smplkit 3.0.64 → 3.0.65

data/lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb

@@ -0,0 +1,445 @@
+=begin
+#smplkit API
+
+#API for the smplkit platform.
+
+The version of the OpenAPI document: 0.1.0
+
+Generated by: https://openapi-generator.tech
+Generator version: 7.22.0
+
+=end
+
+require 'date'
+require 'time'
+
+module SmplkitGeneratedClient::App
+  # An account's Single Sign-On connection to a customer-controlled identity provider. Configuring a connection lets the account federate authentication to its own SAML or OIDC IdP; with `enforced` enabled, password and social sign-in are disabled for users on the account's verified domains.  Each account has at most one SSO connection. The Service Provider metadata fields (`sp_entity_id`, `acs_url`, `slo_url`) are computed on every read from the connection identifier and never stored.
+  class SSOConnection < ApiModelBase
+    # Federation protocol. `oidc` for OpenID Connect; `saml` for SAML 2.0. Determines which set of IdP fields below are required.
+    attr_accessor :protocol
+
+    # OIDC issuer URL — the base from which `.well-known/openid-configuration` is discovered. Required when `protocol` is `oidc`; ignored when `protocol` is `saml`.
+    attr_accessor :oidc_issuer
+
+    # OIDC client identifier issued by the IdP for smplkit. Required when `protocol` is `oidc`; ignored otherwise.
+    attr_accessor :oidc_client_id
+
+    # OIDC client secret. Write-only — supplied on PUT, never returned by the API. Stored envelope-encrypted at rest. Required on first creation of an OIDC connection; on subsequent PUTs, omit to retain the existing value.
+    attr_accessor :oidc_client_secret
+
+    # SAML IdP EntityID (typically a URI). Required when `protocol` is `saml`; ignored otherwise.
+    attr_accessor :saml_idp_entity_id
+
+    # SAML IdP single sign-on URL (HTTP-Redirect or HTTP-POST endpoint). Required when `protocol` is `saml`.
+    attr_accessor :saml_idp_sso_url
+
+    # SAML IdP single logout URL. Optional — when present, smplkit will issue LogoutRequests on user sign-out.
+    attr_accessor :saml_idp_slo_url
+
+    # SAML IdP X.509 signing certificate (PEM-encoded). Required when `protocol` is `saml`.
+    attr_accessor :saml_idp_x509_cert
+
+    # Role granted to a user provisioned just-in-time on their first SSO login when no group mapping applies. `OWNER` values are downgraded to `ADMIN` for JIT — owner promotion remains an explicit account action.
+    attr_accessor :default_role
+
+    # Mapping of IdP group claim values to smplkit roles. The first key matching the user's group claims (in declaration order) decides the JIT role; if none match, `default_role` applies. Example: `{\"smplkit-admins\": \"ADMIN\"}`.
+    attr_accessor :group_role_mappings
+
+    # When `true`, password and social sign-in are rejected for users whose email domain matches one of the account's verified domains. The account owner is exempt (break-glass).
+    attr_accessor :enforced
+
+    # Service Provider EntityID to register with the IdP. Computed from the connection — paste this value into the IdP's smplkit configuration.
+    attr_accessor :sp_entity_id
+
+    # Assertion Consumer Service URL (SAML) or redirect URI (OIDC) to register with the IdP. Computed.
+    attr_accessor :acs_url
+
+    # Single Logout URL to register with the IdP. Computed; smplkit accepts logout requests here for the SAML case.
+    attr_accessor :slo_url
+
+    # When the connection was created.
+    attr_accessor :created_at
+
+    # When the connection was last modified.
+    attr_accessor :updated_at
+
+    class EnumAttributeValidator
+      attr_reader :datatype
+      attr_reader :allowable_values
+
+      def initialize(datatype, allowable_values)
+        @allowable_values = allowable_values.map do |value|
+          case datatype.to_s
+          when /Integer/i
+            value.to_i
+          when /Float/i
+            value.to_f
+          else
+            value
+          end
+        end
+      end
+
+      def valid?(value)
+        !value || allowable_values.include?(value)
+      end
+    end
+
+    # Attribute mapping from ruby-style variable name to JSON key.
