emass_client 3.10.1 → 3.22.0

data/lib/emass_client/api/poam_api.rb

@@ -1,12 +1,12 @@
 =begin
 #Enterprise Mission Assurance Support Service (eMASS)
 
-#The Enterprise Mission Assurance Support Service (eMASS) Representational State Transfer (REST) Application Programming Interface (API) enables users to perform assessments and complete actions associated with system records.   <strong>Register External Application (that use the eMASS API)</strong></br> New users will need to [register](https://nisp.emass.apps.mil/Content/Help/jobaids/eMASS_OT_NewUser_Job_Aid.pdf) an API key with the eMASS development team prior to accessing the site for the first time. The eMASS REST API  requires a client certificate (SSL/TLS, DoD PKI only). Use the `Registration` endpoint to register the client certificate.</br></br>  Every call to the eMASS REST API will require the use of the agreed upon public key certificate and API key.  The API key must be provided in the request header for all endpoint calls (api-key). If the service receives an untrusted certificate or API key, a 401 error response code will be returned along with an error message.  </br></br>  <strong>Available Request Headers</strong></br> <table>   <tr>     <th align=left>key</th>     <th align=left>Example Value</th>     <th align=left>Description</th>   </tr>   <tr>     <td>`api-key`</td>     <td>api-key-provided-by-emass</td>     <td>This API key must be provided in the request header for all endpoint calls</td>   </tr>   <tr>     <td>`user-uid`</td>     <td>USER.UID.KEY</td>     <td>This User unique identifier key must be provided in the request header for all PUT, POST, and DELETE endpoint calls</td>   </tr>   <tr>     <td></td><td></td>     <td>       Note: For DoD users this is the DoD ID Number (EIDIPI) on their DoD CAC     </td>   </tr> </table>  </br><strong>Approve API Client for Actionable Requests</strong></br> Users are required to log-in to eMASS and grant permissions for a client to update data within eMASS on their behalf. This is only required for actionable requests (PUT, POST, DELETE). The Registration Endpoint and all GET requests can be accessed without completing this process with the correct permissions. Please note that leaving a field parameter blank (for PUT/POST requests) has the potential to clear information in the active eMASS records.  To establish an account with eMASS and/or acquire an api-key/user-uid, contact one of the listed POC: 
+#The eMASS Representational State Transfer (REST) Application Programming Interface (API) enables users to perform assessments and complete actions associated with system records.  The eMASS API provides an interface for application to communicate eMASS Services. For information on how to register and use the eMASS API reference the [eMASS API Getting Started](eMASSGettingStarted.md).  Additional information about eMASS can be obtain by contacting the National Industrial Security Program (NISP). Points of Contact are: 
 
-The version of the OpenAPI document: v3.10
-Contact: disa.meade.id.mbx.emass-tier-iii-support@mail.mil
+The version of the OpenAPI document: v3.22
+Contact: disa.global.servicedesk.mbx.ma-ticket-request@mail.mil
 Generated by: https://openapi-generator.tech
-OpenAPI Generator version: 7.0.0-SNAPSHOT
+Generator version: 7.12.0-SNAPSHOT
 
