From 8c507f9fbcfc2490cf85d0fe5b332225696e38e0 Mon Sep 17 00:00:00 2001 From: Ferry To Date: Mon, 18 Aug 2025 16:04:38 +0100 Subject: [PATCH 01/28] refactor: Completed migration for SHIELD.json Wrapped all 'examples' field with array. --- specs/SHIELD.json | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/specs/SHIELD.json b/specs/SHIELD.json index a97e06a..2a8ff18 100644 --- a/specs/SHIELD.json +++ b/specs/SHIELD.json @@ -92,7 +92,7 @@ "summary": "Complete URL with details of the request and a skip token for MS Graph to parse and respond.", "description": "The uri representation for the next page in the navigation flow. This example shows the complete URL with details of the request and a skip token for MS Graph to parse and respond." } - } + }] }, "offeringId": { "description": "Unique identifier of the marketplace offering", @@ -1892,7 +1892,7 @@ "200": { "content": { "application/json": { - "examples": { + "examples": [{ "Waiting on Nothing": { "summary": "Not waiting for credentials", "description": "No credentials are being requested at the moment.", @@ -1919,7 +1919,7 @@ "sccAuth": true } } - }, + }], "schema": { "$ref": "#/components/schemas/Authenticator.RequestStatus" } @@ -2333,7 +2333,7 @@ } ] } - }, + }], "schema": { "type": "array", "minItems": 0, @@ -2391,7 +2391,7 @@ "200": { "content": { "application/json": { - "examples": { + "examples": [{ "License Report": { "description": "Sample, truncated report from an example customer environment.", "summary": "Example License Report", @@ -2446,7 +2446,7 @@ } } } - }, + }], "schema": { "$ref": "#/components/schemas/LicenseReport" } @@ -2489,7 +2489,7 @@ "summary": "Infrastructure is not deployed", "value": false } - }, + }], "schema": { "type": "boolean", "examples": [ @@ -2515,7 +2515,7 @@ "requestBody": { "content": { "application/json": { - "examples": { + "examples": [{ "Ignorant Deploy Request": { "description": "Clueless dev trying to automate this application without reading the docs. RTFM!", "summary": "Ignorant Deploy Request", @@ -2535,7 +2535,7 @@ "deploymentConsent": true } } - }, + }], "schema": { "properties": { "deploymentConsent": { @@ -2559,13 +2559,13 @@ "204": { "content": { "application/json": { - "examples": { + "examples": [{ "Successful Deployment": { "description": "When a deployment request is successfully executed, a boolean true is returned.", "summary": "Successful Deployment", "value": true } - }, + }], "schema": { "type": "boolean", "examples": [ @@ -2874,7 +2874,7 @@ "requestBody": { "content": { "application/json": { - "examples": { + "examples": [{ "One user": { "description": "Removes 1 session host, and removed the requested user from the assignments security group.", "summary": "Remove Single User", @@ -2895,7 +2895,7 @@ ] } } - }, + }], "schema": { "properties": { "userList": { @@ -3047,7 +3047,7 @@ "requestBody": { "content": { "application/json": { - "examples": { + "examples": [{ "One user": { "description": "Creates 1 session host, and added the requested user to the assignments security group.", "summary": "Assign Single User", @@ -3068,7 +3068,7 @@ ] } } - }, + }], "schema": { "properties": { "userList": { @@ -3276,7 +3276,7 @@ "requestBody": { "content": { "application/json": { - "examples": { + "examples": [{ "Multiple Users": { "description": "Remove multiple user assignments from a managed device.", "summary": "Unassign multiple users", @@ -3296,7 +3296,7 @@ ] } } - }, + }], "schema": { "properties": { "userList": { @@ -3488,7 +3488,7 @@ "requestBody": { "content": { "application/json": { - "examples": { + "examples": [{ "1:1 map": { "description": "This example is the security best practice of having only one user mapped to a managed device.", "summary": "1:1 User Mapping", @@ -3508,7 +3508,7 @@ ] } } - }, + }], "schema": { "properties": { "userList": { From 270e58cbb34dfd143fbdaf9b07852a92a726c144 Mon Sep 17 00:00:00 2001 From: Ferry To Date: Mon, 18 Aug 2025 16:05:18 +0100 Subject: [PATCH 02/28] refactor: Completed migration for Data-Gateway.json Wrapped all 'examples' field with array. --- specs/Data-Gateway.json | 84 ++++++++++++++++++++--------------------- 1 file changed, 42 insertions(+), 42 deletions(-) diff --git a/specs/Data-Gateway.json b/specs/Data-Gateway.json index 687496f..4c59b0b 100644 --- a/specs/Data-Gateway.json +++ b/specs/Data-Gateway.json @@ -1548,7 +1548,7 @@ "requestBody": { "content": { "application/json": { - "examples": { + "examples": [{ "License Report": { "description": "Sample, truncated report from an example customer environment. The request body is the License Report that to be stored.", "summary": "Example License Report Request", @@ -1605,7 +1605,7 @@ "summary": "Ignorant License Report Request", "value": {} } - }, + }], "schema": { "$ref": "#/components/schemas/LicenseReport" } @@ -1616,7 +1616,7 @@ "200": { "content": { "application/json": { - "examples": { + "examples": [{ "License Report": { "description": "Sample, truncated report from an example customer environment. This will return the same report as the request input.", "summary": "Example of license report stored.", @@ -1671,7 +1671,7 @@ } } } - }, + }], "schema": { "$ref": "#/components/schemas/LicenseReport" } @@ -1734,7 +1734,7 @@ } ] } - }, + }], "schema": { "type": "array", "minItems": 0, @@ -1821,7 +1821,7 @@ } ] } - }, + }], "schema": { "type": "array", "minItems": 0, @@ -1937,7 +1937,7 @@ } } } - }, + }], "schema": { "$ref": "#/components/schemas/LicenseReport" } @@ -2004,7 +2004,7 @@ "200": { "content": { "application/json": { - "examples": { + "examples": [{ "License Report": { "description": "Sample, truncated report from an example customer environment for a correlation record of the specified tenant.", "summary": "Example License Report", @@ -2059,7 +2059,7 @@ } } } - }, + }], "schema": { "$ref": "#/components/schemas/LicenseReport" } @@ -2555,7 +2555,7 @@ "requestBody": { "content": { "application/json": { - "examples": { + "examples": [{ "Specialized Purchase": { "description": "Add-on purchase for the specified customer for some additional specialized licenses.", "summary": "Specialized Purchase", @@ -2605,7 +2605,7 @@ "summary": "Ignorant Entitlement Creation Request", "value": {} } - }, + }], "schema": { "$ref": "#/components/schemas/LicenseEntitlement.Shield" } @@ -2616,7 +2616,7 @@ "200": { "content": { "application/json": { - "examples": { + "examples": [{ "Small MSP": { "description": "Example license entitlement for a small MSP.", "summary": "Local MSP", @@ -2663,7 +2663,7 @@ "tenantId": "bf78263c-6cec-44bc-9893-024dde25a486" } } - }, + }], "schema": { "$ref": "#/components/schemas/LicenseEntitlement.Shield" } @@ -2692,7 +2692,7 @@ "200": { "content": { "application/json": { - "examples": { + "examples": [{ "Small MSP": { "description": "Example active license count for a small MSP for the currently authenticated tenant.", "summary": "Local MSP", @@ -2747,7 +2747,7 @@ "specializedUserCount": 1000 } } - }, + }], "schema": { "$ref": "#/components/schemas/LicenseEntitlement.Shield.Count" } @@ -2897,7 +2897,7 @@ "requestBody": { "content": { "application/json": { - "examples": { + "examples": [{ "Monthly Report": { "description": "Example monthly telemetry report for an enterprise organization.", "summary": "Monthly Report", @@ -2921,7 +2921,7 @@ "specializedUserCount": 5238 } } - }, + }], "schema": { "$ref": "#/components/schemas/Telemetry.Shield" } @@ -2932,7 +2932,7 @@ "200": { "content": { "application/json": { - "examples": { + "examples": [{ "Monthly Report": { "description": "An example of latest monthly telemetry report for an enterprise organization after the latest telemetry input.", "summary": "Updated Monthly Report", @@ -2960,7 +2960,7 @@ "updatedAt": "2024-08-05T15:25:55.525Z" } } - }, + }], "schema": { "$ref": "#/components/schemas/Telemetry.Shield" } @@ -2987,7 +2987,7 @@ "200": { "content": { "application/json": { - "examples": { + "examples": [{ "List of Reports": { "description": "List of all available SHIELD telemetry reports for the current authenticated tenant.", "summary": "List of SHIELD telemetry reports", @@ -3040,7 +3040,7 @@ } ] } - }, + }], "schema": { "type": "array", "items": { @@ -3128,7 +3128,7 @@ "200": { "content": { "application/json": { - "examples": { + "examples": [{ "List of Reports": { "description": "List of all available SHIELD telemetry reports for the specified tenant.", "summary": "List of SHIELD telemetry reports", @@ -3181,7 +3181,7 @@ } ] } - }, + }], "schema": { "type": "array", "items": { @@ -3429,7 +3429,7 @@ "requestBody": { "content": { "application/json": { - "examples": { + "examples": [{ "Channel Configuration Details": { "description": "Example channel configuration object that will add/update for specified channel.", "summary": "Channel Configuration", @@ -3438,7 +3438,7 @@ "previous": "1.12.4" } } - }, + }], "schema": { "type": "object", "properties": { @@ -3471,7 +3471,7 @@ "200": { "content": { "application/json": { - "examples": { + "examples": [{ "Channel Configuration Details": { "description": "Example object returned on creation or update.", "summary": "Channel Configuration", @@ -3481,7 +3481,7 @@ "previous": "1.12.4" } } - }, + }], "schema": { "$ref": "#/components/schemas/Update.Shield.Channel" } @@ -3660,7 +3660,7 @@ "requestBody": { "content": { "application/json": { - "examples": { + "examples": [{ "Channel Ring Configuration Details": { "description": "Example channel ring configuration object.", "summary": "Channel Ring Configuration", @@ -3668,7 +3668,7 @@ "latest": true } } - }, + }], "schema": { "type": "object", "properties": { @@ -3693,7 +3693,7 @@ "200": { "content": { "application/json": { - "examples": { + "examples": [{ "Channel Ring Configuration Details": { "description": "Example object returned on creation or update.", "summary": "Channel Ring Configuration", @@ -3702,7 +3702,7 @@ "number": 1 } } - }, + }], "schema": { "$ref": "#/components/schemas/Update.Shield.Channel.Ring" } @@ -4073,7 +4073,7 @@ "requestBody": { "content": { "application/json": { - "examples": { + "examples": [{ "Tenant Configuration Details": { "description": "Example tenant configuration object.", "summary": "Tenant Configuration", @@ -4083,7 +4083,7 @@ "ring": 1 } } - }, + }], "schema": { "type": "object", "properties": { @@ -4124,7 +4124,7 @@ "200": { "content": { "application/json": { - "examples": { + "examples": [{ "Tenant Configuration Details": { "description": "Example object returned on creation or update with tenantId set.", "summary": "Tenant Configuration", @@ -4135,7 +4135,7 @@ "tenantId": "a2a1698d-a3e0-42d3-96a4-47eb3e8f7dd1" } } - }, + }], "schema": { "$ref": "#/components/schemas/Update.Shield.Tenant" } @@ -4255,7 +4255,7 @@ } ] } - } + }] } }, "description": "OK" @@ -4292,7 +4292,7 @@ "schema": { "$ref": "#/components/schemas/TenantDetails" }, - "examples": { + "examples": [{ "Example Complete Tenant Record": { "description": "An example showing a single existing tenant record.", "summary": "Existing Tenant Record", @@ -4307,7 +4307,7 @@ ] } } - } + }] } }, "description": "OK" @@ -4405,7 +4405,7 @@ } ] }, - "examples": { + "examples": [{ "Example Request to Update Tenant Parent": { "description": "Sample payload requesting adjustment to the parent value.", "summary": "Update Parent Information for Tenant", @@ -4431,7 +4431,7 @@ ] } } - } + }] } } }, @@ -4442,7 +4442,7 @@ "schema": { "$ref": "#/components/schemas/TenantDetails" }, - "examples": { + "examples": [{ "Example Complete Tenant Record": { "description": "Sample response after updating a tenant record.", "summary": "Updated Tenant Record", @@ -4455,7 +4455,7 @@ ] } } - } + }] } }, "description": "OK" From fa04db65801200e349e82a629ee955759829b659 Mon Sep 17 00:00:00 2001 From: Ferry To Date: Wed, 27 Aug 2025 14:39:07 +0100 Subject: [PATCH 03/28] fix: Examples field to include summary and description fields. - for components.parameters - for Core.SystemRequirements --- specs/SHIELD.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/SHIELD.json b/specs/SHIELD.json index 2a8ff18..3b2e9b1 100644 --- a/specs/SHIELD.json +++ b/specs/SHIELD.json @@ -92,7 +92,7 @@ "summary": "Complete URL with details of the request and a skip token for MS Graph to parse and respond.", "description": "The uri representation for the next page in the navigation flow. This example shows the complete URL with details of the request and a skip token for MS Graph to parse and respond." } - }] + } }, "offeringId": { "description": "Unique identifier of the marketplace offering", From 779d66e00e11a9bdaa060dbf78c788602d668380 Mon Sep 17 00:00:00 2001 From: Ferry To Date: Thu, 28 Aug 2025 12:40:30 +0100 Subject: [PATCH 04/28] fix: Change all examples fields into correct ExampleObject structure. - for SHIELD.json --- specs/SHIELD.json | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/specs/SHIELD.json b/specs/SHIELD.json index 3b2e9b1..317a7bf 100644 --- a/specs/SHIELD.json +++ b/specs/SHIELD.json @@ -2489,7 +2489,7 @@ "summary": "Infrastructure is not deployed", "value": false } - }], + }, "schema": { "type": "boolean", "examples": [ @@ -2515,7 +2515,7 @@ "requestBody": { "content": { "application/json": { - "examples": [{ + "examples": { "Ignorant Deploy Request": { "description": "Clueless dev trying to automate this application without reading the docs. RTFM!", "summary": "Ignorant Deploy Request", @@ -2535,7 +2535,7 @@ "deploymentConsent": true } } - }], + }, "schema": { "properties": { "deploymentConsent": { @@ -2559,13 +2559,13 @@ "204": { "content": { "application/json": { - "examples": [{ + "examples": { "Successful Deployment": { "description": "When a deployment request is successfully executed, a boolean true is returned.", "summary": "Successful Deployment", "value": true } - }], + }, "schema": { "type": "boolean", "examples": [ @@ -2874,7 +2874,7 @@ "requestBody": { "content": { "application/json": { - "examples": [{ + "examples": { "One user": { "description": "Removes 1 session host, and removed the requested user from the assignments security group.", "summary": "Remove Single User", @@ -2895,7 +2895,7 @@ ] } } - }], + }, "schema": { "properties": { "userList": { @@ -3047,7 +3047,7 @@ "requestBody": { "content": { "application/json": { - "examples": [{ + "examples": { "One user": { "description": "Creates 1 session host, and added the requested user to the assignments security group.", "summary": "Assign Single User", @@ -3068,7 +3068,7 @@ ] } } - }], + }, "schema": { "properties": { "userList": { @@ -3276,7 +3276,7 @@ "requestBody": { "content": { "application/json": { - "examples": [{ + "examples": { "Multiple Users": { "description": "Remove multiple user assignments from a managed device.", "summary": "Unassign multiple users", @@ -3296,7 +3296,7 @@ ] } } - }], + }, "schema": { "properties": { "userList": { @@ -3488,7 +3488,7 @@ "requestBody": { "content": { "application/json": { - "examples": [{ + "examples": { "1:1 map": { "description": "This example is the security best practice of having only one user mapped to a managed device.", "summary": "1:1 User Mapping", @@ -3508,7 +3508,7 @@ ] } } - }], + }, "schema": { "properties": { "userList": { From 8b2afb47aedf5f13871ba33499d99193e3207e0b Mon Sep 17 00:00:00 2001 From: Ferry To Date: Thu, 4 Sep 2025 16:43:24 +0100 Subject: [PATCH 05/28] fix: Move examples to schema's parent and keep row single value array in schema as fallback. - For SHIELD.json - Ensured the examples array exist in both schema level and schema individual property level. - Fixed the following path definition: - /Api/Defend/Marketplace/Type/{securityClass}/Offering/{offeringId} - /Api/Deploy - /Api/Deploy/Progress - /Api/Deploy/Version - /Api/Update - /Api/Update/Check - /Api/Update/Check/Channel/{Update Channel Name} - /Api/Update/Install - /Api/Update/Install/Channel/{Update Channel Name} - /Api/Update/Upload --- specs/SHIELD.json | 7915 +++++++++++++++++++++------------------------ 1 file changed, 3769 insertions(+), 4146 deletions(-) diff --git a/specs/SHIELD.json b/specs/SHIELD.json index 317a7bf..7edc524 100644 --- a/specs/SHIELD.json +++ b/specs/SHIELD.json @@ -1,1287 +1,3240 @@ { - "components": { - "parameters": { - "correlationId": { - "description": "The object ID of the correlation identifier for the specified record.", - "in": "path", - "name": "correlationId", - "required": true, - "schema": { - "examples": [ - "1d71e0fe-6e4a-464d-a690-80addf3bda55" - ], - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" + "components": { + "parameters": { + "correlationId": { + "description": "The object ID of the correlation identifier for the specified record.", + "in": "path", + "name": "correlationId", + "required": true, + "schema": { + "examples": ["1d71e0fe-6e4a-464d-a690-80addf3bda55"], + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string" + }, + "examples": { + "valid correlation ID": { + "value": "1d71e0fe-6e4a-464d-a690-80addf3bda55", + "summary": "Example valid correlation ID", + "description": "An example of a valid correlation ID in type UUID." + } + } + }, + "deviceId": { + "description": "The SHIELD ID (Entra ID Device ID) of the managed device to target.", + "in": "path", + "name": "deviceId", + "required": true, + "schema": { + "examples": ["75da7fa4-4a04-44c8-8f2c-c1b2fa29aa51"], + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string" + }, + "examples": { + "valid device ID": { + "value": "75da7fa4-4a04-44c8-8f2c-c1b2fa29aa51", + "summary": "Example valid device ID", + "description": "An example of a valid managed Entra ID device ID in type UUID." + } + } + }, + "intermediaryId": { + "description": "The Object ID of the parent group for the intermediary that you wish to target.", + "in": "path", + "name": "intermediaryId", + "required": true, + "schema": { + "examples": ["25d4d9da-28ea-42f8-b3df-23c3969abffa"], + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string" + }, + "examples": { + "valid intermediary ID": { + "value": "25d4d9da-28ea-42f8-b3df-23c3969abffa", + "summary": "Example intermediary ID", + "description": "An example of a valid parent group ID in type UUID." + } + } + }, + "nextLink": { + "description": "Information to be provided to the API call in order to retrieve next set of data as part of pagination. It could be a simple number or full URL representing MS Graph API navigation. This information should not be generated by hand or changed. In case of MS Graph API, please only use tokens the server gives you and do not bring them from outside.", + "in": "query", + "name": "nextLink", + "schema": { + "examples": ["3"], + "minLength": 1, + "type": "string" + }, + "examples": { + "Number": { + "value": "3", + "summary": "Number for the next page in the navigation flow", + "description": "The number representation with minimal length for the next page in the navigation flow." + }, + "Uri": { + "value": "https://graph.microsoft.com/beta/devices?$top=20&$skiptoken=RFNwdCtEZXZpY2VfMThkNGY4OTAtMDA2YS00ZWM1LWI2OWYtY2VmNDY4ZjczNzQ4K0RldmljZV8xOGQ0Zjg5MC0wMDZhLTRlYzUtYjY5Zi1jZWY0NjhmNzM3NDg", + "summary": "Complete URL with details of the request and a skip token for MS Graph to parse and respond.", + "description": "The uri representation for the next page in the navigation flow. This example shows the complete URL with details of the request and a skip token for MS Graph to parse and respond." + } + } + }, + "offeringId": { + "description": "Unique identifier of the marketplace offering", + "in": "path", + "name": "offeringId", + "required": true, + "schema": { + "description": "Unique identifier of the marketplace offering.", + "examples": ["271ab834-7469-4f2d-a705-549972c4f325"], + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string" + }, + "examples": { + "valid offering ID": { + "value": "271ab834-7469-4f2d-a705-549972c4f325", + "summary": "Example of an offering ID", + "description": "An example of an valid marketplace offering ID in type UUID." + } + } + }, + "search": { + "description": "Used in object filtering.", + "in": "query", + "name": "search", + "schema": { + "examples": ["finance"], + "type": "string" + }, + "examples": { + "valid search term": { + "value": "finance", + "summary": "Example search term", + "description": "An example valid search term used in object filtering in a query." + } + } + }, + "securityClass": { + "description": "The security class of managed object to retrieve. Unknown values, will be ignored. Please see https://learn.microsoft.com/en-us/security/compass/privileged-access-security-levels for a description of security levels.", + "in": "path", + "name": "securityClass", + "required": true, + "schema": { + "$ref": "#/components/schemas/SecurityClassList" + }, + "examples": { + "Privileged": { + "value": "Privileged", + "summary": "Example securityClass", + "description": "An example enum string that indicates the security class of an managed object is privileged." + } + } + }, + "updateChannelName": { + "description": "Name of the update channel that should be used when querying or downloading updates.", + "in": "path", + "name": "Update Channel Name", + "required": true, + "schema": { + "examples": ["stable"], + "type": "string", + "enum": ["alpha", "beta", "stable"] + }, + "examples": { + "valid channel name": { + "value": "stable", + "summary": "Example of an update channel name", + "description": "An example of an valid update channel name that should be used when querying or downloading updates." + } + } + }, + "userId": { + "description": "The SHIELD ID (Entra ID User's Object ID) of the managed user to target.", + "in": "path", + "name": "userId", + "required": true, + "schema": { + "examples": ["264a8bed-0714-48fd-8b9d-0e4c4715cee5"], + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string" + }, + "examples": { + "valid user ID": { + "value": "264a8bed-0714-48fd-8b9d-0e4c4715cee5", + "summary": "Example of a user ID", + "description": "An example of valid EntraID managed user ID in type UUID." + } + } + } + }, + "responses": { + "201": { + "description": "The authorization was recorded successfully." + }, + "202": { + "description": "The process to create a report has started." + }, + "400": { + "description": "Invalid input!" + }, + "401": { + "description": "Principal is not authorized to access this endpoint. Check to make sure the Bearer token is valid and present!" + }, + "403": { + "description": "Principal does not contain the correct scopes (permissions) for the API call that was made, or was made from the wrong tenant. If the permissions were granted, ensure that the access token was requested with the correct scopes." + }, + "404": { + "description": "The requested object was not found." + }, + "409": { + "description": "A job is already in progress." + }, + "525": { + "description": "Infrastructure not deployed. Please deploy the infrastructure before using this endpoint." + } + }, + "schemas": { + "Core.SystemRequirements": { + "title": "Core - System Requirements", + "description": "Collection of indicators that notify the caller if the system requirements have been met for various sub components to operate.", + "properties": { + "authenticatorPermissions": { + "description": "Flag that indicates if the core permissions for the SHIELD - Authenticator App have been configured properly or not.", + "type": "boolean", + "examples": [true] + }, + "azurePermissions": { + "description": "Flag that indicates if the required core Azure RBAC assignment(s) are present or not.", + "type": "boolean", + "examples": [false] + }, + "defendEntitlement": { + "description": "Flag that indicates if the required defend licenses are present or not.", + "type": "boolean", + "examples": [true] + }, + "deployEntitlement": { + "description": "Flag that indicates if the required deploy licenses are present or not.", + "type": "boolean", + "examples": [true] + }, + "discoverEntitlement": { + "description": "Flag that indicates if the required discover licenses are present or not.", + "type": "boolean", + "examples": [true] + }, + "msGraphPermissions": { + "description": "Flag that indicates if the core permissions for the Microsoft Graph API have been configured properly or not.", + "type": "boolean", + "examples": [false] + }, + "dataGatewayPermissions": { + "description": "Flag that indicates if the core permissions for the SHI - Data Gateway have been configured properly or not.", + "type": "boolean", + "examples": [false] + }, + "entraDirectoryRole": { + "description": "Flag that indicates if the core permissions for Entra Directory Role assignment have been configured properly or not.", + "type": "boolean", + "examples": [false] + } + }, + "type": "object", + "required": [ + "authenticatorPermissions", + "azurePermissions", + "defendEntitlement", + "deployEntitlement", + "discoverEntitlement", + "msGraphPermissions", + "dataGatewayPermissions", + "entraDirectoryRole" + ], + "examples": [ + { + "authenticatorPermissions": true, + "azurePermissions": false, + "defendEntitlement": true, + "deployEntitlement": false, + "discoverEntitlement": true, + "msGraphPermissions": false, + "dataGatewayPermissions": false, + "entraDirectoryRole": false + } + ] + }, + "Core.ProgressBar": { + "title": "Core - Progress Bar", + "description": "Used to indicate the progress of a long running operation.", + "properties": { + "childBar": { + "description": "Sub progress bar that should appear below the current progress bar for a dependent execution branch.", + "type": "array", + "minItems": 0, + "items": { + "$ref": "#/components/schemas/Core.ProgressBar" + }, + "examples": [ + [ + { + "description": "Collecting data from the Microsoft Entra ID system.", + "displayName": "Running Entra ID Plugin", + "id": "b759230f-48cb-496e-ad57-5f079083226b", + "currentStep": 5, + "totalStepCount": 7 + } + ] + ] + }, + "description": { + "type": "string", + "description": "Long form text describing the current step.", + "examples": ["Collecting data from the Microsoft Entra ID system."] + }, + "displayName": { + "type": "string", + "description": "Text/label to render with the progress bar.", + "examples": ["Running Entra ID Plugin"] + }, + "id": { + "description": "Unique identifier to be able to select this specific instance via search.", + "type": "string", + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "examples": ["b759230f-48cb-496e-ad57-5f079083226b"] + }, + "currentStep": { + "description": "Current step/value for the progress bar. This is in relation to the `totalStepCount` property. If undefined, an indeterminate/pulsing progress bar is used instead.", + "examples": [5], + "type": "number" + }, + "totalStepCount": { + "description": "Number of steps before the progress bar is completely filed.", + "examples": [7], + "type": "number", + "minimum": 1 + } + }, + "type": "object", + "required": ["childBar", "displayName", "id", "totalStepCount"], + "examples": [ + { + "childBar": [], + "description": "Collecting data from the Microsoft Entra ID system.", + "displayName": "Running Entra ID Plugin", + "id": "b759230f-48cb-496e-ad57-5f079083226b", + "currentStep": 5, + "totalStepCount": 7 + } + ] + }, + "Authenticator.RequestStatus": { + "title": "Authentication - Status", + "description": "List of credentials that are being waited for by SHIELD's internal authentication engine.", + "properties": { + "accessToken": { + "oneOf": [ + { + "description": "Flag that represents if the server is not waiting for a specific access token.", + "type": "boolean", + "examples": [false] + }, + { + "$ref": "#/components/schemas/Authenticator.Status.TokenAudience" + } + ], + "examples": [ + false, + { "audience": "00000002-0000-0000-b000-000000000000" } + ] + }, + "sccAuth": { + "description": "Flag that represents if the server is waiting for SCC Auth credentials.", + "type": "boolean", + "examples": [true] + } + }, + "type": "object", + "required": ["accessToken", "sccAuth"], + "examples": [ + { + "accessToken": { + "audience": "00000002-0000-0000-b000-000000000000" + }, + "sccAuth": true + } + ] + }, + "Authenticator.Status.TokenAudience": { + "title": "SHIELD - Authenticator - Status - Token Audience", + "description": "If a access token is being requested, this is the audience that the access token should have when being submitted.", + "properties": { + "audience": { + "description": "Audience ID of the access token that is being requested.", + "type": "string", + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "examples": ["00000002-0000-0000-b000-000000000000"] + } + }, + "type": "object", + "required": ["audience"], + "examples": [ + { + "audience": "00000002-0000-0000-b000-000000000000" + } + ] + }, + "Authenticator.Container.SccAuthCredentials": { + "title": "SHIELD - Authenticator - SCC Auth", + "description": "SHIELD - Defender, and Purview portal Container Credentials", + "type": "object", + "properties": { + "authenticatedUpn": { + "description": "User principal name of the user that authenticated to the portals.", + "examples": ["user@example.com"], + "type": "string", + "format": "email" + }, + "expiration": { + "description": "Point in time at which the whole authentication structure has an expired state and is un-useable.", + "examples": ["2024-09-26T18:16:29.340Z"], + "type": "string", + "format": "date-time" + }, + "defender": { + "$ref": "#/components/schemas/Authenticator.Container.SccAuthCredentials.CredentialContainer" + }, + "security": { + "$ref": "#/components/schemas/Authenticator.Container.SccAuthCredentials.CredentialContainer" + }, + "purview": { + "$ref": "#/components/schemas/Authenticator.Container.SccAuthCredentials.CredentialContainer" + } + }, + "required": ["authenticatedUpn", "security", "purview"], + "examples": [ + { + "authenticatedUpn": "user@example.com", + "security": { + "sccAuth": "54BKPtTL-eSMFp5cqYTMMSblm2U80cUJqQgmbe4f_sRn4ammMmU1NKNurn9HqpsUtS4FrMJRTKa3Or_pFbedM_57R0fVBfNJ-m2Pvey9OweWIDradzT0dB1WnufPTJiT2y7zSQy91Y9wJIn1_aY5q-MNh75qwjM84Dng-mYzbd9KqUfyPUolOo-j-... (Truncated)", + "xsrf": "PEDwTvWdm2qSTe-n8h-1praK4OcQK1ELTJ08DWYqBRzQiyA2MIuEKEMNLu4ExjDNpAOUnAxmsqOeuGzb82MJYkegOE6hW8BzpSM6k9nbTbJ4yjNGzMSQvWUnyqrBvGa8JfSRiSeaKdXGBnxGd90Spw2:... (truncated)" + }, + "purview": { + "sccAuth": "54BKPtTL-eSMFp5cqYTMMSblm2U80cUJqQgmbe4f_sRn4ammMmU1NKNurn9HqpsUtS4FrMJRTKa3Or_pFbedM_57R0fVBfNJ-m2Pvey9OweWIDradzT0dB1WnufPTJiT2y7zSQy91Y9wJIn1_aY5q-MNh75qwjM84Dng-mYzbd9KqUfyPUolOo-j-... (Truncated)", + "xsrf": "PEDwTvWdm2qSTe-n8h-1praK4OcQK1ELTJ08DWYqBRzQiyA2MIuEKEMNLu4ExjDNpAOUnAxmsqOeuGzb82MJYkegOE6hW8BzpSM6k9nbTbJ4yjNGzMSQvWUnyqrBvGa8JfSRiSeaKdXGBnxGd90Spw2:... (truncated)" + }, + "expiration": "2024-09-26T18:16:29.340Z", + "defender": { + "sccAuth": "54BKPtTL-eSMFp5cqYTMMSblm2U80cUJqQgmbe4f_sRn4ammMmU1NKNurn9HqpsUtS4FrMJRTKa3Or_pFbedM_57R0fVBfNJ-m2Pvey9OweWIDradzT0dB1WnufPTJiT2y7zSQy91Y9wJIn1_aY5q-MNh75qwjM84Dng-mYzbd9KqUfyPUolOo-j-... (Truncated)", + "xsrf": "PEDwTvWdm2qSTe-n8h-1praK4OcQK1ELTJ08DWYqBRzQiyA2MIuEKEMNLu4ExjDNpAOUnAxmsqOeuGzb82MJYkegOE6hW8BzpSM6k9nbTbJ4yjNGzMSQvWUnyqrBvGa8JfSRiSeaKdXGBnxGd90Spw2:... (truncated)" + } + } + ] + }, + "Authenticator.Container.SccAuthCredentials.CredentialContainer": { + "title": "SHIELD - Authenticator - SCC Auth - Credential Container", + "description": "Container for the credentials for a single SccAuth authenticated site.", + "properties": { + "sccAuth": { + "description": "Authentication token.", + "examples": [ + "54BKPtTL-eSMFp5cqYTMMSblm2U80cUJqQgmbe4f_sRn4ammMmU1NKNurn9HqpsUtS4FrMJRTKa3Or_pFbedM_57R0fVBfNJ-m2Pvey9OweWIDradzT0dB1WnufPTJiT2y7zSQy91Y9wJIn1_aY5q-MNh75qwjM84Dng-mYzbd9KqUfyPUolOo-j-... (Truncated)" + ], + "type": "string" + }, + "xsrf": { + "description": "Cross Site Request Forgery Prevention Token.", + "examples": [ + "PEDwTvWdm2qSTe-n8h-1praK4OcQK1ELTJ08DWYqBRzQiyA2MIuEKEMNLu4ExjDNpAOUnAxmsqOeuGzb82MJYkegOE6hW8BzpSM6k9nbTbJ4yjNGzMSQvWUnyqrBvGa8JfSRiSeaKdXGBnxGd90Spw2:... (truncated)" + ], + "type": "string" + } + }, + "required": ["sccAuth", "xsrf"], + "type": "object", + "examples": [ + { + "sccAuth": "54BKPtTL-eSMFp5cqYTMMSblm2U80cUJqQgmbe4f_sRn4ammMmU1NKNurn9HqpsUtS4FrMJRTKa3Or_pFbedM_57R0fVBfNJ-m2Pvey9OweWIDradzT0dB1WnufPTJiT2y7zSQy91Y9wJIn1_aY5q-MNh75qwjM84Dng-mYzbd9KqUfyPUolOo-j-... (Truncated)", + "xsrf": "PEDwTvWdm2qSTe-n8h-1praK4OcQK1ELTJ08DWYqBRzQiyA2MIuEKEMNLu4ExjDNpAOUnAxmsqOeuGzb82MJYkegOE6hW8BzpSM6k9nbTbJ4yjNGzMSQvWUnyqrBvGa8JfSRiSeaKdXGBnxGd90Spw2:... (truncated)" + } + ] + }, + "Discover.ExecutionStatus": { + "title": "Discover - Status", + "description": "Detailed status that indicates the current state of the Discover engine and its progress.", + "type": "object", + "properties": { + "running": { + "description": "Flag that indicates if another run is already in progress or not.", + "type": "boolean", + "examples": [true] + } + }, + "required": ["running"], + "examples": [ + { + "running": true + } + ] + }, + "ManagedObject.Intermediary": { + "description": "Base template for all intermediary objects to inherit from.", + "properties": { + "id": { + "description": "Read-only.", + "examples": ["e097a3f5-9599-44a2-8923-fd3276c83ae1"], + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "readOnly": true, + "type": "string" + }, + "kind": { + "description": "Type of Intermediary that the properties are describing.", + "examples": ["AVD"], + "type": "string" + }, + "name": { + "description": "Human friendly name of the AVD cluster. This will be displayed to end users in the remote desktop app and web portals.", + "examples": ["Legacy Reach Back"], + "maxLength": 42, + "minLength": 1, + "type": "string" + }, + "securityClass": { + "$ref": "#/components/schemas/SecurityClassList" + } + }, + "required": ["name"], + "title": "Intermediary - Base Type", + "type": "object", + "examples": [ + { + "id": "e097a3f5-9599-44a2-8923-fd3276c83ae1", + "kind": "AVD", + "name": "Legacy Reach Back", + "securityClass": "Privileged" + } + ] + }, + "ManagedObject.AvdIntermediary": { + "properties": { + "addressRangeCIDR": { + "description": "Optional Virtual Network IP Address range, defaults to 10.0.0.0/16.", + "examples": ["172.16.1.0/24"], + "type": "string" + }, + "assignmentGroup": { + "description": "Read-only value that the server generates that is the Object ID of the user assignment security group for the current instance of the AVD intermediary.", + "examples": ["68873e26-3c35-465c-9422-0884a00beb36"], + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "readOnly": true, + "type": "string" + }, + "index": { + "description": "Used to uniquely name multiple session hosts in a single host pool.", + "minimum": 0, + "type": "number", + "examples": [0] + }, + "location": { + "description": "Azure Regions that are available for the configured subscription. Resources will be deployed to the region specified here.", + "examples": ["East US 2"], + "type": "string" + }, + "resourceId": { + "description": "ID of the Host Pool. This is generated by the server and can't be set, hence the read only flag.", + "examples": [ + "/subscriptions/742f0d26-daa0-4f84-8d4f-fb052f89f639/resourceGroups/SHIELD_-_PSM-Legacy_Reach_Back/providers/Microsoft.DesktopVirtualization/hostpools/SHIELD_-_PSM-Cluster-Legacy_Reach_Back" + ], + "minLength": 122, + "readOnly": true, + "type": "string" + }, + "sessionHostGroup": { + "description": "Read-only value that the server generates that is the Object ID of the session host security group for the current instance of the AVD intermediary.", + "examples": ["f99f0918-da9b-4c58-9a8d-9346abc5d9ec"], + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "readOnly": true, + "type": "string" + }, + "sessionHostPrefix": { + "description": "Short name to append to the beginning of the session host VMs. The max computer name length is 15, 4 chars are reserved for indexing and 4 for prefixing.", + "examples": ["Reach"], + "maxLength": 7, + "minLength": 1, + "type": "string" + }, + "vmSku": { + "description": "SKU ID in Azure of the VM session host set that is to be deployed.", + "examples": ["Standard_D2s_v5"], + "type": "string" + } + }, + "required": ["index", "location", "sessionHostPrefix", "vmSku"], + "title": "Intermediary - Azure Virtual Desktop", + "type": "object", + "examples": [ + { + "addressRangeCIDR": "172.16.1.0/24", + "assignmentGroup": "68873e26-3c35-465c-9422-0884a00beb36", + "index": 0, + "location": "East US 2", + "resourceId": "/subscriptions/742f0d26-daa0-4f84-8d4f-fb052f89f639/resourceGroups/SHIELD_-_PSM-Legacy_Reach_Back/providers/Microsoft.DesktopVirtualization/hostpools/SHIELD_-_PSM-Cluster-Legacy_Reach_Back", + "sessionHostGroup": "f99f0918-da9b-4c58-9a8d-9346abc5d9ec", + "sessionHostPrefix": "Reach", + "vmSku": "Standard_D2s_v5" + } + ] + }, + "LicenseReport.CorrelationRecord": { + "description": "Metadata that describes the execution session (run) that is used to tie/relate all of the license report together.", + "examples": [ + { + "auditTenantAccount": "priv-user@example.com", + "correlationId": "9d838115-0868-45d4-b8a5-98adc1af7e42", + "reportTenantAccount": "ent-user@example.com", + "tenantId": "7e536189-b2dd-4c8b-98b1-9b174777883f", + "createdAt": "2024-08-01T21:13:12.821Z", + "updatedAt": "2024-08-01T21:13:12.821Z" + } + ], + "properties": { + "auditTenantAccount": { + "description": "The user account used to retrieve the license information in the tenant being audited.", + "examples": ["admin-user@example.com"], + "format": "email", + "type": "string" + }, + "correlationId": { + "description": "The ID of the execution session (run) that is used to tie/relate all of the data together.", + "examples": ["88da2253-758f-4135-9d37-64448c8b65c1"], + "format": "uuid", + "type": "string", + "pattern": "^\\w+-\\w+-\\w+-\\w+-\\w+$" + }, + "reportTenantAccount": { + "description": "User account used to store/report the license report to the SHI Lab cloud service.", + "examples": ["generic-user@example.com"], + "format": "email", + "type": "string" + }, + "tenantId": { + "description": "Unique ID of customer's Microsoft tenant that the license report is for.", + "examples": ["0e1fe83f-a33f-4250-8546-225b8d45ae01"], + "format": "uuid", + "type": "string", + "pattern": "^\\w+-\\w+-\\w+-\\w+-\\w+$" + }, + "createdAt": { + "description": "Timestamp of when the report was created.", + "examples": ["2024-08-01T21:12:22.148Z"], + "format": "date-time", + "type": "string" + }, + "updatedAt": { + "description": "Timestamp of when the report was last updated.", + "examples": ["2024-08-01T21:12:22.148Z"], + "format": "date-time", + "type": "string" + } + }, + "required": ["auditTenantAccount"], + "title": "License Report - Correlation Record", + "type": "object" + }, + "LicenseReport.LicenseData": { + "type": "object", + "properties": { + "assignedLicense": { + "additionalProperties": { + "type": "integer", + "examples": [1] + }, + "description": "License assignment on the specified principal.", + "type": "object", + "examples": [ + { + "eec0eb4f-6444-4f95-aba0-50c24d67f998": 1 + } + ] + }, + "assignedService": { + "additionalProperties": { + "oneOf": [ + { + "$ref": "#/components/schemas/LicenseReport.FeatureBreakdown" + }, + { + "type": "integer", + "format": "int32", + "examples": [0] + } + ] + }, + "description": "Service configuration assignment. This is used to record the set of principals that are \"benefiting\" from the service, regardless of license status.", + "type": "object", + "examples": [ + { + "eec0eb4f-6444-4f95-aba0-50c24d67f998": { + "Conditional Access": false, + "Access Review": true, + "Entitlement Management": false, + "Identity Protection": true + } + }, + { + "eec0eb4f-6444-4f95-aba0-50c24d67f998": 0 + } + ] + }, + "consumedService": { + "additionalProperties": { + "oneOf": [ + { + "$ref": "#/components/schemas/LicenseReport.FeatureBreakdown" + }, + { + "type": "integer", + "format": "int32", + "examples": [0] + } + ] + }, + "description": "Usage telemetry retrieved for the service to indicate if the specific principal is consuming the service or not, regardless of license status.", + "type": "object", + "examples": [ + { + "4b0d28f2-c1ce-48ae-a7d2-1caaa7825891": null + }, + { + "eec0eb4f-6444-4f95-aba0-50c24d67f998": { + "Conditional Access": true, + "Access Review": false, + "Entitlement Management": false, + "Identity Protection": true + } + } + ] + } + }, + "required": ["assignedLicense", "assignedService", "consumedService"], + "description": "Collection of principals that have had their in-use licenses and assigned licenses. Where the key is the principal ID and the value is the insights.", + "examples": [ + { + "assignedLicense": { + "eec0eb4f-6444-4f95-aba0-50c24d67f998": null, + "41781fb2-bc02-4b7c-bd55-b576c07bb09d": null, + "7159f980-6f83-4b67-bf41-e172b3ae1352": null + }, + "assignedService": { + "eec0eb4f-6444-4f95-aba0-50c24d67f998": { + "Conditional Access": false, + "Access Review": true, + "Entitlement Management": false, + "Identity Protection": true + }, + "41781fb2-bc02-4b7c-bd55-b576c07bb09d": { + "Conditional Access": true, + "Dynamic Group": false, + "Group Naming": true, + "On-Prem SSPR": false, + "Group Expiration": true, + "Provisioning Engine": true, + "Enterprise State Roaming": false + }, + "6511755b-c27d-4c66-a59e-b835e6b54e7f": null + }, + "consumedService": { + "eec0eb4f-6444-4f95-aba0-50c24d67f998": { + "Conditional Access": true, + "Access Review": false, + "Entitlement Management": false, + "Identity Protection": true + }, + "41781fb2-bc02-4b7c-bd55-b576c07bb09d": { + "Conditional Access": true, + "Dynamic Group": false, + "Group Naming": true, + "On-Prem SSPR": false, + "Group Expiration": true, + "Provisioning Engine": true, + "Enterprise State Roaming": false + }, + "4b0d28f2-c1ce-48ae-a7d2-1caaa7825891": null, + "c90f1a25-e6cd-4163-ac6c-ca7616c585a9": null + } + } + ], + "title": "License Report - License Data" + }, + "LicenseReport.FeatureBreakdown": { + "additionalProperties": { + "type": "boolean", + "examples": [true] + }, + "description": "List of features that are configured for the specific service plan's service configuration for the related principal.\nThe key is the name of the feature that is being described.\nThe value is the state of the feature configuration, `true` is in scope and `false` meaning not in scope.", + "examples": [ + { + "Conditional Access": true, + "Access Reviews": true, + "Dynamic Groups": false, + "On-Prem Password Rest": true, + "On-Prem Password Protection": false + } + ], + "title": "License Report - Feature Breakdown", + "type": "object" + }, + "LicenseReport": { + "description": "Completely calculated license report structure that is the result of a complete run.", + "examples": [ + { + "availableLicense": { + "e17b13ee-9749-488b-9289-d31a8fde045d": 123, + "2d995b6a-d4aa-4d8d-a03c-372ecb66509d": 456, + "cbf6ee7c-c3c1-44a6-9f18-020c65536470": 789 + }, + "correlation": { + "auditTenantAccount": "admin-user@example.com", + "correlationId": "88da2253-758f-4135-9d37-64448c8b65c1", + "reportTenantAccount": "generic-user@example.com", + "tenantId": "0e1fe83f-a33f-4250-8546-225b8d45ae01" + }, + "licenseData": { + "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { + "assignedLicense": { + "e17b13ee-9749-488b-9289-d31a8fde045d": null + }, + "assignedService": { + "cbf6ee7c-c3c1-44a6-9f18-020c65536470": null, + "c7bcba35-199c-41e5-8c8d-6d4e4aad8964": null + }, + "consumedService": { + "fe98c41a-d931-4f6f-a5bc-750ba7144a77": null, + "0474bdf1-ee76-4aff-a65c-6f82e5e1d5a6": { + "Something Here": true, + "Other Obscure feature": false + } + } + } + } + } + ], + "type": "object", + "properties": { + "availableLicense": { + "additionalProperties": { + "examples": [1234], + "type": "integer" + }, + "description": "Breakdown of the purchased licenses/service plans available in the tenant being audited for this run. Where the key is the ID of the service plan and the value is how many licenses are available/purchase for it.", + "examples": [ + { + "eec0eb4f-6444-4f95-aba0-50c24d67f998": 1234, + "41781fb2-bc02-4b7c-bd55-b576c07bb09d": 123 + } + ], + "title": "License Report - Available Licenses", + "type": "object" + }, + "correlation": { + "$ref": "#/components/schemas/LicenseReport.CorrelationRecord" + }, + "licenseData": { + "additionalProperties": { + "$ref": "#/components/schemas/LicenseReport.LicenseData" + } + } + }, + "required": ["availableLicense", "correlation", "licenseData"], + "title": "License Report - Complete Object" + }, + "ManagedObject.Device": { + "title": "Managed Device", + "description": "Structure that represents a all of the states a managed device could be in.", + "type": "object", + "examples": [ + { + "commissionedDate": "2023-02-04T05:06:09.601Z", + "displayName": "Priv-01534962354", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "parentDeviceId": "81682cf5-0405-491d-8ab8-e07c778d7eaf", + "securityClass": "Privileged", + "uniqueGroupId": "146964e0-8ca4-4af0-9c2a-894b32912463" + } + ], + "properties": { + "commissionedDate": { + "description": "This is the ISO 8601 string format of the time representing the commission date of the PAW.", + "examples": ["2023-02-04T05:06:09.601Z"], + "format": "date-time", + "type": "string" + }, + "displayName": { + "description": "Current computer name of the device according to Entra ID. Empty string indicates that the device has not joined Entra ID yet.", + "examples": ["Priv-01534962354"], + "maxLength": 15, + "minLength": 0, + "type": "string" + }, + "id": { + "description": "Entra ID Device ID (Not Object ID) of the specified device.", + "examples": ["9f237e13-9a04-4daf-b3d4-6d2beec3c2bf"], + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "readOnly": true, + "type": "string" + }, + "parentDeviceId": { + "description": "DeviceID of the parent PAW device.", + "examples": ["81682cf5-0405-491d-8ab8-e07c778d7eaf"], + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string" + }, + "securityClass": { + "$ref": "#/components/schemas/SecurityClassList" + }, + "uniqueGroupId": { + "description": "The object ID of the unique security group that contains the managed Entra ID Device Identity.", + "examples": ["146964e0-8ca4-4af0-9c2a-894b32912463"], + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "commissionedDate", + "displayName", + "id", + "securityClass", + "uniqueGroupId" + ] + }, + "ManagedObject.PrivilegedDevice": { + "description": "Set of properties that are available on privileged managed device objects only.", + "title": "Managed Device - Privileged", + "type": "object", + "allOf": [ + { + "$ref": "#/components/schemas/ManagedObject.Device" + }, + { + "type": "object", + "properties": { + "groupAssignmentId": { + "description": "This is the ID of the Custom CSP Device Configuration that configures the local admin and local hyper-v group memberships.", + "examples": ["830d8b6f-2f6f-41f7-8800-0c07445abd36"], + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string" + }, + "securityClass": { + "$ref": "#/components/schemas/SecurityClassList" + }, + "userAssignmentId": { + "description": "The ID of the Settings Catalog that contains the user rights assignment of the specified PAW device.", + "examples": ["146964e0-8ca4-4af0-9c2a-894b32912463"], + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "readOnly": true, + "type": "string" + }, + "userAssignmentList": { + "description": "List of Object IDs for the privileged user accounts that are assigned to this device.", + "examples": [ + [ + "56d0d4e1-96f6-4cfb-a5e9-a4ee923169a8", + "94a9d681-a8d2-43eb-a83b-d4bfe90259ff", + "c54d4854-9254-4689-8a22-1cc80a3dae4e" + ] + ], + "type": "array", + "items": { + "type": "string", + "format": "uuid" + } + } + }, + "required": [ + "groupAssignmentId", + "securityClass", + "userAssignmentId", + "userAssignmentList" + ], + "examples": [ + { + "commissionedDate": "2023-02-04T05:06:09.601Z", + "displayName": "Priv-01534962354", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "parentDeviceId": "81682cf5-0405-491d-8ab8-e07c778d7eaf", + "uniqueGroupId": "146964e0-8ca4-4af0-9c2a-894b32912463", + "groupAssignmentId": "830d8b6f-2f6f-41f7-8800-0c07445abd36", + "securityClass": "Privileged", + "userAssignmentId": "146964e0-8ca4-4af0-9c2a-894b32912463", + "userAssignmentList": [ + "56d0d4e1-96f6-4cfb-a5e9-a4ee923169a8", + "94a9d681-a8d2-43eb-a83b-d4bfe90259ff", + "c54d4854-9254-4689-8a22-1cc80a3dae4e" + ] + } + ] + } + ] + }, + "ManagedObject.User": { + "title": "Managed User", + "description": "A user object that has limited properties. The user object is generated by combining multiple pieces of metadata from Entra ID and SHIELD.", + "properties": { + "creationDate": { + "description": "A date object representing when the user managed by SHIELD.", + "examples": ["2023-10-21T15:24:47.970Z"], + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The name shown on UIs for the privileged user according to Entra ID.", + "examples": ["Example User (Priv)"], + "maxLength": 256, + "type": "string" + }, + "firstName": { + "description": "Given name of the privileged user according to Entra ID.", + "maxLength": 64, + "type": "string", + "examples": ["John"] + }, + "id": { + "description": "The Entra ID Object ID of the managed user. This is the one property that is stored in the settings engine. This is the key in the storage systems to uniquely separate the managed user's data from others.", + "examples": ["9f237e13-9a04-4daf-b3d4-6d2beec3c2bf"], + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "readOnly": true, + "type": "string" + }, + "intermediaryAssignmentList": { + "type": "array", + "description": "List of intermediaries that the user is assigned to.", + "items": { + "type": "string", + "format": "uuid" + }, + "examples": [ + [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ] + ] + }, + "lastName": { + "description": "Surname/family name of the privileged user according to Entra ID.", + "maxLength": 64, + "type": "string", + "examples": ["Doe"] + }, + "upn": { + "description": "User principal name of the user object according to Azure Active Directory.", + "examples": ["priv-user@example.com"], + "format": "email", + "maxLength": 113, + "minLength": 6, + "type": "string" + }, + "securityClass": { + "$ref": "#/components/schemas/SecurityClassList" + }, + "siloAssignmentList": { + "type": "array", + "description": "List of silos that the user is assigned to.", + "items": { + "type": "string", + "format": "uuid" + }, + "examples": [ + [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ] + ] + }, + "uiEducation": { + "description": "Indicates if user education is enabled in the UI for the specified user. True is on, false is off.", + "examples": [false], + "type": "boolean" + }, + "uniqueGroupId": { + "description": "ObjectID of the unique user group that the managed user is a member of.", + "examples": ["ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d"], + "format": "uuid", + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "creationDate", + "securityClass", + "id", + "intermediaryAssignmentList", + "siloAssignmentList", + "uiEducation", + "uniqueGroupId", + "upn" + ], + "type": "object", + "examples": [ + { + "creationDate": "2023-10-21T15:24:47.970Z", + "displayName": "Example User (Priv)", + "firstName": "John", + "lastName": "Doe", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "upn": "priv-user@example.com", + "securityClass": "Privileged", + "uiEducation": false, + "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", + "intermediaryAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "siloAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ] + } + ] + }, + "ManagedObject.PrivilegedUser": { + "title": "Managed User - Privileged", + "description": "Additional settings that represents a privileged user object. All data in this structure is preserved in the settings engine's permanent storage system.", + "allOf": [ + { + "$ref": "#/components/schemas/ManagedObject.User" + }, + { + "properties": { + "deviceAssignmentList": { + "type": "array", + "description": "List of devices that the privileged users are able to use as endpoints.", + "items": { + "type": "string", + "format": "uuid" }, - "examples": { - "valid correlation ID": { - "value": "1d71e0fe-6e4a-464d-a690-80addf3bda55", - "summary": "Example valid correlation ID", - "description": "An example of a valid correlation ID in type UUID." - } + "examples": [ + [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ] + ] + }, + "generatedPassword": { + "description": "The password that was created for the managed user upon managed user creation, this is not stored. This is only available once during user creation. If the password is lost, reset the PWD in Entra ID or have the user perform SSPR.", + "examples": ["GY_w7bZUKRgpIXctD0S2wg"], + "readOnly": true, + "type": "string" + }, + "parentId": { + "description": "The Entra ID Object ID of the object that the manged user is tied to. This value is only present on privileged users.", + "examples": ["e59a3a64-dc36-4368-80ec-c205eb176ef6"], + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "readOnly": true, + "type": "string" + }, + "securityClass": { + "$ref": "#/components/schemas/SecurityClassList" + }, + "temporaryAccessPass": { + "description": "A TAP that was created for the managed user upon managed user creation, this is not stored. This is only available once during user creation. TAP expires at the configured tenant expiration time.", + "examples": ["BCKTSN#E2R&5"], + "readOnly": true, + "type": "string" + } + }, + "required": ["deviceAssignmentList", "parentId", "securityClass"], + "type": "object" + } + ], + "examples": [ + { + "creationDate": "2023-10-21T15:24:47.970Z", + "displayName": "Example User (Priv)", + "firstName": "John", + "lastName": "Doe", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "upn": "priv-user@example.com", + "securityClass": "Privileged", + "uiEducation": false, + "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", + "intermediaryAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "siloAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "deviceAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "generatedPassword": "GY_w7bZUKRgpIXctD0S2wg", + "parentId": "e59a3a64-dc36-4368-80ec-c205eb176ef6", + "temporaryAccessPass": "BCKTSN#E2R&5" + } + ] + }, + "ObjectPage.Intermediary.Avd": { + "properties": { + "@odata.count": { + "type": "number", + "examples": [0] + }, + "@odata.nextLink": { + "type": "string", + "examples": ["3"] + }, + "value": { + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/ManagedObject.Intermediary" + }, + { + "properties": { + "properties": { + "$ref": "#/components/schemas/ManagedObject.AvdIntermediary" + } + }, + "type": "object" + } + ] + }, + "minItems": 0, + "type": "array", + "examples": [ + { + "id": "e097a3f5-9599-44a2-8923-fd3276c83ae1", + "kind": "AVD", + "name": "Legacy Reach Back", + "securityClass": "Privileged", + "addressRangeCIDR": "172.16.1.0/24", + "assignmentGroup": "68873e26-3c35-465c-9422-0884a00beb36", + "index": 0, + "location": "East US 2", + "resourceId": "/subscriptions/742f0d26-daa0-4f84-8d4f-fb052f89f639/resourceGroups/SHIELD_-_PSM-Legacy_Reach_Back/providers/Microsoft.DesktopVirtualization/hostpools/SHIELD_-_PSM-Cluster-Legacy_Reach_Back", + "sessionHostGroup": "f99f0918-da9b-4c58-9a8d-9346abc5d9ec", + "sessionHostPrefix": "Reach", + "vmSku": "Standard_D2s_v5" + } + ] + } + }, + "examples": [ + { + "@odata.count": 1, + "@odata.nextLink": "1", + "value": [ + { + "id": "e097a3f5-9599-44a2-8923-fd3276c83ae1", + "kind": "AVD", + "name": "Legacy Reach Back", + "securityClass": "Privileged", + "addressRangeCIDR": "172.16.1.0/24", + "assignmentGroup": "68873e26-3c35-465c-9422-0884a00beb36", + "index": 0, + "location": "East US 2", + "resourceId": "/subscriptions/742f0d26-daa0-4f84-8d4f-fb052f89f639/resourceGroups/SHIELD_-_PSM-Legacy_Reach_Back/providers/Microsoft.DesktopVirtualization/hostpools/SHIELD_-_PSM-Cluster-Legacy_Reach_Back", + "sessionHostGroup": "f99f0918-da9b-4c58-9a8d-9346abc5d9ec", + "sessionHostPrefix": "Reach", + "vmSku": "Standard_D2s_v5" + } + ] + } + ], + "required": ["value"], + "title": "Page of AVD Intermediary Objects", + "type": "object" + }, + "ObjectPage.ManagedDevice": { + "properties": { + "@odata.count": { + "type": "number", + "examples": [3] + }, + "@odata.nextLink": { + "type": "string", + "examples": ["2"] + }, + "value": { + "items": { + "oneOf": [ + { + "$ref": "#/components/schemas/ManagedObject.Device" + }, + { + "$ref": "#/components/schemas/ManagedObject.PrivilegedDevice" + } + ] + }, + "minItems": 0, + "type": "array", + "examples": [ + { + "commissionedDate": "2023-02-04T05:06:09.601Z", + "displayName": "Priv-01534962354", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "parentDeviceId": "81682cf5-0405-491d-8ab8-e07c778d7eaf", + "securityClass": "Privileged", + "uniqueGroupId": "146964e0-8ca4-4af0-9c2a-894b32912463" + }, + { + "commissionedDate": "2023-02-04T05:06:09.601Z", + "displayName": "Priv-01534962354", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "parentDeviceId": "81682cf5-0405-491d-8ab8-e07c778d7eaf", + "uniqueGroupId": "146964e0-8ca4-4af0-9c2a-894b32912463", + "groupAssignmentId": "830d8b6f-2f6f-41f7-8800-0c07445abd36", + "securityClass": "Privileged", + "userAssignmentId": "146964e0-8ca4-4af0-9c2a-894b32912463", + "userAssignmentList": [ + "56d0d4e1-96f6-4cfb-a5e9-a4ee923169a8", + "94a9d681-a8d2-43eb-a83b-d4bfe90259ff", + "c54d4854-9254-4689-8a22-1cc80a3dae4e" + ] + } + ] + } + }, + "required": ["value"], + "title": "Page of Managed Device Objects", + "type": "object", + "examples": [ + { + "@odata.count": 3, + "@odata.nextLink": "2", + "value": [ + { + "commissionedDate": "2023-02-04T05:06:09.601Z", + "displayName": "Priv-01534962354", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "parentDeviceId": "81682cf5-0405-491d-8ab8-e07c778d7eaf", + "securityClass": "Privileged", + "uniqueGroupId": "146964e0-8ca4-4af0-9c2a-894b32912463" + }, + { + "commissionedDate": "2023-02-04T05:06:09.601Z", + "displayName": "Priv-01534962354", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "parentDeviceId": "81682cf5-0405-491d-8ab8-e07c778d7eaf", + "uniqueGroupId": "146964e0-8ca4-4af0-9c2a-894b32912463", + "groupAssignmentId": "830d8b6f-2f6f-41f7-8800-0c07445abd36", + "securityClass": "Privileged", + "userAssignmentId": "146964e0-8ca4-4af0-9c2a-894b32912463", + "userAssignmentList": [ + "56d0d4e1-96f6-4cfb-a5e9-a4ee923169a8", + "94a9d681-a8d2-43eb-a83b-d4bfe90259ff", + "c54d4854-9254-4689-8a22-1cc80a3dae4e" + ] + } + ] + } + ] + }, + "ObjectPage.ManagedUser": { + "properties": { + "@odata.count": { + "type": "number", + "examples": [3] + }, + "@odata.nextLink": { + "type": "string", + "examples": ["2"] + }, + "value": { + "items": { + "oneOf": [ + { + "$ref": "#/components/schemas/ManagedObject.User" + }, + { + "$ref": "#/components/schemas/ManagedObject.PrivilegedUser" } + ] }, - "deviceId": { - "description": "The SHIELD ID (Entra ID Device ID) of the managed device to target.", - "in": "path", - "name": "deviceId", - "required": true, + "minItems": 0, + "type": "array", + "examples": [ + { + "creationDate": "2023-10-21T15:24:47.970Z", + "displayName": "Example User (Priv)", + "firstName": "John", + "lastName": "Doe", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "upn": "priv-user@example.com", + "securityClass": "Privileged", + "uiEducation": false, + "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", + "intermediaryAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "siloAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ] + }, + { + "creationDate": "2023-10-21T15:24:47.970Z", + "displayName": "Example User (Priv)", + "firstName": "John", + "lastName": "Doe", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "upn": "priv-user@example.com", + "securityClass": "Privileged", + "uiEducation": false, + "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", + "intermediaryAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "siloAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "deviceAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "generatedPassword": "GY_w7bZUKRgpIXctD0S2wg", + "parentId": "e59a3a64-dc36-4368-80ec-c205eb176ef6", + "temporaryAccessPass": "BCKTSN#E2R&5" + } + ] + } + }, + "required": ["value"], + "title": "Page of Managed User Objects", + "type": "object", + "examples": [ + { + "@odata.count": 3, + "@odata.nextLink": "2", + "value": [ + { + "creationDate": "2023-10-21T15:24:47.970Z", + "displayName": "Example User (Priv)", + "firstName": "John", + "lastName": "Doe", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "upn": "priv-user@example.com", + "securityClass": "Privileged", + "uiEducation": false, + "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", + "intermediaryAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "siloAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ] + }, + { + "creationDate": "2023-10-21T15:24:47.970Z", + "displayName": "Example User (Priv)", + "firstName": "John", + "lastName": "Doe", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "upn": "priv-user@example.com", + "securityClass": "Privileged", + "uiEducation": false, + "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", + "intermediaryAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "siloAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "deviceAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "generatedPassword": "GY_w7bZUKRgpIXctD0S2wg", + "parentId": "e59a3a64-dc36-4368-80ec-c205eb176ef6", + "temporaryAccessPass": "BCKTSN#E2R&5" + } + ] + } + ] + }, + "SecurityClassList": { + "description": "Security class types as described in https://learn.microsoft.com/en-us/security/compass/privileged-access-security-levels.", + "enum": ["Privileged", "Specialized", "Enterprise", "Unmanaged"], + "examples": ["Privileged"], + "title": "Type of security class the object(s) belongs to", + "type": "string" + } + }, + "securitySchemes": { + "EntraID": { + "type": "http", + "scheme": "bearer", + "bearerFormat": "JWT", + "description": "The Access Token from Entra ID for the `SHIELD - End User Login` Enterprise App (may need to be created from the App Registration)." + } + } + }, + "externalDocs": { + "description": "Official Documentation", + "url": "https://docs.shilab.com" + }, + "info": { + "contact": { + "email": "elliot_huffman@shi.com", + "name": "SHI - Lab" + }, + "description": "Deprive your threats of practical significance. Deploy the Securing Privilege Access architecture. All in a few seconds.", + "title": "SHI Environment Lockdown and Defense", + "version": "3.0.4" + }, + "openapi": "3.1.0", + "paths": { + "/Api/Core/SystemRequirements": { + "get": { + "description": "Provides a detailed breakdown of if the system requirements are being met for the various components of the SHIELD.", + "operationId": "/Api/Core/SystemRequirements/Get", + "responses": { + "200": { + "content": { + "application/json": { "schema": { - "examples": [ - "75da7fa4-4a04-44c8-8f2c-c1b2fa29aa51" - ], - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" + "$ref": "#/components/schemas/Core.SystemRequirements" }, "examples": { - "valid device ID": { - "value": "75da7fa4-4a04-44c8-8f2c-c1b2fa29aa51", - "summary": "Example valid device ID", - "description": "An example of a valid managed Entra ID device ID in type UUID." - } + "System Requirement": { + "value": { + "authenticatorPermissions": true, + "azurePermissions": false, + "defendEntitlement": true, + "deployEntitlement": false, + "discoverEntitlement": true, + "msGraphPermissions": false, + "dataGatewayPermissions": false, + "entraDirectoryRole": false + }, + "summary": "Example system requirement object returned form the API endpoint", + "description": "An example that indicates:
- Azure RBAC assignment(s) are not present.
- SHIELD Defend licenses are present.
- SHIELD Deploy licenses are present.
- SHIELD Discover licenses are present.
- Permissions for the Microsoft Graph API have not been configured properly.
- Permissions for the SHI - Data Gateway have not been configured properly.