+    def self.attribute_map
+      {
+        :'protocol' => :'protocol',
+        :'oidc_issuer' => :'oidc_issuer',
+        :'oidc_client_id' => :'oidc_client_id',
+        :'oidc_client_secret' => :'oidc_client_secret',
+        :'saml_idp_entity_id' => :'saml_idp_entity_id',
+        :'saml_idp_sso_url' => :'saml_idp_sso_url',
+        :'saml_idp_slo_url' => :'saml_idp_slo_url',
+        :'saml_idp_x509_cert' => :'saml_idp_x509_cert',
+        :'default_role' => :'default_role',
+        :'group_role_mappings' => :'group_role_mappings',
+        :'enforced' => :'enforced',
+        :'sp_entity_id' => :'sp_entity_id',
+        :'acs_url' => :'acs_url',
+        :'slo_url' => :'slo_url',
+        :'created_at' => :'created_at',
+        :'updated_at' => :'updated_at'
+      }
+    end
+
+    # Returns attribute mapping this model knows about
+    def self.acceptable_attribute_map
+      attribute_map
+    end
+
+    # Returns all the JSON keys this model knows about
+    def self.acceptable_attributes
+      acceptable_attribute_map.values
+    end
+
+    # Attribute type mapping.
+    def self.openapi_types
+      {
+        :'protocol' => :'String',
+        :'oidc_issuer' => :'String',
+        :'oidc_client_id' => :'String',
+        :'oidc_client_secret' => :'String',
+        :'saml_idp_entity_id' => :'String',
+        :'saml_idp_sso_url' => :'String',
+        :'saml_idp_slo_url' => :'String',
+        :'saml_idp_x509_cert' => :'String',
+        :'default_role' => :'String',
+        :'group_role_mappings' => :'Hash<String, String>',
+        :'enforced' => :'Boolean',
+        :'sp_entity_id' => :'String',
+        :'acs_url' => :'String',
+        :'slo_url' => :'String',
+        :'created_at' => :'Time',
+        :'updated_at' => :'Time'
+      }
+    end
+
+    # List of attributes with nullable: true
+    def self.openapi_nullable
+      Set.new([
+        :'oidc_issuer',
+        :'oidc_client_id',
+        :'oidc_client_secret',
+        :'saml_idp_entity_id',
+        :'saml_idp_sso_url',
+        :'saml_idp_slo_url',
+        :'saml_idp_x509_cert',
+        :'sp_entity_id',
+        :'acs_url',
+        :'slo_url',
+        :'created_at',
+        :'updated_at'
+      ])
+    end
+
+    # Initializes the object
+    # @param [Hash] attributes Model attributes in the form of hash
+    def initialize(attributes = {})
+      if (!attributes.is_a?(Hash))
+        fail ArgumentError, "The input argument (attributes) must be a hash in `SmplkitGeneratedClient::App::SSOConnection` initialize method"
+      end
+
+      # check to see if the attribute exists and convert string to symbol for hash key
+      acceptable_attribute_map = self.class.acceptable_attribute_map
+      attributes = attributes.each_with_object({}) { |(k, v), h|
+        if (!acceptable_attribute_map.key?(k.to_sym))
+          fail ArgumentError, "`#{k}` is not a valid attribute in `SmplkitGeneratedClient::App::SSOConnection`. Please check the name to make sure it's valid. List of attributes: " + acceptable_attribute_map.keys.inspect
+        end
+        h[k.to_sym] = v
+      }
+
+      if attributes.key?(:'protocol')
+        self.protocol = attributes[:'protocol']
+      else
+        self.protocol = nil
+      end
+
+      if attributes.key?(:'oidc_issuer')
+        self.oidc_issuer = attributes[:'oidc_issuer']
+      end
+
+      if attributes.key?(:'oidc_client_id')
+        self.oidc_client_id = attributes[:'oidc_client_id']
