: 600; + margin-bottom: 1.5rem; + line-height: 1.2; +} + +.hero__subtitle { + font-size: 1.25rem; + font-weight: 300; + line-height: 1.6; + margin-bottom: 1.5rem; + opacity: 0.95; +} + +.hero__cta { + margin-top: 2rem; +} + +.hero__cta .button { + font-size: 1.125rem; + padding: 0.75rem 2rem; + border-radius: 6px; + font-weight: 500; +} + +@media (max-width: 768px) { + .hero { + padding: 3rem 0; + } + + .hero__title { + font-size: 2rem; + } + + .hero__subtitle { + font-size: 1.125rem; + } +} + .homepage p { font-size: var(--vds-homepage-body-font-size); line-height: var(--vds-homepage-body-line-height); diff --git a/src/css/marketing.css b/src/css/marketing.css new file mode 100644 index 00000000..ad90eb17 --- /dev/null +++ b/src/css/marketing.css @@ -0,0 +1,228 @@ +/* Marketing Homepage Styles */ + +.marketing-hero { + padding: 4rem 0; + position: relative; + overflow: hidden; +} + +.marketing-hero--primary { + background: linear-gradient(135deg, var(--ifm-color-primary) 0%, var(--ifm-color-primary-dark) 100%); + color: white; +} + +.marketing-hero--secondary { + background: linear-gradient(135deg, #f8f9fa 0%, #e9ecef 100%); + color: var(--ifm-color-gray-900); +} + +.marketing-hero--dark { + background: linear-gradient(135deg, var(--ifm-color-gray-900) 0%, var(--ifm-color-gray-800) 100%); + color: white; +} + +.marketing-hero--accent { + background: linear-gradient(135deg, var(--ifm-color-success) 0%, var(--ifm-color-success-dark) 100%); + color: white; +} + +.hero-content { + display: flex; + align-items: center; + gap: 3rem; + min-height: 400px; +} + +.hero-content--reverse { + flex-direction: row-reverse; +} + +.hero-text { + flex: 1; +} + +.hero-visual { + flex: 0 0 auto; + display: flex; + align-items: center; + justify-content: center; +} + +.hero-icon { + font-size: 8rem; + opacity: 0.9; + filter: drop-shadow(0 4px 8px rgba(0,0,0,0.1)); +} + +.hero-title { + font-size: 3.5rem; + font-weight: 800; + margin-bottom: 1.5rem; + line-height: 1.2; +} + +.hero-subtitle { + font-size: 1.3rem; + margin-bottom: 2rem; + opacity: 0.9; + line-height: 1.6; +} + +.hero-actions { + display: flex; + gap: 1rem; + flex-wrap: wrap; +} + +.hero-button { + padding: 0.75rem 2rem; + font-size: 1.1rem; + font-weight: 600; + border-radius: 8px; + text-decoration: none; + transition: all 0.2s ease; + display: inline-flex; + align-items: center; + gap: 0.5rem; +} + +.hero-button--primary { + background: rgba(255,255,255,0.2); + color: white; + border: 2px solid rgba(255,255,255,0.3); +} + +.hero-button--primary:hover { + background: rgba(255,255,255,0.3); + color: white; + text-decoration: none; + transform: translateY(-2px); +} + +.hero-button--secondary { + background: transparent; + color: inherit; + border: 2px solid currentColor; +} + +.hero-button--secondary:hover { + background: rgba(255,255,255,0.6); + color: gray; + text-decoration: none; + transform: translateY(-2px); +} + +.hero-button--solid { + background: var(--ifm-color-primary); + color: white; + border: 2px solid var(--ifm-color-primary); +} + +.hero-button--solid:hover { + background: var(--ifm-color-primary-dark); + border-color: var(--ifm-color-primary-dark); + color: white; + text-decoration: none; + transform: translateY(-2px); +} + +/* Responsive Design */ +@media (max-width: 768px) { + .hero-content { + flex-direction: column !important; + text-align: center; + gap: 2rem; + min-height: 300px; + } + + .hero-content--reverse { + flex-direction: column !important; + } + + .hero-title { + font-size: 2.5rem; + } + + .hero-subtitle { + font-size: 1.1rem; + } + + .hero-icon { + font-size: 5rem; + } + + .hero-actions { + justify-content: center; + } +} + +/* Navigation Enhancement */ +.navbar { + backdrop-filter: blur(10px); + background: rgba(255, 255, 255, 0.95); + border-bottom: 1px solid rgba(0,0,0,0.1); +} + +/* Animation Classes */ +.fade-in { + animation: fadeIn 0.8s ease-out; +} + +@keyframes fadeIn { + from { + opacity: 0; + transform: translateY(30px); + } + to { + opacity: 1; + transform: translateY(0); + } +} + +.slide-in-right { + animation: slideInRight 1s ease-out; +} + +@keyframes slideInRight { + from { + opacity: 0; + transform: translateX(50px); + } + to { + opacity: 1; + transform: translateX(0); + } +} + +.slide-in-left { + animation: slideInLeft 1s ease-out; +} + +@keyframes slideInLeft { + from { + opacity: 0; + transform: translateX(-50px); + } + to { + opacity: 1; + transform: translateX(0); + } +} + +/* Visual enhancements */ +.hero-icon-container { + position: relative; +} + +.hero-icon-container::before { + content: ''; + position: absolute; + top: 50%; + left: 50%; + transform: translate(-50%, -50%); + width: 120%; + height: 120%; + background: radial-gradient(circle, rgba(255,255,255,0.1) 0%, transparent 70%); + border-radius: 50%; + z-index: -1; +} \ No newline at end of file diff --git a/src/openapi/preprocessing.ts b/src/openapi/preprocessing.ts index 1e410980..072632ae 100644 --- a/src/openapi/preprocessing.ts +++ b/src/openapi/preprocessing.ts @@ -25,7 +25,7 @@ const specsProcessedDir = path.join(repoRoot, 'specs-processed'); const ADD_TIMESTAMP_TO_DESCRIPTION = false; // The location prefix of built OpenAPI documentation -const OUTPUT_PREFIX = path.join(repoRoot, 'docs', 'OpenAPI-clients'); +const OUTPUT_PREFIX = path.join(repoRoot, 'docs', 'reference', 'OpenAPI-clients'); // The index page for OpenAPI documentation, to support bookmarking & sharing the URL const OPENAPI_INDEX_PAGE = `${OUTPUT_PREFIX}/index.md`; diff --git a/src/pages/cookie-policy.mdx b/src/pages/cookie-policy.mdx new file mode 100644 index 00000000..408234ff --- /dev/null +++ b/src/pages/cookie-policy.mdx @@ -0,0 +1,176 @@ +--- +title: Cookie Policy +--- + +# Cookie Policy + +**Last Updated: January 21, 2026** + +## Introduction + +This Cookie Policy explains how the OpenTDF Documentation website (https://docs.opentdf.io) uses cookies and similar tracking technologies. OpenTDF is an open-source project sponsored by Virtru Corporation. + +This policy should be read in conjunction with our [Privacy Policy](/privacy-policy). + +## What Are Cookies? + +Cookies are small text files that are placed on your device (computer, tablet, or mobile) when you visit a website. They help the website recognize your device and remember information about your visit, such as your preferences and actions. + +## Types of Cookies We Use + +### 1. Essential Cookies (Always Active) + +These cookies are necessary for the website to function properly and cannot be disabled. + +- **Cookie Consent Cookie**: Remembers your cookie preferences and consent choices +- **Session Cookies**: Maintain your session as you navigate the site + +**Duration**: Session-based (expire when you close your browser) or up to 1 year for consent preferences + +### 2. Performance and Analytics Cookies (Optional - Require Consent) + +These cookies collect anonymous information about how visitors use our site, helping us improve the documentation experience. + +- **Google Analytics**: Tracks page views, navigation patterns, and site performance + - Collects: Page URLs, referral sources, device type, approximate location (country/region) + - Duration: Up to 26 months + - Purpose: Understand which documentation is most useful and identify areas for improvement + +**Note**: We use IP anonymization for all analytics cookies, which means your full IP address is never stored. + +### 3. Functionality Cookies (Currently Not Used) + +We currently do not use functionality cookies, but if implemented in the future, these would remember your preferences such as: +- Language selection +- Documentation version preferences +- Display settings + +### 4. Marketing/Advertising Cookies (Not Used) + +We do not use marketing or advertising cookies on this documentation site. + +## Third-Party Cookies + +### Google Analytics + +Google Analytics is a web analytics service provided by Google LLC. It uses cookies to help analyze how users interact with our site. + +- **Provider**: Google LLC +- **Purpose**: Website analytics and performance measurement +- **Data Collected**: Anonymous usage statistics, page views, session duration +- **Privacy Policy**: https://policies.google.com/privacy +- **Opt-Out**: https://tools.google.com/dlpage/gaoptout + +**Note**: Google Analytics cookies are only set if you accept cookies via our consent banner. + +## How to Manage Cookies + +### Cookie Consent Banner + +When you first visit our site, you'll see a cookie consent banner that allows you to: +- **Accept**: Enable analytics cookies to help us improve the documentation +- **Decline**: Use only essential cookies (no tracking) + +Your choice is saved for 365 days. + +### Changing Your Preferences + +To change your cookie preferences: + +1. **Clear Your Browser Cookies**: Delete the `opentdf-cookie-consent` cookie from your browser +2. **Revisit the Site**: The consent banner will appear again +3. **Make Your Choice**: Accept or decline analytics cookies + +### Browser Settings + +You can also manage cookies through your browser settings: + +**Google Chrome**: +1. Settings > Privacy and security > Cookies and other site data +2. Choose "Block third-party cookies" or "Block all cookies" + +**Mozilla Firefox**: +1. Settings > Privacy & Security +2. Under "Cookies and Site Data," choose your preferences + +**Safari**: +1. Preferences > Privacy +2. Adjust "Cookies and website data" settings + +**Microsoft Edge**: +1. Settings > Cookies and site permissions +2. Manage cookie settings + +**Note**: Blocking all cookies may affect your ability to use some features of our documentation site. + +### External Resources + +For more information about managing cookies: +- **All About Cookies**: https://www.allaboutcookies.org/ +- **Your Online Choices (EU)**: https://www.youronlinechoices.eu/ + +## Your Privacy Rights + +### California Residents (CCPA) + +Under the California Consumer Privacy Act, you have the right to: +- Know what personal information is collected +- Request deletion of your personal information +- Opt-out of the sale of personal information (Note: **We do not sell your personal information**) + +### European Residents (GDPR) + +Under the General Data Protection Regulation, you have the right to: +- Access your personal information +- Correct inaccurate data +- Request deletion of your data +- Object to data processing +- Withdraw consent at any time + +### Nevada Residents + +Nevada residents have the right to opt-out of the sale of personal information. **We do not sell your personal information.** + +### Virginia Residents + +Virginia residents can: +- Opt-out of advertising cookies through the consent banner +- Request deletion or correction of personal data + +## Do Not Track Signals + +Some browsers have a "Do Not Track" feature that signals websites not to track your browsing. Our site currently does not respond to Do Not Track signals, but you can decline cookies through our consent banner to prevent tracking. + +## Updates to This Cookie Policy + +We may update this Cookie Policy from time to time to reflect changes in our practices or legal requirements. Updates will be indicated by the "Last Updated" date at the top of this page. + +For significant changes, we will display a notice on our website. + +## Contact Us + +If you have questions about this Cookie Policy or how we use cookies: + +- **Email**: privacy@virtru.com +- **Mail**: Virtru Corporation, 1801 Pennsylvania Ave, 5th Floor, Washington DC 20006 +- **GitHub**: https://github.com/orgs/opentdf/discussions + +## Related Policies + +- [Privacy Policy](/privacy-policy): Learn how we collect and use your information +- [Virtru Privacy Policy](https://www.virtru.com/privacy-policy/): Comprehensive privacy policy for Virtru services +- [Virtru Cookie Policy](https://www.virtru.com/cookie-policy/): Detailed cookie policy for Virtru's main website + +## Summary + +**Essential cookies**: Always active (required for site function) + +**Analytics cookies**: Optional (only with your consent) + +**Marketing cookies**: Not used + +**Your control**: Accept or decline via consent banner, or manage in browser settings + +**Data selling**: We do not sell your personal information + +**Contact**: privacy@virtru.com for questions or requests diff --git a/src/pages/documentation.tsx b/src/pages/documentation.tsx new file mode 100644 index 00000000..d33ed4cc --- /dev/null +++ b/src/pages/documentation.tsx @@ -0,0 +1,270 @@ +import React from "react"; +import Layout from "@theme/Layout"; +import Head from "@docusaurus/Head"; +import { Columns, Hero, Features, Feedback } from "../components/Homepage"; + +export default function Documentation() { + return ( +
+ + + + + + +

