diff --git a/idn/beta/paths/campaign-templates.yaml b/idn/beta/paths/campaign-templates.yaml index 5322e93e..3c13975f 100644 --- a/idn/beta/paths/campaign-templates.yaml +++ b/idn/beta/paths/campaign-templates.yaml @@ -3,6 +3,8 @@ get: tags: - Certification Campaigns summary: List Campaign Templates + security: + - UserContextAuth: [ idn:campaign-template-list:read ] parameters: - $ref: '../../v3/parameters/limit.yaml' - $ref: '../../v3/parameters/offset.yaml' @@ -17,6 +19,7 @@ get: Sorting is supported for the following fields: **name, created, modified** + example: name - in: query name: filters schema: @@ -27,6 +30,7 @@ get: Filtering is supported for the following fields: **name, id** + example: name eq "manager template" responses: '200': description: List of campaign template objects @@ -53,6 +57,11 @@ post: tags: - Certification Campaigns summary: Create a Campaign Template + description: >- + Create a campaign Template based on campaign. + security: + - UserContextAuth: [ idn:campaign-template:create ] + deprecated: true requestBody: required: true content: diff --git a/idn/beta/schemas/CampaignTemplate.yaml b/idn/beta/schemas/CampaignTemplate.yaml index 1b246095..75a5c544 100644 --- a/idn/beta/schemas/CampaignTemplate.yaml +++ b/idn/beta/schemas/CampaignTemplate.yaml @@ -30,6 +30,7 @@ properties: readOnly: true description: Indicates if this campaign template has been scheduled. example: false + default: false ownerRef: type : object description: >- @@ -63,6 +64,9 @@ properties: (the current date plus 14 days). example: P2W campaign: + type: object + description: >- + This will hold campaign related information like name, description etc. $ref: './Campaign.yaml' required: - name diff --git a/idn/sailpoint-api.v3.yaml b/idn/sailpoint-api.v3.yaml index 46550604..ed1a708b 100644 --- a/idn/sailpoint-api.v3.yaml +++ b/idn/sailpoint-api.v3.yaml @@ -870,6 +870,8 @@ paths: $ref: './v3/paths/campaign-run-report.yaml' /campaigns/reports-configuration: $ref: './v3/paths/campaign-reports-configuration.yaml' + /campaign-templates: + $ref: './v3/paths/campaign-templates.yaml' /certifications: $ref: "./v3/paths/identity-certifications.yaml" /certifications/{id}: diff --git a/idn/v3/paths/campaign-templates.yaml b/idn/v3/paths/campaign-templates.yaml new file mode 100644 index 00000000..5192b15b --- /dev/null +++ b/idn/v3/paths/campaign-templates.yaml @@ -0,0 +1,50 @@ +post: + operationId: createCampaignTemplate + tags: + - Certification Campaigns + summary: Create a Campaign Template + description: >- + Create a campaign Template based on campaign. + security: + - UserContextAuth: [ idn:campaign-template:create ] + requestBody: + required: true + content: + application/json: + schema: + $ref: '../schemas/CampaignTemplate.yaml' + examples: + Manager: + $ref: '../schemas/campaign/examples/CreateCampaignTemplateManager.yaml' + Search: + $ref: '../schemas/campaign/examples/CreateCampaignTemplateSearch.yaml' + Source Owner: + $ref: '../schemas/campaign/examples/CreateCampaignTemplateSourceOwner.yaml' + RoleComposition: + $ref: '../schemas/campaign/examples/CreateCampaignTemplateRoleComposition.yaml' + responses: + '200': + description: Created successfully. + content: + application/json: + schema: + $ref: '../schemas/CampaignTemplate.yaml' + examples: + Manager: + $ref: '../schemas/campaign/examples/CampaignTemplateManager.yaml' + Search: + $ref: '../schemas/campaign/examples/CampaignTemplateSearch.yaml' + Source Owner: + $ref: '../schemas/campaign/examples/CampaignTemplateSourceOwner.yaml' + RoleComposition: + $ref: '../schemas/campaign/examples/CampaignTemplateRoleComposition.yaml' + '400': + $ref: '../responses/400.yaml' + '401': + $ref: '../responses/401.yaml' + '403': + $ref: '../responses/403.yaml' + '429': + $ref: '../responses/429.yaml' + '500': + $ref: '../responses/500.yaml' \ No newline at end of file diff --git a/idn/v3/schemas/CampaignTemplate.yaml