descope 1.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.github/workflows/ci.yaml +54 -0
- data/.gitignore +59 -0
- data/.release-please-manifest.json +3 -0
- data/.rubocop.yml +10 -0
- data/.rubocop_todo.yml +10 -0
- data/.ruby-version +1 -0
- data/CHANGELOG.md +90 -0
- data/Gemfile +22 -0
- data/Gemfile.lock +204 -0
- data/LICENSE +21 -0
- data/README.md +1171 -0
- data/Rakefile +31 -0
- data/descope.gemspec +34 -0
- data/examples/ruby/Gemfile +4 -0
- data/examples/ruby/Gemfile.lock +41 -0
- data/examples/ruby/access_key_app.rb +45 -0
- data/examples/ruby/enchantedlink_app.rb +65 -0
- data/examples/ruby/magiclink_app.rb +81 -0
- data/examples/ruby/management/Gemfile +5 -0
- data/examples/ruby/management/Gemfile.lock +38 -0
- data/examples/ruby/management/access_key_app.rb +71 -0
- data/examples/ruby/management/audit_app.rb +25 -0
- data/examples/ruby/management/authz_app.rb +135 -0
- data/examples/ruby/management/authz_files.json +229 -0
- data/examples/ruby/management/flow_app.rb +57 -0
- data/examples/ruby/management/permission_app.rb +56 -0
- data/examples/ruby/management/role_app.rb +58 -0
- data/examples/ruby/management/tenant_app.rb +60 -0
- data/examples/ruby/management/user_app.rb +60 -0
- data/examples/ruby/oauth_app.rb +39 -0
- data/examples/ruby/otp_app.rb +50 -0
- data/examples/ruby/password_app.rb +76 -0
- data/examples/ruby/saml_app.rb +38 -0
- data/examples/ruby-on-rails-api/descope/.dockerignore +37 -0
- data/examples/ruby-on-rails-api/descope/.gitattributes +9 -0
- data/examples/ruby-on-rails-api/descope/.gitignore +40 -0
- data/examples/ruby-on-rails-api/descope/.node-version +1 -0
- data/examples/ruby-on-rails-api/descope/.ruby-version +1 -0
- data/examples/ruby-on-rails-api/descope/Dockerfile +75 -0
- data/examples/ruby-on-rails-api/descope/Gemfile +67 -0
- data/examples/ruby-on-rails-api/descope/Gemfile.lock +284 -0
- data/examples/ruby-on-rails-api/descope/Procfile.dev +3 -0
- data/examples/ruby-on-rails-api/descope/README.md +54 -0
- data/examples/ruby-on-rails-api/descope/Rakefile +6 -0
- data/examples/ruby-on-rails-api/descope/app/assets/builds/.keep +0 -0
- data/examples/ruby-on-rails-api/descope/app/assets/config/manifest.js +3 -0
- data/examples/ruby-on-rails-api/descope/app/assets/images/.keep +0 -0
- data/examples/ruby-on-rails-api/descope/app/assets/images/descope.jpeg +0 -0
- data/examples/ruby-on-rails-api/descope/app/assets/images/favicon.ico +0 -0
- data/examples/ruby-on-rails-api/descope/app/assets/images/logo192.png +0 -0
- data/examples/ruby-on-rails-api/descope/app/assets/images/logo512.png +0 -0
- data/examples/ruby-on-rails-api/descope/app/assets/stylesheets/application.bootstrap.scss +67 -0
- data/examples/ruby-on-rails-api/descope/app/channels/application_cable/channel.rb +4 -0
- data/examples/ruby-on-rails-api/descope/app/channels/application_cable/connection.rb +4 -0
- data/examples/ruby-on-rails-api/descope/app/controllers/application_controller.rb +2 -0
- data/examples/ruby-on-rails-api/descope/app/controllers/concerns/.keep +0 -0
- data/examples/ruby-on-rails-api/descope/app/controllers/homepage_controller.rb +4 -0
- data/examples/ruby-on-rails-api/descope/app/controllers/session_controller.rb +66 -0
- data/examples/ruby-on-rails-api/descope/app/helpers/application_helper.rb +2 -0
- data/examples/ruby-on-rails-api/descope/app/helpers/homepage_helper.rb +2 -0
- data/examples/ruby-on-rails-api/descope/app/helpers/session_helper.rb +2 -0
- data/examples/ruby-on-rails-api/descope/app/javascript/App.css +53 -0
- data/examples/ruby-on-rails-api/descope/app/javascript/application.js +5 -0
- data/examples/ruby-on-rails-api/descope/app/javascript/components/App.jsx +4 -0
- data/examples/ruby-on-rails-api/descope/app/javascript/components/Dashboard.jsx +60 -0
- data/examples/ruby-on-rails-api/descope/app/javascript/components/Home.jsx +27 -0
- data/examples/ruby-on-rails-api/descope/app/javascript/components/Login.jsx +45 -0
- data/examples/ruby-on-rails-api/descope/app/javascript/components/Profile.jsx +81 -0
- data/examples/ruby-on-rails-api/descope/app/javascript/components/index.html +11 -0
- data/examples/ruby-on-rails-api/descope/app/javascript/components/index.jsx +24 -0
- data/examples/ruby-on-rails-api/descope/app/javascript/controllers/application.js +9 -0
- data/examples/ruby-on-rails-api/descope/app/javascript/controllers/index.js +5 -0
- data/examples/ruby-on-rails-api/descope/app/javascript/reportWebVitals.js +13 -0
- data/examples/ruby-on-rails-api/descope/app/javascript/routes/index.jsx +17 -0
- data/examples/ruby-on-rails-api/descope/app/jobs/application_job.rb +7 -0
- data/examples/ruby-on-rails-api/descope/app/mailers/application_mailer.rb +4 -0
- data/examples/ruby-on-rails-api/descope/app/models/application_record.rb +3 -0
- data/examples/ruby-on-rails-api/descope/app/models/concerns/.keep +0 -0
- data/examples/ruby-on-rails-api/descope/app/views/homepage/index.html.erb +2 -0
- data/examples/ruby-on-rails-api/descope/app/views/layouts/application.html.erb +16 -0
- data/examples/ruby-on-rails-api/descope/app/views/layouts/mailer.html.erb +13 -0
- data/examples/ruby-on-rails-api/descope/app/views/layouts/mailer.text.erb +1 -0
- data/examples/ruby-on-rails-api/descope/app/views/session/index.html.erb +2 -0