- Permissions for Entra Directory Role assignment have not been configured properly." + } } + } }, - "intermediaryId": { - "description": "The Object ID of the parent group for the intermediary that you wish to target.", - "in": "path", - "name": "intermediaryId", - "required": true, + "description": "OK" + } + }, + "tags": ["Core"], + "security": [], + "summary": "Indicates if the System Requirements are met or not." + } + }, + "/Api/Auth/Id": { + "get": { + "description": "Provides the Tenant ID and the Application ID of the service principal that access tokens need to be issued against. This is also useful for configuring public clients to be able to authenticate to for auth code flows.", + "operationId": "/Api/Auth/Id/Get", + "responses": { + "200": { + "content": { + "application/json": { "schema": { - "examples": [ - "25d4d9da-28ea-42f8-b3df-23c3969abffa" - ], - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" + "properties": { + "appId": { + "description": "Application ID that should be used in Access Tokens as the audience and the endpoint necessary for auth code flows.", + "type": "string", + "format": "uuid", + "examples": ["85cbe72b-3215-48bc-9eeb-fa7896c31498"] + }, + "tenantId": { + "description": "Tenant ID necessary for authority host URL configuration and UI customization.", + "type": "string", + "format": "uuid", + "examples": ["3fa85f64-5717-4562-b3fc-2c963f66afa6"] + } + }, + "type": "object", + "required": ["appId", "tenantId"] }, "examples": { - "valid intermediary ID": { - "value": "25d4d9da-28ea-42f8-b3df-23c3969abffa", - "summary": "Example intermediary ID", - "description": "An example of a valid parent group ID in type UUID." - } + "valid request": { + "value": { + "appId": "85cbe72b-3215-48bc-9eeb-fa7896c31498", + "tenantId": "3fa85f64-5717-4562-b3fc-2c963f66afa6" + }, + "summary": "Example request object", + "description": "An example request object to retrieve the IDs required to authenticate." + } } + } }, - "nextLink": { - "description": "Information to be provided to the API call in order to retrieve next set of data as part of pagination. It could be a simple number or full URL representing MS Graph API navigation. This information should not be generated by hand or changed. In case of MS Graph API, please only use tokens the server gives you and do not bring them from outside.", - "in": "query", - "name": "nextLink", + "description": "OK" + }, + "525": { + "$ref": "#/components/responses/525" + } + }, + "tags": ["Authentication"], + "security": [], + "summary": "Retrieves the IDs required to authenticate." + } + }, + "/Api/Auth/Authenticator": { + "get": { + "summary": "Provides Attestation for Authenticator App", + "description": "Provides the attestation to the authenticator that this endpoint is authorized for receiving credentials from the authenticator.\n\nThis endpoint requires the `Authentication.Actions.Attest`, or the `Everything.ReadWrite` scope (permission).", + "operationId": "/Api/Auth/Authenticator/GetAttest", + "responses": { + "200": { + "content": { + "text/plain": { "schema": { - "examples": [ - "3" - ], - "minLength": 1, - "type": "string" + "description": "Access token that SHIELD uses to prove it is a valid recipient of credentials.", + "type": "string", + "examples": [ + "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik1jN2wzSXo5M2c3dXdnTmVFbW13X1dZR1BrbyJ9.eyJhdWQiOiJjYjU5ZjIyOC0wNjkwLTRhY2ItOWE3Yi0wMGMzNmEyZjRlOGQiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vMmQxMDJkYTktZDExZS00YTgwLTkwMjItYzQxOGZhNDg1NGM3L3YyLjAiLCJpYXQiOjE3MjczNjgzODQsIm5iZiI6MTcyNzM2ODM4NCwiZXhwIjoxNzI3MzcyMjg0LCJhaW8iOiJBU1FBMi84WUFBQUFSN0hyaW5XTmRwcisvdnoreWlkZER6WVExeFRpc3BSZGY4TG1XNjhRaE0wPSIsImF6cCI6IjRlODU5MTQ2LWY5M2UtNDlmMi05ODZmLWI3MjIyNmZjZDViOSIsImF6cGFjciI6IjEiLCJvaWQiOiJlMmRlNzQ0ZC1hZjVlLTQ4NDEtYmI4Zi02OTRkZDI1ZmVmNGQiLCJyaCI6IjAuQWNvQXFTMFFMUjdSZ0VxUUlzUVkta2hVeHlqeVdjdVFCc3RLbW5zQXcyb3ZUbzM2QUFBLiIsInJvbGVzIjpbIkF1dGhlbnRpY2F0b3IuQXR0ZXN0Il0sInN1YiI6ImUyZGU3NDRkLWFmNWUtNDg0MS1iYjhmLTY5NGRkMjVmZWY0ZCIsInRpZCI6IjJkMTAyZGE5LWQxMWUtNGE4MC05MDIyLWM0MThmYTQ4NTRjNyIsInV0aSI6Il9MaUdVWWxmS2txNFZoR09NeGw4QUEiLCJ2ZXIiOiIyLjAifQ.xlXZfOnDoOVW3_aOiSIZH8uiySeohro-HVnDzDEff2EjmOk9adrTOP5Sw1av6g3vy38r6dSu4tViwNGrb7Z2krgRKKvp-4A9rkPqeJjjd2rhFl2KiOlxL0mmykbroZZ70RJzwHy2GC7wfuLwJwr-5m7POV2grbxIAlTsMdZWDFXYi-AahfDVtLugarWG5-tXAqiPBKjaU6ntAJIbu7Ol1vYZaeYMsNKTs8O1P10YM460zN9OkfoI1gV7_InHEr8RSyQnEPCJ2W1Or4lDhqdey4ohMoP9EzLgMsn9Ckss5g5C6vVE0GQawUoeGozPOBpgb31J8JzZUyB1JyVfi-vKkQ" + ] }, "examples": { - "Number": { - "value": "3", - "summary": "Number for the next page in the navigation flow", - "description": "The number representation with minimal length for the next page in the navigation flow." - }, - "Uri": { - "value": "https://graph.microsoft.com/beta/devices?$top=20&$skiptoken=RFNwdCtEZXZpY2VfMThkNGY4OTAtMDA2YS00ZWM1LWI2OWYtY2VmNDY4ZjczNzQ4K0RldmljZV8xOGQ0Zjg5MC0wMDZhLTRlYzUtYjY5Zi1jZWY0NjhmNzM3NDg", - "summary": "Complete URL with details of the request and a skip token for MS Graph to parse and respond.", - "description": "The uri representation for the next page in the navigation flow. This example shows the complete URL with details of the request and a skip token for MS Graph to parse and respond." - } + "valid access token": { + "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik1jN2wzSXo5M2c3dXdnTmVFbW13X1dZR1BrbyJ9.eyJhdWQiOiJjYjU5ZjIyOC0wNjkwLTRhY2ItOWE3Yi0wMGMzNmEyZjRlOGQiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vMmQxMDJkYTktZDExZS00YTgwLTkwMjItYzQxOGZhNDg1NGM3L3YyLjAiLCJpYXQiOjE3MjczNjgzODQsIm5iZiI6MTcyNzM2ODM4NCwiZXhwIjoxNzI3MzcyMjg0LCJhaW8iOiJBU1FBMi84WUFBQUFSN0hyaW5XTmRwcisvdnoreWlkZER6WVExeFRpc3BSZGY4TG1XNjhRaE0wPSIsImF6cCI6IjRlODU5MTQ2LWY5M2UtNDlmMi05ODZmLWI3MjIyNmZjZDViOSIsImF6cGFjciI6IjEiLCJvaWQiOiJlMmRlNzQ0ZC1hZjVlLTQ4NDEtYmI4Zi02OTRkZDI1ZmVmNGQiLCJyaCI6IjAuQWNvQXFTMFFMUjdSZ0VxUUlzUVkta2hVeHlqeVdjdVFCc3RLbW5zQXcyb3ZUbzM2QUFBLiIsInJvbGVzIjpbIkF1dGhlbnRpY2F0b3IuQXR0ZXN0Il0sInN1YiI6ImUyZGU3NDRkLWFmNWUtNDg0MS1iYjhmLTY5NGRkMjVmZWY0ZCIsInRpZCI6IjJkMTAyZGE5LWQxMWUtNGE4MC05MDIyLWM0MThmYTQ4NTRjNyIsInV0aSI6Il9MaUdVWWxmS2txNFZoR09NeGw4QUEiLCJ2ZXIiOiIyLjAifQ.xlXZfOnDoOVW3_aOiSIZH8uiySeohro-HVnDzDEff2EjmOk9adrTOP5Sw1av6g3vy38r6dSu4tViwNGrb7Z2krgRKKvp-4A9rkPqeJjjd2rhFl2KiOlxL0mmykbroZZ70RJzwHy2GC7wfuLwJwr-5m7POV2grbxIAlTsMdZWDFXYi-AahfDVtLugarWG5-tXAqiPBKjaU6ntAJIbu7Ol1vYZaeYMsNKTs8O1P10YM460zN9OkfoI1gV7_InHEr8RSyQnEPCJ2W1Or4lDhqdey4ohMoP9EzLgMsn9Ckss5g5C6vVE0GQawUoeGozPOBpgb31J8JzZUyB1JyVfi-vKkQ", + "summary": "Example valid access token", + "description": "An example string that represents the access token that SHIELD uses to prove it is a valid recipient of credentials." + } } + } }, - "offeringId": { - "description": "Unique identifier of the marketplace offering", - "in": "path", - "name": "offeringId", - "required": true, + "description": "OK" + } + }, + "tags": ["Authentication"] + } + }, + "/Api/Auth/Authenticator/Cache/Status": { + "get": { + "summary": "Indicates if SHIELD is waiting for any credentials.", + "description": "Provides a breakdown view of if SHIELD is waiting for any specific type of credential or credentials.\n\nThis endpoint requires the `Authentication.Read`, `Authentication.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", + "operationId": "/Api/Auth/Authenticator/Cache/Status/Get", + "responses": { + "200": { + "content": { + "application/json": { + "examples": { + "Waiting on Nothing": { + "summary": "Not waiting for credentials", + "description": "No credentials are being requested at the moment.", + "value": { + "accessToken": false, + "sccAuth": false + } + }, + "Waiting on Access Token": { + "summary": "Waiting on access token", + "description": "Waiting on an Access Token with the Audience of the Legacy Windows Graph API.", + "value": { + "accessToken": { + "audience": "00000002-0000-0000-c000-000000000000" + }, + "sccAuth": false + } + }, + "Waiting on SccAuth": { + "summary": "Waiting on an SCC Auth data", + "description": "Waiting on an SCC Auth data from the SHIELD - Authenticator App.", + "value": { + "accessToken": false, + "sccAuth": true + } + } + }, "schema": { - "description": "Unique identifier of the marketplace offering.", + "$ref": "#/components/schemas/Authenticator.RequestStatus" + } + } + }, + "description": "OK" + } + }, + "tags": ["Authentication"] + } + }, + "/Api/Auth/Authenticator/Cache/SccAuth": { + "post": { + "description": "Configure SHIELD to use the specific SCC Auth credentials from the authenticator app to run web requests on behalf of the end user.\n\nThis endpoint requires the `Authentication.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", + "operationId": "/Api/Auth/Authenticator/Cache/SccAuth/Post", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Authenticator.Container.SccAuthCredentials" + }, + "examples": { + "valid Scc Auth credentials": { + "value": { + "authenticatedUpn": "user@example.com", + "security": { + "sccAuth": "54BKPtTL-eSMFp5cqYTMMSblm2U80cUJqQgmbe4f_sRn4ammMmU1NKNurn9HqpsUtS4FrMJRTKa3Or_pFbedM_57R0fVBfNJ-m2Pvey9OweWIDradzT0dB1WnufPTJiT2y7zSQy91Y9wJIn1_aY5q-MNh75qwjM84Dng-mYzbd9KqUfyPUolOo-j-... (Truncated)", + "xsrf": "PEDwTvWdm2qSTe-n8h-1praK4OcQK1ELTJ08DWYqBRzQiyA2MIuEKEMNLu4ExjDNpAOUnAxmsqOeuGzb82MJYkegOE6hW8BzpSM6k9nbTbJ4yjNGzMSQvWUnyqrBvGa8JfSRiSeaKdXGBnxGd90Spw2:... (truncated)" + }, + "purview": { + "sccAuth": "54BKPtTL-eSMFp5cqYTMMSblm2U80cUJqQgmbe4f_sRn4ammMmU1NKNurn9HqpsUtS4FrMJRTKa3Or_pFbedM_57R0fVBfNJ-m2Pvey9OweWIDradzT0dB1WnufPTJiT2y7zSQy91Y9wJIn1_aY5q-MNh75qwjM84Dng-mYzbd9KqUfyPUolOo-j-... (Truncated)", + "xsrf": "PEDwTvWdm2qSTe-n8h-1praK4OcQK1ELTJ08DWYqBRzQiyA2MIuEKEMNLu4ExjDNpAOUnAxmsqOeuGzb82MJYkegOE6hW8BzpSM6k9nbTbJ4yjNGzMSQvWUnyqrBvGa8JfSRiSeaKdXGBnxGd90Spw2:... (truncated)" + }, + "expiration": "2024-09-26T18:16:29.340Z", + "defender": { + "sccAuth": "54BKPtTL-eSMFp5cqYTMMSblm2U80cUJqQgmbe4f_sRn4ammMmU1NKNurn9HqpsUtS4FrMJRTKa3Or_pFbedM_57R0fVBfNJ-m2Pvey9OweWIDradzT0dB1WnufPTJiT2y7zSQy91Y9wJIn1_aY5q-MNh75qwjM84Dng-mYzbd9KqUfyPUolOo-j-... (Truncated)", + "xsrf": "PEDwTvWdm2qSTe-n8h-1praK4OcQK1ELTJ08DWYqBRzQiyA2MIuEKEMNLu4ExjDNpAOUnAxmsqOeuGzb82MJYkegOE6hW8BzpSM6k9nbTbJ4yjNGzMSQvWUnyqrBvGa8JfSRiSeaKdXGBnxGd90Spw2:... (truncated)" + } + }, + "summary": "Example Scc Auth credentials", + "description": "An example of valid Scc Auth credentials used to configure SHIELD." + } + } + } + } + }, + "responses": { + "204": { + "description": "Credential was successfully stored" + } + }, + "summary": "Provide Your SHIELD Authenticator Credentials - SCC Auth", + "tags": ["Authentication"] + } + }, + "/Api/Auth/Authenticator/Cache/AccessToken": { + "post": { + "summary": "Provide Your SHIELD Authenticator Credentials - Access Token", + "description": "Configure SHIELD to use the specific Access Token credentials from the authenticator app to run web requests on behalf of the end user.\n\nThis endpoint requires the `Authentication.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", + "operationId": "/Api/Auth/Authenticator/Cache/AccessToken/Post", + "requestBody": { + "content": { + "application/json": { + "schema": { + "description": "Access Token to be stored in the SHIELD authentication engine.", + "type": "object", + "properties": { + "token": { + "description": "This is transmitted as a property instead of a raw string as the body parser ignores it in Express.JS. Functionally identical though.", + "type": "string", "examples": [ - "271ab834-7469-4f2d-a705-549972c4f325" - ], - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" + "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik1jN2wzSXo5M2c3dXdnTmVFbW13X1dZR1BrbyJ9.eyJhdWQiOiI0YzQwMjgxYi1hMzA1LTRhYWYtOTBhNC1kNWJiZWU2ZWI4ZWQiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vMmQxMDJkYTktZDExZS00YTgwLTkwMjItYzQxOGZhNDg1NGM3L3YyLjAiLCJpYXQiOjE3MjczNzUzNzMsIm5iZiI6MTcyNzM3NTM3MywiZXhwIjoxNzI3Mzc5MjczLCJhaW8iOiJrMkJnWU9BM1ByL2lTc2loRmYzeU9uVk40UTZOc1dsZnRnWEhoMW5HYm5saWVuS1hRZ2tBIiwiYXpwIjoiNGU4NTkxNDYtZjkzZS00OWYyLTk4NmYtYjcyMjI2ZmNkNWI5IiwiYXpwYWNyIjoiMSIsIm9pZCI6ImUyZGU3NDRkLWFmNWUtNDg0MS1iYjhmLTY5NGRkMjVmZWY0ZCIsInJoIjoiMC5BY29BcVMwUUxSN1JnRXFRSXNRWS1raFV4eHNvUUV3Rm82OUtrS1RWdS01dXVPMzZBQUEuIiwicm9sZXMiOlsiVGVsZW1ldHJ5LlNvcC5SZWFkV3JpdGUiLCJMaWNlbnNlUmVwb3J0LlJlYWRXcml0ZSJdLCJzdWIiOiJlMmRlNzQ0ZC1hZjVlLTQ4NDEtYmI4Zi02OTRkZDI1ZmVmNGQiLCJ0aWQiOiIyZDEwMmRhOS1kMTFlLTRhODAtOTAyMi1jNDE4ZmE0ODU0YzciLCJ1dGkiOiJfTGlHVVlsZktrcTRWaEdPXzNpRkFBIiwidmVyIjoiMi4wIn0.CZMOfyo5Lo1Km8bgWtOw8f30n1AZ5HJQ-StyIPr_P_eEjanzHVSEiRsHweNATW0GQFfLs0lGH43xztFcNNepu7CctyEzoktJ-9De2mMLIMJviF1rlB19mxH3a3hUSPZuPeYPPONkYtjL4fZj0mCYcALoq-orc0Oswg0l3fatbS7a-DAgxZdLHa6M7OtXksMlMXwooxmocOQeg_zhpko1zyuzSsVwNrz1uMZYpivwaM1ImWZiqgjMc1NWCN2Co1nYNuvxg6Chcr0OOsPRaXayfzrP7IlsZIg5Itg9lrqN0cjT3t8GSejL2P8HmfPcYftlqOobCesjSfBthir5hGUoNA" + ] + } + }, + "examples": [ + { + "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik1jN2wzSXo5M2c3dXdnTmVFbW13X1dZR1BrbyJ9.eyJhdWQiOiI0YzQwMjgxYi1hMzA1LTRhYWYtOTBhNC1kNWJiZWU2ZWI4ZWQiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vMmQxMDJkYTktZDExZS00YTgwLTkwMjItYzQxOGZhNDg1NGM3L3YyLjAiLCJpYXQiOjE3MjczNzUzNzMsIm5iZiI6MTcyNzM3NTM3MywiZXhwIjoxNzI3Mzc5MjczLCJhaW8iOiJrMkJnWU9BM1ByL2lTc2loRmYzeU9uVk40UTZOc1dsZnRnWEhoMW5HYm5saWVuS1hRZ2tBIiwiYXpwIjoiNGU4NTkxNDYtZjkzZS00OWYyLTk4NmYtYjcyMjI2ZmNkNWI5IiwiYXpwYWNyIjoiMSIsIm9pZCI6ImUyZGU3NDRkLWFmNWUtNDg0MS1iYjhmLTY5NGRkMjVmZWY0ZCIsInJoIjoiMC5BY29BcVMwUUxSN1JnRXFRSXNRWS1raFV4eHNvUUV3Rm82OUtrS1RWdS01dXVPMzZBQUEuIiwicm9sZXMiOlsiVGVsZW1ldHJ5LlNvcC5SZWFkV3JpdGUiLCJMaWNlbnNlUmVwb3J0LlJlYWRXcml0ZSJdLCJzdWIiOiJlMmRlNzQ0ZC1hZjVlLTQ4NDEtYmI4Zi02OTRkZDI1ZmVmNGQiLCJ0aWQiOiIyZDEwMmRhOS1kMTFlLTRhODAtOTAyMi1jNDE4ZmE0ODU0YzciLCJ1dGkiOiJfTGlHVVlsZktrcTRWaEdPXzNpRkFBIiwidmVyIjoiMi4wIn0.CZMOfyo5Lo1Km8bgWtOw8f30n1AZ5HJQ-StyIPr_P_eEjanzHVSEiRsHweNATW0GQFfLs0lGH43xztFcNNepu7CctyEzoktJ-9De2mMLIMJviF1rlB19mxH3a3hUSPZuPeYPPONkYtjL4fZj0mCYcALoq-orc0Oswg0l3fatbS7a-DAgxZdLHa6M7OtXksMlMXwooxmocOQeg_zhpko1zyuzSsVwNrz1uMZYpivwaM1ImWZiqgjMc1NWCN2Co1nYNuvxg6Chcr0OOsPRaXayfzrP7IlsZIg5Itg9lrqN0cjT3t8GSejL2P8HmfPcYftlqOobCesjSfBthir5hGUoNA" + } + ] + }, + "examples": { + "Valid request body": { + "value": { + "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik1jN2wzSXo5M2c3dXdnTmVFbW13X1dZR1BrbyJ9.eyJhdWQiOiI0YzQwMjgxYi1hMzA1LTRhYWYtOTBhNC1kNWJiZWU2ZWI4ZWQiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vMmQxMDJkYTktZDExZS00YTgwLTkwMjItYzQxOGZhNDg1NGM3L3YyLjAiLCJpYXQiOjE3MjczNzUzNzMsIm5iZiI6MTcyNzM3NTM3MywiZXhwIjoxNzI3Mzc5MjczLCJhaW8iOiJrMkJnWU9BM1ByL2lTc2loRmYzeU9uVk40UTZOc1dsZnRnWEhoMW5HYm5saWVuS1hRZ2tBIiwiYXpwIjoiNGU4NTkxNDYtZjkzZS00OWYyLTk4NmYtYjcyMjI2ZmNkNWI5IiwiYXpwYWNyIjoiMSIsIm9pZCI6ImUyZGU3NDRkLWFmNWUtNDg0MS1iYjhmLTY5NGRkMjVmZWY0ZCIsInJoIjoiMC5BY29BcVMwUUxSN1JnRXFRSXNRWS1raFV4eHNvUUV3Rm82OUtrS1RWdS01dXVPMzZBQUEuIiwicm9sZXMiOlsiVGVsZW1ldHJ5LlNvcC5SZWFkV3JpdGUiLCJMaWNlbnNlUmVwb3J0LlJlYWRXcml0ZSJdLCJzdWIiOiJlMmRlNzQ0ZC1hZjVlLTQ4NDEtYmI4Zi02OTRkZDI1ZmVmNGQiLCJ0aWQiOiIyZDEwMmRhOS1kMTFlLTRhODAtOTAyMi1jNDE4ZmE0ODU0YzciLCJ1dGkiOiJfTGlHVVlsZktrcTRWaEdPXzNpRkFBIiwidmVyIjoiMi4wIn0.CZMOfyo5Lo1Km8bgWtOw8f30n1AZ5HJQ-StyIPr_P_eEjanzHVSEiRsHweNATW0GQFfLs0lGH43xztFcNNepu7CctyEzoktJ-9De2mMLIMJviF1rlB19mxH3a3hUSPZuPeYPPONkYtjL4fZj0mCYcALoq-orc0Oswg0l3fatbS7a-DAgxZdLHa6M7OtXksMlMXwooxmocOQeg_zhpko1zyuzSsVwNrz1uMZYpivwaM1ImWZiqgjMc1NWCN2Co1nYNuvxg6Chcr0OOsPRaXayfzrP7IlsZIg5Itg9lrqN0cjT3t8GSejL2P8HmfPcYftlqOobCesjSfBthir5hGUoNA" + }, + "summary": "Example request body", + "description": "An example object that represents the request body to be sent to the API endpoint." + } + } + } + } + }, + "responses": { + "204": { + "description": "Credential was successfully stored" + }, + "400": { + "description": "Invalid Access Token" + } + }, + "tags": ["Authentication"] + } + }, + "/Api/Update": { + "get": { + "summary": "Check if an Update Is Pending", + "description": "Provides the state of the update engine. Where `true` means there is an update detected and `false` means there isn't an update available. This endpoint is available to all authorization levels.", + "operationId": "/Api/Update/Get", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "type": "boolean", + "examples": [true] }, "examples": { - "valid offering ID": { - "value": "271ab834-7469-4f2d-a705-549972c4f325", - "summary": "Example of an offering ID", - "description": "An example of an valid marketplace offering ID in type UUID." - } + "Example value": { + "summary": "Example value", + "description": "An example boolean value that represents an update to SHIELD is pending.", + "value": true + } } + } }, - "search": { - "description": "Used in object filtering.", - "in": "query", - "name": "search", + "description": "OK" + } + }, + "tags": ["Update"] + } + }, + "/Api/Update/Check": { + "get": { + "summary": "Check for a New Version", + "description": "Checks with data gateway and compares the reported version to the version that is locally installed. If there is a difference, a new update is marked as available. Always returns the latest version available on data gateway, even if that version is installed locally.\n\nThis endpoint requires the `Update.Read`, `Update.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", + "operationId": "/Api/Update/Check/Get", + "responses": { + "200": { + "content": { + "application/json": { "schema": { - "examples": [ - "finance" - ], - "type": "string" + "properties": { + "appVersion": { + "description": "Follows symantec versioning as laid out here: https://semver.org/. This number is the version of the application package.", + "examples": ["1.2.3"], + "type": "string" + } + }, + "type": "object", + "examples": [ + { + "appVersion": "1.2.3" + } + ] }, "examples": { - "valid search term": { - "value": "finance", - "summary": "Example search term", - "description": "An example valid search term used in object filtering in a query." + "Example response": { + "summary": "Example reported SHIELD version", + "description": "An example of latest semantic version of the SHIELD available.", + "value": { + "appVersion": "1.2.3" } + } } + } }, - "securityClass": { - "description": "The security class of managed object to retrieve. Unknown values, will be ignored. Please see https://learn.microsoft.com/en-us/security/compass/privileged-access-security-levels for a description of security levels.", - "in": "path", - "name": "securityClass", - "required": true, + "description": "OK" + } + }, + "tags": ["Update"] + } + }, + "/Api/Update/Check/Channel/{Update Channel Name}": { + "get": { + "summary": "Check for a New Version in Channel", + "description": "Checks with the SHI Data Gateway in the specified update channel and compares the reported version to the version that is locally installed. If there is a difference, a new update is marked as available. Always returns the latest version available on data gateway, even if that version is installed locally.\n\nThis endpoint requires the `Update.Read`, `Update.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", + "operationId": "/Api/Update/Check/Channel/UpdateChannelName/Get", + "parameters": [ + { + "$ref": "#/components/parameters/updateChannelName" + } + ], + "responses": { + "200": { + "content": { + "application/json": { "schema": { - "$ref": "#/components/schemas/SecurityClassList" + "properties": { + "appVersion": { + "description": "Follows symantec versioning as laid out here: https://semver.org/. This number is the version of the application package.", + "examples": ["1.2.3"], + "type": "string" + } + }, + "type": "object", + "examples": [ + { + "appVersion": "1.2.3" + } + ] }, "examples": { - "Privileged": { - "value": "Privileged", - "summary": "Example security class", - "description": "An example enum string that indicates the security class of an managed object is privileged." + "SHIELD version": { + "summary": "Example semantic version", + "description": "An example string that represents the latest semantic version of SHIELD available in specific channel.", + "value": { + "appVersion": "1.2.3" } + } } + } }, - "updateChannelName": { - "description": "Name of the update channel that should be used when querying or downloading updates.", - "in": "path", - "name": "Update Channel Name", - "required": true, + "description": "OK" + } + }, + "tags": ["Update"] + } + }, + "/Api/Update/Install": { + "post": { + "summary": "Installs SHIELD Core Update", + "description": "Installs the latest version that is available from SHI Data Gateway. Even if that version is the same that is installed.\n\nThis endpoint requires the `Update.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", + "operationId": "/Api/Update/Install/Post", + "responses": { + "204": { + "description": "OK: Update Submitted to Azure" + } + }, + "tags": ["Update"] + } + }, + "/Api/Update/Install/Channel/{Update Channel Name}": { + "post": { + "summary": "Installs SHIELD Core Update from Channel", + "description": "Installs the latest version that is available from SHI Data Gateway in the specified channel. Even if that version is the same that is installed.\n\nThis endpoint requires the `Update.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", + "operationId": "/Api/Update/Install/Channel/UpdateChannelName/Post", + "parameters": [ + { + "$ref": "#/components/parameters/updateChannelName" + } + ], + "responses": { + "204": { + "description": "OK: Update Submitted to Azure" + } + }, + "tags": ["Update"] + } + }, + "/Api/Update/Upload": { + "post": { + "summary": "Upload Custom Update Package", + "description": "THIS API SHOULD ONLY BE USED IF INSTRUCTED BY SHI EMPLOYEES!\n\nUploads the specified ZIP package, validates signature and installs it if it matches. This ignores version numbers and will allow you to install the same version again if necessary.\n\nThis endpoint requires the `Update.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", + "operationId": "/Api/Update/Upload/Post", + "requestBody": { + "content": { + "application/octet-stream": { + "schema": { + "type": "string", + "format": "binary" + } + } + } + }, + "responses": { + "204": { + "description": "OK: Update Submitted to Azure" + } + }, + "tags": ["Update"] + } + }, + "/Api/Discover/Status": { + "get": { + "summary": "State of the Discover Module.", + "description": "Provides a detailed breakdown of the current state of the discover module and it progress.\n\nThis endpoint requires the `Discover.Read`, or the `Everything.ReadWrite` scope (permission).", + "operationId": "/Api/Discover/Status/Get", + "responses": { + "200": { + "content": { + "application/json": { "schema": { - "examples": [ - "stable" - ], - "type": "string", - "enum": [ - "alpha", - "beta", - "stable" - ] + "$ref": "#/components/schemas/Discover.ExecutionStatus" }, "examples": { - "valid channel name": { - "value": "stable", - "summary": "Example of an update channel name", - "description": "An example of an valid update channel name that should be used when querying or downloading updates." - } + "Execution Status": { + "value": { + "running": true + }, + "summary": "Example execution status", + "description": "An example execution status object that indicates a SHIELD Discover run is already in progress." + } } + } }, - "userId": { - "description": "The SHIELD ID (Entra ID User's Object ID) of the managed user to target.", - "in": "path", - "name": "userId", - "required": true, + "description": "OK" + } + }, + "tags": ["Discover"] + } + }, + "/Api/Discover/Progress": { + "get": { + "summary": "Current execution progress of the Discover module.", + "description": "Provides a detailed breakdown of the current progress of the discover module and it progress.\n\nThis endpoint requires the `Discover.Read`, or the `Everything.ReadWrite` scope (permission).", + "operationId": "/Api/Discover/Progress/Get", + "responses": { + "200": { + "content": { + "application/json": { "schema": { - "examples": [ - "264a8bed-0714-48fd-8b9d-0e4c4715cee5" - ], - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" + "$ref": "#/components/schemas/Core.ProgressBar" }, "examples": { - "valid user ID": { - "value": "264a8bed-0714-48fd-8b9d-0e4c4715cee5", - "summary": "Example of a user ID", - "description": "An example of valid EntraID managed user ID in type UUID." - } + "Progress Bar": { + "value": { + "childBar": [], + "description": "Collecting data from the Microsoft Entra ID system.", + "displayName": "Running Entra ID Plugin", + "id": "b759230f-48cb-496e-ad57-5f079083226b", + "currentStep": 5, + "totalStepCount": 7 + }, + "summary": "Example progress bar object", + "description": "An example progress bar object returned from the endpoint. It indicates:
- The purpose of a progress bar.
- The text label of a progress bar.
- The unique identifier in type UUID of a specific SHIELD instance for search.
- The total number of steps of a progress bar.
- The current step/value of a progress bar.
- No child progress bar." + } } - } + } + }, + "description": "OK" + } }, + "tags": ["Discover"] + } + }, + "/Api/Discover/Report": { + "get": { + "summary": "Start Discover's Report Generation", + "description": "Starts the Discover module's report collection engine to create a license report and upload it to the data gateway.\n\nThis endpoint requires the `Discover.Action.Run`, or the `Everything.ReadWrite` scope (permission).", + "operationId": "/Api/Discover/Report/Start", "responses": { - "201": { - "description": "The authorization was recorded successfully." - }, - "202": { - "description": "The process to create a report has started." - }, - "400": { - "description": "Invalid input!" - }, - "401": { - "description": "Principal is not authorized to access this endpoint. Check to make sure the Bearer token is valid and present!" - }, - "403": { - "description": "Principal does not contain the correct scopes (permissions) for the API call that was made, or was made from the wrong tenant. If the permissions were granted, ensure that the access token was requested with the correct scopes." - }, - "404": { - "description": "The requested object was not found." - }, - "409": { - "description": "A job is already in progress." + "202": { + "$ref": "#/components/responses/202" + }, + "409": { + "$ref": "#/components/responses/409" + } + }, + "tags": ["Discover"] + } + }, + "/Api/Discover/LicenseReport/Correlation": { + "get": { + "description": "Retrieves the list of correlation records for the authenticated tenant. Correlation records store the metadata for a specific license report.\n\nThis endpoint requires the `Discover.Read`, or the `Everything.ReadWrite` scope (permission).", + "operationId": "/Api/Discover/LicenseReport/Correlation/Get", + "responses": { + "200": { + "content": { + "application/json": { + "examples": { + "anything": { + "description": "Sample list of correlation records for the authenticated tenant.", + "summary": "Available Correlation Records", + "value": [ + { + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", + "createdAt": "2024-08-01T21:14:45.026Z", + "updatedAt": "2024-08-01T21:14:45.026Z" + }, + { + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "d8095827-a313-40e1-b086-f72636de0edf", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", + "createdAt": "2024-07-25T21:14:45.026Z", + "updatedAt": "2024-07-25T21:14:45.026Z" + } + ] + } + }, + "schema": { + "type": "array", + "minItems": 0, + "items": { + "$ref": "#/components/schemas/LicenseReport.CorrelationRecord" + }, + "examples": [ + [ + { + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", + "createdAt": "2024-08-01T21:14:45.026Z", + "updatedAt": "2024-08-01T21:14:45.026Z" + }, + { + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "d8095827-a313-40e1-b086-f72636de0edf", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", + "createdAt": "2024-07-25T21:14:45.026Z", + "updatedAt": "2024-07-25T21:14:45.026Z" + } + ] + ] + } + } }, - "525": { - "description": "Infrastructure not deployed. Please deploy the infrastructure before using this endpoint." - } + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + } }, - "schemas": { - "Core.SystemRequirements": { - "title": "Core - System Requirements", - "description": "Collection of indicators that notify the caller if the system requirements have been met for various sub components to operate.", - "properties": { - "authenticatorPermissions": { - "description": "Flag that indicates if the core permissions for the SHIELD - Authenticator App have been configured properly or not.", - "type": "boolean", - "examples": [ - true - ] - }, - "azurePermissions": { - "description": "Flag that indicates if the required core Azure RBAC assignment(s) are present or not.", - "type": "boolean", - "examples": [ - false - ] - }, - "defendEntitlement": { - "description": "Flag that indicates if the required defend licenses are present or not.", - "type": "boolean", - "examples": [ - true - ] - }, - "deployEntitlement": { - "description": "Flag that indicates if the required deploy licenses are present or not.", - "type": "boolean", - "examples": [ - true - ] - }, - "discoverEntitlement": { - "description": "Flag that indicates if the required discover licenses are present or not.", - "type": "boolean", - "examples": [ - true - ] - }, - "msGraphPermissions": { - "description": "Flag that indicates if the core permissions for the Microsoft Graph API have been configured properly or not.", - "type": "boolean", - "examples": [ - false - ] - }, - "dataGatewayPermissions": { - "description": "Flag that indicates if the core permissions for the SHI - Data Gateway have been configured properly or not.", - "type": "boolean", - "examples": [ - false - ] - }, - "entraDirectoryRole": { - "description": "Flag that indicates if the core permissions for Entra Directory Role assignment have been configured properly or not.", - "type": "boolean", - "examples": [ - false - ] + "tags": ["Discover"], + "summary": "Retrieve the List of Correlation Records" + } + }, + "/Api/Discover/LicenseReport/Correlation/{correlationId}/Data": { + "get": { + "description": "Retrieves the full license report for the specified correlation ID in the authenticated tenant. The license report contains all of the license usage and compliance information with the required correlation data.\n\nThis endpoint requires the `Discover.Read`, or the `Everything.ReadWrite` scope (permission).", + "operationId": "/Api/Discover/LicenseReport/Correlation/:correlationId/Data/Get", + "parameters": [ + { + "$ref": "#/components/parameters/correlationId" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "examples": { + "License Report": { + "description": "Sample, truncated report from an example customer environment.", + "summary": "Example License Report", + "value": { + "availableLicense": { + "3d282045-ec7f-4813-88e2-29b74ee609f7": 123456, + "5888a922-9f5b-45fd-bd5f-de3283d6a79e": 99999999, + "a4b2e176-d63d-4081-9e21-226e2ac624b9": 5, + "547404d4-8734-415f-a7ca-e9c1ffb95e48": 25, + "d76878d6-1495-4243-a334-a82bb9818cd0": 500 + }, + "correlation": { + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db" + }, + "licenseData": { + "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { + "assignedLicense": { + "5888a922-9f5b-45fd-bd5f-de3283d6a79e": null, + "3d282045-ec7f-4813-88e2-29b74ee609f7": null + }, + "assignedService": { + "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, + "d76878d6-1495-4243-a334-a82bb9818cd0": null + }, + "consumedService": { + "e0d101e8-6f1e-40a9-a66f-cad4112c9a59": null, + "c63b7a2d-6573-4c37-9ca8-e12b954d3198": { + "Something Here": true, + "Other Obscure feature": false + } + } + }, + "04e88835-771a-482b-9d6f-ba06c32cbb67": { + "assignedLicense": { + "3d282045-ec7f-4813-88e2-29b74ee609f7": null + }, + "assignedService": { + "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, + "d76878d6-1495-4243-a334-a82bb9818cd0": null + }, + "consumedService": { + "9d3603de-b378-4c4a-adcc-ee133cbef914": null, + "e9a4e3d3-ebe0-405a-a8f4-35a04c4dba1f": { + "Something Here": true, + "Other Obscure feature": false + } + } + } + } } + } }, - "type": "object", - "required": [ - "authenticatorPermissions", - "azurePermissions", - "defendEntitlement", - "deployEntitlement", - "discoverEntitlement", - "msGraphPermissions", - "dataGatewayPermissions", - "entraDirectoryRole" - ], - "examples": [ - { - "authenticatorPermissions": true, - "azurePermissions": false, - "defendEntitlement": true, - "deployEntitlement": false, - "discoverEntitlement": true, - "msGraphPermissions": false, - "dataGatewayPermissions": false, - "entraDirectoryRole": false - } - ] + "schema": { + "$ref": "#/components/schemas/LicenseReport" + } + } + }, + "description": "OK" + }, + "400": { + "$ref": "#/components/responses/400" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + } + }, + "tags": ["Discover"], + "summary": "Retrieve the Specified License Report" + } + }, + "/Api/Deploy": { + "get": { + "description": "Has the core infrastructure engine check if the config engine can initialize properly.\n\nThis endpoint requires the `Deploy.Read`, `Deploy.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", + "operationId": "/Api/Deploy/Get", + "responses": { + "200": { + "content": { + "application/json": { + "examples": { + "Infra deployed": { + "description": "All API calls should be available since the core infrastructure is deployed.", + "summary": "Infrastructure is deployed", + "value": true + }, + "Infra not deployed": { + "description": "Infrastructure is not deployed. Please run the deployment before attempting different API calls.", + "summary": "Infrastructure is not deployed", + "value": false + } + }, + "schema": { + "type": "boolean", + "examples": [true] + } + } }, - "Core.ProgressBar": { - "title": "Core - Progress Bar", - "description": "Used to indicate the progress of a long running operation.", + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + } + }, + "summary": "Get the current status of the infrastructure deployment", + "tags": ["Infrastructure Deployment"] + }, + "post": { + "description": "After the user consents, deploy the core security groups, scope tag, configurations and metadata.\n\nThis endpoint requires the `Deploy.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", + "operationId": "/Api/Deploy/Post", + "requestBody": { + "content": { + "application/json": { + "examples": { + "Ignorant Deploy Request": { + "description": "Clueless dev trying to automate this application without reading the docs. RTFM!", + "summary": "Ignorant Deploy Request", + "value": {} + }, + "No User Consent": { + "description": "User did not agree to the terms and conditions. This post should not have been sent.", + "summary": "User Did Not Consent", + "value": { + "deploymentConsent": false + } + }, + "User Consented": { + "description": "User agreed to the terms and conditions and pressed the deploy button.", + "summary": "User Consented", + "value": { + "deploymentConsent": true + } + } + }, + "schema": { "properties": { - "childBar": { - "description": "Sub progress bar that should appear below the current progress bar for a dependent execution branch.", - "type": "array", - "minItems": 0, - "items": { - "$ref": "#/components/schemas/Core.ProgressBar" - }, - "examples": [ - [ - { - "description": "Collecting data from the Microsoft Entra ID system.", - "displayName": "Running Entra ID Plugin", - "id": "b759230f-48cb-496e-ad57-5f079083226b", - "currentStep": 5, - "totalStepCount": 7 - } - ] - ] - }, - "description": { - "type": "string", - "description": "Long form text describing the current step.", - "examples": [ - "Collecting data from the Microsoft Entra ID system." - ] - }, - "displayName": { - "type": "string", - "description": "Text/label to render with the progress bar.", - "examples": [ - "Running Entra ID Plugin" - ] - }, - "id": { - "description": "Unique identifier to be able to select this specific instance via search.", - "type": "string", - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "examples": [ - "b759230f-48cb-496e-ad57-5f079083226b" - ] - }, - "currentStep": { - "description": "Current step/value for the progress bar. This is in relation to the `totalStepCount` property. If undefined, an indeterminate/pulsing progress bar is used instead.", - "examples": [ - 5 - ], - "type": "number" - }, - "totalStepCount": { - "description": "Number of steps before the progress bar is completely filed.", - "examples": [ - 7 - ], - "type": "number", - "minimum": 1 - } + "deploymentConsent": { + "type": "boolean", + "examples": [true] + } }, "type": "object", - "required": [ - "childBar", - "displayName", - "id", - "totalStepCount" - ], "examples": [ - { - "childBar": [], - "description": "Collecting data from the Microsoft Entra ID system.", - "displayName": "Running Entra ID Plugin", - "id": "b759230f-48cb-496e-ad57-5f079083226b", - "currentStep": 5, - "totalStepCount": 7 - } + { + "deploymentConsent": true + } ] + } + } + } + }, + "responses": { + "204": { + "content": { + "application/json": { + "examples": { + "Successful Deployment": { + "description": "When a deployment request is successfully executed, a boolean true is returned.", + "summary": "Successful Deployment", + "value": true + } + }, + "schema": { + "type": "boolean", + "examples": [true] + } + } }, - "Authenticator.RequestStatus": { - "title": "Authentication - Status", - "description": "List of credentials that are being waited for by SHIELD's internal authentication engine.", - "properties": { - "accessToken": { - "oneOf": [ - { - "description": "Flag that represents if the server is not waiting for a specific access token.", - "type": "boolean", - "examples": [ - false - ] - }, - { - "$ref": "#/components/schemas/Authenticator.Status.TokenAudience" - } - ], - "examples": [ - false, - { - "audience": "00000002-0000-0000-b000-000000000000" - } - ] + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + } + }, + "summary": "Deploy the core infrastructure architecture specification", + "tags": ["Infrastructure Deployment"], + "security": [] + } + }, + "/Api/Deploy/Progress": { + "get": { + "summary": "Current execution progress of the Deploy module.", + "description": "Provides a detailed breakdown of the current progress of the deploy module and its sub-components, if any.\n\nThis endpoint requires the `Deploy.Read`, or the `Deploy.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", + "operationId": "/Api/Deploy/Progress/Get", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Core.ProgressBar" + }, + "examples": { + "Progress Bar": { + "value": { + "childBar": [ + { + "description": "Collecting data from the Microsoft Purview.", + "displayName": "Running SHIELD Deploy - Purview", + "id": "b759230f-48cb-496e-ad57-5f079083226c", + "currentStep": 1, + "totalStepCount": 3 + } + ], + "description": "Collecting data from the Microsoft Entra ID system.", + "displayName": "Running SHIELD Deploy", + "id": "b759230f-48cb-496e-ad57-5f079083226b", + "currentStep": 5, + "totalStepCount": 7 + }, + "summary": "Example progress bar object", + "description": "An example progress bar object returned from the endpoint. It indicates:
- The purpose of a progress bar.
- The text label of a progress bar.
- The unique identifier in type UUID of a specific SHIELD instance for search.
- The total number of steps of a progress bar.
- The current step/value of a progress bar.
- With a child progress bar." + } + } + } + }, + "description": "OK" + } + }, + "tags": ["Infrastructure Deployment"] + } + }, + "/Api/Deploy/Version": { + "get": { + "description": "Gets the version of the API server and the architecture version deployed as well as the supported version of the architecture spec from the server.\n\nThis endpoint requires the `Deploy.Read`, `Deploy.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", + "operationId": "/Api/Deploy/Version/Get", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "properties": { + "apiVersion": { + "description": "Follows symantec versioning as laid out here: https://semver.org/. This number is the version of the API server.", + "examples": ["1.2.3"], + "type": "string" }, - "sccAuth": { - "description": "Flag that represents if the server is waiting for SCC Auth credentials.", - "type": "boolean", - "examples": [ - true - ] + "archSpecVersion": { + "description": "An incrementing number that describes the version of the architecture specification that the API supports.", + "examples": [123], + "type": "number" + }, + "deployedArchVersion": { + "description": "The version of the architecture specification that is currently deployed.", + "examples": [25], + "type": "number" } - }, - "type": "object", - "required": [ - "accessToken", - "sccAuth" - ], - "examples": [ + }, + "type": "object", + "examples": [ { - "accessToken": { - "audience": "00000002-0000-0000-b000-000000000000" - }, - "sccAuth": true + "apiVersion": "1.2.3", + "archSpecVersion": 123, + "deployedArchVersion": 100 } - ] + ] + }, + "examples": { + "Versions response": { + "summary": "Example versions response", + "description": "An example object that represents the aggregation of versioning information of all SHIELDs components. including:
- Semantic version of the API server.
- The incrementing architecture specification version that the API supports.
- The incrementing architecture specification version that is currently deployed.", + "value": { + "apiVersion": "1.2.3", + "archSpecVersion": 123, + "deployedArchVersion": 100 + } + } + } + } }, - "Authenticator.Status.TokenAudience": { - "title": "SHIELD - Authenticator - Status - Token Audience", - "description": "If a access token is being requested, this is the audience that the access token should have when being submitted.", - "properties": { - "audience": { - "description": "Audience ID of the access token that is being requested.", - "type": "string", - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "examples": [ - "00000002-0000-0000-b000-000000000000" - ] + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + } + }, + "summary": "Gets the version of SHIELDs components", + "tags": ["Infrastructure Deployment"] + } + }, + "/Api/Defend/Intermediary/Type/{securityClass}/Offering/8a921026-ec06-4e08-af19-8812e161e61f": { + "get": { + "description": "Retrieves a list of all AVD intermediaries for the specified security class filter. Next links may be provided for pagination to allow for good performance on larger environments. If a nextLink is return, not all data was returned on this query and the next link can be sent back to the API to get the next page of data.\n\nThis endpoint requires the `Intermediary.Privileged.Read`, `Intermediary.Privileged.ReadWrite`, `Intermediary.Specialized.Read`, `Intermediary.Specialized.ReadWrite`, `Intermediary.Enterprise.ReadWrite`, `Intermediary.Enterprise.Read`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", + "operationId": "/Api/Defend/Intermediary/Type/:securityClass/Offering/AVD/Get", + "parameters": [ + { + "$ref": "#/components/parameters/securityClass" + }, + { + "$ref": "#/components/parameters/nextLink" + }, + { + "$ref": "#/components/parameters/search" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ObjectPage.Intermediary.Avd" + }, + "examples": { + "Paged AVD intermediaries": { + "summary": "Example paged AVD intermediary list", + "description": "An example paged AVD intermediary list returned that represents the current page of all AVD intermediary instances form the specified security class.", + "value": { + "@odata.count": 1, + "@odata.nextLink": "1", + "value": [ + { + "id": "e097a3f5-9599-44a2-8923-fd3276c83ae1", + "kind": "AVD", + "name": "Legacy Reach Back", + "securityClass": "Privileged", + "addressRangeCIDR": "172.16.1.0/24", + "assignmentGroup": "68873e26-3c35-465c-9422-0884a00beb36", + "index": 0, + "location": "East US 2", + "resourceId": "/subscriptions/742f0d26-daa0-4f84-8d4f-fb052f89f639/resourceGroups/SHIELD_-_PSM-Legacy_Reach_Back/providers/Microsoft.DesktopVirtualization/hostpools/SHIELD_-_PSM-Cluster-Legacy_Reach_Back", + "sessionHostGroup": "f99f0918-da9b-4c58-9a8d-9346abc5d9ec", + "sessionHostPrefix": "Reach", + "vmSku": "Standard_D2s_v5" + } + ] } + } + } + } + }, + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "525": { + "$ref": "#/components/responses/525" + } + }, + "summary": "Retrieves all AVD Intermediary Instances", + "tags": ["Intermediary"] + } + }, + "/Api/Defend/Intermediary/{intermediaryId}/Type/{securityClass}/Offering/8a921026-ec06-4e08-af19-8812e161e61f": { + "delete": { + "description": "Deletes the specified intermediary (by the parent group's Entra ID Object ID) using the requested security class as a filter.\n\nThis endpoint requires the `Intermediary.Privileged.ReadWrite`, `Intermediary.Specialized.ReadWrite`, `Intermediary.Enterprise.ReadWrite`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", + "operationId": "/Api/Defend/Intermediary/:intermediaryId/Type/:securityClass/Offering/AVD/Delete", + "parameters": [ + { + "$ref": "#/components/parameters/securityClass" + }, + { + "$ref": "#/components/parameters/intermediaryId" + } + ], + "responses": { + "204": { + "description": "OK: Deleted successfully" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "404": { + "$ref": "#/components/responses/404" + }, + "525": { + "$ref": "#/components/responses/525" + } + }, + "summary": "Deletes a Single AVD Intermediary Instance", + "tags": ["Intermediary"] + }, + "get": { + "description": "Retrieves the specified intermediary (by the parent group's Entra ID Object ID) using the requested security class as a filter.\n\nThis endpoint requires the `Intermediary.Privileged.Read`, `Intermediary.Privileged.ReadWrite`, `Intermediary.Specialized.Read`, `Intermediary.Specialized.ReadWrite`, `Intermediary.Enterprise.ReadWrite`, `Intermediary.Enterprise.Read`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", + "operationId": "/Api/Defend/Intermediary/:intermediaryId/Type/:securityClass/Offering/AVD/Get", + "parameters": [ + { + "$ref": "#/components/parameters/securityClass" + }, + { + "$ref": "#/components/parameters/intermediaryId" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ObjectPage.Intermediary.Avd" }, - "type": "object", - "required": [ - "audience" - ], - "examples": [ - { - "audience": "00000002-0000-0000-b000-000000000000" + "examples": { + "Paged AVD intermediary result": { + "summary": "Example paged result of a AVD intermediary list", + "description": "An example paged result that represents the current page of retrieved AVD intermediary list from a parent group filtered by specified class.", + "value": { + "@odata.count": 1, + "@odata.nextLink": "1", + "value": [ + { + "id": "e097a3f5-9599-44a2-8923-fd3276c83ae1", + "kind": "AVD", + "name": "Legacy Reach Back", + "securityClass": "Privileged", + "addressRangeCIDR": "172.16.1.0/24", + "assignmentGroup": "68873e26-3c35-465c-9422-0884a00beb36", + "index": 0, + "location": "East US 2", + "resourceId": "/subscriptions/742f0d26-daa0-4f84-8d4f-fb052f89f639/resourceGroups/SHIELD_-_PSM-Legacy_Reach_Back/providers/Microsoft.DesktopVirtualization/hostpools/SHIELD_-_PSM-Cluster-Legacy_Reach_Back", + "sessionHostGroup": "f99f0918-da9b-4c58-9a8d-9346abc5d9ec", + "sessionHostPrefix": "Reach", + "vmSku": "Standard_D2s_v5" + } + ] } - ] + } + } + } }, - "Authenticator.Container.SccAuthCredentials": { - "title": "SHIELD - Authenticator - SCC Auth", - "description": "SHIELD - Defender, and Purview portal Container Credentials", - "type": "object", + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "404": { + "$ref": "#/components/responses/404" + }, + "525": { + "$ref": "#/components/responses/525" + } + }, + "summary": "Retrieves a Single AVD Intermediary Instance", + "tags": ["Intermediary"] + } + }, + "/Api/Defend/Intermediary/{intermediaryId}/Type/{securityClass}/Offering/8a921026-ec06-4e08-af19-8812e161e61f/Assign": { + "delete": { + "description": "Removes the specified user(s) as identified by their Object ID from the AVD cluster and deletes their corresponding session host(s).\n\nThis endpoint requires the `Intermediary.Privileged.ReadWrite`, `Intermediary.Specialized.ReadWrite`, `Intermediary.Enterprise.ReadWrite`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", + "operationId": "/Api/Defend/Intermediary/:intermediaryId/Type/:securityClass/Offering/AVD/Assign/Delete", + "parameters": [ + { + "$ref": "#/components/parameters/securityClass" + }, + { + "$ref": "#/components/parameters/intermediaryId" + } + ], + "requestBody": { + "content": { + "application/json": { + "examples": { + "One user": { + "description": "Removes 1 session host, and removed the requested user from the assignments security group.", + "summary": "Remove Single User", + "value": { + "userList": ["cf5b12a9-b939-4d5c-a380-fb62e4fe88ef"] + } + }, + "Two users": { + "description": "Removes 3 session hosts, and removed the requested users from the assignments security group.", + "summary": "Remove Multiple Users", + "value": { + "userList": [ + "0c56b055-9042-4f54-8e6e-6510e12a81dc", + "dd27937c-6287-45b3-98de-387725b068f3", + "989d3dc1-43f4-4ff7-82ba-43661f94a428" + ] + } + } + }, + "schema": { "properties": { - "authenticatedUpn": { - "description": "User principal name of the user that authenticated to the portals.", - "examples": [ - "user@example.com" - ], - "type": "string", - "format": "email" - }, - "expiration": { - "description": "Point in time at which the whole authentication structure has an expired state and is un-useable.", - "examples": [ - "2024-09-26T18:16:29.340Z" - ], - "type": "string", - "format": "date-time" - }, - "defender": { - "$ref": "#/components/schemas/Authenticator.Container.SccAuthCredentials.CredentialContainer" - }, - "security": { - "$ref": "#/components/schemas/Authenticator.Container.SccAuthCredentials.CredentialContainer" + "userList": { + "items": { + "format": "uuid", + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string" }, - "purview": { - "$ref": "#/components/schemas/Authenticator.Container.SccAuthCredentials.CredentialContainer" - } + "type": "array" + } }, - "required": [ - "authenticatedUpn", - "security", - "purview" - ], - "examples": [ - { - "authenticatedUpn": "user@example.com", - "security": { - "sccAuth": "54BKPtTL-eSMFp5cqYTMMSblm2U80cUJqQgmbe4f_sRn4ammMmU1NKNurn9HqpsUtS4FrMJRTKa3Or_pFbedM_57R0fVBfNJ-m2Pvey9OweWIDradzT0dB1WnufPTJiT2y7zSQy91Y9wJIn1_aY5q-MNh75qwjM84Dng-mYzbd9KqUfyPUolOo-j-... (Truncated)", - "xsrf": "PEDwTvWdm2qSTe-n8h-1praK4OcQK1ELTJ08DWYqBRzQiyA2MIuEKEMNLu4ExjDNpAOUnAxmsqOeuGzb82MJYkegOE6hW8BzpSM6k9nbTbJ4yjNGzMSQvWUnyqrBvGa8JfSRiSeaKdXGBnxGd90Spw2:... (truncated)" - }, - "purview": { - "sccAuth": "54BKPtTL-eSMFp5cqYTMMSblm2U80cUJqQgmbe4f_sRn4ammMmU1NKNurn9HqpsUtS4FrMJRTKa3Or_pFbedM_57R0fVBfNJ-m2Pvey9OweWIDradzT0dB1WnufPTJiT2y7zSQy91Y9wJIn1_aY5q-MNh75qwjM84Dng-mYzbd9KqUfyPUolOo-j-... (Truncated)", - "xsrf": "PEDwTvWdm2qSTe-n8h-1praK4OcQK1ELTJ08DWYqBRzQiyA2MIuEKEMNLu4ExjDNpAOUnAxmsqOeuGzb82MJYkegOE6hW8BzpSM6k9nbTbJ4yjNGzMSQvWUnyqrBvGa8JfSRiSeaKdXGBnxGd90Spw2:... (truncated)" + "type": "object" + } + } + } + }, + "responses": { + "204": { + "description": "OK: Deleted successfully" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "404": { + "$ref": "#/components/responses/404" + }, + "525": { + "$ref": "#/components/responses/525" + } + }, + "summary": "Removes the assignment of the specified users", + "tags": ["Intermediary"] + }, + "get": { + "description": "Gets the list of assigned user from the specified AVD Intermediary.\n\nThis endpoint requires the `Intermediary.Privileged.Read`, `Intermediary.Privileged.ReadWrite`, `Intermediary.Specialized.Read`, `Intermediary.Specialized.ReadWrite`, `Intermediary.Enterprise.ReadWrite`, `Intermediary.Enterprise.Read`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", + "operationId": "/Api/Defend/Intermediary/:intermediaryId/Type/:securityClass/Offering/AVD/Assign/Get", + "parameters": [ + { + "$ref": "#/components/parameters/securityClass" + }, + { + "$ref": "#/components/parameters/intermediaryId" + }, + { + "$ref": "#/components/parameters/nextLink" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ObjectPage.ManagedUser" + }, + "examples": { + "Managed user page": { + "summary": "Example paged user result", + "description": "An example of paged user result that represents the current page of assigned user list retrieved from the specified AVD intermediary.", + "value": { + "@odata.count": 3, + "@odata.nextLink": "2", + "value": [ + { + "creationDate": "2023-10-21T15:24:47.970Z", + "displayName": "Example User (Priv)", + "firstName": "John", + "lastName": "Doe", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "upn": "priv-user@example.com", + "securityClass": "Privileged", + "uiEducation": false, + "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", + "intermediaryAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "siloAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ] }, - "expiration": "2024-09-26T18:16:29.340Z", - "defender": { - "sccAuth": "54BKPtTL-eSMFp5cqYTMMSblm2U80cUJqQgmbe4f_sRn4ammMmU1NKNurn9HqpsUtS4FrMJRTKa3Or_pFbedM_57R0fVBfNJ-m2Pvey9OweWIDradzT0dB1WnufPTJiT2y7zSQy91Y9wJIn1_aY5q-MNh75qwjM84Dng-mYzbd9KqUfyPUolOo-j-... (Truncated)", - "xsrf": "PEDwTvWdm2qSTe-n8h-1praK4OcQK1ELTJ08DWYqBRzQiyA2MIuEKEMNLu4ExjDNpAOUnAxmsqOeuGzb82MJYkegOE6hW8BzpSM6k9nbTbJ4yjNGzMSQvWUnyqrBvGa8JfSRiSeaKdXGBnxGd90Spw2:... (truncated)" + { + "creationDate": "2023-10-21T15:24:47.970Z", + "displayName": "Example User (Priv)", + "firstName": "John", + "lastName": "Doe", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "upn": "priv-user@example.com", + "securityClass": "Privileged", + "uiEducation": false, + "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", + "intermediaryAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "siloAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "deviceAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "generatedPassword": "GY_w7bZUKRgpIXctD0S2wg", + "parentId": "e59a3a64-dc36-4368-80ec-c205eb176ef6", + "temporaryAccessPass": "BCKTSN#E2R&5" } + ] } - ] + } + } + } }, - "Authenticator.Container.SccAuthCredentials.CredentialContainer": { - "title": "SHIELD - Authenticator - SCC Auth - Credential Container", - "description": "Container for the credentials for a single SccAuth authenticated site.", + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "404": { + "$ref": "#/components/responses/404" + }, + "525": { + "$ref": "#/components/responses/525" + } + }, + "summary": "List all assigned users (paginated)", + "tags": ["Intermediary"] + }, + "post": { + "description": "Assigns the specified user(s) as identified by their Object ID to the AVD cluster and create corresponding session host(s) for them.\n\nThis endpoint requires the `Intermediary.Privileged.ReadWrite`, `Intermediary.Specialized.ReadWrite`, `Intermediary.Enterprise.ReadWrite`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", + "operationId": "/Api/Defend/Intermediary/:intermediaryId/Type/:securityClass/Offering/AVD/Assign/Post", + "parameters": [ + { + "$ref": "#/components/parameters/securityClass" + }, + { + "$ref": "#/components/parameters/intermediaryId" + } + ], + "requestBody": { + "content": { + "application/json": { + "examples": { + "One user": { + "description": "Creates 1 session host, and added the requested user to the assignments security group.", + "summary": "Assign Single User", + "value": { + "userList": ["cf5b12a9-b939-4d5c-a380-fb62e4fe88ef"] + } + }, + "Two users": { + "description": "Creates 3 session hosts, and added the requested users to the assignments security group.", + "summary": "Assign Multiple Users", + "value": { + "userList": [ + "0c56b055-9042-4f54-8e6e-6510e12a81dc", + "dd27937c-6287-45b3-98de-387725b068f3", + "989d3dc1-43f4-4ff7-82ba-43661f94a428" + ] + } + } + }, + "schema": { "properties": { - "sccAuth": { - "description": "Authentication token.", - "examples": [ - "54BKPtTL-eSMFp5cqYTMMSblm2U80cUJqQgmbe4f_sRn4ammMmU1NKNurn9HqpsUtS4FrMJRTKa3Or_pFbedM_57R0fVBfNJ-m2Pvey9OweWIDradzT0dB1WnufPTJiT2y7zSQy91Y9wJIn1_aY5q-MNh75qwjM84Dng-mYzbd9KqUfyPUolOo-j-... (Truncated)" - ], - "type": "string" + "userList": { + "items": { + "format": "uuid", + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string", + "examples": ["0c56b055-9042-4f54-8e6e-6510e12a81dc"] }, - "xsrf": { - "description": "Cross Site Request Forgery Prevention Token.", - "examples": [ - "PEDwTvWdm2qSTe-n8h-1praK4OcQK1ELTJ08DWYqBRzQiyA2MIuEKEMNLu4ExjDNpAOUnAxmsqOeuGzb82MJYkegOE6hW8BzpSM6k9nbTbJ4yjNGzMSQvWUnyqrBvGa8JfSRiSeaKdXGBnxGd90Spw2:... (truncated)" - ], - "type": "string" - } + "type": "array", + "examples": [["0c56b055-9042-4f54-8e6e-6510e12a81dc"]] + } }, - "required": [ - "sccAuth", - "xsrf" - ], "type": "object", "examples": [ - { - "sccAuth": "54BKPtTL-eSMFp5cqYTMMSblm2U80cUJqQgmbe4f_sRn4ammMmU1NKNurn9HqpsUtS4FrMJRTKa3Or_pFbedM_57R0fVBfNJ-m2Pvey9OweWIDradzT0dB1WnufPTJiT2y7zSQy91Y9wJIn1_aY5q-MNh75qwjM84Dng-mYzbd9KqUfyPUolOo-j-... (Truncated)", - "xsrf": "PEDwTvWdm2qSTe-n8h-1praK4OcQK1ELTJ08DWYqBRzQiyA2MIuEKEMNLu4ExjDNpAOUnAxmsqOeuGzb82MJYkegOE6hW8BzpSM6k9nbTbJ4yjNGzMSQvWUnyqrBvGa8JfSRiSeaKdXGBnxGd90Spw2:... (truncated)" - } + { + "userList": ["0c56b055-9042-4f54-8e6e-6510e12a81dc"] + } ] - }, - "Discover.ExecutionStatus": { - "title": "Discover - Status", - "description": "Detailed status that indicates the current state of the Discover engine and its progress.", - "type": "object", - "properties": { - "running": { - "description": "Flag that indicates if another run is already in progress or not.", - "type": "boolean", - "examples": [ - true + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "items": { + "$ref": "#/components/schemas/ManagedObject.User" + }, + "minItems": 0, + "type": "array" + }, + "examples": { + "Managed user": { + "summary": "Example managed users returned", + "description": "An example of managed user array returned that represents the users has been assigned to the specified AVD cluster and created corresponding session host successfully.", + "value": [ + { + "creationDate": "2023-10-21T15:24:47.970Z", + "displayName": "Example User (Priv)", + "firstName": "John", + "lastName": "Doe", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "upn": "priv-user@example.com", + "securityClass": "Privileged", + "uiEducation": false, + "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", + "intermediaryAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "siloAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" ] - } + } + ] + } + } + } + }, + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "404": { + "$ref": "#/components/responses/404" + }, + "525": { + "$ref": "#/components/responses/525" + } + }, + "summary": "Assigns the list of specified users", + "tags": ["Intermediary"] + } + }, + "/Api/Defend/Intermediary/{intermediaryId}/Type/{securityClass}/Offering/8a921026-ec06-4e08-af19-8812e161e61f/Assign/{userId}": { + "get": { + "description": "Get the specified managed user(s) from the specified AVD intermediary assignment list.\n\nThis endpoint requires the `Intermediary.Privileged.Read`, `Intermediary.Privileged.ReadWrite`, `Intermediary.Specialized.Read`, `Intermediary.Specialized.ReadWrite`, `Intermediary.Enterprise.ReadWrite`, `Intermediary.Enterprise.Read`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", + "operationId": "/Api/Defend/Intermediary/:intermediaryId/Type/:securityClass/Offering/AVD/Assign/:userId/Get", + "parameters": [ + { + "$ref": "#/components/parameters/securityClass" + }, + { + "$ref": "#/components/parameters/intermediaryId" + }, + { + "$ref": "#/components/parameters/userId" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ObjectPage.ManagedUser" }, - "required": [ - "running" - ], - "examples": [ - { - "running": true + "examples": { + "Assigned users": { + "summary": "Example assigned user list", + "description": "An example paged assigned user list that represents the current page retrieved from specified AVD intermediary assignment list.", + "value": { + "@odata.count": 3, + "@odata.nextLink": "2", + "value": [ + { + "creationDate": "2023-10-21T15:24:47.970Z", + "displayName": "Example User (Priv)", + "firstName": "John", + "lastName": "Doe", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "upn": "priv-user@example.com", + "securityClass": "Privileged", + "uiEducation": false, + "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", + "intermediaryAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "siloAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ] + }, + { + "creationDate": "2023-10-21T15:24:47.970Z", + "displayName": "Example User (Priv)", + "firstName": "John", + "lastName": "Doe", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "upn": "priv-user@example.com", + "securityClass": "Privileged", + "uiEducation": false, + "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", + "intermediaryAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "siloAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "deviceAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "generatedPassword": "GY_w7bZUKRgpIXctD0S2wg", + "parentId": "e59a3a64-dc36-4368-80ec-c205eb176ef6", + "temporaryAccessPass": "BCKTSN#E2R&5" + } + ] } - ] + } + } + } }, - "ManagedObject.Intermediary": { - "description": "Base template for all intermediary objects to inherit from.", + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "404": { + "$ref": "#/components/responses/404" + }, + "525": { + "$ref": "#/components/responses/525" + } + }, + "summary": "Get a specific assigned user", + "tags": ["Intermediary"] + } + }, + "/Api/Defend/Device/{deviceId}/Type/Privileged/Assign": { + "delete": { + "description": "Remove the specified user list from the device.\n\nThis endpoint requires the `Device.Privileged.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", + "operationId": "/Api/Defend/Device/:deviceId/Type/Privileged/Assign/Delete", + "parameters": [ + { + "$ref": "#/components/parameters/deviceId" + } + ], + "requestBody": { + "content": { + "application/json": { + "examples": { + "Multiple Users": { + "description": "Remove multiple user assignments from a managed device.", + "summary": "Unassign multiple users", + "value": { + "userList": [ + "0674276a-31e8-4773-8ed9-6fb49dbd0fa8", + "66714224-b1a6-4fd6-b9d8-5263fdf755fc" + ] + } + }, + "Single User": { + "description": "Remove a single user assignment from a managed device.", + "summary": "Unassign one user", + "value": { + "userList": ["01ebf268-cf28-4607-954a-261dfd480453"] + } + } + }, + "schema": { "properties": { - "id": { - "description": "Read-only.", - "examples": [ - "e097a3f5-9599-44a2-8923-fd3276c83ae1" - ], - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "readOnly": true, - "type": "string" - }, - "kind": { - "description": "Type of Intermediary that the properties are describing.", - "examples": [ - "AVD" - ], - "type": "string" - }, - "name": { - "description": "Human friendly name of the AVD cluster. This will be displayed to end users in the remote desktop app and web portals.", - "examples": [ - "Legacy Reach Back" - ], - "maxLength": 42, - "minLength": 1, - "type": "string" + "userList": { + "items": { + "examples": ["d1bc9d1a-5a30-4d66-898a-1dd300e707bc"], + "format": "uuid", + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string" }, - "securityClass": { - "$ref": "#/components/schemas/SecurityClassList" - } + "type": "array", + "examples": [["d1bc9d1a-5a30-4d66-898a-1dd300e707bc"]] + } }, - "required": [ - "name" - ], - "title": "Intermediary - Base Type", "type": "object", "examples": [ - { - "id": "e097a3f5-9599-44a2-8923-fd3276c83ae1", - "kind": "AVD", - "name": "Legacy Reach Back", - "securityClass": "Privileged" - } + { + "userList": ["d1bc9d1a-5a30-4d66-898a-1dd300e707bc"] + } ] - }, - "ManagedObject.AvdIntermediary": { - "properties": { - "addressRangeCIDR": { - "description": "Optional Virtual Network IP Address range, defaults to 10.0.0.0/16.", - "examples": [ - "172.16.1.0/24" - ], - "type": "string" - }, - "assignmentGroup": { - "description": "Read-only value that the server generates that is the Object ID of the user assignment security group for the current instance of the AVD intermediary.", - "examples": [ - "68873e26-3c35-465c-9422-0884a00beb36" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "items": { + "$ref": "#/components/schemas/ManagedObject.User" + }, + "minItems": 0, + "type": "array" + }, + "examples": { + "Removed user list": { + "summary": "Example removed user list", + "description": "An example array of ManagedObject.User that represents those removed from specific privileged device assignment.", + "value": [ + { + "creationDate": "2023-10-21T15:24:47.970Z", + "displayName": "Example User (Priv)", + "firstName": "John", + "lastName": "Doe", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "upn": "priv-user@example.com", + "securityClass": "Privileged", + "uiEducation": false, + "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", + "intermediaryAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" ], - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "readOnly": true, - "type": "string" - }, - "index": { - "description": "Used to uniquely name multiple session hosts in a single host pool.", - "minimum": 0, - "type": "number", - "examples": [ - 0 + "siloAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" ] - }, - "location": { - "description": "Azure Regions that are available for the configured subscription. Resources will be deployed to the region specified here.", - "examples": [ - "East US 2" - ], - "type": "string" - }, - "resourceId": { - "description": "ID of the Host Pool. This is generated by the server and can't be set, hence the read only flag.", - "examples": [ - "/subscriptions/742f0d26-daa0-4f84-8d4f-fb052f89f639/resourceGroups/SHIELD_-_PSM-Legacy_Reach_Back/providers/Microsoft.DesktopVirtualization/hostpools/SHIELD_-_PSM-Cluster-Legacy_Reach_Back" - ], - "minLength": 122, - "readOnly": true, - "type": "string" - }, - "sessionHostGroup": { - "description": "Read-only value that the server generates that is the Object ID of the session host security group for the current instance of the AVD intermediary.", - "examples": [ - "f99f0918-da9b-4c58-9a8d-9346abc5d9ec" - ], - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "readOnly": true, - "type": "string" - }, - "sessionHostPrefix": { - "description": "Short name to append to the beginning of the session host VMs. The max computer name length is 15, 4 chars are reserved for indexing and 4 for prefixing.", - "examples": [ - "Reach" - ], - "maxLength": 7, - "minLength": 1, - "type": "string" - }, - "vmSku": { - "description": "SKU ID in Azure of the VM session host set that is to be deployed.", - "examples": [ - "Standard_D2s_v5" - ], - "type": "string" - } - }, - "required": [ - "index", - "location", - "sessionHostPrefix", - "vmSku" - ], - "title": "Intermediary - Azure Virtual Desktop", - "type": "object", - "examples": [ - { - "addressRangeCIDR": "172.16.1.0/24", - "assignmentGroup": "68873e26-3c35-465c-9422-0884a00beb36", - "index": 0, - "location": "East US 2", - "resourceId": "/subscriptions/742f0d26-daa0-4f84-8d4f-fb052f89f639/resourceGroups/SHIELD_-_PSM-Legacy_Reach_Back/providers/Microsoft.DesktopVirtualization/hostpools/SHIELD_-_PSM-Cluster-Legacy_Reach_Back", - "sessionHostGroup": "f99f0918-da9b-4c58-9a8d-9346abc5d9ec", - "sessionHostPrefix": "Reach", - "vmSku": "Standard_D2s_v5" - } - ] - }, - "LicenseReport.CorrelationRecord": { - "description": "Metadata that describes the execution session (run) that is used to tie/relate all of the license report together.", - "examples": [ - { - "auditTenantAccount": "priv-user@example.com", - "correlationId": "9d838115-0868-45d4-b8a5-98adc1af7e42", - "reportTenantAccount": "ent-user@example.com", - "tenantId": "7e536189-b2dd-4c8b-98b1-9b174777883f", - "createdAt": "2024-08-01T21:13:12.821Z", - "updatedAt": "2024-08-01T21:13:12.821Z" - } - ], - "properties": { - "auditTenantAccount": { - "description": "The user account used to retrieve the license information in the tenant being audited.", - "examples": [ - "admin-user@example.com" - ], - "format": "email", - "type": "string" - }, - "correlationId": { - "description": "The ID of the execution session (run) that is used to tie/relate all of the data together.", - "examples": [ - "88da2253-758f-4135-9d37-64448c8b65c1" - ], - "format": "uuid", - "type": "string", - "pattern": "^\\w+-\\w+-\\w+-\\w+-\\w+$" - }, - "reportTenantAccount": { - "description": "User account used to store/report the license report to the SHI Lab cloud service.", - "examples": [ - "generic-user@example.com" - ], - "format": "email", - "type": "string" - }, - "tenantId": { - "description": "Unique ID of customer's Microsoft tenant that the license report is for.", - "examples": [ - "0e1fe83f-a33f-4250-8546-225b8d45ae01" - ], - "format": "uuid", - "type": "string", - "pattern": "^\\w+-\\w+-\\w+-\\w+-\\w+$" - }, - "createdAt": { - "description": "Timestamp of when the report was created.", - "examples": [ - "2024-08-01T21:12:22.148Z" - ], - "format": "date-time", - "type": "string" - }, - "updatedAt": { - "description": "Timestamp of when the report was last updated.", - "examples": [ - "2024-08-01T21:12:22.148Z" - ], - "format": "date-time", - "type": "string" - } - }, - "required": [ - "auditTenantAccount" - ], - "title": "License Report - Correlation Record", - "type": "object" + } + ] + } + } + } }, - "LicenseReport.LicenseData": { - "type": "object", - "properties": { - "assignedLicense": { - "additionalProperties": { - "type": "integer", - "examples": [ - 1 - ] - }, - "description": "License assignment on the specified principal.", - "type": "object", - "examples": [ - { - "eec0eb4f-6444-4f95-aba0-50c24d67f998": 1 - } - ] - }, - "assignedService": { - "additionalProperties": { - "oneOf": [ - { - "$ref": "#/components/schemas/LicenseReport.FeatureBreakdown" - }, - { - "type": "integer", - "format": "int32", - "examples": [ - 0 - ] - } - ] - }, - "description": "Service configuration assignment. This is used to record the set of principals that are \"benefiting\" from the service, regardless of license status.", - "type": "object", - "examples": [ - { - "eec0eb4f-6444-4f95-aba0-50c24d67f998": { - "Conditional Access": false, - "Access Review": true, - "Entitlement Management": false, - "Identity Protection": true - } - }, - { - "eec0eb4f-6444-4f95-aba0-50c24d67f998": 0 - } - ] - }, - "consumedService": { - "additionalProperties": { - "oneOf": [ - { - "$ref": "#/components/schemas/LicenseReport.FeatureBreakdown" - }, - { - "type": "integer", - "format": "int32", - "examples": [ - 0 - ] - } - ] - }, - "description": "Usage telemetry retrieved for the service to indicate if the specific principal is consuming the service or not, regardless of license status.", - "type": "object", - "examples": [ - { - "4b0d28f2-c1ce-48ae-a7d2-1caaa7825891": null - }, - { - "eec0eb4f-6444-4f95-aba0-50c24d67f998": { - "Conditional Access": true, - "Access Review": false, - "Entitlement Management": false, - "Identity Protection": true - } - } - ] - } + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "525": { + "$ref": "#/components/responses/525" + } + }, + "summary": "Remove User Assignments", + "tags": ["Device Management"] + }, + "get": { + "description": "Lists all of the users that are currently assigned to the specified device.