+ OpenTDF is an open source system for implementing data centric security. + It provides the basic services required to enable the definition, application, + and enforcement of attribute based policies using the Trust Data Format (TDF). + TDF is an open standard that enables you to cryptographically bind + attribute based access control (ABAC) policy to a data object so that + the policy travels with the data wherever it goes. +

+

+ OpenTDF builds upon a decade of experience at Virtru + protecting data objects at scale using the Trusted Data Format + for organizations of all sizes and across all industries. +

+
+ +
+

+ Want to get an instance of the OpenTDF Platform up and running? Click below! +

+ + + {/* Add spacing after hero section */} +
+ + {/* Find What You Need Section */} +
+
+
+

Find What You Need

+

+ Choose your learning path based on what you want to accomplish +

+

+ +

+
+
+ +
+
+
+
+

🚀 Tutorials

+

I want to learn by doing

+
+
+

Step-by-step guides that take you by the hand through a series of steps to complete a project or solve a problem.

+ +
+
+
+ +
+
+
+

📖 How-To Guides

+

I have a specific problem to solve

+
+
+

Practical guides for common tasks and problems you'll encounter when working with OpenTDF.

+ +
+
+
+
+ +
+
+
+
+

💡 Explanations

+

I want to understand the concepts

+
+
+

Big-picture explanations of how OpenTDF works and why it's built the way it is.

+ +
+
+
+ +
+
+
+

📚 Reference

+

I need to look up specific details

+
+
+

Technical descriptions of the machinery and how to operate it.

