From 369399b008da04bcd4e4f78448beb20db0170f18 Mon Sep 17 00:00:00 2001 From: Andrew Martinez Date: Thu, 6 Jul 2023 12:15:36 -0400 Subject: [PATCH] added oidc security definition, add to auth'ed endpoints - bumps version to v0.25.31 --- client.yml | 81 +- go.mod | 6 +- go.sum | 31 +- management.yml | 239 +++- .../configure_ziti_edge_client.go | 5 + rest_client_api_server/embedded_spec.go | 378 ++++++ .../operations/ziti_edge_client_api.go | 13 + .../configure_ziti_edge_management.go | 5 + rest_management_api_server/embedded_spec.go | 1168 +++++++++++++++++ .../operations/ziti_edge_management_api.go | 13 + source/client.yml | 10 +- .../current-api-session-certificates.yml | 12 +- .../current-api-session-service-updates.yml | 3 +- .../client/current-identity-edge-routers.yml | 3 +- source/client/ext-jwt-signers.yml | 3 +- source/client/posture-response.yml | 6 +- source/client/services.yml | 9 +- source/client/sessions.yml | 12 +- source/management.yml | 10 +- source/management/api-sessions.yml | 7 +- source/management/auth-policies.yml | 13 +- source/management/authenticators.yml | 15 +- source/management/cas.yml | 17 +- source/management/config-types.yml | 15 +- source/management/configs.yml | 18 +- source/management/database.yml | 10 +- source/management/edge-router-policies.yml | 24 +- source/management/edge-routers.yml | 23 +- source/management/enrollments.yml | 15 +- source/management/ext-jwt-signers.yml | 18 +- source/management/identities.yml | 59 +- source/management/identity-types.yml | 6 +- source/management/posture-check-types.yml | 6 +- source/management/posture-checks.yml | 18 +- source/management/role-attributes.yml | 7 +- source/management/routers.yml | 36 +- .../service-edge-router-policies.yml | 24 +- source/management/service-policies.yml | 18 +- source/management/services.yml | 36 +- source/management/sessions.yml | 12 +- source/management/summary.yml | 2 +- source/management/terminators.yml | 15 +- source/shared/authenticate.yml | 3 +- source/shared/current-api-session.yml | 6 +- .../current-identity-authenticators.yml | 18 +- source/shared/current-identity-mfa.yml | 21 +- source/shared/current-identity.yml | 3 +- 47 files changed, 2265 insertions(+), 207 deletions(-) diff --git a/client.yml b/client.yml index f1466a40..f57a9699 100644 --- a/client.yml +++ b/client.yml @@ -15,7 +15,7 @@ info: license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html - version: 0.25.15 + version: 0.25.31 host: demo.ziti.dev basePath: /edge/client/v1 paths: @@ -219,6 +219,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: Completes MFA authentication by submitting a MFA time based one time token or backup code. tags: @@ -246,6 +248,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves the API session that was used to issue the current request tags: - Current API Session @@ -302,6 +306,8 @@ paths: delete: security: - ztSession: [] + - oauth2: + - openid description: Terminates the current API session tags: - Current API Session @@ -334,6 +340,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a list of certificate resources for the current API session; supports filtering, sorting, and pagination tags: @@ -406,6 +414,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: Creates an ephemeral certificate for the current API Session. This endpoint expects a PEM encoded CSRs to be provided for fulfillment as a property of a JSON payload. It is up to the client to manage the private key backing @@ -478,6 +488,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a single ephemeral certificate by id tags: - Current API Session @@ -528,6 +540,8 @@ paths: delete: security: - ztSession: [] + - oauth2: + - openid description: | Delete an ephemeral certificateby id tags: @@ -598,6 +612,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves data indicating the last time data relevant to this API Session was altered that would necessitate service refreshes. @@ -635,6 +651,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Returns the identity associated with the API sessions used to issue the current request tags: @@ -700,6 +718,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a list of authenticators assigned to the current API session's identity; supports filtering, sorting, and pagination. tags: @@ -773,6 +793,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a single authenticator by id. Will only show authenticators assigned to the API session's identity. tags: @@ -824,6 +846,8 @@ paths: put: security: - ztSession: [] + - oauth2: + - openid description: | Update all fields on an authenticator by id. Will only update authenticators assigned to the API session's identity. @@ -913,6 +937,8 @@ paths: patch: security: - ztSession: [] + - oauth2: + - openid description: | Update the supplied fields on an authenticator by id. Will only update authenticators assigned to the API session's identity. @@ -1009,6 +1035,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: |- This endpoint only functions for certificates issued by the controller. 3rd party certificates are not handled. Allows an identity to extend its certificate's expiration date by using its current and valid client certificate to submit a CSR. This CSR may be passed in using a new private key, thus allowing private key rotation. @@ -1061,6 +1089,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: |- After submitting a CSR for a new client certificate the resulting public certificate must be re-submitted to this endpoint to verify receipt. After receipt, the new client certificate must be used for new authentication requests. @@ -1110,6 +1140,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Lists the Edge Routers that the current identity has access to via policies. The data returned includes their address and online status @@ -1146,6 +1178,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Returns details about the current MFA enrollment. If enrollment has not been completed it will return the current MFA configuration details necessary to complete a `POST /current-identity/mfa/verify`. tags: @@ -1198,6 +1232,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: | Allows authenticator based MFA enrollment. If enrollment has already been completed, it must be disabled before attempting to re-enroll. Subsequent enrollment request is completed via `POST /current-identity/mfa/verify` tags: @@ -1249,6 +1285,8 @@ paths: delete: security: - ztSession: [] + - oauth2: + - openid description: | Disable MFA for the current identity. Requires a current valid time based one time password if MFA enrollment has been completed. If not, code should be an empty string. If one time passwords are not available and admin account can be used to remove MFA from the identity via `DELETE /identities//mfa`. tags: @@ -1306,6 +1344,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Shows an QR code image for unverified MFA enrollments. 404s if the MFA enrollment has been completed or not started. produces: @@ -1325,6 +1365,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Allows the viewing of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment. tags: @@ -1386,6 +1428,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: | Allows regeneration of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment. This replaces all existing recovery codes. tags: @@ -1446,6 +1490,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: | Completes MFA enrollment by accepting a time based one time password as verification. Called after MFA enrollment has been initiated via `POST /current-identity/mfa`. tags: @@ -1778,6 +1824,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a list of external JWT signers for authentication tags: - External JWT Signer @@ -1850,6 +1898,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: Submits posture responses tags: - Posture Checks @@ -1919,6 +1969,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: Submits posture responses tags: - Posture Checks @@ -2002,6 +2054,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of config resources; supports filtering, sorting, and pagination. Requires admin access. tags: @@ -2084,6 +2138,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a single service by id. Requires admin access. tags: - Service @@ -2134,6 +2190,8 @@ paths: put: security: - ztSession: [] + - oauth2: + - openid description: Update all fields on a service by id. Requires admin access. tags: - Service @@ -2221,6 +2279,8 @@ paths: delete: security: - ztSession: [] + - oauth2: + - openid description: Delete a service by id. Requires admin access. tags: - Service @@ -2302,6 +2362,8 @@ paths: patch: security: - ztSession: [] + - oauth2: + - openid description: Update the supplied fields on a service. Requires admin access. tags: - Service @@ -2396,6 +2458,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of terminator resources that are assigned specific service; supports filtering, sorting, and pagination. tags: @@ -2475,6 +2539,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of active sessions resources; supports filtering, sorting, and pagination. @@ -2550,6 +2616,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: Create a session resource. tags: - Session @@ -2620,6 +2688,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a single session by id. tags: - Session @@ -2670,6 +2740,8 @@ paths: delete: security: - ztSession: [] + - oauth2: + - openid description: Delete a session by id. tags: - Session @@ -4249,6 +4321,13 @@ definitions: type: string example: v0.9.0 securityDefinitions: + oauth2: + type: oauth2 + flow: accessCode + authorizationUrl: /oidc/authorize + tokenUrl: /oidc/token + scopes: + openid: openid ztSession: description: An API Key that is provided post authentication type: apiKey diff --git a/go.mod b/go.mod index ce8d279e..94490bdf 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/jessevdk/go-flags v1.5.0 github.com/pkg/errors v0.9.1 github.com/sirupsen/logrus v1.9.3 - golang.org/x/net v0.11.0 + golang.org/x/net v0.12.0 ) require ( @@ -30,11 +30,11 @@ require ( github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect - go.mongodb.org/mongo-driver v1.11.7 // indirect + go.mongodb.org/mongo-driver v1.12.0 // indirect go.opentelemetry.io/otel v1.16.0 // indirect go.opentelemetry.io/otel/metric v1.16.0 // indirect go.opentelemetry.io/otel/trace v1.16.0 // indirect - golang.org/x/sys v0.9.0 // indirect + golang.org/x/sys v0.10.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 0acdad4e..b60665e3 100644 --- a/go.sum +++ b/go.sum @@ -149,19 +149,21 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY= -github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs= github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g= +github.com/xdg-go/scram v1.1.2/go.mod h1:RT/sEzTbU5y00aCK8UOx6R7YryM0iF1N2MOmC3kKLN4= github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM= github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8= +github.com/xdg-go/stringprep v1.0.4/go.mod h1:mPGuuIYwz7CmR2bT9j4GbQqutWS1zV24gijq1dTyGkM= github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg= go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng= go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8= -go.mongodb.org/mongo-driver v1.11.7 h1:LIwYxASDLGUg/8wOhgOOZhX8tQa/9tgZPgzZoVqJvcs= -go.mongodb.org/mongo-driver v1.11.7/go.mod h1:G9TgswdsWjX4tmDA5zfs2+6AEPpYJwqblyjsfuh8oXY= +go.mongodb.org/mongo-driver v1.12.0 h1:aPx33jmn/rQuJXPQLZQ8NtfPQG8CaqgLThFtqRb0PiE= +go.mongodb.org/mongo-driver v1.12.0/go.mod h1:AZkxhPnFJUoH7kZlFkVKucV20K387miPfm7oimrSmK0= go.opentelemetry.io/otel v1.16.0 h1:Z7GVAX/UkAXPKsy94IU+i6thsQS4nb7LviLpnaNeW8s= go.opentelemetry.io/otel v1.16.0/go.mod h1:vl0h9NUa1D5s1nv3A5vZOYWn8av4K8Ml6JDeHrT/bx4= go.opentelemetry.io/otel/metric v1.16.0 h1:RbrpwVG1Hfv85LgnZ7+txXioPDoh6EdbZHo26Q3hqOo= @@ -173,18 +175,24 @@ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= -golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50= +golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -197,19 +205,28 @@ golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= -golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= +golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190416151739-9c9e1878f421/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190420181800-aa740d480789/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/management.yml b/management.yml index 064f6904..35ef642d 100644 --- a/management.yml +++ b/management.yml @@ -15,7 +15,7 @@ info: license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html - version: 0.25.15 + version: 0.25.31 host: demo.ziti.dev basePath: /edge/management/v1 paths: @@ -120,6 +120,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Returns a list of active API sessions. The resources can be sorted, filtered, and paginated. This endpoint requires admin access. @@ -304,6 +306,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a list of Auth Policies tags: - Auth Policy @@ -839,6 +843,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: Completes MFA authentication by submitting a MFA time based one time token or backup code. tags: @@ -866,6 +872,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Returns a list of authenticators associated to identities. The resources can be sorted, filtered, and paginated. This endpoint requires admin access. @@ -1375,6 +1383,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a list of CA resources; supports filtering, sorting, and pagination. Requires admin access. tags: @@ -1978,6 +1988,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of config-type resources; supports filtering, sorting, and pagination. Requires admin access. tags: @@ -2453,6 +2465,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of config resources; supports filtering, sorting, and pagination. Requires admin access. tags: @@ -2525,6 +2539,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: Create a config resource. Requires admin access. tags: - Config @@ -2595,6 +2611,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a single config by id. Requires admin access. tags: - Config @@ -2645,6 +2663,8 @@ paths: put: security: - ztSession: [] + - oauth2: + - openid description: Update all fields on a config by id. Requires admin access. tags: - Config @@ -2732,6 +2752,8 @@ paths: delete: security: - ztSession: [] + - oauth2: + - openid description: Delete a config by id. Requires admin access. tags: - Config @@ -2813,6 +2835,8 @@ paths: patch: security: - ztSession: [] + - oauth2: + - openid description: Update the supplied fields on a config. Requires admin access. tags: - Config @@ -2907,6 +2931,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves the API session that was used to issue the current request tags: - Current API Session @@ -2963,6 +2989,8 @@ paths: delete: security: - ztSession: [] + - oauth2: + - openid description: Terminates the current API session tags: - Current API Session @@ -2995,6 +3023,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Returns the identity associated with the API sessions used to issue the current request tags: @@ -3060,6 +3090,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a list of authenticators assigned to the current API session's identity; supports filtering, sorting, and pagination. tags: @@ -3133,6 +3165,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a single authenticator by id. Will only show authenticators assigned to the API session's identity. tags: @@ -3184,6 +3218,8 @@ paths: put: security: - ztSession: [] + - oauth2: + - openid description: | Update all fields on an authenticator by id. Will only update authenticators assigned to the API session's identity. @@ -3273,6 +3309,8 @@ paths: patch: security: - ztSession: [] + - oauth2: + - openid description: | Update the supplied fields on an authenticator by id. Will only update authenticators assigned to the API session's identity. @@ -3369,6 +3407,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: |- This endpoint only functions for certificates issued by the controller. 3rd party certificates are not handled. Allows an identity to extend its certificate's expiration date by using its current and valid client certificate to submit a CSR. This CSR may be passed in using a new private key, thus allowing private key rotation. @@ -3421,6 +3461,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: |- After submitting a CSR for a new client certificate the resulting public certificate must be re-submitted to this endpoint to verify receipt. After receipt, the new client certificate must be used for new authentication requests. @@ -3470,6 +3512,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Returns details about the current MFA enrollment. If enrollment has not been completed it will return the current MFA configuration details necessary to complete a `POST /current-identity/mfa/verify`. tags: @@ -3522,6 +3566,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: | Allows authenticator based MFA enrollment. If enrollment has already been completed, it must be disabled before attempting to re-enroll. Subsequent enrollment request is completed via `POST /current-identity/mfa/verify` tags: @@ -3573,6 +3619,8 @@ paths: delete: security: - ztSession: [] + - oauth2: + - openid description: | Disable MFA for the current identity. Requires a current valid time based one time password if MFA enrollment has been completed. If not, code should be an empty string. If one time passwords are not available and admin account can be used to remove MFA from the identity via `DELETE /identities//mfa`. tags: @@ -3630,6 +3678,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Shows an QR code image for unverified MFA enrollments. 