 =end
 
@@ -20,23 +20,23 @@ module EmassClient
       @api_client = api_client
     end
     # Add one or many POA&M items in a system
-    # Add a POA&M for given `systemId`<br>  **Request Body Required Fields** - `status` - `vulnerabilityDescription` - `sourceIdentVuln` - `pocOrganization` - `resources`  **Note**<br /> If a POC email is supplied, the application will attempt to locate a user already registered within the application and pre-populate any information not explicitly supplied in the request. If no such user is found, these fields are **required** within the request.<br> `pocFirstName`, `pocLastName`, `pocPhoneNumber`<br />
+    # Add a POA&M for given `systemId`  **Request Body Required Fields** <table>   <thead>     <tr><th><b>Field</b></th><th><b>Require/Condition</b></th></tr>   </thead>   <tbody>     <tr><td><code>status</code></td><td>Always (every POST)</td></tr>     <tr><td><code>vulnerabilityDescription</code></td><td>Always (every POST)</td></tr>     <tr><td><code>sourceIdentifyingVulnerability</code></td><td>Always (every POST)</td></tr>     <tr><td><code>pocOrganization</code></td><td>Always (every POST)</td></tr>     <tr><td><code>resources</code></td><td>Always (every POST)</td></tr>     <tr><td><code>identifiedInCFOAuditOrOtherReview</code></td><td>Required for VA. Optional for Army and USCG.</td></tr>     <tr><td><code>scheduledCompletionDate</code></td><td>Required for ongoing and completed POA&M items</td></tr>     <tr><td><code>pocFirstName</code></td><td>Only if Last Name, Email, or Phone Number have data</td></tr>     <tr><td><code>pocLastName</code></td><td>Only if First Name, Email, or Phone Number have data</td></tr>     <tr><td><code>pocEmail</code></td><td>Only if First Name, Last Name, or Phone Number have data</td></tr>     <tr><td><code>pocPhoneNumber</code></td><td>Only if First Name, Last Name, or Email have data</td></tr>     <tr><td><code>completionDate</code></td><td>For completed POA&M Item only</td></tr>     <tr><td><code>comments</code></td><td>For completed or Risk Accepted POA&M Items only</td></tr>   </tbody> </table>  **NOTE**: Certain eMASS instances also require the Risk Analysis fields to be populated:   - `severity`   - `relevanceOfThreat`   - `likelihood`   - `impact`   - `residualRiskLevel`   - `mitigations`  </br> **Business Rules**  The following rules apply to the Review Status `status` field value: <table>   <thead><tr><th><b>Value</b></th><th><b>Rule</b></th></tr></thead>   <tbody>     <tr><td><b>Not Approved</b></td><td>POA&M cannot be saved if Milestone Scheduled Completion Date exceeds POA&M Item Scheduled Completion Date</td></tr>     <tr><td><b>Approved</b></td><td>POA&M can only be saved if Milestone Scheduled Completion Date exceeds POA&M Item Scheduled Completion Date</td></tr>     <tr><td></td><td>Are required to have a Severity Value assigned</td></tr>     <tr><td><b>Completed</b> or <b>Ongoing</b></td><td>Cannot be saved without Milestones</td></tr>     <tr><td><b>Risk Accepted</b></td><td>POA&M Item cannot be saved with a Scheduled Completion Date <code>scheduledCompletionDate</code> or have Milestones</td></tr>     <tr><td><b>Approved</b> or <b>Completed</b> or <b>Ongoing</b></td><td>Cannot update Scheduled Completion Date</td></tr>  </tbody> </table>  **Additional Rules** - POA&M Item cannot be saved if associated Security Control or AP is inherited. - Completed POA&M Item cannot be saved if Completion Date (`completionDate`) is in the future. - POA&M Items cannot be updated if they are included in an active package. - Archived POA&M Items cannot be updated. - POA&M Items with a status of \"Not Applicable\" will be updated through test result creation. - If the Security Control or Assessment Procedure does not exist in the system, the POA&M Item maybe imported at the System Level.   **Fields Characters Limitation** - POA&M Item cannot be saved if the Point of Contact (POC) fields exceed 100 characters:   - `pocOrganization` `pocFirstName`, `pocLastName`, `pocEmail`, `pocPhoneNumber` - POA&M Item cannot be saved if Resources (`resource`) field exceeds 250 characters - POA&M Item cannot be saved if the following fields exceeds 2,000 characters:   - `mitigations`, `sourceIdentifyingVulnerability`, `comments`   - Milestones Field: `description` - POA&M Items cannot be saved if Milestone Description (`description`) exceeds 2,000 characters.
     # @param system_id [Integer] **System Id**: The unique system record identifier.
-    # @param request_body [Array<Object>] Add POA&amp;M(s) to a system (systemID)
+    # @param poam_required_fields [Array<PoamRequiredFields>] Example request body to add POA&amp;M(s) to a system (systemId)
     # @param [Hash] opts the optional parameters
-    # @return [PoamResponsePost]
-    def add_poam_by_system_id(system_id, request_body, opts = {})
-      data, _status_code, _headers = add_poam_by_system_id_with_http_info(system_id, request_body, opts)
+    # @return [PoamResponsePostPutDelete]
+    def add_poam_by_system_id(system_id, poam_required_fields, opts = {})
+      data, _status_code, _headers = add_poam_by_system_id_with_http_info(system_id, poam_required_fields, opts)
       data
     end
 