+      end
+
+      if attributes.key?(:'oidc_client_secret')
+        self.oidc_client_secret = attributes[:'oidc_client_secret']
+      end
+
+      if attributes.key?(:'saml_idp_entity_id')
+        self.saml_idp_entity_id = attributes[:'saml_idp_entity_id']
+      end
+
+      if attributes.key?(:'saml_idp_sso_url')
+        self.saml_idp_sso_url = attributes[:'saml_idp_sso_url']
+      end
+
+      if attributes.key?(:'saml_idp_slo_url')
+        self.saml_idp_slo_url = attributes[:'saml_idp_slo_url']
+      end
+
+      if attributes.key?(:'saml_idp_x509_cert')
+        self.saml_idp_x509_cert = attributes[:'saml_idp_x509_cert']
+      end
+
+      if attributes.key?(:'default_role')
+        self.default_role = attributes[:'default_role']
+      else
+        self.default_role = 'MEMBER'
+      end
+
+      if attributes.key?(:'group_role_mappings')
+        if (value = attributes[:'group_role_mappings']).is_a?(Hash)
+          self.group_role_mappings = value
+        end
+      end
+
+      if attributes.key?(:'enforced')
+        self.enforced = attributes[:'enforced']
+      else
+        self.enforced = false
+      end
+
+      if attributes.key?(:'sp_entity_id')
+        self.sp_entity_id = attributes[:'sp_entity_id']
+      end
+
+      if attributes.key?(:'acs_url')
+        self.acs_url = attributes[:'acs_url']
+      end
+
+      if attributes.key?(:'slo_url')
+        self.slo_url = attributes[:'slo_url']
+      end
+
+      if attributes.key?(:'created_at')
+        self.created_at = attributes[:'created_at']
+      end
+
+      if attributes.key?(:'updated_at')
+        self.updated_at = attributes[:'updated_at']
+      end
+    end
+
+    # Show invalid properties with the reasons. Usually used together with valid?
+    # @return Array for valid properties with the reasons
+    def list_invalid_properties
+      warn '[DEPRECATED] the `list_invalid_properties` method is obsolete'
+      invalid_properties = Array.new
+      if @protocol.nil?
+        invalid_properties.push('invalid value for "protocol", protocol cannot be nil.')
+      end
+
+      if !@oidc_issuer.nil? && @oidc_issuer.to_s.length > 2048
+        invalid_properties.push('invalid value for "oidc_issuer", the character length must be smaller than or equal to 2048.')
+      end
+
+      if !@oidc_client_id.nil? && @oidc_client_id.to_s.length > 512
+        invalid_properties.push('invalid value for "oidc_client_id", the character length must be smaller than or equal to 512.')
+      end
+
+      if !@saml_idp_entity_id.nil? && @saml_idp_entity_id.to_s.length > 2048
+        invalid_properties.push('invalid value for "saml_idp_entity_id", the character length must be smaller than or equal to 2048.')
+      end
+
+      if !@saml_idp_sso_url.nil? && @saml_idp_sso_url.to_s.length > 2048
+        invalid_properties.push('invalid value for "saml_idp_sso_url", the character length must be smaller than or equal to 2048.')
+      end
+
+      if !@saml_idp_slo_url.nil? && @saml_idp_slo_url.to_s.length > 2048
+        invalid_properties.push('invalid value for "saml_idp_slo_url", the character length must be smaller than or equal to 2048.')
+      end
+
+      invalid_properties
+    end
+
+    # Check to see if the all the properties in the model are valid
+    # @return true if the model is valid
+    def valid?
+      warn '[DEPRECATED] the `valid?` method is obsolete'
+      return false if @protocol.nil?