404s if the MFA enrollment has been completed or not started. produces: @@ -3649,6 +3699,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Allows the viewing of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment. tags: @@ -3710,6 +3762,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: | Allows regeneration of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment. This replaces all existing recovery codes. tags: @@ -3770,6 +3824,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: | Completes MFA enrollment by accepting a time based one time password as verification. Called after MFA enrollment has been initiated via `POST /current-identity/mfa`. tags: @@ -3830,6 +3886,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: Starts a data integrity scan on the datastore. Requires admin access. Only once instance may run at a time, including runs of fixDataIntegrity. tags: @@ -3970,6 +4028,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: Create a new database snapshot. Requires admin access. tags: - Database @@ -4021,6 +4081,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of edge router policy resources; supports filtering, sorting, and pagination. Requires admin access. tags: @@ -4093,6 +4155,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: Create an edge router policy resource. Requires admin access. tags: - Edge Router Policy @@ -4163,6 +4227,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a single edge router policy by id. Requires admin access. tags: - Edge Router Policy @@ -4213,6 +4279,8 @@ paths: put: security: - ztSession: [] + - oauth2: + - openid description: Update all fields on an edge router policy by id. Requires admin access. tags: @@ -4301,6 +4369,8 @@ paths: delete: security: - ztSession: [] + - oauth2: + - openid description: Delete an edge router policy by id. Requires admin access. tags: - Edge Router Policy @@ -4382,6 +4452,8 @@ paths: patch: security: - ztSession: [] + - oauth2: + - openid description: Update the supplied fields on an edge router policy. Requires admin access. tags: @@ -4477,6 +4549,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of edge routers an edge router policy resources affects; supports filtering, sorting, and pagination. Requires admin access. tags: @@ -4535,6 +4609,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of identities an edge router policy resources affects; supports filtering, sorting, and pagination. Requires admin access. tags: @@ -4593,6 +4669,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of role attributes in use by edge routers; supports filtering, sorting, and pagination. Requires admin access. tags: @@ -4666,6 +4744,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of edge router resources; supports filtering, sorting, and pagination. Requires admin access. tags: @@ -5424,6 +5504,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of outstanding enrollments; supports filtering, sorting, and pagination. Requires admin access. tags: @@ -5496,6 +5578,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: Creates a new OTT, OTTCA, or UPDB enrollment for a specific identity. If an enrollment of the same type is already outstanding the request will fail with a 409 conflict. If desired, an existing enrollment can be refreshed @@ -5574,6 +5658,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a single outstanding enrollment by id. Requires admin access. tags: @@ -5625,6 +5711,8 @@ paths: delete: security: - ztSession: [] + - oauth2: + - openid description: Delete an outstanding enrollment by id. Requires admin access. tags: - Enrollment @@ -5694,6 +5782,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: For expired or unexpired enrollments, reset the expiration window. A new JWT will be generated and must be used for the enrollment. tags: @@ -5771,6 +5861,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a list of external JWT signers for authentication tags: - External JWT Signer @@ -5842,6 +5934,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: Creates an External JWT Signer. Requires admin access. tags: - External JWT Signer @@ -5912,6 +6006,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a single External JWT Signer by id. Requires admin access. tags: - External JWT Signer @@ -5962,6 +6058,8 @@ paths: put: security: - ztSession: [] + - oauth2: + - openid description: Update all fields on an External JWT Signer by id. Requires admin access. tags: @@ -6050,6 +6148,8 @@ paths: delete: security: - ztSession: [] + - oauth2: + - openid description: | Delete an External JWT Signer by id. Requires admin access. tags: @@ -6113,6 +6213,8 @@ paths: patch: security: - ztSession: [] + - oauth2: + - openid description: Update only the supplied fields on an External JWT Signer by id. Requires admin access. tags: @@ -6208,6 +6310,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of identity resources; supports filtering, sorting, and pagination. Requires admin access. tags: @@ -6289,6 +6393,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: Create an identity resource. Requires admin access. tags: - Identity @@ -6359,6 +6465,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a single identity by id. Requires admin access. tags: - Identity @@ -6409,6 +6517,8 @@ paths: put: security: - ztSession: [] + - oauth2: + - openid description: Update all fields on an identity by id. Requires admin access. tags: - Identity @@ -6496,6 +6606,8 @@ paths: delete: security: - ztSession: [] + - oauth2: + - openid description: Delete an identity by id. Requires admin access. tags: - Identity @@ -6577,6 +6689,8 @@ paths: patch: security: - ztSession: [] + - oauth2: + - openid description: Update the supplied fields on an identity. Requires admin access. tags: - Identity @@ -6794,6 +6908,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a list of edge router policies that apply to the specified identity. tags: @@ -6852,6 +6968,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of edge-routers that the given identity may use to access services. Supports filtering, sorting, and pagination. Requires admin access. tags: @@ -7146,6 +7264,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Analyzes policies to see if the given identity should be able to dial or bind the given service. | Will check services policies to see if the identity can access the service. Will check edge router policies | @@ -7212,6 +7332,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Returns a nested map data represeting the posture data of the identity. This data should be considered volatile. @@ -7271,6 +7393,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a list of service configs associated to a specific identity tags: - Identity @@ -7321,6 +7445,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: Associate service configs to a specific identity tags: - Identity @@ -7407,6 +7533,8 @@ paths: delete: security: - ztSession: [] + - oauth2: + - openid description: Remove service configs from a specific identity tags: - Identity @@ -7499,6 +7627,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a list of service policies that apply to the specified identity. tags: @@ -7557,6 +7687,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of services that the given identity has access to. Supports filtering, sorting, and pagination. Requires admin access. tags: @@ -7783,6 +7915,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of identity types; supports filtering, sorting, and pagination. Requires admin access. tags: @@ -7856,6 +7990,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a single identity type by id. Requires admin access. tags: - Identity @@ -7913,6 +8049,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of posture check types produces: @@ -7988,6 +8126,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a single posture check type by id tags: - Posture Checks @@ -8045,6 +8185,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of posture checks produces: @@ -8128,6 +8270,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: Creates a Posture Checks tags: - Posture Checks @@ -8198,6 +8342,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a single Posture Checks by id tags: - Posture Checks @@ -8248,6 +8394,8 @@ paths: put: security: - ztSession: [] + - oauth2: + - openid description: Update all fields on a Posture Checks by id tags: - Posture Checks @@ -8335,6 +8483,8 @@ paths: delete: security: - ztSession: [] + - oauth2: + - openid description: Deletes and Posture Checks by id tags: - Posture Checks @@ -8386,6 +8536,8 @@ paths: patch: security: - ztSession: [] + - oauth2: + - openid description: Update only the supplied fields on a Posture Checks by id tags: - Posture Checks @@ -8480,6 +8632,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of router resources; supports filtering, sorting, and pagination. Requires admin access. tags: @@ -8552,6 +8706,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: Create a router resource. Requires admin access. tags: - Router @@ -8622,6 +8778,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a single router by id. Requires admin access. tags: - Router @@ -8672,6 +8830,8 @@ paths: put: security: - ztSession: [] + - oauth2: + - openid description: Update all fields on a router by id. Requires admin access. tags: - Router @@ -8759,6 +8919,8 @@ paths: delete: security: - ztSession: [] + - oauth2: + - openid description: Delete a router by id. Requires admin access. tags: - Router @@ -8840,6 +9002,8 @@ paths: patch: security: - ztSession: [] + - oauth2: + - openid description: Update the supplied fields on a router. Requires admin access. tags: - Router @@ -8934,6 +9098,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of service edge router policy resources; supports filtering, sorting, and pagination. Requires admin access. tags: @@ -9006,6 +9172,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: Create a service edge router policy resource. Requires admin access. tags: - Service Edge Router Policy @@ -9076,6 +9244,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a single service edge policy by id. Requires admin access. tags: - Service Edge Router Policy @@ -9126,6 +9296,8 @@ paths: put: security: - ztSession: [] + - oauth2: + - openid description: Update all fields on a service edge policy by id. Requires admin access. tags: @@ -9214,6 +9386,8 @@ paths: delete: security: - ztSession: [] + - oauth2: + - openid description: Delete a service edge policy by id. Requires admin access. tags: - Service Edge Router Policy @@ -9295,6 +9469,8 @@ paths: patch: security: - ztSession: [] + - oauth2: + - openid description: Update the supplied fields on a service edge policy. Requires admin access. tags: @@ -9390,6 +9566,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: List the edge routers that a service edge router policy applies to tags: @@ -9448,6 +9626,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: List the services that a service edge router policy applies to tags: - Service Edge Router Policy @@ -10237,6 +10417,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of config resources; supports filtering, sorting, and pagination. Requires admin access. tags: @@ -10318,6 +10500,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: Create a services resource. Requires admin access. tags: - Service @@ -10388,6 +10572,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a single service by id. Requires admin access. tags: - Service @@ -10438,6 +10624,8 @@ paths: put: security: - ztSession: [] + - oauth2: + - openid description: Update all fields on a service by id. Requires admin access. tags: - Service @@ -10525,6 +10713,8 @@ paths: delete: security: - ztSession: [] + - oauth2: + - openid description: Delete a service by id. Requires admin access. tags: - Service @@ -10606,6 +10796,8 @@ paths: patch: security: - ztSession: [] + - oauth2: + - openid description: Update the supplied fields on a service. Requires admin access. tags: - Service @@ -10700,6 +10892,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of config resources associated to a specific service; supports filtering, sorting, and pagination. Requires admin access. tags: @@ -10779,6 +10973,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of edge-routers that may be used to access the given service. Supports filtering, sorting, and pagination. Requires admin access. tags: @@ -10858,6 +11054,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of identities that have access to this service. Supports filtering, sorting, and pagination. Requires admin access. tags: @@ -10937,6 +11135,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of service edge router policy resources that affect a specific service; supports filtering, sorting, and pagination. Requires admin access. tags: @@ -11016,6 +11216,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of service policy resources that affect specific service; supports filtering, sorting, and pagination. Requires admin access. tags: @@ -11095,6 +11297,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of terminator resources that are assigned specific service; supports filtering, sorting, and pagination. tags: @@ -11174,6 +11378,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of active sessions resources; supports filtering, sorting, and pagination. Requires admin access. @@ -11250,6 +11456,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a single session by id. Requires admin access. tags: - Session @@ -11300,6 +11508,8 @@ paths: delete: security: - ztSession: [] + - oauth2: + - openid description: Delete a session by id. Requires admin access. tags: - Session @@ -11388,6 +11598,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a single session's route path by id. Requires admin access. tags: - Session @@ -11536,6 +11748,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of terminator resources; supports filtering, sorting, and pagination. Requires admin access. tags: @@ -11608,6 +11822,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: Create a terminator resource. Requires admin access. tags: - Terminator @@ -11678,6 +11894,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a single terminator by id. Requires admin access. tags: - Terminator @@ -11990,6 +12208,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: | Retrieves a list of router resources; supports filtering, sorting, and pagination. Requires admin access. tags: @@ -12062,6 +12282,8 @@ paths: post: security: - ztSession: [] + - oauth2: + - openid description: Create a router resource. Requires admin access. tags: - Router @@ -12132,6 +12354,8 @@ paths: get: security: - ztSession: [] + - oauth2: + - openid description: Retrieves a single router by id. Requires admin access. tags: - Router @@ -12182,6 +12406,8 @@ paths: put: security: - ztSession: [] + - oauth2: + - openid description: Update all fields on a router by id. Requires admin access. tags: - Router @@ -12269,6 +12495,8 @@ paths: delete: security: - ztSession: [] + - oauth2: + - openid description: Delete a router by id. Requires admin access. tags: - Router @@ -12350,6 +12578,8 @@ paths: patch: security: - ztSession: [] + - oauth2: + - openid description: Update the supplied fields on a router. Requires admin access. tags: - Router @@ -16649,6 +16879,13 @@ definitions: version: type: string securityDefinitions: + oauth2: + type: oauth2 + flow: accessCode + authorizationUrl: /oidc/authorize + tokenUrl: /oidc/token + scopes: + openid: openid ztSession: description: An API Key that is provided post authentication type: apiKey diff --git a/rest_client_api_server/configure_ziti_edge_client.go b/rest_client_api_server/configure_ziti_edge_client.go index 9b9652e8..64ffc8b7 100644 --- a/rest_client_api_server/configure_ziti_edge_client.go +++ b/rest_client_api_server/configure_ziti_edge_client.go @@ -92,6 +92,11 @@ func configureAPI(api *operations.ZitiEdgeClientAPI) http.Handler { return errors.NotImplemented("textYaml producer has not yet been implemented") }) + if api.Oauth2Auth == nil { + api.Oauth2Auth = func(token string, scopes []string) (interface{}, error) { + return nil, errors.NotImplemented("oauth2 bearer auth (oauth2) has not yet been implemented") + } + } // Applies when the "zt-session" header is set if api.ZtSessionAuth == nil { api.ZtSessionAuth = func(token string) (interface{}, error) { diff --git a/rest_client_api_server/embedded_spec.go b/rest_client_api_server/embedded_spec.go index ac4cdab9..616846a7 100644 --- a/rest_client_api_server/embedded_spec.go +++ b/rest_client_api_server/embedded_spec.go @@ -253,6 +253,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Completes MFA authentication by submitting a MFA time based one time token or backup code.", @@ -294,6 +299,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves the API session that was used to issue the current request", @@ -375,6 +385,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Terminates the current API session", @@ -421,6 +436,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of certificate resources for the current API session; supports filtering, sorting, and pagination", @@ -520,6 +540,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Creates an ephemeral certificate for the current API Session. This endpoint expects a PEM encoded CSRs to be provided for fulfillment as a property of a JSON payload. It is up to the client to manage the private key backing the CSR request.", @@ -615,6 +640,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single ephemeral certificate by id", @@ -686,6 +716,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete an ephemeral certificateby id\n", @@ -779,6 +814,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves data indicating the last time data relevant to this API Session was altered that would necessitate\nservice refreshes.