+ +
+
+
+
+
+
+ + + +

+ Today's cybersecurity landscape is increasingly adopting and requiring Zero Trust models and frameworks. + Zero Trust operates on the principle of "never trust, always verify," + ensuring that every access request is authenticated, authorized, and encrypted, + regardless of its origin. OpenTDF implements this model by providing an open-source framework, specification, and set of services + that prioritizes the protection and integrity of data at every stage. +

+

+ By integrating OpenTDF's data security features with a Zero Trust architecture, + organizations can enforce strict access controls, ensure data is continuously monitored, + and maintain comprehensive visibility into data interactions. This synergy not only + minimizes the risk of data breaches but also fosters a secure environment where data + can be shared and utilized with confidence. Together, Zero Trust and OpenTDF empower businesses + to uphold the highest standards of data security in an interconnected world. +

+ + +

+ In 2023, the OpenTDF team undertook a significant re-architecture + of the OpenTDF platform to enhance its extensibility and interoperability, + responding to the evolving needs of our diverse user base and the dynamic cybersecurity landscape. + See our {" "}Github Organization Page to navigate the new repositories. +

+

+ This comprehensive overhaul involved simplifying core service components, + adopting standardized policy schemas, and improving platform APIs and SDKs both in + developer experience and in capability. By focusing on extensibility, we have enabled + developers to customize and extend OpenTDF's functionalities to suit specific use cases, + fostering innovation and adaptability. As we continue to advance, our focus remains on empowering the community with a secure, adaptable, + and interoperable platform that meets the highest standards of data protection and fosters collaborative innovation. +

+

+ Through the sponsorship of Virtru and its partners, the OpenTDF project has been + meeting the needs of customers across industries and use cases. Check out{" "} + + Virtru Data Security Platform + {" "} + for more. +

+ + + + {/* */} + + + + +

+ Virtru, the sponsor of the OpenTDF developer community, would love to hear from you! +

+

+ We're developers, too, and as we mature the project, we're curious what you're building, and what kind of problems you may be encountering or are trying to solve. +

+

+ You can provide anonymous feedback (name, email, and company are not required fields on this form), or share your contact information for access to curated resources, updates, and if you request a response. +

+ + +
+ ); +} \ No newline at end of file diff --git a/src/pages/index.module.css b/src/pages/index.module.css index d1a89ba6..41ed7ea5 100644 --- a/src/pages/index.module.css +++ b/src/pages/index.module.css @@ -3,3 +3,274 @@ * and scoped locally. */ +/* Marketing Homepage Styles */ + +/* Hero Sections */ +.marketing-hero { + padding: 6rem 0; + position: relative; + overflow: hidden; +} + +.marketing-hero--primary { + background: linear-gradient(135deg, var(--ifm-color-primary) 0%, var(--ifm-color-primary-darker) 100%); + color: white; +} + +.marketing-hero--secondary { + background: linear-gradient(135deg, #f8f9fa 0%, #e9ecef 100%); + color: var(--ifm-color-emphasis-800); +} + +.marketing-hero--dark { + background: linear-gradient(135deg, #2c3e50 0%, #34495e 100%); + color: white; +} + +.marketing-hero--accent { + background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); + color: white; +} + +/* Hero Content Layout */ +.hero-content { + display: grid; + grid-template-columns: 1fr 1fr; + gap: 4rem; + align-items: center; + min-height: 400px; +} + +.hero-content--reverse { + grid-template-areas: "visual text"; +} + +.hero-content--reverse .hero-text { + grid-area: text; +} + +.hero-content--reverse .hero-visual { + grid-area: visual; +} + +.hero-text { + z-index: 2; +} + +.hero-title { + font-size: 3rem; + font-weight: 800; + line-height: 1.2; + margin-bottom: 1.5rem; + background: linear-gradient(135deg, currentColor 0%, rgba(255,255,255,0.8) 100%); + background-clip: text; + -webkit-background-clip: text; +} + +.hero-subtitle { + font-size: 1.25rem; + line-height: 1.6; + margin-bottom: 2rem; + opacity: 0.9; +} + +/* Hero Actions */ +.hero-actions { + display: flex; + gap: 1rem; + flex-wrap: wrap; +} + +.hero-button { + display: inline-flex; + align-items: center; + gap: 0.5rem; + padding: 1rem 2rem; + border-radius: 0.5rem; + font-weight: 600; + text-decoration: none; + transition: all 0.3s ease; + border: 2px solid; + font-size: 1rem; +} + +.hero-button--primary { + background: rgba(255, 255, 255, 0.1); + border-color: rgba(255, 255, 255, 0.3); + color: white; + backdrop-filter: blur(10px); +} + +.hero-button--primary:hover { + background: rgba(255, 255, 255, 0.2); + color: white; + text-decoration: none; + transform: translateY(-2px); + box-shadow: 0 10px 25px rgba(0, 0, 0, 0.15); +} + +.hero-button--secondary { + background: transparent; + border-color: currentColor; + color: inherit; +} + +.hero-button--secondary:hover { + background: currentColor; + color: white; + text-decoration: none; + transform: translateY(-2px); +} + +.hero-button--solid { + background: var(--ifm-color-primary); + border-color: var(--ifm-color-primary); + color: white; +} + +.hero-button--solid:hover { + background: var(--ifm-color-primary-dark); + border-color: var(--ifm-color-primary-dark); + color: white; + text-decoration: none; + transform: translateY(-2px); + box-shadow: 0 10px 25px rgba(0, 0, 0, 0.15); +} + +/* Hero Visual */ +.hero-visual { + display: flex; + align-items: center; + justify-content: center; + position: relative; +} + +.hero-icon-container { + width: 200px; + height: 200px; + display: flex; + align-items: center; + justify-content: center; + background: rgba(255, 255, 255, 0.1); + border-radius: 50%; + backdrop-filter: blur(10px); + border: 2px solid rgba(255, 255, 255, 0.2); +} + +.hero-icon { + font-size: 4rem; + color: currentColor; +} + +/* Animations */ +.fade-in { + animation: fadeIn 1s ease-out; +} + +.slide-in-right { + animation: slideInRight 1s ease-out; +} + +.slide-in-left { + animation: slideInLeft 1s ease-out; +} + +@keyframes fadeIn { + from { + opacity: 0; + transform: translateY(30px); + } + to { + opacity: 1; + transform: translateY(0); + } +} + +@keyframes slideInRight { + from { + opacity: 0; + transform: translateX(50px); + } + to { + opacity: 1; + transform: translateX(0); + } +} + +@keyframes slideInLeft { + from { + opacity: 0; + transform: translateX(-50px); + } + to { + opacity: 1; + transform: translateX(0); + } +} + +/* Responsive Design */ +@media (max-width: 768px) { + .hero-content { + grid-template-columns: 1fr; + gap: 2rem; + text-align: center; + } + + .hero-content--reverse { + grid-template-areas: + "text" + "visual"; + } + + .hero-title { + font-size: 2.5rem; + } + + .hero-subtitle { + font-size: 1.1rem; + } + + .hero-actions { + justify-content: center; + } + + .hero-button { + padding: 0.875rem 1.5rem; + font-size: 0.9rem; + } + + .marketing-hero { + padding: 4rem 0; + } + + .hero-icon-container { + width: 150px; + height: 150px; + } + + .hero-icon { + font-size: 3rem; + } +} + +@media (max-width: 480px) { + .hero-title { + font-size: 2rem; + } + + .hero-subtitle { + font-size: 1rem; + } + + .hero-actions { + flex-direction: column; + align-items: center; + } + + .hero-button { + width: 100%; + max-width: 280px; + justify-content: center; + } +} + diff --git a/src/pages/index.tsx b/src/pages/index.tsx index 5304464d..7231221d 100644 --- a/src/pages/index.tsx +++ b/src/pages/index.tsx @@ -1,103 +1,229 @@ import React from "react"; import Layout from "@theme/Layout"; import Head from "@docusaurus/Head"; -import { Columns, Hero, Features, Feedback } from "../components/Homepage"; +import styles from "./index.module.css"; export default function Home() { return ( -
+
- + - - -

- OpenTDF is an open source system for implementing data centric security. - It provides the basic services required to enable the definition, application, - and enforcement of attribute based policies using the Trust Data Format (TDF). - TDF is an open standard that enables you to cryptographically bind - attribute based access control (ABAC) policy to a data object so that - the policy travels with the data wherever it goes. -