     # Add one or many POA&amp;M items in a system
-    # Add a POA&amp;M for given &#x60;systemId&#x60;&lt;br&gt;  **Request Body Required Fields** - &#x60;status&#x60; - &#x60;vulnerabilityDescription&#x60; - &#x60;sourceIdentVuln&#x60; - &#x60;pocOrganization&#x60; - &#x60;resources&#x60;  **Note**&lt;br /&gt; If a POC email is supplied, the application will attempt to locate a user already registered within the application and pre-populate any information not explicitly supplied in the request. If no such user is found, these fields are **required** within the request.&lt;br&gt; &#x60;pocFirstName&#x60;, &#x60;pocLastName&#x60;, &#x60;pocPhoneNumber&#x60;&lt;br /&gt;
+    # Add a POA&amp;M for given &#x60;systemId&#x60;  **Request Body Required Fields** &lt;table&gt;   &lt;thead&gt;     &lt;tr&gt;&lt;th&gt;&lt;b&gt;Field&lt;/b&gt;&lt;/th&gt;&lt;th&gt;&lt;b&gt;Require/Condition&lt;/b&gt;&lt;/th&gt;&lt;/tr&gt;   &lt;/thead&gt;   &lt;tbody&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;status&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Always (every POST)&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;vulnerabilityDescription&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Always (every POST)&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;sourceIdentifyingVulnerability&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Always (every POST)&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;pocOrganization&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Always (every POST)&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;resources&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Always (every POST)&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;identifiedInCFOAuditOrOtherReview&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Required for VA. Optional for Army and USCG.&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;scheduledCompletionDate&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Required for ongoing and completed POA&amp;M items&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;pocFirstName&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Only if Last Name, Email, or Phone Number have data&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;pocLastName&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Only if First Name, Email, or Phone Number have data&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;pocEmail&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Only if First Name, Last Name, or Phone Number have data&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;pocPhoneNumber&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Only if First Name, Last Name, or Email have data&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;completionDate&lt;/code&gt;&lt;/td&gt;&lt;td&gt;For completed POA&amp;M Item only&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;comments&lt;/code&gt;&lt;/td&gt;&lt;td&gt;For completed or Risk Accepted POA&amp;M Items only&lt;/td&gt;&lt;/tr&gt;   &lt;/tbody&gt; &lt;/table&gt;  **NOTE**: Certain eMASS instances also require the Risk Analysis fields to be populated:   - &#x60;severity&#x60;   - &#x60;relevanceOfThreat&#x60;   - &#x60;likelihood&#x60;   - &#x60;impact&#x60;   - &#x60;residualRiskLevel&#x60;   - &#x60;mitigations&#x60;  &lt;/br&gt; **Business Rules**  The following rules apply to the Review Status &#x60;status&#x60; field value: &lt;table&gt;   &lt;thead&gt;&lt;tr&gt;&lt;th&gt;&lt;b&gt;Value&lt;/b&gt;&lt;/th&gt;&lt;th&gt;&lt;b&gt;Rule&lt;/b&gt;&lt;/th&gt;&lt;/tr&gt;&lt;/thead&gt;   &lt;tbody&gt;     &lt;tr&gt;&lt;td&gt;&lt;b&gt;Not Approved&lt;/b&gt;&lt;/td&gt;&lt;td&gt;POA&amp;M cannot be saved if Milestone Scheduled Completion Date exceeds POA&amp;M Item Scheduled Completion Date&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;b&gt;Approved&lt;/b&gt;&lt;/td&gt;&lt;td&gt;POA&amp;M can only be saved if Milestone Scheduled Completion Date exceeds POA&amp;M Item Scheduled Completion Date&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;/td&gt;&lt;td&gt;Are required to have a Severity Value assigned&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;b&gt;Completed&lt;/b&gt; or &lt;b&gt;Ongoing&lt;/b&gt;&lt;/td&gt;&lt;td&gt;Cannot be saved without Milestones&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;b&gt;Risk Accepted&lt;/b&gt;&lt;/td&gt;&lt;td&gt;POA&amp;M Item cannot be saved with a Scheduled Completion Date &lt;code&gt;scheduledCompletionDate&lt;/code&gt; or have Milestones&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;b&gt;Approved&lt;/b&gt; or &lt;b&gt;Completed&lt;/b&gt; or &lt;b&gt;Ongoing&lt;/b&gt;&lt;/td&gt;&lt;td&gt;Cannot update Scheduled Completion Date&lt;/td&gt;&lt;/tr&gt;  &lt;/tbody&gt; &lt;/table&gt;  **Additional Rules** - POA&amp;M Item cannot be saved if associated Security Control or AP is inherited. - Completed POA&amp;M Item cannot be saved if Completion Date (&#x60;completionDate&#x60;) is in the future. - POA&amp;M Items cannot be updated if they are included in an active package. - Archived POA&amp;M Items cannot be updated. - POA&amp;M Items with a status of \&quot;Not Applicable\&quot; will be updated through test result creation. - If the Security Control or Assessment Procedure does not exist in the system, the POA&amp;M Item maybe imported at the System Level.   **Fields Characters Limitation** - POA&amp;M Item cannot be saved if the Point of Contact (POC) fields exceed 100 characters:   - &#x60;pocOrganization&#x60; &#x60;pocFirstName&#x60;, &#x60;pocLastName&#x60;, &#x60;pocEmail&#x60;, &#x60;pocPhoneNumber&#x60; - POA&amp;M Item cannot be saved if Resources (&#x60;resource&#x60;) field exceeds 250 characters - POA&amp;M Item cannot be saved if the following fields exceeds 2,000 characters:   - &#x60;mitigations&#x60;, &#x60;sourceIdentifyingVulnerability&#x60;, &#x60;comments&#x60;   - Milestones Field: &#x60;description&#x60; - POA&amp;M Items cannot be saved if Milestone Description (&#x60;description&#x60;) exceeds 2,000 characters.
     # @param system_id [Integer] **System Id**: The unique system record identifier.
-    # @param request_body [Array<Object>] Add POA&amp;M(s) to a system (systemID)
+    # @param poam_required_fields [Array<PoamRequiredFields>] Example request body to add POA&amp;M(s) to a system (systemId)
     # @param [Hash] opts the optional parameters
-    # @return [Array<(PoamResponsePost, Integer, Hash)>] PoamResponsePost data, response status code and response headers
-    def add_poam_by_system_id_with_http_info(system_id, request_body, opts = {})
+    # @return [Array<(PoamResponsePostPutDelete, Integer, Hash)>] PoamResponsePostPutDelete data, response status code and response headers
+    def add_poam_by_system_id_with_http_info(system_id, poam_required_fields, opts = {})
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: POAMApi.add_poam_by_system_id ...'
       end
@@ -44,9 +44,9 @@ module EmassClient
       if @api_client.config.client_side_validation && system_id.nil?
         fail ArgumentError, "Missing the required parameter 'system_id' when calling POAMApi.add_poam_by_system_id"
       end
-      # verify the required parameter 'request_body' is set
-      if @api_client.config.client_side_validation && request_body.nil?
-        fail ArgumentError, "Missing the required parameter 'request_body' when calling POAMApi.add_poam_by_system_id"
+      # verify the required parameter 'poam_required_fields' is set
+      if @api_client.config.client_side_validation && poam_required_fields.nil?
+        fail ArgumentError, "Missing the required parameter 'poam_required_fields' when calling POAMApi.add_poam_by_system_id"
       end
       # resource path
       local_var_path = '/api/systems/{systemId}/poams'.sub('{' + 'systemId' + '}', CGI.escape(system_id.to_s))
@@ -57,7 +57,7 @@ module EmassClient
       # header parameters
       header_params = opts[:header_params] || {}
       # HTTP header 'Accept' (if needed)
-      header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
       # HTTP header 'Content-Type'
       content_type = @api_client.select_header_content_type(['application/json'])
       if !content_type.nil?
@@ -68,10 +68,10 @@ module EmassClient
       form_params = opts[:form_params] || {}
 