\n", @@ -827,6 +867,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Returns the identity associated with the API sessions used to issue the current request", @@ -916,6 +961,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of authenticators assigned to the current API session's identity; supports filtering, sorting, and pagination.", @@ -1017,6 +1067,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single authenticator by id. Will only show authenticators assigned to the API session's identity.", @@ -1088,6 +1143,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on an authenticator by id. Will only update authenticators assigned to the API session's\nidentity.\n", @@ -1207,6 +1267,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update the supplied fields on an authenticator by id. Will only update authenticators assigned to the API\nsession's identity.\n", @@ -1337,6 +1402,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "This endpoint only functions for certificates issued by the controller. 3rd party certificates are not handled.\nAllows an identity to extend its certificate's expiration date by using its current and valid client certificate to submit a CSR. This CSR may be passed in using a new private key, thus allowing private key rotation.\nThe response from this endpoint is a new client certificate which the client must be verified via the /authenticators/{id}/extend-verify endpoint.\nAfter verification is completion any new connections must be made with new certificate. Prior to verification the old client certificate remains active.", @@ -1405,6 +1475,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "After submitting a CSR for a new client certificate the resulting public certificate must be re-submitted to this endpoint to verify receipt.\nAfter receipt, the new client certificate must be used for new authentication requests.", @@ -1473,6 +1548,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Lists the Edge Routers that the current identity has access to via policies. The data returned\nincludes their address and online status\n", @@ -1521,6 +1601,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Returns details about the current MFA enrollment. If enrollment has not been completed it will return the current MFA configuration details necessary to complete a ` + "`" + `POST /current-identity/mfa/verify` + "`" + `.\n", @@ -1593,6 +1678,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Allows authenticator based MFA enrollment. If enrollment has already been completed, it must be disabled before attempting to re-enroll. Subsequent enrollment request is completed via ` + "`" + `POST /current-identity/mfa/verify` + "`" + `\n", @@ -1661,6 +1751,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Disable MFA for the current identity. Requires a current valid time based one time password if MFA enrollment has been completed. If not, code should be an empty string. If one time passwords are not available and admin account can be used to remove MFA from the identity via ` + "`" + `DELETE /identities/\u003cid\u003e/mfa` + "`" + `.\n", @@ -1742,6 +1837,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Shows an QR code image for unverified MFA enrollments. 404s if the MFA enrollment has been completed or not started.\n", @@ -1770,6 +1870,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Allows the viewing of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment.\n", @@ -1857,6 +1962,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Allows regeneration of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment. This replaces all existing recovery codes.\n", @@ -1942,6 +2052,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Completes MFA enrollment by accepting a time based one time password as verification. Called after MFA enrollment has been initiated via ` + "`" + `POST /current-identity/mfa` + "`" + `.\n", @@ -2360,6 +2475,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of external JWT signers for authentication", @@ -2461,6 +2581,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Submits posture responses", @@ -2556,6 +2681,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Submits posture responses", @@ -2672,6 +2802,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of config resources; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -2787,6 +2922,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single service by id. Requires admin access.", @@ -2858,6 +2998,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on a service by id. Requires admin access.", @@ -2977,6 +3122,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete a service by id. Requires admin access.", @@ -3084,6 +3234,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update the supplied fields on a service. Requires admin access.", @@ -3214,6 +3369,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of terminator resources that are assigned specific service; supports filtering, sorting, and pagination.\n", @@ -3324,6 +3484,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of active sessions resources; supports filtering, sorting, and pagination.\n\nSessions are tied to an API session and are moved when an API session times out or logs out. Active sessions\n(i.e. Ziti SDK connected to an edge router) will keep the session and API session marked as active.\n", @@ -3423,6 +3588,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Create a session resource.", @@ -3518,6 +3688,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single session by id.", @@ -3589,6 +3764,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete a session by id.", @@ -5962,6 +6142,15 @@ func init() { } }, "securityDefinitions": { + "oauth2": { + "type": "oauth2", + "flow": "accessCode", + "authorizationUrl": "/oidc/authorize", + "tokenUrl": "/oidc/token", + "scopes": { + "openid": "openid" + } + }, "ztSession": { "description": "An API Key that is provided post authentication", "type": "apiKey", @@ -6182,6 +6371,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Completes MFA authentication by submitting a MFA time based one time token or backup code.", @@ -6223,6 +6417,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves the API session that was used to issue the current request", @@ -6304,6 +6503,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Terminates the current API session", @@ -6350,6 +6554,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of certificate resources for the current API session; supports filtering, sorting, and pagination", @@ -6449,6 +6658,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Creates an ephemeral certificate for the current API Session. This endpoint expects a PEM encoded CSRs to be provided for fulfillment as a property of a JSON payload. It is up to the client to manage the private key backing the CSR request.", @@ -6544,6 +6758,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single ephemeral certificate by id", @@ -6615,6 +6834,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete an ephemeral certificateby id\n", @@ -6708,6 +6932,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves data indicating the last time data relevant to this API Session was altered that would necessitate\nservice refreshes.\n", @@ -6756,6 +6985,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Returns the identity associated with the API sessions used to issue the current request", @@ -6845,6 +7079,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of authenticators assigned to the current API session's identity; supports filtering, sorting, and pagination.", @@ -6946,6 +7185,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single authenticator by id. Will only show authenticators assigned to the API session's identity.", @@ -7017,6 +7261,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on an authenticator by id. Will only update authenticators assigned to the API session's\nidentity.\n", @@ -7136,6 +7385,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update the supplied fields on an authenticator by id. Will only update authenticators assigned to the API\nsession's identity.\n", @@ -7266,6 +7520,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "This endpoint only functions for certificates issued by the controller. 3rd party certificates are not handled.\nAllows an identity to extend its certificate's expiration date by using its current and valid client certificate to submit a CSR. This CSR may be passed in using a new private key, thus allowing private key rotation.\nThe response from this endpoint is a new client certificate which the client must be verified via the /authenticators/{id}/extend-verify endpoint.\nAfter verification is completion any new connections must be made with new certificate. Prior to verification the old client certificate remains active.", @@ -7334,6 +7593,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "After submitting a CSR for a new client certificate the resulting public certificate must be re-submitted to this endpoint to verify receipt.\nAfter receipt, the new client certificate must be used for new authentication requests.", @@ -7402,6 +7666,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Lists the Edge Routers that the current identity has access to via policies. The data returned\nincludes their address and online status\n", @@ -7450,6 +7719,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Returns details about the current MFA enrollment. If enrollment has not been completed it will return the current MFA configuration details necessary to complete a ` + "`" + `POST /current-identity/mfa/verify` + "`" + `.\n", @@ -7522,6 +7796,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Allows authenticator based MFA enrollment. If enrollment has already been completed, it must be disabled before attempting to re-enroll. Subsequent enrollment request is completed via ` + "`" + `POST /current-identity/mfa/verify` + "`" + `\n", @@ -7590,6 +7869,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Disable MFA for the current identity. Requires a current valid time based one time password if MFA enrollment has been completed. If not, code should be an empty string. If one time passwords are not available and admin account can be used to remove MFA from the identity via ` + "`" + `DELETE /identities/\u003cid\u003e/mfa` + "`" + `.\n", @@ -7671,6 +7955,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Shows an QR code image for unverified MFA enrollments. 404s if the MFA enrollment has been completed or not started.\n", @@ -7699,6 +7988,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Allows the viewing of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment.\n", @@ -7786,6 +8080,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Allows regeneration of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment. This replaces all existing recovery codes.\n", @@ -7871,6 +8170,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Completes MFA enrollment by accepting a time based one time password as verification. Called after MFA enrollment has been initiated via ` + "`" + `POST /current-identity/mfa` + "`" + `.\n", @@ -8289,6 +8593,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of external JWT signers for authentication", @@ -8390,6 +8699,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Submits posture responses", @@ -8485,6 +8799,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Submits posture responses", @@ -8601,6 +8920,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of config resources; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -8716,6 +9040,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single service by id. Requires admin access.", @@ -8787,6 +9116,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on a service by id. Requires admin access.", @@ -8906,6 +9240,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete a service by id. Requires admin access.", @@ -9013,6 +9352,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update the supplied fields on a service. Requires admin access.", @@ -9143,6 +9487,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of terminator resources that are assigned specific service; supports filtering, sorting, and pagination.\n", @@ -9253,6 +9602,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of active sessions resources; supports filtering, sorting, and pagination.\n\nSessions are tied to an API session and are moved when an API session times out or logs out. Active sessions\n(i.e. Ziti SDK connected to an edge router) will keep the session and API session marked as active.\n", @@ -9352,6 +9706,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Create a session resource.", @@ -9447,6 +9806,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single session by id.", @@ -9518,6 +9882,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete a session by id.", @@ -11975,6 +12344,15 @@ func init() { } }, "securityDefinitions": { + "oauth2": { + "type": "oauth2", + "flow": "accessCode", + "authorizationUrl": "/oidc/authorize", + "tokenUrl": "/oidc/token", + "scopes": { + "openid": "openid" + } + }, "ztSession": { "description": "An API Key that is provided post authentication", "type": "apiKey", diff --git a/rest_client_api_server/operations/ziti_edge_client_api.go b/rest_client_api_server/operations/ziti_edge_client_api.go index e4f866dd..d2d7a935 100644 --- a/rest_client_api_server/operations/ziti_edge_client_api.go +++ b/rest_client_api_server/operations/ziti_edge_client_api.go @@ -252,6 +252,9 @@ func NewZitiEdgeClientAPI(spec *loads.Document) *ZitiEdgeClientAPI { return middleware.NotImplemented("operation current_identity.VerifyMfa has not yet been implemented") }), + Oauth2Auth: func(token string, scopes []string) (interface{}, error) { + return nil, errors.NotImplemented("oauth2 bearer auth (oauth2) has not yet been implemented") + }, // Applies when the "zt-session" header is set ZtSessionAuth: func(token string) (interface{}, error) { return nil, errors.NotImplemented("api key auth (ztSession) zt-session from header param [zt-session] has not yet been implemented") @@ -318,6 +321,10 @@ type ZitiEdgeClientAPI struct { // - text/yaml TextYamlProducer runtime.Producer + // Oauth2Auth registers a function that takes an access token and a collection of required scopes and returns a principal + // it performs authentication based on an oauth2 bearer token provided in the request + Oauth2Auth func(string, []string) (interface{}, error) + // ZtSessionAuth registers a function that takes a token and returns a principal // it performs authentication based on an api key zt-session provided in the header ZtSessionAuth func(string) (interface{}, error) @@ -528,6 +535,9 @@ func (o *ZitiEdgeClientAPI) Validate() error { unregistered = append(unregistered, "TextYamlProducer") } + if o.Oauth2Auth == nil { + unregistered = append(unregistered, "Oauth2Auth") + } if o.ZtSessionAuth == nil { unregistered = append(unregistered, "ZtSessionAuth") } @@ -703,6 +713,9 @@ func (o *ZitiEdgeClientAPI) AuthenticatorsFor(schemes map[string]spec.SecuritySc result := make(map[string]runtime.Authenticator) for name := range schemes { switch name { + case "oauth2": + result[name] = o.BearerAuthenticator(name, o.Oauth2Auth) + case "ztSession": scheme := schemes[name] result[name] = o.APIKeyAuthenticator(scheme.Name, scheme.In, o.ZtSessionAuth) diff --git a/rest_management_api_server/configure_ziti_edge_management.go b/rest_management_api_server/configure_ziti_edge_management.go index 95644744..f1beddeb 100644 --- a/rest_management_api_server/configure_ziti_edge_management.go +++ b/rest_management_api_server/configure_ziti_edge_management.go @@ -97,6 +97,11 @@ func configureAPI(api *operations.ZitiEdgeManagementAPI) http.Handler { return errors.NotImplemented("textYaml producer has not yet been implemented") }) + if api.Oauth2Auth == nil { + api.Oauth2Auth = func(token string, scopes []string) (interface{}, error) { + return nil, errors.NotImplemented("oauth2 bearer auth (oauth2) has not yet been implemented") + } + } // Applies when the "zt-session" header is set if api.ZtSessionAuth == nil { api.ZtSessionAuth = func(token string) (interface{}, error) { diff --git a/rest_management_api_server/embedded_spec.go b/rest_management_api_server/embedded_spec.go index e3bda0ac..2618d4fd 100644 --- a/rest_management_api_server/embedded_spec.go +++ b/rest_management_api_server/embedded_spec.go @@ -115,6 +115,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Returns a list of active API sessions. The resources can be sorted, filtered, and paginated. This endpoint\nrequires admin access.\n", @@ -372,6 +377,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of Auth Policies", @@ -1106,6 +1116,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Completes MFA authentication by submitting a MFA time based one time token or backup code.", @@ -1147,6 +1162,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Returns a list of authenticators associated to identities. The resources can be sorted, filtered, and paginated.\nThis endpoint requires admin access.\n", @@ -1836,6 +1856,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of CA resources; supports filtering, sorting, and pagination. Requires admin access.", @@ -2653,6 +2678,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of config-type resources; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -3305,6 +3335,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of config resources; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -3404,6 +3439,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Create a config resource. Requires admin access.", @@ -3499,6 +3539,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single config by id. Requires admin access.", @@ -3570,6 +3615,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on a config by id. Requires admin access.", @@ -3689,6 +3739,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete a config by id. Requires admin access.", @@ -3796,6 +3851,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update the supplied fields on a config. Requires admin access.", @@ -3926,6 +3986,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves the API session that was used to issue the current request", @@ -4007,6 +4072,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Terminates the current API session", @@ -4053,6 +4123,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Returns the identity associated with the API sessions used to issue the current request", @@ -4142,6 +4217,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of authenticators assigned to the current API session's identity; supports filtering, sorting, and pagination.", @@ -4243,6 +4323,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single authenticator by id. Will only show authenticators assigned to the API session's identity.", @@ -4314,6 +4399,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on an authenticator by id. Will only update authenticators assigned to the API session's\nidentity.