-

- OpenTDF builds upon a decade of experience at Virtru - protecting data objects at scale using the Trusted Data Format - for organizations of all sizes and across all industries. -

- - - -

- Today's cybersecurity landscape is increasingly adopting and requiring Zero Trust models and frameworks. - Zero Trust operates on the principle of "never trust, always verify," - ensuring that every access request is authenticated, authorized, and encrypted, - regardless of its origin. OpenTDF implements this model by providing an open-source framework, specification, and set of services - that prioritizes the protection and integrity of data at every stage. -

-

- By integrating OpenTDF’s data security features with a Zero Trust architecture, - organizations can enforce strict access controls, ensure data is continuously monitored, - and maintain comprehensive visibility into data interactions. This synergy not only - minimizes the risk of data breaches but also fosters a secure environment where data - can be shared and utilized with confidence. Together, Zero Trust and OpenTDF empower businesses - to uphold the highest standards of data security in an interconnected world. -

- - -

- In 2023, the OpenTDF team undertook a significant re-architecture - of the OpenTDF platform to enhance its extensibility and interoperability, - responding to the evolving needs of our diverse user base and the dynamic cybersecurity landscape. - See our {" "}Github Organization Page to navigate the new repositories. -

-

- This comprehensive overhaul involved simplifying core service components, - adopting standardized policy schemas, and improving platform APIs and SDKs both in - developer experience and in capability. By focusing on extensibility, we have enabled - developers to customize and extend OpenTDF’s functionalities to suit specific use cases, - fostering innovation and adaptability. As we continue to advance, our focus remains on empowering the community with a secure, adaptable, - and interoperable platform that meets the highest standards of data protection and fosters collaborative innovation. -

-

- Through the sponsorship of Virtru and its partners, the OpenTDF project has been - meeting the needs of customers across industries and use cases. Check out{" "} - - Virtru Data Security Platform - {" "} - for more. + + + {/* Hero 1: Main Value Proposition */} +

+
+
+
+

Protect the Data, Build the Future

+

+ Zero-trust data protection that travels with your data wherever it goes. + OpenTDF cryptographically binds access control policies directly to data objects, + ensuring your data remains secure regardless of network boundaries or storage location. +

+ +
+
+
+ +
+
+
+
+
+ + {/* Hero 2: Problem/Solution */} +
+
+
+
+

Traditional Security Fails When Data Leaves the Perimeter

+

+ Once data crosses network boundaries, traditional security models lose control. + OpenTDF solves this by cryptographically binding policies to data objects themselves, + creating self-protecting data that enforces access controls anywhere it travels. +

+ +
+
+
+ +
+
+
+
+
+ + {/* Hero 3: Developer-First */} +
+
+
+
+

Built for Developers

+

+ Native SDKs for Go, Java, and JavaScript. RESTful APIs. Comprehensive documentation. + Get started in minutes, not months. OpenTDF provides the tools developers need to build + secure applications without sacrificing speed or simplicity. +

+ +
+
+
+ +
+
+
+
+
+ + {/* Hero 4: Enterprise Trust */} +
+
+
+
+

Trusted by Organizations Worldwide

+

+ Built on a decade of Virtru's experience protecting data at scale. OpenTDF powers + secure data sharing for organizations across industries—from healthcare and finance + to government and defense. Battle-tested, enterprise-ready, open source. +

+ +
+
+
+ +
+
+
+
+
+ + {/* Hero 5: Standards & Compliance */} +
+
+
+
+

Standards-Based Security

+

+ Built on the proven NIST ABAC model for interoperability and compliance. + OpenTDF follows established standards for attribute-based access control, + ensuring your data protection strategy is future-proof and audit-ready. +

+ +
+
+
+ +
+
+
+
+
+ + {/* Hero 6: Community */} +
+
+
+
+

Join the Movement

+

+ Open source, open community. Shape the future of data-centric security with developers, + security professionals, and organizations from around the world. Contribute code, + share ideas, and help build the next generation of data protection. +

+ +
+
+
+ +
+
+
+
+
+ + {/* Final CTA Section */} +
+
+

+ Ready to Protect Your Data? +

+

+ Choose your path and start building with OpenTDF today.

- - - - {/* */} - - - - -

- Virtru, the sponsor of the OpenTDF developer community, would love to hear from you! -

-

- We're developers, too, and as we mature the project, we're curious what you're building, and what kind of problems you may be encountering or are trying to solve. -

-

- You can provide anonymous feedback (name, email, and company are not required fields on this form), or share your contact information for access to curated resources, updates, and if you request a response. -