- data/examples/ruby-on-rails-api/descope/bin/bundle +109 -0
- data/examples/ruby-on-rails-api/descope/bin/dev +11 -0
- data/examples/ruby-on-rails-api/descope/bin/docker-entrypoint +8 -0
- data/examples/ruby-on-rails-api/descope/bin/rails +4 -0
- data/examples/ruby-on-rails-api/descope/bin/rake +4 -0
- data/examples/ruby-on-rails-api/descope/bin/setup +36 -0
- data/examples/ruby-on-rails-api/descope/build.js +30 -0
- data/examples/ruby-on-rails-api/descope/config/application.rb +42 -0
- data/examples/ruby-on-rails-api/descope/config/boot.rb +4 -0
- data/examples/ruby-on-rails-api/descope/config/cable.yml +10 -0
- data/examples/ruby-on-rails-api/descope/config/config.yml +9 -0
- data/examples/ruby-on-rails-api/descope/config/credentials.yml.enc +1 -0
- data/examples/ruby-on-rails-api/descope/config/database.yml +25 -0
- data/examples/ruby-on-rails-api/descope/config/environment.rb +5 -0
- data/examples/ruby-on-rails-api/descope/config/environments/development.rb +76 -0
- data/examples/ruby-on-rails-api/descope/config/environments/production.rb +97 -0
- data/examples/ruby-on-rails-api/descope/config/environments/test.rb +64 -0
- data/examples/ruby-on-rails-api/descope/config/initializers/assets.rb +13 -0
- data/examples/ruby-on-rails-api/descope/config/initializers/content_security_policy.rb +25 -0
- data/examples/ruby-on-rails-api/descope/config/initializers/filter_parameter_logging.rb +8 -0
- data/examples/ruby-on-rails-api/descope/config/initializers/inflections.rb +16 -0
- data/examples/ruby-on-rails-api/descope/config/initializers/load_config.rb +12 -0
- data/examples/ruby-on-rails-api/descope/config/initializers/permissions_policy.rb +13 -0
- data/examples/ruby-on-rails-api/descope/config/locales/en.yml +31 -0
- data/examples/ruby-on-rails-api/descope/config/puma.rb +35 -0
- data/examples/ruby-on-rails-api/descope/config/routes.rb +18 -0
- data/examples/ruby-on-rails-api/descope/config/storage.yml +34 -0
- data/examples/ruby-on-rails-api/descope/config.ru +6 -0
- data/examples/ruby-on-rails-api/descope/db/seeds.rb +9 -0
- data/examples/ruby-on-rails-api/descope/lib/assets/.keep +0 -0
- data/examples/ruby-on-rails-api/descope/lib/tasks/.keep +0 -0
- data/examples/ruby-on-rails-api/descope/log/.keep +0 -0
- data/examples/ruby-on-rails-api/descope/package-lock.json +19680 -0
- data/examples/ruby-on-rails-api/descope/package.json +51 -0
- data/examples/ruby-on-rails-api/descope/public/404.html +67 -0
- data/examples/ruby-on-rails-api/descope/public/422.html +67 -0
- data/examples/ruby-on-rails-api/descope/public/500.html +66 -0
- data/examples/ruby-on-rails-api/descope/public/apple-touch-icon-precomposed.png +0 -0
- data/examples/ruby-on-rails-api/descope/public/apple-touch-icon.png +0 -0
- data/examples/ruby-on-rails-api/descope/public/favicon.ico +0 -0
- data/examples/ruby-on-rails-api/descope/public/robots.txt +1 -0
- data/examples/ruby-on-rails-api/descope/storage/.keep +0 -0
- data/examples/ruby-on-rails-api/descope/tmp/.keep +0 -0
- data/examples/ruby-on-rails-api/descope/tmp/pids/.keep +0 -0
- data/examples/ruby-on-rails-api/descope/tmp/storage/.keep +0 -0
- data/examples/ruby-on-rails-api/descope/vendor/.keep +0 -0
- data/examples/ruby-on-rails-api/descope/yarn.lock +10780 -0
- data/lib/descope/api/v1/auth/enchantedlink.rb +156 -0
- data/lib/descope/api/v1/auth/magiclink.rb +170 -0
- data/lib/descope/api/v1/auth/oauth.rb +72 -0
- data/lib/descope/api/v1/auth/otp.rb +186 -0
- data/lib/descope/api/v1/auth/password.rb +100 -0
- data/lib/descope/api/v1/auth/saml.rb +48 -0
- data/lib/descope/api/v1/auth/totp.rb +72 -0
- data/lib/descope/api/v1/auth.rb +452 -0
- data/lib/descope/api/v1/management/access_key.rb +81 -0
- data/lib/descope/api/v1/management/audit.rb +82 -0
- data/lib/descope/api/v1/management/authz.rb +165 -0
- data/lib/descope/api/v1/management/common.rb +147 -0
- data/lib/descope/api/v1/management/flow.rb +55 -0
- data/lib/descope/api/v1/management/password.rb +58 -0
- data/lib/descope/api/v1/management/permission.rb +48 -0
- data/lib/descope/api/v1/management/project.rb +53 -0
- data/lib/descope/api/v1/management/role.rb +48 -0
- data/lib/descope/api/v1/management/scim.rb +206 -0
- data/lib/descope/api/v1/management/sso_settings.rb +153 -0
- data/lib/descope/api/v1/management/tenant.rb +71 -0
- data/lib/descope/api/v1/management/user.rb +619 -0
- data/lib/descope/api/v1/management.rb +38 -0
- data/lib/descope/api/v1/session.rb +84 -0
- data/lib/descope/api/v1.rb +13 -0
- data/lib/descope/client.rb +6 -0
- data/lib/descope/exception.rb +50 -0
- data/lib/descope/mixins/common.rb +129 -0
- data/lib/descope/mixins/headers.rb +15 -0
- data/lib/descope/mixins/http.rb +133 -0
- data/lib/descope/mixins/initializer.rb +80 -0
- data/lib/descope/mixins/logging.rb +30 -0
- data/lib/descope/mixins/validation.rb +79 -0
- data/lib/descope/mixins.rb +22 -0
- data/lib/descope/version.rb +7 -0
- data/lib/descope.rb +9 -0
- data/lib/descope_client.rb +5 -0
- data/release-please-config.json +18 -0
- data/renovate.json +6 -0
- data/spec/factories/user.rb +16 -0
- data/spec/lib.descope/api/v1/auth/enchantedlink_spec.rb +159 -0
- data/spec/lib.descope/api/v1/auth/magiclink_spec.rb +282 -0
- data/spec/lib.descope/api/v1/auth/oauth_spec.rb +117 -0