\n", @@ -4433,6 +4523,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update the supplied fields on an authenticator by id. Will only update authenticators assigned to the API\nsession's identity.\n", @@ -4563,6 +4658,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "This endpoint only functions for certificates issued by the controller. 3rd party certificates are not handled.\nAllows an identity to extend its certificate's expiration date by using its current and valid client certificate to submit a CSR. This CSR may be passed in using a new private key, thus allowing private key rotation.\nThe response from this endpoint is a new client certificate which the client must be verified via the /authenticators/{id}/extend-verify endpoint.\nAfter verification is completion any new connections must be made with new certificate. Prior to verification the old client certificate remains active.", @@ -4631,6 +4731,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "After submitting a CSR for a new client certificate the resulting public certificate must be re-submitted to this endpoint to verify receipt.\nAfter receipt, the new client certificate must be used for new authentication requests.", @@ -4699,6 +4804,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Returns details about the current MFA enrollment. If enrollment has not been completed it will return the current MFA configuration details necessary to complete a ` + "`" + `POST /current-identity/mfa/verify` + "`" + `.\n", @@ -4771,6 +4881,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Allows authenticator based MFA enrollment. If enrollment has already been completed, it must be disabled before attempting to re-enroll. Subsequent enrollment request is completed via ` + "`" + `POST /current-identity/mfa/verify` + "`" + `\n", @@ -4839,6 +4954,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Disable MFA for the current identity. Requires a current valid time based one time password if MFA enrollment has been completed. If not, code should be an empty string. If one time passwords are not available and admin account can be used to remove MFA from the identity via ` + "`" + `DELETE /identities/\u003cid\u003e/mfa` + "`" + `.\n", @@ -4920,6 +5040,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Shows an QR code image for unverified MFA enrollments. 404s if the MFA enrollment has been completed or not started.\n", @@ -4948,6 +5073,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Allows the viewing of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment.\n", @@ -5035,6 +5165,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Allows regeneration of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment. This replaces all existing recovery codes.\n", @@ -5120,6 +5255,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Completes MFA enrollment by accepting a time based one time password as verification. Called after MFA enrollment has been initiated via ` + "`" + `POST /current-identity/mfa` + "`" + `.\n", @@ -5205,6 +5345,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Starts a data integrity scan on the datastore. Requires admin access. Only once instance may run at a time, including runs of fixDataIntegrity.", @@ -5392,6 +5537,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Create a new database snapshot. Requires admin access.", @@ -5462,6 +5612,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of edge router policy resources; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -5561,6 +5716,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Create an edge router policy resource. Requires admin access.", @@ -5656,6 +5816,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single edge router policy by id. Requires admin access.", @@ -5727,6 +5892,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on an edge router policy by id. Requires admin access.", @@ -5846,6 +6016,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete an edge router policy by id. Requires admin access.", @@ -5953,6 +6128,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update the supplied fields on an edge router policy. Requires admin access.", @@ -6083,6 +6263,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of edge routers an edge router policy resources affects; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -6165,6 +6350,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of identities an edge router policy resources affects; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -6247,6 +6437,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of role attributes in use by edge routers; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -6348,6 +6543,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of edge router resources; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -7393,6 +7593,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of outstanding enrollments; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -7492,6 +7697,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Creates a new OTT, OTTCA, or UPDB enrollment for a specific identity. If an enrollment of the same type is already outstanding the request will fail with a 409 conflict. If desired, an existing enrollment can be refreshed by ` + "`" + `enrollments/:id/refresh` + "`" + ` or deleted.", @@ -7593,6 +7803,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single outstanding enrollment by id. Requires admin access.", @@ -7664,6 +7879,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete an outstanding enrollment by id. Requires admin access.", @@ -7757,6 +7977,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "For expired or unexpired enrollments, reset the expiration window. A new JWT will be generated and must be used for the enrollment.", @@ -7861,6 +8086,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of external JWT signers for authentication", @@ -7960,6 +8190,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Creates an External JWT Signer. Requires admin access.", @@ -8055,6 +8290,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single External JWT Signer by id. Requires admin access.", @@ -8126,6 +8366,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on an External JWT Signer by id. Requires admin access.", @@ -8245,6 +8490,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete an External JWT Signer by id. Requires admin access.\n", @@ -8327,6 +8577,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update only the supplied fields on an External JWT Signer by id. Requires admin access.", @@ -8457,6 +8712,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of identity resources; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -8570,6 +8830,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Create an identity resource. Requires admin access.", @@ -8665,6 +8930,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single identity by id. Requires admin access.", @@ -8736,6 +9006,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on an identity by id. Requires admin access.", @@ -8855,6 +9130,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete an identity by id. Requires admin access.", @@ -8962,6 +9242,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update the supplied fields on an identity. Requires admin access.", @@ -9267,6 +9552,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of edge router policies that apply to the specified identity.", @@ -9349,6 +9639,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of edge-routers that the given identity may use to access services. Supports filtering, sorting, and pagination. Requires admin access.\n", @@ -9760,6 +10055,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Analyzes policies to see if the given identity should be able to dial or bind the given service. |\nWill check services policies to see if the identity can access the service. Will check edge router policies |\nto check if the identity and service have access to common edge routers so that a connnection can be made. |\nWill also check if at least one edge router is on-line. Requires admin access.\n", @@ -9849,6 +10149,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Returns a nested map data represeting the posture data of the identity.\nThis data should be considered volatile.\n", @@ -9931,6 +10236,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of service configs associated to a specific identity", @@ -10002,6 +10312,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Associate service configs to a specific identity", @@ -10121,6 +10436,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Remove service configs from a specific identity", @@ -10250,6 +10570,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of service policies that apply to the specified identity.", @@ -10332,6 +10657,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of services that the given identity has access to. Supports filtering, sorting, and pagination. Requires admin access.\n", @@ -10646,6 +10976,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of identity types; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -10747,6 +11082,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single identity type by id. Requires admin access.", @@ -10829,6 +11169,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of posture check types\n", @@ -10933,6 +11278,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single posture check type by id", @@ -11015,6 +11365,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of posture checks\n", @@ -11131,6 +11486,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Creates a Posture Checks", @@ -11226,6 +11586,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single Posture Checks by id", @@ -11297,6 +11662,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on a Posture Checks by id", @@ -11416,6 +11786,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Deletes and Posture Checks by id", @@ -11487,6 +11862,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update only the supplied fields on a Posture Checks by id", @@ -11617,6 +11997,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of router resources; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -11716,6 +12101,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Create a router resource. Requires admin access.", @@ -11811,6 +12201,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single router by id. Requires admin access.", @@ -11882,6 +12277,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on a router by id. Requires admin access.", @@ -12001,6 +12401,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete a router by id. Requires admin access.", @@ -12108,6 +12513,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update the supplied fields on a router. Requires admin access.", @@ -12238,6 +12648,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of service edge router policy resources; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -12337,6 +12752,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Create a service edge router policy resource. Requires admin access.", @@ -12432,6 +12852,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single service edge policy by id. Requires admin access.", @@ -12503,6 +12928,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on a service edge policy by id. Requires admin access.", @@ -12622,6 +13052,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete a service edge policy by id. Requires admin access.", @@ -12729,6 +13164,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update the supplied fields on a service edge policy. Requires admin access.", @@ -12859,6 +13299,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "List the edge routers that a service edge router policy applies to", @@ -12941,6 +13386,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "List the services that a service edge router policy applies to", @@ -14042,6 +14492,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of config resources; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -14155,6 +14610,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Create a services resource. Requires admin access.", @@ -14250,6 +14710,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single service by id. Requires admin access.", @@ -14321,6 +14786,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on a service by id. Requires admin access.", @@ -14440,6 +14910,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete a service by id. Requires admin access.", @@ -14547,6 +15022,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update the supplied fields on a service. Requires admin access.", @@ -14677,6 +15157,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of config resources associated to a specific service; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -14787,6 +15272,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of edge-routers that may be used to access the given service. Supports filtering, sorting, and pagination. Requires admin access.\n", @@ -14897,6 +15387,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of identities that have access to this service. Supports filtering, sorting, and pagination. Requires admin access.\n", @@ -15007,6 +15502,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of service edge router policy resources that affect a specific service; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -15117,6 +15617,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of service policy resources that affect specific service; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -15227,6 +15732,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of terminator resources that are assigned specific service; supports filtering, sorting, and pagination.\n", @@ -15337,6 +15847,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of active sessions resources; supports filtering, sorting, and pagination. Requires admin access.\n\nSessions are tied to an API session and are moved when an API session times out or logs out. Active sessions\n(i.e. Ziti SDK connected to an edge router) will keep the session and API session marked as active.\n", @@ -15438,6 +15953,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single session by id. Requires admin access.", @@ -15509,6 +16029,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete a session by id. Requires admin access.", @@ -15627,6 +16152,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single session's route path by id. Requires admin access.", @@ -15835,6 +16365,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of terminator resources; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -15934,6 +16469,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Create a terminator resource. Requires admin access.", @@ -16029,6 +16569,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single terminator by id. Requires admin access.", @@ -16456,6 +17001,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of router resources; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -16555,6 +17105,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Create a router resource. Requires admin access.", @@ -16650,6 +17205,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single router by id. Requires admin access.", @@ -16721,6 +17281,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on a router by id. Requires admin access.", @@ -16840,6 +17405,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete a router by id. Requires admin access.", @@ -16947,6 +17517,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update the supplied fields on a router. Requires admin access.", @@ -23308,6 +23883,15 @@ func init() { } }, "securityDefinitions": { + "oauth2": { + "type": "oauth2", + "flow": "accessCode", + "authorizationUrl": "/oidc/authorize", + "tokenUrl": "/oidc/token", + "scopes": { + "openid": "openid" + } + }, "ztSession": { "description": "An API Key that is provided post authentication", "type": "apiKey", @@ -23390,6 +23974,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Returns a list of active API sessions. The resources can be sorted, filtered, and paginated. This endpoint\nrequires admin access.\n", @@ -23647,6 +24236,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of Auth Policies", @@ -24381,6 +24975,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Completes MFA authentication by submitting a MFA time based one time token or backup code.", @@ -24422,6 +25021,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Returns a list of authenticators associated to identities. The resources can be sorted, filtered, and paginated.\nThis endpoint requires admin access.