+      protocol_validator = EnumAttributeValidator.new('String', ["saml", "oidc"])
+      return false unless protocol_validator.valid?(@protocol)
+      return false if !@oidc_issuer.nil? && @oidc_issuer.to_s.length > 2048
+      return false if !@oidc_client_id.nil? && @oidc_client_id.to_s.length > 512
+      return false if !@saml_idp_entity_id.nil? && @saml_idp_entity_id.to_s.length > 2048
+      return false if !@saml_idp_sso_url.nil? && @saml_idp_sso_url.to_s.length > 2048
+      return false if !@saml_idp_slo_url.nil? && @saml_idp_slo_url.to_s.length > 2048
+      default_role_validator = EnumAttributeValidator.new('String', ["OWNER", "ADMIN", "MEMBER", "VIEWER"])
+      return false unless default_role_validator.valid?(@default_role)
+      true
+    end
+
+    # Custom attribute writer method checking allowed values (enum).
+    # @param [Object] protocol Object to be assigned
+    def protocol=(protocol)
+      validator = EnumAttributeValidator.new('String', ["saml", "oidc"])
+      unless validator.valid?(protocol)
+        fail ArgumentError, "invalid value for \"protocol\", must be one of #{validator.allowable_values}."
+      end
+      @protocol = protocol
+    end
+
+    # Custom attribute writer method with validation
+    # @param [Object] oidc_issuer Value to be assigned
+    def oidc_issuer=(oidc_issuer)
+      if !oidc_issuer.nil? && oidc_issuer.to_s.length > 2048
+        fail ArgumentError, 'invalid value for "oidc_issuer", the character length must be smaller than or equal to 2048.'
+      end
+
+      @oidc_issuer = oidc_issuer
+    end
+
+    # Custom attribute writer method with validation
+    # @param [Object] oidc_client_id Value to be assigned
+    def oidc_client_id=(oidc_client_id)
+      if !oidc_client_id.nil? && oidc_client_id.to_s.length > 512
+        fail ArgumentError, 'invalid value for "oidc_client_id", the character length must be smaller than or equal to 512.'
+      end
+
+      @oidc_client_id = oidc_client_id
+    end
+
+    # Custom attribute writer method with validation
+    # @param [Object] saml_idp_entity_id Value to be assigned
+    def saml_idp_entity_id=(saml_idp_entity_id)
+      if !saml_idp_entity_id.nil? && saml_idp_entity_id.to_s.length > 2048
+        fail ArgumentError, 'invalid value for "saml_idp_entity_id", the character length must be smaller than or equal to 2048.'
+      end
+
+      @saml_idp_entity_id = saml_idp_entity_id
+    end
+
+    # Custom attribute writer method with validation
+    # @param [Object] saml_idp_sso_url Value to be assigned
+    def saml_idp_sso_url=(saml_idp_sso_url)
+      if !saml_idp_sso_url.nil? && saml_idp_sso_url.to_s.length > 2048
+        fail ArgumentError, 'invalid value for "saml_idp_sso_url", the character length must be smaller than or equal to 2048.'
+      end
+
+      @saml_idp_sso_url = saml_idp_sso_url
+    end
+
+    # Custom attribute writer method with validation
+    # @param [Object] saml_idp_slo_url Value to be assigned
+    def saml_idp_slo_url=(saml_idp_slo_url)
+      if !saml_idp_slo_url.nil? && saml_idp_slo_url.to_s.length > 2048
+        fail ArgumentError, 'invalid value for "saml_idp_slo_url", the character length must be smaller than or equal to 2048.'
+      end
+
+      @saml_idp_slo_url = saml_idp_slo_url
+    end
+
+    # Custom attribute writer method checking allowed values (enum).
+    # @param [Object] default_role Object to be assigned
+    def default_role=(default_role)
+      validator = EnumAttributeValidator.new('String', ["OWNER", "ADMIN", "MEMBER", "VIEWER"])
+      unless validator.valid?(default_role)
+        fail ArgumentError, "invalid value for \"default_role\", must be one of #{validator.allowable_values}."
+      end
+      @default_role = default_role
+    end
+
+    # Checks equality by comparing each attribute.