- data/spec/lib.descope/api/v1/auth/otp_spec.rb +285 -0
- data/spec/lib.descope/api/v1/auth/password_spec.rb +124 -0
- data/spec/lib.descope/api/v1/auth/saml_spec.rb +55 -0
- data/spec/lib.descope/api/v1/auth/totp_spec.rb +70 -0
- data/spec/lib.descope/api/v1/auth_spec.rb +372 -0
- data/spec/lib.descope/api/v1/management/access_key_spec.rb +118 -0
- data/spec/lib.descope/api/v1/management/audit_spec.rb +78 -0
- data/spec/lib.descope/api/v1/management/authz_spec.rb +336 -0
- data/spec/lib.descope/api/v1/management/flow_spec.rb +78 -0
- data/spec/lib.descope/api/v1/management/password_spec.rb +25 -0
- data/spec/lib.descope/api/v1/management/permission_spec.rb +81 -0
- data/spec/lib.descope/api/v1/management/project_spec.rb +63 -0
- data/spec/lib.descope/api/v1/management/role_spec.rb +85 -0
- data/spec/lib.descope/api/v1/management/scim_spec.rb +312 -0
- data/spec/lib.descope/api/v1/management/sso_settings_spec.rb +172 -0
- data/spec/lib.descope/api/v1/management/tenant_spec.rb +141 -0
- data/spec/lib.descope/api/v1/management/user_spec.rb +667 -0
- data/spec/lib.descope/api/v1/session_spec.rb +117 -0
- data/spec/lib.descope/client_spec.rb +40 -0
- data/spec/spec_helper.rb +72 -0
- data/spec/support/client_config.rb +14 -0
- data/spec/support/dummy_class.rb +36 -0
- data/spec/support/utils.rb +32 -0
- metadata +420 -0
@@ -0,0 +1,82 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Descope
|
4
|
+
module Api
|
5
|
+
module V1
|
6
|
+
module Management
|
7
|
+
# Management API calls
|
8
|
+
module Audit
|
9
|
+
include Descope::Api::V1::Management::Common
|
10
|
+
|
11
|
+
def audit_search(
|
12
|
+
user_ids: nil,
|
13
|
+
actions: nil,
|
14
|
+
exclude_actions: nil,
|
15
|
+
devices: nil,
|
16
|
+
methods: nil,
|
17
|
+
geos: nil,
|
18
|
+
remote_addresses: nil,
|
19
|
+
login_ids: nil,
|
20
|
+
tenants: nil,
|
21
|
+
no_tenants: false,
|
22
|
+
text: nil,
|
23
|
+
from_ts: nil,
|
24
|
+
to_ts: nil
|
25
|
+
)
|
26
|
+
# Search the audit trail up to last 30 days based on given parameters
|
27
|
+
# user_ids (Array): Optional list of user IDs to filter by
|
28
|
+
# actions (Array): Optional list of actions to filter by
|
29
|
+
# excluded_actions (Array): Optional list of actions to exclude
|
30
|
+
# devices (Array): Optional list of devices to filter by. Current devices supported are "Bot"/"Mobile"/"Desktop"/"Tablet"/"Unknown"
|
31
|
+
# methods (Array): Optional list of methods to filter by. Current auth methods are "otp"/"totp"/"magiclink"/"oauth"/"saml"/"password"
|
32
|
+
# geos (Array): Optional list of geos to filter by. Geo is currently country code like "US", "IL", etc.
|
33
|
+
# remote_addresses (Array): Optional list of remote addresses to filter by
|
34
|
+
# login_ids (Array): Optional list of login IDs to filter by
|
35
|
+
# tenants (Array): Optional list of tenants to filter by
|
36
|
+
# no_tenants (bool): Should audits without any tenants always be included
|
37
|
+
# text (str): Free text search across all fields
|
38
|
+
# from_ts (datetime): Retrieve records newer than given time but not older than 30 days
|
39
|
+
# to_ts (datetime): Retrieve records older than given time
|
40
|
+
request_params = {
|
41
|
+
noTenants: no_tenants
|
42
|
+
}
|
43
|
+
request_params[:userIds] = user_ids unless user_ids.nil?
|
44
|
+
request_params[:actions] = actions unless actions.nil?
|
45
|
+
request_params[:excludeActions] = exclude_actions unless exclude_actions.nil?
|
46
|
+
request_params[:devices] = devices unless devices.nil?
|
47
|
+
request_params[:methods] = methods unless methods.nil?
|
48
|
+
request_params[:geos] = geos unless geos.nil?
|
49
|
+
request_params[:remoteAddresses] = remote_addresses unless remote_addresses.nil?
|
50
|
+
request_params[:externalIds] = login_ids unless login_ids.nil?
|
51
|
+
request_params[:tenants] = tenants unless tenants.nil?
|
52
|
+
request_params[:text] = text unless text.nil?
|
53
|
+
request_params[:from] = from_ts.to_i * 1000 unless from_ts.nil?
|
54
|
+
request_params[:to] = to_ts.to_i * 1000 unless to_ts.nil?
|
55
|
+
res = post(AUDIT_SEARCH, request_params)
|
56
|
+
raise Descope::AuthException, "could not get audits: #{res}" if res['audits'].nil?
|
57
|
+
|
58
|
+
{ 'audits' => res['audits'].map { |audit| convert_audit_record(audit) } }
|
59
|
+
end
|
60
|
+
|
61
|
+
private
|
62
|
+
|
63
|
+
def convert_audit_record(audit)
|
64
|
+
{
|
65
|
+
'projectId' => audit['projectId'] || '',
|
66
|
+
'userId' => audit['userId'] || '',
|
67
|
+
'action' => audit['action'] || '',
|
68
|
+
'occurred' => audit['occurred'] || '',
|
69
|
+
'device' => audit['device'] || '',
|
70
|
+
'method' => audit['method'] || '',
|
71
|
+
'geo' => audit['geo'] || '',
|
72
|
+
'remoteAddress' => audit['remoteAddress'] || '',
|
73
|
+
'loginIds' => audit['externalIds'] || '',
|
74
|
+
'tenants' => audit['tenants'] || '',
|
75
|
+
'data' => audit['data'] || ''
|
76
|
+
}
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
@@ -0,0 +1,165 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Descope
|
4
|
+
module Api
|
5
|
+
module V1
|
6
|
+
module Management
|
7
|
+
# Management API calls
|
8
|
+
module Authz
|
9
|
+
include Descope::Api::V1::Management::Common
|
10
|
+
|
11
|
+
def authz_save_schema(schema: nil, upgrade: false)