- + +
+
+
); diff --git a/src/pages/privacy-policy.mdx b/src/pages/privacy-policy.mdx new file mode 100644 index 00000000..cc78f288 --- /dev/null +++ b/src/pages/privacy-policy.mdx @@ -0,0 +1,191 @@ +--- +title: Privacy Policy +--- + +# Privacy Policy + +**Last Updated: January 21, 2026** + +## Introduction + +Welcome to the OpenTDF Documentation website (the "Site"). This Privacy Policy explains how we collect, use, and protect information when you visit our documentation site at https://docs.opentdf.io. + +OpenTDF is an open-source project sponsored by Virtru. This documentation site is governed by this Privacy Policy. For information about Virtru's services and data handling practices, please see [Virtru's Privacy Policy](https://www.virtru.com/privacy-policy/). + +## Information We Collect + +### Analytics Data + +When you consent to cookies, we collect anonymous usage data through Google Analytics, including: + +- **Page Views**: Which documentation pages you visit +- **Navigation Patterns**: How you navigate through our documentation +- **Geographic Location**: Your approximate location (country/region level only, with IP anonymization enabled) +- **Device Information**: Browser type, operating system, screen resolution +- **Referral Source**: The website or search engine that referred you to our site +- **Session Duration**: How long you spend on our documentation +- **Search Queries**: Terms you search for within our documentation (if applicable) + +**Important**: We use IP anonymization for all analytics data, which means your full IP address is never stored or processed. + +### Information You Provide + +If you interact with links to external services (such as GitHub Discussions or our GitHub repository), those services have their own privacy policies. We do not collect personally identifiable information directly through this documentation site. + +## How We Use Your Information + +We use the collected analytics data solely to: + +- **Improve Documentation**: Understand which sections are most useful and which need improvement +- **Enhance User Experience**: Optimize navigation and content structure based on usage patterns +- **Identify Popular Content**: Focus our efforts on the most visited and valuable documentation +- **Monitor Site Performance**: Ensure the documentation site loads quickly and functions properly + +**We do not**: +- **Sell your personal information** (consistent with Virtru's commitment) +- Use your data for advertising purposes +- Share your personal information with third parties except: + - Service providers necessary for site operation (e.g., Google Analytics, hosting providers) + - When required by law or legal process +- Track you across other websites beyond analytics on this site + +## Cookies and Tracking Technologies + +### What are Cookies? + +Cookies are small text files stored on your device that help us understand how you use our site. + +### Types of Cookies We Use + +1. **Essential Cookies** (Always Active) + - Cookie Consent Cookie: Remembers your cookie preferences + - These cannot be disabled as they are necessary for the site to function + +2. **Analytics Cookies** (Optional - Require Consent) + - Google Analytics cookies: Track usage patterns and site performance + - You can accept or decline these cookies via the cookie consent banner + +### Managing Your Cookie Preferences + +- You can change your cookie preferences at any time by clearing your browser cookies and revisiting our site +- Most web browsers automatically accept cookies, but you can modify your browser settings to decline cookies if you prefer +- Note that disabling cookies may affect your experience on our site + +## Google Analytics + +We use Google Analytics, a web analytics service provided by Google LLC. Google Analytics uses cookies to help us analyze how users interact with our documentation. + +**Data Processed by Google Analytics**: +- User interactions with the site +- Approximate geographic location +- Device and browser information +- Referral sources + +**Google's Use of Data**: Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website activity and internet usage. + +**Google Analytics Privacy**: You can learn more about how Google uses data at https://policies.google.com/technologies/partner-sites + +**Opt-Out**: You can opt out of Google Analytics by: +- Declining cookies via our cookie consent banner +- Installing the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout + +## Data Retention + +- **Analytics Data**: Google Analytics retains data for 26 months by default +- **Cookie Consent**: Your cookie preference is stored locally in your browser for 365 days +- We do not retain any personally identifiable information on our servers + +## Your Rights + +Depending on your location, you may have the following rights regarding your data: + +### For EU/UK Residents (GDPR) + +- **Right to Access**: Request a copy of data we have about you +- **Right to Rectification**: Request correction of inaccurate data +- **Right to Erasure**: Request deletion of your data +- **Right to Restrict Processing**: Request limitation on how we process your data +- **Right to Data Portability**: Request transfer of your data +- **Right to Object**: Object to processing of your data +- **Right to Withdraw Consent**: Withdraw cookie consent at any time + +### For California Residents (CCPA) + +- **Right to Know**: Request information about data collection and sharing +- **Right to Delete**: Request deletion of your data +- **Right to Opt-Out**: Opt out of data "sales" (Note: We do not sell your data) +- **Right to Non-Discrimination**: Exercise your rights without discrimination + +## Children's Privacy + +Our documentation site is not directed to children under the age of 13 (or 16 in some jurisdictions). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately. + +## Third-Party Links + +Our documentation may contain links to external websites, including: +- GitHub repositories and discussions +- Sponsor websites (e.g., Virtru) +- Partner websites +- Tutorial resources + +These third-party sites have their own privacy policies. We are not responsible for the privacy practices of external sites. + +## International Data Transfers + +Our site is hosted and operated in the United States. If you access our site from outside the United States, your data may be transferred to, stored, and processed in the United States. By using our site, you consent to this transfer. + +## Changes to This Privacy Policy + +We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by: +- Updating the "Last Updated" date at the top of this policy +- Displaying a notice on our website (for significant changes) + +We encourage you to review this Privacy Policy periodically. + +## Contact Us + +If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: + +- **Email**: privacy@virtru.com +- **Mail**: Virtru Corporation, 1801 Pennsylvania Ave, 5th Floor, Washington DC 20006 +- **GitHub Discussions**: https://github.com/orgs/opentdf/discussions +- **GitHub Issues**: https://github.com/opentdf/docs/issues + +## Legal Basis for Processing (GDPR) + +For users in the EU/UK, we process your data based on: +- **Consent**: Analytics cookies are processed only with your explicit consent +- **Legitimate Interests**: Essential cookies and site functionality are based on our legitimate interest in operating and securing our documentation site + +## Data Protection Officer + +For privacy-related inquiries, including those related to GDPR compliance, please contact: + +- **Email**: privacy@virtru.com +- **Mail**: Virtru Corporation, 1801 Pennsylvania Ave, 5th Floor, Washington DC 20006 + +## Compliance + +This Privacy Policy is designed to comply with: +- EU General Data Protection Regulation (GDPR) +- California Consumer Privacy Act (CCPA) +- UK Data Protection Act 2018 +- Other applicable data protection laws + +--- + +## Summary + +**What we collect**: Anonymous usage data (only with your consent) + +**Why we collect it**: To improve our documentation + +**How long we keep it**: Up to 26 months (analytics) or 365 days (cookie consent) + +**Your choices**: You can decline cookies or delete them at any time + +**Your rights**: Access, delete, or correct your data (where applicable) + +--- + +Thank you for trusting OpenTDF with your privacy. We are committed to protecting your data and being transparent about our practices. diff --git a/src/pages/terms-of-service.mdx b/src/pages/terms-of-service.mdx new file mode 100644 index 