b/idn/v3/schemas/CampaignTemplate.yaml new file mode 100644 index 00000000..fc61ef96 --- /dev/null +++ b/idn/v3/schemas/CampaignTemplate.yaml @@ -0,0 +1,76 @@ +type: object +description: Campaign Template +properties: + id: + type: string + description: Id of the campaign template + example: 2c9079b270a266a60170a277bb960008 + name: + type: string + description: This template's name. Has no bearing on generated campaigns' names. + example: Manager Campaign Template + description: + type: string + description: This template's description. Has no bearing on generated campaigns' descriptions. + example: Template for the annual manager campaign. + created: + type: string + description: Creation date of Campaign Template + readOnly: true + format: date-time + example: '2020-03-05T22:44:00.364Z' + modified: + type: string + description: Modification date of Campaign Template + readOnly: true + format: date-time + example: '2020-03-05T22:52:09.969Z' + scheduled: + type: boolean + readOnly: true + description: Indicates if this campaign template has been scheduled. + example: false + default: false + ownerRef: + type : object + description: >- + The owner of this template, and the owner of campaigns generated from this template via a schedule. This field + is automatically populated at creation time with the current user. + properties: + id: + type: string + description: Id of the owner + example: 2c918086676d3e0601677611dbde220f + type: + type: string + enum: + - IDENTITY + description: Type of the owner + example: IDENTITY + name: + type: string + description: Name of the owner + example: Mister Manager + email: + type: string + description: Email of the owner + example: mr.manager@example.com + deadlineDuration: + type: string + description: >- + The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template + generates a campaign, the campaign's deadline will be the current date plus this duration. For example, if generation + occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign's deadline would be 2020-01-15 + (the current date plus 14 days). + example: P2W + campaign: + type : object + description: >- + This will hold campaign related information like name, description etc. + $ref: './Campaign.yaml' +required: + - name + - description + - created + - modified + - campaign \ No newline at end of file diff --git a/idn/v3/schemas/campaign/examples/CampaignTemplateManager.yaml b/idn/v3/schemas/campaign/examples/CampaignTemplateManager.yaml new file mode 100644 index 00000000..c30c308f --- /dev/null +++ b/idn/v3/schemas/campaign/examples/CampaignTemplateManager.yaml @@ -0,0 +1,39 @@ +value: + id: e7dbec99d49349c8951bd84f58a05120 + name: Manager Review + created: 2022-08-02T19:16:42.632Z + modified: null + description: A review of everyone's access by their manager. + deadlineDuration: P14D + ownerRef: + email: support@testmail.identitysoon.com + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + scheduled: false + campaign: + created: null + modified: null + filter: + type: CAMPAIGN_FILTER + id: e0adaae69852e8fe8b8a3d48e5ce757c + name: Test Manager Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: null + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: null + completedCertifications: null + sourcesWithOrphanEntitlements: null + id: null + name: Manager Review + description: Review everyone's access. + deadline: null + type: MANAGER + status: null + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + mandatoryCommentRequirement: NO_DECISIONS \ No newline at end of file diff --git a/idn/v3/schemas/campaign/examples/CampaignTemplateRoleComposition.yaml b/idn/v3/schemas/campaign/examples/CampaignTemplateRoleComposition.yaml new file mode 100644 index 00000000..eac3e8f5 --- /dev/null +++ b/idn/v3/schemas/campaign/examples/CampaignTemplateRoleComposition.yaml @@ -0,0 +1,46 @@ +value: + id: b9f41bc69e7a4291b9de0630396d030d + name: Campaign With Admin Role + created: 2022-08-02T13:40:36.857Z + modified: null + description: Campaign With Admin Role + deadlineDuration: null + ownerRef: + email: support@testmail.identitysoon.com + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + scheduled: false + campaign: + created: null + modified: null + filter: null + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: null + roleCompositionCampaignInfo: + remediatorRef: + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + reviewerId: null + reviewer: null + roleIds: + - b15d609fc5c8434b865fe552315fda8f + query: null + description: null + alerts: null + totalCertifications: null + completedCertifications: null + sourcesWithOrphanEntitlements: null + id: null + name: Campaign With Admin Role + description: Campaign With Admin Role + deadline: null + type: ROLE_COMPOSITION + status: null + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + mandatoryCommentRequirement: NO_DECISIONS \ No newline at end of file diff --git a/idn/v3/schemas/campaign/examples/CampaignTemplateSearch.yaml b/idn/v3/schemas/campaign/examples/CampaignTemplateSearch.yaml new file mode 100644 index 00000000..711e8d86 --- /dev/null +++ b/idn/v3/schemas/campaign/examples/CampaignTemplateSearch.yaml @@ -0,0 +1,46 @@ +value: + id: b7e6459eed5247ac8b98a5fed81fe27f + name: Reporting Access Review + created: 2022-07-28T19:19:40.035Z + modified: null + description: A review of everyone's access to the reporting system. + deadlineDuration: P14D + ownerRef: + email: support@testmail.identitysoon.com + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + scheduled: false + campaign: + created: null + modified: null + filter: + type: CAMPAIGN_FILTER + id: e0adaae69852e8fe8b8a3d48e5ce757c + name: Test Search Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: + type: ACCESS + description: Identities with reporting abilities + reviewerId: null + reviewer: null + query: "@access(name: (\"reporter\"))" + identityIds: null + accessConstraints: [ ] + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: null + completedCertifications: null + sourcesWithOrphanEntitlements: null + id: null + name: Search Campaign Review + description: Review everyone's access to the reporting system. + deadline: null + type: SEARCH + status: null + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + mandatoryCommentRequirement: NO_DECISIONS \ No newline at end of file diff --git a/idn/v3/schemas/campaign/examples/CampaignTemplateSourceOwner.yaml b/idn/v3/schemas/campaign/examples/CampaignTemplateSourceOwner.yaml new file mode 100644 index 00000000..ee744879 --- /dev/null +++ b/idn/v3/schemas/campaign/examples/CampaignTemplateSourceOwner.yaml @@ -0,0 +1,41 @@ +value: + id: b9f41bc69e7a4291b9de0630396d030d + name: AD Source Review + created: 2022-08-02T13:40:36.857Z + modified: null + description: A review of our AD source. + deadlineDuration: P1M + ownerRef: + email: support@testmail.identitysoon.com + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + scheduled: false + campaign: + created: null + modified: null + filter: + type: CAMPAIGN_FILTER + id: e0adaae69852e8fe8b8a3d48e5ce757c + name: Test Source Owner Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: + sourceIds: + - 2c918084707deba501709d45ce4e5569 + searchCampaignInfo: null + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: null + completedCertifications: null + sourcesWithOrphanEntitlements: null + id: null + name: AD Source Review + description: Review everyone's access. + deadline: null + type: SOURCE_OWNER + status: null + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + mandatoryCommentRequirement: NO_DECISIONS \ No newline at end of file diff --git a/idn/v3/schemas/campaign/examples/CreateCampaignTemplateManager.yaml b/idn/v3/schemas/campaign/examples/CreateCampaignTemplateManager.yaml new file mode 100644 index 00000000..16f1ca5a --- /dev/null +++ b/idn/v3/schemas/campaign/examples/CreateCampaignTemplateManager.yaml @@ -0,0 +1,19 @@ +description: >- + This creates a template that can be used to generate manager campaigns. The campaigns will have a due date + that is two weeks after their creation date, and will be named "{current date} Manager Review" (e.g. + "2020-03-16 Manager Review"). +value: + name: Manager Review + description: A review of everyone's access by their manager. + deadlineDuration: P2W + campaign: + name: Manager Review + description: Review everyone's access. + type: MANAGER + filter: + type: CAMPAIGN_FILTER + id: e0adaae69852e8fe8b8a3d48e5ce757c + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + mandatoryCommentRequirement: NO_DECISIONS \ No newline at end of file diff --git a/idn/v3/schemas/campaign/examples/CreateCampaignTemplateRoleComposition.yaml b/idn/v3/schemas/campaign/examples/CreateCampaignTemplateRoleComposition.yaml new file mode 100644 index 00000000..c56517f9 --- /dev/null +++ b/idn/v3/schemas/campaign/examples/CreateCampaignTemplateRoleComposition.yaml @@ -0,0 +1,20 @@ +description: >- + This creates a template that can be used to generate role composition campaigns. The campaigns will + have a due date that is two weeks after their creation date, and will be named "{current date} Role + Composition Review" (e.g. "2020-03-16 Role Composition Review"). +value: + name: Role Composition Review + description: A review of every role's access items, by the specified reviewer. + deadlineDuration: P2W + campaign: + name: Role Composition Review + description: Review all our roles. + type: ROLE_COMPOSITION + roleCompositionCampaignInfo: + remediatorRef: + type: IDENTITY + id: 2c9180876ab2c053016ab6f65dfd5aaa + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + mandatoryCommentRequirement: NO_DECISIONS \ No newline at end of file diff --git a/idn/v3/schemas/campaign/examples/CreateCampaignTemplateSearch.yaml b/idn/v3/schemas/campaign/examples/CreateCampaignTemplateSearch.yaml new file mode 100644 index 00000000..472bacfd --- /dev/null +++ b/idn/v3/schemas/campaign/examples/CreateCampaignTemplateSearch.yaml @@ -0,0 +1,22 @@ +description: >- + This creates a template that can be used to generate search access campaigns. The campaigns + will cover the "reporter" access item for across all identities. +value: + name: Reporting Access Review + description: A review of everyone's access to the reporting system. + deadlineDuration: P2W + campaign: + name: Search Review + description: Review everyone's access to the reporting system. + type: SEARCH + filter: + type: CAMPAIGN_FILTER + id: e0adaae69852e8fe8b8a3d48e5ce757c + searchCampaignInfo: + type: ACCESS + query: "@access(name: (\"reporter\"))" + description: Identities with reporting abilities + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + mandatoryCommentRequirement: NO_DECISIONS \ No newline at end of file diff --git a/idn/v3/schemas/campaign/examples/CreateCampaignTemplateSourceOwner.yaml b/idn/v3/schemas/campaign/examples/CreateCampaignTemplateSourceOwner.yaml new file mode 100644 index 00000000..151b024e --- /dev/null +++ b/idn/v3/schemas/campaign/examples/CreateCampaignTemplateSourceOwner.yaml @@ -0,0 +1,22 @@ +description: >- + This creates a template that can be used to generate source owner campaigns. The campaigns will + have a due date that is one month after their creation date, and will review one source. +value: + name: AD Source Review + description: A review of our AD source. + deadlineDuration: P1M + campaign: + name: Source Review + description: Review everyone's access. + type: SOURCE_OWNER + filter: + type: CAMPAIGN_FILTER + id: e0adaae69852e8fe8b8a3d48e5ce757c + sourceOwnerCampaignInfo: + sourceIds: + - 2c918084707deba501709d45ce4e5569 + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + mandatoryCommentRequirement: NO_DECISIONS \ No newline at end of file