|
12
|
+
# Create or update the ReBAC schema.
|
13
|
+
# In case of update, will update only given namespaces and will not delete namespaces unless upgrade flag is true.
|
14
|
+
# Args:
|
15
|
+
# schema (dict): the schema dict with format
|
16
|
+
# {
|
17
|
+
# "name": "name-of-schema",
|
18
|
+
# "namespaces": [
|
19
|
+
# {
|
20
|
+
# "name": "name-of-namespace",
|
21
|
+
# "relationDefinitions": [
|
22
|
+
# {
|
23
|
+
# "name": "name-of-relation-definition",
|
24
|
+
# "complexDefinition": {
|
25
|
+
# "nType": "one of child|union|intersect|sub",
|
26
|
+
# "children": "optional list of node children - same format as complexDefinition",
|
27
|
+
# "expression": {
|
28
|
+
# "neType": "one of self|targetSet|relationLeft|relationRight",
|
29
|
+
# "relationDefinition": "name of relation definition for relationLeft and relationRight",
|
30
|
+
# "relationDefinitionNamespace": "the namespace for the rd above",
|
31
|
+
# "targetRelationDefinition": "relation definition for targetSet and relationLeft/right",
|
32
|
+
# "targetRelationDefinitionNamespace": "the namespace for above"
|
33
|
+
# }
|
34
|
+
# }
|
35
|
+
# }
|
36
|
+
# ]
|
37
|
+
# }
|
38
|
+
# ]
|
39
|
+
# }
|
40
|
+
# Schema name can be used for projects to track versioning.
|
41
|
+
# @see https://docs.descope.com/api/openapi/authz/operation/SaveSchema/
|
42
|
+
request_params = { schema:, upgrade: }
|
43
|
+
post(AUTHZ_SCHEMA_SAVE, request_params)
|
44
|
+
end
|
45
|
+
|
46
|
+
def authz_delete_schema
|
47
|
+
# Delete the schema for the project which will also delete all relations.
|
48
|
+
post(AUTHZ_SCHEMA_DELETE)
|
49
|
+
end
|
50
|
+
|
51
|
+
def authz_load_schema
|
52
|
+
# Load the schema for the project.
|
53
|
+
post(AUTHZ_SCHEMA_LOAD)
|
54
|
+
end
|
55
|
+
|
56
|
+
def authz_save_namespace(namespace: nil, old_name: nil, schema_name: nil)
|
57
|
+
# Create or update the given namespace
|
58
|
+
# Will not delete relation definitions not mentioned in the namespace.
|
59
|
+
request_params = { namespace: namespace }
|
60
|
+
request_params[:oldName] = old_name unless old_name.nil?
|
61
|
+
request_params[:schemaName] = schema_name unless schema_name.nil?
|
62
|
+
post(AUTHZ_NS_SAVE, request_params)
|
63
|
+
end
|
64
|
+
|
65
|
+
def authz_delete_namespace(name: nil, schema_name: nil)
|
66
|
+
# Delete the given namespace
|
67
|
+
request_params = { name: name }
|
68
|
+
request_params[:schemaName] = schema_name unless schema_name.nil?
|
69
|
+
post(AUTHZ_NS_DELETE, request_params)
|
70
|
+
end
|
71
|
+
|
72
|
+
def authz_save_relation_definition(relation_definition: nil, namespace: nil, old_name: nil, schema_name: nil)
|
73
|
+
# Create or update the given relation definition
|
74
|
+
# Will not delete relation definitions not mentioned in the namespace.
|
75
|
+
request_params = {
|
76
|
+
relationDefinition: relation_definition,
|
77
|
+
namespace:
|
78
|
+
}
|
79
|
+
request_params[:old_name] = old_name unless old_name.nil?
|
80
|
+
request_params[:schemaName] = schema_name unless schema_name.nil?
|
81
|
+
post(AUTHZ_RD_SAVE, request_params)
|
82
|
+
end
|
83
|
+
|
84
|
+
def authz_delete_relation_definition(name: nil, namespace: nil, schema_name: nil)
|
85
|
+
# Delete the given relation definition
|
86
|
+
request_params = { name: , namespace: }
|
87
|
+
request_params[:schemaName] = schema_name unless schema_name.nil?
|
88
|
+
post(AUTHZ_RD_DELETE, request_params)
|
89
|
+
end
|
90
|
+
|
91
|
+
def authz_create_relations(relations = nil)