\n", @@ -25111,6 +25715,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of CA resources; supports filtering, sorting, and pagination. Requires admin access.", @@ -25928,6 +26537,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of config-type resources; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -26580,6 +27194,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of config resources; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -26679,6 +27298,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Create a config resource. Requires admin access.", @@ -26774,6 +27398,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single config by id. Requires admin access.", @@ -26845,6 +27474,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on a config by id. Requires admin access.", @@ -26964,6 +27598,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete a config by id. Requires admin access.", @@ -27071,6 +27710,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update the supplied fields on a config. Requires admin access.", @@ -27201,6 +27845,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves the API session that was used to issue the current request", @@ -27282,6 +27931,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Terminates the current API session", @@ -27328,6 +27982,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Returns the identity associated with the API sessions used to issue the current request", @@ -27417,6 +28076,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of authenticators assigned to the current API session's identity; supports filtering, sorting, and pagination.", @@ -27518,6 +28182,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single authenticator by id. Will only show authenticators assigned to the API session's identity.", @@ -27589,6 +28258,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on an authenticator by id. Will only update authenticators assigned to the API session's\nidentity.\n", @@ -27708,6 +28382,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update the supplied fields on an authenticator by id. Will only update authenticators assigned to the API\nsession's identity.\n", @@ -27838,6 +28517,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "This endpoint only functions for certificates issued by the controller. 3rd party certificates are not handled.\nAllows an identity to extend its certificate's expiration date by using its current and valid client certificate to submit a CSR. This CSR may be passed in using a new private key, thus allowing private key rotation.\nThe response from this endpoint is a new client certificate which the client must be verified via the /authenticators/{id}/extend-verify endpoint.\nAfter verification is completion any new connections must be made with new certificate. Prior to verification the old client certificate remains active.", @@ -27906,6 +28590,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "After submitting a CSR for a new client certificate the resulting public certificate must be re-submitted to this endpoint to verify receipt.\nAfter receipt, the new client certificate must be used for new authentication requests.", @@ -27974,6 +28663,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Returns details about the current MFA enrollment. If enrollment has not been completed it will return the current MFA configuration details necessary to complete a ` + "`" + `POST /current-identity/mfa/verify` + "`" + `.\n", @@ -28046,6 +28740,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Allows authenticator based MFA enrollment. If enrollment has already been completed, it must be disabled before attempting to re-enroll. Subsequent enrollment request is completed via ` + "`" + `POST /current-identity/mfa/verify` + "`" + `\n", @@ -28114,6 +28813,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Disable MFA for the current identity. Requires a current valid time based one time password if MFA enrollment has been completed. If not, code should be an empty string. If one time passwords are not available and admin account can be used to remove MFA from the identity via ` + "`" + `DELETE /identities/\u003cid\u003e/mfa` + "`" + `.\n", @@ -28195,6 +28899,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Shows an QR code image for unverified MFA enrollments. 404s if the MFA enrollment has been completed or not started.\n", @@ -28223,6 +28932,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Allows the viewing of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment.\n", @@ -28310,6 +29024,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Allows regeneration of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment. This replaces all existing recovery codes.\n", @@ -28395,6 +29114,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Completes MFA enrollment by accepting a time based one time password as verification. Called after MFA enrollment has been initiated via ` + "`" + `POST /current-identity/mfa` + "`" + `.\n", @@ -28480,6 +29204,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Starts a data integrity scan on the datastore. Requires admin access. Only once instance may run at a time, including runs of fixDataIntegrity.", @@ -28667,6 +29396,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Create a new database snapshot. Requires admin access.", @@ -28737,6 +29471,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of edge router policy resources; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -28836,6 +29575,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Create an edge router policy resource. Requires admin access.", @@ -28931,6 +29675,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single edge router policy by id. Requires admin access.", @@ -29002,6 +29751,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on an edge router policy by id. Requires admin access.", @@ -29121,6 +29875,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete an edge router policy by id. Requires admin access.", @@ -29228,6 +29987,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update the supplied fields on an edge router policy. Requires admin access.", @@ -29358,6 +30122,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of edge routers an edge router policy resources affects; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -29440,6 +30209,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of identities an edge router policy resources affects; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -29522,6 +30296,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of role attributes in use by edge routers; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -29623,6 +30402,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of edge router resources; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -30668,6 +31452,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of outstanding enrollments; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -30767,6 +31556,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Creates a new OTT, OTTCA, or UPDB enrollment for a specific identity. If an enrollment of the same type is already outstanding the request will fail with a 409 conflict. If desired, an existing enrollment can be refreshed by ` + "`" + `enrollments/:id/refresh` + "`" + ` or deleted.", @@ -30868,6 +31662,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single outstanding enrollment by id. Requires admin access.", @@ -30939,6 +31738,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete an outstanding enrollment by id. Requires admin access.", @@ -31032,6 +31836,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "For expired or unexpired enrollments, reset the expiration window. A new JWT will be generated and must be used for the enrollment.", @@ -31136,6 +31945,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of external JWT signers for authentication", @@ -31235,6 +32049,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Creates an External JWT Signer. Requires admin access.", @@ -31330,6 +32149,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single External JWT Signer by id. Requires admin access.", @@ -31401,6 +32225,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on an External JWT Signer by id. Requires admin access.", @@ -31520,6 +32349,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete an External JWT Signer by id. Requires admin access.\n", @@ -31602,6 +32436,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update only the supplied fields on an External JWT Signer by id. Requires admin access.", @@ -31732,6 +32571,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of identity resources; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -31845,6 +32689,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Create an identity resource. Requires admin access.", @@ -31940,6 +32789,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single identity by id. Requires admin access.", @@ -32011,6 +32865,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on an identity by id. Requires admin access.", @@ -32130,6 +32989,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete an identity by id. Requires admin access.", @@ -32237,6 +33101,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update the supplied fields on an identity. Requires admin access.", @@ -32542,6 +33411,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of edge router policies that apply to the specified identity.", @@ -32624,6 +33498,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of edge-routers that the given identity may use to access services. Supports filtering, sorting, and pagination. Requires admin access.\n", @@ -33035,6 +33914,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Analyzes policies to see if the given identity should be able to dial or bind the given service. |\nWill check services policies to see if the identity can access the service. Will check edge router policies |\nto check if the identity and service have access to common edge routers so that a connnection can be made. |\nWill also check if at least one edge router is on-line. Requires admin access.\n", @@ -33124,6 +34008,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Returns a nested map data represeting the posture data of the identity.\nThis data should be considered volatile.\n", @@ -33206,6 +34095,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of service configs associated to a specific identity", @@ -33277,6 +34171,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Associate service configs to a specific identity", @@ -33396,6 +34295,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Remove service configs from a specific identity", @@ -33525,6 +34429,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of service policies that apply to the specified identity.", @@ -33607,6 +34516,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of services that the given identity has access to. Supports filtering, sorting, and pagination. Requires admin access.\n", @@ -33921,6 +34835,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of identity types; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -34022,6 +34941,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single identity type by id. Requires admin access.", @@ -34104,6 +35028,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of posture check types\n", @@ -34208,6 +35137,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single posture check type by id", @@ -34290,6 +35224,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of posture checks\n", @@ -34406,6 +35345,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Creates a Posture Checks", @@ -34501,6 +35445,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single Posture Checks by id", @@ -34572,6 +35521,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on a Posture Checks by id", @@ -34691,6 +35645,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Deletes and Posture Checks by id", @@ -34762,6 +35721,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update only the supplied fields on a Posture Checks by id", @@ -34892,6 +35856,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of router resources; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -34991,6 +35960,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Create a router resource. Requires admin access.", @@ -35086,6 +36060,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single router by id. Requires admin access.", @@ -35157,6 +36136,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on a router by id. Requires admin access.", @@ -35276,6 +36260,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete a router by id. Requires admin access.", @@ -35383,6 +36372,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update the supplied fields on a router. Requires admin access.", @@ -35513,6 +36507,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of service edge router policy resources; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -35612,6 +36611,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Create a service edge router policy resource. Requires admin access.", @@ -35707,6 +36711,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single service edge policy by id. Requires admin access.", @@ -35778,6 +36787,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on a service edge policy by id. Requires admin access.", @@ -35897,6 +36911,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete a service edge policy by id. Requires admin access.", @@ -36004,6 +37023,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update the supplied fields on a service edge policy. Requires admin access.", @@ -36134,6 +37158,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "List the edge routers that a service edge router policy applies to", @@ -36216,6 +37245,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "List the services that a service edge router policy applies to", @@ -37317,6 +38351,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of config resources; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -37430,6 +38469,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Create a services resource. Requires admin access.", @@ -37525,6 +38569,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single service by id. Requires admin access.", @@ -37596,6 +38645,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on a service by id. Requires admin access.", @@ -37715,6 +38769,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete a service by id. Requires admin access.", @@ -37822,6 +38881,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update the supplied fields on a service. Requires admin access.", @@ -37952,6 +39016,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of config resources associated to a specific service; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -38062,6 +39131,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of edge-routers that may be used to access the given service. Supports filtering, sorting, and pagination. Requires admin access.\n", @@ -38172,6 +39246,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of identities that have access to this service. Supports filtering, sorting, and pagination. Requires admin access.\n", @@ -38282,6 +39361,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of service edge router policy resources that affect a specific service; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -38392,6 +39476,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of service policy resources that affect specific service; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -38502,6 +39591,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of terminator resources that are assigned specific service; supports filtering, sorting, and pagination.\n", @@ -38612,6 +39706,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of active sessions resources; supports filtering, sorting, and pagination. Requires admin access.\n\nSessions are tied to an API session and are moved when an API session times out or logs out. Active sessions\n(i.e. Ziti SDK connected to an edge router) will keep the session and API session marked as active.\n", @@ -38713,6 +39812,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single session by id. Requires admin access.", @@ -38784,6 +39888,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete a session by id. Requires admin access.", @@ -38902,6 +40011,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single session's route path by id. Requires admin access.", @@ -39110,6 +40224,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of terminator resources; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -39209,6 +40328,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Create a terminator resource. Requires admin access.", @@ -39304,6 +40428,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single terminator by id. Requires admin access.", @@ -39731,6 +40860,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a list of router resources; supports filtering, sorting, and pagination. Requires admin access.