       # http body (model)
-      post_body = opts[:debug_body] || @api_client.object_to_http_body(request_body)
+      post_body = opts[:debug_body] || @api_client.object_to_http_body(poam_required_fields)
 
       # return_type
-      return_type = opts[:debug_return_type] || 'PoamResponsePost'
+      return_type = opts[:debug_return_type] || 'PoamResponsePostPutDelete'
 
       # auth_names
       auth_names = opts[:debug_auth_names] || ['apiKey', 'mockType', 'userId']
@@ -98,7 +98,7 @@ module EmassClient
     # @param system_id [Integer] **System Id**: The unique system record identifier.
     # @param poam_request_delete_body_inner [Array<PoamRequestDeleteBodyInner>] Delete the given POA&amp;M Id
     # @param [Hash] opts the optional parameters
-    # @return [PoamResponseDelete]
+    # @return [PoamResponsePostPutDelete]
     def delete_poam(system_id, poam_request_delete_body_inner, opts = {})
       data, _status_code, _headers = delete_poam_with_http_info(system_id, poam_request_delete_body_inner, opts)
       data
@@ -109,7 +109,7 @@ module EmassClient
     # @param system_id [Integer] **System Id**: The unique system record identifier.
     # @param poam_request_delete_body_inner [Array<PoamRequestDeleteBodyInner>] Delete the given POA&amp;M Id
     # @param [Hash] opts the optional parameters
-    # @return [Array<(PoamResponseDelete, Integer, Hash)>] PoamResponseDelete data, response status code and response headers
+    # @return [Array<(PoamResponsePostPutDelete, Integer, Hash)>] PoamResponsePostPutDelete data, response status code and response headers
     def delete_poam_with_http_info(system_id, poam_request_delete_body_inner, opts = {})
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: POAMApi.delete_poam ...'
@@ -131,7 +131,7 @@ module EmassClient
       # header parameters
       header_params = opts[:header_params] || {}
       # HTTP header 'Accept' (if needed)
-      header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
       # HTTP header 'Content-Type'
       content_type = @api_client.select_header_content_type(['application/json'])
       if !content_type.nil?
@@ -145,7 +145,7 @@ module EmassClient
       post_body = opts[:debug_body] || @api_client.object_to_http_body(poam_request_delete_body_inner)
 