|
92
|
+
# Create the given relations based on the existing schema
|
93
|
+
# relations (Array[]): the relations to create. Each in the following format:
|
94
|
+
# {
|
95
|
+
# "resource": "id of the resource that has the relation",
|
96
|
+
# "relationDefinition": "the relation definition for the relation",
|
97
|
+
# "namespace": "namespace for the relation definition",
|
98
|
+
# "target": "the target that has the relation - usually users or other resources",
|
99
|
+
# "targetSetResource": "if the target is a group that has another relation",
|
100
|
+
# "targetSetRelationDefinition": "the relation definition for the targetSet group",
|
101
|
+
# "targetSetRelationDefinitionNamespace": "the namespace for the relation definition for the targetSet group",
|
102
|
+
# "query": {
|
103
|
+
# "tenants": ["t1", "t2"],
|
104
|
+
# "roles": ["r1", "r2"],
|
105
|
+
# "text": "full-text-search",
|
106
|
+
# "statuses": ["enabled|disabled|invited"],
|
107
|
+
# "ssoOnly": True|False,
|
108
|
+
# "withTestUser": True|False,
|
109
|
+
# "customAttributes": {
|
110
|
+
# "key": "value",
|
111
|
+
# ...
|
112
|
+
# }
|
113
|
+
# }
|
114
|
+
# }
|
115
|
+
# Each relation should have exactly one of: target, targetSet, query
|
116
|
+
# Regarding query above, it should be specified if the target is a set of users that matches the query - all fields are optional
|
117
|
+
post(AUTHZ_RE_CREATE, { relations: })
|
118
|
+
end
|
119
|
+
|
120
|
+
def authz_delete_relations(relations = nil)
|
121
|
+
# Delete the given relations based on the existing schema
|
122
|
+
post(AUTHZ_RE_DELETE, { relations: })
|
123
|
+
end
|
124
|
+
|
125
|
+
def authz_delete_relations_for_resources(resources = nil)
|
126
|
+
# Delete all relations for the given resources
|
127
|
+
post(AUTHZ_RE_DELETE_RESOURCES, { resources: })
|
128
|
+
end
|
129
|
+
|
130
|
+
def authz_has_relations?(relation_queries = nil)
|
131
|
+
# Queries the given relations to see if they exist returning true if they do
|
132
|
+
post(AUTHZ_RE_HAS_RELATIONS, { relationQueries: relation_queries })
|
133
|
+
end
|
134
|
+
|
135
|
+
def authz_who_can_access?(resource: nil, relation_definition: nil, namespace: nil)
|
136
|
+
# Finds the list of targets (usually users) who can access the given resource with the given RD
|
137
|
+
request_params = {
|
138
|
+
resource:,
|
139
|
+
relationDefinition: relation_definition,
|
140
|
+
namespace:
|
141
|
+
}
|
142
|
+
post(AUTHZ_RE_WHO, request_params)
|
143
|
+
end
|
144
|
+
|
145
|
+
def authz_resource_relations(resources: nil)
|
146
|
+
post(AUTHZ_RE_RESOURCE, { resources: })
|
147
|
+
end
|
148
|
+
|
149
|
+
def authz_target_relations(targets: nil)
|
150
|
+
# Returns the list of all defined relations (not recursive) for the given targets.
|
151
|
+
post(AUTHZ_RE_TARGETS, { targets: })
|
152
|
+
end
|
153
|
+
|
154
|
+
def authz_what_can_target_access?(target: nil)
|
155
|
+
# Returns the list of all relations for the given target including derived relations from the schema tree.
|
156
|
+
res = post(AUTHZ_RE_TARGET_ALL, { target: })
|
157
|
+
raise Descope::AuthException, "could not get relation for target: #{res}" if res['relations'].nil?
|
158
|
+
|
159
|
+
res['relations']
|
160
|
+
end
|
161
|
+
end
|
162
|
+
end
|
163
|
+
end
|
164
|
+
end
|
165
|
+
end
|
@@ -0,0 +1,147 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Descope
|
4
|
+
module Api
|
5
|
+
module V1
|
6
|
+
module Management
|
7
|
+
# Common Management constants
|
8
|
+
module Common
|
9
|
+
# tenant
|
10
|
+
TENANT_CREATE_PATH = '/v1/mgmt/tenant/create'
|
11
|
+
TENANT_UPDATE_PATH = '/v1/mgmt/tenant/update'
|
12
|
+
TENANT_DELETE_PATH = '/v1/mgmt/tenant/delete'
|
13
|
+
TENANT_LOAD_PATH = '/v1/mgmt/tenant'
|
14
|
+
TENANT_LOAD_ALL_PATH = '/v1/mgmt/tenant/all'
|
15
|
+
TENANT_SEARCH_ALL_PATH = '/v1/mgmt/tenant/search'
|
16
|
+
PASSWORD_SETTINGS_PATH = '/v1/mgmt/password/settings'
|
17
|
+
|
18
|
+
# userUSER_CREATE_PATH
|
19
|
+
USER_CREATE_PATH = '/v1/mgmt/user/create'
|
20
|
+
USER_CREATE_BATCH_PATH = '/v1/mgmt/user/create/batch'
|
21
|
+
USER_UPDATE_PATH = '/v1/mgmt/user/update'
|
22
|
+
USER_DELETE_PATH = '/v1/mgmt/user/delete'
|
23
|
+
USER_LOGOUT_PATH = '/v1/mgmt/user/logout'
|
24
|
+
USER_DELETE_ALL_TEST_USERS_PATH = '/v1/mgmt/user/test/delete/all'
|
25
|
+
USER_LOAD_PATH = '/v1/mgmt/user'
|
26
|
+
USERS_SEARCH_PATH = '/v1/mgmt/user/search'
|
27
|
+
USER_GET_PROVIDER_TOKEN = '/v1/mgmt/user/provider/token'
|
28
|
+
USER_UPDATE_STATUS_PATH = '/v1/mgmt/user/update/status'
|
29
|
+
USER_UPDATE_LOGIN_ID_PATH = '/v1/mgmt/user/update/loginid'
|
30
|
+
USER_UPDATE_EMAIL_PATH = '/v1/mgmt/user/update/email'
|
31
|
+