\n", @@ -39830,6 +40964,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Create a router resource. Requires admin access.", @@ -39925,6 +41064,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Retrieves a single router by id. Requires admin access.", @@ -39996,6 +41140,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update all fields on a router by id. Requires admin access.", @@ -40115,6 +41264,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Delete a router by id. Requires admin access.", @@ -40222,6 +41376,11 @@ func init() { "security": [ { "ztSession": [] + }, + { + "oauth2": [ + "openid" + ] } ], "description": "Update the supplied fields on a router. Requires admin access.", @@ -46688,6 +47847,15 @@ func init() { } }, "securityDefinitions": { + "oauth2": { + "type": "oauth2", + "flow": "accessCode", + "authorizationUrl": "/oidc/authorize", + "tokenUrl": "/oidc/token", + "scopes": { + "openid": "openid" + } + }, "ztSession": { "description": "An API Key that is provided post authentication", "type": "apiKey", diff --git a/rest_management_api_server/operations/ziti_edge_management_api.go b/rest_management_api_server/operations/ziti_edge_management_api.go index 99eee2e5..a5c54c69 100644 --- a/rest_management_api_server/operations/ziti_edge_management_api.go +++ b/rest_management_api_server/operations/ziti_edge_management_api.go @@ -650,6 +650,9 @@ func NewZitiEdgeManagementAPI(spec *loads.Document) *ZitiEdgeManagementAPI { return middleware.NotImplemented("operation current_identity.VerifyMfa has not yet been implemented") }), + Oauth2Auth: func(token string, scopes []string) (interface{}, error) { + return nil, errors.NotImplemented("oauth2 bearer auth (oauth2) has not yet been implemented") + }, // Applies when the "zt-session" header is set ZtSessionAuth: func(token string) (interface{}, error) { return nil, errors.NotImplemented("api key auth (ztSession) zt-session from header param [zt-session] has not yet been implemented") @@ -707,6 +710,10 @@ type ZitiEdgeManagementAPI struct { // - text/yaml TextYamlProducer runtime.Producer + // Oauth2Auth registers a function that takes an access token and a collection of required scopes and returns a principal + // it performs authentication based on an oauth2 bearer token provided in the request + Oauth2Auth func(string, []string) (interface{}, error) + // ZtSessionAuth registers a function that takes a token and returns a principal // it performs authentication based on an api key zt-session provided in the header ZtSessionAuth func(string) (interface{}, error) @@ -1170,6 +1177,9 @@ func (o *ZitiEdgeManagementAPI) Validate() error { unregistered = append(unregistered, "TextYamlProducer") } + if o.Oauth2Auth == nil { + unregistered = append(unregistered, "Oauth2Auth") + } if o.ZtSessionAuth == nil { unregistered = append(unregistered, "ZtSessionAuth") } @@ -1738,6 +1748,9 @@ func (o *ZitiEdgeManagementAPI) AuthenticatorsFor(schemes map[string]spec.Securi result := make(map[string]runtime.Authenticator) for name := range schemes { switch name { + case "oauth2": + result[name] = o.BearerAuthenticator(name, o.Oauth2Auth) + case "ztSession": scheme := schemes[name] result[name] = o.APIKeyAuthenticator(scheme.Name, scheme.In, o.ZtSessionAuth) diff --git a/source/client.yml b/source/client.yml index 617cf40c..b7e89134 100644 --- a/source/client.yml +++ b/source/client.yml @@ -1,7 +1,7 @@ --- swagger: '2.0' info: - version: 0.25.15 + version: 0.25.31 title: Ziti Edge Client description: OpenZiti Edge Client API contact: @@ -25,7 +25,13 @@ securityDefinitions: in: header name: zt-session description: An API Key that is provided post authentication - + oauth2: + type: oauth2 + tokenUrl: /oidc/token + flow: accessCode + authorizationUrl: /oidc/authorize + scopes: + openid: openid paths: '/': $ref: 'shared/version.yml#/paths/root' diff --git a/source/client/current-api-session-certificates.yml b/source/client/current-api-session-certificates.yml index 1c4297a6..72689f0a 100644 --- a/source/client/current-api-session-certificates.yml +++ b/source/client/current-api-session-certificates.yml @@ -5,7 +5,8 @@ paths: summary: List the ephemeral certificates available for the current API Session description: Retrieves a list of certificate resources for the current API session; supports filtering, sorting, and pagination security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Current API Session operationId: listCurrentApiSessionCertificates @@ -26,7 +27,8 @@ paths: expects a PEM encoded CSRs to be provided for fulfillment as a property of a JSON payload. It is up to the client to manage the private key backing the CSR request. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Current API Session operationId: createCurrentApiSessionCertificate @@ -51,7 +53,8 @@ paths: summary: Retrieves an ephemeral certificate description: Retrieves a single ephemeral certificate by id security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Current API Session operationId: detailCurrentApiSessionCertificate @@ -67,7 +70,8 @@ paths: description: | Delete an ephemeral certificateby id security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Current API Session operationId: deleteCurrentApiSessionCertificate diff --git a/source/client/current-api-session-service-updates.yml b/source/client/current-api-session-service-updates.yml index 42ff842a..a691b01b 100644 --- a/source/client/current-api-session-service-updates.yml +++ b/source/client/current-api-session-service-updates.yml @@ -7,7 +7,8 @@ paths: Retrieves data indicating the last time data relevant to this API Session was altered that would necessitate service refreshes. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Current API Session - Services diff --git a/source/client/current-identity-edge-routers.yml b/source/client/current-identity-edge-routers.yml index 8d883d50..bdc753f8 100644 --- a/source/client/current-identity-edge-routers.yml +++ b/source/client/current-identity-edge-routers.yml @@ -7,7 +7,8 @@ paths: Lists the Edge Routers that the current identity has access to via policies. The data returned includes their address and online status security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Current Identity - Edge Router diff --git a/source/client/ext-jwt-signers.yml b/source/client/ext-jwt-signers.yml index ff5815ae..d35601e9 100644 --- a/source/client/ext-jwt-signers.yml +++ b/source/client/ext-jwt-signers.yml @@ -5,7 +5,8 @@ paths: summary: List Client Authentication External JWT description: Retrieves a list of external JWT signers for authentication security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - External JWT Signer operationId: listExternalJwtSigners diff --git a/source/client/posture-response.yml b/source/client/posture-response.yml index 291bfbea..a22d273a 100644 --- a/source/client/posture-response.yml +++ b/source/client/posture-response.yml @@ -5,7 +5,8 @@ paths: summary: Submit a posture response to a posture query description: Submits posture responses security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Posture Checks operationId: createPostureResponse @@ -28,7 +29,8 @@ paths: summary: Submit multiple posture responses description: Submits posture responses security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Posture Checks operationId: createPostureResponseBulk diff --git a/source/client/services.yml b/source/client/services.yml index 748c0dcb..850336af 100644 --- a/source/client/services.yml +++ b/source/client/services.yml @@ -6,7 +6,8 @@ paths: description: | Retrieves a list of config resources; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service operationId: listServices @@ -30,7 +31,8 @@ paths: summary: Retrieves a single service description: Retrieves a single service by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service operationId: detailService @@ -50,7 +52,8 @@ paths: description: | Retrieves a list of terminator resources that are assigned specific service; supports filtering, sorting, and pagination. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service operationId: listServiceTerminators diff --git a/source/client/sessions.yml b/source/client/sessions.yml index 0c731295..d1880bc4 100644 --- a/source/client/sessions.yml +++ b/source/client/sessions.yml @@ -9,7 +9,8 @@ paths: Sessions are tied to an API session and are moved when an API session times out or logs out. Active sessions (i.e. Ziti SDK connected to an edge router) will keep the session and API session marked as active. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Session operationId: listSessions @@ -28,7 +29,8 @@ paths: summary: Create a session resource description: Create a session resource. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Session operationId: createSession @@ -53,7 +55,8 @@ paths: summary: Retrieves a single session description: Retrieves a single session by id. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Session operationId: detailSession @@ -68,7 +71,8 @@ paths: summary: Delete a session description: Delete a session by id. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Session operationId: deleteSession diff --git a/source/management.yml b/source/management.yml index 4cfe80db..0343fc2c 100644 --- a/source/management.yml +++ b/source/management.yml @@ -1,7 +1,7 @@ --- swagger: '2.0' info: - version: 0.25.15 + version: 0.25.31 title: Ziti Edge Management description: OpenZiti Edge Management API contact: @@ -25,7 +25,13 @@ securityDefinitions: in: header name: zt-session description: An API Key that is provided post authentication - + oauth2: + type: oauth2 + tokenUrl: /oidc/token + flow: accessCode + authorizationUrl: /oidc/authorize + scopes: + openid: openid paths: '/': $ref: 'shared/version.yml#/paths/root' diff --git a/source/management/api-sessions.yml b/source/management/api-sessions.yml index 5438561b..2f6e51a9 100644 --- a/source/management/api-sessions.yml +++ b/source/management/api-sessions.yml @@ -8,7 +8,8 @@ paths: Returns a list of active API sessions. The resources can be sorted, filtered, and paginated. This endpoint requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - API Session operationId: listAPISessions @@ -32,7 +33,7 @@ paths: summary: Retrieves a single API Session description: Retrieves a single API Session by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - API Session operationId: detailAPISessions @@ -47,7 +48,7 @@ paths: summary: Deletes an API Sessions description: Deletes and API sesion by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - API Session operationId: deleteAPISessions diff --git a/source/management/auth-policies.yml b/source/management/auth-policies.yml index 78af1f2d..36665d80 100644 --- a/source/management/auth-policies.yml +++ b/source/management/auth-policies.yml @@ -6,7 +6,8 @@ paths: summary: List Auth Policies description: Retrieves a list of Auth Policies security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Auth Policy operationId: listAuthPolicies @@ -25,7 +26,7 @@ paths: summary: Creates an Auth Policy description: Creates an Auth Policy. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Auth Policy operationId: createAuthPolicy @@ -50,7 +51,7 @@ paths: summary: Retrieves a single Auth Policy description: Retrieves a single Auth Policy by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Auth Policy operationId: detailAuthPolicy @@ -65,7 +66,7 @@ paths: summary: Update all fields on an Auth Policy description: Update all fields on an Auth Policy by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Auth Policy operationId: updateAuthPolicy @@ -89,7 +90,7 @@ paths: summary: Update the supplied fields on an Auth Policy description: Update only the supplied fields on an Auth Policy by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Auth Policy operationId: patchAuthPolicy @@ -114,7 +115,7 @@ paths: description: | Delete an Auth Policy by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Auth Policy operationId: deleteAuthPolicy diff --git a/source/management/authenticators.yml b/source/management/authenticators.yml index 1ab94014..11fc59ea 100644 --- a/source/management/authenticators.yml +++ b/source/management/authenticators.yml @@ -8,7 +8,8 @@ paths: Returns a list of authenticators associated to identities. The resources can be sorted, filtered, and paginated. This endpoint requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Authenticator operationId: listAuthenticators @@ -28,7 +29,7 @@ paths: description: | Creates an authenticator for a specific identity. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Authenticator operationId: createAuthenticator @@ -55,7 +56,7 @@ paths: summary: Retrieves a single authenticator description: Retrieves a single authenticator by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Authenticator operationId: detailAuthenticator @@ -70,7 +71,7 @@ paths: summary: Update all fields on an authenticator description: Update all fields on an authenticator by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Authenticator operationId: updateAuthenticator @@ -94,7 +95,7 @@ paths: summary: Update the supplied fields on an authenticator description: Update the supplied fields on an authenticator by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Authenticator operationId: patchAuthenticator @@ -120,7 +121,7 @@ paths: Delete an authenticator by id. Deleting all authenticators for an identity will make it impossible to log in. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Authenticator operationId: deleteAuthenticator @@ -142,7 +143,7 @@ paths: enrollment created depends on the authenticator. UPDB authenticators result in UPDB enrollments, CERT authenticators result in OTT enrollments, CERT + CA authenticators result in OTTCA enrollments. security: - - ztSession: [ ] + - ztSession: [] tags: - Authenticator operationId: reEnrollAuthenticator diff --git a/source/management/cas.yml b/source/management/cas.yml index d87bc020..14a2edfd 100644 --- a/source/management/cas.yml +++ b/source/management/cas.yml @@ -5,7 +5,8 @@ paths: summary: List CAs description: Retrieves a list of CA resources; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Certificate Authority operationId: listCas @@ -24,7 +25,7 @@ paths: summary: Creates a CA description: Creates a CA in an unverified state. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Certificate Authority operationId: createCa @@ -50,7 +51,7 @@ paths: summary: Retrieves a single CA description: Retrieves a single CA by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Certificate Authority operationId: detailCa @@ -65,7 +66,7 @@ paths: summary: Update all fields on a CA description: Update all fields on a CA by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Certificate Authority operationId: updateCa @@ -89,7 +90,7 @@ paths: summary: Update the supplied fields on a CA description: Update only the supplied fields on a CA by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Certificate Authority operationId: patchCa @@ -115,7 +116,7 @@ paths: Delete a CA by id. Deleting a CA will delete its associated certificate authenticators. This can make it impossible for identities to authenticate if they no longer have any valid authenticators. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Certificate Authority operationId: deleteCa @@ -135,7 +136,7 @@ paths: For CA auto enrollment, the enrollment JWT is static and provided on each CA resource. This endpoint provides the jwt as a text response. security: - - ztSession: [ ] + - ztSession: [] tags: - Certificate Authority operationId: getCaJwt @@ -166,7 +167,7 @@ paths: The common name on the certificate must match the verificationToken property of the CA. Unverfieid CAs can not be used for enrollment/authentication. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Certificate Authority operationId: verifyCa diff --git a/source/management/config-types.yml b/source/management/config-types.yml index ab45eccd..e3a82ab3 100644 --- a/source/management/config-types.yml +++ b/source/management/config-types.yml @@ -6,7 +6,8 @@ paths: description: | Retrieves a list of config-type resources; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Config operationId: listConfigTypes @@ -24,7 +25,7 @@ paths: post: summary: Create a config-type. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Config operationId: createConfigType @@ -49,7 +50,7 @@ paths: summary: Retrieves a single config-type description: Retrieves a single config-type by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Config operationId: detailConfigType @@ -64,7 +65,7 @@ paths: summary: Update all fields on a config-type description: Update all fields on a config-type by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Config operationId: updateConfigType @@ -88,7 +89,7 @@ paths: summary: Update the supplied fields on a config-type description: Update the supplied fields on a config-type. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Config operationId: patchConfigType @@ -112,7 +113,7 @@ paths: summary: Delete a config-type description: Delete a config-type by id. Removing a configuration type that are in use will result in a 409 conflict HTTP status code and error. All configurations of a type must be removed first. security: - - ztSession: [ ] + - ztSession: [] tags: - Config operationId: deleteConfigType @@ -132,7 +133,7 @@ paths: summary: Lists the configs of a specific config-type description: Lists the configs associated to a config-type. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Config operationId: listConfigsForConfigType diff --git a/source/management/configs.yml b/source/management/configs.yml index 1ff2f5eb..2d9b77c7 100644 --- a/source/management/configs.yml +++ b/source/management/configs.yml @@ -6,7 +6,8 @@ paths: description: | Retrieves a list of config resources; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Config operationId: listConfigs @@ -25,7 +26,8 @@ paths: summary: Create a config resource description: Create a config resource. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Config operationId: createConfig @@ -50,7 +52,8 @@ paths: summary: Retrieves a single config description: Retrieves a single config by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Config operationId: detailConfig @@ -65,7 +68,8 @@ paths: summary: Update all fields on a config description: Update all fields on a config by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Config operationId: updateConfig @@ -89,7 +93,8 @@ paths: summary: Update the supplied fields on a config description: Update the supplied fields on a config. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Config operationId: patchConfig @@ -113,7 +118,8 @@ paths: summary: Delete a config description: Delete a config by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Config operationId: deleteConfig diff --git a/source/management/database.yml b/source/management/database.yml index 77756088..d1d39cbe 100644 --- a/source/management/database.yml +++ b/source/management/database.yml @@ -5,7 +5,8 @@ paths: summary: Create a new database snapshot description: Create a new database snapshot. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Database operationId: createDatabaseSnapshot @@ -21,7 +22,8 @@ paths: summary: Starts a data integrity scan on the datastore description: Starts a data integrity scan on the datastore. Requires admin access. Only once instance may run at a time, including runs of fixDataIntegrity. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Database operationId: checkDataIntegrity @@ -37,7 +39,7 @@ paths: summary: Runs a data integrity scan on the datastore, attempts to fix any issues it can and returns any found issues description: Runs a data integrity scan on the datastore, attempts to fix any issues it can, and returns any found issues. Requires admin access. Only once instance may run at a time, including runs of checkDataIntegrity. security: - - ztSession: [ ] + - ztSession: [] tags: - Database operationId: fixDataIntegrity @@ -53,7 +55,7 @@ paths: summary: Returns any results found from in-progress integrity checks description: Returns any results found from in-progress integrity checks. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Database operationId: dataIntegrityResults diff --git a/source/management/edge-router-policies.yml b/source/management/edge-router-policies.yml index 748125ad..639ddf84 100644 --- a/source/management/edge-router-policies.yml +++ b/source/management/edge-router-policies.yml @@ -6,7 +6,8 @@ paths: description: | Retrieves a list of edge router policy resources; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Edge Router Policy operationId: listEdgeRouterPolicies @@ -25,7 +26,8 @@ paths: summary: Create an edge router policy resource description: Create an edge router policy resource. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Edge Router Policy operationId: createEdgeRouterPolicy @@ -50,7 +52,8 @@ paths: summary: Retrieves a single edge router policy description: Retrieves a single edge router policy by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Edge Router Policy operationId: detailEdgeRouterPolicy @@ -65,7 +68,8 @@ paths: summary: Update all fields on an edge router policy description: Update all fields on an edge router policy by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Edge Router Policy operationId: updateEdgeRouterPolicy @@ -89,7 +93,8 @@ paths: summary: Update the supplied fields on an edge router policy description: Update the supplied fields on an edge router policy. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Edge Router Policy operationId: patchEdgeRouterPolicy @@ -113,7 +118,8 @@ paths: summary: Delete an edge router policy description: Delete an edge router policy by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Edge Router Policy operationId: deleteEdgeRouterPolicy @@ -134,7 +140,8 @@ paths: description: | Retrieves a list of edge routers an edge router policy resources affects; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Edge Router Policy operationId: listEdgeRouterPolicyEdgeRouters @@ -153,7 +160,8 @@ paths: description: | Retrieves a list of identities an edge router policy resources affects; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Edge Router Policy operationId: listEdgeRouterPolicyIdentities diff --git a/source/management/edge-routers.yml b/source/management/edge-routers.yml index 8410e1de..14f784b8 100644 --- a/source/management/edge-routers.yml +++ b/source/management/edge-routers.yml @@ -7,7 +7,8 @@ paths: description: | Retrieves a list of edge router resources; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Edge Router operationId: listEdgeRouters @@ -28,7 +29,7 @@ paths: summary: Create an edge router description: Create a edge router resource. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Edge Router operationId: createEdgeRouter @@ -53,7 +54,7 @@ paths: summary: Retrieves a single edge router description: Retrieves a single edge router by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Edge Router operationId: detailEdgeRouter @@ -68,7 +69,7 @@ paths: summary: Update all fields on an edge router description: Update all fields on an edge router by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Edge Router operationId: updateEdgeRouter @@ -92,7 +93,7 @@ paths: summary: Update the supplied fields on an edge router description: Update the supplied fields on an edge router. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Edge Router operationId: patchEdgeRouter @@ -116,7 +117,7 @@ paths: summary: Delete an edge router description: Delete an edge router by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Edge Router operationId: deleteEdgeRouter @@ -136,7 +137,7 @@ paths: summary: List the edge router policies that affect an edge router description: Retrieves a list of edge router policies that apply to the specified edge router. security: - - ztSession: [ ] + - ztSession: [] tags: - Edge Router operationId: listEdgeRouterEdgeRouterPolicies @@ -155,7 +156,7 @@ paths: description: | Retrieves a list of identities that may access services via the given edge router. Supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Edge Router operationId: listEdgeRouterIdentities @@ -173,7 +174,7 @@ paths: summary: List the service policies that affect an edge router description: Retrieves a list of service policies policies that apply to the specified edge router. security: - - ztSession: [ ] + - ztSession: [] tags: - Edge Router operationId: listEdgeRouterServiceEdgeRouterPolicies @@ -192,7 +193,7 @@ paths: description: | Retrieves a list of services that may be accessed via the given edge router. Supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Edge Router operationId: listEdgeRouterServices @@ -216,7 +217,7 @@ paths: If the edge router has an existing outstanding enrollment JWT it will be replaced. The previous JWT will no longer be usable to complete the enrollment process. security: - - ztSession: [ ] + - ztSession: [] tags: - Edge Router operationId: reEnrollEdgeRouter diff --git a/source/management/enrollments.yml b/source/management/enrollments.yml index 239dee83..11be884a 100644 --- a/source/management/enrollments.yml +++ b/source/management/enrollments.yml @@ -6,7 +6,8 @@ paths: description: | Retrieves a list of outstanding enrollments; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Enrollment operationId: listEnrollments @@ -28,7 +29,8 @@ paths: is already outstanding the request will fail with a 409 conflict. If desired, an existing enrollment can be refreshed by `enrollments/:id/refresh` or deleted. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Enrollment operationId: createEnrollment @@ -55,7 +57,8 @@ paths: summary: Retrieves an outstanding enrollment description: Retrieves a single outstanding enrollment by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Enrollment operationId: detailEnrollment @@ -70,7 +73,8 @@ paths: summary: Delete an outstanding enrollment description: Delete an outstanding enrollment by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Enrollment operationId: deleteEnrollment @@ -90,7 +94,8 @@ paths: For expired or unexpired enrollments, reset the expiration window. A new JWT will be generated and must be used for the enrollment. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Enrollment operationId: refreshEnrollment diff --git a/source/management/ext-jwt-signers.yml b/source/management/ext-jwt-signers.yml index 32146616..15b00fff 100644 --- a/source/management/ext-jwt-signers.yml +++ b/source/management/ext-jwt-signers.yml @@ -5,7 +5,8 @@ paths: summary: List External JWT Signers description: Retrieves a list of external JWT signers for authentication security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - External JWT Signer operationId: listExternalJwtSigners @@ -24,7 +25,8 @@ paths: summary: Creates an External JWT Signer description: Creates an External JWT Signer. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - External JWT Signer operationId: createExternalJwtSigner @@ -49,7 +51,8 @@ paths: summary: Retrieves a single External JWT Signer description: Retrieves a single External JWT Signer by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - External JWT Signer operationId: detailExternalJwtSigner @@ -64,7 +67,8 @@ paths: summary: Update all fields on an External JWT Signer description: Update all fields on an External JWT Signer by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - External JWT Signer operationId: updateExternalJwtSigner @@ -88,7 +92,8 @@ paths: summary: Update the supplied fields on an External JWT Signer description: Update only the supplied fields on an External JWT Signer by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - External JWT Signer operationId: patchExternalJwtSigner @@ -113,7 +118,8 @@ paths: description: | Delete an External JWT Signer by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - External JWT Signer operationId: deleteExternalJwtSigner diff --git a/source/management/identities.yml b/source/management/identities.yml index 829f580c..63e05652 100644 --- a/source/management/identities.yml +++ b/source/management/identities.yml @@ -6,7 +6,8 @@ paths: description: | Retrieves a list of identity resources; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Identity operationId: listIdentities @@ -27,7 +28,8 @@ paths: summary: Create an identity resource description: Create an identity resource. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Identity operationId: createIdentity @@ -52,7 +54,8 @@ paths: summary: Retrieves a single identity description: Retrieves a single identity by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Identity operationId: detailIdentity @@ -67,7 +70,8 @@ paths: summary: Update all fields on an identity description: Update all fields on an identity by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Identity operationId: updateIdentity @@ -91,7 +95,8 @@ paths: summary: Update the supplied fields on an identity description: Update the supplied fields on an identity. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Identity operationId: patchIdentity @@ -115,7 +120,8 @@ paths: summary: Delete an identity description: Delete an identity by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Identity operationId: deleteIdentity @@ -135,7 +141,8 @@ paths: summary: List the edge router policies that affect an identity description: Retrieves a list of edge router policies that apply to the specified identity. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Identity operationId: listIdentitysEdgeRouterPolicies @@ -153,7 +160,8 @@ paths: summary: List the service configs associated a specific identity description: Retrieves a list of service configs associated to a specific identity security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Identity operationId: listIdentitysServiceConfigs @@ -175,7 +183,8 @@ paths: schema: $ref: 'service-configs.yml#/definitions/serviceConfigsAssignList' security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Identity operationId: associateIdentitysServiceConfigs @@ -199,7 +208,8 @@ paths: schema: $ref: 'service-configs.yml#/definitions/serviceConfigsAssignList' security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Identity operationId: disassociateIdentitysServiceConfigs @@ -219,7 +229,8 @@ paths: summary: List the service policies that affect an identity description: Retrieves a list of service policies that apply to the specified identity. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Identity operationId: listIdentityServicePolicies @@ -239,7 +250,8 @@ paths: description: | Retrieves a list of edge-routers that the given identity may use to access services. Supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Identity operationId: listIdentityEdgeRouters @@ -259,7 +271,8 @@ paths: description: | Retrieves a list of services that the given identity has access to. Supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Identity operationId: listIdentityServices @@ -283,7 +296,8 @@ paths: to check if the identity and service have access to common edge routers so that a connnection can be made. | Will also check if at least one edge router is on-line. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Identity operationId: getIdentityPolicyAdvice @@ -303,7 +317,8 @@ paths: Returns a nested map data represeting the posture data of the identity. This data should be considered volatile. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Identity operationId: getIdentityPostureData @@ -322,7 +337,7 @@ paths: description: | Returns a list of authenticators associated to the identity specified security: - - ztSession: [ ] + - ztSession: [] tags: - Identity operationId: getIdentityAuthenticators @@ -341,7 +356,7 @@ paths: description: | Returns a list of enrollments associated to the identity specified security: - - ztSession: [ ] + - ztSession: [] tags: - Identity operationId: getIdentityEnrollments @@ -362,7 +377,7 @@ paths: every policy that was verified against and every failed check in each policy. Each check will include the historical posture data and posture check configuration. security: - - ztSession: [ ] + - ztSession: [] tags: - Identity operationId: getIdentityFailedServiceRequests @@ -381,7 +396,7 @@ paths: description: | Allows an admin to remove MFA enrollment from a specific identity. Requires admin. security: - - ztSession: [ ] + - ztSession: [] tags: - Identity - MFA @@ -401,7 +416,7 @@ paths: description: | Allows an admin to enable/disable data flow tracing for an identity security: - - ztSession: [ ] + - ztSession: [] tags: - Identity - Tracing @@ -430,7 +445,7 @@ paths: description: | Allows an admin to remove disabled statuses from an identity. security: - - ztSession: [ ] + - ztSession: [] tags: - Identity operationId: enableIdentity @@ -449,7 +464,7 @@ paths: description: | Allows an admin disable an identity for a set amount of time or indefinitely. security: - - ztSession: [ ] + - ztSession: [] tags: - Identity operationId: disableIdentity diff --git a/source/management/identity-types.yml b/source/management/identity-types.yml index 0d9566ef..9a509ca6 100644 --- a/source/management/identity-types.yml +++ b/source/management/identity-types.yml @@ -7,7 +7,8 @@ paths: description: | Retrieves a list of identity types; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Identity operationId: listIdentityTypes @@ -29,7 +30,8 @@ paths: summary: Retrieves a identity type description: Retrieves a single identity type by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Identity operationId: detailIdentityType diff --git a/source/management/posture-check-types.yml b/source/management/posture-check-types.yml index 7a03380a..7d98c6f4 100644 --- a/source/management/posture-check-types.yml +++ b/source/management/posture-check-types.yml @@ -6,7 +6,8 @@ paths: description: | Retrieves a list of posture check types security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Posture Checks operationId: listPostureCheckTypes @@ -30,7 +31,8 @@ paths: summary: Retrieves a single posture check type description: Retrieves a single posture check type by id security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Posture Checks operationId: detailPostureCheckType diff --git a/source/management/posture-checks.yml b/source/management/posture-checks.yml index 5ac2bbc4..d967cd46 100644 --- a/source/management/posture-checks.yml +++ b/source/management/posture-checks.yml @@ -6,7 +6,8 @@ paths: description: | Retrieves a list of posture checks security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Posture Checks operationId: listPostureChecks @@ -29,7 +30,8 @@ paths: summary: Creates a Posture Checks description: Creates a Posture Checks security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Posture Checks operationId: createPostureCheck @@ -54,7 +56,8 @@ paths: summary: Retrieves a single Posture Checks description: Retrieves a single Posture Checks by id security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Posture Checks operationId: detailPostureCheck @@ -69,7 +72,8 @@ paths: summary: Update all fields on a Posture Checks description: Update all fields on a Posture Checks by id security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Posture Checks operationId: updatePostureCheck @@ -93,7 +97,8 @@ paths: summary: Update the supplied fields on a Posture Checks description: Update only the supplied fields on a Posture Checks by id security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Posture Checks operationId: patchPostureCheck @@ -117,7 +122,8 @@ paths: summary: Deletes an Posture Checks description: Deletes and Posture Checks by id security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Posture Checks operationId: deletePostureCheck diff --git a/source/management/role-attributes.yml b/source/management/role-attributes.yml index 4327b68d..5ac06520 100644 --- a/source/management/role-attributes.yml +++ b/source/management/role-attributes.yml @@ -6,7 +6,8 @@ paths: description: | Retrieves a list of role attributes in use by edge routers; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Role Attributes operationId: listEdgeRouterRoleAttributes @@ -28,7 +29,7 @@ paths: description: | Retrieves a list of role attributes in use by identities; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Role Attributes operationId: listIdentityRoleAttributes @@ -50,7 +51,7 @@ paths: description: | Retrieves a list of role attributes in use by services; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Role Attributes operationId: listServiceRoleAttributes diff --git a/source/management/routers.yml b/source/management/routers.yml index 5647db2d..17d0d5bc 100644 --- a/source/management/routers.yml +++ b/source/management/routers.yml @@ -7,7 +7,8 @@ paths: description: | Retrieves a list of router resources; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Router operationId: listTransitRouters @@ -26,7 +27,8 @@ paths: summary: Create a router resource description: Create a router resource. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Router operationId: createTransitRouter @@ -51,7 +53,8 @@ paths: summary: Retrieves a single router description: Retrieves a single router by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Router operationId: detailTransitRouter @@ -66,7 +69,8 @@ paths: summary: Update all fields on a router description: Update all fields on a router by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Router operationId: updateTransitRouter @@ -90,7 +94,8 @@ paths: summary: Update the supplied fields on a router description: Update the supplied fields on a router. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Router operationId: patchTransitRouter @@ -114,7 +119,8 @@ paths: summary: Delete a router description: Delete a router by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Router operationId: deleteTransitRouter @@ -133,7 +139,8 @@ paths: description: | Retrieves a list of router resources; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Router operationId: listRouters @@ -152,7 +159,8 @@ paths: summary: Create a router resource description: Create a router resource. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Router operationId: createRouter @@ -177,7 +185,8 @@ paths: summary: Retrieves a single router description: Retrieves a single router by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Router operationId: detailRouter @@ -192,7 +201,8 @@ paths: summary: Update all fields on a router description: Update all fields on a router by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Router operationId: updateRouter @@ -216,7 +226,8 @@ paths: summary: Update the supplied fields on a router description: Update the supplied fields on a router. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Router operationId: patchRouter @@ -240,7 +251,8 @@ paths: summary: Delete a router description: Delete a router by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Router operationId: deleteRouter diff --git a/source/management/service-edge-router-policies.yml b/source/management/service-edge-router-policies.yml index 0e9fce44..3f26dd21 100644 --- a/source/management/service-edge-router-policies.yml +++ b/source/management/service-edge-router-policies.yml @@ -6,7 +6,8 @@ paths: description: | Retrieves a list of service edge router policy resources; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service Edge Router Policy operationId: listServiceEdgeRouterPolicies @@ -25,7 +26,8 @@ paths: summary: Create a service edge router policy resource description: Create a service edge router policy resource. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service Edge Router Policy operationId: createServiceEdgeRouterPolicy @@ -50,7 +52,8 @@ paths: summary: Retrieves a single service edge policy description: Retrieves a single service edge policy by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service Edge Router Policy operationId: detailServiceEdgeRouterPolicy @@ -65,7 +68,8 @@ paths: summary: Update all fields on a service edge policy description: Update all fields on a service edge policy by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service Edge Router Policy operationId: updateServiceEdgeRouterPolicy @@ -89,7 +93,8 @@ paths: summary: Update the supplied fields on a service edge policy description: Update the supplied fields on a service edge policy. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service Edge Router Policy operationId: patchServiceEdgeRouterPolicy @@ -113,7 +118,8 @@ paths: summary: Delete a service edge policy description: Delete a service edge policy by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service Edge Router Policy operationId: deleteServiceEdgeRouterPolicy @@ -133,7 +139,8 @@ paths: summary: List the edge routers that a service edge router policy applies to description: List the edge routers that a service edge router policy applies to security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service Edge Router Policy operationId: listServiceEdgeRouterPolicyEdgeRouters @@ -151,7 +158,8 @@ paths: summary: List the services that a service edge router policy applies to description: List the services that a service edge router policy applies to security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service Edge Router Policy operationId: listServiceEdgeRouterPolicyServices diff --git a/source/management/service-policies.yml b/source/management/service-policies.yml index 7a23fbbc..ef987dfb 100644 --- a/source/management/service-policies.yml +++ b/source/management/service-policies.yml @@ -6,7 +6,7 @@ paths: description: | Retrieves a list of service policy resources; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Service Policy operationId: listServicePolicies @@ -25,7 +25,7 @@ paths: summary: Create a service policy resource description: Create a service policy resource. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Service Policy operationId: createServicePolicy @@ -50,7 +50,7 @@ paths: summary: Retrieves a single service policy description: Retrieves a single service policy by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Service Policy operationId: detailServicePolicy @@ -65,7 +65,7 @@ paths: summary: Update all fields on a service policy description: Update all fields on a service policy by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Service Policy operationId: updateServicePolicy @@ -89,7 +89,7 @@ paths: summary: Update the supplied fields on a service policy description: Update the supplied fields on a service policy. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Service Policy operationId: patchServicePolicy @@ -113,7 +113,7 @@ paths: summary: Delete a service policy description: Delete a service policy by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Service Policy operationId: deleteServicePolicy @@ -134,7 +134,7 @@ paths: description: | Retrieves a list of identity resources that are affected by a service policy; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Service Policy operationId: listServicePolicyIdentities @@ -158,7 +158,7 @@ paths: description: | Retrieves a list of service resources that are affected by a service policy; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Service Policy operationId: listServicePolicyServices @@ -181,7 +181,7 @@ paths: description: | Retrieves a list of posture check resources that are affected by a service policy; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Service Policy operationId: listServicePolicyPostureChecks diff --git a/source/management/services.yml b/source/management/services.yml index a8219523..555448bc 100644 --- a/source/management/services.yml +++ b/source/management/services.yml @@ -6,7 +6,8 @@ paths: description: | Retrieves a list of config resources; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service operationId: listServices @@ -27,7 +28,8 @@ paths: summary: Create a services resource description: Create a services resource. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service operationId: createService @@ -52,7 +54,8 @@ paths: summary: Retrieves a single service description: Retrieves a single service by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service operationId: detailService @@ -67,7 +70,8 @@ paths: summary: Update all fields on a service description: Update all fields on a service by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service operationId: updateService @@ -91,7 +95,8 @@ paths: summary: Update the supplied fields on a service description: Update the supplied fields on a service. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service operationId: patchService @@ -115,7 +120,8 @@ paths: summary: Delete a service description: Delete a service by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service operationId: deleteService @@ -136,7 +142,8 @@ paths: description: | Retrieves a list of config resources associated to a specific service; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service operationId: listServiceConfig @@ -159,7 +166,8 @@ paths: description: | Retrieves a list of service edge router policy resources that affect a specific service; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service operationId: listServiceServiceEdgeRouterPolicies @@ -182,7 +190,8 @@ paths: description: | Retrieves a list of service policy resources that affect specific service; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service operationId: listServiceServicePolicies @@ -206,7 +215,8 @@ paths: description: | Retrieves a list of identities that have access to this service. Supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service operationId: listServiceIdentities @@ -230,7 +240,8 @@ paths: description: | Retrieves a list of edge-routers that may be used to access the given service. Supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service operationId: listServiceEdgeRouters @@ -254,7 +265,8 @@ paths: description: | Retrieves a list of terminator resources that are assigned specific service; supports filtering, sorting, and pagination. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Service operationId: listServiceTerminators diff --git a/source/management/sessions.yml b/source/management/sessions.yml index a27a34aa..3e96fc44 100644 --- a/source/management/sessions.yml +++ b/source/management/sessions.yml @@ -9,7 +9,8 @@ paths: Sessions are tied to an API session and are moved when an API session times out or logs out. Active sessions (i.e. Ziti SDK connected to an edge router) will keep the session and API session marked as active. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Session operationId: listSessions @@ -31,7 +32,8 @@ paths: summary: Retrieves a single session description: Retrieves a single session by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Session operationId: detailSession @@ -46,7 +48,8 @@ paths: summary: Delete a session description: Delete a session by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Session operationId: deleteSession @@ -66,7 +69,8 @@ paths: summary: Retrieves a single session's router path description: Retrieves a single session's route path by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Session operationId: detailSessionRoutePath diff --git a/source/management/summary.yml b/source/management/summary.yml index 0eba56a6..5a784511 100644 --- a/source/management/summary.yml +++ b/source/management/summary.yml @@ -5,7 +5,7 @@ paths: summary: Returns a list of accessible resource counts description: This endpoint is usefull for UIs that wish to display UI elements with counts. security: - - ztSession: [ ] + - ztSession: [] tags: - Informational operationId: listSummary diff --git a/source/management/terminators.yml b/source/management/terminators.yml index ba8e0090..edbfa09a 100644 --- a/source/management/terminators.yml +++ b/source/management/terminators.yml @@ -6,7 +6,8 @@ paths: description: | Retrieves a list of terminator resources; supports filtering, sorting, and pagination. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Terminator operationId: listTerminators @@ -25,7 +26,8 @@ paths: summary: Create a terminator resource description: Create a terminator resource. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Terminator operationId: createTerminator @@ -50,7 +52,8 @@ paths: summary: Retrieves a single terminator description: Retrieves a single terminator by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Terminator operationId: detailTerminator @@ -65,7 +68,7 @@ paths: summary: Update all fields on a terminator description: Update all fields on a terminator by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Terminator operationId: updateTerminator @@ -89,7 +92,7 @@ paths: summary: Update the supplied fields on a terminator description: Update the supplied fields on a terminator. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Terminator operationId: patchTerminator @@ -113,7 +116,7 @@ paths: summary: Delete a terminator description: Delete a terminator by id. Requires admin access. security: - - ztSession: [ ] + - ztSession: [] tags: - Terminator operationId: deleteTerminator diff --git a/source/shared/authenticate.yml b/source/shared/authenticate.yml index 400943f6..768911f2 100644 --- a/source/shared/authenticate.yml +++ b/source/shared/authenticate.yml @@ -41,7 +41,8 @@ paths: summary: Complete MFA authentication description: Completes MFA authentication by submitting a MFA time based one time token or backup code. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Authentication - MFA diff --git a/source/shared/current-api-session.yml b/source/shared/current-api-session.yml index 9d4ceb5b..5b5658d1 100644 --- a/source/shared/current-api-session.yml +++ b/source/shared/current-api-session.yml @@ -5,7 +5,8 @@ paths: summary: Return the current API session description: Retrieves the API session that was used to issue the current request security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Current API Session operationId: getCurrentAPISession @@ -18,7 +19,8 @@ paths: summary: Logout description: Terminates the current API session security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Current API Session responses: diff --git a/source/shared/current-identity-authenticators.yml b/source/shared/current-identity-authenticators.yml index eab42958..4acbc6ff 100644 --- a/source/shared/current-identity-authenticators.yml +++ b/source/shared/current-identity-authenticators.yml @@ -6,7 +6,8 @@ paths: summary: List authenticators for the current identity description: Retrieves a list of authenticators assigned to the current API session's identity; supports filtering, sorting, and pagination. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Current API Session operationId: listCurrentIdentityAuthenticators @@ -28,7 +29,8 @@ paths: summary: Retrieve an authenticator for the current identity description: Retrieves a single authenticator by id. Will only show authenticators assigned to the API session's identity. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Current API Session operationId: detailCurrentIdentityAuthenticator @@ -45,7 +47,8 @@ paths: Update all fields on an authenticator by id. Will only update authenticators assigned to the API session's identity. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Current API Session operationId: updateCurrentIdentityAuthenticator @@ -71,7 +74,8 @@ paths: Update the supplied fields on an authenticator by id. Will only update authenticators assigned to the API session's identity. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Current API Session operationId: patchCurrentIdentityAuthenticator @@ -110,7 +114,8 @@ paths: After verification is completion any new connections must be made with new certificate. Prior to verification the old client certificate remains active. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] operationId: extendCurrentIdentityAuthenticator parameters: - name: extend @@ -139,7 +144,8 @@ paths: After receipt, the new client certificate must be used for new authentication requests. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] operationId: extendVerifyCurrentIdentityAuthenticator parameters: - name: extend diff --git a/source/shared/current-identity-mfa.yml b/source/shared/current-identity-mfa.yml index b9cc835f..823db881 100644 --- a/source/shared/current-identity-mfa.yml +++ b/source/shared/current-identity-mfa.yml @@ -8,7 +8,8 @@ paths: disabled before attempting to re-enroll. Subsequent enrollment request is completed via `POST /current-identity/mfa/verify` security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Current Identity - MFA @@ -26,7 +27,8 @@ paths: Returns details about the current MFA enrollment. If enrollment has not been completed it will return the current MFA configuration details necessary to complete a `POST /current-identity/mfa/verify`. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Current Identity - MFA @@ -45,7 +47,8 @@ paths: has been completed. If not, code should be an empty string. If one time passwords are not available and admin account can be used to remove MFA from the identity via `DELETE /identities//mfa`. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Current Identity - MFA @@ -69,7 +72,8 @@ paths: Shows an QR code image for unverified MFA enrollments. 404s if the MFA enrollment has been completed or not started. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Current Identity - MFA @@ -89,7 +93,8 @@ paths: Completes MFA enrollment by accepting a time based one time password as verification. Called after MFA enrollment has been initiated via `POST /current-identity/mfa`. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Current Identity - MFA @@ -115,7 +120,8 @@ paths: Allows the viewing of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Current Identity - MFA @@ -145,7 +151,8 @@ paths: time based one time password to interact with. Available after a completed MFA enrollment. This replaces all existing recovery codes. security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Current Identity - MFA diff --git a/source/shared/current-identity.yml b/source/shared/current-identity.yml index e41cf148..83c8ee17 100644 --- a/source/shared/current-identity.yml +++ b/source/shared/current-identity.yml @@ -5,7 +5,8 @@ paths: summary: Return the current identity description: Returns the identity associated with the API sessions used to issue the current request security: - - ztSession: [ ] + - ztSession: [] + - oauth2: [openid] tags: - Current Identity operationId: getCurrentIdentity