00000000..4cbb9799 --- /dev/null +++ b/src/pages/terms-of-service.mdx @@ -0,0 +1,203 @@ +--- +title: Terms of Service +--- + +# Terms of Service + +**Last Updated: January 21, 2026** + +## Introduction + +Welcome to the OpenTDF Documentation website (https://docs.opentdf.io, the "Site"). These Terms of Service ("Terms") govern your access to and use of this documentation site. + +OpenTDF is an open-source project sponsored by Virtru Corporation. By accessing or using this Site, you agree to be bound by these Terms. + +**Note**: These Terms apply to this documentation website only. For terms governing OpenTDF software, platforms, or services, please refer to the respective license agreements and terms associated with those products. + +## About OpenTDF Documentation + +This Site provides documentation, tutorials, guides, and reference materials for the OpenTDF open-source project. The documentation is provided free of charge to help users understand and implement OpenTDF technologies. + +## Acceptable Use + +### You May: + +- Access and read the documentation for personal or commercial purposes +- Use the information to implement OpenTDF in your projects +- Share links to specific documentation pages +- Print or download documentation for offline reference +- Provide feedback or contribute improvements via GitHub + +### You May Not: + +- Use the Site for any unlawful purpose or in violation of these Terms +- Attempt to gain unauthorized access to the Site or related systems +- Interfere with or disrupt the Site's operation or infrastructure +- Use automated tools to excessively scrape or download content (reasonable use for personal backups is acceptable) +- Reproduce, modify, or create derivative works of the Site itself (distinct from implementing OpenTDF based on the documentation) +- Remove or obscure copyright, trademark, or other proprietary notices +- Transmit malicious code, viruses, or harmful materials +- Impersonate others or misrepresent your affiliation with any person or entity + +## Intellectual Property + +### Documentation Content + +The documentation content on this Site is licensed under open-source licenses as specified in the OpenTDF project repositories. Unless otherwise noted, documentation is generally available under permissive open-source licenses. + +For specific licensing information, see: +- OpenTDF GitHub: https://github.com/opentdf +- Individual repository LICENSE files + +### OpenTDF Trademarks + +"OpenTDF" and related logos are trademarks of the OpenTDF project. Use of these trademarks must comply with applicable trademark usage guidelines. + +### Virtru Trademarks + +"Virtru" and related logos are trademarks of Virtru Corporation. Unauthorized use of Virtru trademarks is prohibited. + +### Third-Party Content + +The Site may contain links to third-party websites, resources, or documentation. We are not responsible for the content, accuracy, or availability of third-party resources. + +## Disclaimer of Warranties + +**THE SITE AND ALL DOCUMENTATION ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED.** + +We make no warranties or representations about: +- The accuracy, completeness, or currentness of the documentation +- The Site's availability, reliability, or functionality +- The fitness of any information for a particular purpose +- The absence of errors, bugs, or interruptions + +You use the information and guidance in this documentation at your own risk. + +## Limitation of Liability + +**TO THE MAXIMUM EXTENT PERMITTED BY LAW, OPENTDF, VIRTRU CORPORATION, AND THEIR AFFILIATES, OFFICERS, EMPLOYEES, AND CONTRIBUTORS SHALL NOT BE LIABLE FOR:** + +- Any indirect, incidental, special, consequential, or punitive damages +- Loss of profits, data, use, or goodwill +- Service interruptions or data loss +- Damages arising from your use of or inability to use the Site +- Any errors or omissions in the documentation + +**This limitation applies even if we have been advised of the possibility of such damages.** + +For jurisdictions that do not allow the exclusion of certain warranties or limitation of liability, our liability is limited to the maximum extent permitted by law. + +## OpenTDF Software and Services + +### Software License + +The OpenTDF software and code are subject to their own open-source licenses as specified in each repository. Common licenses include Apache 2.0, MIT, and BSD licenses. Please review the LICENSE file in each repository for specific terms. + +### Virtru Services + +If you use Virtru's commercial services (separate from this documentation site), those services are governed by [Virtru's Terms of Service](https://www.virtru.com/terms-of-service/). + +## Privacy + +Your use of this Site is also governed by our [Privacy Policy](/privacy-policy) and [Cookie Policy](/cookie-policy). Please review these policies to understand how we collect and use information. + +## User Contributions and Feedback + +### GitHub Contributions + +Contributions to OpenTDF documentation via GitHub are welcomed and governed by: +- The project's Contribution Guidelines +- The Developer Certificate of Origin (DCO) +- The applicable open-source license + +By contributing, you agree that your contributions may be used, modified, and distributed under the project's license. + +### Feedback + +If you provide feedback, suggestions, or ideas about the documentation or OpenTDF project, you grant us a non-exclusive, worldwide, perpetual, irrevocable license to use, modify, and incorporate such feedback without compensation or attribution. + +## External Links + +This Site contains links to: +- GitHub repositories +- Sponsor websites (e.g., Virtru) +- Tutorial resources +- Third-party tools and services + +We are not responsible for the content, availability, or practices of external websites. Your use of external sites is at your own risk and subject to their respective terms and policies. + +## Modifications to Terms + +We reserve the right to modify these Terms at any time. Changes will be effective when posted, with the "Last Updated" date revised accordingly. + +For material changes, we will provide notice through: +- A prominent announcement on the Site +- Updates to the "Last Updated" date + +Your continued use of the Site after changes constitutes acceptance of the modified Terms. + +## Modifications to the Site + +We reserve the right to: +- Modify, suspend, or discontinue the Site or any part of it +- Update, revise, or remove documentation content +- Change the Site's structure, design, or functionality + +We will make reasonable efforts to minimize disruption but are not liable for any changes or interruptions. + +## Governing Law and Jurisdiction + +These Terms are governed by the laws of the State of Delaware, United States, without regard to conflict of law principles. + +Any disputes arising from these Terms or your use of the Site shall be resolved exclusively in the state or federal courts located in Delaware. + +## Severability + +If any provision of these Terms is found to be invalid or unenforceable, the remaining provisions will remain in full force and effect. + +## Entire Agreement + +These Terms, together with our Privacy Policy and Cookie Policy, constitute the entire agreement between you and us regarding your use of this Site. + +## No Waiver + +Our failure to enforce any provision of these Terms does not constitute a waiver of that provision or our right to enforce it in the future. + +## Contact Information + +For questions about these Terms: + +- **Email**: privacy@virtru.com +- **Mail**: Virtru Corporation, 1801 Pennsylvania Ave, 5th Floor, Washington DC 20006 +- **GitHub Discussions**: https://github.com/orgs/opentdf/discussions +- **GitHub Issues**: https://github.com/opentdf/docs/issues + +## Related Policies and Resources + +- [Privacy Policy](/privacy-policy): How we handle your information +- [Cookie Policy](/cookie-policy): How we use cookies +- [Virtru Terms of Service](https://www.virtru.com/terms-of-service/): Terms for Virtru's commercial services +- [Virtru Privacy Policy](https://www.virtru.com/privacy-policy/): Privacy policy for Virtru services +- [OpenTDF GitHub](https://github.com/opentdf): Source code and contribution guidelines + +--- + +## Summary + +**Access**: Free for personal and commercial use + +**Usage**: Read, implement, and share - but respect intellectual property + +**Contributions**: Welcome via GitHub under project licenses + +**Warranties**: None - documentation provided "as is" + +**Liability**: Limited to maximum extent permitted