USER_UPDATE_PHONE_PATH = '/v1/mgmt/user/update/phone'
|
32
|
+
USER_UPDATE_NAME_PATH = '/v1/mgmt/user/update/name'
|
33
|
+
USER_UPDATE_PICTURE_PATH = '/v1/mgmt/user/update/picture'
|
34
|
+
USER_UPDATE_CUSTOM_ATTRIBUTE_PATH = '/v1/mgmt/user/update/customAttribute'
|
35
|
+
USER_ADD_ROLE_PATH = '/v1/mgmt/user/update/role/add'
|
36
|
+
USER_REMOVE_ROLE_PATH = '/v1/mgmt/user/update/role/remove'
|
37
|
+
USER_SET_PASSWORD_PATH = '/v1/mgmt/user/password/set'
|
38
|
+
USER_EXPIRE_PASSWORD_PATH = '/v1/mgmt/user/password/expire'
|
39
|
+
USER_ADD_TENANT_PATH = '/v1/mgmt/user/update/tenant/add'
|
40
|
+
USER_REMOVE_TENANT_PATH = '/v1/mgmt/user/update/tenant/remove'
|
41
|
+
USER_GENERATE_OTP_FOR_TEST_PATH = '/v1/mgmt/tests/generate/otp'
|
42
|
+
USER_GENERATE_MAGIC_LINK_FOR_TEST_PATH = '/v1/mgmt/tests/generate/magiclink'
|
43
|
+
USER_GENERATE_ENCHANTED_LINK_FOR_TEST_PATH = '/v1/mgmt/tests/generate/enchantedlink'
|
44
|
+
USER_GENERATE_EMBEDDED_LINK_PATH = '/v1/mgmt/user/signin/embeddedlink'
|
45
|
+
|
46
|
+
# access key
|
47
|
+
ACCESS_KEY_CREATE_PATH = '/v1/mgmt/accesskey/create'
|
48
|
+
ACCESS_KEY_LOAD_PATH = '/v1/mgmt/accesskey'
|
49
|
+
ACCESS_KEYS_SEARCH_PATH = '/v1/mgmt/accesskey/search'
|
50
|
+
ACCESS_KEY_UPDATE_PATH = '/v1/mgmt/accesskey/update'
|
51
|
+
ACCESS_KEY_DEACTIVATE_PATH = '/v1/mgmt/accesskey/deactivate'
|
52
|
+
ACCESS_KEY_ACTIVATE_PATH = '/v1/mgmt/accesskey/activate'
|
53
|
+
ACCESS_KEY_DELETE_PATH = '/v1/mgmt/accesskey/delete'
|
54
|
+
|
55
|
+
# sso
|
56
|
+
SSO_SETTINGS_PATH = '/v2/mgmt/sso/settings'
|
57
|
+
SSO_OIDC_PATH = '/v1/mgmt/sso/oidc' # configure ssp settings via oidc
|
58
|
+
SSO_OIDC_CREATE_APP_PATH = '/v1/mgmt/sso/idp/app/oidc/create'
|
59
|
+
SSO_OIDC_UPDATE_APP_PATH = '/v1/mgmt/sso/idp/app/oidc/create'
|
60
|
+
SSO_SAML_PATH = '/v1/mgmt/sso/saml' # configure ssp settings via saml
|
61
|
+
SSO_SAML_METADATA_PATH = '/v1/mgmt/sso/saml/metadata' # configure ssp settings via saml metadata
|
62
|
+
|
63
|
+
# SCIM
|
64
|
+
SCIM_GROUPS_PATH = '/scim/v2/Groups'
|
65
|
+
SCIM_RESOURCE_TYPES_PATH = '/scim/v2/ResourceTypes'
|
66
|
+
SCIM_SERVICE_PROVIDER_CONFIG_PATH = '/scim/v2/ServiceProviderConfig'
|
67
|
+
SCIM_USERS_PATH = '/scim/v2/Users'
|
68
|
+
|
69
|
+
# jwt
|
70
|
+
UPDATE_JWT_PATH = '/v1/mgmt/jwt/update'
|
71
|
+
|
72
|
+
# permission
|
73
|
+
PERMISSION_CREATE_PATH = '/v1/mgmt/permission/create'
|
74
|
+
PERMISSION_UPDATE_PATH = '/v1/mgmt/permission/update'
|
75
|
+
PERMISSION_DELETE_PATH = '/v1/mgmt/permission/delete'
|
76
|
+
PERMISSION_LOAD_ALL_PATH = '/v1/mgmt/permission/all'
|
77
|
+
|
78
|
+
# role
|
79
|
+
ROLE_CREATE_PATH = '/v1/mgmt/role/create'
|
80
|
+
ROLE_UPDATE_PATH = '/v1/mgmt/role/update'
|
81
|
+
ROLE_DELETE_PATH = '/v1/mgmt/role/delete'
|
82
|
+
ROLE_LOAD_ALL_PATH = '/v1/mgmt/role/all'
|
83
|
+
|
84
|
+
# flow
|
85
|
+
FLOW_LIST_PATH = '/v1/mgmt/flow/list'
|
86
|
+
FLOW_IMPORT_PATH = '/v1/mgmt/flow/import'
|
87
|
+
FLOW_EXPORT_PATH = '/v1/mgmt/flow/export'
|
88
|
+
|
89
|
+
# theme
|
90
|
+
THEME_IMPORT_PATH = '/v1/mgmt/theme/import'
|
91
|
+
THEME_EXPORT_PATH = '/v1/mgmt/theme/export'
|
92
|
+
|
93
|
+
# group
|
94
|
+
GROUP_LOAD_ALL_PATH = '/v1/mgmt/group/all'
|
95
|
+
GROUP_LOAD_ALL_FOR_MEMBER_PATH = '/v1/mgmt/group/member/all'
|
96
|
+
GROUP_LOAD_ALL_GROUP_MEMBERS_PATH = '/v1/mgmt/group/members'
|
97
|
+
|
98
|
+
# Audit
|
99
|
+
AUDIT_SEARCH = '/v1/mgmt/audit/search'
|
100
|
+
|
101
|
+
# Authz ReBAC
|
102
|
+
AUTHZ_SCHEMA_SAVE = '/v1/mgmt/authz/schema/save'
|
103
|
+
AUTHZ_SCHEMA_DELETE = '/v1/mgmt/authz/schema/delete'
|
104
|
+
AUTHZ_SCHEMA_LOAD = '/v1/mgmt/authz/schema/load'
|
105
|
+
AUTHZ_NS_SAVE = '/v1/mgmt/authz/ns/save'
|
106
|
+
AUTHZ_NS_DELETE = '/v1/mgmt/authz/ns/delete'
|
107
|
+
AUTHZ_RD_SAVE = '/v1/mgmt/authz/rd/save'
|
108
|
+
AUTHZ_RD_DELETE = '/v1/mgmt/authz/rd/delete'
|
109
|
+
AUTHZ_RE_CREATE = '/v1/mgmt/authz/re/create'
|
110
|
+
AUTHZ_RE_DELETE = '/v1/mgmt/authz/re/delete'
|
111
|
+
AUTHZ_RE_DELETE_RESOURCES = '/v1/mgmt/authz/re/deleteresources'
|
112
|
+
AUTHZ_RE_HAS_RELATIONS = '/v1/mgmt/authz/re/has'
|
113
|
+
AUTHZ_RE_WHO = '/v1/mgmt/authz/re/who'
|
114
|
+
AUTHZ_RE_RESOURCE = '/v1/mgmt/authz/re/resource'
|
115
|
+
AUTHZ_RE_TARGETS = '/v1/mgmt/authz/re/targets'
|
116
|
+
AUTHZ_RE_TARGET_ALL = '/v1/mgmt/authz/re/targetall'
|
117
|
+
|
118
|
+
# Project
|
119
|
+
PROJECT_UPDATE_NAME = '/v1/mgmt/project/update/name'
|
120
|
+
PROJECT_CLONE = '/v1/mgmt/project/clone'
|
121
|
+
PROJECT_EXPORT_PATH = '/v1/mgmt/project/export'
|
122
|
+
PROJECT_IMPORT_PATH = '/v1/mgmt/project/import'
|
123
|
+
PROJECT_DELETE_PATH = '/v1/mgmt/project/delete'
|
124
|
+
|
125
|
+
def associated_tenants_to_hash_array(associated_tenants = [])