\n\nThis endpoint requires the `Device.Privileged.Read`, `Device.Privileged.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", + "operationId": "/Api/Defend/Device/:deviceId/Type/Privileged/Assign/Get", + "parameters": [ + { + "$ref": "#/components/parameters/deviceId" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ObjectPage.ManagedUser" }, - "required": [ - "assignedLicense", - "assignedService", - "consumedService" - ], - "description": "Collection of principals that have had their in-use licenses and assigned licenses. Where the key is the principal ID and the value is the insights.", - "examples": [ - { - "assignedLicense": { - "eec0eb4f-6444-4f95-aba0-50c24d67f998": null, - "41781fb2-bc02-4b7c-bd55-b576c07bb09d": null, - "7159f980-6f83-4b67-bf41-e172b3ae1352": null - }, - "assignedService": { - "eec0eb4f-6444-4f95-aba0-50c24d67f998": { - "Conditional Access": false, - "Access Review": true, - "Entitlement Management": false, - "Identity Protection": true - }, - "41781fb2-bc02-4b7c-bd55-b576c07bb09d": { - "Conditional Access": true, - "Dynamic Group": false, - "Group Naming": true, - "On-Prem SSPR": false, - "Group Expiration": true, - "Provisioning Engine": true, - "Enterprise State Roaming": false - }, - "6511755b-c27d-4c66-a59e-b835e6b54e7f": null + "examples": { + "Example response": { + "summary": "Example paged response", + "description": "An example of ObjectPage.ManagedUser returned that represents the list of users assigned to specific privileged device.", + "value": { + "@odata.count": 3, + "@odata.nextLink": "2", + "value": [ + { + "creationDate": "2023-10-21T15:24:47.970Z", + "displayName": "Example User (Priv)", + "firstName": "John", + "lastName": "Doe", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "upn": "priv-user@example.com", + "securityClass": "Privileged", + "uiEducation": false, + "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", + "intermediaryAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "siloAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ] }, - "consumedService": { - "eec0eb4f-6444-4f95-aba0-50c24d67f998": { - "Conditional Access": true, - "Access Review": false, - "Entitlement Management": false, - "Identity Protection": true - }, - "41781fb2-bc02-4b7c-bd55-b576c07bb09d": { - "Conditional Access": true, - "Dynamic Group": false, - "Group Naming": true, - "On-Prem SSPR": false, - "Group Expiration": true, - "Provisioning Engine": true, - "Enterprise State Roaming": false - }, - "4b0d28f2-c1ce-48ae-a7d2-1caaa7825891": null, - "c90f1a25-e6cd-4163-ac6c-ca7616c585a9": null + { + "creationDate": "2023-10-21T15:24:47.970Z", + "displayName": "Example User (Priv)", + "firstName": "John", + "lastName": "Doe", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "upn": "priv-user@example.com", + "securityClass": "Privileged", + "uiEducation": false, + "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", + "intermediaryAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "siloAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "deviceAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "generatedPassword": "GY_w7bZUKRgpIXctD0S2wg", + "parentId": "e59a3a64-dc36-4368-80ec-c205eb176ef6", + "temporaryAccessPass": "BCKTSN#E2R&5" } + ] } - ], - "title": "License Report - License Data" + } + } + } }, - "LicenseReport.FeatureBreakdown": { - "additionalProperties": { - "type": "boolean", - "examples": [ - true + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "525": { + "$ref": "#/components/responses/525" + } + }, + "summary": "List User Assignments", + "tags": ["Device Management"] + }, + "post": { + "description": "Adds the specified list of users to the list of users that are allowed to log in on the specific privileged device.\n\nThis endpoint requires the `Device.Privileged.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", + "operationId": "/Api/Defend/Device/:deviceId/Type/Privileged/Assign/Post", + "parameters": [ + { + "$ref": "#/components/parameters/deviceId" + } + ], + "requestBody": { + "content": { + "application/json": { + "examples": { + "1:1 map": { + "description": "This example is the security best practice of having only one user mapped to a managed device.", + "summary": "1:1 User Mapping", + "value": { + "userList": ["0674276a-31e8-4773-8ed9-6fb49dbd0fa8"] + } + }, + "Multi-User Managed Device": { + "description": "This example is the security best practice of having multiple users mapped to a managed device.", + "summary": "Multi-User Assignment", + "value": { + "userList": [ + "0674276a-31e8-4773-8ed9-6fb49dbd0fa8", + "66714224-b1a6-4fd6-b9d8-5263fdf755fc" ] - }, - "description": "List of features that are configured for the specific service plan's service configuration for the related principal.\nThe key is the name of the feature that is being described.\nThe value is the state of the feature configuration, `true` is in scope and `false` meaning not in scope.", - "examples": [ - { - "Conditional Access": true, - "Access Reviews": true, - "Dynamic Groups": false, - "On-Prem Password Rest": true, - "On-Prem Password Protection": false - } - ], - "title": "License Report - Feature Breakdown", - "type": "object" - }, - "LicenseReport": { - "description": "Completely calculated license report structure that is the result of a complete run.", - "examples": [ - { - "availableLicense": { - "e17b13ee-9749-488b-9289-d31a8fde045d": 123, - "2d995b6a-d4aa-4d8d-a03c-372ecb66509d": 456, - "cbf6ee7c-c3c1-44a6-9f18-020c65536470": 789 - }, - "correlation": { - "auditTenantAccount": "admin-user@example.com", - "correlationId": "88da2253-758f-4135-9d37-64448c8b65c1", - "reportTenantAccount": "generic-user@example.com", - "tenantId": "0e1fe83f-a33f-4250-8546-225b8d45ae01" - }, - "licenseData": { - "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { - "assignedLicense": { - "e17b13ee-9749-488b-9289-d31a8fde045d": null - }, - "assignedService": { - "cbf6ee7c-c3c1-44a6-9f18-020c65536470": null, - "c7bcba35-199c-41e5-8c8d-6d4e4aad8964": null - }, - "consumedService": { - "fe98c41a-d931-4f6f-a5bc-750ba7144a77": null, - "0474bdf1-ee76-4aff-a65c-6f82e5e1d5a6": { - "Something Here": true, - "Other Obscure feature": false - } - } - } - } - } - ], - "type": "object", + } + } + }, + "schema": { "properties": { - "availableLicense": { - "additionalProperties": { - "examples": [ - 1234 - ], - "type": "integer" - }, - "description": "Breakdown of the purchased licenses/service plans available in the tenant being audited for this run. Where the key is the ID of the service plan and the value is how many licenses are available/purchase for it.", - "examples": [ - { - "eec0eb4f-6444-4f95-aba0-50c24d67f998": 1234, - "41781fb2-bc02-4b7c-bd55-b576c07bb09d": 123 - } - ], - "title": "License Report - Available Licenses", - "type": "object" + "userList": { + "items": { + "examples": ["d1bc9d1a-5a30-4d66-898a-1dd300e707bc"], + "format": "uuid", + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string" }, - "correlation": { - "$ref": "#/components/schemas/LicenseReport.CorrelationRecord" - }, - "licenseData": { - "additionalProperties": { - "$ref": "#/components/schemas/LicenseReport.LicenseData" - } - } + "type": "array", + "examples": [["d1bc9d1a-5a30-4d66-898a-1dd300e707bc"]] + } }, - "required": [ - "availableLicense", - "correlation", - "licenseData" - ], - "title": "License Report - Complete Object" - }, - "ManagedObject.Device": { - "title": "Managed Device", - "description": "Structure that represents a all of the states a managed device could be in.", "type": "object", "examples": [ - { - "commissionedDate": "2023-02-04T05:06:09.601Z", - "displayName": "Priv-01534962354", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "parentDeviceId": "81682cf5-0405-491d-8ab8-e07c778d7eaf", - "securityClass": "Privileged", - "uniqueGroupId": "146964e0-8ca4-4af0-9c2a-894b32912463" - } - ], - "properties": { - "commissionedDate": { - "description": "This is the ISO 8601 string format of the time representing the commission date of the PAW.", - "examples": [ - "2023-02-04T05:06:09.601Z" - ], - "format": "date-time", - "type": "string" - }, - "displayName": { - "description": "Current computer name of the device according to Entra ID. Empty string indicates that the device has not joined Entra ID yet.", - "examples": [ - "Priv-01534962354" - ], - "maxLength": 15, - "minLength": 0, - "type": "string" - }, - "id": { - "description": "Entra ID Device ID (Not Object ID) of the specified device.", - "examples": [ - "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf" - ], - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "readOnly": true, - "type": "string" - }, - "parentDeviceId": { - "description": "DeviceID of the parent PAW device.", - "examples": [ - "81682cf5-0405-491d-8ab8-e07c778d7eaf" - ], - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" - }, - "securityClass": { - "$ref": "#/components/schemas/SecurityClassList" - }, - "uniqueGroupId": { - "description": "The object ID of the unique security group that contains the managed Entra ID Device Identity.", - "examples": [ - "146964e0-8ca4-4af0-9c2a-894b32912463" - ], - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "readOnly": true, - "type": "string" - } - }, - "required": [ - "commissionedDate", - "displayName", - "id", - "securityClass", - "uniqueGroupId" - ] - }, - "ManagedObject.PrivilegedDevice": { - "description": "Set of properties that are available on privileged managed device objects only.", - "title": "Managed Device - Privileged", - "type": "object", - "allOf": [ - { - "$ref": "#/components/schemas/ManagedObject.Device" - }, - { - "type": "object", - "properties": { - "groupAssignmentId": { - "description": "This is the ID of the Custom CSP Device Configuration that configures the local admin and local hyper-v group memberships.", - "examples": [ - "830d8b6f-2f6f-41f7-8800-0c07445abd36" - ], - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" - }, - "securityClass": { - "$ref": "#/components/schemas/SecurityClassList" - }, - "userAssignmentId": { - "description": "The ID of the Settings Catalog that contains the user rights assignment of the specified PAW device.", - "examples": [ - "146964e0-8ca4-4af0-9c2a-894b32912463" - ], - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "readOnly": true, - "type": "string" - }, - "userAssignmentList": { - "description": "List of Object IDs for the privileged user accounts that are assigned to this device.", - "examples": [ - [ - "56d0d4e1-96f6-4cfb-a5e9-a4ee923169a8", - "94a9d681-a8d2-43eb-a83b-d4bfe90259ff", - "c54d4854-9254-4689-8a22-1cc80a3dae4e" - ] - ], - "type": "array", - "items": { - "type": "string", - "format": "uuid" - } - } - }, - "required": [ - "groupAssignmentId", - "securityClass", - "userAssignmentId", - "userAssignmentList" - ], - "examples": [ - { - "commissionedDate": "2023-02-04T05:06:09.601Z", - "displayName": "Priv-01534962354", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "parentDeviceId": "81682cf5-0405-491d-8ab8-e07c778d7eaf", - "uniqueGroupId": "146964e0-8ca4-4af0-9c2a-894b32912463", - "groupAssignmentId": "830d8b6f-2f6f-41f7-8800-0c07445abd36", - "securityClass": "Privileged", - "userAssignmentId": "146964e0-8ca4-4af0-9c2a-894b32912463", - "userAssignmentList": [ - "56d0d4e1-96f6-4cfb-a5e9-a4ee923169a8", - "94a9d681-a8d2-43eb-a83b-d4bfe90259ff", - "c54d4854-9254-4689-8a22-1cc80a3dae4e" - ] - } - ] - } + { + "userList": ["d1bc9d1a-5a30-4d66-898a-1dd300e707bc"] + } ] - }, - "ManagedObject.User": { - "title": "Managed User", - "description": "A user object that has limited properties. The user object is generated by combining multiple pieces of metadata from Entra ID and SHIELD.", - "properties": { - "creationDate": { - "description": "A date object representing when the user managed by SHIELD.", - "examples": [ - "2023-10-21T15:24:47.970Z" - ], - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "displayName": { - "description": "The name shown on UIs for the privileged user according to Entra ID.", - "examples": [ - "Example User (Priv)" - ], - "maxLength": 256, - "type": "string" - }, - "firstName": { - "description": "Given name of the privileged user according to Entra ID.", - "maxLength": 64, - "type": "string", - "examples": [ - "John" - ] - }, - "id": { - "description": "The Entra ID Object ID of the managed user. This is the one property that is stored in the settings engine. This is the key in the storage systems to uniquely separate the managed user's data from others.", - "examples": [ - "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf" - ], - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "readOnly": true, - "type": "string" - }, - "intermediaryAssignmentList": { - "type": "array", - "description": "List of intermediaries that the user is assigned to.", - "items": { - "type": "string", - "format": "uuid" - }, - "examples": [ - [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ] - ] - }, - "lastName": { - "description": "Surname/family name of the privileged user according to Entra ID.", - "maxLength": 64, - "type": "string", - "examples": [ - "Doe" - ] - }, - "upn": { - "description": "User principal name of the user object according to Azure Active Directory.", - "examples": [ - "priv-user@example.com" - ], - "format": "email", - "maxLength": 113, - "minLength": 6, - "type": "string" - }, - "securityClass": { - "$ref": "#/components/schemas/SecurityClassList" - }, - "siloAssignmentList": { - "type": "array", - "description": "List of silos that the user is assigned to.", - "items": { - "type": "string", - "format": "uuid" - }, - "examples": [ - [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ] - ] - }, - "uiEducation": { - "description": "Indicates if user education is enabled in the UI for the specified user. True is on, false is off.", - "examples": [ - false - ], - "type": "boolean" - }, - "uniqueGroupId": { - "description": "ObjectID of the unique user group that the managed user is a member of.", - "examples": [ - "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d" - ], - "format": "uuid", - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "readOnly": true, - "type": "string" - } + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "items": { + "$ref": "#/components/schemas/ManagedObject.User" + }, + "minItems": 0, + "type": "array" }, - "required": [ - "creationDate", - "securityClass", - "id", - "intermediaryAssignmentList", - "siloAssignmentList", - "uiEducation", - "uniqueGroupId", - "upn" - ], - "type": "object", - "examples": [ - { + "examples": { + "List of Managed Users": { + "summary": "Users assigned to the privileged device", + "description": "An example of ManagedObject.User array that represents the list of users which successfully assigned to the specified privileged device.", + "value": [ + { "creationDate": "2023-10-21T15:24:47.970Z", "displayName": "Example User (Priv)", "firstName": "John", @@ -1292,3010 +3245,680 @@ "uiEducation": false, "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", "intermediaryAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" ], "siloAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" ] - } - ] + } + ] + } + } + } }, - "ManagedObject.PrivilegedUser": { - "title": "Managed User - Privileged", - "description": "Additional settings that represents a privileged user object. All data in this structure is preserved in the settings engine's permanent storage system.", - "allOf": [ - { - "$ref": "#/components/schemas/ManagedObject.User" - }, - { - "properties": { - "deviceAssignmentList": { - "type": "array", - "description": "List of devices that the privileged users are able to use as endpoints.", - "items": { - "type": "string", - "format": "uuid" - }, - "examples": [ - [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ] - ] - }, - "generatedPassword": { - "description": "The password that was created for the managed user upon managed user creation, this is not stored. This is only available once during user creation. If the password is lost, reset the PWD in Entra ID or have the user perform SSPR.", - "examples": [ - "GY_w7bZUKRgpIXctD0S2wg" - ], - "readOnly": true, - "type": "string" - }, - "parentId": { - "description": "The Entra ID Object ID of the object that the manged user is tied to. This value is only present on privileged users.", - "examples": [ - "e59a3a64-dc36-4368-80ec-c205eb176ef6" - ], - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "readOnly": true, - "type": "string" - }, - "securityClass": { - "$ref": "#/components/schemas/SecurityClassList" - }, - "temporaryAccessPass": { - "description": "A TAP that was created for the managed user upon managed user creation, this is not stored. This is only available once during user creation. TAP expires at the configured tenant expiration time.", - "examples": [ - "BCKTSN#E2R&5" - ], - "readOnly": true, - "type": "string" - } + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "525": { + "$ref": "#/components/responses/525" + } + }, + "summary": "Add User Assignments", + "tags": ["Device Management"] + } + }, + "/Api/Defend/Device/Type/{securityClass}": { + "get": { + "description": "Returns a list of all devices managed or unmanaged.\n\nThis endpoint requires the `Device.Privileged.Read`, `Device.Privileged.ReadWrite`, `Device.Specialized.Read`, `Device.Specialized.ReadWrite`, `Device.Enterprise.ReadWrite`, `Device.Enterprise.Read`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL. When reading the `unmanaged` objects, any security class permission can read them, no need for a specific `unmanaged` class assignment.", + "operationId": "/Api/Defend/Device/Type/:securityClass/Get", + "parameters": [ + { + "$ref": "#/components/parameters/securityClass" + }, + { + "$ref": "#/components/parameters/nextLink" + }, + { + "$ref": "#/components/parameters/search" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ObjectPage.ManagedDevice" + }, + "examples": { + "Managed device list": { + "summary": "Example list of managed devices", + "description": "An example paged result returned that represents a specific page of managed device list.", + "value": { + "@odata.count": 3, + "@odata.nextLink": "2", + "value": [ + { + "commissionedDate": "2023-02-04T05:06:09.601Z", + "displayName": "Priv-01534962354", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "parentDeviceId": "81682cf5-0405-491d-8ab8-e07c778d7eaf", + "securityClass": "Privileged", + "uniqueGroupId": "146964e0-8ca4-4af0-9c2a-894b32912463" }, - "required": [ - "deviceAssignmentList", - "parentId", - "securityClass" - ], - "type": "object" + { + "commissionedDate": "2023-02-04T05:06:09.601Z", + "displayName": "Priv-01534962354", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "parentDeviceId": "81682cf5-0405-491d-8ab8-e07c778d7eaf", + "uniqueGroupId": "146964e0-8ca4-4af0-9c2a-894b32912463", + "groupAssignmentId": "830d8b6f-2f6f-41f7-8800-0c07445abd36", + "securityClass": "Privileged", + "userAssignmentId": "146964e0-8ca4-4af0-9c2a-894b32912463", + "userAssignmentList": [ + "56d0d4e1-96f6-4cfb-a5e9-a4ee923169a8", + "94a9d681-a8d2-43eb-a83b-d4bfe90259ff", + "c54d4854-9254-4689-8a22-1cc80a3dae4e" + ] + } + ] } - ], + } + } + } + }, + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "525": { + "$ref": "#/components/responses/525" + } + }, + "summary": "Get All Devices", + "tags": ["Device Management"] + }, + "post": { + "description": "Commissions a new device, into the device hierarchy and appends appropriate metadata and initial policies. Appends required metadata to proper locations.\n\nThis endpoint requires the `Device.Privileged.ReadWrite`, `Device.Specialized.ReadWrite`, `Device.Enterprise.ReadWrite`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", + "operationId": "/Api/Defend/Device/Type/:securityClass/Post", + "parameters": [ + { + "$ref": "#/components/parameters/securityClass" + } + ], + "requestBody": { + "content": { + "application/json": { + "examples": { + "Request body": { + "value": { + "deviceId": "f7e1a66f-ce2e-4351-83df-2776813ef95d" + }, + "summary": "Example request body", + "description": "An example request body object that represents a request to commission the device specified in the deviceId field." + } + }, + "schema": { + "properties": { + "deviceId": { + "description": "The SHIELD ID (Entra ID Device ID) of the device to target.", + "examples": ["75da7fa4-4a04-44c8-8f2c-c1b2fa29aa51"], + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string" + } + }, + "required": ["deviceId"], + "type": "object", "examples": [ - { - "creationDate": "2023-10-21T15:24:47.970Z", - "displayName": "Example User (Priv)", - "firstName": "John", - "lastName": "Doe", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "upn": "priv-user@example.com", - "securityClass": "Privileged", - "uiEducation": false, - "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", - "intermediaryAssignmentList": [ + { + "deviceId": "f7e1a66f-ce2e-4351-83df-2776813ef95d" + } + ] + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ManagedObject.Device" + }, + "examples": { + "Commissioned managed device": { + "summary": "Example managed device info", + "description": "An example managed device object returned that represents a successfully commissioned device.", + "value": { + "commissionedDate": "2023-02-04T05:06:09.601Z", + "displayName": "Priv-01534962354", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "parentDeviceId": "81682cf5-0405-491d-8ab8-e07c778d7eaf", + "securityClass": "Privileged", + "uniqueGroupId": "146964e0-8ca4-4af0-9c2a-894b32912463" + } + } + } + } + }, + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "404": { + "$ref": "#/components/responses/404" + }, + "525": { + "$ref": "#/components/responses/525" + } + }, + "summary": "Commission a New Device", + "tags": ["Device Management"] + } + }, + "/Api/Defend/Device/{deviceId}/Type/{securityClass}": { + "delete": { + "description": "Removes the device from the management hierarchy, removes metadata tagging and issues the wipe command to the devices.\n\nThis endpoint requires the `Device.Privileged.ReadWrite`, `Device.Specialized.ReadWrite`, `Device.Enterprise.ReadWrite`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", + "operationId": "/Api/Defend/Device/:deviceId/Type/:securityClass/Delete", + "parameters": [ + { + "$ref": "#/components/parameters/securityClass" + }, + { + "$ref": "#/components/parameters/deviceId" + } + ], + "responses": { + "204": { + "description": "OK: Deleted successfully" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "404": { + "$ref": "#/components/responses/404" + }, + "525": { + "$ref": "#/components/responses/525" + } + }, + "summary": "Decommission Specified Device", + "tags": ["Device Management"] + }, + "get": { + "description": "Get the specified managed device by its Entra ID Device ID.\n\nThis endpoint requires the `Device.Privileged.Read`, `Device.Privileged.ReadWrite`, `Device.Specialized.Read`, `Device.Specialized.ReadWrite`, `Device.Enterprise.ReadWrite`, `Device.Enterprise.Read`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", + "operationId": "/Api/Defend/Device/:deviceId/Type/:securityClass/Get", + "parameters": [ + { + "$ref": "#/components/parameters/securityClass" + }, + { + "$ref": "#/components/parameters/deviceId" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ManagedObject.Device" + }, + "examples": { + "Managed device": { + "summary": "Example managed device", + "description": "An example of ManagedObject.Device object returned that represents a managed device queried by a device ID with specified security class.", + "value": { + "commissionedDate": "2023-02-04T05:06:09.601Z", + "displayName": "Priv-01534962354", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "parentDeviceId": "81682cf5-0405-491d-8ab8-e07c778d7eaf", + "securityClass": "Privileged", + "uniqueGroupId": "146964e0-8ca4-4af0-9c2a-894b32912463" + } + } + } + } + }, + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "404": { + "$ref": "#/components/responses/404" + }, + "525": { + "$ref": "#/components/responses/525" + } + }, + "summary": "Get Specified Device by ID", + "tags": ["Device Management"] + } + }, + "/Api/Defend/User/Type/{securityClass}": { + "get": { + "description": "Returns a list of all devices managed or unmanaged.\n\nThis endpoint requires the `User.Privileged.Read`, `User.Privileged.ReadWrite`, `User.Specialized.Read`, `User.Specialized.ReadWrite`, `User.Enterprise.ReadWrite`, `User.Enterprise.Read`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL. When reading the `unmanaged` objects, any security class permission can read them, no need for a specific `unmanaged` class assignment.", + "operationId": "/Api/Defend/User/Type/:securityClass/Get", + "parameters": [ + { + "$ref": "#/components/parameters/securityClass" + }, + { + "$ref": "#/components/parameters/nextLink" + }, + { + "$ref": "#/components/parameters/search" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ObjectPage.ManagedUser" + }, + "examples": { + "Managed user": { + "summary": "Example paged user list", + "description": "An examples of ObjectPage.ManagedUser returned that represents a page of a managed user list.", + "value": { + "@odata.count": 3, + "@odata.nextLink": "2", + "value": [ + { + "creationDate": "2023-10-21T15:24:47.970Z", + "displayName": "Example User (Priv)", + "firstName": "John", + "lastName": "Doe", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "upn": "priv-user@example.com", + "securityClass": "Privileged", + "uiEducation": false, + "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", + "intermediaryAssignmentList": [ "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", "593d97dc-9a43-4bc7-9d79-ecde407d7782", "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "siloAssignmentList": [ + ], + "siloAssignmentList": [ "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", "593d97dc-9a43-4bc7-9d79-ecde407d7782", "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "deviceAssignmentList": [ + ] + }, + { + "creationDate": "2023-10-21T15:24:47.970Z", + "displayName": "Example User (Priv)", + "firstName": "John", + "lastName": "Doe", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "upn": "priv-user@example.com", + "securityClass": "Privileged", + "uiEducation": false, + "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", + "intermediaryAssignmentList": [ "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", "593d97dc-9a43-4bc7-9d79-ecde407d7782", "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "generatedPassword": "GY_w7bZUKRgpIXctD0S2wg", - "parentId": "e59a3a64-dc36-4368-80ec-c205eb176ef6", - "temporaryAccessPass": "BCKTSN#E2R&5" - } - ] - }, - "ObjectPage.Intermediary.Avd": { - "properties": { - "@odata.count": { - "type": "number", - "examples": [ - 0 - ] - }, - "@odata.nextLink": { - "type": "string", - "examples": [ - "3" - ] - }, - "value": { - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/ManagedObject.Intermediary" - }, - { - "properties": { - "properties": { - "$ref": "#/components/schemas/ManagedObject.AvdIntermediary" - } - }, - "type": "object" - } - ] - }, - "minItems": 0, - "type": "array", - "examples": [ - { - "id": "e097a3f5-9599-44a2-8923-fd3276c83ae1", - "kind": "AVD", - "name": "Legacy Reach Back", - "securityClass": "Privileged", - "addressRangeCIDR": "172.16.1.0/24", - "assignmentGroup": "68873e26-3c35-465c-9422-0884a00beb36", - "index": 0, - "location": "East US 2", - "resourceId": "/subscriptions/742f0d26-daa0-4f84-8d4f-fb052f89f639/resourceGroups/SHIELD_-_PSM-Legacy_Reach_Back/providers/Microsoft.DesktopVirtualization/hostpools/SHIELD_-_PSM-Cluster-Legacy_Reach_Back", - "sessionHostGroup": "f99f0918-da9b-4c58-9a8d-9346abc5d9ec", - "sessionHostPrefix": "Reach", - "vmSku": "Standard_D2s_v5" - } - ] - } - }, - "examples": [ - { - "@odata.count": 1, - "@odata.nextLink": "1", - "value": [ - { - "id": "e097a3f5-9599-44a2-8923-fd3276c83ae1", - "kind": "AVD", - "name": "Legacy Reach Back", - "securityClass": "Privileged", - "addressRangeCIDR": "172.16.1.0/24", - "assignmentGroup": "68873e26-3c35-465c-9422-0884a00beb36", - "index": 0, - "location": "East US 2", - "resourceId": "/subscriptions/742f0d26-daa0-4f84-8d4f-fb052f89f639/resourceGroups/SHIELD_-_PSM-Legacy_Reach_Back/providers/Microsoft.DesktopVirtualization/hostpools/SHIELD_-_PSM-Cluster-Legacy_Reach_Back", - "sessionHostGroup": "f99f0918-da9b-4c58-9a8d-9346abc5d9ec", - "sessionHostPrefix": "Reach", - "vmSku": "Standard_D2s_v5" - } - ] - } - ], - "required": [ - "value" - ], - "title": "Page of AVD Intermediary Objects", - "type": "object" - }, - "ObjectPage.ManagedDevice": { - "properties": { - "@odata.count": { - "type": "number", - "examples": [ - 3 - ] - }, - "@odata.nextLink": { - "type": "string", - "examples": [ - "2" - ] - }, - "value": { - "items": { - "oneOf": [ - { - "$ref": "#/components/schemas/ManagedObject.Device" - }, - { - "$ref": "#/components/schemas/ManagedObject.PrivilegedDevice" - } - ] - }, - "minItems": 0, - "type": "array", - "examples": [ - { - "commissionedDate": "2023-02-04T05:06:09.601Z", - "displayName": "Priv-01534962354", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "parentDeviceId": "81682cf5-0405-491d-8ab8-e07c778d7eaf", - "securityClass": "Privileged", - "uniqueGroupId": "146964e0-8ca4-4af0-9c2a-894b32912463" - }, - { - "commissionedDate": "2023-02-04T05:06:09.601Z", - "displayName": "Priv-01534962354", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "parentDeviceId": "81682cf5-0405-491d-8ab8-e07c778d7eaf", - "uniqueGroupId": "146964e0-8ca4-4af0-9c2a-894b32912463", - "groupAssignmentId": "830d8b6f-2f6f-41f7-8800-0c07445abd36", - "securityClass": "Privileged", - "userAssignmentId": "146964e0-8ca4-4af0-9c2a-894b32912463", - "userAssignmentList": [ - "56d0d4e1-96f6-4cfb-a5e9-a4ee923169a8", - "94a9d681-a8d2-43eb-a83b-d4bfe90259ff", - "c54d4854-9254-4689-8a22-1cc80a3dae4e" - ] - } - ] - } - }, - "required": [ - "value" - ], - "title": "Page of Managed Device Objects", - "type": "object", - "examples": [ - { - "@odata.count": 3, - "@odata.nextLink": "2", - "value": [ - { - "commissionedDate": "2023-02-04T05:06:09.601Z", - "displayName": "Priv-01534962354", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "parentDeviceId": "81682cf5-0405-491d-8ab8-e07c778d7eaf", - "securityClass": "Privileged", - "uniqueGroupId": "146964e0-8ca4-4af0-9c2a-894b32912463" - }, - { - "commissionedDate": "2023-02-04T05:06:09.601Z", - "displayName": "Priv-01534962354", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "parentDeviceId": "81682cf5-0405-491d-8ab8-e07c778d7eaf", - "uniqueGroupId": "146964e0-8ca4-4af0-9c2a-894b32912463", - "groupAssignmentId": "830d8b6f-2f6f-41f7-8800-0c07445abd36", - "securityClass": "Privileged", - "userAssignmentId": "146964e0-8ca4-4af0-9c2a-894b32912463", - "userAssignmentList": [ - "56d0d4e1-96f6-4cfb-a5e9-a4ee923169a8", - "94a9d681-a8d2-43eb-a83b-d4bfe90259ff", - "c54d4854-9254-4689-8a22-1cc80a3dae4e" - ] - } - ] - } - ] - }, - "ObjectPage.ManagedUser": { - "properties": { - "@odata.count": { - "type": "number", - "examples": [ - 3 - ] - }, - "@odata.nextLink": { - "type": "string", - "examples": [ - "2" - ] - }, - "value": { - "items": { - "oneOf": [ - { - "$ref": "#/components/schemas/ManagedObject.User" - }, - { - "$ref": "#/components/schemas/ManagedObject.PrivilegedUser" - } - ] - }, - "minItems": 0, - "type": "array", - "examples": [ - { - "creationDate": "2023-10-21T15:24:47.970Z", - "displayName": "Example User (Priv)", - "firstName": "John", - "lastName": "Doe", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "upn": "priv-user@example.com", - "securityClass": "Privileged", - "uiEducation": false, - "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", - "intermediaryAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "siloAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ] - }, - { - "creationDate": "2023-10-21T15:24:47.970Z", - "displayName": "Example User (Priv)", - "firstName": "John", - "lastName": "Doe", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "upn": "priv-user@example.com", - "securityClass": "Privileged", - "uiEducation": false, - "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", - "intermediaryAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "siloAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "deviceAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "generatedPassword": "GY_w7bZUKRgpIXctD0S2wg", - "parentId": "e59a3a64-dc36-4368-80ec-c205eb176ef6", - "temporaryAccessPass": "BCKTSN#E2R&5" - } - ] - } - }, - "required": [ - "value" - ], - "title": "Page of Managed User Objects", - "type": "object", - "examples": [ - { - "@odata.count": 3, - "@odata.nextLink": "2", - "value": [ - { - "creationDate": "2023-10-21T15:24:47.970Z", - "displayName": "Example User (Priv)", - "firstName": "John", - "lastName": "Doe", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "upn": "priv-user@example.com", - "securityClass": "Privileged", - "uiEducation": false, - "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", - "intermediaryAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "siloAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ] - }, - { - "creationDate": "2023-10-21T15:24:47.970Z", - "displayName": "Example User (Priv)", - "firstName": "John", - "lastName": "Doe", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "upn": "priv-user@example.com", - "securityClass": "Privileged", - "uiEducation": false, - "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", - "intermediaryAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "siloAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "deviceAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "generatedPassword": "GY_w7bZUKRgpIXctD0S2wg", - "parentId": "e59a3a64-dc36-4368-80ec-c205eb176ef6", - "temporaryAccessPass": "BCKTSN#E2R&5" - } - ] - } - ] - }, - "SecurityClassList": { - "description": "Security class types as described in https://learn.microsoft.com/en-us/security/compass/privileged-access-security-levels.", - "enum": [ - "Privileged", - "Specialized", - "Enterprise", - "Unmanaged" - ], - "examples": [ - "Privileged" - ], - "title": "Type of security class the object(s) belongs to", - "type": "string" - } - }, - "securitySchemes": { - "EntraID": { - "type": "http", - "scheme": "bearer", - "bearerFormat": "JWT", - "description": "The Access Token from Entra ID for the `SHIELD - End User Login` Enterprise App (may need to be created from the App Registration)." - } - } - }, - "externalDocs": { - "description": "Official Documentation", - "url": "https://docs.shilab.com" - }, - "info": { - "contact": { - "email": "elliot_huffman@shi.com", - "name": "SHI - Lab" - }, - "description": "Deprive your threats of practical significance. Deploy the Securing Privilege Access architecture. All in a few seconds.", - "title": "SHI Environment Lockdown and Defense", - "version": "3.0.4" - }, - "openapi": "3.1.0", - "paths": { - "/Api/Core/SystemRequirements": { - "get": { - "description": "Provides a detailed breakdown of if the system requirements are being met for the various components of the SHIELD.", - "operationId": "/Api/Core/SystemRequirements/Get", - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Core.SystemRequirements" - }, - "examples": { - "System Requirement": { - "value": { - "authenticatorPermissions": true, - "azurePermissions": false, - "defendEntitlement": true, - "deployEntitlement": false, - "discoverEntitlement": true, - "msGraphPermissions": false, - "dataGatewayPermissions": false, - "entraDirectoryRole": false - }, - "summary": "Example system requirement object returned form the API endpoint", - "description": "An example that indicates:
- Azure RBAC assignment(s) are not present.
- SHIELD Defend licenses are present.
- SHIELD Deploy licenses are present.
- SHIELD Discover licenses are present.
- Permissions for the Microsoft Graph API have not been configured properly.
- Permissions for the SHI - Data Gateway have not been configured properly.
- Permissions for Entra Directory Role assignment have not been configured properly." - } - } - } - }, - "description": "OK" - } - }, - "tags": [ - "Core" - ], - "security": [], - "summary": "Indicates if the System Requirements are met or not." - } - }, - "/Api/Auth/Id": { - "get": { - "description": "Provides the Tenant ID and the Application ID of the service principal that access tokens need to be issued against. This is also useful for configuring public clients to be able to authenticate to for auth code flows.", - "operationId": "/Api/Auth/Id/Get", - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "properties": { - "appId": { - "description": "Application ID that should be used in Access Tokens as the audience and the endpoint necessary for auth code flows.", - "type": "string", - "format": "uuid", - "examples": [ - "85cbe72b-3215-48bc-9eeb-fa7896c31498" - ] - }, - "tenantId": { - "description": "Tenant ID necessary for authority host URL configuration and UI customization.", - "type": "string", - "format": "uuid", - "examples": [ - "3fa85f64-5717-4562-b3fc-2c963f66afa6" - ] - } - }, - "type": "object", - "required": [ - "appId", - "tenantId" - ] - }, - "examples": { - "valid request": { - "value": { - "appId": "85cbe72b-3215-48bc-9eeb-fa7896c31498", - "tenantId": "3fa85f64-5717-4562-b3fc-2c963f66afa6" - }, - "summary": "Example request object", - "description": "An example request object to retrieve the IDs required to authenticate." - } - } - } - }, - "description": "OK" - }, - "525": { - "$ref": "#/components/responses/525" - } - }, - "tags": [ - "Authentication" - ], - "security": [], - "summary": "Retrieves the IDs required to authenticate." - } - }, - "/Api/Auth/Authenticator": { - "get": { - "summary": "Provides Attestation for Authenticator App", - "description": "Provides the attestation to the authenticator that this endpoint is authorized for receiving credentials from the authenticator.\n\nThis endpoint requires the `Authentication.Actions.Attest`, or the `Everything.ReadWrite` scope (permission).", - "operationId": "/Api/Auth/Authenticator/GetAttest", - "responses": { - "200": { - "content": { - "text/plain": { - "schema": { - "description": "Access token that SHIELD uses to prove it is a valid recipient of credentials.", - "type": "string", - "examples": [ - "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik1jN2wzSXo5M2c3dXdnTmVFbW13X1dZR1BrbyJ9.eyJhdWQiOiJjYjU5ZjIyOC0wNjkwLTRhY2ItOWE3Yi0wMGMzNmEyZjRlOGQiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vMmQxMDJkYTktZDExZS00YTgwLTkwMjItYzQxOGZhNDg1NGM3L3YyLjAiLCJpYXQiOjE3MjczNjgzODQsIm5iZiI6MTcyNzM2ODM4NCwiZXhwIjoxNzI3MzcyMjg0LCJhaW8iOiJBU1FBMi84WUFBQUFSN0hyaW5XTmRwcisvdnoreWlkZER6WVExeFRpc3BSZGY4TG1XNjhRaE0wPSIsImF6cCI6IjRlODU5MTQ2LWY5M2UtNDlmMi05ODZmLWI3MjIyNmZjZDViOSIsImF6cGFjciI6IjEiLCJvaWQiOiJlMmRlNzQ0ZC1hZjVlLTQ4NDEtYmI4Zi02OTRkZDI1ZmVmNGQiLCJyaCI6IjAuQWNvQXFTMFFMUjdSZ0VxUUlzUVkta2hVeHlqeVdjdVFCc3RLbW5zQXcyb3ZUbzM2QUFBLiIsInJvbGVzIjpbIkF1dGhlbnRpY2F0b3IuQXR0ZXN0Il0sInN1YiI6ImUyZGU3NDRkLWFmNWUtNDg0MS1iYjhmLTY5NGRkMjVmZWY0ZCIsInRpZCI6IjJkMTAyZGE5LWQxMWUtNGE4MC05MDIyLWM0MThmYTQ4NTRjNyIsInV0aSI6Il9MaUdVWWxmS2txNFZoR09NeGw4QUEiLCJ2ZXIiOiIyLjAifQ.xlXZfOnDoOVW3_aOiSIZH8uiySeohro-HVnDzDEff2EjmOk9adrTOP5Sw1av6g3vy38r6dSu4tViwNGrb7Z2krgRKKvp-4A9rkPqeJjjd2rhFl2KiOlxL0mmykbroZZ70RJzwHy2GC7wfuLwJwr-5m7POV2grbxIAlTsMdZWDFXYi-AahfDVtLugarWG5-tXAqiPBKjaU6ntAJIbu7Ol1vYZaeYMsNKTs8O1P10YM460zN9OkfoI1gV7_InHEr8RSyQnEPCJ2W1Or4lDhqdey4ohMoP9EzLgMsn9Ckss5g5C6vVE0GQawUoeGozPOBpgb31J8JzZUyB1JyVfi-vKkQ" - ] - }, - "examples": { - "valid access token": { - "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik1jN2wzSXo5M2c3dXdnTmVFbW13X1dZR1BrbyJ9.eyJhdWQiOiJjYjU5ZjIyOC0wNjkwLTRhY2ItOWE3Yi0wMGMzNmEyZjRlOGQiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vMmQxMDJkYTktZDExZS00YTgwLTkwMjItYzQxOGZhNDg1NGM3L3YyLjAiLCJpYXQiOjE3MjczNjgzODQsIm5iZiI6MTcyNzM2ODM4NCwiZXhwIjoxNzI3MzcyMjg0LCJhaW8iOiJBU1FBMi84WUFBQUFSN0hyaW5XTmRwcisvdnoreWlkZER6WVExeFRpc3BSZGY4TG1XNjhRaE0wPSIsImF6cCI6IjRlODU5MTQ2LWY5M2UtNDlmMi05ODZmLWI3MjIyNmZjZDViOSIsImF6cGFjciI6IjEiLCJvaWQiOiJlMmRlNzQ0ZC1hZjVlLTQ4NDEtYmI4Zi02OTRkZDI1ZmVmNGQiLCJyaCI6IjAuQWNvQXFTMFFMUjdSZ0VxUUlzUVkta2hVeHlqeVdjdVFCc3RLbW5zQXcyb3ZUbzM2QUFBLiIsInJvbGVzIjpbIkF1dGhlbnRpY2F0b3IuQXR0ZXN0Il0sInN1YiI6ImUyZGU3NDRkLWFmNWUtNDg0MS1iYjhmLTY5NGRkMjVmZWY0ZCIsInRpZCI6IjJkMTAyZGE5LWQxMWUtNGE4MC05MDIyLWM0MThmYTQ4NTRjNyIsInV0aSI6Il9MaUdVWWxmS2txNFZoR09NeGw4QUEiLCJ2ZXIiOiIyLjAifQ.xlXZfOnDoOVW3_aOiSIZH8uiySeohro-HVnDzDEff2EjmOk9adrTOP5Sw1av6g3vy38r6dSu4tViwNGrb7Z2krgRKKvp-4A9rkPqeJjjd2rhFl2KiOlxL0mmykbroZZ70RJzwHy2GC7wfuLwJwr-5m7POV2grbxIAlTsMdZWDFXYi-AahfDVtLugarWG5-tXAqiPBKjaU6ntAJIbu7Ol1vYZaeYMsNKTs8O1P10YM460zN9OkfoI1gV7_InHEr8RSyQnEPCJ2W1Or4lDhqdey4ohMoP9EzLgMsn9Ckss5g5C6vVE0GQawUoeGozPOBpgb31J8JzZUyB1JyVfi-vKkQ", - "summary": "Example valid access token", - "description": "An example string that represents the access token that SHIELD uses to prove it is a valid recipient of credentials." - } - } - } - }, - "description": "OK" - } - }, - "tags": [ - "Authentication" - ] - } - }, - "/Api/Auth/Authenticator/Cache/Status": { - "get": { - "summary": "Indicates if SHIELD is waiting for any credentials.", - "description": "Provides a breakdown view of if SHIELD is waiting for any specific type of credential or credentials.\n\nThis endpoint requires the `Authentication.Read`, `Authentication.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", - "operationId": "/Api/Auth/Authenticator/Cache/Status/Get", - "responses": { - "200": { - "content": { - "application/json": { - "examples": [{ - "Waiting on Nothing": { - "summary": "Not waiting for credentials", - "description": "No credentials are being requested at the moment.", - "value": { - "accessToken": false, - "sccAuth": false - } - }, - "Waiting on Access Token": { - "summary": "Waiting on access token", - "description": "Waiting on an Access Token with the Audience of the Legacy Windows Graph API.", - "value": { - "accessToken": { - "audience": "00000002-0000-0000-c000-000000000000" - }, - "sccAuth": false - } - }, - "Waiting on SccAuth": { - "summary": "Waiting on an SCC Auth data", - "description": "Waiting on an SCC Auth data from the SHIELD - Authenticator App.", - "value": { - "accessToken": false, - "sccAuth": true - } - } - }], - "schema": { - "$ref": "#/components/schemas/Authenticator.RequestStatus" - } - } - }, - "description": "OK" - } - }, - "tags": [ - "Authentication" - ] - } - }, - "/Api/Auth/Authenticator/Cache/SccAuth": { - "post": { - "description": "Configure SHIELD to use the specific SCC Auth credentials from the authenticator app to run web requests on behalf of the end user.\n\nThis endpoint requires the `Authentication.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", - "operationId": "/Api/Auth/Authenticator/Cache/SccAuth/Post", - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Authenticator.Container.SccAuthCredentials" - }, - "examples": { - "valid Scc Auth credentials": { - "value": { - "authenticatedUpn": "user@example.com", - "security": { - "sccAuth": "54BKPtTL-eSMFp5cqYTMMSblm2U80cUJqQgmbe4f_sRn4ammMmU1NKNurn9HqpsUtS4FrMJRTKa3Or_pFbedM_57R0fVBfNJ-m2Pvey9OweWIDradzT0dB1WnufPTJiT2y7zSQy91Y9wJIn1_aY5q-MNh75qwjM84Dng-mYzbd9KqUfyPUolOo-j-... (Truncated)", - "xsrf": "PEDwTvWdm2qSTe-n8h-1praK4OcQK1ELTJ08DWYqBRzQiyA2MIuEKEMNLu4ExjDNpAOUnAxmsqOeuGzb82MJYkegOE6hW8BzpSM6k9nbTbJ4yjNGzMSQvWUnyqrBvGa8JfSRiSeaKdXGBnxGd90Spw2:... (truncated)" - }, - "purview": { - "sccAuth": "54BKPtTL-eSMFp5cqYTMMSblm2U80cUJqQgmbe4f_sRn4ammMmU1NKNurn9HqpsUtS4FrMJRTKa3Or_pFbedM_57R0fVBfNJ-m2Pvey9OweWIDradzT0dB1WnufPTJiT2y7zSQy91Y9wJIn1_aY5q-MNh75qwjM84Dng-mYzbd9KqUfyPUolOo-j-... (Truncated)", - "xsrf": "PEDwTvWdm2qSTe-n8h-1praK4OcQK1ELTJ08DWYqBRzQiyA2MIuEKEMNLu4ExjDNpAOUnAxmsqOeuGzb82MJYkegOE6hW8BzpSM6k9nbTbJ4yjNGzMSQvWUnyqrBvGa8JfSRiSeaKdXGBnxGd90Spw2:... (truncated)" - }, - "expiration": "2024-09-26T18:16:29.340Z", - "defender": { - "sccAuth": "54BKPtTL-eSMFp5cqYTMMSblm2U80cUJqQgmbe4f_sRn4ammMmU1NKNurn9HqpsUtS4FrMJRTKa3Or_pFbedM_57R0fVBfNJ-m2Pvey9OweWIDradzT0dB1WnufPTJiT2y7zSQy91Y9wJIn1_aY5q-MNh75qwjM84Dng-mYzbd9KqUfyPUolOo-j-... (Truncated)", - "xsrf": "PEDwTvWdm2qSTe-n8h-1praK4OcQK1ELTJ08DWYqBRzQiyA2MIuEKEMNLu4ExjDNpAOUnAxmsqOeuGzb82MJYkegOE6hW8BzpSM6k9nbTbJ4yjNGzMSQvWUnyqrBvGa8JfSRiSeaKdXGBnxGd90Spw2:... (truncated)" - } - }, - "summary": "Example Scc Auth credentials", - "description": "An example of valid Scc Auth credentials used to configure SHIELD." - } - } - } - } - }, - "responses": { - "204": { - "description": "Credential was successfully stored" - } - }, - "summary": "Provide Your SHIELD Authenticator Credentials - SCC Auth", - "tags": [ - "Authentication" - ] - } - }, - "/Api/Auth/Authenticator/Cache/AccessToken": { - "post": { - "summary": "Provide Your SHIELD Authenticator Credentials - Access Token", - "description": "Configure SHIELD to use the specific Access Token credentials from the authenticator app to run web requests on behalf of the end user.\n\nThis endpoint requires the `Authentication.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", - "operationId": "/Api/Auth/Authenticator/Cache/AccessToken/Post", - "requestBody": { - "content": { - "application/json": { - "schema": { - "description": "Access Token to be stored in the SHIELD authentication engine.", - "type": "object", - "properties": { - "token": { - "description": "This is transmitted as a property instead of a raw string as the body parser ignores it in Express.JS. Functionally identical though.", - "type": "string", - "examples": [ - "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik1jN2wzSXo5M2c3dXdnTmVFbW13X1dZR1BrbyJ9.eyJhdWQiOiI0YzQwMjgxYi1hMzA1LTRhYWYtOTBhNC1kNWJiZWU2ZWI4ZWQiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vMmQxMDJkYTktZDExZS00YTgwLTkwMjItYzQxOGZhNDg1NGM3L3YyLjAiLCJpYXQiOjE3MjczNzUzNzMsIm5iZiI6MTcyNzM3NTM3MywiZXhwIjoxNzI3Mzc5MjczLCJhaW8iOiJrMkJnWU9BM1ByL2lTc2loRmYzeU9uVk40UTZOc1dsZnRnWEhoMW5HYm5saWVuS1hRZ2tBIiwiYXpwIjoiNGU4NTkxNDYtZjkzZS00OWYyLTk4NmYtYjcyMjI2ZmNkNWI5IiwiYXpwYWNyIjoiMSIsIm9pZCI6ImUyZGU3NDRkLWFmNWUtNDg0MS1iYjhmLTY5NGRkMjVmZWY0ZCIsInJoIjoiMC5BY29BcVMwUUxSN1JnRXFRSXNRWS1raFV4eHNvUUV3Rm82OUtrS1RWdS01dXVPMzZBQUEuIiwicm9sZXMiOlsiVGVsZW1ldHJ5LlNvcC5SZWFkV3JpdGUiLCJMaWNlbnNlUmVwb3J0LlJlYWRXcml0ZSJdLCJzdWIiOiJlMmRlNzQ0ZC1hZjVlLTQ4NDEtYmI4Zi02OTRkZDI1ZmVmNGQiLCJ0aWQiOiIyZDEwMmRhOS1kMTFlLTRhODAtOTAyMi1jNDE4ZmE0ODU0YzciLCJ1dGkiOiJfTGlHVVlsZktrcTRWaEdPXzNpRkFBIiwidmVyIjoiMi4wIn0.CZMOfyo5Lo1Km8bgWtOw8f30n1AZ5HJQ-StyIPr_P_eEjanzHVSEiRsHweNATW0GQFfLs0lGH43xztFcNNepu7CctyEzoktJ-9De2mMLIMJviF1rlB19mxH3a3hUSPZuPeYPPONkYtjL4fZj0mCYcALoq-orc0Oswg0l3fatbS7a-DAgxZdLHa6M7OtXksMlMXwooxmocOQeg_zhpko1zyuzSsVwNrz1uMZYpivwaM1ImWZiqgjMc1NWCN2Co1nYNuvxg6Chcr0OOsPRaXayfzrP7IlsZIg5Itg9lrqN0cjT3t8GSejL2P8HmfPcYftlqOobCesjSfBthir5hGUoNA" - ] - } - }, - "examples": [ - { - "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik1jN2wzSXo5M2c3dXdnTmVFbW13X1dZR1BrbyJ9.eyJhdWQiOiI0YzQwMjgxYi1hMzA1LTRhYWYtOTBhNC1kNWJiZWU2ZWI4ZWQiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vMmQxMDJkYTktZDExZS00YTgwLTkwMjItYzQxOGZhNDg1NGM3L3YyLjAiLCJpYXQiOjE3MjczNzUzNzMsIm5iZiI6MTcyNzM3NTM3MywiZXhwIjoxNzI3Mzc5MjczLCJhaW8iOiJrMkJnWU9BM1ByL2lTc2loRmYzeU9uVk40UTZOc1dsZnRnWEhoMW5HYm5saWVuS1hRZ2tBIiwiYXpwIjoiNGU4NTkxNDYtZjkzZS00OWYyLTk4NmYtYjcyMjI2ZmNkNWI5IiwiYXpwYWNyIjoiMSIsIm9pZCI6ImUyZGU3NDRkLWFmNWUtNDg0MS1iYjhmLTY5NGRkMjVmZWY0ZCIsInJoIjoiMC5BY29BcVMwUUxSN1JnRXFRSXNRWS1raFV4eHNvUUV3Rm82OUtrS1RWdS01dXVPMzZBQUEuIiwicm9sZXMiOlsiVGVsZW1ldHJ5LlNvcC5SZWFkV3JpdGUiLCJMaWNlbnNlUmVwb3J0LlJlYWRXcml0ZSJdLCJzdWIiOiJlMmRlNzQ0ZC1hZjVlLTQ4NDEtYmI4Zi02OTRkZDI1ZmVmNGQiLCJ0aWQiOiIyZDEwMmRhOS1kMTFlLTRhODAtOTAyMi1jNDE4ZmE0ODU0YzciLCJ1dGkiOiJfTGlHVVlsZktrcTRWaEdPXzNpRkFBIiwidmVyIjoiMi4wIn0.CZMOfyo5Lo1Km8bgWtOw8f30n1AZ5HJQ-StyIPr_P_eEjanzHVSEiRsHweNATW0GQFfLs0lGH43xztFcNNepu7CctyEzoktJ-9De2mMLIMJviF1rlB19mxH3a3hUSPZuPeYPPONkYtjL4fZj0mCYcALoq-orc0Oswg0l3fatbS7a-DAgxZdLHa6M7OtXksMlMXwooxmocOQeg_zhpko1zyuzSsVwNrz1uMZYpivwaM1ImWZiqgjMc1NWCN2Co1nYNuvxg6Chcr0OOsPRaXayfzrP7IlsZIg5Itg9lrqN0cjT3t8GSejL2P8HmfPcYftlqOobCesjSfBthir5hGUoNA" - } - ] - }, - "examples": { - "Valid request body": { - "value": { - "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik1jN2wzSXo5M2c3dXdnTmVFbW13X1dZR1BrbyJ9.eyJhdWQiOiI0YzQwMjgxYi1hMzA1LTRhYWYtOTBhNC1kNWJiZWU2ZWI4ZWQiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vMmQxMDJkYTktZDExZS00YTgwLTkwMjItYzQxOGZhNDg1NGM3L3YyLjAiLCJpYXQiOjE3MjczNzUzNzMsIm5iZiI6MTcyNzM3NTM3MywiZXhwIjoxNzI3Mzc5MjczLCJhaW8iOiJrMkJnWU9BM1ByL2lTc2loRmYzeU9uVk40UTZOc1dsZnRnWEhoMW5HYm5saWVuS1hRZ2tBIiwiYXpwIjoiNGU4NTkxNDYtZjkzZS00OWYyLTk4NmYtYjcyMjI2ZmNkNWI5IiwiYXpwYWNyIjoiMSIsIm9pZCI6ImUyZGU3NDRkLWFmNWUtNDg0MS1iYjhmLTY5NGRkMjVmZWY0ZCIsInJoIjoiMC5BY29BcVMwUUxSN1JnRXFRSXNRWS1raFV4eHNvUUV3Rm82OUtrS1RWdS01dXVPMzZBQUEuIiwicm9sZXMiOlsiVGVsZW1ldHJ5LlNvcC5SZWFkV3JpdGUiLCJMaWNlbnNlUmVwb3J0LlJlYWRXcml0ZSJdLCJzdWIiOiJlMmRlNzQ0ZC1hZjVlLTQ4NDEtYmI4Zi02OTRkZDI1ZmVmNGQiLCJ0aWQiOiIyZDEwMmRhOS1kMTFlLTRhODAtOTAyMi1jNDE4ZmE0ODU0YzciLCJ1dGkiOiJfTGlHVVlsZktrcTRWaEdPXzNpRkFBIiwidmVyIjoiMi4wIn0.CZMOfyo5Lo1Km8bgWtOw8f30n1AZ5HJQ-StyIPr_P_eEjanzHVSEiRsHweNATW0GQFfLs0lGH43xztFcNNepu7CctyEzoktJ-9De2mMLIMJviF1rlB19mxH3a3hUSPZuPeYPPONkYtjL4fZj0mCYcALoq-orc0Oswg0l3fatbS7a-DAgxZdLHa6M7OtXksMlMXwooxmocOQeg_zhpko1zyuzSsVwNrz1uMZYpivwaM1ImWZiqgjMc1NWCN2Co1nYNuvxg6Chcr0OOsPRaXayfzrP7IlsZIg5Itg9lrqN0cjT3t8GSejL2P8HmfPcYftlqOobCesjSfBthir5hGUoNA" - }, - "summary": "Example request body", - "description": "An example object that represents the request body to be sent to the API endpoint." - } - } - } - } - }, - "responses": { - "204": { - "description": "Credential was successfully stored" - }, - "400": { - "description": "Invalid Access Token" - } - }, - "tags": [ - "Authentication" - ] - } - }, - "/Api/Update": { - "get": { - "summary": "Check if an Update Is Pending", - "description": "Provides the state of the update engine. Where `true` means there is an update detected and `false` means there isn't an update available. This endpoint is available to all authorization levels.", - "operationId": "/Api/Update/Get", - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "type": "boolean", - "examples": [ - true - ] - }, - "examples": { - "Example value": { - "summary": "Example value", - "description": "An example boolean value that represents an update to SHIELD is pending.", - "value": true - } - } - } - }, - "description": "OK" - } - }, - "tags": [ - "Update" - ] - } - }, - "/Api/Update/Check": { - "get": { - "summary": "Check for a New Version", - "description": "Checks with data gateway and compares the reported version to the version that is locally installed. If there is a difference, a new update is marked as available. Always returns the latest version available on data gateway, even if that version is installed locally.\n\nThis endpoint requires the `Update.Read`, `Update.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", - "operationId": "/Api/Update/Check/Get", - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "properties": { - "appVersion": { - "description": "Follows symantec versioning as laid out here: https://semver.org/. This number is the version of the application package.", - "examples": [ - "1.2.3" - ], - "type": "string" - } - }, - "type": "object", - "examples": [ - { - "appVersion": "1.2.3" - } - ] - }, - "examples": { - "Example response": { - "summary": "Example reported SHIELD version", - "description": "An example of latest semantic version of the SHIELD available.", - "value": { - "appVersion": "1.2.3" - } - } - } - } - }, - "description": "OK" - } - }, - "tags": [ - "Update" - ] - } - }, - "/Api/Update/Check/Channel/{Update Channel Name}": { - "get": { - "summary": "Check for a New Version in Channel", - "description": "Checks with the SHI Data Gateway in the specified update channel and compares the reported version to the version that is locally installed. If there is a difference, a new update is marked as available. Always returns the latest version available on data gateway, even if that version is installed locally.\n\nThis endpoint requires the `Update.Read`, `Update.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", - "operationId": "/Api/Update/Check/Channel/UpdateChannelName/Get", - "parameters": [ - { - "$ref": "#/components/parameters/updateChannelName" - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "properties": { - "appVersion": { - "description": "Follows symantec versioning as laid out here: https://semver.org/. This number is the version of the application package.", - "examples": [ - "1.2.3" - ], - "type": "string" - } - }, - "type": "object", - "examples": [ - { - "appVersion": "1.2.3" - } - ] - }, - "examples": { - "SHIELD version": { - "summary": "Example semantic version", - "description": "An example string that represents the latest semantic version of SHIELD available in specific channel.", - "value": { - "appVersion": "1.2.3" - } - } - } - } - }, - "description": "OK" - } - }, - "tags": [ - "Update" - ] - } - }, - "/Api/Update/Install": { - "post": { - "summary": "Installs SHIELD Core Update", - "description": "Installs the latest version that is available from SHI Data Gateway. Even if that version is the same that is installed.\n\nThis endpoint requires the `Update.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", - "operationId": "/Api/Update/Install/Post", - "responses": { - "204": { - "description": "OK: Update Submitted to Azure" - } - }, - "tags": [ - "Update" - ] - } - }, - "/Api/Update/Install/Channel/{Update Channel Name}": { - "post": { - "summary": "Installs SHIELD Core Update from Channel", - "description": "Installs the latest version that is available from SHI Data Gateway in the specified channel. Even if that version is the same that is installed.\n\nThis endpoint requires the `Update.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", - "operationId": "/Api/Update/Install/Channel/UpdateChannelName/Post", - "parameters": [ - { - "$ref": "#/components/parameters/updateChannelName" - } - ], - "responses": { - "204": { - "description": "OK: Update Submitted to Azure" - } - }, - "tags": [ - "Update" - ] - } - }, - "/Api/Update/Upload": { - "post": { - "summary": "Upload Custom Update Package", - "description": "THIS API SHOULD ONLY BE USED IF INSTRUCTED BY SHI EMPLOYEES!\n\nUploads the specified ZIP package, validates signature and installs it if it matches. This ignores version numbers and will allow you to install the same version again if necessary.\n\nThis endpoint requires the `Update.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", - "operationId": "/Api/Update/Upload/Post", - "requestBody": { - "content": { - "application/octet-stream": { - "schema": { - "type": "string", - "format": "binary" - } - } - } - }, - "responses": { - "204": { - "description": "OK: Update Submitted to Azure" - } - }, - "tags": [ - "Update" - ] - } - }, - "/Api/Discover/Status": { - "get": { - "summary": "State of the Discover Module.", - "description": "Provides a detailed breakdown of the current state of the discover module and it progress.\n\nThis endpoint requires the `Discover.Read`, or the `Everything.ReadWrite` scope (permission).", - "operationId": "/Api/Discover/Status/Get", - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Discover.ExecutionStatus" - }, - "examples": { - "Execution Status": { - "value": { - "running": true - }, - "summary": "Example execution status", - "description": "An example execution status object that indicates a SHIELD Discover run is already in progress." - } - } - } - }, - "description": "OK" - } - }, - "tags": [ - "Discover" - ] - } - }, - "/Api/Discover/Progress": { - "get": { - "summary": "Current execution progress of the Discover module.", - "description": "Provides a detailed breakdown of the current progress of the discover module and it progress.\n\nThis endpoint requires the `Discover.Read`, or the `Everything.ReadWrite` scope (permission).", - "operationId": "/Api/Discover/Progress/Get", - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Core.ProgressBar" - }, - "examples": { - "Progress Bar": { - "value": { - "childBar": [], - "description": "Collecting data from the Microsoft Entra ID system.", - "displayName": "Running Entra ID Plugin", - "id": "b759230f-48cb-496e-ad57-5f079083226b", - "currentStep": 5, - "totalStepCount": 7 - }, - "summary": "Example progress bar object", - "description": "An example progress bar object returned from the endpoint. It indicates:
- The purpose of a progress bar.
- The text label of a progress bar.
- The unique identifier in type UUID of a specific SHIELD instance for search.
- The total number of steps of a progress bar.
- The current step/value of a progress bar.
- No child progress bar." - } - } - } - }, - "description": "OK" - } - }, - "tags": [ - "Discover" - ] - } - }, - "/Api/Discover/Report": { - "get": { - "summary": "Start Discover's Report Generation", - "description": "Starts the Discover module's report collection engine to create a license report and upload it to the data gateway.\n\nThis endpoint requires the `Discover.Action.Run`, or the `Everything.ReadWrite` scope (permission).", - "operationId": "/Api/Discover/Report/Start", - "responses": { - "202": { - "$ref": "#/components/responses/202" - }, - "409": { - "$ref": "#/components/responses/409" - } - }, - "tags": [ - "Discover" - ] - } - }, - "/Api/Discover/LicenseReport/Correlation": { - "get": { - "description": "Retrieves the list of correlation records for the authenticated tenant. Correlation records store the metadata for a specific license report.\n\nThis endpoint requires the `Discover.Read`, or the `Everything.ReadWrite` scope (permission).", - "operationId": "/Api/Discover/LicenseReport/Correlation/Get", - "responses": { - "200": { - "content": { - "application/json": { - "examples": { - "anything": { - "description": "Sample list of correlation records for the authenticated tenant.", - "summary": "Available Correlation Records", - "value": [ - { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", - "createdAt": "2024-08-01T21:14:45.026Z", - "updatedAt": "2024-08-01T21:14:45.026Z" - }, - { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "d8095827-a313-40e1-b086-f72636de0edf", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", - "createdAt": "2024-07-25T21:14:45.026Z", - "updatedAt": "2024-07-25T21:14:45.026Z" - } - ] - } - }], - "schema": { - "type": "array", - "minItems": 0, - "items": { - "$ref": "#/components/schemas/LicenseReport.CorrelationRecord" - }, - "examples": [ - [ - { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", - "createdAt": "2024-08-01T21:14:45.026Z", - "updatedAt": "2024-08-01T21:14:45.026Z" - }, - { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "d8095827-a313-40e1-b086-f72636de0edf", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", - "createdAt": "2024-07-25T21:14:45.026Z", - "updatedAt": "2024-07-25T21:14:45.026Z" - } - ] - ] - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - } - }, - "tags": [ - "Discover" - ], - "summary": "Retrieve the List of Correlation Records" - } - }, - "/Api/Discover/LicenseReport/Correlation/{correlationId}/Data": { - "get": { - "description": "Retrieves the full license report for the specified correlation ID in the authenticated tenant. The license report contains all of the license usage and compliance information with the required correlation data.\n\nThis endpoint requires the `Discover.Read`, or the `Everything.ReadWrite` scope (permission).", - "operationId": "/Api/Discover/LicenseReport/Correlation/:correlationId/Data/Get", - "parameters": [ - { - "$ref": "#/components/parameters/correlationId" - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "examples": [{ - "License Report": { - "description": "Sample, truncated report from an example customer environment.", - "summary": "Example License Report", - "value": { - "availableLicense": { - "3d282045-ec7f-4813-88e2-29b74ee609f7": 123456, - "5888a922-9f5b-45fd-bd5f-de3283d6a79e": 99999999, - "a4b2e176-d63d-4081-9e21-226e2ac624b9": 5, - "547404d4-8734-415f-a7ca-e9c1ffb95e48": 25, - "d76878d6-1495-4243-a334-a82bb9818cd0": 500 - }, - "correlation": { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db" - }, - "licenseData": { - "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { - "assignedLicense": { - "5888a922-9f5b-45fd-bd5f-de3283d6a79e": null, - "3d282045-ec7f-4813-88e2-29b74ee609f7": null - }, - "assignedService": { - "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, - "d76878d6-1495-4243-a334-a82bb9818cd0": null - }, - "consumedService": { - "e0d101e8-6f1e-40a9-a66f-cad4112c9a59": null, - "c63b7a2d-6573-4c37-9ca8-e12b954d3198": { - "Something Here": true, - "Other Obscure feature": false - } - } - }, - "04e88835-771a-482b-9d6f-ba06c32cbb67": { - "assignedLicense": { - "3d282045-ec7f-4813-88e2-29b74ee609f7": null - }, - "assignedService": { - "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, - "d76878d6-1495-4243-a334-a82bb9818cd0": null - }, - "consumedService": { - "9d3603de-b378-4c4a-adcc-ee133cbef914": null, - "e9a4e3d3-ebe0-405a-a8f4-35a04c4dba1f": { - "Something Here": true, - "Other Obscure feature": false - } - } - } - } - } - } - }], - "schema": { - "$ref": "#/components/schemas/LicenseReport" - } - } - }, - "description": "OK" - }, - "400": { - "$ref": "#/components/responses/400" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - } - }, - "tags": [ - "Discover" - ], - "summary": "Retrieve the Specified License Report" - } - }, - "/Api/Deploy": { - "get": { - "description": "Has the core infrastructure engine check if the config engine can initialize properly.\n\nThis endpoint requires the `Deploy.Read`, `Deploy.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", - "operationId": "/Api/Deploy/Get", - "responses": { - "200": { - "content": { - "application/json": { - "examples": { - "Infra deployed": { - "description": "All API calls should be available since the core infrastructure is deployed.", - "summary": "Infrastructure is deployed", - "value": true - }, - "Infra not deployed": { - "description": "Infrastructure is not deployed. Please run the deployment before attempting different API calls.", - "summary": "Infrastructure is not deployed", - "value": false - } - }, - "schema": { - "type": "boolean", - "examples": [ - true - ] - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - } - }, - "summary": "Get the current status of the infrastructure deployment", - "tags": [ - "Infrastructure Deployment" - ] - }, - "post": { - "description": "After the user consents, deploy the core security groups, scope tag, configurations and metadata.\n\nThis endpoint requires the `Deploy.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", - "operationId": "/Api/Deploy/Post", - "requestBody": { - "content": { - "application/json": { - "examples": { - "Ignorant Deploy Request": { - "description": "Clueless dev trying to automate this application without reading the docs. RTFM!", - "summary": "Ignorant Deploy Request", - "value": {} - }, - "No User Consent": { - "description": "User did not agree to the terms and conditions. This post should not have been sent.", - "summary": "User Did Not Consent", - "value": { - "deploymentConsent": false - } - }, - "User Consented": { - "description": "User agreed to the terms and conditions and pressed the deploy button.", - "summary": "User Consented", - "value": { - "deploymentConsent": true - } - } - }, - "schema": { - "properties": { - "deploymentConsent": { - "type": "boolean", - "examples": [ - true - ] - } - }, - "type": "object", - "examples": [ - { - "deploymentConsent": true - } - ] - } - } - } - }, - "responses": { - "204": { - "content": { - "application/json": { - "examples": { - "Successful Deployment": { - "description": "When a deployment request is successfully executed, a boolean true is returned.", - "summary": "Successful Deployment", - "value": true - } - }, - "schema": { - "type": "boolean", - "examples": [ - true - ] - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - } - }, - "summary": "Deploy the core infrastructure architecture specification", - "tags": [ - "Infrastructure Deployment" - ], - "security": [] - } - }, - "/Api/Deploy/Progress": { - "get": { - "summary": "Current execution progress of the Deploy module.", - "description": "Provides a detailed breakdown of the current progress of the deploy module and its sub-components, if any.\n\nThis endpoint requires the `Deploy.Read`, or the `Deploy.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", - "operationId": "/Api/Deploy/Progress/Get", - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Core.ProgressBar" - }, - "examples": { - "Progress Bar": { - "value": { - "childBar": [ - { - "description": "Collecting data from the Microsoft Purview.", - "displayName": "Running SHIELD Deploy - Purview", - "id": "b759230f-48cb-496e-ad57-5f079083226c", - "currentStep": 1, - "totalStepCount": 3 - } - ], - "description": "Collecting data from the Microsoft Entra ID system.", - "displayName": "Running SHIELD Deploy", - "id": "b759230f-48cb-496e-ad57-5f079083226b", - "currentStep": 5, - "totalStepCount": 7 - }, - "summary": "Example progress bar object", - "description": "An example progress bar object returned from the endpoint. It indicates:
- The purpose of a progress bar.
- The text label of a progress bar.
- The unique identifier in type UUID of a specific SHIELD instance for search.
- The total number of steps of a progress bar.
- The current step/value of a progress bar.
- With a child progress bar." - } - } - } - }, - "description": "OK" - } - }, - "tags": [ - "Infrastructure Deployment" - ] - } - }, - "/Api/Deploy/Version": { - "get": { - "description": "Gets the version of the API server and the architecture version deployed as well as the supported version of the architecture spec from the server.\n\nThis endpoint requires the `Deploy.Read`, `Deploy.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", - "operationId": "/Api/Deploy/Version/Get", - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "properties": { - "apiVersion": { - "description": "Follows symantec versioning as laid out here: https://semver.org/. This number is the version of the API server.", - "examples": [ - "1.2.3" - ], - "type": "string" - }, - "archSpecVersion": { - "description": "An incrementing number that describes the version of the architecture specification that the API supports.", - "examples": [ - "25" - ], - "type": "string", - "minLength": 1 - }, - "deployedArchVersion": { - "description": "The version of the architecture specification that is currently deployed.", - "examples": [ - "23" - ], - "type": "string", - "minLength": 1 - } - }, - "type": "object", - "examples": [ - { - "apiVersion": "1.2.3", - "archSpecVersion": "25", - "deployedArchVersion": "23" - } - ] - }, - "examples": { - "Versions response": { - "summary": "Example versions response", - "description": "An example object that represents the aggregation of versioning information of all SHIELDs components. including:
- Semantic version of the API server.
- The incrementing architecture specification version that the API supports.