+    # @param [Object] Object to be compared
+    def ==(o)
+      return true if self.equal?(o)
+      self.class == o.class &&
+          protocol == o.protocol &&
+          oidc_issuer == o.oidc_issuer &&
+          oidc_client_id == o.oidc_client_id &&
+          oidc_client_secret == o.oidc_client_secret &&
+          saml_idp_entity_id == o.saml_idp_entity_id &&
+          saml_idp_sso_url == o.saml_idp_sso_url &&
+          saml_idp_slo_url == o.saml_idp_slo_url &&
+          saml_idp_x509_cert == o.saml_idp_x509_cert &&
+          default_role == o.default_role &&
+          group_role_mappings == o.group_role_mappings &&
+          enforced == o.enforced &&
+          sp_entity_id == o.sp_entity_id &&
+          acs_url == o.acs_url &&
+          slo_url == o.slo_url &&
+          created_at == o.created_at &&
+          updated_at == o.updated_at
+    end
+
+    # @see the `==` method
+    # @param [Object] Object to be compared
+    def eql?(o)
+      self == o
+    end
+
+    # Calculates hash code according to all attributes.
+    # @return [Integer] Hash code
+    def hash
+      [protocol, oidc_issuer, oidc_client_id, oidc_client_secret, saml_idp_entity_id, saml_idp_sso_url, saml_idp_slo_url, saml_idp_x509_cert, default_role, group_role_mappings, enforced, sp_entity_id, acs_url, slo_url, created_at, updated_at].hash
+    end
+
+    # Builds the object from hash
+    # @param [Hash] attributes Model attributes in the form of hash
+    # @return [Object] Returns the model itself
+    def self.build_from_hash(attributes)
+      return nil unless attributes.is_a?(Hash)
+      attributes = attributes.transform_keys(&:to_sym)
+      transformed_hash = {}
+      openapi_types.each_pair do |key, type|
+        if attributes.key?(attribute_map[key]) && attributes[attribute_map[key]].nil?
+          transformed_hash["#{key}"] = nil
+        elsif type =~ /\AArray<(.*)>/i
+          # check to ensure the input is an array given that the attribute
+          # is documented as an array but the input is not
+          if attributes[attribute_map[key]].is_a?(Array)
+            transformed_hash["#{key}"] = attributes[attribute_map[key]].map { |v| _deserialize($1, v) }
+          end
+        elsif !attributes[attribute_map[key]].nil?
+          transformed_hash["#{key}"] = _deserialize(type, attributes[attribute_map[key]])
+        end
+      end
+      new(transformed_hash)
+    end
+
+    # Returns the object in the form of hash
+    # @return [Hash] Returns the object in the form of hash
+    def to_hash
+      hash = {}
+      self.class.attribute_map.each_pair do |attr, param|
+        value = self.send(attr)
+        if value.nil?
+          is_nullable = self.class.openapi_nullable.include?(attr)
+          next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+        end
+
+        hash[param] = _to_hash(value)
+      end
+      hash
+    end
+
+  end
+
+end

data/lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection_request.rb

@@ -0,0 +1,165 @@
+=begin
+#smplkit API
+
+#API for the smplkit platform.
+
+The version of the OpenAPI document: 0.1.0
+
+Generated by: https://openapi-generator.tech
+Generator version: 7.22.0
+
+=end
+
+require 'date'
+require 'time'
+
+module SmplkitGeneratedClient::App
+  # JSON:API request envelope for creating or replacing the SSO connection.
+  class SSOConnectionRequest < ApiModelBase
+    attr_accessor :data
+
+    # Attribute mapping from ruby-style variable name to JSON key.
+    def self.attribute_map
+      {
+        :'data' => :'data'
+      }
+    end
+
+    # Returns attribute mapping this model knows about
+    def self.acceptable_attribute_map
+      attribute_map
+    end
+
+    # Returns all the JSON keys this model knows about
+    def self.acceptable_attributes
+      acceptable_attribute_map.values
+    end
+
+    # Attribute type mapping.