       # return_type
-      return_type = opts[:debug_return_type] || 'PoamResponseDelete'
+      return_type = opts[:debug_return_type] || 'PoamResponsePostPutDelete'
 
       # auth_names
       auth_names = opts[:debug_auth_names] || ['apiKey', 'mockType', 'userId']
@@ -173,8 +173,9 @@ module EmassClient
     # @param [Hash] opts the optional parameters
     # @option opts [String] :scheduled_completion_date_start **Date Started**: Filter query by the scheduled completion start date (Unix date format).
     # @option opts [String] :scheduled_completion_date_end **Date Ended**: Filter query by the scheduled completion start date (Unix date format).
-    # @option opts [String] :control_acronyms **System Acronym**: Filter query by given system acronym (single or comma separated).
-    # @option opts [String] :ccis **CCI System**: Filter query by Control Correlation Identifiers (CCIs) (single or comma separated).
+    # @option opts [String] :control_acronyms **Control Acronym**: Filter query by given system acronym (single value or comma separated).
+    # @option opts [String] :assessment_procedures **Assessment Procedure**: Filter query by given Security Control Assessment Procedure (single value or comma separated).
+    # @option opts [String] :ccis **CCI System**: Filter query by Control Correlation Identifiers (CCIs) (single value or comma separated).
     # @option opts [Boolean] :system_only **Systems Only**: Indicates that only system(s) information is retrieved. (default to true)
     # @return [PoamResponseGetSystems]
     def get_system_poams(system_id, opts = {})
@@ -188,8 +189,9 @@ module EmassClient
     # @param [Hash] opts the optional parameters
     # @option opts [String] :scheduled_completion_date_start **Date Started**: Filter query by the scheduled completion start date (Unix date format).
     # @option opts [String] :scheduled_completion_date_end **Date Ended**: Filter query by the scheduled completion start date (Unix date format).
-    # @option opts [String] :control_acronyms **System Acronym**: Filter query by given system acronym (single or comma separated).
-    # @option opts [String] :ccis **CCI System**: Filter query by Control Correlation Identifiers (CCIs) (single or comma separated).
+    # @option opts [String] :control_acronyms **Control Acronym**: Filter query by given system acronym (single value or comma separated).
+    # @option opts [String] :assessment_procedures **Assessment Procedure**: Filter query by given Security Control Assessment Procedure (single value or comma separated).
+    # @option opts [String] :ccis **CCI System**: Filter query by Control Correlation Identifiers (CCIs) (single value or comma separated).
     # @option opts [Boolean] :system_only **Systems Only**: Indicates that only system(s) information is retrieved. (default to true)
     # @return [Array<(PoamResponseGetSystems, Integer, Hash)>] PoamResponseGetSystems data, response status code and response headers
     def get_system_poams_with_http_info(system_id, opts = {})
@@ -208,13 +210,14 @@ module EmassClient
       query_params[:'scheduledCompletionDateStart'] = opts[:'scheduled_completion_date_start'] if !opts[:'scheduled_completion_date_start'].nil?
       query_params[:'scheduledCompletionDateEnd'] = opts[:'scheduled_completion_date_end'] if !opts[:'scheduled_completion_date_end'].nil?
       query_params[:'controlAcronyms'] = opts[:'control_acronyms'] if !opts[:'control_acronyms'].nil?
+      query_params[:'assessmentProcedures'] = opts[:'assessment_procedures'] if !opts[:'assessment_procedures'].nil?
       query_params[:'ccis'] = opts[:'ccis'] if !opts[:'ccis'].nil?
       query_params[:'systemOnly'] = opts[:'system_only'] if !opts[:'system_only'].nil?
 