- The incrementing architecture specification version that is currently deployed.", - "value": { - "apiVersion": "1.2.3", - "archSpecVersion": "25", - "deployedArchVersion": "23" - } - } - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - } - }, - "summary": "Gets the version of SHIELDs components", - "tags": [ - "Infrastructure Deployment" - ] - } - }, - "/Api/Defend/Intermediary/Type/{securityClass}/Offering/8a921026-ec06-4e08-af19-8812e161e61f": { - "get": { - "description": "Retrieves a list of all AVD intermediaries for the specified security class filter. Next links may be provided for pagination to allow for good performance on larger environments. If a nextLink is return, not all data was returned on this query and the next link can be sent back to the API to get the next page of data.\n\nThis endpoint requires the `Intermediary.Privileged.Read`, `Intermediary.Privileged.ReadWrite`, `Intermediary.Specialized.Read`, `Intermediary.Specialized.ReadWrite`, `Intermediary.Enterprise.ReadWrite`, `Intermediary.Enterprise.Read`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", - "operationId": "/Api/Defend/Intermediary/Type/:securityClass/Offering/AVD/Get", - "parameters": [ - { - "$ref": "#/components/parameters/securityClass" - }, - { - "$ref": "#/components/parameters/nextLink" - }, - { - "$ref": "#/components/parameters/search" - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ObjectPage.Intermediary.Avd" - }, - "examples": { - "Paged AVD intermediaries": { - "summary": "Example paged AVD intermediary list", - "description": "An example paged AVD intermediary list returned that represents the current page of all AVD intermediary instances form the specified security class.", - "value": { - "@odata.count": 1, - "@odata.nextLink": "1", - "value": [ - { - "id": "e097a3f5-9599-44a2-8923-fd3276c83ae1", - "kind": "AVD", - "name": "Legacy Reach Back", - "securityClass": "Privileged", - "addressRangeCIDR": "172.16.1.0/24", - "assignmentGroup": "68873e26-3c35-465c-9422-0884a00beb36", - "index": 0, - "location": "East US 2", - "resourceId": "/subscriptions/742f0d26-daa0-4f84-8d4f-fb052f89f639/resourceGroups/SHIELD_-_PSM-Legacy_Reach_Back/providers/Microsoft.DesktopVirtualization/hostpools/SHIELD_-_PSM-Cluster-Legacy_Reach_Back", - "sessionHostGroup": "f99f0918-da9b-4c58-9a8d-9346abc5d9ec", - "sessionHostPrefix": "Reach", - "vmSku": "Standard_D2s_v5" - } - ] - } - } - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "525": { - "$ref": "#/components/responses/525" - } - }, - "summary": "Retrieves all AVD Intermediary Instances", - "tags": [ - "Intermediary" - ] - } - }, - "/Api/Defend/Intermediary/{intermediaryId}/Type/{securityClass}/Offering/8a921026-ec06-4e08-af19-8812e161e61f": { - "delete": { - "description": "Deletes the specified intermediary (by the parent group's Entra ID Object ID) using the requested security class as a filter.\n\nThis endpoint requires the `Intermediary.Privileged.ReadWrite`, `Intermediary.Specialized.ReadWrite`, `Intermediary.Enterprise.ReadWrite`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", - "operationId": "/Api/Defend/Intermediary/:intermediaryId/Type/:securityClass/Offering/AVD/Delete", - "parameters": [ - { - "$ref": "#/components/parameters/securityClass" - }, - { - "$ref": "#/components/parameters/intermediaryId" - } - ], - "responses": { - "204": { - "description": "OK: Deleted successfully" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "404": { - "$ref": "#/components/responses/404" - }, - "525": { - "$ref": "#/components/responses/525" - } - }, - "summary": "Deletes a Single AVD Intermediary Instance", - "tags": [ - "Intermediary" - ] - }, - "get": { - "description": "Retrieves the specified intermediary (by the parent group's Entra ID Object ID) using the requested security class as a filter.\n\nThis endpoint requires the `Intermediary.Privileged.Read`, `Intermediary.Privileged.ReadWrite`, `Intermediary.Specialized.Read`, `Intermediary.Specialized.ReadWrite`, `Intermediary.Enterprise.ReadWrite`, `Intermediary.Enterprise.Read`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", - "operationId": "/Api/Defend/Intermediary/:intermediaryId/Type/:securityClass/Offering/AVD/Get", - "parameters": [ - { - "$ref": "#/components/parameters/securityClass" - }, - { - "$ref": "#/components/parameters/intermediaryId" - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ObjectPage.Intermediary.Avd" - }, - "examples": { - "Paged AVD intermediary result": { - "summary": "Example paged result of a AVD intermediary list", - "description": "An example paged result that represents the current page of retrieved AVD intermediary list from a parent group filtered by specified class.", - "value": { - "@odata.count": 1, - "@odata.nextLink": "1", - "value": [ - { - "id": "e097a3f5-9599-44a2-8923-fd3276c83ae1", - "kind": "AVD", - "name": "Legacy Reach Back", - "securityClass": "Privileged", - "addressRangeCIDR": "172.16.1.0/24", - "assignmentGroup": "68873e26-3c35-465c-9422-0884a00beb36", - "index": 0, - "location": "East US 2", - "resourceId": "/subscriptions/742f0d26-daa0-4f84-8d4f-fb052f89f639/resourceGroups/SHIELD_-_PSM-Legacy_Reach_Back/providers/Microsoft.DesktopVirtualization/hostpools/SHIELD_-_PSM-Cluster-Legacy_Reach_Back", - "sessionHostGroup": "f99f0918-da9b-4c58-9a8d-9346abc5d9ec", - "sessionHostPrefix": "Reach", - "vmSku": "Standard_D2s_v5" - } - ] - } - } - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "404": { - "$ref": "#/components/responses/404" - }, - "525": { - "$ref": "#/components/responses/525" - } - }, - "summary": "Retrieves a Single AVD Intermediary Instance", - "tags": [ - "Intermediary" - ] - } - }, - "/Api/Defend/Intermediary/{intermediaryId}/Type/{securityClass}/Offering/8a921026-ec06-4e08-af19-8812e161e61f/Assign": { - "delete": { - "description": "Removes the specified user(s) as identified by their Object ID from the AVD cluster and deletes their corresponding session host(s).\n\nThis endpoint requires the `Intermediary.Privileged.ReadWrite`, `Intermediary.Specialized.ReadWrite`, `Intermediary.Enterprise.ReadWrite`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", - "operationId": "/Api/Defend/Intermediary/:intermediaryId/Type/:securityClass/Offering/AVD/Assign/Delete", - "parameters": [ - { - "$ref": "#/components/parameters/securityClass" - }, - { - "$ref": "#/components/parameters/intermediaryId" - } - ], - "requestBody": { - "content": { - "application/json": { - "examples": { - "One user": { - "description": "Removes 1 session host, and removed the requested user from the assignments security group.", - "summary": "Remove Single User", - "value": { - "userList": [ - "cf5b12a9-b939-4d5c-a380-fb62e4fe88ef" - ] - } - }, - "Two users": { - "description": "Removes 3 session hosts, and removed the requested users from the assignments security group.", - "summary": "Remove Multiple Users", - "value": { - "userList": [ - "0c56b055-9042-4f54-8e6e-6510e12a81dc", - "dd27937c-6287-45b3-98de-387725b068f3", - "989d3dc1-43f4-4ff7-82ba-43661f94a428" - ] - } - } - }, - "schema": { - "properties": { - "userList": { - "items": { - "format": "uuid", - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - } - } - }, - "responses": { - "204": { - "description": "OK: Deleted successfully" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "404": { - "$ref": "#/components/responses/404" - }, - "525": { - "$ref": "#/components/responses/525" - } - }, - "summary": "Removes the assignment of the specified users", - "tags": [ - "Intermediary" - ] - }, - "get": { - "description": "Gets the list of assigned user from the specified AVD Intermediary.\n\nThis endpoint requires the `Intermediary.Privileged.Read`, `Intermediary.Privileged.ReadWrite`, `Intermediary.Specialized.Read`, `Intermediary.Specialized.ReadWrite`, `Intermediary.Enterprise.ReadWrite`, `Intermediary.Enterprise.Read`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", - "operationId": "/Api/Defend/Intermediary/:intermediaryId/Type/:securityClass/Offering/AVD/Assign/Get", - "parameters": [ - { - "$ref": "#/components/parameters/securityClass" - }, - { - "$ref": "#/components/parameters/intermediaryId" - }, - { - "$ref": "#/components/parameters/nextLink" - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ObjectPage.ManagedUser" - }, - "examples": { - "Managed user page": { - "summary": "Example paged user result", - "description": "An example of paged user result that represents the current page of assigned user list retrieved from the specified AVD intermediary.", - "value": { - "@odata.count": 3, - "@odata.nextLink": "2", - "value": [ - { - "creationDate": "2023-10-21T15:24:47.970Z", - "displayName": "Example User (Priv)", - "firstName": "John", - "lastName": "Doe", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "upn": "priv-user@example.com", - "securityClass": "Privileged", - "uiEducation": false, - "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", - "intermediaryAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "siloAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ] - }, - { - "creationDate": "2023-10-21T15:24:47.970Z", - "displayName": "Example User (Priv)", - "firstName": "John", - "lastName": "Doe", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "upn": "priv-user@example.com", - "securityClass": "Privileged", - "uiEducation": false, - "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", - "intermediaryAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "siloAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "deviceAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "generatedPassword": "GY_w7bZUKRgpIXctD0S2wg", - "parentId": "e59a3a64-dc36-4368-80ec-c205eb176ef6", - "temporaryAccessPass": "BCKTSN#E2R&5" - } - ] - } - } - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "404": { - "$ref": "#/components/responses/404" - }, - "525": { - "$ref": "#/components/responses/525" - } - }, - "summary": "List all assigned users (paginated)", - "tags": [ - "Intermediary" - ] - }, - "post": { - "description": "Assigns the specified user(s) as identified by their Object ID to the AVD cluster and create corresponding session host(s) for them.\n\nThis endpoint requires the `Intermediary.Privileged.ReadWrite`, `Intermediary.Specialized.ReadWrite`, `Intermediary.Enterprise.ReadWrite`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", - "operationId": "/Api/Defend/Intermediary/:intermediaryId/Type/:securityClass/Offering/AVD/Assign/Post", - "parameters": [ - { - "$ref": "#/components/parameters/securityClass" - }, - { - "$ref": "#/components/parameters/intermediaryId" - } - ], - "requestBody": { - "content": { - "application/json": { - "examples": { - "One user": { - "description": "Creates 1 session host, and added the requested user to the assignments security group.", - "summary": "Assign Single User", - "value": { - "userList": [ - "cf5b12a9-b939-4d5c-a380-fb62e4fe88ef" - ] - } - }, - "Two users": { - "description": "Creates 3 session hosts, and added the requested users to the assignments security group.", - "summary": "Assign Multiple Users", - "value": { - "userList": [ - "0c56b055-9042-4f54-8e6e-6510e12a81dc", - "dd27937c-6287-45b3-98de-387725b068f3", - "989d3dc1-43f4-4ff7-82ba-43661f94a428" - ] - } - } - }, - "schema": { - "properties": { - "userList": { - "items": { - "format": "uuid", - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string", - "examples": [ - "0c56b055-9042-4f54-8e6e-6510e12a81dc" - ] - }, - "type": "array", - "examples": [ - [ - "0c56b055-9042-4f54-8e6e-6510e12a81dc" - ] - ] - } - }, - "type": "object", - "examples": [ - { - "userList": [ - "0c56b055-9042-4f54-8e6e-6510e12a81dc" - ] - } - ] - } + ], + "siloAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "deviceAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "generatedPassword": "GY_w7bZUKRgpIXctD0S2wg", + "parentId": "e59a3a64-dc36-4368-80ec-c205eb176ef6", + "temporaryAccessPass": "BCKTSN#E2R&5" } + ] } - }, - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "items": { - "$ref": "#/components/schemas/ManagedObject.User" - }, - "minItems": 0, - "type": "array" - }, - "examples": { - "Managed user": { - "summary": "Example managed users returned", - "description": "An example of managed user array returned that represents the users has been assigned to the specified AVD cluster and created corresponding session host successfully.", - "value": [ - { - "creationDate": "2023-10-21T15:24:47.970Z", - "displayName": "Example User (Priv)", - "firstName": "John", - "lastName": "Doe", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "upn": "priv-user@example.com", - "securityClass": "Privileged", - "uiEducation": false, - "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", - "intermediaryAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "siloAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ] - } - ] - } - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "404": { - "$ref": "#/components/responses/404" - }, - "525": { - "$ref": "#/components/responses/525" - } - }, - "summary": "Assigns the list of specified users", - "tags": [ - "Intermediary" - ] - } + } + } + } + }, + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "525": { + "$ref": "#/components/responses/525" + } }, - "/Api/Defend/Intermediary/{intermediaryId}/Type/{securityClass}/Offering/8a921026-ec06-4e08-af19-8812e161e61f/Assign/{userId}": { - "get": { - "description": "Get the specified managed user(s) from the specified AVD intermediary assignment list.\n\nThis endpoint requires the `Intermediary.Privileged.Read`, `Intermediary.Privileged.ReadWrite`, `Intermediary.Specialized.Read`, `Intermediary.Specialized.ReadWrite`, `Intermediary.Enterprise.ReadWrite`, `Intermediary.Enterprise.Read`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", - "operationId": "/Api/Defend/Intermediary/:intermediaryId/Type/:securityClass/Offering/AVD/Assign/:userId/Get", - "parameters": [ - { - "$ref": "#/components/parameters/securityClass" - }, - { - "$ref": "#/components/parameters/intermediaryId" - }, - { - "$ref": "#/components/parameters/userId" - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ObjectPage.ManagedUser" - }, - "examples": { - "Assigned users": { - "summary": "Example assigned user list", - "description": "An example paged assigned user list that represents the current page retrieved from specified AVD intermediary assignment list.", - "value": { - "@odata.count": 3, - "@odata.nextLink": "2", - "value": [ - { - "creationDate": "2023-10-21T15:24:47.970Z", - "displayName": "Example User (Priv)", - "firstName": "John", - "lastName": "Doe", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "upn": "priv-user@example.com", - "securityClass": "Privileged", - "uiEducation": false, - "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", - "intermediaryAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "siloAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ] - }, - { - "creationDate": "2023-10-21T15:24:47.970Z", - "displayName": "Example User (Priv)", - "firstName": "John", - "lastName": "Doe", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "upn": "priv-user@example.com", - "securityClass": "Privileged", - "uiEducation": false, - "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", - "intermediaryAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "siloAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "deviceAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "generatedPassword": "GY_w7bZUKRgpIXctD0S2wg", - "parentId": "e59a3a64-dc36-4368-80ec-c205eb176ef6", - "temporaryAccessPass": "BCKTSN#E2R&5" - } - ] - } - } - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "404": { - "$ref": "#/components/responses/404" - }, - "525": { - "$ref": "#/components/responses/525" - } + "summary": "Get All Users", + "tags": ["User Management"] + }, + "post": { + "description": "For Specialized or Enterprise, adds existing user into management. For Privileged, securely clones the specified user's properties into a new managed user object in the privileged baselines.\n\nThis endpoint requires the `User.Privileged.ReadWrite`, `User.Specialized.ReadWrite`, `User.Enterprise.ReadWrite`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", + "operationId": "/Api/Defend/User/Type/:securityClass/Post", + "parameters": [ + { + "$ref": "#/components/parameters/securityClass" + } + ], + "requestBody": { + "content": { + "application/json": { + "examples": { + "Request body": { + "value": { + "userId": "d886680d-a283-4fc2-803f-370d81d62366" + }, + "summary": "Example request body", + "description": "An example object that represents a request to assign the specified user to target security class." + } + }, + "schema": { + "properties": { + "userId": { + "description": "The Entra ID object ID of the user to clone.", + "examples": ["264a8bed-0714-48fd-8b9d-0e4c4715cee5"], + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string" + } }, - "summary": "Get a specific assigned user", - "tags": [ - "Intermediary" + "required": ["userId"], + "type": "object", + "examples": [ + { + "userId": "264a8bed-0714-48fd-8b9d-0e4c4715cee5" + } ] + } } + } }, - "/Api/Defend/Device/{deviceId}/Type/Privileged/Assign": { - "delete": { - "description": "Remove the specified user list from the device.\n\nThis endpoint requires the `Device.Privileged.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", - "operationId": "/Api/Defend/Device/:deviceId/Type/Privileged/Assign/Delete", - "parameters": [ - { - "$ref": "#/components/parameters/deviceId" - } - ], - "requestBody": { - "content": { - "application/json": { - "examples": { - "Multiple Users": { - "description": "Remove multiple user assignments from a managed device.", - "summary": "Unassign multiple users", - "value": { - "userList": [ - "0674276a-31e8-4773-8ed9-6fb49dbd0fa8", - "66714224-b1a6-4fd6-b9d8-5263fdf755fc" - ] - } - }, - "Single User": { - "description": "Remove a single user assignment from a managed device.", - "summary": "Unassign one user", - "value": { - "userList": [ - "01ebf268-cf28-4607-954a-261dfd480453" - ] - } - } - }, - "schema": { - "properties": { - "userList": { - "items": { - "examples": [ - "d1bc9d1a-5a30-4d66-898a-1dd300e707bc" - ], - "format": "uuid", - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" - }, - "type": "array", - "examples": [ - [ - "d1bc9d1a-5a30-4d66-898a-1dd300e707bc" - ] - ] - } - }, - "type": "object", - "examples": [ - { - "userList": [ - "d1bc9d1a-5a30-4d66-898a-1dd300e707bc" - ] - } - ] - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "items": { - "$ref": "#/components/schemas/ManagedObject.User" - }, - "minItems": 0, - "type": "array" - }, - "examples": { - "Removed user list": { - "summary": "Example removed user list", - "description": "An example array of ManagedObject.User that represents those removed from specific privileged device assignment.", - "value": [ - { - "creationDate": "2023-10-21T15:24:47.970Z", - "displayName": "Example User (Priv)", - "firstName": "John", - "lastName": "Doe", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "upn": "priv-user@example.com", - "securityClass": "Privileged", - "uiEducation": false, - "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", - "intermediaryAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "siloAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ] - } - ] - } - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "525": { - "$ref": "#/components/responses/525" - } - }, - "summary": "Remove User Assignments", - "tags": [ - "Device Management" - ] - }, - "get": { - "description": "Lists all of the users that are currently assigned to the specified device.\n\nThis endpoint requires the `Device.Privileged.Read`, `Device.Privileged.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", - "operationId": "/Api/Defend/Device/:deviceId/Type/Privileged/Assign/Get", - "parameters": [ - { - "$ref": "#/components/parameters/deviceId" - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ObjectPage.ManagedUser" - }, - "examples": { - "Example response": { - "summary": "Example paged response", - "description": "An example of ObjectPage.ManagedUser returned that represents the list of users assigned to specific privileged device.", - "value": { - "@odata.count": 3, - "@odata.nextLink": "2", - "value": [ - { - "creationDate": "2023-10-21T15:24:47.970Z", - "displayName": "Example User (Priv)", - "firstName": "John", - "lastName": "Doe", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "upn": "priv-user@example.com", - "securityClass": "Privileged", - "uiEducation": false, - "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", - "intermediaryAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "siloAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ] - }, - { - "creationDate": "2023-10-21T15:24:47.970Z", - "displayName": "Example User (Priv)", - "firstName": "John", - "lastName": "Doe", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "upn": "priv-user@example.com", - "securityClass": "Privileged", - "uiEducation": false, - "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", - "intermediaryAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "siloAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "deviceAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "generatedPassword": "GY_w7bZUKRgpIXctD0S2wg", - "parentId": "e59a3a64-dc36-4368-80ec-c205eb176ef6", - "temporaryAccessPass": "BCKTSN#E2R&5" - } - ] - } - } - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "525": { - "$ref": "#/components/responses/525" - } - }, - "summary": "List User Assignments", - "tags": [ - "Device Management" - ] + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ManagedObject.User" + } + } }, - "post": { - "description": "Adds the specified list of users to the list of users that are allowed to log in on the specific privileged device.\n\nThis endpoint requires the `Device.Privileged.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", - "operationId": "/Api/Defend/Device/:deviceId/Type/Privileged/Assign/Post", - "parameters": [ - { - "$ref": "#/components/parameters/deviceId" - } - ], - "requestBody": { - "content": { - "application/json": { - "examples": { - "1:1 map": { - "description": "This example is the security best practice of having only one user mapped to a managed device.", - "summary": "1:1 User Mapping", - "value": { - "userList": [ - "0674276a-31e8-4773-8ed9-6fb49dbd0fa8" - ] - } - }, - "Multi-User Managed Device": { - "description": "This example is the security best practice of having multiple users mapped to a managed device.", - "summary": "Multi-User Assignment", - "value": { - "userList": [ - "0674276a-31e8-4773-8ed9-6fb49dbd0fa8", - "66714224-b1a6-4fd6-b9d8-5263fdf755fc" - ] - } - } - }, - "schema": { - "properties": { - "userList": { - "items": { - "examples": [ - "d1bc9d1a-5a30-4d66-898a-1dd300e707bc" - ], - "format": "uuid", - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" - }, - "type": "array", - "examples": [ - [ - "d1bc9d1a-5a30-4d66-898a-1dd300e707bc" - ] - ] - } - }, - "type": "object", - "examples": [ - { - "userList": [ - "d1bc9d1a-5a30-4d66-898a-1dd300e707bc" - ] - } - ] - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "items": { - "$ref": "#/components/schemas/ManagedObject.User" - }, - "minItems": 0, - "type": "array" - }, - "examples": { - "List of Managed Users": { - "summary": "Users assigned to the privileged device", - "description": "An example of ManagedObject.User array that represents the list of users which successfully assigned to the specified privileged device.", - "value": [ - { - "creationDate": "2023-10-21T15:24:47.970Z", - "displayName": "Example User (Priv)", - "firstName": "John", - "lastName": "Doe", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "upn": "priv-user@example.com", - "securityClass": "Privileged", - "uiEducation": false, - "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", - "intermediaryAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "siloAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ] - } - ] - } - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "525": { - "$ref": "#/components/responses/525" - } - }, - "summary": "Add User Assignments", - "tags": [ - "Device Management" - ] - } + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "404": { + "$ref": "#/components/responses/404" + }, + "409": { + "description": "User is already managed." + }, + "525": { + "$ref": "#/components/responses/525" + } }, - "/Api/Defend/Device/Type/{securityClass}": { - "get": { - "description": "Returns a list of all devices managed or unmanaged.\n\nThis endpoint requires the `Device.Privileged.Read`, `Device.Privileged.ReadWrite`, `Device.Specialized.Read`, `Device.Specialized.ReadWrite`, `Device.Enterprise.ReadWrite`, `Device.Enterprise.Read`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL. When reading the `unmanaged` objects, any security class permission can read them, no need for a specific `unmanaged` class assignment.", - "operationId": "/Api/Defend/Device/Type/:securityClass/Get", - "parameters": [ - { - "$ref": "#/components/parameters/securityClass" - }, - { - "$ref": "#/components/parameters/nextLink" - }, - { - "$ref": "#/components/parameters/search" - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ObjectPage.ManagedDevice" - }, - "examples": { - "Managed device list": { - "summary": "Example list of managed devices", - "description": "An example paged result returned that represents a specific page of managed device list.", - "value": { - "@odata.count": 3, - "@odata.nextLink": "2", - "value": [ - { - "commissionedDate": "2023-02-04T05:06:09.601Z", - "displayName": "Priv-01534962354", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "parentDeviceId": "81682cf5-0405-491d-8ab8-e07c778d7eaf", - "securityClass": "Privileged", - "uniqueGroupId": "146964e0-8ca4-4af0-9c2a-894b32912463" - }, - { - "commissionedDate": "2023-02-04T05:06:09.601Z", - "displayName": "Priv-01534962354", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "parentDeviceId": "81682cf5-0405-491d-8ab8-e07c778d7eaf", - "uniqueGroupId": "146964e0-8ca4-4af0-9c2a-894b32912463", - "groupAssignmentId": "830d8b6f-2f6f-41f7-8800-0c07445abd36", - "securityClass": "Privileged", - "userAssignmentId": "146964e0-8ca4-4af0-9c2a-894b32912463", - "userAssignmentList": [ - "56d0d4e1-96f6-4cfb-a5e9-a4ee923169a8", - "94a9d681-a8d2-43eb-a83b-d4bfe90259ff", - "c54d4854-9254-4689-8a22-1cc80a3dae4e" - ] - } - ] - } - } - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "525": { - "$ref": "#/components/responses/525" - } - }, - "summary": "Get All Devices", - "tags": [ - "Device Management" - ] - }, - "post": { - "description": "Commissions a new device, into the device hierarchy and appends appropriate metadata and initial policies. Appends required metadata to proper locations.\n\nThis endpoint requires the `Device.Privileged.ReadWrite`, `Device.Specialized.ReadWrite`, `Device.Enterprise.ReadWrite`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", - "operationId": "/Api/Defend/Device/Type/:securityClass/Post", - "parameters": [ - { - "$ref": "#/components/parameters/securityClass" - } - ], - "requestBody": { - "content": { - "application/json": { - "examples": { - "Request body": { - "value": { - "deviceId": "f7e1a66f-ce2e-4351-83df-2776813ef95d" - }, - "summary": "Example request body", - "description": "An example request body object that represents a request to commission the device specified in the deviceId field." - } - }, - "schema": { - "properties": { - "deviceId": { - "description": "The SHIELD ID (Entra ID Device ID) of the device to target.", - "examples": [ - "75da7fa4-4a04-44c8-8f2c-c1b2fa29aa51" - ], - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" - } - }, - "required": [ - "deviceId" - ], - "type": "object", - "examples": [ - { - "deviceId": "f7e1a66f-ce2e-4351-83df-2776813ef95d" - } - ] - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ManagedObject.Device" - }, - "examples": { - "Commissioned managed device": { - "summary": "Example managed device info", - "description": "An example managed device object returned that represents a successfully commissioned device.", - "value": { - "commissionedDate": "2023-02-04T05:06:09.601Z", - "displayName": "Priv-01534962354", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "parentDeviceId": "81682cf5-0405-491d-8ab8-e07c778d7eaf", - "securityClass": "Privileged", - "uniqueGroupId": "146964e0-8ca4-4af0-9c2a-894b32912463" - } - } - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "404": { - "$ref": "#/components/responses/404" - }, - "525": { - "$ref": "#/components/responses/525" - } - }, - "summary": "Commission a New Device", - "tags": [ - "Device Management" - ] - } + "summary": "Create/Bring User Into Management", + "tags": ["User Management"] + } + }, + "/Api/Defend/User/{userId}/Type/{securityClass}": { + "delete": { + "description": "Deletes the user account and removes the management artifacts.\n\nThis endpoint requires the `User.Privileged.ReadWrite`, `User.Specialized.ReadWrite`, `User.Enterprise.ReadWrite`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", + "operationId": "/Api/Defend/User/:userId/Type/:securityClass/Delete", + "parameters": [ + { + "$ref": "#/components/parameters/securityClass" + }, + { + "$ref": "#/components/parameters/userId" + } + ], + "responses": { + "204": { + "description": "OK: Deleted successfully" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "404": { + "$ref": "#/components/responses/404" + }, + "525": { + "$ref": "#/components/responses/525" + } }, - "/Api/Defend/Device/{deviceId}/Type/{securityClass}": { - "delete": { - "description": "Removes the device from the management hierarchy, removes metadata tagging and issues the wipe command to the devices.\n\nThis endpoint requires the `Device.Privileged.ReadWrite`, `Device.Specialized.ReadWrite`, `Device.Enterprise.ReadWrite`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", - "operationId": "/Api/Defend/Device/:deviceId/Type/:securityClass/Delete", - "parameters": [ - { - "$ref": "#/components/parameters/securityClass" - }, - { - "$ref": "#/components/parameters/deviceId" - } - ], - "responses": { - "204": { - "description": "OK: Deleted successfully" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "404": { - "$ref": "#/components/responses/404" - }, - "525": { - "$ref": "#/components/responses/525" - } + "summary": "Delete Managed User by ID", + "tags": ["User Management"] + }, + "get": { + "description": "Retrieves the specified managed user by its Entra ID User ID.\n\nThis endpoint requires the `User.Privileged.Read`, `User.Privileged.ReadWrite`, `User.Specialized.Read`, `User.Specialized.ReadWrite`, `User.Enterprise.ReadWrite`, `User.Enterprise.Read`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", + "operationId": "/Api/Defend/User/:userId/Type/:securityClass/Get", + "parameters": [ + { + "$ref": "#/components/parameters/securityClass" + }, + { + "$ref": "#/components/parameters/userId" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ManagedObject.User" }, - "summary": "Decommission Specified Device", - "tags": [ - "Device Management" - ] + "examples": { + "Removed user": { + "summary": "Example removed user", + "description": "An example of managed user returned that represents the user has been removed from specified security class successfully.", + "value": { + "creationDate": "2023-10-21T15:24:47.970Z", + "displayName": "Example User (Priv)", + "firstName": "John", + "lastName": "Doe", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "upn": "priv-user@example.com", + "securityClass": "Privileged", + "uiEducation": false, + "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", + "intermediaryAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "siloAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ] + } + } + } + } }, - "get": { - "description": "Get the specified managed device by its Entra ID Device ID.\n\nThis endpoint requires the `Device.Privileged.Read`, `Device.Privileged.ReadWrite`, `Device.Specialized.Read`, `Device.Specialized.ReadWrite`, `Device.Enterprise.ReadWrite`, `Device.Enterprise.Read`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", - "operationId": "/Api/Defend/Device/:deviceId/Type/:securityClass/Get", - "parameters": [ - { - "$ref": "#/components/parameters/securityClass" - }, - { - "$ref": "#/components/parameters/deviceId" - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ManagedObject.Device" - }, - "examples": { - "Managed device": { - "summary": "Example managed device", - "description": "An example of ManagedObject.Device object returned that represents a managed device queried by a device ID with specified security class.", - "value": { - "commissionedDate": "2023-02-04T05:06:09.601Z", - "displayName": "Priv-01534962354", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "parentDeviceId": "81682cf5-0405-491d-8ab8-e07c778d7eaf", - "securityClass": "Privileged", - "uniqueGroupId": "146964e0-8ca4-4af0-9c2a-894b32912463" - } - } - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "404": { - "$ref": "#/components/responses/404" - }, - "525": { - "$ref": "#/components/responses/525" - } - }, - "summary": "Get Specified Device by ID", - "tags": [ - "Device Management" - ] - } + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "404": { + "$ref": "#/components/responses/404" + }, + "525": { + "$ref": "#/components/responses/525" + } }, - "/Api/Defend/User/Type/{securityClass}": { - "get": { - "description": "Returns a list of all devices managed or unmanaged.\n\nThis endpoint requires the `User.Privileged.Read`, `User.Privileged.ReadWrite`, `User.Specialized.Read`, `User.Specialized.ReadWrite`, `User.Enterprise.ReadWrite`, `User.Enterprise.Read`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL. When reading the `unmanaged` objects, any security class permission can read them, no need for a specific `unmanaged` class assignment.", - "operationId": "/Api/Defend/User/Type/:securityClass/Get", - "parameters": [ - { - "$ref": "#/components/parameters/securityClass" - }, - { - "$ref": "#/components/parameters/nextLink" - }, - { - "$ref": "#/components/parameters/search" - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ObjectPage.ManagedUser" - }, - "examples": { - "Managed user": { - "summary": "Example paged user list", - "description": "An examples of ObjectPage.ManagedUser returned that represents a page of a managed user list.", - "value": { - "@odata.count": 3, - "@odata.nextLink": "2", - "value": [ - { - "creationDate": "2023-10-21T15:24:47.970Z", - "displayName": "Example User (Priv)", - "firstName": "John", - "lastName": "Doe", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "upn": "priv-user@example.com", - "securityClass": "Privileged", - "uiEducation": false, - "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", - "intermediaryAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "siloAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ] - }, - { - "creationDate": "2023-10-21T15:24:47.970Z", - "displayName": "Example User (Priv)", - "firstName": "John", - "lastName": "Doe", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "upn": "priv-user@example.com", - "securityClass": "Privileged", - "uiEducation": false, - "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", - "intermediaryAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "siloAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "deviceAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "generatedPassword": "GY_w7bZUKRgpIXctD0S2wg", - "parentId": "e59a3a64-dc36-4368-80ec-c205eb176ef6", - "temporaryAccessPass": "BCKTSN#E2R&5" - } - ] - } - } - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "525": { - "$ref": "#/components/responses/525" - } - }, - "summary": "Get All Users", - "tags": [ - "User Management" - ] - }, - "post": { - "description": "For Specialized or Enterprise, adds existing user into management. For Privileged, securely clones the specified user's properties into a new managed user object in the privileged baselines.\n\nThis endpoint requires the `User.Privileged.ReadWrite`, `User.Specialized.ReadWrite`, `User.Enterprise.ReadWrite`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", - "operationId": "/Api/Defend/User/Type/:securityClass/Post", - "parameters": [ - { - "$ref": "#/components/parameters/securityClass" - } + "summary": "Gets Managed User by ID", + "tags": ["User Management"] + } + }, + "/Api/Defend/Marketplace/Type/{securityClass}/Offering/{offeringId}": { + "post": { + "description": "Creates the offering with the requested settings. In the body payload, the `type` property in the `property` object is ignored. See the AVD example.\n\nThis endpoint requires the `Intermediary.Privileged.ReadWrite`, `Intermediary.Specialized.ReadWrite`, `Intermediary.Enterprise.ReadWrite`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", + "operationId": "/Api/Defend/Marketplace/Type/:securityClass/Offering/:offeringId/Post", + "parameters": [ + { + "$ref": "#/components/parameters/securityClass" + }, + { + "$ref": "#/components/parameters/offeringId" + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "$ref": "#/components/schemas/ManagedObject.Intermediary" + }, + { + "properties": { + "properties": { + "$ref": "#/components/schemas/ManagedObject.AvdIntermediary" + } + }, + "type": "object" + } ], - "requestBody": { - "content": { - "application/json": { - "examples": { - "Request body": { - "value": { - "userId": "d886680d-a283-4fc2-803f-370d81d62366" - }, - "summary": "Example request body", - "description": "An example object that represents a request to assign the specified user to target security class." - } - }, - "schema": { - "properties": { - "userId": { - "description": "The Entra ID object ID of the user to clone.", - "examples": [ - "264a8bed-0714-48fd-8b9d-0e4c4715cee5" - ], - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" - } - }, - "required": [ - "userId" - ], - "type": "object", - "examples": [ - { - "userId": "264a8bed-0714-48fd-8b9d-0e4c4715cee5" - } - ] - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ManagedObject.User" - }, - "examples": { - "Created or cloned user": { - "summary": "Example user created/cloned", - "description": "An example managed user object returned that represents the user brought into management successfully.", - "value": { - "creationDate": "2023-10-21T15:24:47.970Z", - "displayName": "Example User (Priv)", - "firstName": "John", - "lastName": "Doe", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "upn": "priv-user@example.com", - "securityClass": "Privileged", - "uiEducation": false, - "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", - "intermediaryAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "siloAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ] - } - } - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "404": { - "$ref": "#/components/responses/404" - }, - "409": { - "description": "User is already managed." - }, - "525": { - "$ref": "#/components/responses/525" - } - }, - "summary": "Create/Bring User Into Management", - "tags": [ - "User Management" + "examples": [ + { + "name": "Legacy Reach Back", + "properties": { + "addressRangeCIDR": "172.16.1.0/24", + "index": 0, + "location": "East US 2", + "sessionHostPrefix": "Reach", + "vmSku": "Standard_D2s_v5" + } + } ] + }, + "examples": { + "Example intermediary object request": { + "summary": "Example Intermediary object request", + "description": "An example of create offering request body with minimal fields.", + "value": { + "id": "e097a3f5-9599-44a2-8923-fd3276c83ae1", + "kind": "AVD", + "name": "Legacy Reach Back", + "securityClass": "Privileged", + "properties": { + "addressRangeCIDR": "172.16.1.0/24", + "index": 0, + "location": "East US 2", + "sessionHostPrefix": "Reach", + "vmSku": "Standard_D2s_v5" + } + } + } + } } + } }, - "/Api/Defend/User/{userId}/Type/{securityClass}": { - "delete": { - "description": "Deletes the user account and removes the management artifacts.\n\nThis endpoint requires the `User.Privileged.ReadWrite`, `User.Specialized.ReadWrite`, `User.Enterprise.ReadWrite`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", - "operationId": "/Api/Defend/User/:userId/Type/:securityClass/Delete", - "parameters": [ - { - "$ref": "#/components/parameters/securityClass" - }, - { - "$ref": "#/components/parameters/userId" - } - ], - "responses": { - "204": { - "description": "OK: Deleted successfully" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "404": { - "$ref": "#/components/responses/404" - }, - "525": { - "$ref": "#/components/responses/525" - } + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ManagedObject.AvdIntermediary" }, - "summary": "Delete Managed User by ID", - "tags": [ - "User Management" - ] + "examples": { + "Returned AVD intermediary": { + "summary": "Example AVD intermediary returned", + "description": "An example of AVD intermediary object returned that represents an successfully deployed offering.", + "value": { + "addressRangeCIDR": "172.16.1.0/24", + "assignmentGroup": "68873e26-3c35-465c-9422-0884a00beb36", + "index": 0, + "location": "East US 2", + "resourceId": "/subscriptions/742f0d26-daa0-4f84-8d4f-fb052f89f639/resourceGroups/SHIELD_-_PSM-Legacy_Reach_Back/providers/Microsoft.DesktopVirtualization/hostpools/SHIELD_-_PSM-Cluster-Legacy_Reach_Back", + "sessionHostGroup": "f99f0918-da9b-4c58-9a8d-9346abc5d9ec", + "sessionHostPrefix": "Reach", + "vmSku": "Standard_D2s_v5" + } + } + } + } }, - "get": { - "description": "Retrieves the specified managed user by its Entra ID User ID.\n\nThis endpoint requires the `User.Privileged.Read`, `User.Privileged.ReadWrite`, `User.Specialized.Read`, `User.Specialized.ReadWrite`, `User.Enterprise.ReadWrite`, `User.Enterprise.Read`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", - "operationId": "/Api/Defend/User/:userId/Type/:securityClass/Get", - "parameters": [ - { - "$ref": "#/components/parameters/securityClass" - }, - { - "$ref": "#/components/parameters/userId" - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ManagedObject.User" - }, - "examples": { - "Removed user": { - "summary": "Example removed user", - "description": "An example of managed user returned that represents the user has been removed from specified security class successfully.", - "value": { - "creationDate": "2023-10-21T15:24:47.970Z", - "displayName": "Example User (Priv)", - "firstName": "John", - "lastName": "Doe", - "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", - "upn": "priv-user@example.com", - "securityClass": "Privileged", - "uiEducation": false, - "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", - "intermediaryAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ], - "siloAssignmentList": [ - "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", - "593d97dc-9a43-4bc7-9d79-ecde407d7782", - "995f3b39-1e01-40d4-9368-ee956343e97c" - ] - } - } - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "404": { - "$ref": "#/components/responses/404" - }, - "525": { - "$ref": "#/components/responses/525" - } - }, - "summary": "Gets Managed User by ID", - "tags": [ - "User Management" - ] - } + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "404": { + "$ref": "#/components/responses/404" + }, + "525": { + "$ref": "#/components/responses/525" + } }, - "/Api/Defend/Marketplace/Type/{securityClass}/Offering/{offeringId}": { - "post": { - "description": "Creates the offering with the requested settings. In the body payload, the `type` property in the `property` object is ignored. See the AVD example.\n\nThis endpoint requires the `Intermediary.Privileged.ReadWrite`, `Intermediary.Specialized.ReadWrite`, `Intermediary.Enterprise.ReadWrite`, or the `Everything.ReadWrite` scope (permission). The security class parameter in the URL path corresponds to the same permission in the scope. That means if you are granted a privileged role, you can only call the privilege class URL.", - "operationId": "/Api/Defend/Marketplace/Type/:securityClass/Offering/:offeringId/Post", - "parameters": [ - { - "$ref": "#/components/parameters/securityClass" - }, - { - "$ref": "#/components/parameters/offeringId" - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "allOf": [ - { - "$ref": "#/components/schemas/ManagedObject.Intermediary" - }, - { - "properties": { - "properties": { - "$ref": "#/components/schemas/ManagedObject.AvdIntermediary" - } - }, - "type": "object" - } - ], - "examples": [ - { - "name": "Legacy Reach Back", - "properties": { - "addressRangeCIDR": "172.16.1.0/24", - "index": 0, - "location": "East US 2", - "sessionHostPrefix": "Reach", - "vmSku": "Standard_D2s_v5" - } - } - ] - }, - "examples": { - "Example intermediary object request": { - "summary": "Example Intermediary object request", - "description": "An example of create offering request body with minimal fields.", - "value": { - "id": "e097a3f5-9599-44a2-8923-fd3276c83ae1", - "kind": "AVD", - "name": "Legacy Reach Back", - "securityClass": "Privileged", - "properties": { - "addressRangeCIDR": "172.16.1.0/24", - "index": 0, - "location": "East US 2", - "sessionHostPrefix": "Reach", - "vmSku": "Standard_D2s_v5" - } - } - } - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ManagedObject.AvdIntermediary" - }, - "examples": { - "Returned AVD intermediary": { - "summary": "Example AVD intermediary returned", - "description": "An example of AVD intermediary object returned that represents an successfully deployed offering.", - "value": { - "addressRangeCIDR": "172.16.1.0/24", - "assignmentGroup": "68873e26-3c35-465c-9422-0884a00beb36", - "index": 0, - "location": "East US 2", - "resourceId": "/subscriptions/742f0d26-daa0-4f84-8d4f-fb052f89f639/resourceGroups/SHIELD_-_PSM-Legacy_Reach_Back/providers/Microsoft.DesktopVirtualization/hostpools/SHIELD_-_PSM-Cluster-Legacy_Reach_Back", - "sessionHostGroup": "f99f0918-da9b-4c58-9a8d-9346abc5d9ec", - "sessionHostPrefix": "Reach", - "vmSku": "Standard_D2s_v5" - } - } - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "404": { - "$ref": "#/components/responses/404" - }, - "525": { - "$ref": "#/components/responses/525" - } - }, - "summary": "Deploy Marketplace Offering", - "tags": [ - "Marketplace" - ] - } - } + "summary": "Deploy Marketplace Offering", + "tags": ["Marketplace"] + } + } + }, + "security": [ + { + "EntraID": [] + } + ], + "servers": [ + { + "description": "The service", + "url": "/" + } + ], + "tags": [ + { + "description": "Configures the specified web server to support and process the authentication API routes.", + "name": "Core" }, - "security": [ - { - "EntraID": [] - } - ], - "servers": [ - { - "description": "The service", - "url": "/" - } - ], - "tags": [ - { - "description": "Configures the specified web server to support and process the authentication API routes.", - "name": "Core" - }, - { - "description": "Used to manage UI and API authentication.", - "name": "Authentication" - }, - { - "description": "License report creation and retrieval.", - "name": "Discover" - }, - { - "description": "Device lifecycle management.", - "name": "Device Management" - }, - { - "description": "User lifecycle management.", - "name": "User Management" - }, - { - "description": "Manages the lifecycle of the various intermediary system types.", - "name": "Intermediary" - }, - { - "description": "Metadata and deployment management for market offerings. Lifecycle management is not handled in this route.", - "name": "Marketplace" - }, - { - "description": "Checks the status and starts deployment of the core infrastructure.", - "name": "Infrastructure Deployment" - }, - { - "description": "Manage the updates for SHIELD and the policies deployed into the managed environment.", - "name": "Update" - } - ] + { + "description": "Used to manage UI and API authentication.", + "name": "Authentication" + }, + { + "description": "License report creation and retrieval.", + "name": "Discover" + }, + { + "description": "Device lifecycle management.", + "name": "Device Management" + }, + { + "description": "User lifecycle management.", + "name": "User Management" + }, + { + "description": "Manages the lifecycle of the various intermediary system types.", + "name": "Intermediary" + }, + { + "description": "Metadata and deployment management for market offerings. Lifecycle management is not handled in this route.", + "name": "Marketplace" + }, + { + "description": "Checks the status and starts deployment of the core infrastructure.", + "name": "Infrastructure Deployment" + }, + { + "description": "Manage the updates for SHIELD and the policies deployed into the managed environment.", + "name": "Update" + } + ] } From c1a4b05fe5ae65059562cd92ba7f710b2f468963 Mon Sep 17 00:00:00 2001 From: Ferry To Date: Thu, 4 Sep 2025 17:01:57 +0100 Subject: [PATCH 06/28] fix: Add missing examples for POST `/Api/Defend/User/Type/{securityClass}` - also fixed a typo in Security Class schema definition. --- specs/SHIELD.json | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/specs/SHIELD.json b/specs/SHIELD.json index 7edc524..7ada322 100644 --- a/specs/SHIELD.json +++ b/specs/SHIELD.json @@ -135,7 +135,7 @@ "examples": { "Privileged": { "value": "Privileged", - "summary": "Example securityClass", + "summary": "Example security class", "description": "An example enum string that indicates the security class of an managed object is privileged." } } @@ -3652,6 +3652,33 @@ "application/json": { "schema": { "$ref": "#/components/schemas/ManagedObject.User" + }, + "examples": { + "Created or cloned user": { + "summary": "Example user created/cloned", + "description": "An example managed user object returned that represents the user brought into management successfully.", + "value": { + "creationDate": "2023-10-21T15:24:47.970Z", + "displayName": "Example User (Priv)", + "firstName": "John", + "lastName": "Doe", + "id": "9f237e13-9a04-4daf-b3d4-6d2beec3c2bf", + "upn": "priv-user@example.com", + "securityClass": "Privileged", + "uiEducation": false, + "uniqueGroupId": "ad402c42-1bc9-4ba5-9419-7dbfb46a9c4d", + "intermediaryAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ], + "siloAssignmentList": [ + "0390fb3e-c58b-4d73-b02c-eae41ec5e4a5", + "593d97dc-9a43-4bc7-9d79-ecde407d7782", + "995f3b39-1e01-40d4-9368-ee956343e97c" + ] + } + } } } }, From 97945ac7d884544996c7ec3573ea7a09898205a9 Mon Sep 17 00:00:00 2001 From: Ferry To Date: Fri, 5 Sep 2025 12:16:57 +0100 Subject: [PATCH 07/28] fix: Move examples to schema's parent and keep row single value array in schema as fallback. - For Data-Gateway.json - Ensured the examples array exist in both schema level and schema individual property level. - Fixed the following parameters definition: - correlationId - tenantId - channelName - channelRing - version - parentId - dateStart - dateEnd --- specs/Data-Gateway.json | 1933 +++++++++------------------------------ 1 file changed, 414 insertions(+), 1519 deletions(-) diff --git a/specs/Data-Gateway.json b/specs/Data-Gateway.json index 4c59b0b..def780f 100644 --- a/specs/Data-Gateway.json +++ b/specs/Data-Gateway.json @@ -7,9 +7,7 @@ "name": "correlationId", "required": true, "schema": { - "examples": [ - "1d71e0fe-6e4a-464d-a690-80addf3bda55" - ], + "examples": ["1d71e0fe-6e4a-464d-a690-80addf3bda55"], "format": "uuid", "maxLength": 36, "minLength": 36, @@ -17,11 +15,11 @@ "type": "string" }, "examples": { - "valid correlation Id": { - "summary": "Example valid correlation ID", - "description": "An example of a valid correlation ID in type UUID string.", - "value": "1d71e0fe-6e4a-464d-a690-80addf3bda55" - } + "valid correlation Id": { + "summary": "Example valid correlation ID", + "description": "An example of a valid correlation ID in type UUID string.", + "value": "1d71e0fe-6e4a-464d-a690-80addf3bda55" + } } }, "tenantId": { @@ -30,9 +28,7 @@ "name": "tenantId", "required": true, "schema": { - "examples": [ - "b2fd105a-2594-437e-b934-1a62a51c28b4" - ], + "examples": ["b2fd105a-2594-437e-b934-1a62a51c28b4"], "format": "uuid", "maxLength": 36, "minLength": 36, @@ -40,11 +36,11 @@ "type": "string" }, "examples": { - "valid tenant Id": { - "summary": "Example valid tenant ID", - "description": "An example of a valid tenant ID in type UUID string.", - "value": "1d71e0fe-6e4a-464d-a690-80addf3bda55" - } + "valid tenant Id": { + "summary": "Example valid tenant ID", + "description": "An example of a valid tenant ID in type UUID string.", + "value": "1d71e0fe-6e4a-464d-a690-80addf3bda55" + } } }, "channelName": { @@ -53,17 +49,15 @@ "name": "channelName", "required": true, "schema": { - "examples": [ - "beta" - ], + "examples": ["beta"], "type": "string" }, "examples": { - "valid channel name": { - "summary": "Example valid channel name", - "description": "An example string of a valid channel name.", - "value": "stable" - } + "valid channel name": { + "summary": "Example valid channel name", + "description": "An example string of a valid channel name.", + "value": "stable" + } } }, "channelRing": { @@ -72,28 +66,26 @@ "name": "number", "required": true, "schema": { - "examples": [ - 1 - ], + "examples": [1], "type": "integer", "minimum": 0 }, "examples": { - "valid channel ring": { - "summary": "Example valid channel ring", - "description": "An example integer that represents a valid channel ring.", - "value": 1 - }, - "minimum channel ring": { - "summary": "Example minimum channel ring", - "description": "An example integer that represents the minimum valid channel ring.", - "value": 0 - }, - "invalid channel ring": { - "summary": "Example invalid channel ring", - "description": "An example integer that represents an invalid channel ring, which is negative.", - "value": -1 - } + "valid channel ring": { + "summary": "Example valid channel ring", + "description": "An example integer that represents a valid channel ring.", + "value": 1 + }, + "minimum channel ring": { + "summary": "Example minimum channel ring", + "description": "An example integer that represents the minimum valid channel ring.", + "value": 0 + }, + "invalid channel ring": { + "summary": "Example invalid channel ring", + "description": "An example integer that represents an invalid channel ring, which is negative.", + "value": -1 + } } }, "version": { @@ -102,17 +94,15 @@ "name": "version", "required": true, "schema": { - "examples": [ - "1.12.5" - ], + "examples": ["1.12.5"], "type": "string" }, "examples": { - "Valid version number": { - "summary": "Example valid version number", - "description": "An example string represents a valid semantic version number.", - "value": "1.2.3" - } + "Valid version number": { + "summary": "Example valid version number", + "description": "An example string represents a valid semantic version number.", + "value": "1.2.3" + } } }, "parentId": { @@ -121,9 +111,7 @@ "name": "parentId", "required": false, "schema": { - "examples": [ - "3b241101-e2bb-4255-8caf-4136c566a962" - ], + "examples": ["3b241101-e2bb-4255-8caf-4136c566a962"], "format": "uuid", "maxLength": 36, "minLength": 36, @@ -131,11 +119,11 @@ "type": "string" }, "examples": { - "Valid parent ID": { - "summary": "Example valid parent ID", - "description": "An example UUID string that represents a valid parent object ID.", - "value": "3b241101-e2bb-4255-8caf-4136c566a962" - } + "Valid parent ID": { + "summary": "Example valid parent ID", + "description": "An example UUID string that represents a valid parent object ID.", + "value": "3b241101-e2bb-4255-8caf-4136c566a962" + } } }, "dateStart": { @@ -144,19 +132,17 @@ "name": "dateStart", "required": false, "schema": { - "examples": [ - "2025-01-01T00:00:00Z" - ], + "examples": ["2025-01-01T00:00:00Z"], "format": "date-time", "type": "string" }, "examples": { - "Valid start date": { - "summary": "Example valid start date", - "description": "An example ISO8601 date string that represents a valid start date in a query.", - "value": "2025-01-01T00:00:00Z" - } - } + "Valid start date": { + "summary": "Example valid start date", + "description": "An example ISO8601 date string that represents a valid start date in a query.", + "value": "2025-01-01T00:00:00Z" + } + } }, "dateEnd": { "description": "Date string to narrow records selection to those created before or on that date.", @@ -164,19 +150,18 @@ "name": "dateEnd", "required": false, "schema": { - "examples": [ - "2025-02-05T23:59:59Z" - ], + "examples": ["2025-02-05T23:59:59Z"], "format": "date-time", "type": "string" }, "examples": { - "Valid end date": { - "summary": "Example valid end date", - "description": "An example ISO8601 date string that represents a valid end date in a query.", - "value": "2025-02-05T23:59:59Z" - } - } + "Valid end date": { + "summary": "Example valid end date", + "description": "An example ISO8601 date string that represents a valid end date in a query.", + "value": "2025-02-05T23:59:59Z" + } + } + } }, "responses": { @@ -205,30 +190,22 @@ "properties": { "authClient": { "description": "Flag that indicates if the client side authentication validation is working or not.", - "examples": [ - false - ], + "examples": [false], "type": "boolean" }, "authServer": { "description": "Flag that indicates if the server side authentication is working or not.", - "examples": [ - true - ], + "examples": [true], "type": "boolean" }, "bulkStorage": { "description": "Flag that indicates if the bulk storage system is down (`false`) or not (`true`). False indicate the service is not working, true indicates the service is working.", - "examples": [ - true - ], + "examples": [true], "type": "boolean" }, "database": { "description": "Flag that indicates if the ORM (Database) system is down (`false`) or not (`true`). False indicate the service is not working, true indicates the service is working.", - "examples": [ - false - ], + "examples": [false], "type": "boolean" } }, @@ -239,56 +216,25 @@ "database" ], "title": "Core System - Health Report", - "type": "object", - "examples": [ - { - "authClient": false, - "authServer": true, - "bulkStorage": true, - "database": false - } - ] + "type": "object" }, "Chat.OpenAIChatMessage": { "title": "Chat - Message Record", "description": "Object representing entity supplied to the AI agent or a response from the AI Agent", - "examples": [ - { - "role": "assistant", - "content": "What are the available IDs?", - "tool_calls": [ - { - "id": "call_abc123", - "type": "function", - "function": { - "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", - "name": "getCorrelationIDs" - } - } - ] - }, - { - "name": "John Doe", - "role": "user", - "content": [ - { - "text": "What are the available IDs?", - "type": "text" + "examples": [{ + "role": "assistant", + "content": "What are the available IDs?", + "tool_calls": [ + { + "id": "call_abc123", + "type": "function", + "function": { + "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", + "name": "getCorrelationIDs" } - ], - "tool_call_id": "call_abc123", - "tool_calls": [ - { - "id": "call_abc123", - "type": "function", - "function": { - "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", - "name": "getCorrelationIDs" - } - } - ] - } - ], + } + ] + }], "type": "object", "properties": { "content": { @@ -316,31 +262,17 @@ "text", "type" ] - }, - "examples": [ - [ - { - "text": "What are the available IDs?", - "type": "text" - } - ] - ] + } } ] }, "role": { "type": "string", - "description": "The role of the messages author", - "examples": [ - "assistant" - ] + "description": "The role of the messages author" }, "name": { "type": "string", - "description": "An optional name for the participant", - "examples": [ - "John Doe" - ] + "description": "An optional name for the participant" }, "tool_calls": { "type": "array", @@ -350,10 +282,7 @@ "properties": { "id": { "type": "string", - "description": "The ID of the tool call", - "examples": [ - "call_abc121" - ] + "description": "The ID of the tool call" }, "function": { "type": "object", @@ -361,52 +290,24 @@ "properties": { "arguments": { "type": "string", - "description": "The arguments to call the function with", - "examples": [ - "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}" - ] + "description": "The arguments to call the function with" }, "name": { "type": "string", - "description": "The name of the function to call", - "examples": [ - "getCorrelationIDs" - ] - } - }, - "examples": [ - { - "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", - "name": "getCorrelationIDs" + "description": "The name of the function to call" } - ] + } }, "type": { "type": "string", - "description": "The type of the tool. Currently, only `function` is supported", - "examples": [ - "function" - ] + "description": "The type of the tool. Currently, only `function` is supported" } - }, - "examples": [ - { - "id": "call_abc121", - "function": { - "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", - "name": "getCorrelationIDs" - }, - "type": "function" - } - ] + } } }, "tool_call_id": { "type": "string", - "description": "Tool call that this message is responding to", - "examples": [ - "call_abc123" - ] + "description": "Tool call that this message is responding to" } }, "required": [ @@ -416,64 +317,50 @@ }, "LicenseReport.CorrelationRecord": { "description": "Metadata that describes the execution session (run) that is used to tie/relate all of the license report together.", - "examples": [ - { - "auditTenantAccount": "priv-user@example.com", - "correlationId": "9d838115-0868-45d4-b8a5-98adc1af7e42", - "reportTenantAccount": "ent-user@example.com", - "tenantId": "7e536189-b2dd-4c8b-98b1-9b174777883f", - "createdAt": "2024-08-01T21:13:12.821Z", - "updatedAt": "2024-08-01T21:13:12.821Z" - } - ], + "examples": [{ + "auditTenantAccount": "priv-user@example.com", + "correlationId": "9d838115-0868-45d4-b8a5-98adc1af7e42", + "reportTenantAccount": "ent-user@example.com", + "tenantId": "7e536189-b2dd-4c8b-98b1-9b174777883f", + "createdAt": "2024-08-01T21:13:12.821Z", + "updatedAt": "2024-08-01T21:13:12.821Z" + }], "properties": { "auditTenantAccount": { "description": "The user account used to retrieve the license information in the tenant being audited.", - "examples": [ - "admin-user@example.com" - ], + "examples": ["admin-user@example.com"], "format": "email", "type": "string" }, "correlationId": { "description": "The ID of the execution session (run) that is used to tie/relate all of the data together.", - "examples": [ - "88da2253-758f-4135-9d37-64448c8b65c1" - ], + "examples": ["88da2253-758f-4135-9d37-64448c8b65c1"], "format": "uuid", "type": "string", "pattern": "^\\w+-\\w+-\\w+-\\w+-\\w+$" }, "reportTenantAccount": { "description": "User account used to store/report the license report to the SHI Lab cloud service.", - "examples": [ - "generic-user@example.com" - ], + "examples": ["generic-user@example.com"], "format": "email", "type": "string" }, "tenantId": { "description": "Unique ID of customer's Microsoft tenant that the license report is for.", - "examples": [ - "0e1fe83f-a33f-4250-8546-225b8d45ae01" - ], + "examples": ["0e1fe83f-a33f-4250-8546-225b8d45ae01"], "format": "uuid", "type": "string", "pattern": "^\\w+-\\w+-\\w+-\\w+-\\w+$" }, "createdAt": { "description": "Timestamp of when the report was created.", - "examples": [ - "2024-08-01T21:12:22.148Z" - ], + "examples": ["2024-08-01T21:12:22.148Z"], "format": "date-time", "type": "string" }, "updatedAt": { "description": "Timestamp of when the report was last updated.", - "examples": [ - "2024-08-01T21:12:22.148Z" - ], + "examples": ["2024-08-01T21:12:22.148Z"], "format": "date-time", "type": "string" } @@ -489,25 +376,10 @@ "properties": { "assignedLicense": { "additionalProperties": { - "oneOf": [ - { - "type": "integer", - "examples": [ - 0 - ] - }, - { - "type": "null" - } - ] + "type": "integer" }, "description": "License assignment on the specified principal.", - "type": "object", - "examples": [ - { - "eec0eb4f-6444-4f95-aba0-50c24d67f998": 0 - } - ] + "type": "object" }, "assignedService": { "additionalProperties": { @@ -517,32 +389,12 @@ }, { "type": "integer", - "format": "int32", - "examples": [ - 0 - ] - }, - { - "type": "null" + "format": "int32" } ] }, "description": "Service configuration assignment. This is used to record the set of principals that are \"benefiting\" from the service, regardless of license status.", - "type": "object", - "examples": [ - { - "eec0eb4f-6444-4f95-aba0-50c24d67f998": 0, - "4b0d28f2-c1ce-48ae-a7d2-1caaa7825891": null - }, - { - "eec0eb4f-6444-4f95-aba0-50c24d67f998": { - "Conditional Access": false, - "Access Review": true, - "Entitlement Management": false, - "Identity Protection": true - } - } - ] + "type": "object" }, "consumedService": { "additionalProperties": { @@ -552,32 +404,12 @@ }, { "type": "integer", - "format": "int32", - "examples": [ - 0 - ] - }, - { - "type": "null" + "format": "int32" } ] }, "description": "Usage telemetry retrieved for the service to indicate if the specific principal is consuming the service or not, regardless of license status.", - "type": "object", - "examples": [ - { - "eec0eb4f-6444-4f95-aba0-50c24d67f998": { - "Conditional Access": true, - "Access Review": false, - "Entitlement Management": false, - "Identity Protection": true - } - }, - { - "eec0eb4f-6444-4f95-aba0-50c24d67f998": 0, - "4b0d28f2-c1ce-48ae-a7d2-1caaa7825891": null - } - ] + "type": "object" } }, "required": [ @@ -586,125 +418,112 @@ "consumedService" ], "description": "Collection of principals that have had their in-use licenses and assigned licenses. Where the key is the principal ID and the value is the insights.", - "examples": [ - { - "assignedLicense": { - "eec0eb4f-6444-4f95-aba0-50c24d67f998": 0, - "41781fb2-bc02-4b7c-bd55-b576c07bb09d": 1, - "7159f980-6f83-4b67-bf41-e172b3ae1352": 2 + "examples": [{ + "assignedLicense": { + "eec0eb4f-6444-4f95-aba0-50c24d67f998": null, + "41781fb2-bc02-4b7c-bd55-b576c07bb09d": null, + "7159f980-6f83-4b67-bf41-e172b3ae1352": null + }, + "assignedService": { + "eec0eb4f-6444-4f95-aba0-50c24d67f998": { + "Conditional Access": false, + "Access Review": true, + "Entitlement Management": false, + "Identity Protection": true }, - "assignedService": { - "eec0eb4f-6444-4f95-aba0-50c24d67f998": { - "Conditional Access": false, - "Access Review": true, - "Entitlement Management": false, - "Identity Protection": true - }, - "41781fb2-bc02-4b7c-bd55-b576c07bb09d": { - "Conditional Access": true, - "Dynamic Group": false, - "Group Naming": true, - "On-Prem SSPR": false, - "Group Expiration": true, - "Provisioning Engine": true, - "Enterprise State Roaming": false - }, - "6511755b-c27d-4c66-a59e-b835e6b54e7f": null + "41781fb2-bc02-4b7c-bd55-b576c07bb09d": { + "Conditional Access": true, + "Dynamic Group": false, + "Group Naming": true, + "On-Prem SSPR": false, + "Group Expiration": true, + "Provisioning Engine": true, + "Enterprise State Roaming": false }, - "consumedService": { - "eec0eb4f-6444-4f95-aba0-50c24d67f998": { - "Conditional Access": true, - "Access Review": false, - "Entitlement Management": false, - "Identity Protection": true - }, - "41781fb2-bc02-4b7c-bd55-b576c07bb09d": { - "Conditional Access": true, - "Dynamic Group": false, - "Group Naming": true, - "On-Prem SSPR": false, - "Group Expiration": true, - "Provisioning Engine": true, - "Enterprise State Roaming": false - }, - "4b0d28f2-c1ce-48ae-a7d2-1caaa7825891": null, - "c90f1a25-e6cd-4163-ac6c-ca7616c585a9": null - } + "6511755b-c27d-4c66-a59e-b835e6b54e7f": null + }, + "consumedService": { + "eec0eb4f-6444-4f95-aba0-50c24d67f998": { + "Conditional Access": true, + "Access Review": false, + "Entitlement Management": false, + "Identity Protection": true + }, + "41781fb2-bc02-4b7c-bd55-b576c07bb09d": { + "Conditional Access": true, + "Dynamic Group": false, + "Group Naming": true, + "On-Prem SSPR": false, + "Group Expiration": true, + "Provisioning Engine": true, + "Enterprise State Roaming": false + }, + "4b0d28f2-c1ce-48ae-a7d2-1caaa7825891": null, + "c90f1a25-e6cd-4163-ac6c-ca7616c585a9": null } - ], + }], "title": "License Report - License Data" }, "LicenseReport.FeatureBreakdown": { "additionalProperties": { - "type": "boolean", - "examples": [ - true - ] + "type": "boolean" }, "description": "List of features that are configured for the specific service plan's service configuration for the related principal.\nThe key is the name of the feature that is being described.