|
126
|
+
# Represents a tenant association for a User or Access Key. The tenant_id is required to denote
|
127
|
+
# which tenant the user or access key belongs to. The role_names array is an optional list of
|
128
|
+
# roles for the user or access key in this specific tenant.
|
129
|
+
# @param [Array] associated_tenants - list of associated tenants in the format of
|
130
|
+
# [{tenant_id: 'tenant_id', role_names: ['role_name1', 'role_name2']}]
|
131
|
+
associated_tenants = associated_tenants.nil? ? [] : associated_tenants
|
132
|
+
associated_tenant_list = []
|
133
|
+
associated_tenants.each do |tenant|
|
134
|
+
associated_tenant_list.append(
|
135
|
+
{
|
136
|
+
"tenantId": tenant[:tenant_id],
|
137
|
+
"roleNames": tenant[:role_names]
|
138
|
+
}
|
139
|
+
)
|
140
|
+
end
|
141
|
+
associated_tenant_list
|
142
|
+
end
|
143
|
+
end
|
144
|
+
end
|
145
|
+
end
|
146
|
+
end
|
147
|
+
end
|
@@ -0,0 +1,55 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Descope
|
4
|
+
module Api
|
5
|
+
module V1
|
6
|
+
module Management
|
7
|
+
# Management API calls
|
8
|
+
module Flow
|
9
|
+
include Descope::Api::V1::Management::Common
|
10
|
+
|
11
|
+
# List all project flows
|
12
|
+
# @see https://docs.descope.com/api/openapi/flowmanagement/operation/ListFlows/
|
13
|
+
# To list all flows, send an empty body such as: { } or { "ids": [] }.
|
14
|
+
#
|
15
|
+
# To search for a flow or several flows, send a body with the flowIds you want to search such as { "ids": ["sign-in"] } or { "ids": ["sign-in", "sign-up"] }.
|
16
|
+
def list_or_search_flows(ids = [])
|
17
|
+
request_params = { ids: }
|
18
|
+
post(FLOW_LIST_PATH, request_params)
|
19
|
+
end
|
20
|
+
|
21
|
+
# Export the given flow id flow and screens.
|
22
|
+
# @see https://docs.descope.com/api/openapi/flowmanagement/operation/ExportFlow/
|
23
|
+
def export_flow(flow_id = nil)
|
24
|
+
request_params = { flowId: flow_id }
|
25
|
+
post(FLOW_EXPORT_PATH, request_params)
|
26
|
+
end
|
27
|
+
|
28
|
+
# Import the given flow and screens.
|
29
|
+
# @see https://docs.descope.com/api/openapi/flowmanagement/operation/ImportFlow/
|
30
|
+
def import_flow(flow_id: nil, flow: nil, screens: nil)
|
31
|
+
request_params = {
|
32
|
+
flowId: flow_id,
|
33
|
+
flow:,
|
34
|
+
screens:
|
35
|
+
}
|
36
|
+
post(FLOW_IMPORT_PATH, request_params)
|
37
|
+
end
|
38
|
+
|
39
|
+
# Export the current project theme.
|
40
|
+
# @see https://docs.descope.com/api/openapi/flowmanagement/operation/ExportTheme/
|
41
|
+
def export_theme
|
42
|
+
post(THEME_EXPORT_PATH)
|
43
|
+
end
|
44
|
+
|
45
|
+
# Import the current project theme.
|
46
|
+
# @see https://docs.descope.com/api/openapi/flowmanagement/operation/ImportTheme/
|
47
|
+
def import_theme(theme)
|
48
|
+
request_params = { theme: }
|
49
|
+
post(THEME_IMPORT_PATH, request_params)
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
@@ -0,0 +1,58 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Descope
|
4
|
+
module Api
|
5
|
+
module V1
|
6
|
+
module Management
|
7
|
+
# Management API calls
|
8
|
+
module Password
|
9
|
+
include Descope::Api::V1::Management::Common
|
10
|
+
|
11
|
+
def get_password_settings(tenant_id)
|
12
|
+
# Get password settings for the provided tenant id.
|
13
|
+
get(PASSWORD_SETTINGS_PATH, { tenantId: tenant_id })
|
14
|
+
end
|
15
|
+
|
16
|
+
def update_password_settings(settings)
|
17
|
+
unless settings.is_a?(Hash)
|
18
|
+
raise Descope::ArgumentException.new('Password settings must be a Hash', code: 400)
|
19
|
+
end
|
20
|
+
|
21
|
+
# Update password settings for the provided tenant id.
|
22
|
+
body = compose_settings_body(settings)
|
23
|
+
post(PASSWORD_SETTINGS_PATH, body)
|
24
|
+
end
|
25
|
+
|
26
|
+
private
|
27
|
+
|
28
|
+
# rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
|
29
|
+
def compose_settings_body(settings)
|
30
|
+
body = {}
|
31
|
+
body['minLength'] = settings[:min_length] if settings.key?(:min_length)
|
32
|
+
body['lowercase'] = settings[:lowercase] if settings.key?(:lowercase)
|
33
|
+
body['uppercase'] = settings[:uppercase] if settings.key?(:uppercase)
|
34
|
+
body['number'] = settings[:number] if settings.key?(:number)
|
35
|
+
body['nonAlphanumeric'] = settings[:non_alphanumeric] if settings.key?(:non_alphanumeric)
|
36
|
+
body['expiration'] = settings[:expiration] if settings.key?(:expiration)
|
37
|
+
body['expirationWeeks'] = settings[:expiration_weeks] if settings.key?(:expiration_weeks)
|
38
|
+
body['reuse'] = settings[:reuse] if settings.key?(:reuse)
|
39
|
+
body['reuseAmount'] = settings[:reuse_amount] if settings.key?(:reuse_amount)
|
40
|
+
body['lock'] = settings[:lock] if settings.key?(:lock)
|
41
|
+
body['lockAttempts'] = settings[:lock_attempts] if settings.key?(:lock_attempts)
|
42
|
+
body['emailServiceProvider'] = settings[:email_service_provider] if settings.key?(:email_service_provider)
|
43
|
+
body['emailSubject'] = settings[:email_subject] if settings.key?(:email_subject)
|
44
|
+
body['emailBody'] = settings[:email_body] if settings.key?(:email_body)
|
45
|
+
body['resetAuthMethod'] = settings[:reset_auth_method] if settings.key?(:reset_auth_method)
|
46
|
+
body['emailBodyPlainText'] = settings[:email_body_plain_text] if settings.key?(:email_body_plain_text)
|
47
|
+
if settings.key?(:use_email_body_plain_text)
|
48
|
+
body['useEmailBodyPlainText'] = settings[:use_email_body_plain_text]
|
49
|
+
end
|
50
|
+
body['tenantId'] = settings[:tenant_id] if settings.key?(:tenant_id)
|
51
|
+
body['enabled'] = settings[:enabled] if settings.key?(:enabled)
|
52
|
+
body
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
@@ -0,0 +1,48 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Descope
|
4
|
+
module Api
|
5
|
+
module V1
|
6
|
+
module Management
|
7
|
+
# Management API calls
|
8
|
+
module Permission
|
9
|
+
include Descope::Mixins::Validation
|
10
|
+
include Descope::Api::V1::Management::Common
|
11
|
+
|
12
|
+
|
13
|
+
def create_permission(name:, description: nil)