       # header parameters
       header_params = opts[:header_params] || {}
       # HTTP header 'Accept' (if needed)
-      header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
 
       # form parameters
       form_params = opts[:form_params] || {}
@@ -283,7 +286,7 @@ module EmassClient
       # header parameters
       header_params = opts[:header_params] || {}
       # HTTP header 'Accept' (if needed)
-      header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
 
       # form parameters
       form_params = opts[:form_params] || {}
@@ -315,23 +318,23 @@ module EmassClient
     end
 
     # Update one or many POA&M items in a system
-    # Update a POA&M for given `systemId`<br>  **Request Body Required Fields** - `poamId` - `displayPoamId` - `status` - `vulnerabilityDescription` - `sourceIdentVuln` - `pocOrganization` - `reviewStatus`  **Notes** - If a POC email is supplied, the application will attempt to locate a user already   registered within the application and pre-populate any information not explicitly supplied   in the request. If no such user is found, these fields are **required** within the request.<br>   `pocOrganization`, `pocFirstName`, `pocLastName`, `pocEmail`, `pocPhoneNumber`<br />  - To delete a milestone through the POA&M PUT the field `isActive` must be set to `false`: `isActive=false`.
+    # Update a POA&M for given `systemId`<br>  **Request Body Required Fields** <table>   <thead>     <tr><th><b>Field</b></th><th><b>Require/Condition</b></th></tr>   </thead>   <tbody>     <tr><td><code>poamId</code></td><td>Always (every PUT)</td></tr>     <tr><td><code>displayPoamId</code></td><td>Always (every PUT)</td></tr>     <tr><td><code>status</code></td><td>Always (every PUT)</td></tr>     <tr><td><code>vulnerabilityDescription</code></td><td>Always (every PUT)</td></tr>     <tr><td><code>sourceIdentifyingVulnerability</code></td><td>Always (every PUT)</td></tr>     <tr><td><code>pocOrganization</code></td><td>Always (every PUT)</td></tr>     <tr><td><code>resources</code></td><td>Always (every PUT)</td></tr>     <tr><td><code>identifiedInCFOAuditOrOtherReview</code></td><td>Required for VA. Optional for Army and USCG.</td></tr>     <tr><td><code>scheduledCompletionDate</code></td><td>Required for ongoing and completed POA&M items</td></tr>     <tr><td><code>pocFirstName</code></td><td>Only if Last Name, Email, or Phone Number have data</td></tr>     <tr><td><code>pocLastName</code></td><td>Only if First Name, Email, or Phone Number have data</td></tr>     <tr><td><code>pocEmail</code></td><td>Only if First Name, Last Name, or Phone Number have data</td></tr>     <tr><td><code>pocPhoneNumber</code></td><td>Only if First Name, Last Name, or Email have data</td></tr>     <tr><td><code>completionDate</code></td><td>For completed POA&M Item only</td></tr>     <tr><td><code>comments</code></td><td>For completed or Risk Accepted POA&M Items only</td></tr>   </tbody> </table>  **NOTES**: - Certain eMASS instances also require the Risk Analysis fields to be populated:   - `severity`   - `relevanceOfThreat`   - `likelihood`   - `impact`   - `residualRiskLevel`   - `mitigations` - To prevent uploading duplicate/undesired milestones through the POA&M PUT include an `isActive` field for the milestone and set it to equal to false `(isActive=false)`. </br>  **Business Rules:** See business rules for the POST endpoint
     # @param system_id [Integer] **System Id**: The unique system record identifier.
-    # @param request_body [Array<Object>] Update an existing control by Id
+    # @param poam_ids [Array<PoamIds>] Example request body for updating a POA&amp;M for a system (systemId)
     # @param [Hash] opts the optional parameters
-    # @return [PoamResponsePut]
-    def update_poam_by_system_id(system_id, request_body, opts = {})
-      data, _status_code, _headers = update_poam_by_system_id_with_http_info(system_id, request_body, opts)
+    # @return [PoamResponsePostPutDelete]
+    def update_poam_by_system_id(system_id, poam_ids, opts = {})
+      data, _status_code, _headers = update_poam_by_system_id_with_http_info(system_id, poam_ids, opts)
       data
     end
 