\nThe value is the state of the feature configuration, `true` is in scope and `false` meaning not in scope.", - "examples": [ - { - "Conditional Access": true, - "Access Reviews": true, - "Dynamic Groups": false, - "On-Prem Password Rest": true, - "On-Prem Password Protection": false - } - ], + "examples": [{ + "Conditional Access": true, + "Access Reviews": true, + "Dynamic Groups": false, + "On-Prem Password Rest": true, + "On-Prem Password Protection": false + }], "title": "License Report - Feature Breakdown", "type": "object" }, "LicenseReport": { "description": "Completely calculated license report structure that is the result of a complete run.", - "examples": [ - { - "availableLicense": { - "e17b13ee-9749-488b-9289-d31a8fde045d": 123, - "2d995b6a-d4aa-4d8d-a03c-372ecb66509d": 456, - "cbf6ee7c-c3c1-44a6-9f18-020c65536470": 789 - }, - "correlation": { - "auditTenantAccount": "admin-user@example.com", - "correlationId": "88da2253-758f-4135-9d37-64448c8b65c1", - "reportTenantAccount": "generic-user@example.com", - "tenantId": "0e1fe83f-a33f-4250-8546-225b8d45ae01" - }, - "licenseData": { - "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { - "assignedLicense": { - "e17b13ee-9749-488b-9289-d31a8fde045d": 0 - }, - "assignedService": { - "cbf6ee7c-c3c1-44a6-9f18-020c65536470": 0, - "c7bcba35-199c-41e5-8c8d-6d4e4aad8964": null - }, - "consumedService": { - "fe98c41a-d931-4f6f-a5bc-750ba7144a77": null, - "0474bdf1-ee76-4aff-a65c-6f82e5e1d5a6": { - "Something Here": true, - "Other Obscure feature": false - } + "examples": [{ + "availableLicense": { + "e17b13ee-9749-488b-9289-d31a8fde045d": 123, + "2d995b6a-d4aa-4d8d-a03c-372ecb66509d": 456, + "cbf6ee7c-c3c1-44a6-9f18-020c65536470": 789 + }, + "correlation": { + "auditTenantAccount": "admin-user@example.com", + "correlationId": "88da2253-758f-4135-9d37-64448c8b65c1", + "reportTenantAccount": "generic-user@example.com", + "tenantId": "0e1fe83f-a33f-4250-8546-225b8d45ae01" + }, + "licenseData": { + "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { + "assignedLicense": { + "e17b13ee-9749-488b-9289-d31a8fde045d": null + }, + "assignedService": { + "cbf6ee7c-c3c1-44a6-9f18-020c65536470": null, + "c7bcba35-199c-41e5-8c8d-6d4e4aad8964": null + }, + "consumedService": { + "fe98c41a-d931-4f6f-a5bc-750ba7144a77": null, + "0474bdf1-ee76-4aff-a65c-6f82e5e1d5a6": { + "Something Here": true, + "Other Obscure feature": false } } } } - ], + }], "type": "object", "properties": { "availableLicense": { "additionalProperties": { - "examples": [ - 1234 - ], + "examples": [1234], "type": "integer" }, "description": "Breakdown of the purchased licenses/service plans available in the tenant being audited for this run. Where the key is the ID of the service plan and the value is how many licenses are available/purchase for it.", - "examples": [ - { - "eec0eb4f-6444-4f95-aba0-50c24d67f998": 1234, - "41781fb2-bc02-4b7c-bd55-b576c07bb09d": 123 - } - ], + "examples": [{ + "eec0eb4f-6444-4f95-aba0-50c24d67f998": 1234, + "41781fb2-bc02-4b7c-bd55-b576c07bb09d": 123 + }], "title": "License Report - Available Licenses", "type": "object" }, @@ -729,9 +548,7 @@ "properties": { "correlationId": { "description": "Used to correlate the license entitlements with other records.", - "examples": [ - "e097a3f5-9599-44a2-8923-fd3276c83ae1" - ], + "examples": ["e097a3f5-9599-44a2-8923-fd3276c83ae1"], "format": "uuid", "maxLength": 36, "minLength": 36, @@ -741,128 +558,96 @@ }, "enterpriseDeviceCount": { "description": "Count of Enterprise Devices that are allowed to be managed.", - "examples": [ - 5 - ], + "examples": [5], "format": "int32", "type": "integer" }, "enterpriseInterfaceCount": { "description": "Count of Enterprise Interfaces that are allowed to be managed.", - "examples": [ - 6 - ], + "examples": [6], "format": "int32", "type": "integer" }, "enterpriseIntermediaryCount": { "description": "Count of Enterprise Intermediaries that are allowed to be managed.", - "examples": [ - 7 - ], + "examples": [7], "format": "int32", "type": "integer" }, "enterpriseUserCount": { "description": "Count of Enterprise Users that are allowed to be managed.", - "examples": [ - 8 - ], + "examples": [8], "format": "int32", "type": "integer" }, "notValidAfter": { "description": "Date that the entitlement expires at.", - "examples": [ - "2024-07-30T17:35:24.044Z" - ], + "examples": ["2024-07-30T17:35:24.044Z"], "format": "date-time", "type": "string" }, "notValidBefore": { "description": "Date that the entitlement becomes active at.", - "examples": [ - "2024-07-30T17:37:15.300Z" - ], + "examples": ["2024-07-30T17:37:15.300Z"], "format": "date-time", "type": "string" }, "privilegedDeviceCount": { "description": "Count of Privileged Devices (PAW) that are allowed to be managed.", - "examples": [ - 9 - ], + "examples": [9], "format": "int32", "type": "integer" }, "privilegedInterfaceCount": { "description": "Count of Privileged Interfaces that are allowed to be managed.", - "examples": [ - 10 - ], + "examples": [10], "format": "int32", "type": "integer" }, "privilegedIntermediaryCount": { "description": "Count of Privileged Intermediaries that are allowed to be managed.", - "examples": [ - 11 - ], + "examples": [11], "format": "int32", "type": "integer" }, "privilegedUserCount": { "description": "Count of Privileged Users that are allowed to be managed.", - "examples": [ - 12 - ], + "examples": [12], "format": "int32", "type": "integer" }, "purchaseId": { "description": "This could be any value used to correlate the purchase operation to this entitlement record.", - "examples": [ - "Bob's your uncle." - ], + "examples": ["Bob's your uncle."], "type": "string" }, "specializedDeviceCount": { "description": "Count of Specialized Devices that are allowed to be managed.", - "examples": [ - 13 - ], + "examples": [13], "format": "int32", "type": "integer" }, "specializedInterfaceCount": { "description": "Count of Specialized Interfaces that are allowed to be managed.", - "examples": [ - 14 - ], + "examples": [14], "format": "int32", "type": "integer" }, "specializedIntermediaryCount": { "description": "Count of Specialized Intermediaries that are allowed to be managed.", - "examples": [ - 15 - ], + "examples": [15], "format": "int32", "type": "integer" }, "specializedUserCount": { "description": "Count of Specialized Users that are allowed to be managed.", - "examples": [ - 15 - ], + "examples": [15], "format": "int32", "type": "integer" }, "tenantId": { "description": "Tenant that this license entitlement is valid for.", - "examples": [ - "a2a1698d-a3e0-42d3-96a4-47eb3e8f7dd1" - ], + "examples": ["a2a1698d-a3e0-42d3-96a4-47eb3e8f7dd1"], "format": "uuid", "maxLength": 36, "minLength": 36, @@ -889,124 +674,79 @@ "tenantId" ], "title": "License Entitlement - SHIELD Record", - "type": "object", - "examples": [ - { - "correlationId": "e097a3f5-9599-44a2-8923-fd3276c83ae1", - "enterpriseDeviceCount": 5, - "enterpriseInterfaceCount": 6, - "enterpriseIntermediaryCount": 7, - "enterpriseUserCount": 8, - "notValidAfter": "2024-07-30T17:35:24.044Z", - "notValidBefore": "2024-07-30T17:37:15.300Z", - "privilegedDeviceCount": 9, - "privilegedInterfaceCount": 10, - "privilegedIntermediaryCount": 11, - "privilegedUserCount": 12, - "purchaseId": "any arbitrary string as purchaseId", - "specializedDeviceCount": 13, - "specializedInterfaceCount": 14, - "specializedIntermediaryCount": 15, - "specializedUserCount": 15, - "tenantId": "a2a1698d-a3e0-42d3-96a4-47eb3e8f7dd1" - } - ] + "type": "object" }, "LicenseEntitlement.Shield.Count": { "properties": { "enterpriseDeviceCount": { "description": "Count of Enterprise Devices that are allowed to be managed.", - "examples": [ - 5 - ], + "examples": [5], "format": "int32", "type": "integer" }, "enterpriseInterfaceCount": { "description": "Count of Enterprise Interfaces that are allowed to be managed.", - "examples": [ - 3 - ], + "examples": [3], "format": "int32", "type": "integer" }, "enterpriseIntermediaryCount": { "description": "Count of Enterprise Intermediaries that are allowed to be managed.", - "examples": [ - 7 - ], + "examples": [7], "format": "int32", "type": "integer" }, "enterpriseUserCount": { "description": "Count of Enterprise Users that are allowed to be managed.", - "examples": [ - 8 - ], + "examples": [8], "format": "int32", "type": "integer" }, "privilegedDeviceCount": { "description": "Count of Privileged Devices (PAW) that are allowed to be managed.", - "examples": [ - 9 - ], + "examples": [9], "format": "int32", "type": "integer" }, "privilegedInterfaceCount": { "description": "Count of Privileged Interfaces that are allowed to be managed.", - "examples": [ - 10 - ], + "examples": [10], "format": "int32", "type": "integer" }, "privilegedIntermediaryCount": { "description": "Count of Privileged Intermediaries that are allowed to be managed.", - "examples": [ - 11 - ], + "examples": [11], "format": "int32", "type": "integer" }, "privilegedUserCount": { "description": "Count of Privileged Users that are allowed to be managed.", - "examples": [ - 12 - ], + "examples": [12], "format": "int32", "type": "integer" }, "specializedDeviceCount": { "description": "Count of Specialized Devices that are allowed to be managed.", - "examples": [ - 13 - ], + "examples": [13], "format": "int32", "type": "integer" }, "specializedInterfaceCount": { "description": "Count of Specialized Interfaces that are allowed to be managed.", - "examples": [ - 14 - ], + "examples": [14], "format": "int32", "type": "integer" }, "specializedIntermediaryCount": { "description": "Count of Specialized Intermediaries that are allowed to be managed.", - "examples": [ - 15 - ], + "examples": [15], "format": "int32", "type": "integer" }, "specializedUserCount": { "description": "Count of Specialized Users that are allowed to be managed.", - "examples": [ - 15 - ], + "examples": [15], "format": "int32", "type": "integer" } @@ -1026,135 +766,79 @@ "specializedUserCount" ], "title": "License Entitlement - Active SHIELD Count", - "type": "object", - "examples": [ - { - "enterpriseDeviceCount": 5, - "enterpriseInterfaceCount": 3, - "enterpriseIntermediaryCount": 7, - "enterpriseUserCount": 8, - "privilegedDeviceCount": 9, - "privilegedInterfaceCount": 10, - "privilegedIntermediaryCount": 11, - "privilegedUserCount": 12, - "specializedDeviceCount": 13, - "specializedInterfaceCount": 14, - "specializedIntermediaryCount": 15, - "specializedUserCount": 15 - } - ] + "type": "object" }, "Telemetry.Shield": { "properties": { "correlationId": { "description": "Primary key for the table, used to correlate multiple telemetry records together.", "format": "uuid", - "type": "string", - "examples": [ - "1d71e0fe-6e4a-464d-a690-80addf3bda55" - ] + "type": "string" }, "enterpriseDeviceCount": { "description": "Count of Enterprise Devices that are deployed in the CX environment.", "type": "integer", - "minimum": 0, - "examples": [ - 0 - ] + "minimum": 0 }, "enterpriseInterfaceCount": { "description": "Number of active Enterprise interfaces.", "type": "integer", - "minimum": 0, - "examples": [ - 0 - ] + "minimum": 0 }, "enterpriseIntermediaryCount": { "description": "Number of active Enterprise intermediaries.", "type": "integer", - "minimum": 0, - "examples": [ - 0 - ] + "minimum": 0 }, "enterpriseUserCount": { "description": "Count of Enterprise Users that are deployed in the CX environment.", "type": "integer", - "minimum": 0, - "examples": [ - 0 - ] + "minimum": 0 }, "monthlyActiveEntUsers": { "description": "Number of active managed Enterprise users.", "type": "integer", - "minimum": 0, - "examples": [ - 0 - ] + "minimum": 0 }, "monthlyActivePrivUsers": { "description": "Number of active managed privileged users.", "type": "integer", - "minimum": 0, - "examples": [ - 0 - ] + "minimum": 0 }, "monthlyActiveSpecUsers": { "description": "Number of active managed Specialized users.", "type": "integer", - "minimum": 0, - "examples": [ - 0 - ] + "minimum": 0 }, "privilegedDeviceCount": { "description": "Count of Privileged Devices (PAW) that are deployed in the CX environment.", "type": "integer", - "minimum": 0, - "examples": [ - 0 - ] + "minimum": 0 }, "privilegedInterfaceCount": { "description": "Number of active Privileged interfaces.", "type": "integer", - "minimum": 0, - "examples": [ - 0 - ] + "minimum": 0 }, "privilegedIntermediaryCount": { "description": "Number of active Privileged intermediaries.", "type": "integer", - "minimum": 0, - "examples": [ - 0 - ] + "minimum": 0 }, "privilegedUserCount": { "description": "Count of Privileged Users that are deployed in the CX environment.", "type": "integer", - "minimum": 0, - "examples": [ - 0 - ] + "minimum": 0 }, "shieldArchitectureVersion": { "description": "Version number of the architecture that is deployed.", - "examples": [ - "27" - ], + "examples": ["27"], "type": "string", - "minLength": 1 + "minimum": 1 }, "shieldCoreVersion": { "description": "Version number of the product that the product is running.", - "examples": [ - "2.5.6" - ], + "examples": ["2.5.6"], "type": "string" }, "specializedDeviceCount": { @@ -1179,24 +863,18 @@ }, "tenantId": { "description": "Tenant ID for the CX in question.", - "examples": [ - "5ae80362-6fe8-4ab1-9b6d-8dfa99d91657" - ], + "examples": ["5ae80362-6fe8-4ab1-9b6d-8dfa99d91657"], "type": "string" }, "createdAt": { "description": "Timestamp on when the record was created. This is auto managed by sequelize.", - "examples": [ - "2024-08-02T23:48:50.231Z" - ], + "examples": ["2024-08-02T23:48:50.231Z"], "format": "date-time", "type": "string" }, "updatedAt": { "description": "Timestamp on when the record was last updated. This is auto managed by sequelize.", - "examples": [ - "2024-08-02T23:48:50.231Z" - ], + "examples": ["2024-08-02T23:48:50.231Z"], "format": "date-time", "type": "string" } @@ -1221,41 +899,14 @@ "specializedUserCount" ], "title": "Application Telemetry - SHIELD", - "type": "object", - "examples": [ - { - "correlationId": "1d71e0fe-6e4a-464d-a690-80addf3bda55", - "enterpriseDeviceCount": 0, - "enterpriseInterfaceCount": 0, - "enterpriseIntermediaryCount": 0, - "enterpriseUserCount": 0, - "monthlyActiveEntUsers": 0, - "monthlyActivePrivUsers": 0, - "monthlyActiveSpecUsers": 0, - "privilegedDeviceCount": 0, - "privilegedInterfaceCount": 0, - "privilegedIntermediaryCount": 0, - "privilegedUserCount": 0, - "shieldArchitectureVersion": "27", - "shieldCoreVersion": "2.5.6", - "specializedDeviceCount": 3, - "specializedInterfaceCount": 2, - "specializedIntermediaryCount": 1, - "specializedUserCount": 0, - "tenantId": "5ae80362-6fe8-4ab1-9b6d-8dfa99d91657", - "createdAt": "2024-08-02T23:48:50.231Z", - "updatedAt": "2024-08-02T23:48:50.231Z" - } - ] + "type": "object" }, "Update.Shield.Check": { "description": "Object returning the value of the version of the latest application package available.", "properties": { "updateVersion": { "description": "Latest found version of the application package.", - "examples": [ - "1.12.5" - ], + "examples": ["1.12.5"], "type": "string" } }, @@ -1263,35 +914,24 @@ "updateVersion" ], "title": "Update SHIELD Check - latest application package version", - "type": "object", - "examples": [ - { - "updateVersion": "1.12.5" - } - ] + "type": "object" }, "Update.Shield.Channel": { "description": "Channel configuration for the SHIELD update service.", "properties": { "latest": { "description": "Version number of the latest update available to the chanel.", - "examples": [ - "1.12.5" - ], + "examples": ["1.12.5"], "type": "string" }, "name": { "description": "(Unique) Name of the update channel that this configuration belongs to.", - "examples": [ - "stable" - ], + "examples": ["stable"], "type": "string" }, "previous": { "description": "Version number of the number that is being replaced via ring deployment, available to all rings at the minimum.", - "examples": [ - "1.12.4" - ], + "examples": ["1.12.4"], "type": "string" } }, @@ -1301,30 +941,19 @@ "previous" ], "title": "SHIELD Update - Channel", - "type": "object", - "examples": [ - { - "latest": "1.12.5", - "name": "stable", - "previous": "1.12.4" - } - ] + "type": "object" }, "Update.Shield.Channel.Ring": { "description": "Object containing channel ring configuration.", "properties": { "latest": { "description": "Flag that indicates if the ring should be operating off of the latest version number provided by the channel (`true`) or the previous (`false`).", - "examples": [ - true - ], + "examples": [true], "type": "boolean" }, "number": { "description": "Ring number that this configuration belongs to.", - "examples": [ - 1 - ], + "examples": [1], "type": "integer", "minimum": 0 } @@ -1334,43 +963,29 @@ "number" ], "title": "Update SHIELD Channel Ring - configuration entry", - "type": "object", - "examples": [ - { - "latest": true, - "number": 1 - } - ] + "type": "object" }, "Update.Shield.Tenant": { "description": "Object containing tenant update configuration.", "properties": { "alphaEnabled": { "description": "Flag that indicates if the current tenant is allowed to request alpha builds (`true`) or not (`false`).", - "examples": [ - false - ], + "examples": [false], "type": "boolean" }, "channel": { "description": "Name of the deploy channel.", - "examples": [ - "stable" - ], + "examples": ["stable"], "type": "string" }, "ring": { "description": "Ring number that the client is a member of for the current chanel.", - "examples": [ - 1 - ], + "examples": [1], "type": "integer" }, "tenantId": { "description": "Tenant ID that the configuration belongs to.", - "examples": [ - "a2a1698d-a3e0-42d3-96a4-47eb3e8f7dd1" - ], + "examples": ["a2a1698d-a3e0-42d3-96a4-47eb3e8f7dd1"], "format": "uuid", "maxLength": 36, "minLength": 36, @@ -1385,15 +1000,7 @@ "tenantId" ], "title": "Update SHIELD Tenant - configuration entry", - "type": "object", - "examples": [ - { - "alphaEnabled": false, - "channel": "stable", - "ring": 1, - "tenantId": "1d71e0fe-6e4a-464d-a690-80addf3bda55" - } - ] + "type": "object" }, "TenantDetails": { "title": "Tenant Details Record", @@ -1401,9 +1008,7 @@ "properties": { "tenantId": { "description": "The object ID of the tenant record", - "examples": [ - "1c4d2f3b-2e4b-4a5b-8c6d-7e8f9a0b1c2d" - ], + "examples": ["1c4d2f3b-2e4b-4a5b-8c6d-7e8f9a0b1c2d"], "format": "uuid", "maxLength": 36, "minLength": 36, @@ -1412,16 +1017,12 @@ }, "tenantDisplayName": { "description": "Human readable name for the tenant record", - "examples": [ - "Contoso - Prod" - ], + "examples": ["Contoso - Prod"], "type": "string" }, "parentId": { "description": "The object ID of the tenant that is considered a parent to this record", - "examples": [ - "22354a3f-2e21-4bd2-8327-dc842cfa80c8" - ], + "examples": ["22354a3f-2e21-4bd2-8327-dc842cfa80c8"], "format": "uuid", "maxLength": 36, "minLength": 36, @@ -1436,17 +1037,12 @@ "maxLength": 36, "minLength": 36, "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string", - "examples": [ - "fd9a6a53-594d-41aa-950a-b21ff41d4688" - ] + "type": "string" }, - "examples": [ - [ - "fd9a6a53-594d-41aa-950a-b21ff41d4688", - "54fc12cd-403d-4c48-be12-86b807e958d3" - ] - ] + "examples": [[ + "fd9a6a53-594d-41aa-950a-b21ff41d4688", + "54fc12cd-403d-4c48-be12-86b807e958d3" + ]] } }, "type": "object", @@ -1455,17 +1051,6 @@ "tenantDisplayName", "parentId", "authorizedPrincipalList" - ], - "examples": [ - { - "tenantId": "1c4d2f3b-2e4b-4a5b-8c6d-7e8f9a0b1c2d", - "tenantDisplayName": "Contoso - Prod", - "parentId": "22354a3f-2e21-4bd2-8327-dc842cfa80c8", - "authorizedPrincipalList": [ - "fd9a6a53-594d-41aa-950a-b21ff41d4688", - "54fc12cd-403d-4c48-be12-86b807e958d3" - ] - } ] } }, @@ -1507,28 +1092,6 @@ "application/json": { "schema": { "$ref": "#/components/schemas/Core.HealthReport" - }, - "examples": { - "Auth system failure": { - "summary": "Example health report - Auth failure", - "description": "An example health report returned indicates the authentication components are not working.", - "value": { - "authClient": false, - "authServer": false, - "bulkStorage": true, - "database": true - } - }, - "Storage system failure": { - "summary": "Example health report - Storage failure", - "description": "An example health report returned indicates the storage components are not working.", - "value": { - "authClient": true, - "authServer": true, - "bulkStorage": false, - "database": false - } - } } } } @@ -1550,8 +1113,8 @@ "application/json": { "examples": [{ "License Report": { - "description": "Sample, truncated report from an example customer environment. The request body is the License Report that to be stored.", - "summary": "Example License Report Request", + "description": "Sample, truncated report from an example customer environment.", + "summary": "License Report", "value": { "availableLicense": { "3d282045-ec7f-4813-88e2-29b74ee609f7": 123456, @@ -1618,8 +1181,8 @@ "application/json": { "examples": [{ "License Report": { - "description": "Sample, truncated report from an example customer environment. This will return the same report as the request input.", - "summary": "Example of license report stored.", + "description": "Sample, truncated report from an example customer environment.", + "summary": "License Report", "value": { "availableLicense": { "3d282045-ec7f-4813-88e2-29b74ee609f7": 123456, @@ -1711,9 +1274,9 @@ "200": { "content": { "application/json": { - "examples": { - "Example Correlation Records": { - "description": "Sample list of correlation records for the current authenticated tenant.", + "examples": [{ + "Example License Report": { + "description": "Sample list of correlation records for the authenticated tenant.", "summary": "Available Correlation Records", "value": [ { @@ -1740,27 +1303,7 @@ "minItems": 0, "items": { "$ref": "#/components/schemas/LicenseReport.CorrelationRecord" - }, - "examples": [ - [ - { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", - "createdAt": "2024-08-01T21:14:45.026Z", - "updatedAt": "2024-08-01T21:14:45.026Z" - }, - { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "d8095827-a313-40e1-b086-f72636de0edf", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", - "createdAt": "2024-07-25T21:14:45.026Z", - "updatedAt": "2024-07-25T21:14:45.026Z" - } - ] - ] + } } } }, @@ -1798,9 +1341,9 @@ "200": { "content": { "application/json": { - "examples": { - "Example Correlation Records": { - "description": "Sample list of correlation records for the specified tenant.", + "examples": [{ + "Example License Report": { + "description": "Sample list of correlation records for the authenticated tenant.", "summary": "Available Correlation Records", "value": [ { @@ -1827,27 +1370,7 @@ "minItems": 0, "items": { "$ref": "#/components/schemas/LicenseReport.CorrelationRecord" - }, - "examples": [ - [ - { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", - "createdAt": "2024-08-01T21:14:45.026Z", - "updatedAt": "2024-08-01T21:14:45.026Z" - }, - { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "d8095827-a313-40e1-b086-f72636de0edf", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", - "createdAt": "2024-07-25T21:14:45.026Z", - "updatedAt": "2024-07-25T21:14:45.026Z" - } - ] - ] + } } } }, @@ -1882,10 +1405,10 @@ "200": { "content": { "application/json": { - "examples": { - "Example License Report": { - "description": "Sample, truncated license report from an example customer environment for a correlation record of the current authenticated tenant.", - "summary": "Example License Report", + "examples": [{ + "License Report": { + "description": "Sample, truncated report from an example customer environment.", + "summary": "License Report", "value": { "availableLicense": { "3d282045-ec7f-4813-88e2-29b74ee609f7": 123456, @@ -2006,8 +1529,8 @@ "application/json": { "examples": [{ "License Report": { - "description": "Sample, truncated report from an example customer environment for a correlation record of the specified tenant.", - "summary": "Example License Report", + "description": "Sample, truncated report from an example customer environment.", + "summary": "License Report", "value": { "availableLicense": { "3d282045-ec7f-4813-88e2-29b74ee609f7": 123456, @@ -2127,26 +1650,6 @@ "items": { "$ref": "#/components/schemas/Chat.OpenAIChatMessage" } - }, - "examples": { - "Tool call": { - "summary": "Example tool call request", - "description": "An example request that represent a message initiated by the chat assistant to call a tool function for the currently authenticated tenant.", - "value": { - "role": "assistant", - "content": "What are the available IDs?", - "tool_calls": [ - { - "id": "call_abc123", - "type": "function", - "function": { - "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", - "name": "getCorrelationIDs" - } - } - ] - } - } } } } @@ -2156,48 +1659,46 @@ "content": { "application/json": { "schema": { - "examples": [ - { - "messageList": [ - { - "role": "user", - "content": "Hello" - }, - { - "role": "assistant", - "content": "Hello, how can I assist you today?" - }, - { - "role": "user", - "content": "Can you show me what correlation records I have?" - }, - { - "role": "assistant", - "content": "What are the available IDs?", - "tool_calls": [ - { - "id": "call_abc123", - "type": "function", - "function": { - "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", - "name": "getCorrelationIDs" - } + "examples": [{ + "messageList": [ + { + "role": "user", + "content": "Hello" + }, + { + "role": "assistant", + "content": "Hello, how can I assist you today?" + }, + { + "role": "user", + "content": "Can you show me what correlation records I have?" + }, + { + "role": "assistant", + "content": "What are the available IDs?", + "tool_calls": [ + { + "id": "call_abc123", + "type": "function", + "function": { + "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", + "name": "getCorrelationIDs" } - ] - }, - { - "role": "tool", - "content": "{\"825a9d7e-0b62-4392-b8ef-ab6951a46ebd\":\"2025-07-03T18:39:50.828Z\",\"744c0878-3a82-48a7-b239-a1d4b9298a69\":\"2025-07-07T21:01:20.995Z\"}", - "tool_call_id": "call_abc123" - }, - { - "role": "assistant", - "content": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" - } - ], - "responseText": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" - } - ], + } + ] + }, + { + "role": "tool", + "content": "{\"825a9d7e-0b62-4392-b8ef-ab6951a46ebd\":\"2025-07-03T18:39:50.828Z\",\"744c0878-3a82-48a7-b239-a1d4b9298a69\":\"2025-07-07T21:01:20.995Z\"}", + "tool_call_id": "call_abc123" + }, + { + "role": "assistant", + "content": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" + } + ], + "responseText": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" + }], "type": "object", "properties": { "messageList": { @@ -2205,105 +1706,17 @@ "description": "List of message objects in current conversation", "items": { "$ref": "#/components/schemas/Chat.OpenAIChatMessage" - }, - "examples": [ - [ - { - "role": "user", - "content": "Hello" - }, - { - "role": "assistant", - "content": "Hello, how can I assist you today?" - }, - { - "role": "user", - "content": "Can you show me what correlation records I have?" - }, - { - "role": "assistant", - "content": "What are the available IDs?", - "tool_calls": [ - { - "id": "call_abc123", - "type": "function", - "function": { - "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", - "name": "getCorrelationIDs" - } - } - ] - }, - { - "role": "tool", - "content": "{\"825a9d7e-0b62-4392-b8ef-ab6951a46ebd\":\"2025-07-03T18:39:50.828Z\",\"744c0878-3a82-48a7-b239-a1d4b9298a69\":\"2025-07-07T21:01:20.995Z\"}", - "tool_call_id": "call_abc123" - }, - { - "role": "assistant", - "content": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" - } - ] - ] + } }, "responseText": { "type": "string", - "description": "Most recent response text", - "examples": [ - "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" - ] + "description": "Most recent response text" } }, "required": [ "messageList", "responseText" ] - }, - "examples": { - "Chat response": { - "summary": "Example chat response with context", - "description": "An example chat response that includes context of current chat session with the request appended for the currently authenticated tenant.", - "value": { - "messageList": [ - { - "role": "user", - "content": "Hello" - }, - { - "role": "assistant", - "content": "Hello, how can I assist you today?" - }, - { - "role": "user", - "content": "Can you show me what correlation records I have?" - }, - { - "role": "assistant", - "content": "What are the available IDs?", - "tool_calls": [ - { - "id": "call_abc123", - "type": "function", - "function": { - "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", - "name": "getCorrelationIDs" - } - } - ] - }, - { - "role": "tool", - "content": "{\"825a9d7e-0b62-4392-b8ef-ab6951a46ebd\":\"2025-07-03T18:39:50.828Z\",\"744c0878-3a82-48a7-b239-a1d4b9298a69\":\"2025-07-07T21:01:20.995Z\"}", - "tool_call_id": "call_abc123" - }, - { - "role": "assistant", - "content": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" - } - ], - "responseText": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" - } - } } } }, @@ -2336,46 +1749,6 @@ "type": "array", "items": { "$ref": "#/components/schemas/Chat.OpenAIChatMessage" - }, - "examples": [ - [ - { - "role": "assistant", - "content": "What are the available IDs?", - "tool_calls": [ - { - "id": "call_abc123", - "type": "function", - "function": { - "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", - "name": "getCorrelationIDs" - } - } - ] - } - ] - ] - }, - "examples": { - "Chat request": { - "summary": "Example chat request", - "description": "An example request that represent a message initiated by the chat assistant to call a tool function for the specified tenant.", - "value": [ - { - "role": "assistant", - "content": "What are the available IDs?", - "tool_calls": [ - { - "id": "call_abc123", - "type": "function", - "function": { - "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", - "name": "getCorrelationIDs" - } - } - ] - } - ] } } } @@ -2386,48 +1759,46 @@ "content": { "application/json": { "schema": { - "examples": [ - { - "messageList": [ - { - "role": "user", - "content": "Hello" - }, - { - "role": "assistant", - "content": "Hello, how can I assist you today?" - }, - { - "role": "user", - "content": "Can you show me what correlation records I have?" - }, - { - "role": "assistant", - "content": "What are the available IDs?", - "tool_calls": [ - { - "id": "call_abc123", - "type": "function", - "function": { - "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", - "name": "getCorrelationIDs" - } + "examples": [{ + "messageList": [ + { + "role": "user", + "content": "Hello" + }, + { + "role": "assistant", + "content": "Hello, how can I assist you today?" + }, + { + "role": "user", + "content": "Can you show me what correlation records I have?" + }, + { + "role": "assistant", + "content": "What are the available IDs?", + "tool_calls": [ + { + "id": "call_abc123", + "type": "function", + "function": { + "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", + "name": "getCorrelationIDs" } - ] - }, - { - "role": "tool", - "content": "{\"825a9d7e-0b62-4392-b8ef-ab6951a46ebd\":\"2025-07-03T18:39:50.828Z\",\"744c0878-3a82-48a7-b239-a1d4b9298a69\":\"2025-07-07T21:01:20.995Z\"}", - "tool_call_id": "call_abc123" - }, - { - "role": "assistant", - "content": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" - } - ], - "responseText": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" - } - ], + } + ] + }, + { + "role": "tool", + "content": "{\"825a9d7e-0b62-4392-b8ef-ab6951a46ebd\":\"2025-07-03T18:39:50.828Z\",\"744c0878-3a82-48a7-b239-a1d4b9298a69\":\"2025-07-07T21:01:20.995Z\"}", + "tool_call_id": "call_abc123" + }, + { + "role": "assistant", + "content": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" + } + ], + "responseText": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" + }], "type": "object", "properties": { "messageList": { @@ -2435,105 +1806,17 @@ "description": "List of message objects in current conversation", "items": { "$ref": "#/components/schemas/Chat.OpenAIChatMessage" - }, - "examples": [ - [ - { - "role": "user", - "content": "Hello" - }, - { - "role": "assistant", - "content": "Hello, how can I assist you today?" - }, - { - "role": "user", - "content": "Can you show me what correlation records I have?" - }, - { - "role": "assistant", - "content": "What are the available IDs?", - "tool_calls": [ - { - "id": "call_abc123", - "type": "function", - "function": { - "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", - "name": "getCorrelationIDs" - } - } - ] - }, - { - "role": "tool", - "content": "{\"825a9d7e-0b62-4392-b8ef-ab6951a46ebd\":\"2025-07-03T18:39:50.828Z\",\"744c0878-3a82-48a7-b239-a1d4b9298a69\":\"2025-07-07T21:01:20.995Z\"}", - "tool_call_id": "call_abc123" - }, - { - "role": "assistant", - "content": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" - } - ] - ] + } }, "responseText": { - "type": "string", - "description": "Most recent response text", - "examples": [ - "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" - ] - } - }, - "required": [ - "messageList", - "responseText" - ] - }, - "examples": { - "Chat response": { - "summary": "Example chat response", - "description": "An example chat response that includes context of current chat session with the request appended for the specified tenant.", - "value": { - "messageList": [ - { - "role": "user", - "content": "Hello" - }, - { - "role": "assistant", - "content": "Hello, how can I assist you today?" - }, - { - "role": "user", - "content": "Can you show me what correlation records I have?" - }, - { - "role": "assistant", - "content": "What are the available IDs?", - "tool_calls": [ - { - "id": "call_abc123", - "type": "function", - "function": { - "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", - "name": "getCorrelationIDs" - } - } - ] - }, - { - "role": "tool", - "content": "{\"825a9d7e-0b62-4392-b8ef-ab6951a46ebd\":\"2025-07-03T18:39:50.828Z\",\"744c0878-3a82-48a7-b239-a1d4b9298a69\":\"2025-07-07T21:01:20.995Z\"}", - "tool_call_id": "call_abc123" - }, - { - "role": "assistant", - "content": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" - } - ], - "responseText": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" + "type": "string", + "description": "Most recent response text" } - } + }, + "required": [ + "messageList", + "responseText" + ] } } }, @@ -2694,7 +1977,7 @@ "application/json": { "examples": [{ "Small MSP": { - "description": "Example active license count for a small MSP for the currently authenticated tenant.", + "description": "Example active license count for a small MSP.", "summary": "Local MSP", "value": { "enterpriseDeviceCount": 54, @@ -2712,7 +1995,7 @@ } }, "No Licenses": { - "description": "Example license count for a company that doesn't have any licenses for the currently authenticated tenant..", + "description": "Example license count for a company that doesn't have any licenses.", "summary": "No License", "value": { "enterpriseDeviceCount": 0, @@ -2730,7 +2013,7 @@ } }, "Enterprise": { - "description": "Example active license count for an enterprise sized company for the currently authenticated tenant..", + "description": "Example active license count for an enterprise sized company.", "summary": "Enterprise", "value": { "enterpriseDeviceCount": 60000, @@ -2784,56 +2067,6 @@ "minItems": 0, "items": { "$ref": "#/components/schemas/LicenseEntitlement.Shield" - }, - "examples": [ - [ - { - "correlationId": "e097a3f5-9599-44a2-8923-fd3276c83ae1", - "enterpriseDeviceCount": 5, - "enterpriseInterfaceCount": 6, - "enterpriseIntermediaryCount": 7, - "enterpriseUserCount": 8, - "notValidAfter": "2024-07-30T17:35:24.044Z", - "notValidBefore": "2024-07-30T17:37:15.300Z", - "privilegedDeviceCount": 9, - "privilegedInterfaceCount": 10, - "privilegedIntermediaryCount": 11, - "privilegedUserCount": 12, - "purchaseId": "any arbitrary string as purchaseId", - "specializedDeviceCount": 13, - "specializedInterfaceCount": 14, - "specializedIntermediaryCount": 15, - "specializedUserCount": 15, - "tenantId": "a2a1698d-a3e0-42d3-96a4-47eb3e8f7dd1" - } - ] - ] - }, - "examples": { - "Example Purchase": { - "summary": "Example entitlement purchase", - "description": "An example SHIELD entitlement for the specified tenant.", - "value": [ - { - "correlationId": "e097a3f5-9599-44a2-8923-fd3276c83ae1", - "enterpriseDeviceCount": 5, - "enterpriseInterfaceCount": 6, - "enterpriseIntermediaryCount": 7, - "enterpriseUserCount": 8, - "notValidAfter": "2024-07-30T17:35:24.044Z", - "notValidBefore": "2024-07-30T17:37:15.300Z", - "privilegedDeviceCount": 9, - "privilegedInterfaceCount": 10, - "privilegedIntermediaryCount": 11, - "privilegedUserCount": 12, - "purchaseId": "any arbitrary string as purchaseId", - "specializedDeviceCount": 13, - "specializedInterfaceCount": 14, - "specializedIntermediaryCount": 15, - "specializedUserCount": 15, - "tenantId": "a2a1698d-a3e0-42d3-96a4-47eb3e8f7dd1" - } - ] } } } @@ -2934,8 +2167,8 @@ "application/json": { "examples": [{ "Monthly Report": { - "description": "An example of latest monthly telemetry report for an enterprise organization after the latest telemetry input.", - "summary": "Updated Monthly Report", + "description": "Example monthly telemetry report for an enterprise organization.", + "summary": "Monthly Report", "value": { "correlationId": "6fe3cd30-931c-439a-b759-1e7f3a73622e", "enterpriseDeviceCount": 64221, @@ -2989,8 +2222,8 @@ "application/json": { "examples": [{ "List of Reports": { - "description": "List of all available SHIELD telemetry reports for the current authenticated tenant.", - "summary": "List of SHIELD telemetry reports", + "description": "List of all available telemetry reports for the authenticated tenant.", + "summary": "List of Reports", "value": [ { "correlationId": "6fe3cd30-931c-439a-b759-1e7f3a73622e", @@ -3046,57 +2279,7 @@ "items": { "$ref": "#/components/schemas/Telemetry.Shield" }, - "minItems": 0, - "examples": [ - [ - { - "correlationId": "6fe3cd30-931c-439a-b759-1e7f3a73622e", - "enterpriseDeviceCount": 64221, - "enterpriseInterfaceCount": 523, - "enterpriseIntermediaryCount": 44, - "enterpriseUserCount": 642219, - "monthlyActiveEntUsers": 0, - "monthlyActivePrivUsers": 0, - "monthlyActiveSpecUsers": 0, - "privilegedDeviceCount": 50, - "privilegedInterfaceCount": 2000, - "privilegedIntermediaryCount": 25, - "privilegedUserCount": 50, - "shieldArchitectureVersion": "2", - "shieldCoreVersion": "3.0.0", - "specializedDeviceCount": 0, - "specializedInterfaceCount": 612, - "specializedIntermediaryCount": 2, - "specializedUserCount": 5238, - "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", - "createdAt": "2024-08-05T15:25:55.525Z", - "updatedAt": "2024-08-05T15:25:55.525Z" - }, - { - "correlationId": "a57d03c6-8218-4738-b860-ac158e257e27", - "enterpriseDeviceCount": 63221, - "enterpriseInterfaceCount": 523, - "enterpriseIntermediaryCount": 44, - "enterpriseUserCount": 632219, - "monthlyActiveEntUsers": 0, - "monthlyActivePrivUsers": 0, - "monthlyActiveSpecUsers": 0, - "privilegedDeviceCount": 50, - "privilegedInterfaceCount": 2000, - "privilegedIntermediaryCount": 25, - "privilegedUserCount": 50, - "shieldArchitectureVersion": "2", - "shieldCoreVersion": "3.0.0", - "specializedDeviceCount": 0, - "specializedInterfaceCount": 612, - "specializedIntermediaryCount": 2, - "specializedUserCount": 5238, - "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", - "createdAt": "2024-07-05T15:25:55.525Z", - "updatedAt": "2024-07-05T15:25:55.525Z" - } - ] - ] + "minItems": 0 } } }, @@ -3130,8 +2313,8 @@ "application/json": { "examples": [{ "List of Reports": { - "description": "List of all available SHIELD telemetry reports for the specified tenant.", - "summary": "List of SHIELD telemetry reports", + "description": "List of all available telemetry reports for the authenticated tenant.", + "summary": "List of Reports", "value": [ { "correlationId": "6fe3cd30-931c-439a-b759-1e7f3a73622e", @@ -3187,57 +2370,7 @@ "items": { "$ref": "#/components/schemas/Telemetry.Shield" }, - "minItems": 0, - "examples": [ - [ - { - "correlationId": "6fe3cd30-931c-439a-b759-1e7f3a73622e", - "enterpriseDeviceCount": 64221, - "enterpriseInterfaceCount": 523, - "enterpriseIntermediaryCount": 44, - "enterpriseUserCount": 642219, - "monthlyActiveEntUsers": 0, - "monthlyActivePrivUsers": 0, - "monthlyActiveSpecUsers": 0, - "privilegedDeviceCount": 50, - "privilegedInterfaceCount": 2000, - "privilegedIntermediaryCount": 25, - "privilegedUserCount": 50, - "shieldArchitectureVersion": "2", - "shieldCoreVersion": "3.0.0", - "specializedDeviceCount": 0, - "specializedInterfaceCount": 612, - "specializedIntermediaryCount": 2, - "specializedUserCount": 5238, - "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", - "createdAt": "2024-08-05T15:25:55.525Z", - "updatedAt": "2024-08-05T15:25:55.525Z" - }, - { - "correlationId": "a57d03c6-8218-4738-b860-ac158e257e27", - "enterpriseDeviceCount": 63221, - "enterpriseInterfaceCount": 523, - "enterpriseIntermediaryCount": 44, - "enterpriseUserCount": 632219, - "monthlyActiveEntUsers": 0, - "monthlyActivePrivUsers": 0, - "monthlyActiveSpecUsers": 0, - "privilegedDeviceCount": 50, - "privilegedInterfaceCount": 2000, - "privilegedIntermediaryCount": 25, - "privilegedUserCount": 50, - "shieldArchitectureVersion": "2", - "shieldCoreVersion": "3.0.0", - "specializedDeviceCount": 0, - "specializedInterfaceCount": 612, - "specializedIntermediaryCount": 2, - "specializedUserCount": 5238, - "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", - "createdAt": "2024-07-05T15:25:55.525Z", - "updatedAt": "2024-07-05T15:25:55.525Z" - } - ] - ] + "minItems": 0 } } }, @@ -3309,38 +2442,6 @@ "type": "array", "items": { "$ref": "#/components/schemas/Update.Shield.Channel" - }, - "examples": [ - [ - { - "latest": "1.12.5", - "name": "stable", - "previous": "1.12.4" - } - ] - ] - }, - "examples": { - "Channel configuration": { - "summary": "Example all channel configs", - "description": "An example showing the all channel configurations.", - "value": [ - { - "latest": "1.12.5", - "name": "stable", - "previous": "1.12.4" - }, - { - "latest": "1.12.7", - "name": "alpha", - "previous": "1.12.6" - }, - { - "latest": "1.12.6", - "name": "beta", - "previous": "1.12.5" - } - ] } } } @@ -3378,26 +2479,6 @@ "application/json": { "schema": { "$ref": "#/components/schemas/Update.Shield.Channel" - }, - "examples": { - "Stable channel config": { - "summary": "Example stable channel config", - "description": "An example showing the stable update channel configuration.", - "value": { - "latest": "1.12.5", - "name": "stable", - "previous": "1.12.4" - } - }, - "Alpha channel config": { - "summary": "Example alpha channel config", - "description": "An example showing the alpha update channel configuration.", - "value": { - "latest": "1.12.7", - "name": "alpha", - "previous": "1.12.6" - } - } } } }, @@ -3431,7 +2512,7 @@ "application/json": { "examples": [{ "Channel Configuration Details": { - "description": "Example channel configuration object that will add/update for specified channel.", + "description": "Example channel configuration object.", "summary": "Channel Configuration", "value": { "latest": "1.12.5", @@ -3443,26 +2524,17 @@ "type": "object", "properties": { "latest": { - "description": "Version number of the latest update available to the chanel.", - "examples": [ - "1.12.5" - ], - "type": "string" + "description": "Flag that indicates if the ring should be operating off of the latest version number provided by the channel (`true`) or the previous (`false`).", + "examples": ["true"], + "type": "boolean" }, - "previous": { - "description": "Version number of the number that is being replaced via ring deployment, available to all rings at the minimum.", - "examples": [ - "1.12.14" - ], - "type": "string" - } - }, - "examples": [ - { - "latest": "1.12.5", - "previous": "1.12.4" + "number": { + "description": "Ring number that this configuration belongs to.", + "examples": [1], + "type": "integer", + "minimum": 0 } - ] + } } } } @@ -3552,30 +2624,6 @@ "type": "array", "items": { "$ref": "#/components/schemas/Update.Shield.Channel.Ring" - }, - "examples": [ - [ - { - "latest": true, - "number": 1 - } - ] - ] - }, - "examples": { - "All ring config": { - "summary": "Example all ring configs", - "description": "An example showing the configurations of all rings of the specified channel.", - "value": [ - { - "latest": true, - "number": 1 - }, - { - "latest": false, - "number": 0 - } - ] } } } @@ -3616,16 +2664,6 @@ "application/json": { "schema": { "$ref": "#/components/schemas/Update.Shield.Channel.Ring" - }, - "examples": { - "Sample ring config": { - "summary": "Example ring configuration", - "description": "An example ring configuration for the specified channel and ring.", - "value": { - "latest": true, - "number": 1 - } - } } } }, @@ -3674,17 +2712,10 @@ "properties": { "latest": { "description": "Flag that indicates if the ring should be operating off of the latest version number provided by the channel (`true`) or the previous (`false`).", - "examples": [ - true - ], + "examples": [true], "type": "boolean" } - }, - "examples": [ - { - "latest": false - } - ] + } } } } @@ -3814,15 +2845,6 @@ "application/json": { "schema": { "$ref": "#/components/schemas/Update.Shield.Check" - }, - "examples": { - "Latest package version": { - "summary": "Example latest application version", - "description": "An example showing the latest SHIELD package available.", - "value": { - "updateVersion": "1.12.5" - } - } } } }, @@ -3853,15 +2875,6 @@ "application/json": { "schema": { "$ref": "#/components/schemas/Update.Shield.Check" - }, - "examples": { - "Latest package version": { - "summary": "Example latest application version", - "description": "An example showing the latest SHIELD package available for the specified channel.", - "value": { - "updateVersion": "1.12.5" - } - } } } }, @@ -3888,17 +2901,7 @@ "application/zip": { "schema": { "type": "string", - "format": "binary", - "examples": [ - "UEsDBBQAAAAIAAeLbU0AAAAAAAAAAAAAAAAJAAQATm90ZS50eHRVVAkAA1V2YV... (truncated)" - ] - }, - "examples": { - "base64-inline": { - "summary": "Base64-encoded ZIP)", - "description": "Base64 encoding of a small ZIP (truncated) to simulate a update package binary string for the channel specified.", - "value": "UEsDBBQAAAAIAAeLbU0AAAAAAAAAAAAAAAAJAAQATm90ZS50eHRVVAkAA1V2YV... (truncated)" - } + "format": "binary" } } } @@ -3929,17 +2932,7 @@ "application/zip": { "schema": { "type": "string", - "format": "binary", - "examples": [ - "UEsDBBQAAAAIAAeLbU0AAAAAAAAAAAAAAAAJAAQATm90ZS50eHRVVAkAA1V2YV... (truncated)" - ] - }, - "examples": { - "base64-inline": { - "summary": "Base64-encoded ZIP", - "description": "Base64 encoding of a small ZIP (truncated) to simulate a update package binary string for the channel specified.", - "value": "UEsDBBQAAAAIAAeLbU0AAAAAAAAAAAAAAAAJAAQATm90ZS50eHRVVAkAA1V2YV... (truncated)" - } + "format": "binary" } } } @@ -3969,30 +2962,6 @@ "type": "array", "items": { "$ref": "#/components/schemas/Update.Shield.Tenant" - }, - "examples": [ - [ - { - "alphaEnabled": false, - "channel": "stable", - "ring": 1, - "tenantId": "1d71e0fe-6e4a-464d-a690-80addf3bda55" - } - ] - ] - }, - "examples": { - "All tenant list": { - "summary": "Example all tenant list", - "description": "A example truncated list of all tenant configurations that present in the update service.", - "value": [ - { - "alphaEnabled": false, - "channel": "stable", - "ring": 1, - "tenantId": "1d71e0fe-6e4a-464d-a690-80addf3bda55" - } - ] } } } @@ -4030,18 +2999,6 @@ "application/json": { "schema": { "$ref": "#/components/schemas/Update.Shield.Tenant" - }, - "examples": { - "Tenant config": { - "summary": "Example tenant config", - "description": "A example configurations that present in the update service of the specified tenant.", - "value": { - "alphaEnabled": false, - "channel": "stable", - "ring": 1, - "tenantId": "1d71e0fe-6e4a-464d-a690-80addf3bda55" - } - } } } }, @@ -4089,33 +3046,20 @@ "properties": { "alphaEnabled": { "description": "Flag that indicates if the current tenant is allowed to request alpha builds (`true`) or not (`false`).", - "examples": [ - false - ], + "examples": [false], "type": "boolean" }, "channel": { "description": "Name of the deploy channel.", - "examples": [ - "stable" - ], + "examples": ["stable"], "type": "string" }, "ring": { "description": "Ring number that the client is a member of for the current chanel.", - "examples": [ - 1 - ], + "examples": [1], "type": "integer" } - }, - "examples": [ - { - "alphaEnabled": false, - "channel": "stable", - "ring": 1 - } - ] + } } } } @@ -4126,7 +3070,7 @@ "application/json": { "examples": [{ "Tenant Configuration Details": { - "description": "Example object returned on creation or update with tenantId set.", + "description": "Example object returned on creation or update.", "summary": "Tenant Configuration", "value": { "alphaEnabled": false, @@ -4207,22 +3151,12 @@ "minItems": 0, "items": { "$ref": "#/components/schemas/TenantDetails" - }, - "examples": [ - [ - { - "tenantId": "7e8f9a0b-1c2d-3e4b-5a6c-7d8e9f0a1b2c", - "displayName": "Contoso - R&D", - "parentId": "f3ed1efc-4e62-46b8-bf2a-6b59ca9784e5", - "authorizedPrincipalList": [] - } - ] - ] + } }, - "examples": { - "Example List Of Multiple Tenant Records": { - "description": "Sample list of multiple tenant records in the database", - "summary": "Multiple Tenant Records", + "examples": [{ + "Example List Of Tenant Records": { + "description": "Sample list of tenant records in the database", + "summary": "Existing Tenant Records", "value": [ { "tenantId": "5d6e7f8a-9b0c-1d2e-3f4a-5b6c7d8e9f0a", @@ -4233,20 +3167,6 @@ "47c42971-2dea-4553-a788-d29a42e3e867" ] }, - { - "tenantId": "7e8f9a0b-1c2d-3e4b-5a6c-7d8e9f0a1b2c", - "displayName": "Contoso - R&D", - "parentId": "f3ed1efc-4e62-46b8-bf2a-6b59ca9784e5", - "authorizedPrincipalList": [ - "7e9ce415-32b2-4e7a-a920-d4dbaae022e3" - ] - } - ] - }, - "Example List Of Single Tenant Record": { - "description": "Example list of single tenant records which no user is authorized yet.", - "summary": "Single Tenant Records", - "value": [ { "tenantId": "7e8f9a0b-1c2d-3e4b-5a6c-7d8e9f0a1b2c", "displayName": "Contoso - R&D", @@ -4294,7 +3214,7 @@ }, "examples": [{ "Example Complete Tenant Record": { - "description": "An example showing a single existing tenant record.", + "description": "Sample details of one tenant record", "summary": "Existing Tenant Record", "value": { "tenantId": "9f0a1b2c-3d4e-5f6a-7b8c-9d0e1f2a3b4c", @@ -4340,10 +3260,7 @@ "properties": { "tenantDisplayName": { "description": "Human readable name for the tenant record", - "type": "string", - "examples": [ - "Contoso - R&D East" - ] + "type": "string" }, "parentId": { "description": "The object ID of the tenant that is considered a parent to this record", @@ -4351,10 +3268,7 @@ "maxLength": 36, "minLength": 36, "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string", - "examples": [ - "6a7b8c9d-0e1f-2a3b-4c5d-6e7f8a9b0c1d" - ] + "type": "string" }, "authorizedPrincipalList": { "description": "List of object IDs that are allowed to access this record and related data.", @@ -4364,17 +3278,8 @@ "maxLength": 36, "minLength": 36, "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string", - "examples": [ - "4cae3355-0cff-410c-b4f9-69cb5de8f1ac" - ] - }, - "examples": [ - [ - "4cae3355-0cff-410c-b4f9-69cb5de8f1ac", - "0e52e6ac-f8e1-4070-ae2e-9bd0a37507a1" - ] - ] + "type": "string" + } } }, "anyOf": [ @@ -4393,36 +3298,26 @@ "authorizedPrincipalList" ] } - ], - "examples": [ - { - "tenantDisplayName": "Contoso - R&D East", - "parentId": "6a7b8c9d-0e1f-2a3b-4c5d-6e7f8a9b0c1d", - "authorizedPrincipalList": [ - "4cae3355-0cff-410c-b4f9-69cb5de8f1ac", - "0e52e6ac-f8e1-4070-ae2e-9bd0a37507a1" - ] - } ] }, "examples": [{ "Example Request to Update Tenant Parent": { - "description": "Sample payload requesting adjustment to the parent value.", + "description": "Sample payload requesting adjustment to the parent value", "summary": "Update Parent Information for Tenant", "value": { "parentId": "6a7b8c9d-0e1f-2a3b-4c5d-6e7f8a9b0c1d" } }, "Example Request for Tenant Name and Parent Update": { - "description": "Sample payload requesting to update parent value and display name on the tenant record.", + "description": "Sample payload requesting to update parent value and display name on the tenant record", "summary": "Update Tenant Record Name and Parent Information", "value": { "parentId": "8f9a0b1c-2d3e-4f5a-6b7c-8d9e0a1b2c3d", - "displayName": "Contoso - R&D West" + "displayName": "Contoso - R&D East" } }, "Example Request for Tenant Authorized Principals Update": { - "description": "Sample payload requesting to update authorized principals for the tenant record.", + "description": "Sample payload requesting to update authorized principals for the tenant record", "summary": "Update Tenant Authorized Principals List", "value": { "authorizedPrincipalList": [ @@ -4444,7 +3339,7 @@ }, "examples": [{ "Example Complete Tenant Record": { - "description": "Sample response after updating a tenant record.", + "description": "Sample response after updating a tenant record", "summary": "Updated Tenant Record", "value": { "tenantId": "c00ffc2c-b6f6-4121-bd8e-4d02e9504eb9", @@ -4520,4 +3415,4 @@ "description": "Enables query for available information (like tenant, license, etc) via conversation with OpenAI agent." } ] -} +} \ No newline at end of file From e51f8c74279215fe749d20f7f6061bf381b6851d Mon Sep 17 00:00:00 2001 From: Ferry To Date: Fri, 5 Sep 2025 15:43:03 +0100 Subject: [PATCH 08/28] fix: Architecture version type definition. - for #28 --- specs/SHIELD.json | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/specs/SHIELD.json b/specs/SHIELD.json index 7ada322..9afda1d 100644 --- a/specs/SHIELD.json +++ b/specs/SHIELD.json @@ -2386,21 +2386,23 @@ }, "archSpecVersion": { "description": "An incrementing number that describes the version of the architecture specification that the API supports.", - "examples": [123], - "type": "number" + "examples": ["25"], + "type": "string", + "minLength": 1 }, "deployedArchVersion": { "description": "The version of the architecture specification that is currently deployed.", - "examples": [25], - "type": "number" + "examples": ["23"], + "type": "string", + "minLength": 1 } }, "type": "object", "examples": [ { "apiVersion": "1.2.3", - "archSpecVersion": 123, - "deployedArchVersion": 100 + "archSpecVersion": "25", + "deployedArchVersion": "23" } ] }, @@ -2408,10 +2410,10 @@ "Versions response": { "summary": "Example versions response", "description": "An example object that represents the aggregation of versioning information of all SHIELDs components. including:
- Semantic version of the API server.
- The incrementing architecture specification version that the API supports.
- The incrementing architecture specification version that is currently deployed.", - "value": { + "value": { "apiVersion": "1.2.3", - "archSpecVersion": 123, - "deployedArchVersion": 100 + "archSpecVersion": "25", + "deployedArchVersion": "23" } } } From f5b7a744579ab20c84294d1b58ca74ccc3f5cd1b Mon Sep 17 00:00:00 2001 From: Ferry To Date: Fri, 5 Sep 2025 16:03:09 +0100 Subject: [PATCH 09/28] fix: Move examples to schema's parent and keep row single value array in schema as fallback. - For Data-Gateway.json - Ensured the examples array exist in both schema level and schema individual property level. - Fixed the following schemas definition: - Core.HealthReport - Chat.OpenAIChatMessage - LicenseReport.CorrelationRecord - LicenseReport.LicenseData - LicenseReport.FeatureBreakdown - LicenseReport - LicenseEntitlement.Shield - LicenseEntitlement.Shield.Count - Telemetry.Shield - Update.Shield.Check - Update.Shield.Channel - Update.Shield.Channel.Ring - Update.Shield.Tenant - TenantDetails --- specs/Data-Gateway.json | 6718 ++++++++++++++++++++------------------- 1 file changed, 3441 insertions(+), 3277 deletions(-) diff --git a/specs/Data-Gateway.json b/specs/Data-Gateway.json index def780f..447defc 100644 --- a/specs/Data-Gateway.json +++ b/specs/Data-Gateway.json @@ -1,3418 +1,3582 @@ { - "components": { - "parameters": { - "correlationId": { - "description": "The object ID of the correlation identifier for the specified record.", - "in": "path", - "name": "correlationId", - "required": true, - "schema": { - "examples": ["1d71e0fe-6e4a-464d-a690-80addf3bda55"], - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" - }, - "examples": { - "valid correlation Id": { - "summary": "Example valid correlation ID", - "description": "An example of a valid correlation ID in type UUID string.", - "value": "1d71e0fe-6e4a-464d-a690-80addf3bda55" - } - } - }, - "tenantId": { - "description": "The object ID of the tenant to operate against.", - "in": "path", - "name": "tenantId", - "required": true, - "schema": { - "examples": ["b2fd105a-2594-437e-b934-1a62a51c28b4"], - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" - }, - "examples": { - "valid tenant Id": { - "summary": "Example valid tenant ID", - "description": "An example of a valid tenant ID in type UUID string.", - "value": "1d71e0fe-6e4a-464d-a690-80addf3bda55" - } + "components": { + "parameters": { + "correlationId": { + "description": "The object ID of the correlation identifier for the specified record.", + "in": "path", + "name": "correlationId", + "required": true, + "schema": { + "examples": ["1d71e0fe-6e4a-464d-a690-80addf3bda55"], + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string" + }, + "examples": { + "valid correlation Id": { + "summary": "Example valid correlation ID", + "description": "An example of a valid correlation ID in type UUID string.", + "value": "1d71e0fe-6e4a-464d-a690-80addf3bda55" + } + } + }, + "tenantId": { + "description": "The object ID of the tenant to operate against.", + "in": "path", + "name": "tenantId", + "required": true, + "schema": { + "examples": ["b2fd105a-2594-437e-b934-1a62a51c28b4"], + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string" + }, + "examples": { + "valid tenant Id": { + "summary": "Example valid tenant ID", + "description": "An example of a valid tenant ID in type UUID string.", + "value": "1d71e0fe-6e4a-464d-a690-80addf3bda55" + } + } + }, + "channelName": { + "description": "Name of the deploy channel to operate against.", + "in": "path", + "name": "channelName", + "required": true, + "schema": { + "examples": ["beta"], + "type": "string" + }, + "examples": { + "valid channel name": { + "summary": "Example valid channel name", + "description": "An example string of a valid channel name.", + "value": "stable" + } + } + }, + "channelRing": { + "description": "Integer number representing ring to operate against.", + "in": "path", + "name": "number", + "required": true, + "schema": { + "examples": [1], + "type": "integer", + "minimum": 0 + }, + "examples": { + "valid channel ring": { + "summary": "Example valid channel ring", + "description": "An example integer that represents a valid channel ring.", + "value": 1 + }, + "minimum channel ring": { + "summary": "Example minimum channel ring", + "description": "An example integer that represents the minimum valid channel ring.", + "value": 0 + }, + "invalid channel ring": { + "summary": "Example invalid channel ring", + "description": "An example integer that represents an invalid channel ring, which is negative.", + "value": -1 + } + } + }, + "version": { + "description": "Version of the application package.", + "in": "path", + "name": "version", + "required": true, + "schema": { + "examples": ["1.12.5"], + "type": "string" + }, + "examples": { + "Valid version number": { + "summary": "Example valid version number", + "description": "An example string represents a valid semantic version number.", + "value": "1.2.3" + } + } + }, + "parentId": { + "description": "The object ID of the parent value to operate against.", + "in": "query", + "name": "parentId", + "required": false, + "schema": { + "examples": ["3b241101-e2bb-4255-8caf-4136c566a962"], + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string" + }, + "examples": { + "Valid parent ID": { + "summary": "Example valid parent ID", + "description": "An example UUID string that represents a valid parent object ID.", + "value": "3b241101-e2bb-4255-8caf-4136c566a962" + } + } + }, + "dateStart": { + "description": "Date string to narrow records selection to those created on or after that date.", + "in": "query", + "name": "dateStart", + "required": false, + "schema": { + "examples": ["2025-01-01T00:00:00Z"], + "format": "date-time", + "type": "string" + }, + "examples": { + "Valid start date": { + "summary": "Example valid start date", + "description": "An example ISO8601 date string that represents a valid start date in a query.", + "value": "2025-01-01T00:00:00Z" + } + } + }, + "dateEnd": { + "description": "Date string to narrow records selection to those created before or on that date.", + "in": "query", + "name": "dateEnd", + "required": false, + "schema": { + "examples": ["2025-02-05T23:59:59Z"], + "format": "date-time", + "type": "string" + }, + "examples": { + "Valid end date": { + "summary": "Example valid end date", + "description": "An example ISO8601 date string that represents a valid end date in a query.", + "value": "2025-02-05T23:59:59Z" + } + } + } + }, + "responses": { + "400": { + "description": "Invalid input!" + }, + "401": { + "description": "Principal is not authorized to access this endpoint. Check to make sure the Bearer token is valid and present!" + }, + "403": { + "description": "Principal does not contain the correct scopes (permissions) for the API call that was made, or was made from the wrong tenant. If the permissions were granted, ensure that the access token was requested with the correct scopes." + }, + "404": { + "description": "The requested object was not found." + }, + "503": { + "description": "App is starting still. Feature is not available. Please try again later." + }, + "525": { + "description": "Infrastructure not deployed. Please deploy the infrastructure before using this endpoint." + } + }, + "schemas": { + "Core.HealthReport": { + "description": "Health report that indicates if a service is down or not that the data gateway relies on.", + "properties": { + "authClient": { + "description": "Flag that indicates if the client side authentication validation is working or not.", + "examples": [false], + "type": "boolean" + }, + "authServer": { + "description": "Flag that indicates if the server side authentication is working or not.", + "examples": [true], + "type": "boolean" + }, + "bulkStorage": { + "description": "Flag that indicates if the bulk storage system is down (`false`) or not (`true`). False indicate the service is not working, true indicates the service is working.", + "examples": [true], + "type": "boolean" + }, + "database": { + "description": "Flag that indicates if the ORM (Database) system is down (`false`) or not (`true`). False indicate the service is not working, true indicates the service is working.", + "examples": [false], + "type": "boolean" + } + }, + "required": ["authClient", "authServer", "bulkStorage", "database"], + "title": "Core System - Health Report", + "type": "object", + "examples": [ + { + "authClient": false, + "authServer": true, + "bulkStorage": true, + "database": false + } + ] + }, + "Chat.OpenAIChatMessage": { + "title": "Chat - Message Record", + "description": "Object representing entity supplied to the AI agent or a response from the AI Agent", + "examples": [ + { + "role": "assistant", + "content": "What are the available IDs?", + "tool_calls": [ + { + "id": "call_abc123", + "type": "function", + "function": { + "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", + "name": "getCorrelationIDs" } - }, - "channelName": { - "description": "Name of the deploy channel to operate against.", - "in": "path", - "name": "channelName", - "required": true, - "schema": { - "examples": ["beta"], - "type": "string" - }, - "examples": { - "valid channel name": { - "summary": "Example valid channel name", - "description": "An example string of a valid channel name.", - "value": "stable" - } + } + ] + }, + { + "name": "John Doe", + "role": "user", + "content": [ + { + "text": "What are the available IDs?", + "type": "text" + } + ], + "tool_call_id": "call_abc123", + "tool_calls": [ + { + "id": "call_abc123", + "type": "function", + "function": { + "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", + "name": "getCorrelationIDs" } - }, - "channelRing": { - "description": "Integer number representing ring to operate against.", - "in": "path", - "name": "number", - "required": true, - "schema": { - "examples": [1], - "type": "integer", - "minimum": 0 + } + ] + } + ], + "type": "object", + "properties": { + "content": { + "oneOf": [ + { + "type": "string", + "description": "The contents of the message" + }, + { + "type": "array", + "description": "The contents of the message", + "items": { + "type": "object", + "properties": { + "text": { + "type": "string", + "description": "The text content" + }, + "type": { + "type": "string", + "description": "The type of the content part" + } + }, + "required": ["text", "type"] }, - "examples": { - "valid channel ring": { - "summary": "Example valid channel ring", - "description": "An example integer that represents a valid channel ring.", - "value": 1 + "examples": [ + [ + { + "text": "What are the available IDs?", + "type": "text" + } + ] + ] + } + ] + }, + "role": { + "type": "string", + "description": "The role of the messages author", + "examples": ["assistant"] + }, + "name": { + "type": "string", + "description": "An optional name for the participant", + "examples": ["John Doe"] + }, + "tool_calls": { + "type": "array", + "description": "The tool calls generated by the model, such as function calls", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the tool call", + "examples": ["call_abc121"] + }, + "function": { + "type": "object", + "description": "The function that the model called", + "properties": { + "arguments": { + "type": "string", + "description": "The arguments to call the function with", + "examples": [ + "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}" + ] + }, + "name": { + "type": "string", + "description": "The name of the function to call", + "examples": ["getCorrelationIDs"] + } }, - "minimum channel ring": { - "summary": "Example minimum channel ring", - "description": "An example integer that represents the minimum valid channel ring.", - "value": 0 + "examples": [ + { + "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", + "name": "getCorrelationIDs" + } + ] + }, + "type": { + "type": "string", + "description": "The type of the tool. Currently, only `function` is supported", + "examples": ["function"] + } + }, + "examples": [ + { + "id": "call_abc121", + "function": { + "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", + "name": "getCorrelationIDs" }, - "invalid channel ring": { - "summary": "Example invalid channel ring", - "description": "An example integer that represents an invalid channel ring, which is negative.", - "value": -1 - } + "type": "function" } - }, - "version": { - "description": "Version of the application package.", - "in": "path", - "name": "version", - "required": true, - "schema": { - "examples": ["1.12.5"], - "type": "string" - }, - "examples": { - "Valid version number": { - "summary": "Example valid version number", - "description": "An example string represents a valid semantic version number.", - "value": "1.2.3" - } + ] + } + }, + "tool_call_id": { + "type": "string", + "description": "Tool call that this message is responding to", + "examples": ["call_abc123"] + } + }, + "required": ["content", "role"] + }, + "LicenseReport.CorrelationRecord": { + "description": "Metadata that describes the execution session (run) that is used to tie/relate all of the license report together.", + "examples": [ + { + "auditTenantAccount": "priv-user@example.com", + "correlationId": "9d838115-0868-45d4-b8a5-98adc1af7e42", + "reportTenantAccount": "ent-user@example.com", + "tenantId": "7e536189-b2dd-4c8b-98b1-9b174777883f", + "createdAt": "2024-08-01T21:13:12.821Z", + "updatedAt": "2024-08-01T21:13:12.821Z" + } + ], + "properties": { + "auditTenantAccount": { + "description": "The user account used to retrieve the license information in the tenant being audited.", + "examples": ["admin-user@example.com"], + "format": "email", + "type": "string" + }, + "correlationId": { + "description": "The ID of the execution session (run) that is used to tie/relate all of the data together.", + "examples": ["88da2253-758f-4135-9d37-64448c8b65c1"], + "format": "uuid", + "type": "string", + "pattern": "^\\w+-\\w+-\\w+-\\w+-\\w+$" + }, + "reportTenantAccount": { + "description": "User account used to store/report the license report to the SHI Lab cloud service.", + "examples": ["generic-user@example.com"], + "format": "email", + "type": "string" + }, + "tenantId": { + "description": "Unique ID of customer's Microsoft tenant that the license report is for.", + "examples": ["0e1fe83f-a33f-4250-8546-225b8d45ae01"], + "format": "uuid", + "type": "string", + "pattern": "^\\w+-\\w+-\\w+-\\w+-\\w+$" + }, + "createdAt": { + "description": "Timestamp of when the report was created.", + "examples": ["2024-08-01T21:12:22.148Z"], + "format": "date-time", + "type": "string" + }, + "updatedAt": { + "description": "Timestamp of when the report was last updated.", + "examples": ["2024-08-01T21:12:22.148Z"], + "format": "date-time", + "type": "string" + } + }, + "required": ["auditTenantAccount"], + "title": "License Report - Correlation Record", + "type": "object" + }, + "LicenseReport.LicenseData": { + "type": "object", + "properties": { + "assignedLicense": { + "additionalProperties": { + "oneOf": [ + { + "type": "integer", + "examples": [0] + }, + { + "type": "null" } + ] }, - "parentId": { - "description": "The object ID of the parent value to operate against.", - "in": "query", - "name": "parentId", - "required": false, - "schema": { - "examples": ["3b241101-e2bb-4255-8caf-4136c566a962"], - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" - }, - "examples": { - "Valid parent ID": { - "summary": "Example valid parent ID", - "description": "An example UUID string that represents a valid parent object ID.", - "value": "3b241101-e2bb-4255-8caf-4136c566a962" - } + "description": "License assignment on the specified principal.", + "type": "object", + "examples": [ + { + "eec0eb4f-6444-4f95-aba0-50c24d67f998": 0 + } + ] + }, + "assignedService": { + "additionalProperties": { + "oneOf": [ + { + "$ref": "#/components/schemas/LicenseReport.FeatureBreakdown" + }, + { + "type": "integer", + "format": "int32", + "examples": [0] + }, + { + "type": "null" } + ] }, - "dateStart": { - "description": "Date string to narrow records selection to those created on or after that date.", - "in": "query", - "name": "dateStart", - "required": false, - "schema": { - "examples": ["2025-01-01T00:00:00Z"], - "format": "date-time", - "type": "string" - }, - "examples": { - "Valid start date": { - "summary": "Example valid start date", - "description": "An example ISO8601 date string that represents a valid start date in a query.", - "value": "2025-01-01T00:00:00Z" - } - } + "description": "Service configuration assignment. This is used to record the set of principals that are \"benefiting\" from the service, regardless of license status.", + "type": "object", + "examples": [ + { + "eec0eb4f-6444-4f95-aba0-50c24d67f998": 0, + "4b0d28f2-c1ce-48ae-a7d2-1caaa7825891": null + }, + { + "eec0eb4f-6444-4f95-aba0-50c24d67f998": { + "Conditional Access": false, + "Access Review": true, + "Entitlement Management": false, + "Identity Protection": true + } + } + ] + }, + "consumedService": { + "additionalProperties": { + "oneOf": [ + { + "$ref": "#/components/schemas/LicenseReport.FeatureBreakdown" + }, + { + "type": "integer", + "format": "int32", + "examples": [0] + }, + { + "type": "null" + } + ] }, - "dateEnd": { - "description": "Date string to narrow records selection to those created before or on that date.", - "in": "query", - "name": "dateEnd", - "required": false, - "schema": { - "examples": ["2025-02-05T23:59:59Z"], - "format": "date-time", - "type": "string" - }, - "examples": { - "Valid end date": { - "summary": "Example valid end date", - "description": "An example ISO8601 date string that represents a valid end date in a query.", - "value": "2025-02-05T23:59:59Z" - } - } - - } + "description": "Usage telemetry retrieved for the service to indicate if the specific principal is consuming the service or not, regardless of license status.", + "type": "object", + "examples": [ + { + "eec0eb4f-6444-4f95-aba0-50c24d67f998": { + "Conditional Access": true, + "Access Review": false, + "Entitlement Management": false, + "Identity Protection": true + } + }, + { + "eec0eb4f-6444-4f95-aba0-50c24d67f998": 0, + "4b0d28f2-c1ce-48ae-a7d2-1caaa7825891": null + } + ] + } }, - "responses": { - "400": { - "description": "Invalid input!" + "required": ["assignedLicense", "assignedService", "consumedService"], + "description": "Collection of principals that have had their in-use licenses and assigned licenses. Where the key is the principal ID and the value is the insights.", + "examples": [ + { + "assignedLicense": { + "eec0eb4f-6444-4f95-aba0-50c24d67f998": 0, + "41781fb2-bc02-4b7c-bd55-b576c07bb09d": 1, + "7159f980-6f83-4b67-bf41-e172b3ae1352": 2 }, - "401": { - "description": "Principal is not authorized to access this endpoint. Check to make sure the Bearer token is valid and present!" + "assignedService": { + "eec0eb4f-6444-4f95-aba0-50c24d67f998": { + "Conditional Access": false, + "Access Review": true, + "Entitlement Management": false, + "Identity Protection": true + }, + "41781fb2-bc02-4b7c-bd55-b576c07bb09d": { + "Conditional Access": true, + "Dynamic Group": false, + "Group Naming": true, + "On-Prem SSPR": false, + "Group Expiration": true, + "Provisioning Engine": true, + "Enterprise State Roaming": false + }, + "6511755b-c27d-4c66-a59e-b835e6b54e7f": null }, - "403": { - "description": "Principal does not contain the correct scopes (permissions) for the API call that was made, or was made from the wrong tenant. If the permissions were granted, ensure that the access token was requested with the correct scopes." + "consumedService": { + "eec0eb4f-6444-4f95-aba0-50c24d67f998": { + "Conditional Access": true, + "Access Review": false, + "Entitlement Management": false, + "Identity Protection": true + }, + "41781fb2-bc02-4b7c-bd55-b576c07bb09d": { + "Conditional Access": true, + "Dynamic Group": false, + "Group Naming": true, + "On-Prem SSPR": false, + "Group Expiration": true, + "Provisioning Engine": true, + "Enterprise State Roaming": false + }, + "4b0d28f2-c1ce-48ae-a7d2-1caaa7825891": null, + "c90f1a25-e6cd-4163-ac6c-ca7616c585a9": null + } + } + ], + "title": "License Report - License Data" + }, + "LicenseReport.FeatureBreakdown": { + "additionalProperties": { + "type": "boolean", + "examples": [true] + }, + "description": "List of features that are configured for the specific service plan's service configuration for the related principal.\nThe key is the name of the feature that is being described.