by law + +**Governing Law**: Delaware, United States + +**Contact**: privacy@virtru.com for questions + +--- + +Thank you for using OpenTDF documentation. We appreciate your compliance with these Terms and your contributions to the open-source community. diff --git a/src/theme/Root.tsx b/src/theme/Root.tsx new file mode 100644 index 00000000..51a777e3 --- /dev/null +++ b/src/theme/Root.tsx @@ -0,0 +1,90 @@ +import React, { useEffect } from "react"; +import CookieConsent from "react-cookie-consent"; +import useDocusaurusContext from "@docusaurus/useDocusaurusContext"; +import { useLocation } from "@docusaurus/router"; + +export default function Root({ children }: { children: React.ReactNode }) { + const { siteConfig } = useDocusaurusContext(); + const { googleGtagId } = siteConfig.customFields as { googleGtagId?: string }; + const location = useLocation(); + + const initializeGoogleAnalytics = () => { + if (typeof window === "undefined" || !googleGtagId || window.gtag) { + return; + } + + const script = document.createElement("script"); + script.src = `https://www.googletagmanager.com/gtag/js?id=${googleGtagId}`; + script.async = true; + document.head.appendChild(script); + + // Stub function to queue gtag commands before the script loads + window.dataLayer = window.dataLayer || []; + window.gtag = function gtag() { + window.dataLayer.push(arguments); + }; + window.gtag("js", new Date()); + window.gtag("config", googleGtagId, { anonymize_ip: true }); + }; + + useEffect(() => { + if (typeof window === "undefined" || !googleGtagId) { + return; + } + + // Check if user has already accepted cookies + const cookieValue = document.cookie + .split("; ") + .find((row) => row.startsWith("opentdf-cookie-consent=")) + ?.split("=")[1]; + + const hasConsent = cookieValue === "true"; + + // Initialize Google Analytics if consent is given and not already loaded + if (hasConsent) { + initializeGoogleAnalytics(); + } + + // Track page views on route changes (SPA navigation) + if (hasConsent && window.gtag) { + window.gtag("config", googleGtagId, { + page_path: location.pathname + location.search + location.hash, + anonymize_ip: true, + }); + } + }, [location, googleGtagId]); + + const handleAcceptCookie = () => { + initializeGoogleAnalytics(); + }; + + return ( + <> + {children} + + This website uses cookies to improve user experience and analyze website + traffic. By clicking "Accept", you consent to our use of cookies. See + our Privacy Policy and{" "} + Cookie Policy for more information. + + + ); +} + +declare global { + interface Window { + dataLayer: any[]; + gtag?: (...args: any[]) => void; + } +} \ No newline at end of file diff --git a/src/utils/spec-documentation.ts b/src/utils/spec-documentation.ts index 9244d4ee..667ed51f 100644 --- a/src/utils/spec-documentation.ts +++ b/src/utils/spec-documentation.ts @@ -7,6 +7,9 @@ function createCategoryJsonFiles(outDir: string) { const fs = require('fs'); const path = require('path'); + // Calculate the relative doc ID based on outDir + const docIdBase = outDir.replace('docs/', '').replace(/\/$/, ''); + const categories = [ { path: `${outDir}/_category_.json`, @@ -15,7 +18,7 @@ function createCategoryJsonFiles(outDir: string) { position: 10, link: { type: "doc", - id: "spec/index" + id: `${docIdBase}/index` } } }, @@ -43,7 +46,7 @@ function createCategoryJsonFiles(outDir: string) { position: 2, link: { type: "doc", - id: "spec/schema/index" + id: `${docIdBase}/schema/index` } } }, @@ -54,7 +57,7 @@ function createCategoryJsonFiles(outDir: string) { position: 1, link: { type: "doc", - id: "spec/schema/opentdf/index" + id: `${docIdBase}/schema/opentdf/index` } } } @@ -84,66 +87,34 @@ function createCategoryJsonFiles(outDir: string) { /** * Returns an array of plugin configurations that fetch and process OpenTDF specification * documentation from GitHub repositories and organize them into the ${outDir} directory. - * + * * This function contains several steps, which create the directory structure under the provided outDir, * including: * - {outDir}/concepts * - {outDir}/protocol * - {outDir}/schema * - {outDir}/index.md + * + * @param outDir - The output directory for the documentation (default: "docs/reference/trusted-data-format/specifications") + * @param branch - The git branch to fetch from (default: "main") */ -export function getSpecDocumentationPlugins(outDir: string = "docs/spec"): PluginConfig[] { +export function getSpecDocumentationPlugins( + outDir: string = "docs/reference/trusted-data-format/specifications", + branch: string = "main" +): PluginConfig[] { createCategoryJsonFiles(outDir); return [ - [ - "docusaurus-plugin-remote-content", - { - // options here - name: "nanotdf", // used by CLI, must be path safe - sourceBaseUrl: - "https://raw.githubusercontent.com/opentdf/spec/main/schema/nanotdf/", // the base url for the markdown (gets prepended to all of the documents when fetching) - outDir: `${outDir}/schema/`, // the base directory to output to. - documents: ["README.md"], // the file names to download - modifyContent: (filename, content) => { - if (filename === "README.md") { - let updatedContent = content.replaceAll( - "../../diagrams/", - "../../../static/img/" - ); - updatedContent = updatedContent.replaceAll( - "# nanotdf - a compact binary TDF format", - "# nanoTDF - a compact binary TDF format" - ); - return { - content: `--- -id: nanotdf -sidebar_position: 2 -title: NanoTDF ---- - -${updatedContent}`, - filename: "nanotdf.md", - }; - } - // If it's not a README.md or no changes are needed, return the content as is - return { content: content }; - }, - }, - ], [ "docusaurus-plugin-remote-content", { // options here name: "images-content", // used by CLI, must be path safe sourceBaseUrl: - "https://raw.githubusercontent.com/opentdf/spec/main/diagrams/", // the base url for the markdown (gets prepended to all of the documents when fetching) + `https://raw.githubusercontent.com/opentdf/spec/${branch}/diagrams/`, // the base url for the markdown (gets prepended to all of the documents when fetching) outDir: "static/img/", // the base directory to output to. documents: [ - "ecc_and_binding.svg", - "nanotdf.svg", - "symmetric_and_payload.svg", "filecontents.svg", ], // the file names to download requestConfig: { responseType: "arraybuffer" }, @@ -155,7 +126,7 @@ ${updatedContent}`, // options here name: "tdf", // used by CLI, must be path safe sourceBaseUrl: - "https://raw.githubusercontent.com/opentdf/spec/main/schema/OpenTDF/", // the base url for the markdown (gets prepended to all of the documents when fetching) + `https://raw.githubusercontent.com/opentdf/spec/${branch}/schema/OpenTDF/`, // the base url for the markdown (gets prepended to all of the documents when fetching) outDir: `${outDir}/schema/opentdf/`, // the base directory to output to. documents: [ "manifest.md", @@ -175,7 +146,7 @@ ${updatedContent}`, // Always apply the diagram path replacement first let updatedContent = content.replaceAll( "../../diagrams/", - "../../../../static/img/" + "../../../../../../static/img/" ); // Configuration map for file-specific frontmatter and processing @@ -303,14 +274,14 @@ ${finalContent ? finalContent : ""}`; { name: "opentdf-index", sourceBaseUrl: - "https://raw.githubusercontent.com/opentdf/spec/main/schema/OpenTDF/", + `https://raw.githubusercontent.com/opentdf/spec/${branch}/schema/OpenTDF/`, outDir: `${outDir}/schema/opentdf/`, documents: ["README.md"], modifyContent: (filename: string, content: string) => { if (filename === "README.md") { let updatedContent = content.replaceAll( "../../diagrams/", - "../../../../static/img/" + "../../../../../../static/img/" ); // Fix segment link to point to integrity_information.md updatedContent = updatedContent.replaceAll( @@ -334,7 +305,7 @@ ${updatedContent}`, "docusaurus-plugin-remote-content", { name: "spec-index", - sourceBaseUrl: "https://raw.githubusercontent.com/opentdf/spec/main/", + sourceBaseUrl: `https://raw.githubusercontent.com/opentdf/spec/${branch}/`, outDir: `${outDir}/`, documents: ["README.md"], modifyContent: (filename: string, content: string) => { @@ -344,7 +315,7 @@ ${updatedContent}`, let updatedContent = content.replaceAll( "../../diagrams/", - "../static/img/" + "../../../static/img/" ); updatedContent = updatedContent.replaceAll( "protocol/protocol.md", @@ -356,21 +327,12 @@ ${updatedContent}`, ); updatedContent = updatedContent.replaceAll( "(concepts/)", - "(category/concepts)" + "(/reference/trusted-data-format/specifications/concepts/access_control)" ); updatedContent = updatedContent.replaceAll( "(protocol/)", `(${dirName}/protocol)` ); - updatedContent = updatedContent.replaceAll( - "schema/nanotdf/README.md", - "schema/nanotdf.md" - ); - updatedContent = updatedContent.replaceAll( - "../schema/nanotdf.md", - "schema/nanotdf.md" - ); - return { content: `--- sidebar_position: 1 @@ -389,24 +351,20 @@ ${updatedContent}`, { name: "schema-index", sourceBaseUrl: - "https://raw.githubusercontent.com/opentdf/spec/main/schema/", + `https://raw.githubusercontent.com/opentdf/spec/${branch}/schema/`, outDir: `${outDir}/schema/`, documents: ["README.md"], modifyContent: (filename: string, content: string) => { if (filename === "README.md") { let updatedContent = content.replaceAll( "../../diagrams/", - "../../static/img/" + "../../../../static/img/" ); - // Replace all case-insensitive references to OpenTDF/README.md and nanotdf/README.md with ./opentdf and ./nanotdf + // Replace all case-insensitive references to OpenTDF/README.md with ./opentdf updatedContent = updatedContent.replace( /opentdf\/README\.md/gi, "./schema/opentdf" ); - updatedContent = updatedContent.replace( - /nanotdf\/README\.md/gi, - "./schema/nanotdf" - ); return { content: `--- sidebar_position: 1 @@ -425,7 +383,7 @@ ${updatedContent}`, { name: "spec-concept", sourceBaseUrl: - "https://raw.githubusercontent.com/opentdf/spec/main/concepts/", + `https://raw.githubusercontent.com/opentdf/spec/${branch}/concepts/`, outDir: `${outDir}/concepts/`, documents: ["access_control.md", "security.md"], modifyContent: (filename: string, content: string) => { @@ -435,7 +393,7 @@ ${updatedContent}`, let updatedContent = content.replaceAll( "../../diagrams/", - "../../static/img/" + "../../../../static/img/" ); // Fix broken markdown links with dynamic outDir name updatedContent = updatedContent.replaceAll( @@ -469,7 +427,7 @@ ${updatedContent}`, let updatedContent = content.replaceAll( "../../diagrams/", - "../../static/img/" + "../../../../static/img/" ); // Fix broken markdown links with dynamic outDir name updatedContent = updatedContent.replaceAll( @@ -498,14 +456,14 @@ ${updatedContent}`, { name: "spec-protocol", sourceBaseUrl: - "https://raw.githubusercontent.com/opentdf/spec/main/protocol/", + `https://raw.githubusercontent.com/opentdf/spec/${branch}/protocol/`, outDir: `${outDir}/protocol/`, documents: ["protocol.md"], modifyContent: (filename: string, content: string) => { if (filename === "protocol.md") { let updatedContent = content.replaceAll( "../../diagrams/", - "../../static/img/" + "../../../../static/img/" ); // Fix broken markdown links as specified updatedContent = updatedContent.replaceAll( diff --git a/static/img/kas_nano_flow.svg b/static/img/kas_nano_flow.svg deleted file mode 100644 index 8125f0f1..00000000 --- a/static/img/kas_nano_flow.svg +++ /dev/null @@ -1,17 +0,0 @@ - - - - - - - - Sign Request BodyClientGenerate ECC Key PairExtract Header12Public KeyPrivate KeyBuild Request BodyKAS3{"keyAccess": "{}","algorithm": "ec:secp256r1","clientPublicKey":" "}{"signedRequestToken": "jwt"}5/64HeaderPayloadSignature \ No newline at end of file diff --git a/static/quickstart/docker-compose.yaml b/static/quickstart/docker-compose.yaml deleted file mode 100644 index 906e461b..00000000 --- a/static/quickstart/docker-compose.yaml +++ /dev/null @@ -1,270 +0,0 @@ -name: opentdf -volumes: - configs: - keys: - caddy_data: -configs: - caddy_config: - content: | - { - log { - level INFO - output stdout - } - } - https://keycloak.opentdf.local:9443 { - tls internal - reverse_proxy keycloak:8888 - } - https://platform.opentdf.local:8443 { - tls internal - reverse_proxy { - to h2c://platform:8080 - transport http { - versions h2c 2 1.1 # Enable gRPC proxying - } - } - - } -services: - caddy: - #image: cgr.dev/chainguard/caddy:latest-dev #@sha256:20e31e59503a775f28e7eb0d724384055236a35c52ff4e5aca6caac8390d61dc - image: caddy:alpine - command: ['caddy','run', '--config', '/etc/caddy/Caddyfile'] - configs: - - source: caddy_config - target: /etc/caddy/Caddyfile - ports: - - '9443:9443' - - '8443:8443' - volumes: - - caddy_data:/data - restart: unless-stopped - healthcheck: - test: ["CMD-SHELL", "wget -q --server-response --tries=1 http://127.0.0.1:2019/metrics 2>&1 | awk '/^ HTTP/{print $2}' | grep -q '200'"] - interval: 5s - timeout: 5s - retries: 3 - check-certs: - image: cgr.dev/chainguard/bash:latest@sha256:553a2674ec4f7d8a701873c1dcb43138f83e787ac1d17043cba0085ae3bd7038 - volumes: - - type: volume - source: caddy_data - target: /etc/ssl/certs - volume: - subpath: caddy/certificates/local/keycloak.opentdf.local/ - command: - - | - echo "Checking certificates" - ls -alh /etc/ssl/certs - cat /etc/ssl/certs/keycloak.opentdf.local.crt - depends_on: - caddy: - condition: service_healthy - ensure-permissions: - condition: service_completed_successfully - ensure-permissions: - image: alpine - command: - - 'sh' - - '-c' - - | - chmod -R 665 /configs - ls -alh /configs - chmod -R 665 /keys - ls -alh /keys - chmod -R 665 /data - ls -alh /data - volumes: - - configs:/configs - - keys:/keys - - caddy_data:/data - - #================================================================ - # Start Keycloak - #---------------------------------------------------------------- - keycloak: - image: cgr.dev/chainguard/keycloak:latest@sha256:7e06ca655329cb8256ee2d226e32d48377a1d0e436de4fb10bdd428ed4848afa # 25.0.1 - restart: unless-stopped - command: ['start-dev'] - environment: - KC_DB: postgres - KC_DB_URL_HOST: keycloak-db - KC_DB_URL_PORT: 5432 - KC_DB_URL_DATABASE: keycloak - KC_DB_USERNAME: postgres - KC_DB_PASSWORD: changeme - KC_HOSTNAME: 'https://keycloak.opentdf.local:9443' - KC_HOSTNAME_ADMIN: 'https://keycloak.opentdf.local:9443' - KC_HTTP_ENABLED: 'true' - KC_HTTP_PORT: 8888 - KEYCLOAK_ADMIN: admin - KEYCLOAK_ADMIN_PASSWORD: changeme - KC_FEATURES: 'preview,token-exchange' - KC_HEALTH_ENABLED: 'true' - healthcheck: - test: ['CMD-SHELL', '[ -f /tmp/HealthCheck.java ] || echo "public class HealthCheck { public static void main(String[] args) throws java.lang.Throwable { System.exit(java.net.HttpURLConnection.HTTP_OK == ((java.net.HttpURLConnection)new java.net.URL(args[0]).openConnection()).getResponseCode() ? 0 : 1); } }" > /tmp/HealthCheck.java && java /tmp/HealthCheck.java http://localhost:9000/health/ready'] - interval: 5s - timeout: 10s - retries: 3 - start_period: 5m - depends_on: - keycloak-db: - condition: service_healthy - restart: true - keycloak-db: - image: cgr.dev/chainguard/postgres:latest@sha256:f359eed58238db0c9dc24b791e11b197e997e799eb42455f31099fc1492617e7 - restart: unless-stopped - environment: - POSTGRES_PASSWORD: changeme - POSTGRES_USER: postgres - POSTGRES_DB: keycloak - healthcheck: - test: ["CMD-SHELL", "pg_isready"] - interval: 5s - timeout: 5s - retries: 10 - start_period: 2m - download-keycloak-config: - image: cgr.dev/chainguard/curl:latest-dev@sha256:8afd56d4c8692ddfdc0ed2b54da2d1e02c0946433cb318700645f9cd70ccdb3a - volumes: - - configs:/configs - command: ['-o', '/configs/keycloak-config.yaml', 'https://raw.githubusercontent.com/opentdf/platform/main/service/cmd/keycloak_data.yaml'] - depends_on: - ensure-permissions: - condition: service_completed_successfully - #================================================================ - # Provisioning Keycloak with expected realm, clients, and users - #---------------------------------------------------------------- - keycloak-provisioning: - image: registry.opentdf.io/platform:nightly - volumes: - - configs:/configs - command: - [ - 'provision', - 'keycloak', - '-e', - 'http://keycloak:8888', - '-f', - '/configs/keycloak-config.yaml', - ] - depends_on: - keycloak: - condition: service_healthy - restart: true - download-keycloak-config: - condition: service_completed_successfully - restart: true - #================================================================ - # Start the OpenTDF service - #---------------------------------------------------------------- - download-platform-config: - image: cgr.dev/chainguard/curl:latest-dev@sha256:8afd56d4c8692ddfdc0ed2b54da2d1e02c0946433cb318700645f9cd70ccdb3a - volumes: - - configs:/configs - command: ['-o', '/configs/.opentdf.yaml', 'https://raw.githubusercontent.com/opentdf/platform/main/opentdf-dev.yaml'] - depends_on: - ensure-permissions: - condition: service_completed_successfully - modify-platform-config: - image: cgr.dev/chainguard/bash:latest@sha256:553a2674ec4f7d8a701873c1dcb43138f83e787ac1d17043cba0085ae3bd7038 - volumes: - - configs:/configs - command: - - | - echo "Modifying /configs/.opentdf.yaml" - echo "$(