     # Update one or many POA&amp;M items in a system
-    # Update a POA&amp;M for given &#x60;systemId&#x60;&lt;br&gt;  **Request Body Required Fields** - &#x60;poamId&#x60; - &#x60;displayPoamId&#x60; - &#x60;status&#x60; - &#x60;vulnerabilityDescription&#x60; - &#x60;sourceIdentVuln&#x60; - &#x60;pocOrganization&#x60; - &#x60;reviewStatus&#x60;  **Notes** - If a POC email is supplied, the application will attempt to locate a user already   registered within the application and pre-populate any information not explicitly supplied   in the request. If no such user is found, these fields are **required** within the request.&lt;br&gt;   &#x60;pocOrganization&#x60;, &#x60;pocFirstName&#x60;, &#x60;pocLastName&#x60;, &#x60;pocEmail&#x60;, &#x60;pocPhoneNumber&#x60;&lt;br /&gt;  - To delete a milestone through the POA&amp;M PUT the field &#x60;isActive&#x60; must be set to &#x60;false&#x60;: &#x60;isActive&#x3D;false&#x60;.
+    # Update a POA&amp;M for given &#x60;systemId&#x60;&lt;br&gt;  **Request Body Required Fields** &lt;table&gt;   &lt;thead&gt;     &lt;tr&gt;&lt;th&gt;&lt;b&gt;Field&lt;/b&gt;&lt;/th&gt;&lt;th&gt;&lt;b&gt;Require/Condition&lt;/b&gt;&lt;/th&gt;&lt;/tr&gt;   &lt;/thead&gt;   &lt;tbody&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;poamId&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Always (every PUT)&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;displayPoamId&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Always (every PUT)&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;status&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Always (every PUT)&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;vulnerabilityDescription&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Always (every PUT)&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;sourceIdentifyingVulnerability&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Always (every PUT)&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;pocOrganization&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Always (every PUT)&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;resources&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Always (every PUT)&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;identifiedInCFOAuditOrOtherReview&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Required for VA. Optional for Army and USCG.&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;scheduledCompletionDate&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Required for ongoing and completed POA&amp;M items&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;pocFirstName&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Only if Last Name, Email, or Phone Number have data&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;pocLastName&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Only if First Name, Email, or Phone Number have data&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;pocEmail&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Only if First Name, Last Name, or Phone Number have data&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;pocPhoneNumber&lt;/code&gt;&lt;/td&gt;&lt;td&gt;Only if First Name, Last Name, or Email have data&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;completionDate&lt;/code&gt;&lt;/td&gt;&lt;td&gt;For completed POA&amp;M Item only&lt;/td&gt;&lt;/tr&gt;     &lt;tr&gt;&lt;td&gt;&lt;code&gt;comments&lt;/code&gt;&lt;/td&gt;&lt;td&gt;For completed or Risk Accepted POA&amp;M Items only&lt;/td&gt;&lt;/tr&gt;   &lt;/tbody&gt; &lt;/table&gt;  **NOTES**: - Certain eMASS instances also require the Risk Analysis fields to be populated:   - &#x60;severity&#x60;   - &#x60;relevanceOfThreat&#x60;   - &#x60;likelihood&#x60;   - &#x60;impact&#x60;   - &#x60;residualRiskLevel&#x60;   - &#x60;mitigations&#x60; - To prevent uploading duplicate/undesired milestones through the POA&amp;M PUT include an &#x60;isActive&#x60; field for the milestone and set it to equal to false &#x60;(isActive&#x3D;false)&#x60;. &lt;/br&gt;  **Business Rules:** See business rules for the POST endpoint
     # @param system_id [Integer] **System Id**: The unique system record identifier.
-    # @param request_body [Array<Object>] Update an existing control by Id
+    # @param poam_ids [Array<PoamIds>] Example request body for updating a POA&amp;M for a system (systemId)
     # @param [Hash] opts the optional parameters
-    # @return [Array<(PoamResponsePut, Integer, Hash)>] PoamResponsePut data, response status code and response headers
-    def update_poam_by_system_id_with_http_info(system_id, request_body, opts = {})
+    # @return [Array<(PoamResponsePostPutDelete, Integer, Hash)>] PoamResponsePostPutDelete data, response status code and response headers
+    def update_poam_by_system_id_with_http_info(system_id, poam_ids, opts = {})
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: POAMApi.update_poam_by_system_id ...'
       end
@@ -339,9 +342,9 @@ module EmassClient
       if @api_client.config.client_side_validation && system_id.nil?
         fail ArgumentError, "Missing the required parameter 'system_id' when calling POAMApi.update_poam_by_system_id"
       end
-      # verify the required parameter 'request_body' is set
-      if @api_client.config.client_side_validation && request_body.nil?
-        fail ArgumentError, "Missing the required parameter 'request_body' when calling POAMApi.update_poam_by_system_id"
+      # verify the required parameter 'poam_ids' is set
+      if @api_client.config.client_side_validation && poam_ids.nil?
+        fail ArgumentError, "Missing the required parameter 'poam_ids' when calling POAMApi.update_poam_by_system_id"
       end
       # resource path
       local_var_path = '/api/systems/{systemId}/poams'.sub('{' + 'systemId' + '}', CGI.escape(system_id.to_s))
@@ -352,7 +355,7 @@ module EmassClient
       # header parameters
       header_params = opts[:header_params] || {}
       # HTTP header 'Accept' (if needed)
-      header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
       # HTTP header 'Content-Type'
       content_type = @api_client.select_header_content_type(['application/json'])
       if !content_type.nil?
@@ -363,10 +366,10 @@ module EmassClient
       form_params = opts[:form_params] || {}
 