\nThe value is the state of the feature configuration, `true` is in scope and `false` meaning not in scope.", + "examples": [ + { + "Conditional Access": true, + "Access Reviews": true, + "Dynamic Groups": false, + "On-Prem Password Rest": true, + "On-Prem Password Protection": false + } + ], + "title": "License Report - Feature Breakdown", + "type": "object" + }, + "LicenseReport": { + "description": "Completely calculated license report structure that is the result of a complete run.", + "examples": [ + { + "availableLicense": { + "e17b13ee-9749-488b-9289-d31a8fde045d": 123, + "2d995b6a-d4aa-4d8d-a03c-372ecb66509d": 456, + "cbf6ee7c-c3c1-44a6-9f18-020c65536470": 789 }, - "404": { - "description": "The requested object was not found." + "correlation": { + "auditTenantAccount": "admin-user@example.com", + "correlationId": "88da2253-758f-4135-9d37-64448c8b65c1", + "reportTenantAccount": "generic-user@example.com", + "tenantId": "0e1fe83f-a33f-4250-8546-225b8d45ae01" }, - "503": { - "description": "App is starting still. Feature is not available. Please try again later." + "licenseData": { + "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { + "assignedLicense": { + "e17b13ee-9749-488b-9289-d31a8fde045d": 0 + }, + "assignedService": { + "cbf6ee7c-c3c1-44a6-9f18-020c65536470": 0, + "c7bcba35-199c-41e5-8c8d-6d4e4aad8964": null + }, + "consumedService": { + "fe98c41a-d931-4f6f-a5bc-750ba7144a77": null, + "0474bdf1-ee76-4aff-a65c-6f82e5e1d5a6": { + "Something Here": true, + "Other Obscure feature": false + } + } + } + } + } + ], + "type": "object", + "properties": { + "availableLicense": { + "additionalProperties": { + "examples": [1234], + "type": "integer" }, - "525": { - "description": "Infrastructure not deployed. Please deploy the infrastructure before using this endpoint." + "description": "Breakdown of the purchased licenses/service plans available in the tenant being audited for this run. Where the key is the ID of the service plan and the value is how many licenses are available/purchase for it.", + "examples": [ + { + "eec0eb4f-6444-4f95-aba0-50c24d67f998": 1234, + "41781fb2-bc02-4b7c-bd55-b576c07bb09d": 123 + } + ], + "title": "License Report - Available Licenses", + "type": "object" + }, + "correlation": { + "$ref": "#/components/schemas/LicenseReport.CorrelationRecord" + }, + "licenseData": { + "additionalProperties": { + "$ref": "#/components/schemas/LicenseReport.LicenseData" } + } }, - "schemas": { - "Core.HealthReport": { - "description": "Health report that indicates if a service is down or not that the data gateway relies on.", - "properties": { - "authClient": { - "description": "Flag that indicates if the client side authentication validation is working or not.", - "examples": [false], - "type": "boolean" - }, - "authServer": { - "description": "Flag that indicates if the server side authentication is working or not.", - "examples": [true], - "type": "boolean" - }, - "bulkStorage": { - "description": "Flag that indicates if the bulk storage system is down (`false`) or not (`true`). False indicate the service is not working, true indicates the service is working.", - "examples": [true], - "type": "boolean" - }, - "database": { - "description": "Flag that indicates if the ORM (Database) system is down (`false`) or not (`true`). False indicate the service is not working, true indicates the service is working.", - "examples": [false], - "type": "boolean" - } - }, - "required": [ - "authClient", - "authServer", - "bulkStorage", - "database" - ], - "title": "Core System - Health Report", - "type": "object" + "required": ["availableLicense", "correlation", "licenseData"], + "title": "License Report - Complete Object" + }, + "LicenseEntitlement.Shield": { + "description": "Record that describes the purchased licenses for a specific tenant. More than one of these can be active at a single time.", + "properties": { + "correlationId": { + "description": "Used to correlate the license entitlements with other records.", + "examples": ["e097a3f5-9599-44a2-8923-fd3276c83ae1"], + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "readOnly": true, + "type": "string" + }, + "enterpriseDeviceCount": { + "description": "Count of Enterprise Devices that are allowed to be managed.", + "examples": [5], + "format": "int32", + "type": "integer" + }, + "enterpriseInterfaceCount": { + "description": "Count of Enterprise Interfaces that are allowed to be managed.", + "examples": [6], + "format": "int32", + "type": "integer" + }, + "enterpriseIntermediaryCount": { + "description": "Count of Enterprise Intermediaries that are allowed to be managed.", + "examples": [7], + "format": "int32", + "type": "integer" + }, + "enterpriseUserCount": { + "description": "Count of Enterprise Users that are allowed to be managed.", + "examples": [8], + "format": "int32", + "type": "integer" + }, + "notValidAfter": { + "description": "Date that the entitlement expires at.", + "examples": ["2024-07-30T17:35:24.044Z"], + "format": "date-time", + "type": "string" + }, + "notValidBefore": { + "description": "Date that the entitlement becomes active at.", + "examples": ["2024-07-30T17:37:15.300Z"], + "format": "date-time", + "type": "string" + }, + "privilegedDeviceCount": { + "description": "Count of Privileged Devices (PAW) that are allowed to be managed.", + "examples": [9], + "format": "int32", + "type": "integer" + }, + "privilegedInterfaceCount": { + "description": "Count of Privileged Interfaces that are allowed to be managed.", + "examples": [10], + "format": "int32", + "type": "integer" + }, + "privilegedIntermediaryCount": { + "description": "Count of Privileged Intermediaries that are allowed to be managed.", + "examples": [11], + "format": "int32", + "type": "integer" + }, + "privilegedUserCount": { + "description": "Count of Privileged Users that are allowed to be managed.", + "examples": [12], + "format": "int32", + "type": "integer" + }, + "purchaseId": { + "description": "This could be any value used to correlate the purchase operation to this entitlement record.", + "examples": ["Bob's your uncle."], + "type": "string" + }, + "specializedDeviceCount": { + "description": "Count of Specialized Devices that are allowed to be managed.", + "examples": [13], + "format": "int32", + "type": "integer" + }, + "specializedInterfaceCount": { + "description": "Count of Specialized Interfaces that are allowed to be managed.", + "examples": [14], + "format": "int32", + "type": "integer" + }, + "specializedIntermediaryCount": { + "description": "Count of Specialized Intermediaries that are allowed to be managed.", + "examples": [15], + "format": "int32", + "type": "integer" + }, + "specializedUserCount": { + "description": "Count of Specialized Users that are allowed to be managed.", + "examples": [15], + "format": "int32", + "type": "integer" + }, + "tenantId": { + "description": "Tenant that this license entitlement is valid for.", + "examples": ["a2a1698d-a3e0-42d3-96a4-47eb3e8f7dd1"], + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "enterpriseDeviceCount", + "enterpriseInterfaceCount", + "enterpriseIntermediaryCount", + "enterpriseUserCount", + "notValidAfter", + "notValidBefore", + "privilegedDeviceCount", + "privilegedInterfaceCount", + "privilegedIntermediaryCount", + "privilegedUserCount", + "specializedDeviceCount", + "specializedInterfaceCount", + "specializedIntermediaryCount", + "specializedUserCount", + "tenantId" + ], + "title": "License Entitlement - SHIELD Record", + "type": "object", + "examples": [ + { + "correlationId": "e097a3f5-9599-44a2-8923-fd3276c83ae1", + "enterpriseDeviceCount": 5, + "enterpriseInterfaceCount": 6, + "enterpriseIntermediaryCount": 7, + "enterpriseUserCount": 8, + "notValidAfter": "2024-07-30T17:35:24.044Z", + "notValidBefore": "2024-07-30T17:37:15.300Z", + "privilegedDeviceCount": 9, + "privilegedInterfaceCount": 10, + "privilegedIntermediaryCount": 11, + "privilegedUserCount": 12, + "purchaseId": "any arbitrary string as purchaseId", + "specializedDeviceCount": 13, + "specializedInterfaceCount": 14, + "specializedIntermediaryCount": 15, + "specializedUserCount": 15, + "tenantId": "a2a1698d-a3e0-42d3-96a4-47eb3e8f7dd1" + } + ] + }, + "LicenseEntitlement.Shield.Count": { + "properties": { + "enterpriseDeviceCount": { + "description": "Count of Enterprise Devices that are allowed to be managed.", + "examples": [5], + "format": "int32", + "type": "integer" + }, + "enterpriseInterfaceCount": { + "description": "Count of Enterprise Interfaces that are allowed to be managed.", + "examples": [3], + "format": "int32", + "type": "integer" + }, + "enterpriseIntermediaryCount": { + "description": "Count of Enterprise Intermediaries that are allowed to be managed.", + "examples": [7], + "format": "int32", + "type": "integer" + }, + "enterpriseUserCount": { + "description": "Count of Enterprise Users that are allowed to be managed.", + "examples": [8], + "format": "int32", + "type": "integer" + }, + "privilegedDeviceCount": { + "description": "Count of Privileged Devices (PAW) that are allowed to be managed.", + "examples": [9], + "format": "int32", + "type": "integer" + }, + "privilegedInterfaceCount": { + "description": "Count of Privileged Interfaces that are allowed to be managed.", + "examples": [10], + "format": "int32", + "type": "integer" + }, + "privilegedIntermediaryCount": { + "description": "Count of Privileged Intermediaries that are allowed to be managed.", + "examples": [11], + "format": "int32", + "type": "integer" + }, + "privilegedUserCount": { + "description": "Count of Privileged Users that are allowed to be managed.", + "examples": [12], + "format": "int32", + "type": "integer" + }, + "specializedDeviceCount": { + "description": "Count of Specialized Devices that are allowed to be managed.", + "examples": [13], + "format": "int32", + "type": "integer" + }, + "specializedInterfaceCount": { + "description": "Count of Specialized Interfaces that are allowed to be managed.", + "examples": [14], + "format": "int32", + "type": "integer" + }, + "specializedIntermediaryCount": { + "description": "Count of Specialized Intermediaries that are allowed to be managed.", + "examples": [15], + "format": "int32", + "type": "integer" + }, + "specializedUserCount": { + "description": "Count of Specialized Users that are allowed to be managed.", + "examples": [15], + "format": "int32", + "type": "integer" + } + }, + "required": [ + "enterpriseDeviceCount", + "enterpriseInterfaceCount", + "enterpriseIntermediaryCount", + "enterpriseUserCount", + "privilegedDeviceCount", + "privilegedInterfaceCount", + "privilegedIntermediaryCount", + "privilegedUserCount", + "specializedDeviceCount", + "specializedInterfaceCount", + "specializedIntermediaryCount", + "specializedUserCount" + ], + "title": "License Entitlement - Active SHIELD Count", + "type": "object", + "examples": [ + { + "enterpriseDeviceCount": 5, + "enterpriseInterfaceCount": 3, + "enterpriseIntermediaryCount": 7, + "enterpriseUserCount": 8, + "privilegedDeviceCount": 9, + "privilegedInterfaceCount": 10, + "privilegedIntermediaryCount": 11, + "privilegedUserCount": 12, + "specializedDeviceCount": 13, + "specializedInterfaceCount": 14, + "specializedIntermediaryCount": 15, + "specializedUserCount": 15 + } + ] + }, + "Telemetry.Shield": { + "properties": { + "correlationId": { + "description": "Primary key for the table, used to correlate multiple telemetry records together.", + "format": "uuid", + "type": "string", + "examples": ["1d71e0fe-6e4a-464d-a690-80addf3bda55"] + }, + "enterpriseDeviceCount": { + "description": "Count of Enterprise Devices that are deployed in the CX environment.", + "type": "integer", + "minimum": 0, + "examples": [0] + }, + "enterpriseInterfaceCount": { + "description": "Number of active Enterprise interfaces.", + "type": "integer", + "minimum": 0, + "examples": [0] + }, + "enterpriseIntermediaryCount": { + "description": "Number of active Enterprise intermediaries.", + "type": "integer", + "minimum": 0, + "examples": [0] + }, + "enterpriseUserCount": { + "description": "Count of Enterprise Users that are deployed in the CX environment.", + "type": "integer", + "minimum": 0, + "examples": [0] + }, + "monthlyActiveEntUsers": { + "description": "Number of active managed Enterprise users.", + "type": "integer", + "minimum": 0, + "examples": [0] + }, + "monthlyActivePrivUsers": { + "description": "Number of active managed privileged users.", + "type": "integer", + "minimum": 0, + "examples": [0] + }, + "monthlyActiveSpecUsers": { + "description": "Number of active managed Specialized users.", + "type": "integer", + "minimum": 0, + "examples": [0] + }, + "privilegedDeviceCount": { + "description": "Count of Privileged Devices (PAW) that are deployed in the CX environment.", + "type": "integer", + "minimum": 0, + "examples": [0] + }, + "privilegedInterfaceCount": { + "description": "Number of active Privileged interfaces.", + "type": "integer", + "minimum": 0, + "examples": [0] + }, + "privilegedIntermediaryCount": { + "description": "Number of active Privileged intermediaries.", + "type": "integer", + "minimum": 0, + "examples": [0] + }, + "privilegedUserCount": { + "description": "Count of Privileged Users that are deployed in the CX environment.", + "type": "integer", + "minimum": 0, + "examples": [0] + }, + "shieldArchitectureVersion": { + "description": "Version number of the architecture that is deployed.", + "examples": ["27"], + "type": "string", + "minLength": 1 + }, + "shieldCoreVersion": { + "description": "Version number of the product that the product is running.", + "examples": ["2.5.6"], + "type": "string" + }, + "specializedDeviceCount": { + "description": "Count of Specialized Devices that are deployed in the CX environment.", + "type": "integer", + "minimum": 0 + }, + "specializedInterfaceCount": { + "description": "Number of active Specialized interfaces.", + "type": "integer", + "minimum": 0 + }, + "specializedIntermediaryCount": { + "description": "Number of active Specialized intermediaries.", + "type": "integer", + "minimum": 0 + }, + "specializedUserCount": { + "description": "Count of Specialized Users that are deployed in the CX environment.", + "type": "integer", + "minimum": 0 + }, + "tenantId": { + "description": "Tenant ID for the CX in question.", + "examples": ["5ae80362-6fe8-4ab1-9b6d-8dfa99d91657"], + "type": "string" + }, + "createdAt": { + "description": "Timestamp on when the record was created. This is auto managed by sequelize.", + "examples": ["2024-08-02T23:48:50.231Z"], + "format": "date-time", + "type": "string" + }, + "updatedAt": { + "description": "Timestamp on when the record was last updated. This is auto managed by sequelize.", + "examples": ["2024-08-02T23:48:50.231Z"], + "format": "date-time", + "type": "string" + } + }, + "required": [ + "enterpriseDeviceCount", + "enterpriseInterfaceCount", + "enterpriseIntermediaryCount", + "enterpriseUserCount", + "monthlyActiveEntUsers", + "monthlyActivePrivUsers", + "monthlyActiveSpecUsers", + "privilegedDeviceCount", + "privilegedInterfaceCount", + "privilegedIntermediaryCount", + "privilegedUserCount", + "shieldArchitectureVersion", + "shieldCoreVersion", + "specializedDeviceCount", + "specializedInterfaceCount", + "specializedIntermediaryCount", + "specializedUserCount" + ], + "title": "Application Telemetry - SHIELD", + "type": "object", + "examples": [ + { + "correlationId": "1d71e0fe-6e4a-464d-a690-80addf3bda55", + "enterpriseDeviceCount": 0, + "enterpriseInterfaceCount": 0, + "enterpriseIntermediaryCount": 0, + "enterpriseUserCount": 0, + "monthlyActiveEntUsers": 0, + "monthlyActivePrivUsers": 0, + "monthlyActiveSpecUsers": 0, + "privilegedDeviceCount": 0, + "privilegedInterfaceCount": 0, + "privilegedIntermediaryCount": 0, + "privilegedUserCount": 0, + "shieldArchitectureVersion": "27", + "shieldCoreVersion": "2.5.6", + "specializedDeviceCount": 3, + "specializedInterfaceCount": 2, + "specializedIntermediaryCount": 1, + "specializedUserCount": 0, + "tenantId": "5ae80362-6fe8-4ab1-9b6d-8dfa99d91657", + "createdAt": "2024-08-02T23:48:50.231Z", + "updatedAt": "2024-08-02T23:48:50.231Z" + } + ] + }, + "Update.Shield.Check": { + "description": "Object returning the value of the version of the latest application package available.", + "properties": { + "updateVersion": { + "description": "Latest found version of the application package.", + "examples": ["1.12.5"], + "type": "string" + } + }, + "required": ["updateVersion"], + "title": "Update SHIELD Check - latest application package version", + "type": "object", + "examples": [ + { + "updateVersion": "1.12.5" + } + ] + }, + "Update.Shield.Channel": { + "description": "Channel configuration for the SHIELD update service.", + "properties": { + "latest": { + "description": "Version number of the latest update available to the chanel.", + "examples": ["1.12.5"], + "type": "string" + }, + "name": { + "description": "(Unique) Name of the update channel that this configuration belongs to.", + "examples": ["stable"], + "type": "string" + }, + "previous": { + "description": "Version number of the number that is being replaced via ring deployment, available to all rings at the minimum.", + "examples": ["1.12.4"], + "type": "string" + } + }, + "required": ["latest", "name", "previous"], + "title": "SHIELD Update - Channel", + "type": "object", + "examples": [ + { + "latest": "1.12.5", + "name": "stable", + "previous": "1.12.4" + } + ] + }, + "Update.Shield.Channel.Ring": { + "description": "Object containing channel ring configuration.", + "properties": { + "latest": { + "description": "Flag that indicates if the ring should be operating off of the latest version number provided by the channel (`true`) or the previous (`false`).", + "examples": [true], + "type": "boolean" + }, + "number": { + "description": "Ring number that this configuration belongs to.", + "examples": [1], + "type": "integer", + "minimum": 0 + } + }, + "required": ["latest", "number"], + "title": "Update SHIELD Channel Ring - configuration entry", + "type": "object", + "examples": [ + { + "latest": true, + "number": 1 + } + ] + }, + "Update.Shield.Tenant": { + "description": "Object containing tenant update configuration.", + "properties": { + "alphaEnabled": { + "description": "Flag that indicates if the current tenant is allowed to request alpha builds (`true`) or not (`false`).", + "examples": [false], + "type": "boolean" + }, + "channel": { + "description": "Name of the deploy channel.", + "examples": ["stable"], + "type": "string" + }, + "ring": { + "description": "Ring number that the client is a member of for the current chanel.", + "examples": [1], + "type": "integer" + }, + "tenantId": { + "description": "Tenant ID that the configuration belongs to.", + "examples": ["a2a1698d-a3e0-42d3-96a4-47eb3e8f7dd1"], + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string" + } + }, + "required": ["alphaEnabled", "channel", "ring", "tenantId"], + "title": "Update SHIELD Tenant - configuration entry", + "type": "object", + "examples": [ + { + "alphaEnabled": false, + "channel": "stable", + "ring": 1, + "tenantId": "1d71e0fe-6e4a-464d-a690-80addf3bda55" + } + ] + }, + "TenantDetails": { + "title": "Tenant Details Record", + "description": "Information about a single tenant record", + "properties": { + "tenantId": { + "description": "The object ID of the tenant record", + "examples": ["1c4d2f3b-2e4b-4a5b-8c6d-7e8f9a0b1c2d"], + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string" + }, + "tenantDisplayName": { + "description": "Human readable name for the tenant record", + "examples": ["Contoso - Prod"], + "type": "string" + }, + "parentId": { + "description": "The object ID of the tenant that is considered a parent to this record", + "examples": ["22354a3f-2e21-4bd2-8327-dc842cfa80c8"], + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string" + }, + "authorizedPrincipalList": { + "description": "List of object IDs that are allowed to access this record and related data.", + "type": "array", + "items": { + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string", + "examples": ["fd9a6a53-594d-41aa-950a-b21ff41d4688"] }, - "Chat.OpenAIChatMessage": { - "title": "Chat - Message Record", - "description": "Object representing entity supplied to the AI agent or a response from the AI Agent", - "examples": [{ - "role": "assistant", - "content": "What are the available IDs?", - "tool_calls": [ - { - "id": "call_abc123", - "type": "function", - "function": { - "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", - "name": "getCorrelationIDs" + "examples": [ + [ + "fd9a6a53-594d-41aa-950a-b21ff41d4688", + "54fc12cd-403d-4c48-be12-86b807e958d3" + ] + ] + } + }, + "type": "object", + "required": [ + "tenantId", + "tenantDisplayName", + "parentId", + "authorizedPrincipalList" + ], + "examples": [ + { + "tenantId": "1c4d2f3b-2e4b-4a5b-8c6d-7e8f9a0b1c2d", + "tenantDisplayName": "Contoso - Prod", + "parentId": "22354a3f-2e21-4bd2-8327-dc842cfa80c8", + "authorizedPrincipalList": [ + "fd9a6a53-594d-41aa-950a-b21ff41d4688", + "54fc12cd-403d-4c48-be12-86b807e958d3" + ] + } + ] + } + }, + "securitySchemes": { + "EntraID": { + "type": "http", + "scheme": "bearer", + "bearerFormat": "JWT", + "description": "The Access Token from Entra ID. Please note required scopes (permissions) in each endpoint." + } + } + }, + "externalDocs": { + "description": "Official Documentation", + "url": "https://docs.shilab.com" + }, + "info": { + "contact": { + "email": "elliot_huffman@shi.com", + "name": "SHI - Lab" + }, + "description": "Collects data from the various SHI Lab products and makes it available in a standardized way.", + "title": "SHI Data Gateway", + "version": "2.2.2" + }, + "openapi": "3.1.0", + "paths": { + "/Api/Core/Health": { + "get": { + "description": "Check the health of the various components of the data gateway and report back. Useful for automated health probing.", + "operationId": "/Api/ServiceHealth/Get", + "responses": { + "201": { + "description": "Service is operational!" + }, + "500": { + "description": "Service has a failure described with following report.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Core.HealthReport" + } + } + } + } + }, + "tags": ["Core System"], + "security": [], + "summary": "Health of the Service for Probing" + } + }, + "/Api/LicenseReport": { + "post": { + "description": "Store the results of a license analytics run.\n\nThis endpoint requires the `LicenseReport.ReadWrite`, or `LicenseReport.ReadWrite.All` scope (permission).", + "operationId": "/Api/LicenseReport/Post", + "requestBody": { + "content": { + "application/json": { + "examples": [ + { + "License Report": { + "description": "Sample, truncated report from an example customer environment.", + "summary": "License Report", + "value": { + "availableLicense": { + "3d282045-ec7f-4813-88e2-29b74ee609f7": 123456, + "5888a922-9f5b-45fd-bd5f-de3283d6a79e": 99999999, + "a4b2e176-d63d-4081-9e21-226e2ac624b9": 5, + "547404d4-8734-415f-a7ca-e9c1ffb95e48": 25, + "d76878d6-1495-4243-a334-a82bb9818cd0": 500 + }, + "correlation": { + "auditTenantAccount": "somebodyThatI@UsedToKnow.com" + }, + "licenseData": { + "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { + "assignedLicense": { + "5888a922-9f5b-45fd-bd5f-de3283d6a79e": null, + "3d282045-ec7f-4813-88e2-29b74ee609f7": null + }, + "assignedService": { + "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, + "d76878d6-1495-4243-a334-a82bb9818cd0": null + }, + "consumedService": { + "e0d101e8-6f1e-40a9-a66f-cad4112c9a59": null, + "c63b7a2d-6573-4c37-9ca8-e12b954d3198": { + "Something Here": true, + "Other Obscure feature": false + } + } + }, + "04e88835-771a-482b-9d6f-ba06c32cbb67": { + "assignedLicense": { + "3d282045-ec7f-4813-88e2-29b74ee609f7": null + }, + "assignedService": { + "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, + "d76878d6-1495-4243-a334-a82bb9818cd0": null + }, + "consumedService": { + "9d3603de-b378-4c4a-adcc-ee133cbef914": null, + "e9a4e3d3-ebe0-405a-a8f4-35a04c4dba1f": { + "Something Here": true, + "Other Obscure feature": false } + } } - ] - }], - "type": "object", - "properties": { - "content": { - "oneOf": [ - { - "type": "string", - "description": "The contents of the message" + } + } + }, + "Ignorant License Report Request": { + "description": "Clueless dev trying to automate this application without reading the docs. RTFM!", + "summary": "Ignorant License Report Request", + "value": {} + } + } + ], + "schema": { + "$ref": "#/components/schemas/LicenseReport" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "examples": [ + { + "License Report": { + "description": "Sample, truncated report from an example customer environment.", + "summary": "License Report", + "value": { + "availableLicense": { + "3d282045-ec7f-4813-88e2-29b74ee609f7": 123456, + "5888a922-9f5b-45fd-bd5f-de3283d6a79e": 99999999, + "a4b2e176-d63d-4081-9e21-226e2ac624b9": 5, + "547404d4-8734-415f-a7ca-e9c1ffb95e48": 25, + "d76878d6-1495-4243-a334-a82bb9818cd0": 500 + }, + "correlation": { + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db" + }, + "licenseData": { + "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { + "assignedLicense": { + "5888a922-9f5b-45fd-bd5f-de3283d6a79e": null, + "3d282045-ec7f-4813-88e2-29b74ee609f7": null }, - { - "type": "array", - "description": "The contents of the message", - "items": { - "type": "object", - "properties": { - "text": { - "type": "string", - "description": "The text content" - }, - "type": { - "type": "string", - "description": "The type of the content part" - } - }, - "required": [ - "text", - "type" - ] - } + "assignedService": { + "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, + "d76878d6-1495-4243-a334-a82bb9818cd0": null + }, + "consumedService": { + "e0d101e8-6f1e-40a9-a66f-cad4112c9a59": null, + "c63b7a2d-6573-4c37-9ca8-e12b954d3198": { + "Something Here": true, + "Other Obscure feature": false + } } - ] - }, - "role": { - "type": "string", - "description": "The role of the messages author" - }, - "name": { - "type": "string", - "description": "An optional name for the participant" - }, - "tool_calls": { - "type": "array", - "description": "The tool calls generated by the model, such as function calls", - "items": { - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "The ID of the tool call" - }, - "function": { - "type": "object", - "description": "The function that the model called", - "properties": { - "arguments": { - "type": "string", - "description": "The arguments to call the function with" - }, - "name": { - "type": "string", - "description": "The name of the function to call" - } - } - }, - "type": { - "type": "string", - "description": "The type of the tool. Currently, only `function` is supported" - } + }, + "04e88835-771a-482b-9d6f-ba06c32cbb67": { + "assignedLicense": { + "3d282045-ec7f-4813-88e2-29b74ee609f7": null + }, + "assignedService": { + "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, + "d76878d6-1495-4243-a334-a82bb9818cd0": null + }, + "consumedService": { + "9d3603de-b378-4c4a-adcc-ee133cbef914": null, + "e9a4e3d3-ebe0-405a-a8f4-35a04c4dba1f": { + "Something Here": true, + "Other Obscure feature": false + } } + } } - }, - "tool_call_id": { - "type": "string", - "description": "Tool call that this message is responding to" + } } - }, - "required": [ - "content", - "role" - ] + } + ], + "schema": { + "$ref": "#/components/schemas/LicenseReport" + } + } }, - "LicenseReport.CorrelationRecord": { - "description": "Metadata that describes the execution session (run) that is used to tie/relate all of the license report together.", - "examples": [{ - "auditTenantAccount": "priv-user@example.com", - "correlationId": "9d838115-0868-45d4-b8a5-98adc1af7e42", - "reportTenantAccount": "ent-user@example.com", - "tenantId": "7e536189-b2dd-4c8b-98b1-9b174777883f", - "createdAt": "2024-08-01T21:13:12.821Z", - "updatedAt": "2024-08-01T21:13:12.821Z" - }], - "properties": { - "auditTenantAccount": { - "description": "The user account used to retrieve the license information in the tenant being audited.", - "examples": ["admin-user@example.com"], - "format": "email", - "type": "string" - }, - "correlationId": { - "description": "The ID of the execution session (run) that is used to tie/relate all of the data together.", - "examples": ["88da2253-758f-4135-9d37-64448c8b65c1"], - "format": "uuid", - "type": "string", - "pattern": "^\\w+-\\w+-\\w+-\\w+-\\w+$" - }, - "reportTenantAccount": { - "description": "User account used to store/report the license report to the SHI Lab cloud service.", - "examples": ["generic-user@example.com"], - "format": "email", - "type": "string" - }, - "tenantId": { - "description": "Unique ID of customer's Microsoft tenant that the license report is for.", - "examples": ["0e1fe83f-a33f-4250-8546-225b8d45ae01"], - "format": "uuid", - "type": "string", - "pattern": "^\\w+-\\w+-\\w+-\\w+-\\w+$" - }, - "createdAt": { - "description": "Timestamp of when the report was created.", - "examples": ["2024-08-01T21:12:22.148Z"], - "format": "date-time", - "type": "string" - }, - "updatedAt": { - "description": "Timestamp of when the report was last updated.", - "examples": ["2024-08-01T21:12:22.148Z"], - "format": "date-time", - "type": "string" + "description": "OK" + }, + "400": { + "$ref": "#/components/responses/400" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + } + }, + "tags": ["License Analytics"], + "summary": "Store License Analytics Data" + } + }, + "/Api/LicenseReport/Correlation": { + "get": { + "description": "Retrieves the list of correlation records for the authenticated tenant. Can use filters targeting creation date to limit results. Correlation records store the metadata for a specific license report.\n\nThis endpoint requires the `LicenseReport.Read`, `LicenseReport.Read.All`, `LicenseReport.ReadWrite`, or `LicenseReport.ReadWrite.All` scope (permission).", + "operationId": "/Api/LicenseReport/Correlation/Get", + "parameters": [ + { + "$ref": "#/components/parameters/dateStart" + }, + { + "$ref": "#/components/parameters/dateEnd" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "examples": [ + { + "Example License Report": { + "description": "Sample list of correlation records for the authenticated tenant.", + "summary": "Available Correlation Records", + "value": [ + { + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", + "createdAt": "2024-08-01T21:14:45.026Z", + "updatedAt": "2024-08-01T21:14:45.026Z" + }, + { + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "d8095827-a313-40e1-b086-f72636de0edf", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", + "createdAt": "2024-07-25T21:14:45.026Z", + "updatedAt": "2024-07-25T21:14:45.026Z" + } + ] } - }, - "required": [ - "auditTenantAccount" + } ], - "title": "License Report - Correlation Record", - "type": "object" + "schema": { + "type": "array", + "minItems": 0, + "items": { + "$ref": "#/components/schemas/LicenseReport.CorrelationRecord" + } + } + } }, - "LicenseReport.LicenseData": { - "type": "object", - "properties": { - "assignedLicense": { - "additionalProperties": { - "type": "integer" - }, - "description": "License assignment on the specified principal.", - "type": "object" - }, - "assignedService": { - "additionalProperties": { - "oneOf": [ - { - "$ref": "#/components/schemas/LicenseReport.FeatureBreakdown" - }, - { - "type": "integer", - "format": "int32" - } - ] - }, - "description": "Service configuration assignment. This is used to record the set of principals that are \"benefiting\" from the service, regardless of license status.", - "type": "object" - }, - "consumedService": { - "additionalProperties": { - "oneOf": [ - { - "$ref": "#/components/schemas/LicenseReport.FeatureBreakdown" - }, - { - "type": "integer", - "format": "int32" - } - ] + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + } + }, + "tags": ["License Analytics"], + "summary": "Retrieve the List of Correlation Records" + } + }, + "/Api/LicenseReport/Correlation/Tenant/{tenantId}": { + "get": { + "description": "Retrieves the list of correlation records for the specified tenant. Can use filters targeting creation date to limit results. Correlation records store the metadata for a specific license report.\n\nThis endpoint requires the `LicenseReport.Read.All`, or `LicenseReport.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI` and `SHI Lab` tenants. End user access is restricted.", + "operationId": "/Api/LicenseReport/Correlation/Tenant/:tenantId/Get", + "parameters": [ + { + "$ref": "#/components/parameters/tenantId" + }, + { + "$ref": "#/components/parameters/dateStart" + }, + { + "$ref": "#/components/parameters/dateEnd" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "examples": [ + { + "Example License Report": { + "description": "Sample list of correlation records for the authenticated tenant.", + "summary": "Available Correlation Records", + "value": [ + { + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", + "createdAt": "2024-08-01T21:14:45.026Z", + "updatedAt": "2024-08-01T21:14:45.026Z" }, - "description": "Usage telemetry retrieved for the service to indicate if the specific principal is consuming the service or not, regardless of license status.", - "type": "object" + { + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "d8095827-a313-40e1-b086-f72636de0edf", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", + "createdAt": "2024-07-25T21:14:45.026Z", + "updatedAt": "2024-07-25T21:14:45.026Z" + } + ] } - }, - "required": [ - "assignedLicense", - "assignedService", - "consumedService" + } ], - "description": "Collection of principals that have had their in-use licenses and assigned licenses. Where the key is the principal ID and the value is the insights.", - "examples": [{ - "assignedLicense": { - "eec0eb4f-6444-4f95-aba0-50c24d67f998": null, - "41781fb2-bc02-4b7c-bd55-b576c07bb09d": null, - "7159f980-6f83-4b67-bf41-e172b3ae1352": null - }, - "assignedService": { - "eec0eb4f-6444-4f95-aba0-50c24d67f998": { - "Conditional Access": false, - "Access Review": true, - "Entitlement Management": false, - "Identity Protection": true - }, - "41781fb2-bc02-4b7c-bd55-b576c07bb09d": { - "Conditional Access": true, - "Dynamic Group": false, - "Group Naming": true, - "On-Prem SSPR": false, - "Group Expiration": true, - "Provisioning Engine": true, - "Enterprise State Roaming": false - }, - "6511755b-c27d-4c66-a59e-b835e6b54e7f": null - }, - "consumedService": { - "eec0eb4f-6444-4f95-aba0-50c24d67f998": { - "Conditional Access": true, - "Access Review": false, - "Entitlement Management": false, - "Identity Protection": true + "schema": { + "type": "array", + "minItems": 0, + "items": { + "$ref": "#/components/schemas/LicenseReport.CorrelationRecord" + } + } + } + }, + "description": "OK" + }, + "400": { + "$ref": "#/components/responses/400" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + } + }, + "tags": ["License Analytics"], + "summary": "Retrieve the List of Correlation Records for Specified Tenant" + } + }, + "/Api/LicenseReport/Correlation/{correlationId}/Data": { + "get": { + "description": "Retrieves the full license report for the specified correlation ID in the authenticated tenant. The license report contains all of the license usage and compliance information with the required correlation data.\n\nThis endpoint requires the `LicenseReport.Read`, `LicenseReport.Read.All`, `LicenseReport.ReadWrite`, or `LicenseReport.ReadWrite.All` scope (permission).", + "operationId": "/Api/LicenseReport/Correlation/:correlationId/Data/Get", + "parameters": [ + { + "$ref": "#/components/parameters/correlationId" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "examples": [ + { + "License Report": { + "description": "Sample, truncated report from an example customer environment.", + "summary": "License Report", + "value": { + "availableLicense": { + "3d282045-ec7f-4813-88e2-29b74ee609f7": 123456, + "5888a922-9f5b-45fd-bd5f-de3283d6a79e": 99999999, + "a4b2e176-d63d-4081-9e21-226e2ac624b9": 5, + "547404d4-8734-415f-a7ca-e9c1ffb95e48": 25, + "d76878d6-1495-4243-a334-a82bb9818cd0": 500 }, - "41781fb2-bc02-4b7c-bd55-b576c07bb09d": { - "Conditional Access": true, - "Dynamic Group": false, - "Group Naming": true, - "On-Prem SSPR": false, - "Group Expiration": true, - "Provisioning Engine": true, - "Enterprise State Roaming": false + "correlation": { + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db" }, - "4b0d28f2-c1ce-48ae-a7d2-1caaa7825891": null, - "c90f1a25-e6cd-4163-ac6c-ca7616c585a9": null - } - }], - "title": "License Report - License Data" - }, - "LicenseReport.FeatureBreakdown": { - "additionalProperties": { - "type": "boolean" - }, - "description": "List of features that are configured for the specific service plan's service configuration for the related principal.\nThe key is the name of the feature that is being described.\nThe value is the state of the feature configuration, `true` is in scope and `false` meaning not in scope.", - "examples": [{ - "Conditional Access": true, - "Access Reviews": true, - "Dynamic Groups": false, - "On-Prem Password Rest": true, - "On-Prem Password Protection": false - }], - "title": "License Report - Feature Breakdown", - "type": "object" - }, - "LicenseReport": { - "description": "Completely calculated license report structure that is the result of a complete run.", - "examples": [{ - "availableLicense": { - "e17b13ee-9749-488b-9289-d31a8fde045d": 123, - "2d995b6a-d4aa-4d8d-a03c-372ecb66509d": 456, - "cbf6ee7c-c3c1-44a6-9f18-020c65536470": 789 - }, - "correlation": { - "auditTenantAccount": "admin-user@example.com", - "correlationId": "88da2253-758f-4135-9d37-64448c8b65c1", - "reportTenantAccount": "generic-user@example.com", - "tenantId": "0e1fe83f-a33f-4250-8546-225b8d45ae01" - }, - "licenseData": { - "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { + "licenseData": { + "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { "assignedLicense": { - "e17b13ee-9749-488b-9289-d31a8fde045d": null + "5888a922-9f5b-45fd-bd5f-de3283d6a79e": null, + "3d282045-ec7f-4813-88e2-29b74ee609f7": null }, "assignedService": { - "cbf6ee7c-c3c1-44a6-9f18-020c65536470": null, - "c7bcba35-199c-41e5-8c8d-6d4e4aad8964": null + "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, + "d76878d6-1495-4243-a334-a82bb9818cd0": null }, "consumedService": { - "fe98c41a-d931-4f6f-a5bc-750ba7144a77": null, - "0474bdf1-ee76-4aff-a65c-6f82e5e1d5a6": { - "Something Here": true, - "Other Obscure feature": false - } + "e0d101e8-6f1e-40a9-a66f-cad4112c9a59": null, + "c63b7a2d-6573-4c37-9ca8-e12b954d3198": { + "Something Here": true, + "Other Obscure feature": false + } } + }, + "04e88835-771a-482b-9d6f-ba06c32cbb67": { + "assignedLicense": { + "3d282045-ec7f-4813-88e2-29b74ee609f7": null + }, + "assignedService": { + "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, + "d76878d6-1495-4243-a334-a82bb9818cd0": null + }, + "consumedService": { + "9d3603de-b378-4c4a-adcc-ee133cbef914": null, + "e9a4e3d3-ebe0-405a-a8f4-35a04c4dba1f": { + "Something Here": true, + "Other Obscure feature": false + } + } + } } + } } - }], - "type": "object", - "properties": { - "availableLicense": { - "additionalProperties": { - "examples": [1234], - "type": "integer" + } + ], + "schema": { + "$ref": "#/components/schemas/LicenseReport" + } + } + }, + "description": "OK" + }, + "400": { + "$ref": "#/components/responses/400" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + } + }, + "tags": ["License Analytics"], + "summary": "Retrieve the Specified License Report" + }, + "delete": { + "description": "Deletes the full license report for the specified correlation ID.\n\nThis endpoint requires the `LicenseReport.ReadWrite`, or `LicenseReport.ReadWrite.All` scope (permission).", + "operationId": "/Api/LicenseReport/Correlation/:correlationId/Data/delete", + "parameters": [ + { + "$ref": "#/components/parameters/correlationId" + } + ], + "responses": { + "201": { + "description": "Deleted successfully" + }, + "400": { + "$ref": "#/components/responses/400" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + } + }, + "tags": ["License Analytics"], + "summary": "Delete the Specified License Report for the currently authenticated tenant." + } + }, + "/Api/LicenseReport/Correlation/{correlationId}/Tenant/{tenantId}/Data": { + "get": { + "description": "Retrieves the full license report for the specified correlation ID and tenant. The license report contains all of the license usage and compliance information with the required correlation data.\n\nThis endpoint requires the `LicenseReport.Read.All`, or `LicenseReport.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI` and `SHI Lab` tenants. End user access is restricted.", + "operationId": "/Api/LicenseReport/Correlation/:correlationId/Tenant/:tenantId/Data/Get", + "parameters": [ + { + "$ref": "#/components/parameters/correlationId" + }, + { + "$ref": "#/components/parameters/tenantId" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "examples": [ + { + "License Report": { + "description": "Sample, truncated report from an example customer environment.", + "summary": "License Report", + "value": { + "availableLicense": { + "3d282045-ec7f-4813-88e2-29b74ee609f7": 123456, + "5888a922-9f5b-45fd-bd5f-de3283d6a79e": 99999999, + "a4b2e176-d63d-4081-9e21-226e2ac624b9": 5, + "547404d4-8734-415f-a7ca-e9c1ffb95e48": 25, + "d76878d6-1495-4243-a334-a82bb9818cd0": 500 }, - "description": "Breakdown of the purchased licenses/service plans available in the tenant being audited for this run. Where the key is the ID of the service plan and the value is how many licenses are available/purchase for it.", - "examples": [{ - "eec0eb4f-6444-4f95-aba0-50c24d67f998": 1234, - "41781fb2-bc02-4b7c-bd55-b576c07bb09d": 123 - }], - "title": "License Report - Available Licenses", - "type": "object" - }, - "correlation": { - "$ref": "#/components/schemas/LicenseReport.CorrelationRecord" - }, - "licenseData": { - "additionalProperties": { - "$ref": "#/components/schemas/LicenseReport.LicenseData" + "correlation": { + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db" + }, + "licenseData": { + "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { + "assignedLicense": { + "5888a922-9f5b-45fd-bd5f-de3283d6a79e": null, + "3d282045-ec7f-4813-88e2-29b74ee609f7": null + }, + "assignedService": { + "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, + "d76878d6-1495-4243-a334-a82bb9818cd0": null + }, + "consumedService": { + "e0d101e8-6f1e-40a9-a66f-cad4112c9a59": null, + "c63b7a2d-6573-4c37-9ca8-e12b954d3198": { + "Something Here": true, + "Other Obscure feature": false + } + } + }, + "04e88835-771a-482b-9d6f-ba06c32cbb67": { + "assignedLicense": { + "3d282045-ec7f-4813-88e2-29b74ee609f7": null + }, + "assignedService": { + "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, + "d76878d6-1495-4243-a334-a82bb9818cd0": null + }, + "consumedService": { + "9d3603de-b378-4c4a-adcc-ee133cbef914": null, + "e9a4e3d3-ebe0-405a-a8f4-35a04c4dba1f": { + "Something Here": true, + "Other Obscure feature": false + } + } + } } + } } - }, - "required": [ - "availableLicense", - "correlation", - "licenseData" + } ], - "title": "License Report - Complete Object" + "schema": { + "$ref": "#/components/schemas/LicenseReport" + } + } }, - "LicenseEntitlement.Shield": { - "description": "Record that describes the purchased licenses for a specific tenant. More than one of these can be active at a single time.", - "properties": { - "correlationId": { - "description": "Used to correlate the license entitlements with other records.", - "examples": ["e097a3f5-9599-44a2-8923-fd3276c83ae1"], - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "readOnly": true, - "type": "string" - }, - "enterpriseDeviceCount": { - "description": "Count of Enterprise Devices that are allowed to be managed.", - "examples": [5], - "format": "int32", - "type": "integer" - }, - "enterpriseInterfaceCount": { - "description": "Count of Enterprise Interfaces that are allowed to be managed.", - "examples": [6], - "format": "int32", - "type": "integer" - }, - "enterpriseIntermediaryCount": { - "description": "Count of Enterprise Intermediaries that are allowed to be managed.", - "examples": [7], - "format": "int32", - "type": "integer" - }, - "enterpriseUserCount": { - "description": "Count of Enterprise Users that are allowed to be managed.", - "examples": [8], - "format": "int32", - "type": "integer" - }, - "notValidAfter": { - "description": "Date that the entitlement expires at.", - "examples": ["2024-07-30T17:35:24.044Z"], - "format": "date-time", - "type": "string" - }, - "notValidBefore": { - "description": "Date that the entitlement becomes active at.", - "examples": ["2024-07-30T17:37:15.300Z"], - "format": "date-time", - "type": "string" - }, - "privilegedDeviceCount": { - "description": "Count of Privileged Devices (PAW) that are allowed to be managed.", - "examples": [9], - "format": "int32", - "type": "integer" - }, - "privilegedInterfaceCount": { - "description": "Count of Privileged Interfaces that are allowed to be managed.", - "examples": [10], - "format": "int32", - "type": "integer" - }, - "privilegedIntermediaryCount": { - "description": "Count of Privileged Intermediaries that are allowed to be managed.", - "examples": [11], - "format": "int32", - "type": "integer" - }, - "privilegedUserCount": { - "description": "Count of Privileged Users that are allowed to be managed.", - "examples": [12], - "format": "int32", - "type": "integer" - }, - "purchaseId": { - "description": "This could be any value used to correlate the purchase operation to this entitlement record.", - "examples": ["Bob's your uncle."], - "type": "string" - }, - "specializedDeviceCount": { - "description": "Count of Specialized Devices that are allowed to be managed.", - "examples": [13], - "format": "int32", - "type": "integer" - }, - "specializedInterfaceCount": { - "description": "Count of Specialized Interfaces that are allowed to be managed.", - "examples": [14], - "format": "int32", - "type": "integer" - }, - "specializedIntermediaryCount": { - "description": "Count of Specialized Intermediaries that are allowed to be managed.", - "examples": [15], - "format": "int32", - "type": "integer" - }, - "specializedUserCount": { - "description": "Count of Specialized Users that are allowed to be managed.", - "examples": [15], - "format": "int32", - "type": "integer" - }, - "tenantId": { - "description": "Tenant that this license entitlement is valid for.", - "examples": ["a2a1698d-a3e0-42d3-96a4-47eb3e8f7dd1"], - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "readOnly": true, - "type": "string" - } - }, - "required": [ - "enterpriseDeviceCount", - "enterpriseInterfaceCount", - "enterpriseIntermediaryCount", - "enterpriseUserCount", - "notValidAfter", - "notValidBefore", - "privilegedDeviceCount", - "privilegedInterfaceCount", - "privilegedIntermediaryCount", - "privilegedUserCount", - "specializedDeviceCount", - "specializedInterfaceCount", - "specializedIntermediaryCount", - "specializedUserCount", - "tenantId" - ], - "title": "License Entitlement - SHIELD Record", - "type": "object" - }, - "LicenseEntitlement.Shield.Count": { - "properties": { - "enterpriseDeviceCount": { - "description": "Count of Enterprise Devices that are allowed to be managed.", - "examples": [5], - "format": "int32", - "type": "integer" - }, - "enterpriseInterfaceCount": { - "description": "Count of Enterprise Interfaces that are allowed to be managed.", - "examples": [3], - "format": "int32", - "type": "integer" - }, - "enterpriseIntermediaryCount": { - "description": "Count of Enterprise Intermediaries that are allowed to be managed.", - "examples": [7], - "format": "int32", - "type": "integer" - }, - "enterpriseUserCount": { - "description": "Count of Enterprise Users that are allowed to be managed.", - "examples": [8], - "format": "int32", - "type": "integer" - }, - "privilegedDeviceCount": { - "description": "Count of Privileged Devices (PAW) that are allowed to be managed.", - "examples": [9], - "format": "int32", - "type": "integer" - }, - "privilegedInterfaceCount": { - "description": "Count of Privileged Interfaces that are allowed to be managed.", - "examples": [10], - "format": "int32", - "type": "integer" - }, - "privilegedIntermediaryCount": { - "description": "Count of Privileged Intermediaries that are allowed to be managed.", - "examples": [11], - "format": "int32", - "type": "integer" - }, - "privilegedUserCount": { - "description": "Count of Privileged Users that are allowed to be managed.", - "examples": [12], - "format": "int32", - "type": "integer" - }, - "specializedDeviceCount": { - "description": "Count of Specialized Devices that are allowed to be managed.", - "examples": [13], - "format": "int32", - "type": "integer" - }, - "specializedInterfaceCount": { - "description": "Count of Specialized Interfaces that are allowed to be managed.", - "examples": [14], - "format": "int32", - "type": "integer" - }, - "specializedIntermediaryCount": { - "description": "Count of Specialized Intermediaries that are allowed to be managed.", - "examples": [15], - "format": "int32", - "type": "integer" - }, - "specializedUserCount": { - "description": "Count of Specialized Users that are allowed to be managed.", - "examples": [15], - "format": "int32", - "type": "integer" - } - }, - "required": [ - "enterpriseDeviceCount", - "enterpriseInterfaceCount", - "enterpriseIntermediaryCount", - "enterpriseUserCount", - "privilegedDeviceCount", - "privilegedInterfaceCount", - "privilegedIntermediaryCount", - "privilegedUserCount", - "specializedDeviceCount", - "specializedInterfaceCount", - "specializedIntermediaryCount", - "specializedUserCount" - ], - "title": "License Entitlement - Active SHIELD Count", - "type": "object" - }, - "Telemetry.Shield": { - "properties": { - "correlationId": { - "description": "Primary key for the table, used to correlate multiple telemetry records together.", - "format": "uuid", - "type": "string" - }, - "enterpriseDeviceCount": { - "description": "Count of Enterprise Devices that are deployed in the CX environment.", - "type": "integer", - "minimum": 0 - }, - "enterpriseInterfaceCount": { - "description": "Number of active Enterprise interfaces.", - "type": "integer", - "minimum": 0 - }, - "enterpriseIntermediaryCount": { - "description": "Number of active Enterprise intermediaries.", - "type": "integer", - "minimum": 0 - }, - "enterpriseUserCount": { - "description": "Count of Enterprise Users that are deployed in the CX environment.", - "type": "integer", - "minimum": 0 - }, - "monthlyActiveEntUsers": { - "description": "Number of active managed Enterprise users.", - "type": "integer", - "minimum": 0 - }, - "monthlyActivePrivUsers": { - "description": "Number of active managed privileged users.", - "type": "integer", - "minimum": 0 - }, - "monthlyActiveSpecUsers": { - "description": "Number of active managed Specialized users.", - "type": "integer", - "minimum": 0 - }, - "privilegedDeviceCount": { - "description": "Count of Privileged Devices (PAW) that are deployed in the CX environment.", - "type": "integer", - "minimum": 0 - }, - "privilegedInterfaceCount": { - "description": "Number of active Privileged interfaces.", - "type": "integer", - "minimum": 0 - }, - "privilegedIntermediaryCount": { - "description": "Number of active Privileged intermediaries.", - "type": "integer", - "minimum": 0 - }, - "privilegedUserCount": { - "description": "Count of Privileged Users that are deployed in the CX environment.", - "type": "integer", - "minimum": 0 - }, - "shieldArchitectureVersion": { - "description": "Version number of the architecture that is deployed.", - "examples": ["27"], - "type": "string", - "minimum": 1 - }, - "shieldCoreVersion": { - "description": "Version number of the product that the product is running.", - "examples": ["2.5.6"], - "type": "string" - }, - "specializedDeviceCount": { - "description": "Count of Specialized Devices that are deployed in the CX environment.", - "type": "integer", - "minimum": 0 - }, - "specializedInterfaceCount": { - "description": "Number of active Specialized interfaces.", - "type": "integer", - "minimum": 0 - }, - "specializedIntermediaryCount": { - "description": "Number of active Specialized intermediaries.", - "type": "integer", - "minimum": 0 - }, - "specializedUserCount": { - "description": "Count of Specialized Users that are deployed in the CX environment.", - "type": "integer", - "minimum": 0 - }, - "tenantId": { - "description": "Tenant ID for the CX in question.", - "examples": ["5ae80362-6fe8-4ab1-9b6d-8dfa99d91657"], - "type": "string" - }, - "createdAt": { - "description": "Timestamp on when the record was created. This is auto managed by sequelize.", - "examples": ["2024-08-02T23:48:50.231Z"], - "format": "date-time", - "type": "string" - }, - "updatedAt": { - "description": "Timestamp on when the record was last updated. This is auto managed by sequelize.", - "examples": ["2024-08-02T23:48:50.231Z"], - "format": "date-time", - "type": "string" - } - }, - "required": [ - "enterpriseDeviceCount", - "enterpriseInterfaceCount", - "enterpriseIntermediaryCount", - "enterpriseUserCount", - "monthlyActiveEntUsers", - "monthlyActivePrivUsers", - "monthlyActiveSpecUsers", - "privilegedDeviceCount", - "privilegedInterfaceCount", - "privilegedIntermediaryCount", - "privilegedUserCount", - "shieldArchitectureVersion", - "shieldCoreVersion", - "specializedDeviceCount", - "specializedInterfaceCount", - "specializedIntermediaryCount", - "specializedUserCount" - ], - "title": "Application Telemetry - SHIELD", - "type": "object" - }, - "Update.Shield.Check": { - "description": "Object returning the value of the version of the latest application package available.", - "properties": { - "updateVersion": { - "description": "Latest found version of the application package.", - "examples": ["1.12.5"], - "type": "string" - } - }, - "required": [ - "updateVersion" - ], - "title": "Update SHIELD Check - latest application package version", - "type": "object" - }, - "Update.Shield.Channel": { - "description": "Channel configuration for the SHIELD update service.", - "properties": { - "latest": { - "description": "Version number of the latest update available to the chanel.", - "examples": ["1.12.5"], - "type": "string" - }, - "name": { - "description": "(Unique) Name of the update channel that this configuration belongs to.", - "examples": ["stable"], - "type": "string" - }, - "previous": { - "description": "Version number of the number that is being replaced via ring deployment, available to all rings at the minimum.", - "examples": ["1.12.4"], - "type": "string" - } - }, - "required": [ - "latest", - "name", - "previous" - ], - "title": "SHIELD Update - Channel", - "type": "object" - }, - "Update.Shield.Channel.Ring": { - "description": "Object containing channel ring configuration.", - "properties": { - "latest": { - "description": "Flag that indicates if the ring should be operating off of the latest version number provided by the channel (`true`) or the previous (`false`).", - "examples": [true], - "type": "boolean" - }, - "number": { - "description": "Ring number that this configuration belongs to.", - "examples": [1], - "type": "integer", - "minimum": 0 - } - }, - "required": [ - "latest", - "number" - ], - "title": "Update SHIELD Channel Ring - configuration entry", - "type": "object" - }, - "Update.Shield.Tenant": { - "description": "Object containing tenant update configuration.", - "properties": { - "alphaEnabled": { - "description": "Flag that indicates if the current tenant is allowed to request alpha builds (`true`) or not (`false`).", - "examples": [false], - "type": "boolean" - }, - "channel": { - "description": "Name of the deploy channel.", - "examples": ["stable"], - "type": "string" - }, - "ring": { - "description": "Ring number that the client is a member of for the current chanel.", - "examples": [1], - "type": "integer" - }, - "tenantId": { - "description": "Tenant ID that the configuration belongs to.", - "examples": ["a2a1698d-a3e0-42d3-96a4-47eb3e8f7dd1"], - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" - } - }, - "required": [ - "alphaEnabled", - "channel", - "ring", - "tenantId" - ], - "title": "Update SHIELD Tenant - configuration entry", - "type": "object" - }, - "TenantDetails": { - "title": "Tenant Details Record", - "description": "Information about a single tenant record", - "properties": { - "tenantId": { - "description": "The object ID of the tenant record", - "examples": ["1c4d2f3b-2e4b-4a5b-8c6d-7e8f9a0b1c2d"], - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" - }, - "tenantDisplayName": { - "description": "Human readable name for the tenant record", - "examples": ["Contoso - Prod"], - "type": "string" - }, - "parentId": { - "description": "The object ID of the tenant that is considered a parent to this record", - "examples": ["22354a3f-2e21-4bd2-8327-dc842cfa80c8"], - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" - }, - "authorizedPrincipalList": { - "description": "List of object IDs that are allowed to access this record and related data.", - "type": "array", - "items": { - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" - }, - "examples": [[ - "fd9a6a53-594d-41aa-950a-b21ff41d4688", - "54fc12cd-403d-4c48-be12-86b807e958d3" - ]] - } - }, - "type": "object", - "required": [ - "tenantId", - "tenantDisplayName", - "parentId", - "authorizedPrincipalList" - ] - } + "description": "OK" + }, + "400": { + "$ref": "#/components/responses/400" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + } }, - "securitySchemes": { - "EntraID": { - "type": "http", - "scheme": "bearer", - "bearerFormat": "JWT", - "description": "The Access Token from Entra ID. Please note required scopes (permissions) in each endpoint." - } - } - }, - "externalDocs": { - "description": "Official Documentation", - "url": "https://docs.shilab.com" - }, - "info": { - "contact": { - "email": "elliot_huffman@shi.com", - "name": "SHI - Lab" - }, - "description": "Collects data from the various SHI Lab products and makes it available in a standardized way.", - "title": "SHI Data Gateway", - "version": "2.2.2" - }, - "openapi": "3.1.0", - "paths": { - "/Api/Core/Health": { - "get": { - "description": "Check the health of the various components of the data gateway and report back. Useful for automated health probing.", - "operationId": "/Api/ServiceHealth/Get", - "responses": { - "201": { - "description": "Service is operational!" - }, - "500": { - "description": "Service has a failure described with following report.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Core.HealthReport" - } - } - } - } - }, - "tags": [ - "Core System" - ], - "security": [], - "summary": "Health of the Service for Probing" - } + "tags": ["License Analytics"], + "summary": "Retrieve the Specified License Report for Specified Tenant" + }, + "delete": { + "description": "Deletes the full license report for the specified correlation ID and tenant.\n\nThis endpoint requires the `LicenseReport.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI` and `SHI Lab` tenants. End user access is restricted.", + "operationId": "/Api/LicenseReport/Correlation/:correlationId/Tenant/:tenantId/Data/delete", + "parameters": [ + { + "$ref": "#/components/parameters/correlationId" + }, + { + "$ref": "#/components/parameters/tenantId" + } + ], + "responses": { + "201": { + "description": "Deleted successfully" + }, + "400": { + "$ref": "#/components/responses/400" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + } }, - "/Api/LicenseReport": { - "post": { - "description": "Store the results of a license analytics run.\n\nThis endpoint requires the `LicenseReport.ReadWrite`, or `LicenseReport.ReadWrite.All` scope (permission).", - "operationId": "/Api/LicenseReport/Post", - "requestBody": { - "content": { - "application/json": { - "examples": [{ - "License Report": { - "description": "Sample, truncated report from an example customer environment.", - "summary": "License Report", - "value": { - "availableLicense": { - "3d282045-ec7f-4813-88e2-29b74ee609f7": 123456, - "5888a922-9f5b-45fd-bd5f-de3283d6a79e": 99999999, - "a4b2e176-d63d-4081-9e21-226e2ac624b9": 5, - "547404d4-8734-415f-a7ca-e9c1ffb95e48": 25, - "d76878d6-1495-4243-a334-a82bb9818cd0": 500 - }, - "correlation": { - "auditTenantAccount": "somebodyThatI@UsedToKnow.com" - }, - "licenseData": { - "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { - "assignedLicense": { - "5888a922-9f5b-45fd-bd5f-de3283d6a79e": null, - "3d282045-ec7f-4813-88e2-29b74ee609f7": null - }, - "assignedService": { - "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, - "d76878d6-1495-4243-a334-a82bb9818cd0": null - }, - "consumedService": { - "e0d101e8-6f1e-40a9-a66f-cad4112c9a59": null, - "c63b7a2d-6573-4c37-9ca8-e12b954d3198": { - "Something Here": true, - "Other Obscure feature": false - } - } - }, - "04e88835-771a-482b-9d6f-ba06c32cbb67": { - "assignedLicense": { - "3d282045-ec7f-4813-88e2-29b74ee609f7": null - }, - "assignedService": { - "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, - "d76878d6-1495-4243-a334-a82bb9818cd0": null - }, - "consumedService": { - "9d3603de-b378-4c4a-adcc-ee133cbef914": null, - "e9a4e3d3-ebe0-405a-a8f4-35a04c4dba1f": { - "Something Here": true, - "Other Obscure feature": false - } - } - } - } - } - }, - "Ignorant License Report Request": { - "description": "Clueless dev trying to automate this application without reading the docs. RTFM!", - "summary": "Ignorant License Report Request", - "value": {} - } - }], - "schema": { - "$ref": "#/components/schemas/LicenseReport" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json": { - "examples": [{ - "License Report": { - "description": "Sample, truncated report from an example customer environment.", - "summary": "License Report", - "value": { - "availableLicense": { - "3d282045-ec7f-4813-88e2-29b74ee609f7": 123456, - "5888a922-9f5b-45fd-bd5f-de3283d6a79e": 99999999, - "a4b2e176-d63d-4081-9e21-226e2ac624b9": 5, - "547404d4-8734-415f-a7ca-e9c1ffb95e48": 25, - "d76878d6-1495-4243-a334-a82bb9818cd0": 500 - }, - "correlation": { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db" - }, - "licenseData": { - "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { - "assignedLicense": { - "5888a922-9f5b-45fd-bd5f-de3283d6a79e": null, - "3d282045-ec7f-4813-88e2-29b74ee609f7": null - }, - "assignedService": { - "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, - "d76878d6-1495-4243-a334-a82bb9818cd0": null - }, - "consumedService": { - "e0d101e8-6f1e-40a9-a66f-cad4112c9a59": null, - "c63b7a2d-6573-4c37-9ca8-e12b954d3198": { - "Something Here": true, - "Other Obscure feature": false - } - } - }, - "04e88835-771a-482b-9d6f-ba06c32cbb67": { - "assignedLicense": { - "3d282045-ec7f-4813-88e2-29b74ee609f7": null - }, - "assignedService": { - "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, - "d76878d6-1495-4243-a334-a82bb9818cd0": null - }, - "consumedService": { - "9d3603de-b378-4c4a-adcc-ee133cbef914": null, - "e9a4e3d3-ebe0-405a-a8f4-35a04c4dba1f": { - "Something Here": true, - "Other Obscure feature": false - } - } - } - } - } - } - }], - "schema": { - "$ref": "#/components/schemas/LicenseReport" - } - } - }, - "description": "OK" - }, - "400": { - "$ref": "#/components/responses/400" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - } - }, - "tags": [ - "License Analytics" - ], - "summary": "Store License Analytics Data" + "tags": ["License Analytics"], + "summary": "Delete the Specified License Report for Specified Tenant" + } + }, + "/Api/Chat/LicenseGpt": { + "post": { + "summary": "Inquire License Data from AI Agent", + "description": "Enables a conversation mode with AI agent to request details of the available license reports for the currently authenticated tenant.\n\nThis endpoint requires the `LicenseReport.Read`, `LicenseReport.ReadWrite`, `LicenseReport.Read.All`, or `LicenseReport.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI` and `SHI Lab` tenants. End user access is restricted.", + "operationId": "/Api/Chat/LicenseGpt/Post", + "requestBody": { + "content": { + "application/json": { + "schema": { + "description": "Collection of conversation parts provided by user to be ingested by the agent", + "type": "array", + "items": { + "$ref": "#/components/schemas/Chat.OpenAIChatMessage" + } + } } + } }, - "/Api/LicenseReport/Correlation": { - "get": { - "description": "Retrieves the list of correlation records for the authenticated tenant. Can use filters targeting creation date to limit results. Correlation records store the metadata for a specific license report.\n\nThis endpoint requires the `LicenseReport.Read`, `LicenseReport.Read.All`, `LicenseReport.ReadWrite`, or `LicenseReport.ReadWrite.All` scope (permission).", - "operationId": "/Api/LicenseReport/Correlation/Get", - "parameters": [ - { - "$ref": "#/components/parameters/dateStart" - }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "examples": [ { - "$ref": "#/components/parameters/dateEnd" - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "examples": [{ - "Example License Report": { - "description": "Sample list of correlation records for the authenticated tenant.", - "summary": "Available Correlation Records", - "value": [ - { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", - "createdAt": "2024-08-01T21:14:45.026Z", - "updatedAt": "2024-08-01T21:14:45.026Z" - }, - { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "d8095827-a313-40e1-b086-f72636de0edf", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", - "createdAt": "2024-07-25T21:14:45.026Z", - "updatedAt": "2024-07-25T21:14:45.026Z" - } - ] - } - }], - "schema": { - "type": "array", - "minItems": 0, - "items": { - "$ref": "#/components/schemas/LicenseReport.CorrelationRecord" - } - } - } + "messageList": [ + { + "role": "user", + "content": "Hello" }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - } - }, - "tags": [ - "License Analytics" - ], - "summary": "Retrieve the List of Correlation Records" - } - }, - "/Api/LicenseReport/Correlation/Tenant/{tenantId}": { - "get": { - "description": "Retrieves the list of correlation records for the specified tenant. Can use filters targeting creation date to limit results. Correlation records store the metadata for a specific license report.\n\nThis endpoint requires the `LicenseReport.Read.All`, or `LicenseReport.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI` and `SHI Lab` tenants. End user access is restricted.", - "operationId": "/Api/LicenseReport/Correlation/Tenant/:tenantId/Get", - "parameters": [ - { - "$ref": "#/components/parameters/tenantId" - }, - { - "$ref": "#/components/parameters/dateStart" - }, - { - "$ref": "#/components/parameters/dateEnd" - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "examples": [{ - "Example License Report": { - "description": "Sample list of correlation records for the authenticated tenant.", - "summary": "Available Correlation Records", - "value": [ - { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", - "createdAt": "2024-08-01T21:14:45.026Z", - "updatedAt": "2024-08-01T21:14:45.026Z" - }, - { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "d8095827-a313-40e1-b086-f72636de0edf", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", - "createdAt": "2024-07-25T21:14:45.026Z", - "updatedAt": "2024-07-25T21:14:45.026Z" - } - ] - } - }], - "schema": { - "type": "array", - "minItems": 0, - "items": { - "$ref": "#/components/schemas/LicenseReport.CorrelationRecord" - } - } - } + { + "role": "assistant", + "content": "Hello, how can I assist you today?" }, - "description": "OK" - }, - "400": { - "$ref": "#/components/responses/400" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - } - }, - "tags": [ - "License Analytics" - ], - "summary": "Retrieve the List of Correlation Records for Specified Tenant" - } - }, - "/Api/LicenseReport/Correlation/{correlationId}/Data": { - "get": { - "description": "Retrieves the full license report for the specified correlation ID in the authenticated tenant. The license report contains all of the license usage and compliance information with the required correlation data.\n\nThis endpoint requires the `LicenseReport.Read`, `LicenseReport.Read.All`, `LicenseReport.ReadWrite`, or `LicenseReport.ReadWrite.All` scope (permission).", - "operationId": "/Api/LicenseReport/Correlation/:correlationId/Data/Get", - "parameters": [ - { - "$ref": "#/components/parameters/correlationId" - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "examples": [{ - "License Report": { - "description": "Sample, truncated report from an example customer environment.", - "summary": "License Report", - "value": { - "availableLicense": { - "3d282045-ec7f-4813-88e2-29b74ee609f7": 123456, - "5888a922-9f5b-45fd-bd5f-de3283d6a79e": 99999999, - "a4b2e176-d63d-4081-9e21-226e2ac624b9": 5, - "547404d4-8734-415f-a7ca-e9c1ffb95e48": 25, - "d76878d6-1495-4243-a334-a82bb9818cd0": 500 - }, - "correlation": { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db" - }, - "licenseData": { - "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { - "assignedLicense": { - "5888a922-9f5b-45fd-bd5f-de3283d6a79e": null, - "3d282045-ec7f-4813-88e2-29b74ee609f7": null - }, - "assignedService": { - "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, - "d76878d6-1495-4243-a334-a82bb9818cd0": null - }, - "consumedService": { - "e0d101e8-6f1e-40a9-a66f-cad4112c9a59": null, - "c63b7a2d-6573-4c37-9ca8-e12b954d3198": { - "Something Here": true, - "Other Obscure feature": false - } - } - }, - "04e88835-771a-482b-9d6f-ba06c32cbb67": { - "assignedLicense": { - "3d282045-ec7f-4813-88e2-29b74ee609f7": null - }, - "assignedService": { - "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, - "d76878d6-1495-4243-a334-a82bb9818cd0": null - }, - "consumedService": { - "9d3603de-b378-4c4a-adcc-ee133cbef914": null, - "e9a4e3d3-ebe0-405a-a8f4-35a04c4dba1f": { - "Something Here": true, - "Other Obscure feature": false - } - } - } - } - } - } - }], - "schema": { - "$ref": "#/components/schemas/LicenseReport" - } - } + { + "role": "user", + "content": "Can you show me what correlation records I have?" }, - "description": "OK" - }, - "400": { - "$ref": "#/components/responses/400" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - } - }, - "tags": [ - "License Analytics" - ], - "summary": "Retrieve the Specified License Report" - }, - "delete": { - "description": "Deletes the full license report for the specified correlation ID.\n\nThis endpoint requires the `LicenseReport.ReadWrite`, or `LicenseReport.ReadWrite.All` scope (permission).", - "operationId": "/Api/LicenseReport/Correlation/:correlationId/Data/delete", - "parameters": [ - { - "$ref": "#/components/parameters/correlationId" - } - ], - "responses": { - "201": { - "description": "Deleted successfully" - }, - "400": { - "$ref": "#/components/responses/400" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - } - }, - "tags": [ - "License Analytics" - ], - "summary": "Delete the Specified License Report for the currently authenticated tenant." - } - }, - "/Api/LicenseReport/Correlation/{correlationId}/Tenant/{tenantId}/Data": { - "get": { - "description": "Retrieves the full license report for the specified correlation ID and tenant. The license report contains all of the license usage and compliance information with the required correlation data.\n\nThis endpoint requires the `LicenseReport.Read.All`, or `LicenseReport.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI` and `SHI Lab` tenants. End user access is restricted.", - "operationId": "/Api/LicenseReport/Correlation/:correlationId/Tenant/:tenantId/Data/Get", - "parameters": [ - { - "$ref": "#/components/parameters/correlationId" - }, - { - "$ref": "#/components/parameters/tenantId" - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "examples": [{ - "License Report": { - "description": "Sample, truncated report from an example customer environment.", - "summary": "License Report", - "value": { - "availableLicense": { - "3d282045-ec7f-4813-88e2-29b74ee609f7": 123456, - "5888a922-9f5b-45fd-bd5f-de3283d6a79e": 99999999, - "a4b2e176-d63d-4081-9e21-226e2ac624b9": 5, - "547404d4-8734-415f-a7ca-e9c1ffb95e48": 25, - "d76878d6-1495-4243-a334-a82bb9818cd0": 500 - }, - "correlation": { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db" - }, - "licenseData": { - "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { - "assignedLicense": { - "5888a922-9f5b-45fd-bd5f-de3283d6a79e": null, - "3d282045-ec7f-4813-88e2-29b74ee609f7": null - }, - "assignedService": { - "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, - "d76878d6-1495-4243-a334-a82bb9818cd0": null - }, - "consumedService": { - "e0d101e8-6f1e-40a9-a66f-cad4112c9a59": null, - "c63b7a2d-6573-4c37-9ca8-e12b954d3198": { - "Something Here": true, - "Other Obscure feature": false - } - } - }, - "04e88835-771a-482b-9d6f-ba06c32cbb67": { - "assignedLicense": { - "3d282045-ec7f-4813-88e2-29b74ee609f7": null - }, - "assignedService": { - "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, - "d76878d6-1495-4243-a334-a82bb9818cd0": null - }, - "consumedService": { - "9d3603de-b378-4c4a-adcc-ee133cbef914": null, - "e9a4e3d3-ebe0-405a-a8f4-35a04c4dba1f": { - "Something Here": true, - "Other Obscure feature": false - } - } - } - } - } - } - }], - "schema": { - "$ref": "#/components/schemas/LicenseReport" - } + { + "role": "assistant", + "content": "What are the available IDs?", + "tool_calls": [ + { + "id": "call_abc123", + "type": "function", + "function": { + "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", + "name": "getCorrelationIDs" + } } + ] }, - "description": "OK" - }, - "400": { - "$ref": "#/components/responses/400" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" + { + "role": "tool", + "content": "{\"825a9d7e-0b62-4392-b8ef-ab6951a46ebd\":\"2025-07-03T18:39:50.828Z\",\"744c0878-3a82-48a7-b239-a1d4b9298a69\":\"2025-07-07T21:01:20.995Z\"}", + "tool_call_id": "call_abc123" + }, + { + "role": "assistant", + "content": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" + } + ], + "responseText": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" + } + ], + "type": "object", + "properties": { + "messageList": { + "type": "array", + "description": "List of message objects in current conversation", + "items": { + "$ref": "#/components/schemas/Chat.OpenAIChatMessage" + } + }, + "responseText": { + "type": "string", + "description": "Most recent response text" } - }, - "tags": [ - "License Analytics" - ], - "summary": "Retrieve the Specified License Report for Specified Tenant" + }, + "required": ["messageList", "responseText"] + } + } }, - "delete": { - "description": "Deletes the full license report for the specified correlation ID and tenant.\n\nThis endpoint requires the `LicenseReport.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI` and `SHI Lab` tenants. End user access is restricted.", - "operationId": "/Api/LicenseReport/Correlation/:correlationId/Tenant/:tenantId/Data/delete", - "parameters": [ - { - "$ref": "#/components/parameters/correlationId" - }, - { - "$ref": "#/components/parameters/tenantId" - } - ], - "responses": { - "201": { - "description": "Deleted successfully" - }, - "400": { - "$ref": "#/components/responses/400" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - } - }, - "tags": [ - "License Analytics" - ], - "summary": "Delete the Specified License Report for Specified Tenant" - } + "description": "OK" + }, + "400": { + "$ref": "#/components/responses/400" + } }, - "/Api/Chat/LicenseGpt": { - "post": { - "summary": "Inquire License Data from AI Agent", - "description": "Enables a conversation mode with AI agent to request details of the available license reports for the currently authenticated tenant.\n\nThis endpoint requires the `LicenseReport.Read`, `LicenseReport.ReadWrite`, `LicenseReport.Read.All`, or `LicenseReport.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI` and `SHI Lab` tenants. End user access is restricted.", - "operationId": "/Api/Chat/LicenseGpt/Post", - "requestBody": { - "content": { - "application/json": { - "schema": { - "description": "Collection of conversation parts provided by user to be ingested by the agent", - "type": "array", - "items": { - "$ref": "#/components/schemas/Chat.OpenAIChatMessage" - } - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "examples": [{ - "messageList": [ - { - "role": "user", - "content": "Hello" - }, - { - "role": "assistant", - "content": "Hello, how can I assist you today?" - }, - { - "role": "user", - "content": "Can you show me what correlation records I have?" - }, - { - "role": "assistant", - "content": "What are the available IDs?", - "tool_calls": [ - { - "id": "call_abc123", - "type": "function", - "function": { - "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", - "name": "getCorrelationIDs" - } - } - ] - }, - { - "role": "tool", - "content": "{\"825a9d7e-0b62-4392-b8ef-ab6951a46ebd\":\"2025-07-03T18:39:50.828Z\",\"744c0878-3a82-48a7-b239-a1d4b9298a69\":\"2025-07-07T21:01:20.995Z\"}", - "tool_call_id": "call_abc123" - }, - { - "role": "assistant", - "content": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" - } - ], - "responseText": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" - }], - "type": "object", - "properties": { - "messageList": { - "type": "array", - "description": "List of message objects in current conversation", - "items": { - "$ref": "#/components/schemas/Chat.OpenAIChatMessage" - } - }, - "responseText": { - "type": "string", - "description": "Most recent response text" - } - }, - "required": [ - "messageList", - "responseText" - ] - } - } - }, - "description": "OK" - }, - "400": { - "$ref": "#/components/responses/400" - } - }, - "tags": [ - "Chat" - ] + "tags": ["Chat"] + } + }, + "/Api/Chat/LicenseGpt/Tenant/{tenantId}": { + "post": { + "summary": "Inquire License Data from AI Agent", + "description": "Enables a conversation mode with AI agent to request details of the available license reports for the specified tenant.\n\nThis endpoint requires the `LicenseReport.Read.All`, or `LicenseReport.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI` and `SHI Lab` tenants. End user access is restricted.", + "operationId": "/Api/Chat/LicenseGpt/Tenant/:tenantId/Post", + "parameters": [ + { + "$ref": "#/components/parameters/tenantId" + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "description": "Collection of conversation parts provided by user to be ingested by the agent", + "type": "array", + "items": { + "$ref": "#/components/schemas/Chat.OpenAIChatMessage" + } + } } + } }, - "/Api/Chat/LicenseGpt/Tenant/{tenantId}": { - "post": { - "summary": "Inquire License Data from AI Agent", - "description": "Enables a conversation mode with AI agent to request details of the available license reports for the specified tenant.\n\nThis endpoint requires the `LicenseReport.Read.All`, or `LicenseReport.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI` and `SHI Lab` tenants. End user access is restricted.", - "operationId": "/Api/Chat/LicenseGpt/Tenant/:tenantId/Post", - "parameters": [ + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "examples": [ { - "$ref": "#/components/parameters/tenantId" - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "description": "Collection of conversation parts provided by user to be ingested by the agent", - "type": "array", - "items": { - "$ref": "#/components/schemas/Chat.OpenAIChatMessage" - } - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "examples": [{ - "messageList": [ - { - "role": "user", - "content": "Hello" - }, - { - "role": "assistant", - "content": "Hello, how can I assist you today?" - }, - { - "role": "user", - "content": "Can you show me what correlation records I have?" - }, - { - "role": "assistant", - "content": "What are the available IDs?", - "tool_calls": [ - { - "id": "call_abc123", - "type": "function", - "function": { - "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", - "name": "getCorrelationIDs" - } - } - ] - }, - { - "role": "tool", - "content": "{\"825a9d7e-0b62-4392-b8ef-ab6951a46ebd\":\"2025-07-03T18:39:50.828Z\",\"744c0878-3a82-48a7-b239-a1d4b9298a69\":\"2025-07-07T21:01:20.995Z\"}", - "tool_call_id": "call_abc123" - }, - { - "role": "assistant", - "content": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" - } - ], - "responseText": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" - }], - "type": "object", - "properties": { - "messageList": { - "type": "array", - "description": "List of message objects in current conversation", - "items": { - "$ref": "#/components/schemas/Chat.OpenAIChatMessage" - } - }, - "responseText": { - "type": "string", - "description": "Most recent response text" - } - }, - "required": [ - "messageList", - "responseText" - ] - } - } + "messageList": [ + { + "role": "user", + "content": "Hello" }, - "description": "OK" - }, - "400": { - "$ref": "#/components/responses/400" - } - }, - "tags": [ - "Chat" - ] - } - }, - "/Api/Entitlement/Shield": { - "post": { - "description": "Creates a new license entitlement (activation) for SHIELD.\n\nThis endpoint requires the `LicenseEntitlement.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI` and `SHI Lab` tenants. End user access is restricted.", - "operationId": "/Api/Entitlement/Shield/Post", - "requestBody": { - "content": { - "application/json": { - "examples": [{ - "Specialized Purchase": { - "description": "Add-on purchase for the specified customer for some additional specialized licenses.", - "summary": "Specialized Purchase", - "value": { - "enterpriseDeviceCount": 0, - "enterpriseInterfaceCount": 0, - "enterpriseIntermediaryCount": 0, - "enterpriseUserCount": 0, - "notValidAfter": "2024-07-30T18:09:05.970Z", - "notValidBefore": "1970-01-01T00:00:00.000Z", - "privilegedDeviceCount": 0, - "privilegedInterfaceCount": 0, - "privilegedIntermediaryCount": 0, - "privilegedUserCount": 0, - "purchaseId": "ABC123", - "specializedDeviceCount": 50, - "specializedInterfaceCount": 3, - "specializedIntermediaryCount": 1, - "specializedUserCount": 50, - "tenantId": "4b00fb78-d291-4dbd-8c0a-c93ae20bffd1" - } - }, - "Initial Purchase": { - "description": "Complete suite of components purchased for the specified customer.", - "summary": "Initial Purchase", - "value": { - "enterpriseDeviceCount": 7000, - "enterpriseInterfaceCount": 500, - "enterpriseIntermediaryCount": 10, - "enterpriseUserCount": 7000, - "notValidAfter": "2024-07-30T18:12:23.049Z", - "notValidBefore": "1970-01-01T00:00:00.000Z", - "privilegedDeviceCount": 200, - "privilegedInterfaceCount": 50, - "privilegedIntermediaryCount": 3, - "privilegedUserCount": 200, - "purchaseId": "654DEF", - "specializedDeviceCount": 1000, - "specializedInterfaceCount": 11, - "specializedIntermediaryCount": 2, - "specializedUserCount": 1000, - "tenantId": "58ffb93f-5098-4630-bfc4-eeb4664208b4" - } - }, - "Ignorant Entitlement Creation Request": { - "description": "Clueless dev trying to automate this application without reading the docs. RTFM!", - "summary": "Ignorant Entitlement Creation Request", - "value": {} - } - }], - "schema": { - "$ref": "#/components/schemas/LicenseEntitlement.Shield" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json": { - "examples": [{ - "Small MSP": { - "description": "Example license entitlement for a small MSP.", - "summary": "Local MSP", - "value": { - "correlationId": "60594489-6022-4ddb-8aa5-288c8d356cf2", - "enterpriseDeviceCount": 25, - "enterpriseInterfaceCount": 25, - "enterpriseIntermediaryCount": 25, - "enterpriseUserCount": 25, - "notValidAfter": "2024-07-30T17:56:00.704Z", - "notValidBefore": "1970-01-01T00:00:00.000Z", - "privilegedDeviceCount": 10, - "privilegedInterfaceCount": 10, - "privilegedIntermediaryCount": 2, - "privilegedUserCount": 10, - "purchaseId": "Bob's your mother's brother.", - "specializedDeviceCount": 5, - "specializedInterfaceCount": 5, - "specializedIntermediaryCount": 0, - "specializedUserCount": 5, - "tenantId": "1948adeb-797f-466b-962d-cc708a69d08d" - } - }, - "Enterprise": { - "description": "Example license entitlement for an enterprise sized company.", - "summary": "Enterprise", - "value": { - "correlationId": "46569e8d-eeaa-42f4-b954-05a998108eee", - "enterpriseDeviceCount": 50000, - "enterpriseInterfaceCount": 50000, - "enterpriseIntermediaryCount": 100, - "enterpriseUserCount": 50000, - "notValidAfter": "2024-07-30T17:58:54.619Z", - "notValidBefore": "1970-01-01T00:00:00.000Z", - "privilegedDeviceCount": 300, - "privilegedInterfaceCount": 100, - "privilegedIntermediaryCount": 50, - "privilegedUserCount": 300, - "purchaseId": "Bob's your mother's brother.", - "specializedDeviceCount": 1000, - "specializedInterfaceCount": 5, - "specializedIntermediaryCount": 10, - "specializedUserCount": 1000, - "tenantId": "bf78263c-6cec-44bc-9893-024dde25a486" - } - } - }], - "schema": { - "$ref": "#/components/schemas/LicenseEntitlement.Shield" - } - } + { + "role": "assistant", + "content": "Hello, how can I assist you today?" }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - } - }, - "tags": [ - "License Entitlement" - ], - "summary": "Creates a new License Entitlement for SHIELD." - } - }, - "/Api/Entitlement/Shield/Active": { - "get": { - "description": "Retrieves the count of licenses that are available to the authenticated tenant. No scopes (permissions) required.", - "operationId": "/Api/Entitlement/Shield/Active/Get", - "responses": { - "200": { - "content": { - "application/json": { - "examples": [{ - "Small MSP": { - "description": "Example active license count for a small MSP.", - "summary": "Local MSP", - "value": { - "enterpriseDeviceCount": 54, - "enterpriseInterfaceCount": 46, - "enterpriseIntermediaryCount": 2, - "enterpriseUserCount": 54, - "privilegedDeviceCount": 12, - "privilegedInterfaceCount": 52, - "privilegedIntermediaryCount": 4, - "privilegedUserCount": 12, - "specializedDeviceCount": 20, - "specializedInterfaceCount": 15, - "specializedIntermediaryCount": 0, - "specializedUserCount": 20 - } - }, - "No Licenses": { - "description": "Example license count for a company that doesn't have any licenses.", - "summary": "No License", - "value": { - "enterpriseDeviceCount": 0, - "enterpriseInterfaceCount": 0, - "enterpriseIntermediaryCount": 0, - "enterpriseUserCount": 0, - "privilegedDeviceCount": 0, - "privilegedInterfaceCount": 0, - "privilegedIntermediaryCount": 0, - "privilegedUserCount": 0, - "specializedDeviceCount": 0, - "specializedInterfaceCount": 0, - "specializedIntermediaryCount": 0, - "specializedUserCount": 0 - } - }, - "Enterprise": { - "description": "Example active license count for an enterprise sized company.", - "summary": "Enterprise", - "value": { - "enterpriseDeviceCount": 60000, - "enterpriseInterfaceCount": 500, - "enterpriseIntermediaryCount": 20, - "enterpriseUserCount": 60000, - "privilegedDeviceCount": 200, - "privilegedInterfaceCount": 450, - "privilegedIntermediaryCount": 15, - "privilegedUserCount": 200, - "specializedDeviceCount": 1000, - "specializedInterfaceCount": 50, - "specializedIntermediaryCount": 2, - "specializedUserCount": 1000 - } - } - }], - "schema": { - "$ref": "#/components/schemas/LicenseEntitlement.Shield.Count" - } - } + { + "role": "user", + "content": "Can you show me what correlation records I have?" }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - } - }, - "tags": [ - "License Entitlement" - ], - "summary": "List of Available Licenses" - } - }, - "/Api/Entitlement/Shield/Tenant/{tenantId}": { - "get": { - "description": "Retrieves the list of license entitlements that are assigned to the specified tenant.