|
14
|
+
# Create a new permission.
|
15
|
+
# @see https://docs.descope.com/api/openapi/permissionmanagement/operation/CreatePermission/
|
16
|
+
request_params = {
|
17
|
+
name:,
|
18
|
+
description:
|
19
|
+
}
|
20
|
+
post(PERMISSION_CREATE_PATH, request_params)
|
21
|
+
end
|
22
|
+
|
23
|
+
def update_permission(name: nil, new_name: nil, description: nil)
|
24
|
+
# Update an existing permission with the given various fields. IMPORTANT: All parameters are used as overrides
|
25
|
+
# to the existing permission. Empty fields will override populated fields. Use carefully.
|
26
|
+
# @see https://docs.descope.com/api/openapi/permissionmanagement/operation/UpdatePermission/
|
27
|
+
request_params = {
|
28
|
+
name:,
|
29
|
+
newName: new_name,
|
30
|
+
description:
|
31
|
+
}
|
32
|
+
post(PERMISSION_UPDATE_PATH, request_params)
|
33
|
+
end
|
34
|
+
|
35
|
+
def delete_permission(name = nil)
|
36
|
+
# Delete an existing permission. IMPORTANT: This action is irreversible. Use carefully.
|
37
|
+
post(PERMISSION_DELETE_PATH, { name: })
|
38
|
+
end
|
39
|
+
|
40
|
+
def load_all_permissions
|
41
|
+
# Load all permissions.
|
42
|
+
get(PERMISSION_LOAD_ALL_PATH)
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
@@ -0,0 +1,53 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Descope
|
4
|
+
module Api
|
5
|
+
module V1
|
6
|
+
module Management
|
7
|
+
# Management API calls
|
8
|
+
module Project
|
9
|
+
include Descope::Api::V1::Management::Common
|
10
|
+
|
11
|
+
def rename_project(name)
|
12
|
+
# Rename a project.
|
13
|
+
post(PROJECT_UPDATE_NAME, { name: })
|
14
|
+
end
|
15
|
+
|
16
|
+
def export_project
|
17
|
+
# Exports all settings and configurations for a project and returns the
|
18
|
+
# raw JSON files response as an object.
|
19
|
+
# - This action is supported only with a pro license or above.
|
20
|
+
# - Users, tenants and access keys are not cloned.
|
21
|
+
# - Secrets, keys and tokens are not stripped from the exported data.
|
22
|
+
# @returns a HASH containing the exported JSON files payload.
|
23
|
+
post(PROJECT_EXPORT_PATH)
|
24
|
+
end
|
25
|
+
|
26
|
+
def import_project(files: nil, excludes: nil)
|
27
|
+
# Import a project.
|
28
|
+
# The argument of files should be the output of the export project endpoint
|
29
|
+
body = { files: }
|
30
|
+
body[:excludes] = excludes unless excludes.nil?
|
31
|
+
post(PROJECT_IMPORT_PATH, body)
|
32
|
+
end
|
33
|
+
|
34
|
+
def delete_project
|
35
|
+
# Delete the current project. IMPORTANT: This action is irreversible. Use carefully.
|
36
|
+
post(PROJECT_DELETE_PATH)
|
37
|
+
end
|
38
|
+
|
39
|
+
def clone_project(name: nil, tag: nil)
|
40
|
+
# Clone the current project, including its settings and configurations.
|
41
|
+
# - This action is supported only with a pro license or above.
|
42
|
+
# - Users, tenants and access keys are not cloned.
|
43
|
+
request_params = {
|
44
|
+
name:,
|
45
|
+
tag:
|
46
|
+
}
|
47
|
+
post(PROJECT_CLONE, request_params)
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
@@ -0,0 +1,48 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Descope
|
4
|
+
module Api
|
5
|
+
module V1
|
6
|
+
module Management
|
7
|
+
# Management API calls
|
8
|
+
module Role
|
9
|
+
include Descope::Api::V1::Management::Common
|
10
|
+
|
11
|
+
def create_role(name: nil, description: nil, permission_names: nil)
|
12
|
+
# Create a new role.
|
13
|
+
permission_names ||= []
|
14
|
+
request_params = {
|
15
|
+
name:,
|
16
|
+
description:,
|
17
|
+
permissionNames: permission_names
|
18
|
+
}
|
19
|
+
post(ROLE_CREATE_PATH, request_params)
|
20
|
+
end
|
21
|
+
|
22
|
+
def update_role(name: nil, new_name: nil, description: nil, permission_names: nil)
|
23
|
+
# Update an existing role with the given various fields. IMPORTANT: All parameters are used as overrides
|
24
|
+
# to the existing role. Empty fields will override populated fields. Use carefully.
|
25
|
+
permission_names ||= []
|
26
|
+
request_params = {
|
27
|
+
name:,
|
28
|
+
newName: new_name,
|
29
|
+
description:,
|
30
|
+
permissionNames: permission_names
|
31
|
+
}
|
32
|
+
post(ROLE_UPDATE_PATH, request_params)
|
33
|
+
end
|
34
|
+
|
35
|
+
def delete_role(name)
|
36
|
+
# Delete an existing role. IMPORTANT: This action is irreversible. Use carefully.
|
37
|
+
post(ROLE_DELETE_PATH, { name: })
|
38
|
+
end
|
39
|
+
|
40
|
+
def load_all_roles
|
41
|
+
# Load all roles.
|
42
|
+
get(ROLE_LOAD_ALL_PATH)
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|