       # http body (model)
-      post_body = opts[:debug_body] || @api_client.object_to_http_body(request_body)
+      post_body = opts[:debug_body] || @api_client.object_to_http_body(poam_ids)
 
       # return_type
-      return_type = opts[:debug_return_type] || 'PoamResponsePut'
+      return_type = opts[:debug_return_type] || 'PoamResponsePostPutDelete'
 
       # auth_names
       auth_names = opts[:debug_auth_names] || ['apiKey', 'mockType', 'userId']

data/lib/emass_client/api/registration_api.rb

@@ -1,12 +1,12 @@
 =begin
 #Enterprise Mission Assurance Support Service (eMASS)
 
-#The Enterprise Mission Assurance Support Service (eMASS) Representational State Transfer (REST) Application Programming Interface (API) enables users to perform assessments and complete actions associated with system records.   <strong>Register External Application (that use the eMASS API)</strong></br> New users will need to [register](https://nisp.emass.apps.mil/Content/Help/jobaids/eMASS_OT_NewUser_Job_Aid.pdf) an API key with the eMASS development team prior to accessing the site for the first time. The eMASS REST API  requires a client certificate (SSL/TLS, DoD PKI only). Use the `Registration` endpoint to register the client certificate.</br></br>  Every call to the eMASS REST API will require the use of the agreed upon public key certificate and API key.  The API key must be provided in the request header for all endpoint calls (api-key). If the service receives an untrusted certificate or API key, a 401 error response code will be returned along with an error message.  </br></br>  <strong>Available Request Headers</strong></br> <table>   <tr>     <th align=left>key</th>     <th align=left>Example Value</th>     <th align=left>Description</th>   </tr>   <tr>     <td>`api-key`</td>     <td>api-key-provided-by-emass</td>     <td>This API key must be provided in the request header for all endpoint calls</td>   </tr>   <tr>     <td>`user-uid`</td>     <td>USER.UID.KEY</td>     <td>This User unique identifier key must be provided in the request header for all PUT, POST, and DELETE endpoint calls</td>   </tr>   <tr>     <td></td><td></td>     <td>       Note: For DoD users this is the DoD ID Number (EIDIPI) on their DoD CAC     </td>   </tr> </table>  </br><strong>Approve API Client for Actionable Requests</strong></br> Users are required to log-in to eMASS and grant permissions for a client to update data within eMASS on their behalf. This is only required for actionable requests (PUT, POST, DELETE). The Registration Endpoint and all GET requests can be accessed without completing this process with the correct permissions. Please note that leaving a field parameter blank (for PUT/POST requests) has the potential to clear information in the active eMASS records.  To establish an account with eMASS and/or acquire an api-key/user-uid, contact one of the listed POC: 
+#The eMASS Representational State Transfer (REST) Application Programming Interface (API) enables users to perform assessments and complete actions associated with system records.  The eMASS API provides an interface for application to communicate eMASS Services. For information on how to register and use the eMASS API reference the [eMASS API Getting Started](eMASSGettingStarted.md).  Additional information about eMASS can be obtain by contacting the National Industrial Security Program (NISP). Points of Contact are: 
 
-The version of the OpenAPI document: v3.10
-Contact: disa.meade.id.mbx.emass-tier-iii-support@mail.mil
+The version of the OpenAPI document: v3.22
+Contact: disa.global.servicedesk.mbx.ma-ticket-request@mail.mil
 Generated by: https://openapi-generator.tech
-OpenAPI Generator version: 7.0.0-SNAPSHOT
+Generator version: 7.12.0-SNAPSHOT
 
 =end
 
@@ -45,7 +45,7 @@ module EmassClient
       # header parameters
       header_params = opts[:header_params] || {}
       # HTTP header 'Accept' (if needed)
-      header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
 
       # form parameters
       form_params = opts[:form_params] || {}