+    def self.openapi_types
+      {
+        :'data' => :'SSOConnectionResource'
+      }
+    end
+
+    # List of attributes with nullable: true
+    def self.openapi_nullable
+      Set.new([
+      ])
+    end
+
+    # Initializes the object
+    # @param [Hash] attributes Model attributes in the form of hash
+    def initialize(attributes = {})
+      if (!attributes.is_a?(Hash))
+        fail ArgumentError, "The input argument (attributes) must be a hash in `SmplkitGeneratedClient::App::SSOConnectionRequest` initialize method"
+      end
+
+      # check to see if the attribute exists and convert string to symbol for hash key
+      acceptable_attribute_map = self.class.acceptable_attribute_map
+      attributes = attributes.each_with_object({}) { |(k, v), h|
+        if (!acceptable_attribute_map.key?(k.to_sym))
+          fail ArgumentError, "`#{k}` is not a valid attribute in `SmplkitGeneratedClient::App::SSOConnectionRequest`. Please check the name to make sure it's valid. List of attributes: " + acceptable_attribute_map.keys.inspect
+        end
+        h[k.to_sym] = v
+      }
+
+      if attributes.key?(:'data')
+        self.data = attributes[:'data']
+      else
+        self.data = nil
+      end
+    end
+
+    # Show invalid properties with the reasons. Usually used together with valid?
+    # @return Array for valid properties with the reasons
+    def list_invalid_properties
+      warn '[DEPRECATED] the `list_invalid_properties` method is obsolete'
+      invalid_properties = Array.new
+      if @data.nil?
+        invalid_properties.push('invalid value for "data", data cannot be nil.')
+      end
+
+      invalid_properties
+    end
+
+    # Check to see if the all the properties in the model are valid
+    # @return true if the model is valid
+    def valid?
+      warn '[DEPRECATED] the `valid?` method is obsolete'
+      return false if @data.nil?
+      true
+    end
+
+    # Custom attribute writer method with validation
+    # @param [Object] data Value to be assigned
+    def data=(data)
+      if data.nil?
+        fail ArgumentError, 'data cannot be nil'
+      end
+
+      @data = data
+    end
+
+    # Checks equality by comparing each attribute.
+    # @param [Object] Object to be compared
+    def ==(o)
+      return true if self.equal?(o)
+      self.class == o.class &&
+          data == o.data
+    end
+
+    # @see the `==` method
+    # @param [Object] Object to be compared
+    def eql?(o)
+      self == o
+    end
+
+    # Calculates hash code according to all attributes.
+    # @return [Integer] Hash code
+    def hash
+      [data].hash
+    end
+
+    # Builds the object from hash
+    # @param [Hash] attributes Model attributes in the form of hash
+    # @return [Object] Returns the model itself
+    def self.build_from_hash(attributes)
+      return nil unless attributes.is_a?(Hash)
+      attributes = attributes.transform_keys(&:to_sym)
+      transformed_hash = {}
+      openapi_types.each_pair do |key, type|
+        if attributes.key?(attribute_map[key]) && attributes[attribute_map[key]].nil?
+          transformed_hash["#{key}"] = nil
+        elsif type =~ /\AArray<(.*)>/i
+          # check to ensure the input is an array given that the attribute
+          # is documented as an array but the input is not
+          if attributes[attribute_map[key]].is_a?(Array)
+            transformed_hash["#{key}"] = attributes[attribute_map[key]].map { |v| _deserialize($1, v) }
+          end
+        elsif !attributes[attribute_map[key]].nil?
+          transformed_hash["#{key}"] = _deserialize(type, attributes[attribute_map[key]])
+        end
+      end
+      new(transformed_hash)
+    end
+
+    # Returns the object in the form of hash
+    # @return [Hash] Returns the object in the form of hash
+    def to_hash
+      hash = {}
+      self.class.attribute_map.each_pair do |attr, param|
+        value = self.send(attr)
+        if value.nil?
+          is_nullable = self.class.openapi_nullable.include?(attr)
+          next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+        end
+
+        hash[param] = _to_hash(value)
+      end
+      hash
+    end
+
+  end
+
+end