\n\nThis endpoint requires the `LicenseEntitlement.Read.All`, or `LicenseEntitlement.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI` and `SHI Lab` tenants. End user access is restricted.", - "operationId": "/Api/Entitlement/Shield/Tenant/:tenantId/Get", - "parameters": [ - { - "$ref": "#/components/parameters/tenantId" - } - ], - "summary": "List of Entitlement Records for Specified Tenant", - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "type": "array", - "minItems": 0, - "items": { - "$ref": "#/components/schemas/LicenseEntitlement.Shield" - } - } + { + "role": "assistant", + "content": "What are the available IDs?", + "tool_calls": [ + { + "id": "call_abc123", + "type": "function", + "function": { + "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", + "name": "getCorrelationIDs" + } } + ] }, - "description": "OK" - }, - "400": { - "$ref": "#/components/responses/400" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" + { + "role": "tool", + "content": "{\"825a9d7e-0b62-4392-b8ef-ab6951a46ebd\":\"2025-07-03T18:39:50.828Z\",\"744c0878-3a82-48a7-b239-a1d4b9298a69\":\"2025-07-07T21:01:20.995Z\"}", + "tool_call_id": "call_abc123" + }, + { + "role": "assistant", + "content": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" + } + ], + "responseText": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" + } + ], + "type": "object", + "properties": { + "messageList": { + "type": "array", + "description": "List of message objects in current conversation", + "items": { + "$ref": "#/components/schemas/Chat.OpenAIChatMessage" + } + }, + "responseText": { + "type": "string", + "description": "Most recent response text" } - }, - "tags": [ - "License Entitlement" - ] - } + }, + "required": ["messageList", "responseText"] + } + } + }, + "description": "OK" + }, + "400": { + "$ref": "#/components/responses/400" + } }, - "/Api/Entitlement/Shield/Tenant/{tenantId}/Correlation/{correlationId}": { - "delete": { - "description": "Deletes the requested SHIELD license entitlement record.\n\nThis endpoint requires the `LicenseEntitlement.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI` and `SHI Lab` tenants. End user access is restricted.", - "operationId": "/Api/Entitlement/Shield/Tenant/:tenantId/Correlation/:correlationId/Delete", - "parameters": [ - { - "$ref": "#/components/parameters/tenantId" - }, - { - "$ref": "#/components/parameters/correlationId" + "tags": ["Chat"] + } + }, + "/Api/Entitlement/Shield": { + "post": { + "description": "Creates a new license entitlement (activation) for SHIELD.\n\nThis endpoint requires the `LicenseEntitlement.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI` and `SHI Lab` tenants. End user access is restricted.", + "operationId": "/Api/Entitlement/Shield/Post", + "requestBody": { + "content": { + "application/json": { + "examples": [ + { + "Specialized Purchase": { + "description": "Add-on purchase for the specified customer for some additional specialized licenses.", + "summary": "Specialized Purchase", + "value": { + "enterpriseDeviceCount": 0, + "enterpriseInterfaceCount": 0, + "enterpriseIntermediaryCount": 0, + "enterpriseUserCount": 0, + "notValidAfter": "2024-07-30T18:09:05.970Z", + "notValidBefore": "1970-01-01T00:00:00.000Z", + "privilegedDeviceCount": 0, + "privilegedInterfaceCount": 0, + "privilegedIntermediaryCount": 0, + "privilegedUserCount": 0, + "purchaseId": "ABC123", + "specializedDeviceCount": 50, + "specializedInterfaceCount": 3, + "specializedIntermediaryCount": 1, + "specializedUserCount": 50, + "tenantId": "4b00fb78-d291-4dbd-8c0a-c93ae20bffd1" } - ], - "summary": "Delete Specified License Entitlement", - "responses": { - "201": { - "description": "Deleted Successfully" - }, - "400": { - "$ref": "#/components/responses/400" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - }, - "404": { - "$ref": "#/components/responses/404" + }, + "Initial Purchase": { + "description": "Complete suite of components purchased for the specified customer.", + "summary": "Initial Purchase", + "value": { + "enterpriseDeviceCount": 7000, + "enterpriseInterfaceCount": 500, + "enterpriseIntermediaryCount": 10, + "enterpriseUserCount": 7000, + "notValidAfter": "2024-07-30T18:12:23.049Z", + "notValidBefore": "1970-01-01T00:00:00.000Z", + "privilegedDeviceCount": 200, + "privilegedInterfaceCount": 50, + "privilegedIntermediaryCount": 3, + "privilegedUserCount": 200, + "purchaseId": "654DEF", + "specializedDeviceCount": 1000, + "specializedInterfaceCount": 11, + "specializedIntermediaryCount": 2, + "specializedUserCount": 1000, + "tenantId": "58ffb93f-5098-4630-bfc4-eeb4664208b4" } - }, - "tags": [ - "License Entitlement" - ] + }, + "Ignorant Entitlement Creation Request": { + "description": "Clueless dev trying to automate this application without reading the docs. RTFM!", + "summary": "Ignorant Entitlement Creation Request", + "value": {} + } + } + ], + "schema": { + "$ref": "#/components/schemas/LicenseEntitlement.Shield" + } } + } }, - "/Api/Telemetry/Shield": { - "post": { - "description": "Submits the telemetry report for SHIELD.\n\nThis endpoint requires the `Telemetry.Shield.ReadWrite`, or `Telemetry.Shield.ReadWrite.All` scope (permission).", - "operationId": "/Api/Telemetry/Shield/Post", - "requestBody": { - "content": { - "application/json": { - "examples": [{ - "Monthly Report": { - "description": "Example monthly telemetry report for an enterprise organization.", - "summary": "Monthly Report", - "value": { - "enterpriseDeviceCount": 64221, - "enterpriseInterfaceCount": 523, - "enterpriseIntermediaryCount": 44, - "enterpriseUserCount": 642219, - "monthlyActiveEntUsers": 0, - "monthlyActivePrivUsers": 0, - "monthlyActiveSpecUsers": 0, - "privilegedDeviceCount": 50, - "privilegedInterfaceCount": 2000, - "privilegedIntermediaryCount": 25, - "privilegedUserCount": 50, - "shieldArchitectureVersion": "2", - "shieldCoreVersion": "3.0.0", - "specializedDeviceCount": 0, - "specializedInterfaceCount": 612, - "specializedIntermediaryCount": 2, - "specializedUserCount": 5238 - } - } - }], - "schema": { - "$ref": "#/components/schemas/Telemetry.Shield" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json": { - "examples": [{ - "Monthly Report": { - "description": "Example monthly telemetry report for an enterprise organization.", - "summary": "Monthly Report", - "value": { - "correlationId": "6fe3cd30-931c-439a-b759-1e7f3a73622e", - "enterpriseDeviceCount": 64221, - "enterpriseInterfaceCount": 523, - "enterpriseIntermediaryCount": 44, - "enterpriseUserCount": 642219, - "monthlyActiveEntUsers": 0, - "monthlyActivePrivUsers": 0, - "monthlyActiveSpecUsers": 0, - "privilegedDeviceCount": 50, - "privilegedInterfaceCount": 2000, - "privilegedIntermediaryCount": 25, - "privilegedUserCount": 50, - "shieldArchitectureVersion": "2", - "shieldCoreVersion": "3.0.0", - "specializedDeviceCount": 0, - "specializedInterfaceCount": 612, - "specializedIntermediaryCount": 2, - "specializedUserCount": 5238, - "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", - "createdAt": "2024-08-05T15:25:55.525Z", - "updatedAt": "2024-08-05T15:25:55.525Z" - } - } - }], - "schema": { - "$ref": "#/components/schemas/Telemetry.Shield" - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" + "responses": { + "200": { + "content": { + "application/json": { + "examples": [ + { + "Small MSP": { + "description": "Example license entitlement for a small MSP.", + "summary": "Local MSP", + "value": { + "correlationId": "60594489-6022-4ddb-8aa5-288c8d356cf2", + "enterpriseDeviceCount": 25, + "enterpriseInterfaceCount": 25, + "enterpriseIntermediaryCount": 25, + "enterpriseUserCount": 25, + "notValidAfter": "2024-07-30T17:56:00.704Z", + "notValidBefore": "1970-01-01T00:00:00.000Z", + "privilegedDeviceCount": 10, + "privilegedInterfaceCount": 10, + "privilegedIntermediaryCount": 2, + "privilegedUserCount": 10, + "purchaseId": "Bob's your mother's brother.", + "specializedDeviceCount": 5, + "specializedInterfaceCount": 5, + "specializedIntermediaryCount": 0, + "specializedUserCount": 5, + "tenantId": "1948adeb-797f-466b-962d-cc708a69d08d" + } + }, + "Enterprise": { + "description": "Example license entitlement for an enterprise sized company.", + "summary": "Enterprise", + "value": { + "correlationId": "46569e8d-eeaa-42f4-b954-05a998108eee", + "enterpriseDeviceCount": 50000, + "enterpriseInterfaceCount": 50000, + "enterpriseIntermediaryCount": 100, + "enterpriseUserCount": 50000, + "notValidAfter": "2024-07-30T17:58:54.619Z", + "notValidBefore": "1970-01-01T00:00:00.000Z", + "privilegedDeviceCount": 300, + "privilegedInterfaceCount": 100, + "privilegedIntermediaryCount": 50, + "privilegedUserCount": 300, + "purchaseId": "Bob's your mother's brother.", + "specializedDeviceCount": 1000, + "specializedInterfaceCount": 5, + "specializedIntermediaryCount": 10, + "specializedUserCount": 1000, + "tenantId": "bf78263c-6cec-44bc-9893-024dde25a486" + } } - }, - "tags": [ - "Telemetry" + } ], - "summary": "Collects SHIELD Telemetry" + "schema": { + "$ref": "#/components/schemas/LicenseEntitlement.Shield" + } + } }, - "get": { - "description": "Retrieves the telemetry records that have been reported for the authenticated tenant. Data is not guaranteed to be retrieved in any specific order.\n\nThis endpoint requires the `Telemetry.Shield.Read`, `Telemetry.Shield.Read.All`, `Telemetry.Shield.ReadWrite`, or `Telemetry.Shield.ReadWrite.All` scope (permission).", - "operationId": "/Api/Telemetry/Shield/Get", - "responses": { - "200": { - "content": { - "application/json": { - "examples": [{ - "List of Reports": { - "description": "List of all available telemetry reports for the authenticated tenant.", - "summary": "List of Reports", - "value": [ - { - "correlationId": "6fe3cd30-931c-439a-b759-1e7f3a73622e", - "enterpriseDeviceCount": 64221, - "enterpriseInterfaceCount": 523, - "enterpriseIntermediaryCount": 44, - "enterpriseUserCount": 642219, - "monthlyActiveEntUsers": 0, - "monthlyActivePrivUsers": 0, - "monthlyActiveSpecUsers": 0, - "privilegedDeviceCount": 50, - "privilegedInterfaceCount": 2000, - "privilegedIntermediaryCount": 25, - "privilegedUserCount": 50, - "shieldArchitectureVersion": "2", - "shieldCoreVersion": "3.0.0", - "specializedDeviceCount": 0, - "specializedInterfaceCount": 612, - "specializedIntermediaryCount": 2, - "specializedUserCount": 5238, - "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", - "createdAt": "2024-08-05T15:25:55.525Z", - "updatedAt": "2024-08-05T15:25:55.525Z" - }, - { - "correlationId": "a57d03c6-8218-4738-b860-ac158e257e27", - "enterpriseDeviceCount": 63221, - "enterpriseInterfaceCount": 523, - "enterpriseIntermediaryCount": 44, - "enterpriseUserCount": 632219, - "monthlyActiveEntUsers": 0, - "monthlyActivePrivUsers": 0, - "monthlyActiveSpecUsers": 0, - "privilegedDeviceCount": 50, - "privilegedInterfaceCount": 2000, - "privilegedIntermediaryCount": 25, - "privilegedUserCount": 50, - "shieldArchitectureVersion": "2", - "shieldCoreVersion": "3.0.0", - "specializedDeviceCount": 0, - "specializedInterfaceCount": 612, - "specializedIntermediaryCount": 2, - "specializedUserCount": 5238, - "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", - "createdAt": "2024-07-05T15:25:55.525Z", - "updatedAt": "2024-07-05T15:25:55.525Z" - } - ] - } - }], - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Telemetry.Shield" - }, - "minItems": 0 - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - } - }, - "summary": "Lists Reported Telemetry", - "tags": [ - "Telemetry" - ] - } + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + } }, - "/Api/Telemetry/Shield/Tenant/{tenantId}": { - "get": { - "description": "Retrieves the telemetry records that have been reported for the specified tenant. Data is not guaranteed to be retrieved in any specific order.\n\nThis endpoint requires the `Telemetry.Shield.Read.All`, or `Telemetry.Shield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI` and `SHI Lab` tenants. End user access is restricted.", - "operationId": "/Api/Telemetry/Shield/Tenant/:tenantId/Get", - "parameters": [ - { - "$ref": "#/components/parameters/tenantId" + "tags": ["License Entitlement"], + "summary": "Creates a new License Entitlement for SHIELD." + } + }, + "/Api/Entitlement/Shield/Active": { + "get": { + "description": "Retrieves the count of licenses that are available to the authenticated tenant. No scopes (permissions) required.", + "operationId": "/Api/Entitlement/Shield/Active/Get", + "responses": { + "200": { + "content": { + "application/json": { + "examples": [ + { + "Small MSP": { + "description": "Example active license count for a small MSP.", + "summary": "Local MSP", + "value": { + "enterpriseDeviceCount": 54, + "enterpriseInterfaceCount": 46, + "enterpriseIntermediaryCount": 2, + "enterpriseUserCount": 54, + "privilegedDeviceCount": 12, + "privilegedInterfaceCount": 52, + "privilegedIntermediaryCount": 4, + "privilegedUserCount": 12, + "specializedDeviceCount": 20, + "specializedInterfaceCount": 15, + "specializedIntermediaryCount": 0, + "specializedUserCount": 20 + } + }, + "No Licenses": { + "description": "Example license count for a company that doesn't have any licenses.", + "summary": "No License", + "value": { + "enterpriseDeviceCount": 0, + "enterpriseInterfaceCount": 0, + "enterpriseIntermediaryCount": 0, + "enterpriseUserCount": 0, + "privilegedDeviceCount": 0, + "privilegedInterfaceCount": 0, + "privilegedIntermediaryCount": 0, + "privilegedUserCount": 0, + "specializedDeviceCount": 0, + "specializedInterfaceCount": 0, + "specializedIntermediaryCount": 0, + "specializedUserCount": 0 + } + }, + "Enterprise": { + "description": "Example active license count for an enterprise sized company.", + "summary": "Enterprise", + "value": { + "enterpriseDeviceCount": 60000, + "enterpriseInterfaceCount": 500, + "enterpriseIntermediaryCount": 20, + "enterpriseUserCount": 60000, + "privilegedDeviceCount": 200, + "privilegedInterfaceCount": 450, + "privilegedIntermediaryCount": 15, + "privilegedUserCount": 200, + "specializedDeviceCount": 1000, + "specializedInterfaceCount": 50, + "specializedIntermediaryCount": 2, + "specializedUserCount": 1000 + } } + } ], - "responses": { - "200": { - "content": { - "application/json": { - "examples": [{ - "List of Reports": { - "description": "List of all available telemetry reports for the authenticated tenant.", - "summary": "List of Reports", - "value": [ - { - "correlationId": "6fe3cd30-931c-439a-b759-1e7f3a73622e", - "enterpriseDeviceCount": 64221, - "enterpriseInterfaceCount": 523, - "enterpriseIntermediaryCount": 44, - "enterpriseUserCount": 642219, - "monthlyActiveEntUsers": 0, - "monthlyActivePrivUsers": 0, - "monthlyActiveSpecUsers": 0, - "privilegedDeviceCount": 50, - "privilegedInterfaceCount": 2000, - "privilegedIntermediaryCount": 25, - "privilegedUserCount": 50, - "shieldArchitectureVersion": "2", - "shieldCoreVersion": "3.0.0", - "specializedDeviceCount": 0, - "specializedInterfaceCount": 612, - "specializedIntermediaryCount": 2, - "specializedUserCount": 5238, - "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", - "createdAt": "2024-08-05T15:25:55.525Z", - "updatedAt": "2024-08-05T15:25:55.525Z" - }, - { - "correlationId": "a57d03c6-8218-4738-b860-ac158e257e27", - "enterpriseDeviceCount": 63221, - "enterpriseInterfaceCount": 523, - "enterpriseIntermediaryCount": 44, - "enterpriseUserCount": 632219, - "monthlyActiveEntUsers": 0, - "monthlyActivePrivUsers": 0, - "monthlyActiveSpecUsers": 0, - "privilegedDeviceCount": 50, - "privilegedInterfaceCount": 2000, - "privilegedIntermediaryCount": 25, - "privilegedUserCount": 50, - "shieldArchitectureVersion": "2", - "shieldCoreVersion": "3.0.0", - "specializedDeviceCount": 0, - "specializedInterfaceCount": 612, - "specializedIntermediaryCount": 2, - "specializedUserCount": 5238, - "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", - "createdAt": "2024-07-05T15:25:55.525Z", - "updatedAt": "2024-07-05T15:25:55.525Z" - } - ] - } - }], - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Telemetry.Shield" - }, - "minItems": 0 - } - } - }, - "description": "OK" - }, - "400": { - "$ref": "#/components/responses/400" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - }, - "404": { - "$ref": "#/components/responses/404" - } - }, - "summary": "Retrieves Telemetry for Specified Tenant", - "tags": [ - "Telemetry" - ] - } + "schema": { + "$ref": "#/components/schemas/LicenseEntitlement.Shield.Count" + } + } + }, + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + } }, - "/Api/Telemetry/Shield/Tenant/{tenantId}/Correlation/{correlationId}": { - "delete": { - "description": "Deletes the specified telemetry record for the specified tenant.\n\nThis endpoint requires the `Telemetry.Shield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI` and `SHI Lab` tenants. End user access is restricted.", - "operationId": "/Api/Telemetry/Shield/Tenant/:tenantId/Correlation/:correlationId/Delete", - "parameters": [ - { - "$ref": "#/components/parameters/tenantId" - }, - { - "$ref": "#/components/parameters/correlationId" - } - ], - "responses": { - "201": { - "description": "Deleted Successfully" - }, - "400": { - "$ref": "#/components/responses/400" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - }, - "404": { - "$ref": "#/components/responses/404" - } - }, - "summary": "Delete Specified Telemetry Record", - "tags": [ - "Telemetry" - ] - } + "tags": ["License Entitlement"], + "summary": "List of Available Licenses" + } + }, + "/Api/Entitlement/Shield/Tenant/{tenantId}": { + "get": { + "description": "Retrieves the list of license entitlements that are assigned to the specified tenant.\n\nThis endpoint requires the `LicenseEntitlement.Read.All`, or `LicenseEntitlement.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI` and `SHI Lab` tenants. End user access is restricted.", + "operationId": "/Api/Entitlement/Shield/Tenant/:tenantId/Get", + "parameters": [ + { + "$ref": "#/components/parameters/tenantId" + } + ], + "summary": "List of Entitlement Records for Specified Tenant", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "type": "array", + "minItems": 0, + "items": { + "$ref": "#/components/schemas/LicenseEntitlement.Shield" + } + } + } + }, + "description": "OK" + }, + "400": { + "$ref": "#/components/responses/400" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + } }, - "/Api/Update/Shield/Channel": { - "get": { - "description": "Retrieves all of the channel configurations that are present in the update service.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", - "operationId": "/Api/Update/Shield/Channel/Get", - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Update.Shield.Channel" - } - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - }, - "500": { - "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + "tags": ["License Entitlement"] + } + }, + "/Api/Entitlement/Shield/Tenant/{tenantId}/Correlation/{correlationId}": { + "delete": { + "description": "Deletes the requested SHIELD license entitlement record.\n\nThis endpoint requires the `LicenseEntitlement.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI` and `SHI Lab` tenants. End user access is restricted.", + "operationId": "/Api/Entitlement/Shield/Tenant/:tenantId/Correlation/:correlationId/Delete", + "parameters": [ + { + "$ref": "#/components/parameters/tenantId" + }, + { + "$ref": "#/components/parameters/correlationId" + } + ], + "summary": "Delete Specified License Entitlement", + "responses": { + "201": { + "description": "Deleted Successfully" + }, + "400": { + "$ref": "#/components/responses/400" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + }, + "404": { + "$ref": "#/components/responses/404" + } + }, + "tags": ["License Entitlement"] + } + }, + "/Api/Telemetry/Shield": { + "post": { + "description": "Submits the telemetry report for SHIELD.\n\nThis endpoint requires the `Telemetry.Shield.ReadWrite`, or `Telemetry.Shield.ReadWrite.All` scope (permission).", + "operationId": "/Api/Telemetry/Shield/Post", + "requestBody": { + "content": { + "application/json": { + "examples": [ + { + "Monthly Report": { + "description": "Example monthly telemetry report for an enterprise organization.", + "summary": "Monthly Report", + "value": { + "enterpriseDeviceCount": 64221, + "enterpriseInterfaceCount": 523, + "enterpriseIntermediaryCount": 44, + "enterpriseUserCount": 642219, + "monthlyActiveEntUsers": 0, + "monthlyActivePrivUsers": 0, + "monthlyActiveSpecUsers": 0, + "privilegedDeviceCount": 50, + "privilegedInterfaceCount": 2000, + "privilegedIntermediaryCount": 25, + "privilegedUserCount": 50, + "shieldArchitectureVersion": "2", + "shieldCoreVersion": "3.0.0", + "specializedDeviceCount": 0, + "specializedInterfaceCount": 612, + "specializedIntermediaryCount": 2, + "specializedUserCount": 5238 } - }, - "summary": "Retrieves All Channel Configurations", - "tags": [ - "SHIELD - Update" - ] + } + } + ], + "schema": { + "$ref": "#/components/schemas/Telemetry.Shield" + } } + } }, - "/Api/Update/Shield/Channel/{channelName}": { - "get": { - "description": "Retrieves configuration for the specific channel from the update service.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", - "operationId": "/Api/Update/Shield/Channel/:channelName/Get", - "parameters": [ - { - "$ref": "#/components/parameters/channelName" + "responses": { + "200": { + "content": { + "application/json": { + "examples": [ + { + "Monthly Report": { + "description": "Example monthly telemetry report for an enterprise organization.", + "summary": "Monthly Report", + "value": { + "correlationId": "6fe3cd30-931c-439a-b759-1e7f3a73622e", + "enterpriseDeviceCount": 64221, + "enterpriseInterfaceCount": 523, + "enterpriseIntermediaryCount": 44, + "enterpriseUserCount": 642219, + "monthlyActiveEntUsers": 0, + "monthlyActivePrivUsers": 0, + "monthlyActiveSpecUsers": 0, + "privilegedDeviceCount": 50, + "privilegedInterfaceCount": 2000, + "privilegedIntermediaryCount": 25, + "privilegedUserCount": 50, + "shieldArchitectureVersion": "2", + "shieldCoreVersion": "3.0.0", + "specializedDeviceCount": 0, + "specializedInterfaceCount": 612, + "specializedIntermediaryCount": 2, + "specializedUserCount": 5238, + "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", + "createdAt": "2024-08-05T15:25:55.525Z", + "updatedAt": "2024-08-05T15:25:55.525Z" + } } + } ], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Update.Shield.Channel" - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - }, - "500": { - "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." - } - }, - "summary": "Retrieves Specific Channel Configuration", - "tags": [ - "SHIELD - Update" - ] + "schema": { + "$ref": "#/components/schemas/Telemetry.Shield" + } + } }, - "patch": { - "description": "Updates (or adds when missing) the specified channel configuration.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", - "operationId": "/Api/Update/Shield/Channel/:channelName/Patch", - "parameters": [ - { - "$ref": "#/components/parameters/channelName" - } - ], - "requestBody": { - "content": { - "application/json": { - "examples": [{ - "Channel Configuration Details": { - "description": "Example channel configuration object.", - "summary": "Channel Configuration", - "value": { - "latest": "1.12.5", - "previous": "1.12.4" - } - } - }], - "schema": { - "type": "object", - "properties": { - "latest": { - "description": "Flag that indicates if the ring should be operating off of the latest version number provided by the channel (`true`) or the previous (`false`).", - "examples": ["true"], - "type": "boolean" - }, - "number": { - "description": "Ring number that this configuration belongs to.", - "examples": [1], - "type": "integer", - "minimum": 0 - } - } - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json": { - "examples": [{ - "Channel Configuration Details": { - "description": "Example object returned on creation or update.", - "summary": "Channel Configuration", - "value": { - "latest": "1.12.5", - "name": "stable", - "previous": "1.12.4" - } - } - }], - "schema": { - "$ref": "#/components/schemas/Update.Shield.Channel" - } - } + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + } + }, + "tags": ["Telemetry"], + "summary": "Collects SHIELD Telemetry" + }, + "get": { + "description": "Retrieves the telemetry records that have been reported for the authenticated tenant. Data is not guaranteed to be retrieved in any specific order.\n\nThis endpoint requires the `Telemetry.Shield.Read`, `Telemetry.Shield.Read.All`, `Telemetry.Shield.ReadWrite`, or `Telemetry.Shield.ReadWrite.All` scope (permission).", + "operationId": "/Api/Telemetry/Shield/Get", + "responses": { + "200": { + "content": { + "application/json": { + "examples": [ + { + "List of Reports": { + "description": "List of all available telemetry reports for the authenticated tenant.", + "summary": "List of Reports", + "value": [ + { + "correlationId": "6fe3cd30-931c-439a-b759-1e7f3a73622e", + "enterpriseDeviceCount": 64221, + "enterpriseInterfaceCount": 523, + "enterpriseIntermediaryCount": 44, + "enterpriseUserCount": 642219, + "monthlyActiveEntUsers": 0, + "monthlyActivePrivUsers": 0, + "monthlyActiveSpecUsers": 0, + "privilegedDeviceCount": 50, + "privilegedInterfaceCount": 2000, + "privilegedIntermediaryCount": 25, + "privilegedUserCount": 50, + "shieldArchitectureVersion": "2", + "shieldCoreVersion": "3.0.0", + "specializedDeviceCount": 0, + "specializedInterfaceCount": 612, + "specializedIntermediaryCount": 2, + "specializedUserCount": 5238, + "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", + "createdAt": "2024-08-05T15:25:55.525Z", + "updatedAt": "2024-08-05T15:25:55.525Z" }, - "description": "OK" - }, - "400": { - "$ref": "#/components/responses/400" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - }, - "500": { - "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." - } - }, - "summary": "Upserts Channel Configuration", - "tags": [ - "SHIELD - Update" - ] - }, - "delete": { - "description": "Deletes the specified channel configuration and associated rings.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", - "operationId": "/Api/Update/Shield/Channel/:channelName/Delete", - "parameters": [ - { - "$ref": "#/components/parameters/channelName" + { + "correlationId": "a57d03c6-8218-4738-b860-ac158e257e27", + "enterpriseDeviceCount": 63221, + "enterpriseInterfaceCount": 523, + "enterpriseIntermediaryCount": 44, + "enterpriseUserCount": 632219, + "monthlyActiveEntUsers": 0, + "monthlyActivePrivUsers": 0, + "monthlyActiveSpecUsers": 0, + "privilegedDeviceCount": 50, + "privilegedInterfaceCount": 2000, + "privilegedIntermediaryCount": 25, + "privilegedUserCount": 50, + "shieldArchitectureVersion": "2", + "shieldCoreVersion": "3.0.0", + "specializedDeviceCount": 0, + "specializedInterfaceCount": 612, + "specializedIntermediaryCount": 2, + "specializedUserCount": 5238, + "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", + "createdAt": "2024-07-05T15:25:55.525Z", + "updatedAt": "2024-07-05T15:25:55.525Z" + } + ] } + } ], - "responses": { - "204": { - "description": "Deleted Successfully" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - }, - "500": { - "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." - } - }, - "summary": "Deletes the Specified Channel", - "tags": [ - "SHIELD - Update" - ] - } + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Telemetry.Shield" + }, + "minItems": 0 + } + } + }, + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + } }, - "/Api/Update/Shield/Channel/{channelName}/Ring": { - "get": { - "description": "Retrieves all of the ring configurations for a channel that are present in the update service.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", - "operationId": "/Api/Update/Shield/Channel/:channelName/Ring/Get", - "parameters": [ - { - "$ref": "#/components/parameters/channelName" - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Update.Shield.Channel.Ring" - } - } - } + "summary": "Lists Reported Telemetry", + "tags": ["Telemetry"] + } + }, + "/Api/Telemetry/Shield/Tenant/{tenantId}": { + "get": { + "description": "Retrieves the telemetry records that have been reported for the specified tenant. Data is not guaranteed to be retrieved in any specific order.\n\nThis endpoint requires the `Telemetry.Shield.Read.All`, or `Telemetry.Shield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI` and `SHI Lab` tenants. End user access is restricted.", + "operationId": "/Api/Telemetry/Shield/Tenant/:tenantId/Get", + "parameters": [ + { + "$ref": "#/components/parameters/tenantId" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "examples": [ + { + "List of Reports": { + "description": "List of all available telemetry reports for the authenticated tenant.", + "summary": "List of Reports", + "value": [ + { + "correlationId": "6fe3cd30-931c-439a-b759-1e7f3a73622e", + "enterpriseDeviceCount": 64221, + "enterpriseInterfaceCount": 523, + "enterpriseIntermediaryCount": 44, + "enterpriseUserCount": 642219, + "monthlyActiveEntUsers": 0, + "monthlyActivePrivUsers": 0, + "monthlyActiveSpecUsers": 0, + "privilegedDeviceCount": 50, + "privilegedInterfaceCount": 2000, + "privilegedIntermediaryCount": 25, + "privilegedUserCount": 50, + "shieldArchitectureVersion": "2", + "shieldCoreVersion": "3.0.0", + "specializedDeviceCount": 0, + "specializedInterfaceCount": 612, + "specializedIntermediaryCount": 2, + "specializedUserCount": 5238, + "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", + "createdAt": "2024-08-05T15:25:55.525Z", + "updatedAt": "2024-08-05T15:25:55.525Z" }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - }, - "500": { - "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." - } - }, - "summary": "Retrieves All Ring Configurations", - "tags": [ - "SHIELD - Update" - ] - } - }, - "/Api/Update/Shield/Channel/{channelName}/Ring/{number}": { - "get": { - "description": "Retrieves configuration for the specific channel ring from the update service.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", - "operationId": "/Api/Update/Shield/Channel/:channelName/Ring/:number/Get", - "parameters": [ - { - "$ref": "#/components/parameters/channelName" - }, - { - "$ref": "#/components/parameters/channelRing" + { + "correlationId": "a57d03c6-8218-4738-b860-ac158e257e27", + "enterpriseDeviceCount": 63221, + "enterpriseInterfaceCount": 523, + "enterpriseIntermediaryCount": 44, + "enterpriseUserCount": 632219, + "monthlyActiveEntUsers": 0, + "monthlyActivePrivUsers": 0, + "monthlyActiveSpecUsers": 0, + "privilegedDeviceCount": 50, + "privilegedInterfaceCount": 2000, + "privilegedIntermediaryCount": 25, + "privilegedUserCount": 50, + "shieldArchitectureVersion": "2", + "shieldCoreVersion": "3.0.0", + "specializedDeviceCount": 0, + "specializedInterfaceCount": 612, + "specializedIntermediaryCount": 2, + "specializedUserCount": 5238, + "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", + "createdAt": "2024-07-05T15:25:55.525Z", + "updatedAt": "2024-07-05T15:25:55.525Z" + } + ] } + } ], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Update.Shield.Channel.Ring" - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - }, - "500": { - "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." - } - }, - "summary": "Retrieves Specific Channel Ring Configuration", - "tags": [ - "SHIELD - Update" - ] + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Telemetry.Shield" + }, + "minItems": 0 + } + } }, - "patch": { - "description": "Updates (or adds when missing) channel ring configuration.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", - "operationId": "/Api/Update/Shield/Channel/:channelName/Ring/:number/Patch", - "parameters": [ - { - "$ref": "#/components/parameters/channelName" - }, - { - "$ref": "#/components/parameters/channelRing" - } - ], - "requestBody": { - "content": { - "application/json": { - "examples": [{ - "Channel Ring Configuration Details": { - "description": "Example channel ring configuration object.", - "summary": "Channel Ring Configuration", - "value": { - "latest": true - } - } - }], - "schema": { - "type": "object", - "properties": { - "latest": { - "description": "Flag that indicates if the ring should be operating off of the latest version number provided by the channel (`true`) or the previous (`false`).", - "examples": [true], - "type": "boolean" - } - } - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json": { - "examples": [{ - "Channel Ring Configuration Details": { - "description": "Example object returned on creation or update.", - "summary": "Channel Ring Configuration", - "value": { - "latest": true, - "number": 1 - } - } - }], - "schema": { - "$ref": "#/components/schemas/Update.Shield.Channel.Ring" - } - } - }, - "description": "OK" - }, - "400": { - "$ref": "#/components/responses/400" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - }, - "500": { - "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." - } - }, - "summary": "Modifies Specific Channel Ring Configuration", - "tags": [ - "SHIELD - Update" - ] + "description": "OK" + }, + "400": { + "$ref": "#/components/responses/400" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + }, + "404": { + "$ref": "#/components/responses/404" + } + }, + "summary": "Retrieves Telemetry for Specified Tenant", + "tags": ["Telemetry"] + } + }, + "/Api/Telemetry/Shield/Tenant/{tenantId}/Correlation/{correlationId}": { + "delete": { + "description": "Deletes the specified telemetry record for the specified tenant.\n\nThis endpoint requires the `Telemetry.Shield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI` and `SHI Lab` tenants. End user access is restricted.", + "operationId": "/Api/Telemetry/Shield/Tenant/:tenantId/Correlation/:correlationId/Delete", + "parameters": [ + { + "$ref": "#/components/parameters/tenantId" + }, + { + "$ref": "#/components/parameters/correlationId" + } + ], + "responses": { + "201": { + "description": "Deleted Successfully" + }, + "400": { + "$ref": "#/components/responses/400" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + }, + "404": { + "$ref": "#/components/responses/404" + } + }, + "summary": "Delete Specified Telemetry Record", + "tags": ["Telemetry"] + } + }, + "/Api/Update/Shield/Channel": { + "get": { + "description": "Retrieves all of the channel configurations that are present in the update service.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", + "operationId": "/Api/Update/Shield/Channel/Get", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Update.Shield.Channel" + } + } + } }, - "delete": { - "description": "Deletes configuration of the specific channel ring.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", - "operationId": "/Api/Update/Shield/Channel/:channelName/Ring/:number/Delete", - "parameters": [ - { - "$ref": "#/components/parameters/channelName" - }, - { - "$ref": "#/components/parameters/channelRing" - } - ], - "responses": { - "204": { - "description": "Deleted Successfully" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - }, - "500": { - "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + }, + "500": { + "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + } + }, + "summary": "Retrieves All Channel Configurations", + "tags": ["SHIELD - Update"] + } + }, + "/Api/Update/Shield/Channel/{channelName}": { + "get": { + "description": "Retrieves configuration for the specific channel from the update service.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", + "operationId": "/Api/Update/Shield/Channel/:channelName/Get", + "parameters": [ + { + "$ref": "#/components/parameters/channelName" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Update.Shield.Channel" + } + } + }, + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + }, + "500": { + "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + } + }, + "summary": "Retrieves Specific Channel Configuration", + "tags": ["SHIELD - Update"] + }, + "patch": { + "description": "Updates (or adds when missing) the specified channel configuration.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", + "operationId": "/Api/Update/Shield/Channel/:channelName/Patch", + "parameters": [ + { + "$ref": "#/components/parameters/channelName" + } + ], + "requestBody": { + "content": { + "application/json": { + "examples": [ + { + "Channel Configuration Details": { + "description": "Example channel configuration object.", + "summary": "Channel Configuration", + "value": { + "latest": "1.12.5", + "previous": "1.12.4" } - }, - "summary": "Deletes Specific Channel Ring Configuration", - "tags": [ - "SHIELD - Update" - ] + } + } + ], + "schema": { + "type": "object", + "properties": { + "latest": { + "description": "Flag that indicates if the ring should be operating off of the latest version number provided by the channel (`true`) or the previous (`false`).", + "examples": ["true"], + "type": "boolean" + }, + "number": { + "description": "Ring number that this configuration belongs to.", + "examples": [1], + "type": "integer", + "minimum": 0 + } + } + } } + } }, - "/Api/Update/Shield/Channel/{channelName}/Version/{version}": { - "post": { - "description": "Uploads new version of the update package for SHIELD in a specific channel.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", - "operationId": "/Api/Update/Shield/Channel/:channelName/Version/:version/Post", - "parameters": [ - { - "$ref": "#/components/parameters/channelName" - }, - { - "$ref": "#/components/parameters/version" + "responses": { + "200": { + "content": { + "application/json": { + "examples": [ + { + "Channel Configuration Details": { + "description": "Example object returned on creation or update.", + "summary": "Channel Configuration", + "value": { + "latest": "1.12.5", + "name": "stable", + "previous": "1.12.4" + } } + } ], - "requestBody": { - "content": { - "application/octet-stream": { - "schema": { - "type": "string", - "format": "binary" - } - } - } - }, - "responses": { - "204": { - "description": "OK" - }, - "400": { - "$ref": "#/components/responses/400" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - }, - "500": { - "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." - } - }, - "summary": "Uploads New Application Package", - "tags": [ - "SHIELD - Update" - ] - } + "schema": { + "$ref": "#/components/schemas/Update.Shield.Channel" + } + } + }, + "description": "OK" + }, + "400": { + "$ref": "#/components/responses/400" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + }, + "500": { + "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + } }, - "/Api/Update/Shield/Check": { - "get": { - "description": "Retrieves the latest available version of the package for the running application. Version depends on the channel associated with the current tenant, or channel mentioned in the request, or default channel value. Applicable channel would be calculated on the server for each request.", - "operationId": "/Api/Update/Shield/Check/Get", - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Update.Shield.Check" - } - } - }, - "description": "OK" - }, - "500": { - "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + "summary": "Upserts Channel Configuration", + "tags": ["SHIELD - Update"] + }, + "delete": { + "description": "Deletes the specified channel configuration and associated rings.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", + "operationId": "/Api/Update/Shield/Channel/:channelName/Delete", + "parameters": [ + { + "$ref": "#/components/parameters/channelName" + } + ], + "responses": { + "204": { + "description": "Deleted Successfully" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + }, + "500": { + "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + } + }, + "summary": "Deletes the Specified Channel", + "tags": ["SHIELD - Update"] + } + }, + "/Api/Update/Shield/Channel/{channelName}/Ring": { + "get": { + "description": "Retrieves all of the ring configurations for a channel that are present in the update service.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", + "operationId": "/Api/Update/Shield/Channel/:channelName/Ring/Get", + "parameters": [ + { + "$ref": "#/components/parameters/channelName" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Update.Shield.Channel.Ring" + } + } + } + }, + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + }, + "500": { + "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + } + }, + "summary": "Retrieves All Ring Configurations", + "tags": ["SHIELD - Update"] + } + }, + "/Api/Update/Shield/Channel/{channelName}/Ring/{number}": { + "get": { + "description": "Retrieves configuration for the specific channel ring from the update service.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", + "operationId": "/Api/Update/Shield/Channel/:channelName/Ring/:number/Get", + "parameters": [ + { + "$ref": "#/components/parameters/channelName" + }, + { + "$ref": "#/components/parameters/channelRing" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Update.Shield.Channel.Ring" + } + } + }, + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + }, + "500": { + "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + } + }, + "summary": "Retrieves Specific Channel Ring Configuration", + "tags": ["SHIELD - Update"] + }, + "patch": { + "description": "Updates (or adds when missing) channel ring configuration.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", + "operationId": "/Api/Update/Shield/Channel/:channelName/Ring/:number/Patch", + "parameters": [ + { + "$ref": "#/components/parameters/channelName" + }, + { + "$ref": "#/components/parameters/channelRing" + } + ], + "requestBody": { + "content": { + "application/json": { + "examples": [ + { + "Channel Ring Configuration Details": { + "description": "Example channel ring configuration object.", + "summary": "Channel Ring Configuration", + "value": { + "latest": true } - }, - "summary": "Retrieves Latest Application Version Number", - "tags": [ - "SHIELD - Update" - ] + } + } + ], + "schema": { + "type": "object", + "properties": { + "latest": { + "description": "Flag that indicates if the ring should be operating off of the latest version number provided by the channel (`true`) or the previous (`false`).", + "examples": [true], + "type": "boolean" + } + } + } } + } }, - "/Api/Update/Shield/Check/Channel/{channelName}": { - "get": { - "description": "Retrieves the latest available version of the package for the running application for the specific channel.", - "operationId": "/Api/Update/Shield/Check/Channel/:channelName/Get", - "parameters": [ - { - "$ref": "#/components/parameters/channelName" + "responses": { + "200": { + "content": { + "application/json": { + "examples": [ + { + "Channel Ring Configuration Details": { + "description": "Example object returned on creation or update.", + "summary": "Channel Ring Configuration", + "value": { + "latest": true, + "number": 1 + } } + } ], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Update.Shield.Check" - } - } - }, - "description": "OK" - }, - "500": { - "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." - } - }, - "summary": "Retrieves Application Version Number For Specific Channel", - "tags": [ - "SHIELD - Update" - ] + "schema": { + "$ref": "#/components/schemas/Update.Shield.Channel.Ring" + } + } + }, + "description": "OK" + }, + "400": { + "$ref": "#/components/responses/400" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + }, + "500": { + "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + } + }, + "summary": "Modifies Specific Channel Ring Configuration", + "tags": ["SHIELD - Update"] + }, + "delete": { + "description": "Deletes configuration of the specific channel ring.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", + "operationId": "/Api/Update/Shield/Channel/:channelName/Ring/:number/Delete", + "parameters": [ + { + "$ref": "#/components/parameters/channelName" + }, + { + "$ref": "#/components/parameters/channelRing" + } + ], + "responses": { + "204": { + "description": "Deleted Successfully" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + }, + "500": { + "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + } + }, + "summary": "Deletes Specific Channel Ring Configuration", + "tags": ["SHIELD - Update"] + } + }, + "/Api/Update/Shield/Channel/{channelName}/Version/{version}": { + "post": { + "description": "Uploads new version of the update package for SHIELD in a specific channel.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", + "operationId": "/Api/Update/Shield/Channel/:channelName/Version/:version/Post", + "parameters": [ + { + "$ref": "#/components/parameters/channelName" + }, + { + "$ref": "#/components/parameters/version" + } + ], + "requestBody": { + "content": { + "application/octet-stream": { + "schema": { + "type": "string", + "format": "binary" + } } + } }, - "/Api/Update/Shield/Download": { - "get": { - "description": "Sends a stream of the ZIP archive content to be saved that represents requested application update package.", - "operationId": "/Api/Update/Shield/Download/Get", - "responses": { - "200": { - "description": "OK", - "content": { - "application/zip": { - "schema": { - "type": "string", - "format": "binary" - } - } - } - }, - "500": { - "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." - } - }, - "summary": "Streams File Content To Download", - "tags": [ - "SHIELD - Update" - ] + "responses": { + "204": { + "description": "OK" + }, + "400": { + "$ref": "#/components/responses/400" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + }, + "500": { + "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + } + }, + "summary": "Uploads New Application Package", + "tags": ["SHIELD - Update"] + } + }, + "/Api/Update/Shield/Check": { + "get": { + "description": "Retrieves the latest available version of the package for the running application. Version depends on the channel associated with the current tenant, or channel mentioned in the request, or default channel value. Applicable channel would be calculated on the server for each request.", + "operationId": "/Api/Update/Shield/Check/Get", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Update.Shield.Check" + } + } + }, + "description": "OK" + }, + "500": { + "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + } + }, + "summary": "Retrieves Latest Application Version Number", + "tags": ["SHIELD - Update"] + } + }, + "/Api/Update/Shield/Check/Channel/{channelName}": { + "get": { + "description": "Retrieves the latest available version of the package for the running application for the specific channel.", + "operationId": "/Api/Update/Shield/Check/Channel/:channelName/Get", + "parameters": [ + { + "$ref": "#/components/parameters/channelName" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Update.Shield.Check" + } + } + }, + "description": "OK" + }, + "500": { + "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + } + }, + "summary": "Retrieves Application Version Number For Specific Channel", + "tags": ["SHIELD - Update"] + } + }, + "/Api/Update/Shield/Download": { + "get": { + "description": "Sends a stream of the ZIP archive content to be saved that represents requested application update package.", + "operationId": "/Api/Update/Shield/Download/Get", + "responses": { + "200": { + "description": "OK", + "content": { + "application/zip": { + "schema": { + "type": "string", + "format": "binary" + } + } } + }, + "500": { + "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + } }, - "/Api/Update/Shield/Download/Channel/{channelName}": { - "get": { - "description": "Sends a stream of the ZIP archive content to be saved that represents requested application update package for the specific channel.", - "operationId": "/Api/Update/Shield/Download/Channel/:channelName/Get", - "parameters": [ - { - "$ref": "#/components/parameters/channelName" - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/zip": { - "schema": { - "type": "string", - "format": "binary" - } - } - } - }, - "403": { - "$ref": "#/components/responses/403" - }, - "500": { - "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." - } - }, - "summary": "Streams File Content From Specific Channel To Download", - "tags": [ - "SHIELD - Update" - ] + "summary": "Streams File Content To Download", + "tags": ["SHIELD - Update"] + } + }, + "/Api/Update/Shield/Download/Channel/{channelName}": { + "get": { + "description": "Sends a stream of the ZIP archive content to be saved that represents requested application update package for the specific channel.", + "operationId": "/Api/Update/Shield/Download/Channel/:channelName/Get", + "parameters": [ + { + "$ref": "#/components/parameters/channelName" + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/zip": { + "schema": { + "type": "string", + "format": "binary" + } + } } + }, + "403": { + "$ref": "#/components/responses/403" + }, + "500": { + "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + } }, - "/Api/Update/Shield/Tenant": { - "get": { - "description": "Retrieves all tenant configurations present in the update service.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", - "operationId": "/Api/Update/Shield/Tenant/Get", - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Update.Shield.Tenant" - } - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - }, - "500": { - "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + "summary": "Streams File Content From Specific Channel To Download", + "tags": ["SHIELD - Update"] + } + }, + "/Api/Update/Shield/Tenant": { + "get": { + "description": "Retrieves all tenant configurations present in the update service.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", + "operationId": "/Api/Update/Shield/Tenant/Get", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Update.Shield.Tenant" + } + } + } + }, + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + }, + "500": { + "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + } + }, + "summary": "Retrieves All Tenant Configurations", + "tags": ["SHIELD - Update"] + } + }, + "/Api/Update/Shield/Tenant/{tenantId}": { + "get": { + "description": "Retrieves configuration for the specific tenant from the update service.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", + "operationId": "/Api/Update/Shield/Tenant/:tenantId/Get", + "parameters": [ + { + "$ref": "#/components/parameters/tenantId" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Update.Shield.Tenant" + } + } + }, + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + }, + "500": { + "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + } + }, + "summary": "Retrieves Specific Tenant Configuration", + "tags": ["SHIELD - Update"] + }, + "patch": { + "description": "Updates (or adds when missing) tenant configuration.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", + "operationId": "/Api/Update/Shield/Tenant/:tenantId/Patch", + "parameters": [ + { + "$ref": "#/components/parameters/tenantId" + } + ], + "requestBody": { + "content": { + "application/json": { + "examples": [ + { + "Tenant Configuration Details": { + "description": "Example tenant configuration object.", + "summary": "Tenant Configuration", + "value": { + "alphaEnabled": false, + "channel": "stable", + "ring": 1 } - }, - "summary": "Retrieves All Tenant Configurations", - "tags": [ - "SHIELD - Update" - ] + } + } + ], + "schema": { + "type": "object", + "properties": { + "alphaEnabled": { + "description": "Flag that indicates if the current tenant is allowed to request alpha builds (`true`) or not (`false`).", + "examples": [false], + "type": "boolean" + }, + "channel": { + "description": "Name of the deploy channel.", + "examples": ["stable"], + "type": "string" + }, + "ring": { + "description": "Ring number that the client is a member of for the current chanel.", + "examples": [1], + "type": "integer" + } + } + } } + } }, - "/Api/Update/Shield/Tenant/{tenantId}": { - "get": { - "description": "Retrieves configuration for the specific tenant from the update service.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", - "operationId": "/Api/Update/Shield/Tenant/:tenantId/Get", - "parameters": [ - { - "$ref": "#/components/parameters/tenantId" + "responses": { + "200": { + "content": { + "application/json": { + "examples": [ + { + "Tenant Configuration Details": { + "description": "Example object returned on creation or update.", + "summary": "Tenant Configuration", + "value": { + "alphaEnabled": false, + "channel": "stable", + "ring": 1, + "tenantId": "a2a1698d-a3e0-42d3-96a4-47eb3e8f7dd1" + } } + } ], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Update.Shield.Tenant" - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - }, - "500": { - "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." - } - }, - "summary": "Retrieves Specific Tenant Configuration", - "tags": [ - "SHIELD - Update" - ] + "schema": { + "$ref": "#/components/schemas/Update.Shield.Tenant" + } + } }, - "patch": { - "description": "Updates (or adds when missing) tenant configuration.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", - "operationId": "/Api/Update/Shield/Tenant/:tenantId/Patch", - "parameters": [ - { - "$ref": "#/components/parameters/tenantId" - } - ], - "requestBody": { - "content": { - "application/json": { - "examples": [{ - "Tenant Configuration Details": { - "description": "Example tenant configuration object.", - "summary": "Tenant Configuration", - "value": { - "alphaEnabled": false, - "channel": "stable", - "ring": 1 - } - } - }], - "schema": { - "type": "object", - "properties": { - "alphaEnabled": { - "description": "Flag that indicates if the current tenant is allowed to request alpha builds (`true`) or not (`false`).", - "examples": [false], - "type": "boolean" - }, - "channel": { - "description": "Name of the deploy channel.", - "examples": ["stable"], - "type": "string" - }, - "ring": { - "description": "Ring number that the client is a member of for the current chanel.", - "examples": [1], - "type": "integer" - } - } - } - } - } + "description": "OK" + }, + "400": { + "$ref": "#/components/responses/400" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + }, + "500": { + "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + } + }, + "summary": "Upserts Specific Tenant Configuration", + "tags": ["SHIELD - Update"] + }, + "delete": { + "description": "Deletes configuration for the specific tenant.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", + "operationId": "/Api/Update/Shield/Tenant/:tenantId/Delete", + "parameters": [ + { + "$ref": "#/components/parameters/tenantId" + } + ], + "responses": { + "204": { + "description": "Deleted Successfully" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" + }, + "500": { + "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + } + }, + "summary": "Deletes Specific Tenant Configuration", + "tags": ["SHIELD - Update"] + } + }, + "/Api/Tenant": { + "get": { + "description": "Retrieves the list of tenant records. Can use filter by parent ID limit the results. This endpoint requires the `Tenant.Read.All` or `Tenant.ReadWrite.All` scopes (permissions).", + "operationId": "/Api/Tenant/Get", + "parameters": [ + { + "$ref": "#/components/parameters/parentId" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "type": "array", + "minItems": 0, + "items": { + "$ref": "#/components/schemas/TenantDetails" + } }, - "responses": { - "200": { - "content": { - "application/json": { - "examples": [{ - "Tenant Configuration Details": { - "description": "Example object returned on creation or update.", - "summary": "Tenant Configuration", - "value": { - "alphaEnabled": false, - "channel": "stable", - "ring": 1, - "tenantId": "a2a1698d-a3e0-42d3-96a4-47eb3e8f7dd1" - } - } - }], - "schema": { - "$ref": "#/components/schemas/Update.Shield.Tenant" - } - } + "examples": [ + { + "Example List Of Tenant Records": { + "description": "Sample list of tenant records in the database", + "summary": "Existing Tenant Records", + "value": [ + { + "tenantId": "5d6e7f8a-9b0c-1d2e-3f4a-5b6c7d8e9f0a", + "displayName": "Contoso - Legal", + "parentId": "f3ed1efc-4e62-46b8-bf2a-6b59ca9784e5", + "authorizedPrincipalList": [ + "59673771-3b4f-4518-9187-aee8a51c8c07", + "47c42971-2dea-4553-a788-d29a42e3e867" + ] }, - "description": "OK" - }, - "400": { - "$ref": "#/components/responses/400" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - }, - "500": { - "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + { + "tenantId": "7e8f9a0b-1c2d-3e4b-5a6c-7d8e9f0a1b2c", + "displayName": "Contoso - R&D", + "parentId": "f3ed1efc-4e62-46b8-bf2a-6b59ca9784e5", + "authorizedPrincipalList": [] + } + ] } - }, - "summary": "Upserts Specific Tenant Configuration", - "tags": [ - "SHIELD - Update" + } ] + } }, - "delete": { - "description": "Deletes configuration for the specific tenant.\n\nThis endpoint requires the `UpdateShield.ReadWrite.All` scope (permission). This endpoint is also only accessible from the `SHI Lab` tenant. End user access is restricted.", - "operationId": "/Api/Update/Shield/Tenant/:tenantId/Delete", - "parameters": [ - { - "$ref": "#/components/parameters/tenantId" - } - ], - "responses": { - "204": { - "description": "Deleted Successfully" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - }, - "500": { - "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." - } - }, - "summary": "Deletes Specific Tenant Configuration", - "tags": [ - "SHIELD - Update" - ] - } + "description": "OK" + }, + "404": { + "$ref": "#/components/responses/404" + }, + "500": { + "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + } }, - "/Api/Tenant": { - "get": { - "description": "Retrieves the list of tenant records. Can use filter by parent ID limit the results. This endpoint requires the `Tenant.Read.All` or `Tenant.ReadWrite.All` scopes (permissions).", - "operationId": "/Api/Tenant/Get", - "parameters": [ - { - "$ref": "#/components/parameters/parentId" - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "type": "array", - "minItems": 0, - "items": { - "$ref": "#/components/schemas/TenantDetails" - } - }, - "examples": [{ - "Example List Of Tenant Records": { - "description": "Sample list of tenant records in the database", - "summary": "Existing Tenant Records", - "value": [ - { - "tenantId": "5d6e7f8a-9b0c-1d2e-3f4a-5b6c7d8e9f0a", - "displayName": "Contoso - Legal", - "parentId": "f3ed1efc-4e62-46b8-bf2a-6b59ca9784e5", - "authorizedPrincipalList": [ - "59673771-3b4f-4518-9187-aee8a51c8c07", - "47c42971-2dea-4553-a788-d29a42e3e867" - ] - }, - { - "tenantId": "7e8f9a0b-1c2d-3e4b-5a6c-7d8e9f0a1b2c", - "displayName": "Contoso - R&D", - "parentId": "f3ed1efc-4e62-46b8-bf2a-6b59ca9784e5", - "authorizedPrincipalList": [] - } - ] - } - }] - } - }, - "description": "OK" - }, - "404": { - "$ref": "#/components/responses/404" - }, - "500": { - "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + "summary": "Retrieves List of Tenant Records", + "tags": ["Tenant Records"] + } + }, + "/Api/Tenant/{tenantId}": { + "get": { + "description": "Retrieves details of a specific tenant record. This endpoint requires the `Tenant.Read.All` or `Tenant.ReadWrite.All` scopes (permissions).", + "operationId": "/Api/Tenant/:tenantId/Get", + "parameters": [ + { + "$ref": "#/components/parameters/tenantId" + }, + { + "$ref": "#/components/parameters/parentId" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TenantDetails" + }, + "examples": [ + { + "Example Complete Tenant Record": { + "description": "Sample details of one tenant record", + "summary": "Existing Tenant Record", + "value": { + "tenantId": "9f0a1b2c-3d4e-5f6a-7b8c-9d0e1f2a3b4c", + "displayName": "Contoso - Testing", + "parentId": "f3ed1efc-4e62-46b8-bf2a-6b59ca9784e5", + "authorizedPrincipalList": [ + "9f0a1b2c-3d4e-5f6a-7b8c-9d0e1f2a3b4c", + "2e3f4a5b-6c7d-8e9f-0a1b-2c3d4e5f6a7b", + "4b5c6d7e-8f9a-0b1c-2d3e-4f5a6b7c8d9e" + ] + } } - }, - "summary": "Retrieves List of Tenant Records", - "tags": [ - "Tenant Records" + } ] - } + } + }, + "description": "OK" + }, + "404": { + "$ref": "#/components/responses/404" + }, + "500": { + "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + } }, - "/Api/Tenant/{tenantId}": { - "get": { - "description": "Retrieves details of a specific tenant record. This endpoint requires the `Tenant.Read.All` or `Tenant.ReadWrite.All` scopes (permissions).", - "operationId": "/Api/Tenant/:tenantId/Get", - "parameters": [ - { - "$ref": "#/components/parameters/tenantId" - }, - { - "$ref": "#/components/parameters/parentId" - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TenantDetails" - }, - "examples": [{ - "Example Complete Tenant Record": { - "description": "Sample details of one tenant record", - "summary": "Existing Tenant Record", - "value": { - "tenantId": "9f0a1b2c-3d4e-5f6a-7b8c-9d0e1f2a3b4c", - "displayName": "Contoso - Testing", - "parentId": "f3ed1efc-4e62-46b8-bf2a-6b59ca9784e5", - "authorizedPrincipalList": [ - "9f0a1b2c-3d4e-5f6a-7b8c-9d0e1f2a3b4c", - "2e3f4a5b-6c7d-8e9f-0a1b-2c3d4e5f6a7b", - "4b5c6d7e-8f9a-0b1c-2d3e-4f5a6b7c8d9e" - ] - } - } - }] - } - }, - "description": "OK" - }, - "404": { - "$ref": "#/components/responses/404" - }, - "500": { - "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + "summary": "Retrieves Tenant Record", + "tags": ["Tenant Records"] + }, + "patch": { + "description": "Update tenant record using provided information. Payload could contain any combination of existing properties. To remove a parent, set the parentId to be the same as the tenant ID value. This endpoint requires the `Tenant.ReadWrite.All` scopes (permissions).", + "operationId": "/Api/Tenant/:tenantId/Patch", + "parameters": [ + { + "$ref": "#/components/parameters/tenantId" + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "tenantDisplayName": { + "description": "Human readable name for the tenant record", + "type": "string" + }, + "parentId": { + "description": "The object ID of the tenant that is considered a parent to this record", + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string" + }, + "authorizedPrincipalList": { + "description": "List of object IDs that are allowed to access this record and related data.", + "type": "array", + "items": { + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string" } + } }, - "summary": "Retrieves Tenant Record", - "tags": [ - "Tenant Records" + "anyOf": [ + { + "required": ["displayName"] + }, + { + "required": ["parentId"] + }, + { + "required": ["authorizedPrincipalList"] + } ] - }, - "patch": { - "description": "Update tenant record using provided information. Payload could contain any combination of existing properties. To remove a parent, set the parentId to be the same as the tenant ID value. This endpoint requires the `Tenant.ReadWrite.All` scopes (permissions).", - "operationId": "/Api/Tenant/:tenantId/Patch", - "parameters": [ - { - "$ref": "#/components/parameters/tenantId" + }, + "examples": [ + { + "Example Request to Update Tenant Parent": { + "description": "Sample payload requesting adjustment to the parent value", + "summary": "Update Parent Information for Tenant", + "value": { + "parentId": "6a7b8c9d-0e1f-2a3b-4c5d-6e7f8a9b0c1d" } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "tenantDisplayName": { - "description": "Human readable name for the tenant record", - "type": "string" - }, - "parentId": { - "description": "The object ID of the tenant that is considered a parent to this record", - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" - }, - "authorizedPrincipalList": { - "description": "List of object IDs that are allowed to access this record and related data.", - "type": "array", - "items": { - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" - } - } - }, - "anyOf": [ - { - "required": [ - "displayName" - ] - }, - { - "required": [ - "parentId" - ] - }, - { - "required": [ - "authorizedPrincipalList" - ] - } - ] - }, - "examples": [{ - "Example Request to Update Tenant Parent": { - "description": "Sample payload requesting adjustment to the parent value", - "summary": "Update Parent Information for Tenant", - "value": { - "parentId": "6a7b8c9d-0e1f-2a3b-4c5d-6e7f8a9b0c1d" - } - }, - "Example Request for Tenant Name and Parent Update": { - "description": "Sample payload requesting to update parent value and display name on the tenant record", - "summary": "Update Tenant Record Name and Parent Information", - "value": { - "parentId": "8f9a0b1c-2d3e-4f5a-6b7c-8d9e0a1b2c3d", - "displayName": "Contoso - R&D East" - } - }, - "Example Request for Tenant Authorized Principals Update": { - "description": "Sample payload requesting to update authorized principals for the tenant record", - "summary": "Update Tenant Authorized Principals List", - "value": { - "authorizedPrincipalList": [ - "4cae3355-0cff-410c-b4f9-69cb5de8f1ac", - "0e52e6ac-f8e1-4070-ae2e-9bd0a37507a1" - ] - } - } - }] - } + }, + "Example Request for Tenant Name and Parent Update": { + "description": "Sample payload requesting to update parent value and display name on the tenant record", + "summary": "Update Tenant Record Name and Parent Information", + "value": { + "parentId": "8f9a0b1c-2d3e-4f5a-6b7c-8d9e0a1b2c3d", + "displayName": "Contoso - R&D East" } - }, - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TenantDetails" - }, - "examples": [{ - "Example Complete Tenant Record": { - "description": "Sample response after updating a tenant record", - "summary": "Updated Tenant Record", - "value": { - "tenantId": "c00ffc2c-b6f6-4121-bd8e-4d02e9504eb9", - "displayName": "Contoso - Testing", - "parentId": "8c291062-a4f7-4706-b4df-59e605497f06", - "authorizedPrincipalList": [ - "b856517a-2086-4be4-b63e-d6ca8a5b0ff6" - ] - } - } - }] - } - }, - "description": "OK" - }, - "500": { - "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + }, + "Example Request for Tenant Authorized Principals Update": { + "description": "Sample payload requesting to update authorized principals for the tenant record", + "summary": "Update Tenant Authorized Principals List", + "value": { + "authorizedPrincipalList": [ + "4cae3355-0cff-410c-b4f9-69cb5de8f1ac", + "0e52e6ac-f8e1-4070-ae2e-9bd0a37507a1" + ] } - }, - "summary": "Update Tenant Record", - "tags": [ - "Tenant Records" - ] - } - } - }, - "security": [ - { - "EntraID": [] - } - ], - "servers": [ - { - "description": "Server the hosts the API described in the document.", - "url": "https://api.shilab.com" - } - ], - "tags": [ - { - "description": "Routes for the core data gateway system.", - "name": "Core System", - "externalDocs": { - "description": "Data Gateway Documentation", - "url": "https://docs.shilab.com/Date-Gateway/" - } - }, - { - "description": "Manages the list of tenants that have interacted with the Data Gateway in the past.", - "name": "Tenant Records" - }, - { - "description": "Collects and reports data from the license analytics product.", - "name": "License Analytics", - "externalDocs": { - "description": "License Analytics Documentation", - "url": "https://docs.shilab.com/License-Analytics/" + } + } + ] } + } }, - { - "description": "Manages and reports the list of purchased licenses for the various SHI Lab Products.", - "name": "License Entitlement" - }, - { - "description": "Collects data from the various SHI Lab products.", - "name": "Telemetry" - }, - { - "name": "SHIELD - Update", - "description": "Update Service Configuration for SHIELD." + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TenantDetails" + }, + "examples": [ + { + "Example Complete Tenant Record": { + "description": "Sample response after updating a tenant record", + "summary": "Updated Tenant Record", + "value": { + "tenantId": "c00ffc2c-b6f6-4121-bd8e-4d02e9504eb9", + "displayName": "Contoso - Testing", + "parentId": "8c291062-a4f7-4706-b4df-59e605497f06", + "authorizedPrincipalList": [ + "b856517a-2086-4be4-b63e-d6ca8a5b0ff6" + ] + } + } + } + ] + } + }, + "description": "OK" + }, + "500": { + "description": "Request has a failure that cannot be resolved and might require manual intervention or retry." + } }, - { - "name": "Chat", - "description": "Enables query for available information (like tenant, license, etc) via conversation with OpenAI agent." - } - ] -} \ No newline at end of file + "summary": "Update Tenant Record", + "tags": ["Tenant Records"] + } + } + }, + "security": [ + { + "EntraID": [] + } + ], + "servers": [ + { + "description": "Server the hosts the API described in the document.", + "url": "https://api.shilab.com" + } + ], + "tags": [ + { + "description": "Routes for the core data gateway system.", + "name": "Core System", + "externalDocs": { + "description": "Data Gateway Documentation", + "url": "https://docs.shilab.com/Date-Gateway/" + } + }, + { + "description": "Manages the list of tenants that have interacted with the Data Gateway in the past.", + "name": "Tenant Records" + }, + { + "description": "Collects and reports data from the license analytics product.", + "name": "License Analytics", + "externalDocs": { + "description": "License Analytics Documentation", + "url": "https://docs.shilab.com/License-Analytics/" + } + }, + { + "description": "Manages and reports the list of purchased licenses for the various SHI Lab Products.", + "name": "License Entitlement" + }, + { + "description": "Collects data from the various SHI Lab products.", + "name": "Telemetry" + }, + { + "name": "SHIELD - Update", + "description": "Update Service Configuration for SHIELD." + }, + { + "name": "Chat", + "description": "Enables query for available information (like tenant, license, etc) via conversation with OpenAI agent." + } + ] +} From 2ee681b9588ff6f1c8cd7699ef50976c17a96d49 Mon Sep 17 00:00:00 2001 From: Ferry To Date: Fri, 5 Sep 2025 16:55:39 +0100 Subject: [PATCH 10/28] fix: Move examples to schema's parent and keep row single value array in schema as fallback. - For Data-Gateway.json - Ensured the examples array exist in both schema level and schema individual property level. - Fixed the following path definition: - Api/Tenant - Api/Core/Health --- specs/Data-Gateway.json | 47 +++++++++++++++++++++++++++++++++++------ 1 file changed, 41 insertions(+), 6 deletions(-) diff --git a/specs/Data-Gateway.json b/specs/Data-Gateway.json index 447defc..0b75026 100644 --- a/specs/Data-Gateway.json +++ b/specs/Data-Gateway.json @@ -1294,6 +1294,28 @@ "application/json": { "schema": { "$ref": "#/components/schemas/Core.HealthReport" + }, + "examples": { + "Auth system failure": { + "summary": "Example health report - Auth failure", + "description": "An example health report returned indicates the authentication components are not working.", + "value": { + "authClient": false, + "authServer": false, + "bulkStorage": true, + "database": true + } + }, + "Storage system failure": { + "summary": "Example health report - Storage failure", + "description": "An example health report returned indicates the storage components are not working.", + "value": { + "authClient": true, + "authServer": true, + "bulkStorage": false, + "database": false + } + } } } } @@ -3321,11 +3343,11 @@ "$ref": "#/components/schemas/TenantDetails" } }, - "examples": [ + "examples": { - "Example List Of Tenant Records": { - "description": "Sample list of tenant records in the database", - "summary": "Existing Tenant Records", + "Example List Of Multiple Tenant Records": { + "description": "Sample list of multiple tenant records in the database", + "summary": "Multiple Tenant Records", "value": [ { "tenantId": "5d6e7f8a-9b0c-1d2e-3f4a-5b6c7d8e9f0a", @@ -3340,12 +3362,25 @@ "tenantId": "7e8f9a0b-1c2d-3e4b-5a6c-7d8e9f0a1b2c", "displayName": "Contoso - R&D", "parentId": "f3ed1efc-4e62-46b8-bf2a-6b59ca9784e5", - "authorizedPrincipalList": [] + "authorizedPrincipalList": [ + "7e9ce415-32b2-4e7a-a920-d4dbaae022e3" + ] } ] + }, + "Example List Of Single Tenant Record": { + "description": "Example list of single tenant records which no user is authorized yet.", + "summary": "Single Tenant Records", + "value": [ + { + "tenantId": "7e8f9a0b-1c2d-3e4b-5a6c-7d8e9f0a1b2c", + "displayName": "Contoso - R&D", + "parentId": "f3ed1efc-4e62-46b8-bf2a-6b59ca9784e5", + "authorizedPrincipalList": [] + } + ] } } - ] } }, "description": "OK" From adaf140032bb94adef15eaf4eb6f1ee725d00d1d Mon Sep 17 00:00:00 2001 From: Ferry To Date: Mon, 8 Sep 2025 12:58:47 +0100 Subject: [PATCH 11/28] fix: Move examples to schema's parent and keep row single value array in schema as fallback. - For Data-Gateway.json - Ensured the examples array exist in both schema level and schema individual property level. - Fixed the following path definition: - GET Api/Tenant/{tenantId} - PATCH Api/Tenant/{tenantId} --- specs/Data-Gateway.json | 222 ++++++++++++++++++++++------------------ 1 file changed, 122 insertions(+), 100 deletions(-) diff --git a/specs/Data-Gateway.json b/specs/Data-Gateway.json index 0b75026..64d7c35 100644 --- a/specs/Data-Gateway.json +++ b/specs/Data-Gateway.json @@ -1315,7 +1315,7 @@ "bulkStorage": false, "database": false } - } + } } } } @@ -3341,46 +3341,55 @@ "minItems": 0, "items": { "$ref": "#/components/schemas/TenantDetails" - } + }, + "examples": [ + [ + { + "tenantId": "7e8f9a0b-1c2d-3e4b-5a6c-7d8e9f0a1b2c", + "displayName": "Contoso - R&D", + "parentId": "f3ed1efc-4e62-46b8-bf2a-6b59ca9784e5", + "authorizedPrincipalList": [] + } + ] + ] }, - "examples": - { - "Example List Of Multiple Tenant Records": { - "description": "Sample list of multiple tenant records in the database", - "summary": "Multiple Tenant Records", - "value": [ - { - "tenantId": "5d6e7f8a-9b0c-1d2e-3f4a-5b6c7d8e9f0a", - "displayName": "Contoso - Legal", - "parentId": "f3ed1efc-4e62-46b8-bf2a-6b59ca9784e5", - "authorizedPrincipalList": [ - "59673771-3b4f-4518-9187-aee8a51c8c07", - "47c42971-2dea-4553-a788-d29a42e3e867" - ] - }, - { - "tenantId": "7e8f9a0b-1c2d-3e4b-5a6c-7d8e9f0a1b2c", - "displayName": "Contoso - R&D", - "parentId": "f3ed1efc-4e62-46b8-bf2a-6b59ca9784e5", - "authorizedPrincipalList": [ - "7e9ce415-32b2-4e7a-a920-d4dbaae022e3" - ] - } - ] - }, - "Example List Of Single Tenant Record": { - "description": "Example list of single tenant records which no user is authorized yet.", - "summary": "Single Tenant Records", - "value": [ - { - "tenantId": "7e8f9a0b-1c2d-3e4b-5a6c-7d8e9f0a1b2c", - "displayName": "Contoso - R&D", - "parentId": "f3ed1efc-4e62-46b8-bf2a-6b59ca9784e5", - "authorizedPrincipalList": [] - } - ] - } + "examples": { + "Example List Of Multiple Tenant Records": { + "description": "Sample list of multiple tenant records in the database", + "summary": "Multiple Tenant Records", + "value": [ + { + "tenantId": "5d6e7f8a-9b0c-1d2e-3f4a-5b6c7d8e9f0a", + "displayName": "Contoso - Legal", + "parentId": "f3ed1efc-4e62-46b8-bf2a-6b59ca9784e5", + "authorizedPrincipalList": [ + "59673771-3b4f-4518-9187-aee8a51c8c07", + "47c42971-2dea-4553-a788-d29a42e3e867" + ] + }, + { + "tenantId": "7e8f9a0b-1c2d-3e4b-5a6c-7d8e9f0a1b2c", + "displayName": "Contoso - R&D", + "parentId": "f3ed1efc-4e62-46b8-bf2a-6b59ca9784e5", + "authorizedPrincipalList": [ + "7e9ce415-32b2-4e7a-a920-d4dbaae022e3" + ] + } + ] + }, + "Example List Of Single Tenant Record": { + "description": "Example list of single tenant records which no user is authorized yet.", + "summary": "Single Tenant Records", + "value": [ + { + "tenantId": "7e8f9a0b-1c2d-3e4b-5a6c-7d8e9f0a1b2c", + "displayName": "Contoso - R&D", + "parentId": "f3ed1efc-4e62-46b8-bf2a-6b59ca9784e5", + "authorizedPrincipalList": [] + } + ] } + } } }, "description": "OK" @@ -3415,24 +3424,22 @@ "schema": { "$ref": "#/components/schemas/TenantDetails" }, - "examples": [ - { - "Example Complete Tenant Record": { - "description": "Sample details of one tenant record", - "summary": "Existing Tenant Record", - "value": { - "tenantId": "9f0a1b2c-3d4e-5f6a-7b8c-9d0e1f2a3b4c", - "displayName": "Contoso - Testing", - "parentId": "f3ed1efc-4e62-46b8-bf2a-6b59ca9784e5", - "authorizedPrincipalList": [ - "9f0a1b2c-3d4e-5f6a-7b8c-9d0e1f2a3b4c", - "2e3f4a5b-6c7d-8e9f-0a1b-2c3d4e5f6a7b", - "4b5c6d7e-8f9a-0b1c-2d3e-4f5a6b7c8d9e" - ] - } + "examples": { + "Example Complete Tenant Record": { + "description": "An example showing a single existing tenant record.", + "summary": "Existing Tenant Record", + "value": { + "tenantId": "9f0a1b2c-3d4e-5f6a-7b8c-9d0e1f2a3b4c", + "displayName": "Contoso - Testing", + "parentId": "f3ed1efc-4e62-46b8-bf2a-6b59ca9784e5", + "authorizedPrincipalList": [ + "9f0a1b2c-3d4e-5f6a-7b8c-9d0e1f2a3b4c", + "2e3f4a5b-6c7d-8e9f-0a1b-2c3d4e5f6a7b", + "4b5c6d7e-8f9a-0b1c-2d3e-4f5a6b7c8d9e" + ] } } - ] + } } }, "description": "OK" @@ -3463,7 +3470,8 @@ "properties": { "tenantDisplayName": { "description": "Human readable name for the tenant record", - "type": "string" + "type": "string", + "examples": ["Contoso - R&D East"] }, "parentId": { "description": "The object ID of the tenant that is considered a parent to this record", @@ -3471,7 +3479,8 @@ "maxLength": 36, "minLength": 36, "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" + "type": "string", + "examples": ["6a7b8c9d-0e1f-2a3b-4c5d-6e7f8a9b0c1d"] }, "authorizedPrincipalList": { "description": "List of object IDs that are allowed to access this record and related data.", @@ -3481,8 +3490,15 @@ "maxLength": 36, "minLength": 36, "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" - } + "type": "string", + "examples": ["4cae3355-0cff-410c-b4f9-69cb5de8f1ac"] + }, + "examples": [ + [ + "4cae3355-0cff-410c-b4f9-69cb5de8f1ac", + "0e52e6ac-f8e1-4070-ae2e-9bd0a37507a1" + ] + ] } }, "anyOf": [ @@ -3495,37 +3511,45 @@ { "required": ["authorizedPrincipalList"] } + ], + "examples": [ + { + "tenantDisplayName": "Contoso - R&D East", + "parentId": "6a7b8c9d-0e1f-2a3b-4c5d-6e7f8a9b0c1d", + "authorizedPrincipalList": [ + "4cae3355-0cff-410c-b4f9-69cb5de8f1ac", + "0e52e6ac-f8e1-4070-ae2e-9bd0a37507a1" + ] + } ] }, - "examples": [ - { - "Example Request to Update Tenant Parent": { - "description": "Sample payload requesting adjustment to the parent value", - "summary": "Update Parent Information for Tenant", - "value": { - "parentId": "6a7b8c9d-0e1f-2a3b-4c5d-6e7f8a9b0c1d" - } - }, - "Example Request for Tenant Name and Parent Update": { - "description": "Sample payload requesting to update parent value and display name on the tenant record", - "summary": "Update Tenant Record Name and Parent Information", - "value": { - "parentId": "8f9a0b1c-2d3e-4f5a-6b7c-8d9e0a1b2c3d", - "displayName": "Contoso - R&D East" - } - }, - "Example Request for Tenant Authorized Principals Update": { - "description": "Sample payload requesting to update authorized principals for the tenant record", - "summary": "Update Tenant Authorized Principals List", - "value": { - "authorizedPrincipalList": [ - "4cae3355-0cff-410c-b4f9-69cb5de8f1ac", - "0e52e6ac-f8e1-4070-ae2e-9bd0a37507a1" - ] - } + "examples": { + "Example Request to Update Tenant Parent": { + "description": "Sample payload requesting adjustment to the parent value.", + "summary": "Update Parent Information for Tenant", + "value": { + "parentId": "6a7b8c9d-0e1f-2a3b-4c5d-6e7f8a9b0c1d" + } + }, + "Example Request for Tenant Name and Parent Update": { + "description": "Sample payload requesting to update parent value and display name on the tenant record.", + "summary": "Update Tenant Record Name and Parent Information", + "value": { + "parentId": "8f9a0b1c-2d3e-4f5a-6b7c-8d9e0a1b2c3d", + "displayName": "Contoso - R&D West" + } + }, + "Example Request for Tenant Authorized Principals Update": { + "description": "Sample payload requesting to update authorized principals for the tenant record.", + "summary": "Update Tenant Authorized Principals List", + "value": { + "authorizedPrincipalList": [ + "4cae3355-0cff-410c-b4f9-69cb5de8f1ac", + "0e52e6ac-f8e1-4070-ae2e-9bd0a37507a1" + ] } } - ] + } } } }, @@ -3536,22 +3560,20 @@ "schema": { "$ref": "#/components/schemas/TenantDetails" }, - "examples": [ - { - "Example Complete Tenant Record": { - "description": "Sample response after updating a tenant record", - "summary": "Updated Tenant Record", - "value": { - "tenantId": "c00ffc2c-b6f6-4121-bd8e-4d02e9504eb9", - "displayName": "Contoso - Testing", - "parentId": "8c291062-a4f7-4706-b4df-59e605497f06", - "authorizedPrincipalList": [ - "b856517a-2086-4be4-b63e-d6ca8a5b0ff6" - ] - } + "examples": { + "Example Complete Tenant Record": { + "description": "Sample response after updating a tenant record.", + "summary": "Updated Tenant Record", + "value": { + "tenantId": "c00ffc2c-b6f6-4121-bd8e-4d02e9504eb9", + "displayName": "Contoso - Testing", + "parentId": "8c291062-a4f7-4706-b4df-59e605497f06", + "authorizedPrincipalList": [ + "b856517a-2086-4be4-b63e-d6ca8a5b0ff6" + ] } } - ] + } } }, "description": "OK" From 50998b6e7f679ce8cc5f6861558a854b623304ac Mon Sep 17 00:00:00 2001 From: Ferry To Date: Mon, 8 Sep 2025 14:07:59 +0100 Subject: [PATCH 12/28] fix: Move examples to schema's parent and keep row single value array in schema as fallback. - For Data-Gateway.json - Ensured the examples array exist in both schema level and schema individual property level. - Fixed the following path definition: - POST /Api/Telemetry/ShieldApi/Tenant/{tenantId} - GET /Api/Telemetry/Shield - GET /Api/Telemetry/Shield/Tenant/{tenantId} - DELETE /Api/Telemetry/Shield/Tenant/{tenantId}/Correlation/{correlationId} - POST /Api/Chat/LicenseGpt - POST /Api/Chat/LicenseGpt/Tenant/{tenantId} --- specs/Data-Gateway.json | 644 ++++++++++++++++++++++++++++++---------- 1 file changed, 486 insertions(+), 158 deletions(-) diff --git a/specs/Data-Gateway.json b/specs/Data-Gateway.json index 64d7c35..e6dd367 100644 --- a/specs/Data-Gateway.json +++ b/specs/Data-Gateway.json @@ -1870,6 +1870,26 @@ "items": { "$ref": "#/components/schemas/Chat.OpenAIChatMessage" } + }, + "examples": { + "Tool call": { + "summary": "Example tool call request", + "description": "An example request that represent a message initiated by the chat assistant to call a tool function for the currently authenticated tenant.", + "value": { + "role": "assistant", + "content": "What are the available IDs?", + "tool_calls": [ + { + "id": "call_abc123", + "type": "function", + "function": { + "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", + "name": "getCorrelationIDs" + } + } + ] + } + } } } } @@ -1928,14 +1948,102 @@ "description": "List of message objects in current conversation", "items": { "$ref": "#/components/schemas/Chat.OpenAIChatMessage" - } + }, + "examples": [ + [ + { + "role": "user", + "content": "Hello" + }, + { + "role": "assistant", + "content": "Hello, how can I assist you today?" + }, + { + "role": "user", + "content": "Can you show me what correlation records I have?" + }, + { + "role": "assistant", + "content": "What are the available IDs?", + "tool_calls": [ + { + "id": "call_abc123", + "type": "function", + "function": { + "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", + "name": "getCorrelationIDs" + } + } + ] + }, + { + "role": "tool", + "content": "{\"825a9d7e-0b62-4392-b8ef-ab6951a46ebd\":\"2025-07-03T18:39:50.828Z\",\"744c0878-3a82-48a7-b239-a1d4b9298a69\":\"2025-07-07T21:01:20.995Z\"}", + "tool_call_id": "call_abc123" + }, + { + "role": "assistant", + "content": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" + } + ] + ] }, "responseText": { "type": "string", - "description": "Most recent response text" + "description": "Most recent response text", + "examples": [ + "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" + ] } }, "required": ["messageList", "responseText"] + }, + "examples": { + "Chat response": { + "summary": "Example chat response with context", + "description": "An example chat response that includes context of current chat session with the request appended for the currently authenticated tenant.", + "value": { + "messageList": [ + { + "role": "user", + "content": "Hello" + }, + { + "role": "assistant", + "content": "Hello, how can I assist you today?" + }, + { + "role": "user", + "content": "Can you show me what correlation records I have?" + }, + { + "role": "assistant", + "content": "What are the available IDs?", + "tool_calls": [ + { + "id": "call_abc123", + "type": "function", + "function": { + "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", + "name": "getCorrelationIDs" + } + } + ] + }, + { + "role": "tool", + "content": "{\"825a9d7e-0b62-4392-b8ef-ab6951a46ebd\":\"2025-07-03T18:39:50.828Z\",\"744c0878-3a82-48a7-b239-a1d4b9298a69\":\"2025-07-07T21:01:20.995Z\"}", + "tool_call_id": "call_abc123" + }, + { + "role": "assistant", + "content": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" + } + ], + "responseText": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" + } + } } } }, @@ -1966,6 +2074,46 @@ "type": "array", "items": { "$ref": "#/components/schemas/Chat.OpenAIChatMessage" + }, + "examples": [ + [ + { + "role": "assistant", + "content": "What are the available IDs?", + "tool_calls": [ + { + "id": "call_abc123", + "type": "function", + "function": { + "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", + "name": "getCorrelationIDs" + } + } + ] + } + ] + ] + }, + "examples": { + "Chat request": { + "summary": "Example chat request", + "description": "An example request that represent a message initiated by the chat assistant to call a tool function for the specified tenant.", + "value": [ + { + "role": "assistant", + "content": "What are the available IDs?", + "tool_calls": [ + { + "id": "call_abc123", + "type": "function", + "function": { + "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", + "name": "getCorrelationIDs" + } + } + ] + } + ] } } } @@ -2025,14 +2173,102 @@ "description": "List of message objects in current conversation", "items": { "$ref": "#/components/schemas/Chat.OpenAIChatMessage" - } + }, + "examples": [ + [ + { + "role": "user", + "content": "Hello" + }, + { + "role": "assistant", + "content": "Hello, how can I assist you today?" + }, + { + "role": "user", + "content": "Can you show me what correlation records I have?" + }, + { + "role": "assistant", + "content": "What are the available IDs?", + "tool_calls": [ + { + "id": "call_abc123", + "type": "function", + "function": { + "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", + "name": "getCorrelationIDs" + } + } + ] + }, + { + "role": "tool", + "content": "{\"825a9d7e-0b62-4392-b8ef-ab6951a46ebd\":\"2025-07-03T18:39:50.828Z\",\"744c0878-3a82-48a7-b239-a1d4b9298a69\":\"2025-07-07T21:01:20.995Z\"}", + "tool_call_id": "call_abc123" + }, + { + "role": "assistant", + "content": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" + } + ] + ] }, "responseText": { "type": "string", - "description": "Most recent response text" + "description": "Most recent response text", + "examples": [ + "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" + ] } }, "required": ["messageList", "responseText"] + }, + "examples": { + "Chat response": { + "summary": "Example chat response", + "description": "An example chat response that includes context of current chat session with the request appended for the specified tenant.", + "value": { + "messageList": [ + { + "role": "user", + "content": "Hello" + }, + { + "role": "assistant", + "content": "Hello, how can I assist you today?" + }, + { + "role": "user", + "content": "Can you show me what correlation records I have?" + }, + { + "role": "assistant", + "content": "What are the available IDs?", + "tool_calls": [ + { + "id": "call_abc123", + "type": "function", + "function": { + "arguments": "{\"startDate\":\"2025-07-01\",\"endDate\":\"2025-07-10\"}", + "name": "getCorrelationIDs" + } + } + ] + }, + { + "role": "tool", + "content": "{\"825a9d7e-0b62-4392-b8ef-ab6951a46ebd\":\"2025-07-03T18:39:50.828Z\",\"744c0878-3a82-48a7-b239-a1d4b9298a69\":\"2025-07-07T21:01:20.995Z\"}", + "tool_call_id": "call_abc123" + }, + { + "role": "assistant", + "content": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" + } + ], + "responseText": "You have correlation records for the following dates:\n- July 3, 2025\n- July 7, 2025\n\nWould you like to see details from any of these correlation records?" + } + } } } }, @@ -2342,12 +2578,47 @@ "requestBody": { "content": { "application/json": { - "examples": [ - { + "examples": { + "Monthly Report": { + "description": "Example monthly telemetry report for an enterprise organization.", + "summary": "Monthly Report", + "value": { + "enterpriseDeviceCount": 64221, + "enterpriseInterfaceCount": 523, + "enterpriseIntermediaryCount": 44, + "enterpriseUserCount": 642219, + "monthlyActiveEntUsers": 0, + "monthlyActivePrivUsers": 0, + "monthlyActiveSpecUsers": 0, + "privilegedDeviceCount": 50, + "privilegedInterfaceCount": 2000, + "privilegedIntermediaryCount": 25, + "privilegedUserCount": 50, + "shieldArchitectureVersion": "2", + "shieldCoreVersion": "3.0.0", + "specializedDeviceCount": 0, + "specializedInterfaceCount": 612, + "specializedIntermediaryCount": 2, + "specializedUserCount": 5238 + } + } + }, + "schema": { + "$ref": "#/components/schemas/Telemetry.Shield" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "examples": { "Monthly Report": { - "description": "Example monthly telemetry report for an enterprise organization.", - "summary": "Monthly Report", + "description": "An example of latest monthly telemetry report for an enterprise organization after the latest telemetry input.", + "summary": "Updated Monthly Report", "value": { + "correlationId": "6fe3cd30-931c-439a-b759-1e7f3a73622e", "enterpriseDeviceCount": 64221, "enterpriseInterfaceCount": 523, "enterpriseIntermediaryCount": 44, @@ -2364,27 +2635,43 @@ "specializedDeviceCount": 0, "specializedInterfaceCount": 612, "specializedIntermediaryCount": 2, - "specializedUserCount": 5238 + "specializedUserCount": 5238, + "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", + "createdAt": "2024-08-05T15:25:55.525Z", + "updatedAt": "2024-08-05T15:25:55.525Z" } } + }, + "schema": { + "$ref": "#/components/schemas/Telemetry.Shield" } - ], - "schema": { - "$ref": "#/components/schemas/Telemetry.Shield" } - } + }, + "description": "OK" + }, + "401": { + "$ref": "#/components/responses/401" + }, + "403": { + "$ref": "#/components/responses/403" } }, + "tags": ["Telemetry"], + "summary": "Collects SHIELD Telemetry" + }, + "get": { + "description": "Retrieves the telemetry records that have been reported for the authenticated tenant. Data is not guaranteed to be retrieved in any specific order.\n\nThis endpoint requires the `Telemetry.Shield.Read`, `Telemetry.Shield.Read.All`, `Telemetry.Shield.ReadWrite`, or `Telemetry.Shield.ReadWrite.All` scope (permission).", + "operationId": "/Api/Telemetry/Shield/Get", "responses": { "200": { "content": { "application/json": { - "examples": [ - { - "Monthly Report": { - "description": "Example monthly telemetry report for an enterprise organization.", - "summary": "Monthly Report", - "value": { + "examples": { + "List of Reports": { + "description": "List of all available SHIELD telemetry reports for the current authenticated tenant.", + "summary": "List of SHIELD telemetry reports", + "value": [ + { "correlationId": "6fe3cd30-931c-439a-b759-1e7f3a73622e", "enterpriseDeviceCount": 64221, "enterpriseInterfaceCount": 523, @@ -2406,96 +2693,89 @@ "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", "createdAt": "2024-08-05T15:25:55.525Z", "updatedAt": "2024-08-05T15:25:55.525Z" + }, + { + "correlationId": "a57d03c6-8218-4738-b860-ac158e257e27", + "enterpriseDeviceCount": 63221, + "enterpriseInterfaceCount": 523, + "enterpriseIntermediaryCount": 44, + "enterpriseUserCount": 632219, + "monthlyActiveEntUsers": 0, + "monthlyActivePrivUsers": 0, + "monthlyActiveSpecUsers": 0, + "privilegedDeviceCount": 50, + "privilegedInterfaceCount": 2000, + "privilegedIntermediaryCount": 25, + "privilegedUserCount": 50, + "shieldArchitectureVersion": "2", + "shieldCoreVersion": "3.0.0", + "specializedDeviceCount": 0, + "specializedInterfaceCount": 612, + "specializedIntermediaryCount": 2, + "specializedUserCount": 5238, + "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", + "createdAt": "2024-07-05T15:25:55.525Z", + "updatedAt": "2024-07-05T15:25:55.525Z" } - } - } - ], - "schema": { - "$ref": "#/components/schemas/Telemetry.Shield" - } - } - }, - "description": "OK" - }, - "401": { - "$ref": "#/components/responses/401" - }, - "403": { - "$ref": "#/components/responses/403" - } - }, - "tags": ["Telemetry"], - "summary": "Collects SHIELD Telemetry" - }, - "get": { - "description": "Retrieves the telemetry records that have been reported for the authenticated tenant. Data is not guaranteed to be retrieved in any specific order.\n\nThis endpoint requires the `Telemetry.Shield.Read`, `Telemetry.Shield.Read.All`, `Telemetry.Shield.ReadWrite`, or `Telemetry.Shield.ReadWrite.All` scope (permission).", - "operationId": "/Api/Telemetry/Shield/Get", - "responses": { - "200": { - "content": { - "application/json": { - "examples": [ - { - "List of Reports": { - "description": "List of all available telemetry reports for the authenticated tenant.", - "summary": "List of Reports", - "value": [ - { - "correlationId": "6fe3cd30-931c-439a-b759-1e7f3a73622e", - "enterpriseDeviceCount": 64221, - "enterpriseInterfaceCount": 523, - "enterpriseIntermediaryCount": 44, - "enterpriseUserCount": 642219, - "monthlyActiveEntUsers": 0, - "monthlyActivePrivUsers": 0, - "monthlyActiveSpecUsers": 0, - "privilegedDeviceCount": 50, - "privilegedInterfaceCount": 2000, - "privilegedIntermediaryCount": 25, - "privilegedUserCount": 50, - "shieldArchitectureVersion": "2", - "shieldCoreVersion": "3.0.0", - "specializedDeviceCount": 0, - "specializedInterfaceCount": 612, - "specializedIntermediaryCount": 2, - "specializedUserCount": 5238, - "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", - "createdAt": "2024-08-05T15:25:55.525Z", - "updatedAt": "2024-08-05T15:25:55.525Z" - }, - { - "correlationId": "a57d03c6-8218-4738-b860-ac158e257e27", - "enterpriseDeviceCount": 63221, - "enterpriseInterfaceCount": 523, - "enterpriseIntermediaryCount": 44, - "enterpriseUserCount": 632219, - "monthlyActiveEntUsers": 0, - "monthlyActivePrivUsers": 0, - "monthlyActiveSpecUsers": 0, - "privilegedDeviceCount": 50, - "privilegedInterfaceCount": 2000, - "privilegedIntermediaryCount": 25, - "privilegedUserCount": 50, - "shieldArchitectureVersion": "2", - "shieldCoreVersion": "3.0.0", - "specializedDeviceCount": 0, - "specializedInterfaceCount": 612, - "specializedIntermediaryCount": 2, - "specializedUserCount": 5238, - "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", - "createdAt": "2024-07-05T15:25:55.525Z", - "updatedAt": "2024-07-05T15:25:55.525Z" - } - ] - } + ] } - ], + }, "schema": { "type": "array", "items": { "$ref": "#/components/schemas/Telemetry.Shield" }, - "minItems": 0 + "minItems": 0, + "examples": [ + [ + { + "correlationId": "6fe3cd30-931c-439a-b759-1e7f3a73622e", + "enterpriseDeviceCount": 64221, + "enterpriseInterfaceCount": 523, + "enterpriseIntermediaryCount": 44, + "enterpriseUserCount": 642219, + "monthlyActiveEntUsers": 0, + "monthlyActivePrivUsers": 0, + "monthlyActiveSpecUsers": 0, + "privilegedDeviceCount": 50, + "privilegedInterfaceCount": 2000, + "privilegedIntermediaryCount": 25, + "privilegedUserCount": 50, + "shieldArchitectureVersion": "2", + "shieldCoreVersion": "3.0.0", + "specializedDeviceCount": 0, + "specializedInterfaceCount": 612, + "specializedIntermediaryCount": 2, + "specializedUserCount": 5238, + "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", + "createdAt": "2024-08-05T15:25:55.525Z", + "updatedAt": "2024-08-05T15:25:55.525Z" + }, + { + "correlationId": "a57d03c6-8218-4738-b860-ac158e257e27", + "enterpriseDeviceCount": 63221, + "enterpriseInterfaceCount": 523, + "enterpriseIntermediaryCount": 44, + "enterpriseUserCount": 632219, + "monthlyActiveEntUsers": 0, + "monthlyActivePrivUsers": 0, + "monthlyActiveSpecUsers": 0, + "privilegedDeviceCount": 50, + "privilegedInterfaceCount": 2000, + "privilegedIntermediaryCount": 25, + "privilegedUserCount": 50, + "shieldArchitectureVersion": "2", + "shieldCoreVersion": "3.0.0", + "specializedDeviceCount": 0, + "specializedInterfaceCount": 612, + "specializedIntermediaryCount": 2, + "specializedUserCount": 5238, + "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", + "createdAt": "2024-07-05T15:25:55.525Z", + "updatedAt": "2024-07-05T15:25:55.525Z" + } + ] + ] } } }, @@ -2525,68 +2805,116 @@ "200": { "content": { "application/json": { - "examples": [ - { - "List of Reports": { - "description": "List of all available telemetry reports for the authenticated tenant.", - "summary": "List of Reports", - "value": [ - { - "correlationId": "6fe3cd30-931c-439a-b759-1e7f3a73622e", - "enterpriseDeviceCount": 64221, - "enterpriseInterfaceCount": 523, - "enterpriseIntermediaryCount": 44, - "enterpriseUserCount": 642219, - "monthlyActiveEntUsers": 0, - "monthlyActivePrivUsers": 0, - "monthlyActiveSpecUsers": 0, - "privilegedDeviceCount": 50, - "privilegedInterfaceCount": 2000, - "privilegedIntermediaryCount": 25, - "privilegedUserCount": 50, - "shieldArchitectureVersion": "2", - "shieldCoreVersion": "3.0.0", - "specializedDeviceCount": 0, - "specializedInterfaceCount": 612, - "specializedIntermediaryCount": 2, - "specializedUserCount": 5238, - "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", - "createdAt": "2024-08-05T15:25:55.525Z", - "updatedAt": "2024-08-05T15:25:55.525Z" - }, - { - "correlationId": "a57d03c6-8218-4738-b860-ac158e257e27", - "enterpriseDeviceCount": 63221, - "enterpriseInterfaceCount": 523, - "enterpriseIntermediaryCount": 44, - "enterpriseUserCount": 632219, - "monthlyActiveEntUsers": 0, - "monthlyActivePrivUsers": 0, - "monthlyActiveSpecUsers": 0, - "privilegedDeviceCount": 50, - "privilegedInterfaceCount": 2000, - "privilegedIntermediaryCount": 25, - "privilegedUserCount": 50, - "shieldArchitectureVersion": "2", - "shieldCoreVersion": "3.0.0", - "specializedDeviceCount": 0, - "specializedInterfaceCount": 612, - "specializedIntermediaryCount": 2, - "specializedUserCount": 5238, - "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", - "createdAt": "2024-07-05T15:25:55.525Z", - "updatedAt": "2024-07-05T15:25:55.525Z" - } - ] - } + "examples": { + "List of Reports": { + "description": "List of all available SHIELD telemetry reports for the specified tenant.", + "summary": "List of SHIELD telemetry reports", + "value": [ + { + "correlationId": "6fe3cd30-931c-439a-b759-1e7f3a73622e", + "enterpriseDeviceCount": 64221, + "enterpriseInterfaceCount": 523, + "enterpriseIntermediaryCount": 44, + "enterpriseUserCount": 642219, + "monthlyActiveEntUsers": 0, + "monthlyActivePrivUsers": 0, + "monthlyActiveSpecUsers": 0, + "privilegedDeviceCount": 50, + "privilegedInterfaceCount": 2000, + "privilegedIntermediaryCount": 25, + "privilegedUserCount": 50, + "shieldArchitectureVersion": "2", + "shieldCoreVersion": "3.0.0", + "specializedDeviceCount": 0, + "specializedInterfaceCount": 612, + "specializedIntermediaryCount": 2, + "specializedUserCount": 5238, + "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", + "createdAt": "2024-08-05T15:25:55.525Z", + "updatedAt": "2024-08-05T15:25:55.525Z" + }, + { + "correlationId": "a57d03c6-8218-4738-b860-ac158e257e27", + "enterpriseDeviceCount": 63221, + "enterpriseInterfaceCount": 523, + "enterpriseIntermediaryCount": 44, + "enterpriseUserCount": 632219, + "monthlyActiveEntUsers": 0, + "monthlyActivePrivUsers": 0, + "monthlyActiveSpecUsers": 0, + "privilegedDeviceCount": 50, + "privilegedInterfaceCount": 2000, + "privilegedIntermediaryCount": 25, + "privilegedUserCount": 50, + "shieldArchitectureVersion": "2", + "shieldCoreVersion": "3.0.0", + "specializedDeviceCount": 0, + "specializedInterfaceCount": 612, + "specializedIntermediaryCount": 2, + "specializedUserCount": 5238, + "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", + "createdAt": "2024-07-05T15:25:55.525Z", + "updatedAt": "2024-07-05T15:25:55.525Z" + } + ] } - ], + }, "schema": { "type": "array", "items": { "$ref": "#/components/schemas/Telemetry.Shield" }, - "minItems": 0 + "minItems": 0, + "examples": [ + [ + { + "correlationId": "6fe3cd30-931c-439a-b759-1e7f3a73622e", + "enterpriseDeviceCount": 64221, + "enterpriseInterfaceCount": 523, + "enterpriseIntermediaryCount": 44, + "enterpriseUserCount": 642219, + "monthlyActiveEntUsers": 0, + "monthlyActivePrivUsers": 0, + "monthlyActiveSpecUsers": 0, + "privilegedDeviceCount": 50, + "privilegedInterfaceCount": 2000, + "privilegedIntermediaryCount": 25, + "privilegedUserCount": 50, + "shieldArchitectureVersion": "2", + "shieldCoreVersion": "3.0.0", + "specializedDeviceCount": 0, + "specializedInterfaceCount": 612, + "specializedIntermediaryCount": 2, + "specializedUserCount": 5238, + "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", + "createdAt": "2024-08-05T15:25:55.525Z", + "updatedAt": "2024-08-05T15:25:55.525Z" + }, + { + "correlationId": "a57d03c6-8218-4738-b860-ac158e257e27", + "enterpriseDeviceCount": 63221, + "enterpriseInterfaceCount": 523, + "enterpriseIntermediaryCount": 44, + "enterpriseUserCount": 632219, + "monthlyActiveEntUsers": 0, + "monthlyActivePrivUsers": 0, + "monthlyActiveSpecUsers": 0, + "privilegedDeviceCount": 50, + "privilegedInterfaceCount": 2000, + "privilegedIntermediaryCount": 25, + "privilegedUserCount": 50, + "shieldArchitectureVersion": "2", + "shieldCoreVersion": "3.0.0", + "specializedDeviceCount": 0, + "specializedInterfaceCount": 612, + "specializedIntermediaryCount": 2, + "specializedUserCount": 5238, + "tenantId": "46759f55-fb42-49e3-83ab-93de2a39bc1d", + "createdAt": "2024-07-05T15:25:55.525Z", + "updatedAt": "2024-07-05T15:25:55.525Z" + } + ] + ] } } }, From 03d42a64b4a0f643eb932b2eaa743140b6ef9e83 Mon Sep 17 00:00:00 2001 From: Ferry To Date: Mon, 8 Sep 2025 16:45:48 +0100 Subject: [PATCH 13/28] fix: Move examples to schema's parent and keep row single value array in schema as fallback. - For Data-Gateway.json - Ensured the examples array exist in both schema level and schema individual property level. - Fixed the following path definitions: - POST /Api/LicenseReport - GET /Api/LicenseReport/Correlation - GET /Api/LicenseReport/Correlation/Tenant/{tenantId} - GET /Api/LicenseReport/Correlation/{correlationId}/Data - DELETE /Api/LicenseReport/Correlation/{correlationId}/Data - GET /Api/LicenseReport/Correlation/{correlationId}/Tenant/{tenantId}/Data - DELETE /Api/LicenseReport/Correlation/{correlationId}/Tenant/{tenantId}/Data - POST /Api/Entitlement/Shield - GET /Api/Entitlement/Shield/Active - GET /Api/Entitlement/Shield/Tenant/{tenantId} - DELETE /Api/Entitlement/Shield/Tenant/{tenantId}/Correlation/{correlationId} --- specs/Data-Gateway.json | 846 ++++++++++++++++++++++------------------ 1 file changed, 459 insertions(+), 387 deletions(-) diff --git a/specs/Data-Gateway.json b/specs/Data-Gateway.json index e6dd367..8939062 100644 --- a/specs/Data-Gateway.json +++ b/specs/Data-Gateway.json @@ -1333,11 +1333,78 @@ "requestBody": { "content": { "application/json": { - "examples": [ - { + "examples": { + "License Report": { + "description": "Sample, truncated report from an example customer environment. The request body is the License Report that to be stored.", + "summary": "Example License Report Request", + "value": { + "availableLicense": { + "3d282045-ec7f-4813-88e2-29b74ee609f7": 123456, + "5888a922-9f5b-45fd-bd5f-de3283d6a79e": 99999999, + "a4b2e176-d63d-4081-9e21-226e2ac624b9": 5, + "547404d4-8734-415f-a7ca-e9c1ffb95e48": 25, + "d76878d6-1495-4243-a334-a82bb9818cd0": 500 + }, + "correlation": { + "auditTenantAccount": "somebodyThatI@UsedToKnow.com" + }, + "licenseData": { + "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { + "assignedLicense": { + "5888a922-9f5b-45fd-bd5f-de3283d6a79e": null, + "3d282045-ec7f-4813-88e2-29b74ee609f7": null + }, + "assignedService": { + "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, + "d76878d6-1495-4243-a334-a82bb9818cd0": null + }, + "consumedService": { + "e0d101e8-6f1e-40a9-a66f-cad4112c9a59": null, + "c63b7a2d-6573-4c37-9ca8-e12b954d3198": { + "Something Here": true, + "Other Obscure feature": false + } + } + }, + "04e88835-771a-482b-9d6f-ba06c32cbb67": { + "assignedLicense": { + "3d282045-ec7f-4813-88e2-29b74ee609f7": null + }, + "assignedService": { + "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, + "d76878d6-1495-4243-a334-a82bb9818cd0": null + }, + "consumedService": { + "9d3603de-b378-4c4a-adcc-ee133cbef914": null, + "e9a4e3d3-ebe0-405a-a8f4-35a04c4dba1f": { + "Something Here": true, + "Other Obscure feature": false + } + } + } + } + } + }, + "Ignorant License Report Request": { + "description": "Clueless dev trying to automate this application without reading the docs. RTFM!", + "summary": "Ignorant License Report Request", + "value": {} + } + }, + "schema": { + "$ref": "#/components/schemas/LicenseReport" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "examples": { "License Report": { - "description": "Sample, truncated report from an example customer environment.", - "summary": "License Report", + "description": "Sample, truncated report from an example customer environment. This will return the same report as the request input.", + "summary": "Example of license report stored.", "value": { "availableLicense": { "3d282045-ec7f-4813-88e2-29b74ee609f7": 123456, @@ -1347,7 +1414,10 @@ "d76878d6-1495-4243-a334-a82bb9818cd0": 500 }, "correlation": { - "auditTenantAccount": "somebodyThatI@UsedToKnow.com" + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db" }, "licenseData": { "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { @@ -1385,82 +1455,8 @@ } } } - }, - "Ignorant License Report Request": { - "description": "Clueless dev trying to automate this application without reading the docs. RTFM!", - "summary": "Ignorant License Report Request", - "value": {} } - } - ], - "schema": { - "$ref": "#/components/schemas/LicenseReport" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json": { - "examples": [ - { - "License Report": { - "description": "Sample, truncated report from an example customer environment.", - "summary": "License Report", - "value": { - "availableLicense": { - "3d282045-ec7f-4813-88e2-29b74ee609f7": 123456, - "5888a922-9f5b-45fd-bd5f-de3283d6a79e": 99999999, - "a4b2e176-d63d-4081-9e21-226e2ac624b9": 5, - "547404d4-8734-415f-a7ca-e9c1ffb95e48": 25, - "d76878d6-1495-4243-a334-a82bb9818cd0": 500 - }, - "correlation": { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db" - }, - "licenseData": { - "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { - "assignedLicense": { - "5888a922-9f5b-45fd-bd5f-de3283d6a79e": null, - "3d282045-ec7f-4813-88e2-29b74ee609f7": null - }, - "assignedService": { - "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, - "d76878d6-1495-4243-a334-a82bb9818cd0": null - }, - "consumedService": { - "e0d101e8-6f1e-40a9-a66f-cad4112c9a59": null, - "c63b7a2d-6573-4c37-9ca8-e12b954d3198": { - "Something Here": true, - "Other Obscure feature": false - } - } - }, - "04e88835-771a-482b-9d6f-ba06c32cbb67": { - "assignedLicense": { - "3d282045-ec7f-4813-88e2-29b74ee609f7": null - }, - "assignedService": { - "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, - "d76878d6-1495-4243-a334-a82bb9818cd0": null - }, - "consumedService": { - "9d3603de-b378-4c4a-adcc-ee133cbef914": null, - "e9a4e3d3-ebe0-405a-a8f4-35a04c4dba1f": { - "Something Here": true, - "Other Obscure feature": false - } - } - } - } - } - } - } - ], + }, "schema": { "$ref": "#/components/schemas/LicenseReport" } @@ -1498,38 +1494,56 @@ "200": { "content": { "application/json": { - "examples": [ - { - "Example License Report": { - "description": "Sample list of correlation records for the authenticated tenant.", - "summary": "Available Correlation Records", - "value": [ - { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", - "createdAt": "2024-08-01T21:14:45.026Z", - "updatedAt": "2024-08-01T21:14:45.026Z" - }, - { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "d8095827-a313-40e1-b086-f72636de0edf", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", - "createdAt": "2024-07-25T21:14:45.026Z", - "updatedAt": "2024-07-25T21:14:45.026Z" - } - ] - } + "examples": { + "Example Correlation Records": { + "description": "Sample list of correlation records for the current authenticated tenant.", + "summary": "Available Correlation Records", + "value": [ + { + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", + "createdAt": "2024-08-01T21:14:45.026Z", + "updatedAt": "2024-08-01T21:14:45.026Z" + }, + { + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "d8095827-a313-40e1-b086-f72636de0edf", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", + "createdAt": "2024-07-25T21:14:45.026Z", + "updatedAt": "2024-07-25T21:14:45.026Z" + } + ] } - ], + }, "schema": { "type": "array", "minItems": 0, "items": { "$ref": "#/components/schemas/LicenseReport.CorrelationRecord" - } + }, + "examples": [ + [ + { + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", + "createdAt": "2024-08-01T21:14:45.026Z", + "updatedAt": "2024-08-01T21:14:45.026Z" + }, + { + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "d8095827-a313-40e1-b086-f72636de0edf", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", + "createdAt": "2024-07-25T21:14:45.026Z", + "updatedAt": "2024-07-25T21:14:45.026Z" + } + ] + ] } } }, @@ -1565,38 +1579,56 @@ "200": { "content": { "application/json": { - "examples": [ - { - "Example License Report": { - "description": "Sample list of correlation records for the authenticated tenant.", - "summary": "Available Correlation Records", - "value": [ - { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", - "createdAt": "2024-08-01T21:14:45.026Z", - "updatedAt": "2024-08-01T21:14:45.026Z" - }, - { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "d8095827-a313-40e1-b086-f72636de0edf", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", - "createdAt": "2024-07-25T21:14:45.026Z", - "updatedAt": "2024-07-25T21:14:45.026Z" - } - ] - } + "examples": { + "Example Correlation Records": { + "description": "Sample list of correlation records for the specified tenant.", + "summary": "Available Correlation Records", + "value": [ + { + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", + "createdAt": "2024-08-01T21:14:45.026Z", + "updatedAt": "2024-08-01T21:14:45.026Z" + }, + { + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "d8095827-a313-40e1-b086-f72636de0edf", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", + "createdAt": "2024-07-25T21:14:45.026Z", + "updatedAt": "2024-07-25T21:14:45.026Z" + } + ] } - ], + }, "schema": { "type": "array", "minItems": 0, "items": { "$ref": "#/components/schemas/LicenseReport.CorrelationRecord" - } + }, + "examples": [ + [ + { + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", + "createdAt": "2024-08-01T21:14:45.026Z", + "updatedAt": "2024-08-01T21:14:45.026Z" + }, + { + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "d8095827-a313-40e1-b086-f72636de0edf", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db", + "createdAt": "2024-07-25T21:14:45.026Z", + "updatedAt": "2024-07-25T21:14:45.026Z" + } + ] + ] } } }, @@ -1629,64 +1661,62 @@ "200": { "content": { "application/json": { - "examples": [ - { - "License Report": { - "description": "Sample, truncated report from an example customer environment.", - "summary": "License Report", - "value": { - "availableLicense": { - "3d282045-ec7f-4813-88e2-29b74ee609f7": 123456, - "5888a922-9f5b-45fd-bd5f-de3283d6a79e": 99999999, - "a4b2e176-d63d-4081-9e21-226e2ac624b9": 5, - "547404d4-8734-415f-a7ca-e9c1ffb95e48": 25, - "d76878d6-1495-4243-a334-a82bb9818cd0": 500 - }, - "correlation": { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db" - }, - "licenseData": { - "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { - "assignedLicense": { - "5888a922-9f5b-45fd-bd5f-de3283d6a79e": null, - "3d282045-ec7f-4813-88e2-29b74ee609f7": null - }, - "assignedService": { - "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, - "d76878d6-1495-4243-a334-a82bb9818cd0": null - }, - "consumedService": { - "e0d101e8-6f1e-40a9-a66f-cad4112c9a59": null, - "c63b7a2d-6573-4c37-9ca8-e12b954d3198": { - "Something Here": true, - "Other Obscure feature": false - } + "examples": { + "Example License Report": { + "description": "Sample, truncated license report from an example customer environment for a correlation record of the current authenticated tenant.", + "summary": "Example License Report", + "value": { + "availableLicense": { + "3d282045-ec7f-4813-88e2-29b74ee609f7": 123456, + "5888a922-9f5b-45fd-bd5f-de3283d6a79e": 99999999, + "a4b2e176-d63d-4081-9e21-226e2ac624b9": 5, + "547404d4-8734-415f-a7ca-e9c1ffb95e48": 25, + "d76878d6-1495-4243-a334-a82bb9818cd0": 500 + }, + "correlation": { + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db" + }, + "licenseData": { + "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { + "assignedLicense": { + "5888a922-9f5b-45fd-bd5f-de3283d6a79e": null, + "3d282045-ec7f-4813-88e2-29b74ee609f7": null + }, + "assignedService": { + "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, + "d76878d6-1495-4243-a334-a82bb9818cd0": null + }, + "consumedService": { + "e0d101e8-6f1e-40a9-a66f-cad4112c9a59": null, + "c63b7a2d-6573-4c37-9ca8-e12b954d3198": { + "Something Here": true, + "Other Obscure feature": false } + } + }, + "04e88835-771a-482b-9d6f-ba06c32cbb67": { + "assignedLicense": { + "3d282045-ec7f-4813-88e2-29b74ee609f7": null }, - "04e88835-771a-482b-9d6f-ba06c32cbb67": { - "assignedLicense": { - "3d282045-ec7f-4813-88e2-29b74ee609f7": null - }, - "assignedService": { - "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, - "d76878d6-1495-4243-a334-a82bb9818cd0": null - }, - "consumedService": { - "9d3603de-b378-4c4a-adcc-ee133cbef914": null, - "e9a4e3d3-ebe0-405a-a8f4-35a04c4dba1f": { - "Something Here": true, - "Other Obscure feature": false - } + "assignedService": { + "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, + "d76878d6-1495-4243-a334-a82bb9818cd0": null + }, + "consumedService": { + "9d3603de-b378-4c4a-adcc-ee133cbef914": null, + "e9a4e3d3-ebe0-405a-a8f4-35a04c4dba1f": { + "Something Here": true, + "Other Obscure feature": false } } } } } } - ], + }, "schema": { "$ref": "#/components/schemas/LicenseReport" } @@ -1749,64 +1779,62 @@ "200": { "content": { "application/json": { - "examples": [ - { - "License Report": { - "description": "Sample, truncated report from an example customer environment.", - "summary": "License Report", - "value": { - "availableLicense": { - "3d282045-ec7f-4813-88e2-29b74ee609f7": 123456, - "5888a922-9f5b-45fd-bd5f-de3283d6a79e": 99999999, - "a4b2e176-d63d-4081-9e21-226e2ac624b9": 5, - "547404d4-8734-415f-a7ca-e9c1ffb95e48": 25, - "d76878d6-1495-4243-a334-a82bb9818cd0": 500 - }, - "correlation": { - "auditTenantAccount": "somebodyThatI@example.com", - "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", - "reportTenantAccount": "usedToKnow@example.com", - "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db" - }, - "licenseData": { - "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { - "assignedLicense": { - "5888a922-9f5b-45fd-bd5f-de3283d6a79e": null, - "3d282045-ec7f-4813-88e2-29b74ee609f7": null - }, - "assignedService": { - "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, - "d76878d6-1495-4243-a334-a82bb9818cd0": null - }, - "consumedService": { - "e0d101e8-6f1e-40a9-a66f-cad4112c9a59": null, - "c63b7a2d-6573-4c37-9ca8-e12b954d3198": { - "Something Here": true, - "Other Obscure feature": false - } + "examples": { + "License Report": { + "description": "Sample, truncated report from an example customer environment for a correlation record of the specified tenant.", + "summary": "Example License Report", + "value": { + "availableLicense": { + "3d282045-ec7f-4813-88e2-29b74ee609f7": 123456, + "5888a922-9f5b-45fd-bd5f-de3283d6a79e": 99999999, + "a4b2e176-d63d-4081-9e21-226e2ac624b9": 5, + "547404d4-8734-415f-a7ca-e9c1ffb95e48": 25, + "d76878d6-1495-4243-a334-a82bb9818cd0": 500 + }, + "correlation": { + "auditTenantAccount": "somebodyThatI@example.com", + "correlationId": "6d7c9271-9e68-4bdf-9ae3-f90c4213f74b", + "reportTenantAccount": "usedToKnow@example.com", + "tenantId": "3d6e7b7e-8d9a-4eb0-8753-67829b3934db" + }, + "licenseData": { + "250844e1-a7ab-4f21-8e3f-58f51b5983a3": { + "assignedLicense": { + "5888a922-9f5b-45fd-bd5f-de3283d6a79e": null, + "3d282045-ec7f-4813-88e2-29b74ee609f7": null + }, + "assignedService": { + "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, + "d76878d6-1495-4243-a334-a82bb9818cd0": null + }, + "consumedService": { + "e0d101e8-6f1e-40a9-a66f-cad4112c9a59": null, + "c63b7a2d-6573-4c37-9ca8-e12b954d3198": { + "Something Here": true, + "Other Obscure feature": false } + } + }, + "04e88835-771a-482b-9d6f-ba06c32cbb67": { + "assignedLicense": { + "3d282045-ec7f-4813-88e2-29b74ee609f7": null }, - "04e88835-771a-482b-9d6f-ba06c32cbb67": { - "assignedLicense": { - "3d282045-ec7f-4813-88e2-29b74ee609f7": null - }, - "assignedService": { - "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, - "d76878d6-1495-4243-a334-a82bb9818cd0": null - }, - "consumedService": { - "9d3603de-b378-4c4a-adcc-ee133cbef914": null, - "e9a4e3d3-ebe0-405a-a8f4-35a04c4dba1f": { - "Something Here": true, - "Other Obscure feature": false - } + "assignedService": { + "a4b2e176-d63d-4081-9e21-226e2ac624b9": null, + "d76878d6-1495-4243-a334-a82bb9818cd0": null + }, + "consumedService": { + "9d3603de-b378-4c4a-adcc-ee133cbef914": null, + "e9a4e3d3-ebe0-405a-a8f4-35a04c4dba1f": { + "Something Here": true, + "Other Obscure feature": false } } } } } } - ], + }, "schema": { "$ref": "#/components/schemas/LicenseReport" } @@ -2288,59 +2316,57 @@ "requestBody": { "content": { "application/json": { - "examples": [ - { - "Specialized Purchase": { - "description": "Add-on purchase for the specified customer for some additional specialized licenses.", - "summary": "Specialized Purchase", - "value": { - "enterpriseDeviceCount": 0, - "enterpriseInterfaceCount": 0, - "enterpriseIntermediaryCount": 0, - "enterpriseUserCount": 0, - "notValidAfter": "2024-07-30T18:09:05.970Z", - "notValidBefore": "1970-01-01T00:00:00.000Z", - "privilegedDeviceCount": 0, - "privilegedInterfaceCount": 0, - "privilegedIntermediaryCount": 0, - "privilegedUserCount": 0, - "purchaseId": "ABC123", - "specializedDeviceCount": 50, - "specializedInterfaceCount": 3, - "specializedIntermediaryCount": 1, - "specializedUserCount": 50, - "tenantId": "4b00fb78-d291-4dbd-8c0a-c93ae20bffd1" - } - }, - "Initial Purchase": { - "description": "Complete suite of components purchased for the specified customer.", - "summary": "Initial Purchase", - "value": { - "enterpriseDeviceCount": 7000, - "enterpriseInterfaceCount": 500, - "enterpriseIntermediaryCount": 10, - "enterpriseUserCount": 7000, - "notValidAfter": "2024-07-30T18:12:23.049Z", - "notValidBefore": "1970-01-01T00:00:00.000Z", - "privilegedDeviceCount": 200, - "privilegedInterfaceCount": 50, - "privilegedIntermediaryCount": 3, - "privilegedUserCount": 200, - "purchaseId": "654DEF", - "specializedDeviceCount": 1000, - "specializedInterfaceCount": 11, - "specializedIntermediaryCount": 2, - "specializedUserCount": 1000, - "tenantId": "58ffb93f-5098-4630-bfc4-eeb4664208b4" - } - }, - "Ignorant Entitlement Creation Request": { - "description": "Clueless dev trying to automate this application without reading the docs. RTFM!", - "summary": "Ignorant Entitlement Creation Request", - "value": {} + "examples": { + "Specialized Purchase": { + "description": "Add-on purchase for the specified customer for some additional specialized licenses.", + "summary": "Specialized Purchase", + "value": { + "enterpriseDeviceCount": 0, + "enterpriseInterfaceCount": 0, + "enterpriseIntermediaryCount": 0, + "enterpriseUserCount": 0, + "notValidAfter": "2024-07-30T18:09:05.970Z", + "notValidBefore": "1970-01-01T00:00:00.000Z", + "privilegedDeviceCount": 0, + "privilegedInterfaceCount": 0, + "privilegedIntermediaryCount": 0, + "privilegedUserCount": 0, + "purchaseId": "ABC123", + "specializedDeviceCount": 50, + "specializedInterfaceCount": 3, + "specializedIntermediaryCount": 1, + "specializedUserCount": 50, + "tenantId": "4b00fb78-d291-4dbd-8c0a-c93ae20bffd1" } + }, + "Initial Purchase": { + "description": "Complete suite of components purchased for the specified customer.", + "summary": "Initial Purchase", + "value": { + "enterpriseDeviceCount": 7000, + "enterpriseInterfaceCount": 500, + "enterpriseIntermediaryCount": 10, + "enterpriseUserCount": 7000, + "notValidAfter": "2024-07-30T18:12:23.049Z", + "notValidBefore": "1970-01-01T00:00:00.000Z", + "privilegedDeviceCount": 200, + "privilegedInterfaceCount": 50, + "privilegedIntermediaryCount": 3, + "privilegedUserCount": 200, + "purchaseId": "654DEF", + "specializedDeviceCount": 1000, + "specializedInterfaceCount": 11, + "specializedIntermediaryCount": 2, + "specializedUserCount": 1000, + "tenantId": "58ffb93f-5098-4630-bfc4-eeb4664208b4" + } + }, + "Ignorant Entitlement Creation Request": { + "description": "Clueless dev trying to automate this application without reading the docs. RTFM!", + "summary": "Ignorant Entitlement Creation Request", + "value": {} } - ], + }, "schema": { "$ref": "#/components/schemas/LicenseEntitlement.Shield" } @@ -2351,56 +2377,54 @@ "200": { "content": { "application/json": { - "examples": [ - { - "Small MSP": { - "description": "Example license entitlement for a small MSP.", - "summary": "Local MSP", - "value": { - "correlationId": "60594489-6022-4ddb-8aa5-288c8d356cf2", - "enterpriseDeviceCount": 25, - "enterpriseInterfaceCount": 25, - "enterpriseIntermediaryCount": 25, - "enterpriseUserCount": 25, - "notValidAfter": "2024-07-30T17:56:00.704Z", - "notValidBefore": "1970-01-01T00:00:00.000Z", - "privilegedDeviceCount": 10, - "privilegedInterfaceCount": 10, - "privilegedIntermediaryCount": 2, - "privilegedUserCount": 10, - "purchaseId": "Bob's your mother's brother.", - "specializedDeviceCount": 5, - "specializedInterfaceCount": 5, - "specializedIntermediaryCount": 0, - "specializedUserCount": 5, - "tenantId": "1948adeb-797f-466b-962d-cc708a69d08d" - } - }, - "Enterprise": { - "description": "Example license entitlement for an enterprise sized company.", - "summary": "Enterprise", - "value": { - "correlationId": "46569e8d-eeaa-42f4-b954-05a998108eee", - "enterpriseDeviceCount": 50000, - "enterpriseInterfaceCount": 50000, - "enterpriseIntermediaryCount": 100, - "enterpriseUserCount": 50000, - "notValidAfter": "2024-07-30T17:58:54.619Z", - "notValidBefore": "1970-01-01T00:00:00.000Z", - "privilegedDeviceCount": 300, - "privilegedInterfaceCount": 100, - "privilegedIntermediaryCount": 50, - "privilegedUserCount": 300, - "purchaseId": "Bob's your mother's brother.", - "specializedDeviceCount": 1000, - "specializedInterfaceCount": 5, - "specializedIntermediaryCount": 10, - "specializedUserCount": 1000, - "tenantId": "bf78263c-6cec-44bc-9893-024dde25a486" - } + "examples": { + "Small MSP": { + "description": "Example license entitlement for a small MSP.", + "summary": "Local MSP", + "value": { + "correlationId": "60594489-6022-4ddb-8aa5-288c8d356cf2", + "enterpriseDeviceCount": 25, + "enterpriseInterfaceCount": 25, + "enterpriseIntermediaryCount": 25, + "enterpriseUserCount": 25, + "notValidAfter": "2024-07-30T17:56:00.704Z", + "notValidBefore": "1970-01-01T00:00:00.000Z", + "privilegedDeviceCount": 10, + "privilegedInterfaceCount": 10, + "privilegedIntermediaryCount": 2, + "privilegedUserCount": 10, + "purchaseId": "Bob's your mother's brother.", + "specializedDeviceCount": 5, + "specializedInterfaceCount": 5, + "specializedIntermediaryCount": 0, + "specializedUserCount": 5, + "tenantId": "1948adeb-797f-466b-962d-cc708a69d08d" + } + }, + "Enterprise": { + "description": "Example license entitlement for an enterprise sized company.", + "summary": "Enterprise", + "value": { + "correlationId": "46569e8d-eeaa-42f4-b954-05a998108eee", + "enterpriseDeviceCount": 50000, + "enterpriseInterfaceCount": 50000, + "enterpriseIntermediaryCount": 100, + "enterpriseUserCount": 50000, + "notValidAfter": "2024-07-30T17:58:54.619Z", + "notValidBefore": "1970-01-01T00:00:00.000Z", + "privilegedDeviceCount": 300, + "privilegedInterfaceCount": 100, + "privilegedIntermediaryCount": 50, + "privilegedUserCount": 300, + "purchaseId": "Bob's your mother's brother.", + "specializedDeviceCount": 1000, + "specializedInterfaceCount": 5, + "specializedIntermediaryCount": 10, + "specializedUserCount": 1000, + "tenantId": "bf78263c-6cec-44bc-9893-024dde25a486" } } - ], + }, "schema": { "$ref": "#/components/schemas/LicenseEntitlement.Shield" } @@ -2427,64 +2451,62 @@ "200": { "content": { "application/json": { - "examples": [ - { - "Small MSP": { - "description": "Example active license count for a small MSP.", - "summary": "Local MSP", - "value": { - "enterpriseDeviceCount": 54, - "enterpriseInterfaceCount": 46, - "enterpriseIntermediaryCount": 2, - "enterpriseUserCount": 54, - "privilegedDeviceCount": 12, - "privilegedInterfaceCount": 52, - "privilegedIntermediaryCount": 4, - "privilegedUserCount": 12, - "specializedDeviceCount": 20, - "specializedInterfaceCount": 15, - "specializedIntermediaryCount": 0, - "specializedUserCount": 20 - } - }, - "No Licenses": { - "description": "Example license count for a company that doesn't have any licenses.", - "summary": "No License", - "value": { - "enterpriseDeviceCount": 0, - "enterpriseInterfaceCount": 0, - "enterpriseIntermediaryCount": 0, - "enterpriseUserCount": 0, - "privilegedDeviceCount": 0, - "privilegedInterfaceCount": 0, - "privilegedIntermediaryCount": 0, - "privilegedUserCount": 0, - "specializedDeviceCount": 0, - "specializedInterfaceCount": 0, - "specializedIntermediaryCount": 0, - "specializedUserCount": 0 - } - }, - "Enterprise": { - "description": "Example active license count for an enterprise sized company.", - "summary": "Enterprise", - "value": { - "enterpriseDeviceCount": 60000, - "enterpriseInterfaceCount": 500, - "enterpriseIntermediaryCount": 20, - "enterpriseUserCount": 60000, - "privilegedDeviceCount": 200, - "privilegedInterfaceCount": 450, - "privilegedIntermediaryCount": 15, - "privilegedUserCount": 200, - "specializedDeviceCount": 1000, - "specializedInterfaceCount": 50, - "specializedIntermediaryCount": 2, - "specializedUserCount": 1000 - } + "examples": { + "Small MSP": { + "description": "Example active license count for a small MSP for the currently authenticated tenant.", + "summary": "Local MSP", + "value": { + "enterpriseDeviceCount": 54, + "enterpriseInterfaceCount": 46, + "enterpriseIntermediaryCount": 2, + "enterpriseUserCount": 54, + "privilegedDeviceCount": 12, + "privilegedInterfaceCount": 52, + "privilegedIntermediaryCount": 4, + "privilegedUserCount": 12, + "specializedDeviceCount": 20, + "specializedInterfaceCount": 15, + "specializedIntermediaryCount": 0, + "specializedUserCount": 20 + } + }, + "No Licenses": { + "description": "Example license count for a company that doesn't have any licenses for the currently authenticated tenant..", + "summary": "No License", + "value": { + "enterpriseDeviceCount": 0, + "enterpriseInterfaceCount": 0, + "enterpriseIntermediaryCount": 0, + "enterpriseUserCount": 0, + "privilegedDeviceCount": 0, + "privilegedInterfaceCount": 0, + "privilegedIntermediaryCount": 0, + "privilegedUserCount": 0, + "specializedDeviceCount": 0, + "specializedInterfaceCount": 0, + "specializedIntermediaryCount": 0, + "specializedUserCount": 0 + } + }, + "Enterprise": { + "description": "Example active license count for an enterprise sized company for the currently authenticated tenant..", + "summary": "Enterprise", + "value": { + "enterpriseDeviceCount": 60000, + "enterpriseInterfaceCount": 500, + "enterpriseIntermediaryCount": 20, + "enterpriseUserCount": 60000, + "privilegedDeviceCount": 200, + "privilegedInterfaceCount": 450, + "privilegedIntermediaryCount": 15, + "privilegedUserCount": 200, + "specializedDeviceCount": 1000, + "specializedInterfaceCount": 50, + "specializedIntermediaryCount": 2, + "specializedUserCount": 1000 } } - ], + }, "schema": { "$ref": "#/components/schemas/LicenseEntitlement.Shield.Count" } @@ -2519,6 +2541,56 @@ "minItems": 0, "items": { "$ref": "#/components/schemas/LicenseEntitlement.Shield" + }, + "examples": [ + [ + { + "correlationId": "e097a3f5-9599-44a2-8923-fd3276c83ae1", + "enterpriseDeviceCount": 5, + "enterpriseInterfaceCount": 6, + "enterpriseIntermediaryCount": 7, + "enterpriseUserCount": 8, + "notValidAfter": "2024-07-30T17:35:24.044Z", + "notValidBefore": "2024-07-30T17:37:15.300Z", + "privilegedDeviceCount": 9, + "privilegedInterfaceCount": 10, + "privilegedIntermediaryCount": 11, + "privilegedUserCount": 12, + "purchaseId": "any arbitrary string as purchaseId", + "specializedDeviceCount": 13, + "specializedInterfaceCount": 14, + "specializedIntermediaryCount": 15, + "specializedUserCount": 15, + "tenantId": "a2a1698d-a3e0-42d3-96a4-47eb3e8f7dd1" + } + ] + ] + }, + "examples": { + "Example Purchase": { + "summary": "Example entitlement purchase", + "description": "An example SHIELD entitlement for the specified tenant.", + "value": [ + { + "correlationId": "e097a3f5-9599-44a2-8923-fd3276c83ae1", + "enterpriseDeviceCount": 5, + "enterpriseInterfaceCount": 6, + "enterpriseIntermediaryCount": 7, + "enterpriseUserCount": 8, + "notValidAfter": "2024-07-30T17:35:24.044Z", + "notValidBefore": "2024-07-30T17:37:15.300Z", + "privilegedDeviceCount": 9, + "privilegedInterfaceCount": 10, + "privilegedIntermediaryCount": 11, + "privilegedUserCount": 12, + "purchaseId": "any arbitrary string as purchaseId", + "specializedDeviceCount": 13, + "specializedInterfaceCount": 14, + "specializedIntermediaryCount": 15, + "specializedUserCount": 15, + "tenantId": "a2a1698d-a3e0-42d3-96a4-47eb3e8f7dd1" + } + ] } } } From f0ff10e916f16e8405b5e67f3fb8047229d9ced7 Mon Sep 17 00:00:00 2001 From: Ferry To Date: Tue, 9 Sep 2025 12:29:01 +0100 Subject: [PATCH 14/28] fix: Move examples to schema's parent and keep row single value array in schema as fallback. - For Data-Gateway.json - Ensured the examples array exist in both schema level and schema individual property level. - Fixed the following path definitions: - GET /Api/Update/Shield/Channel - GET /Api/Update/Shield/Channel/{channelName} - PATCH /Api/Update/Shield/Channel/{channelName} - DELETE /Api/Update/Shield/Channel/{channelName} - This commit also fixed #37 --- specs/Data-Gateway.json | 93 ++++++++++++++++++++++++++++++++--------- 1 file changed, 74 insertions(+), 19 deletions(-) diff --git a/specs/Data-Gateway.json b/specs/Data-Gateway.json index 8939062..63cfffa 100644 --- a/specs/Data-Gateway.json +++ b/specs/Data-Gateway.json @@ -3054,6 +3054,38 @@ "type": "array", "items": { "$ref": "#/components/schemas/Update.Shield.Channel" + }, + "examples": [ + [ + { + "latest": "1.12.5", + "name": "stable", + "previous": "1.12.4" + } + ] + ] + }, + "examples": { + "Channel configuration": { + "summary": "Example all channel configs", + "description": "An example showing the all channel configurations.", + "value": [ + { + "latest": "1.12.5", + "name": "stable", + "previous": "1.12.4" + }, + { + "latest": "1.12.7", + "name": "alpha", + "previous": "1.12.6" + }, + { + "latest": "1.12.6", + "name": "beta", + "previous": "1.12.5" + } + ] } } } @@ -3089,6 +3121,26 @@ "application/json": { "schema": { "$ref": "#/components/schemas/Update.Shield.Channel" + }, + "examples": { + "Stable channel config": { + "summary": "Example stable channel config", + "description": "An example showing the stable update channel configuration.", + "value": { + "latest": "1.12.5", + "name": "stable", + "previous": "1.12.4" + } + }, + "Alpha channel config": { + "summary": "Example alpha channel config", + "description": "An example showing the alpha update channel configuration.", + "value": { + "latest": "1.12.7", + "name": "alpha", + "previous": "1.12.6" + } + } } } }, @@ -3118,33 +3170,36 @@ "requestBody": { "content": { "application/json": { - "examples": [ - { - "Channel Configuration Details": { - "description": "Example channel configuration object.", - "summary": "Channel Configuration", - "value": { - "latest": "1.12.5", - "previous": "1.12.4" - } + "examples": { + "Channel Configuration Details": { + "description": "Example channel configuration object that will add/update for specified channel.", + "summary": "Channel Configuration", + "value": { + "latest": "1.12.5", + "previous": "1.12.4" } } - ], + }, "schema": { "type": "object", "properties": { "latest": { - "description": "Flag that indicates if the ring should be operating off of the latest version number provided by the channel (`true`) or the previous (`false`).", - "examples": ["true"], - "type": "boolean" + "description": "Version number of the latest update available to the chanel.", + "examples": ["1.12.5"], + "type": "string" }, - "number": { - "description": "Ring number that this configuration belongs to.", - "examples": [1], - "type": "integer", - "minimum": 0 + "previous": { + "description": "Version number of the number that is being replaced via ring deployment, available to all rings at the minimum.", + "examples": ["1.12.14"], + "type": "string" } - } + }, + "examples": [ + { + "latest": "1.12.5", + "previous": "1.12.4" + } + ] } } } From cfdcb7636f02d99d85f77617d5af9ad712dbbac7 Mon Sep 17 00:00:00 2001 From: Ferry To Date: Tue, 9 Sep 2025 13:47:39 +0100 Subject: [PATCH 15/28] fix: Move examples to schema's parent and keep row single value array in schema as fallback. - For Data-Gateway.json - Ensured the examples array exist in both schema level and schema individual property level. - Fixed the following path definitions: - GET /Api/Update/Shield/Channel/{channelName}/Ring - GET /Api/Update/Shield/Channel/{channelName}/Ring/{number} - PATCH /Api/Update/Shield/Channel/{channelName}/Ring/{number} - DELETE /Api/Update/Shield/Channel/{channelName}/Ring/{number} - POST /Api/Update/Shield/Channel/{channelName}/Version/{version} - GET /Api/Update/Shield/Check - GET /Api/Update/Shield/Check/Channel/{channelName} - GET /Api/Update/Shield/Download - GET /Api/Update/Shield/Download/Channel/{channelName} - GET /Api/Update/Shield/Tenant/{tenantId} - PATCH /Api/Update/Shield/Tenant/{tenantId} - DELETE /Api/Update/Shield/Tenant/{tenantId} --- specs/Data-Gateway.json | 204 +++++++++++++++++++++++++++++++--------- 1 file changed, 158 insertions(+), 46 deletions(-) diff --git a/specs/Data-Gateway.json b/specs/Data-Gateway.json index 63cfffa..33e3b64 100644 --- a/specs/Data-Gateway.json +++ b/specs/Data-Gateway.json @@ -3287,6 +3287,30 @@ "type": "array", "items": { "$ref": "#/components/schemas/Update.Shield.Channel.Ring" + }, + "examples": [ + [ + { + "latest": true, + "number": 1 + } + ] + ] + }, + "examples": { + "All ring config": { + "summary": "Example all ring configs", + "description": "An example showing the configurations of all rings of the specified channel.", + "value": [ + { + "latest": true, + "number": 1 + }, + { + "latest": false, + "number": 0 + } + ] } } } @@ -3325,6 +3349,16 @@ "application/json": { "schema": { "$ref": "#/components/schemas/Update.Shield.Channel.Ring" + }, + "examples": { + "Sample ring config": { + "summary": "Example ring configuration", + "description": "An example ring configuration for the specified channel and ring.", + "value": { + "latest": true, + "number": 1 + } + } } } }, @@ -3357,17 +3391,15 @@ "requestBody": { "content": { "application/json": { - "examples": [ - { - "Channel Ring Configuration Details": { - "description": "Example channel ring configuration object.", - "summary": "Channel Ring Configuration", - "value": { - "latest": true - } + "examples": { + "Channel Ring Configuration Details": { + "description": "Example channel ring configuration object.", + "summary": "Channel Ring Configuration", + "value": { + "latest": true } } - ], + }, "schema": { "type": "object", "properties": { @@ -3376,7 +3408,12 @@ "examples": [true], "type": "boolean" } - } + }, + "examples": [ + { + "latest": false + } + ] } } } @@ -3385,18 +3422,16 @@ "200": { "content": { "application/json": { - "examples": [ - { - "Channel Ring Configuration Details": { - "description": "Example object returned on creation or update.", - "summary": "Channel Ring Configuration", - "value": { - "latest": true, - "number": 1 - } + "examples": { + "Channel Ring Configuration Details": { + "description": "Example object returned on creation or update.", + "summary": "Channel Ring Configuration", + "value": { + "latest": true, + "number": 1 } } - ], + }, "schema": { "$ref": "#/components/schemas/Update.Shield.Channel.Ring" } @@ -3502,6 +3537,15 @@ "application/json": { "schema": { "$ref": "#/components/schemas/Update.Shield.Check" + }, + "examples": { + "Latest package version": { + "summary": "Example latest application version", + "description": "An example showing the latest SHIELD package available.", + "value": { + "updateVersion": "1.12.5" + } + } } } }, @@ -3530,6 +3574,15 @@ "application/json": { "schema": { "$ref": "#/components/schemas/Update.Shield.Check" + }, + "examples": { + "Latest package version": { + "summary": "Example latest application version", + "description": "An example showing the latest SHIELD package available for the specified channel.", + "value": { + "updateVersion": "1.12.5" + } + } } } }, @@ -3554,7 +3607,17 @@ "application/zip": { "schema": { "type": "string", - "format": "binary" + "format": "binary", + "examples": [ + "UEsDBBQAAAAIAAeLbU0AAAAAAAAAAAAAAAAJAAQATm90ZS50eHRVVAkAA1V2YV... (truncated)" + ] + }, + "examples": { + "base64-inline": { + "summary": "Base64-encoded ZIP)", + "description": "Base64 encoding of a small ZIP (truncated) to simulate a update package binary string for the channel specified.", + "value": "UEsDBBQAAAAIAAeLbU0AAAAAAAAAAAAAAAAJAAQATm90ZS50eHRVVAkAA1V2YV... (truncated)" + } } } } @@ -3583,7 +3646,17 @@ "application/zip": { "schema": { "type": "string", - "format": "binary" + "format": "binary", + "examples": [ + "UEsDBBQAAAAIAAeLbU0AAAAAAAAAAAAAAAAJAAQATm90ZS50eHRVVAkAA1V2YV... (truncated)" + ] + }, + "examples": { + "base64-inline": { + "summary": "Base64-encoded ZIP", + "description": "Base64 encoding of a small ZIP (truncated) to simulate a update package binary string for the channel specified.", + "value": "UEsDBBQAAAAIAAeLbU0AAAAAAAAAAAAAAAAJAAQATm90ZS50eHRVVAkAA1V2YV... (truncated)" + } } } } @@ -3611,6 +3684,30 @@ "type": "array", "items": { "$ref": "#/components/schemas/Update.Shield.Tenant" + }, + "examples": [ + [ + { + "alphaEnabled": false, + "channel": "stable", + "ring": 1, + "tenantId": "1d71e0fe-6e4a-464d-a690-80addf3bda55" + } + ] + ] + }, + "examples": { + "All tenant list": { + "summary": "Example all tenant list", + "description": "A example truncated list of all tenant configurations that present in the update service.", + "value": [ + { + "alphaEnabled": false, + "channel": "stable", + "ring": 1, + "tenantId": "1d71e0fe-6e4a-464d-a690-80addf3bda55" + } + ] } } } @@ -3646,6 +3743,18 @@ "application/json": { "schema": { "$ref": "#/components/schemas/Update.Shield.Tenant" + }, + "examples": { + "Tenant config": { + "summary": "Example tenant config", + "description": "A example configurations that present in the update service of the specified tenant.", + "value": { + "alphaEnabled": false, + "channel": "stable", + "ring": 1, + "tenantId": "1d71e0fe-6e4a-464d-a690-80addf3bda55" + } + } } } }, @@ -3675,19 +3784,17 @@ "requestBody": { "content": { "application/json": { - "examples": [ - { - "Tenant Configuration Details": { - "description": "Example tenant configuration object.", - "summary": "Tenant Configuration", - "value": { - "alphaEnabled": false, - "channel": "stable", - "ring": 1 - } + "examples": { + "Tenant Configuration Details": { + "description": "Example tenant configuration object.", + "summary": "Tenant Configuration", + "value": { + "alphaEnabled": false, + "channel": "stable", + "ring": 1 } } - ], + }, "schema": { "type": "object", "properties": { @@ -3706,7 +3813,14 @@ "examples": [1], "type": "integer" } - } + }, + "examples": [ + { + "alphaEnabled": false, + "channel": "stable", + "ring": 1 + } + ] } } } @@ -3715,20 +3829,18 @@ "200": { "content": { "application/json": { - "examples": [ - { - "Tenant Configuration Details": { - "description": "Example object returned on creation or update.", - "summary": "Tenant Configuration", - "value": { - "alphaEnabled": false, - "channel": "stable", - "ring": 1, - "tenantId": "a2a1698d-a3e0-42d3-96a4-47eb3e8f7dd1" - } + "examples": { + "Tenant Configuration Details": { + "description": "Example object returned on creation or update with tenantId set.", + "summary": "Tenant Configuration", + "value": { + "alphaEnabled": false, + "channel": "stable", + "ring": 1, + "tenantId": "a2a1698d-a3e0-42d3-96a4-47eb3e8f7dd1" } } - ], + }, "schema": { "$ref": "#/components/schemas/Update.Shield.Tenant" } From 1cc21fe57857a9bcdc0de0906e046932e504f824 Mon Sep 17 00:00:00 2001 From: Ferry To Date: Tue, 9 Sep 2025 14:02:01 +0100 Subject: [PATCH 16/28] fix: Missing examples in /Api/Update/Shield/Channel/{channelName}` json response --- specs/Data-Gateway.json | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/specs/Data-Gateway.json b/specs/Data-Gateway.json index 33e3b64..08d20ff 100644 --- a/specs/Data-Gateway.json +++ b/specs/Data-Gateway.json @@ -3208,8 +3208,7 @@ "200": { "content": { "application/json": { - "examples": [ - { + "examples": { "Channel Configuration Details": { "description": "Example object returned on creation or update.", "summary": "Channel Configuration", @@ -3219,8 +3218,7 @@ "previous": "1.12.4" } } - } - ], + }, "schema": { "$ref": "#/components/schemas/Update.Shield.Channel" } From 33a4bdc2250b3b8f759398e90a47a2b99bdef8c7 Mon Sep 17 00:00:00 2001 From: Ferry To Date: Fri, 3 Oct 2025 12:02:41 +0100 Subject: [PATCH 17/28] feat: Add specification skeleton for architecture report APIs --- specs/SHIELD.json | 73 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) diff --git a/specs/SHIELD.json b/specs/SHIELD.json index 9afda1d..4881f4f 100644 --- a/specs/SHIELD.json +++ b/specs/SHIELD.json @@ -3899,6 +3899,79 @@ "summary": "Deploy Marketplace Offering", "tags": ["Marketplace"] } + }, + "/Api/ArchitectureReport": { + "post": { + "description": "Configure a route to store new architectural analysis report information.", + "operationId": "/Api/ArchitectureReport/Post", + "parameters": [], + "requestBody": {}, + "responses": {}, + "summary": {}, + "tags": ["ArchitectureReport"] + } + }, + "/Api/ArchitectureReport/Correlation": { + "get": { + "description": "Configure a route to retrieve the list of correlation records for the authenticated tenant.", + "operationId": "/Api/ArchitectureReport/Correlation/Post", + "parameters": [], + "requestBody": {}, + "responses": {}, + "summary": {}, + "tags": ["ArchitectureReport"] + } + }, + "/Api/ArchitectureReport/Correlation/Tenant/{tenantId}": { + "get": { + "description": "Configure a route to retrieve the list of correlation records for the specified tenant, if the caller is SHI and authorized.", + "operationId": "/Api/ArchitectureReport/Correlation/Tenant/:tenantId/Get", + "parameters": [], + "requestBody": {}, + "responses": {}, + "summary": {}, + "tags": ["ArchitectureReport"] + } + }, + "/Api/ArchitectureReport/Correlation/{correlationId}/Data": { + "get": { + "description": "Configure a route to retrieve architectural analysis report for the specified correlation ID in the authenticated tenant.", + "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Data/Get", + "parameters": [], + "requestBody": {}, + "responses": {}, + "summary": {}, + "tags": ["ArchitectureReport"] + }, + "delete": { + "description": "Configure a route to allow customers to self service delete architectural analysis reports.", + "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Data/Delete", + "parameters": [], + "requestBody": {}, + "responses": {}, + "summary": {}, + "tags": ["ArchitectureReport"] + } + }, + "/Api/ArchitectureReport/Correlation/{correlationId}/Tenant/{tenantId}/Data": { + "get": { + "description": "Configure a route to retrieve architectural analysis report for the specified correlation ID for the specified tenant, if the caller is SHI and authorized.", + "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Tenant/:tenantId/Data/Get", + "parameters": [], + "requestBody": {}, + "responses": {}, + "summary": {}, + "tags": ["ArchitectureReport"] + }, + "delete": { + "description": "Configure a route to remove the specified architectural analysis report.", + "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Tenant/:tenantId/Data/Delete", + "parameters": [], + "requestBody": {}, + "responses": {}, + "summary": {}, + "tags": ["ArchitectureReport"] + } } }, "security": [ From 5dc30404615ced2ebffe1cbd64609fd2d6554f64 Mon Sep 17 00:00:00 2001 From: Ferry To Date: Fri, 3 Oct 2025 13:31:02 +0100 Subject: [PATCH 18/28] feat: Add path parameter tenantId. --- specs/SHIELD.json | 43 +++++++++++++++++++++++++++++++++++++------ 1 file changed, 37 insertions(+), 6 deletions(-) diff --git a/specs/SHIELD.json b/specs/SHIELD.json index 4881f4f..97a77c2 100644 --- a/specs/SHIELD.json +++ b/specs/SHIELD.json @@ -1,6 +1,27 @@ { "components": { "parameters": { + "tenantId": { + "description": "The object ID of the tenant identifier for the specific records", + "in": "path", + "name": "tenantId", + "required": true, + "schema": { + "examples": ["1d71e0fe-6e4a-464d-a690-80addf3bda55"], + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string" + }, + "examples": { + "valid correlation ID": { + "value": "1d71e0fe-6e4a-464d-a690-80addf3bda55", + "summary": "Example valid tenant ID", + "description": "An example of a valid tenant ID in type UUID." + } + } + }, "correlationId": { "description": "The object ID of the correlation identifier for the specified record.", "in": "path", @@ -3904,7 +3925,6 @@ "post": { "description": "Configure a route to store new architectural analysis report information.", "operationId": "/Api/ArchitectureReport/Post", - "parameters": [], "requestBody": {}, "responses": {}, "summary": {}, @@ -3915,7 +3935,6 @@ "get": { "description": "Configure a route to retrieve the list of correlation records for the authenticated tenant.", "operationId": "/Api/ArchitectureReport/Correlation/Post", - "parameters": [], "requestBody": {}, "responses": {}, "summary": {}, @@ -3926,7 +3945,9 @@ "get": { "description": "Configure a route to retrieve the list of correlation records for the specified tenant, if the caller is SHI and authorized.", "operationId": "/Api/ArchitectureReport/Correlation/Tenant/:tenantId/Get", - "parameters": [], + "parameters": [{ + "$ref": "#/components/parameters/tenantId" + }], "requestBody": {}, "responses": {}, "summary": {}, @@ -3937,7 +3958,9 @@ "get": { "description": "Configure a route to retrieve architectural analysis report for the specified correlation ID in the authenticated tenant.", "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Data/Get", - "parameters": [], + "parameters": [{ + "$ref": "#/components/parameters/correlationId" + }], "requestBody": {}, "responses": {}, "summary": {}, @@ -3957,7 +3980,11 @@ "get": { "description": "Configure a route to retrieve architectural analysis report for the specified correlation ID for the specified tenant, if the caller is SHI and authorized.", "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Tenant/:tenantId/Data/Get", - "parameters": [], + "parameters": [{ + "$ref": "#/components/parameters/correlationId" + },{ + "$ref": "#/components/parameters/tenantId" + }], "requestBody": {}, "responses": {}, "summary": {}, @@ -3966,7 +3993,11 @@ "delete": { "description": "Configure a route to remove the specified architectural analysis report.", "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Tenant/:tenantId/Data/Delete", - "parameters": [], + "parameters": [{ + "$ref": "#/components/parameters/correlationId" + }, { + "$ref": "#/components/parameters/tenantId" + }], "requestBody": {}, "responses": {}, "summary": {}, From dfda75f623b8dacbc678091a98d9ae4e36875578 Mon Sep 17 00:00:00 2001 From: Ferry To Date: Fri, 3 Oct 2025 13:47:57 +0100 Subject: [PATCH 19/28] feat: Filled all description and summary fields. --- specs/SHIELD.json | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/specs/SHIELD.json b/specs/SHIELD.json index 97a77c2..d272af6 100644 --- a/specs/SHIELD.json +++ b/specs/SHIELD.json @@ -3923,62 +3923,64 @@ }, "/Api/ArchitectureReport": { "post": { - "description": "Configure a route to store new architectural analysis report information.", + "description": "A route to store a new architectural analysis report information.", "operationId": "/Api/ArchitectureReport/Post", "requestBody": {}, "responses": {}, - "summary": {}, + "summary": "Store new architectural analysis report.", "tags": ["ArchitectureReport"] } }, "/Api/ArchitectureReport/Correlation": { "get": { - "description": "Configure a route to retrieve the list of correlation records for the authenticated tenant.", + "description": "A route to retrieve the list of correlation records for the authenticated tenant.", "operationId": "/Api/ArchitectureReport/Correlation/Post", "requestBody": {}, "responses": {}, - "summary": {}, + "summary": "Retrieve correlation records for current tenant.", "tags": ["ArchitectureReport"] } }, "/Api/ArchitectureReport/Correlation/Tenant/{tenantId}": { "get": { - "description": "Configure a route to retrieve the list of correlation records for the specified tenant, if the caller is SHI and authorized.", + "description": "Internal API route to retrieve the list of correlation records for the specified tenant, if the caller is SHI and authorized.", "operationId": "/Api/ArchitectureReport/Correlation/Tenant/:tenantId/Get", "parameters": [{ "$ref": "#/components/parameters/tenantId" }], "requestBody": {}, "responses": {}, - "summary": {}, + "summary": "Retrieve correlation records for the specified tenant.", "tags": ["ArchitectureReport"] } }, "/Api/ArchitectureReport/Correlation/{correlationId}/Data": { "get": { - "description": "Configure a route to retrieve architectural analysis report for the specified correlation ID in the authenticated tenant.", + "description": "A route to retrieve architectural analysis report for the specified correlation ID in the authenticated tenant.", "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Data/Get", "parameters": [{ "$ref": "#/components/parameters/correlationId" }], "requestBody": {}, "responses": {}, - "summary": {}, + "summary": "Retrieve architectural analysis report for current tenant by specified correlation ID.", "tags": ["ArchitectureReport"] }, "delete": { - "description": "Configure a route to allow customers to self service delete architectural analysis reports.", + "description": "A route to allow customers to self service delete architectural analysis report.", "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Data/Delete", - "parameters": [], + "parameters": [{ + "$ref": "#/components/parameters/correlationId" + }], "requestBody": {}, "responses": {}, - "summary": {}, + "summary": "Delete specific architectural analysis report by correlation ID.", "tags": ["ArchitectureReport"] } }, "/Api/ArchitectureReport/Correlation/{correlationId}/Tenant/{tenantId}/Data": { "get": { - "description": "Configure a route to retrieve architectural analysis report for the specified correlation ID for the specified tenant, if the caller is SHI and authorized.", + "description": "Internal API route to retrieve architectural analysis report for the specified correlation ID for the specified tenant, if the caller is SHI and authorized.", "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Tenant/:tenantId/Data/Get", "parameters": [{ "$ref": "#/components/parameters/correlationId" @@ -3987,11 +3989,11 @@ }], "requestBody": {}, "responses": {}, - "summary": {}, + "summary": "Retrieve architectural analysis reports for the specified tenant by correlation ID.", "tags": ["ArchitectureReport"] }, "delete": { - "description": "Configure a route to remove the specified architectural analysis report.", + "description": "Internal API route to remove the specified architectural analysis report, if the caller is SHI and authorized.", "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Tenant/:tenantId/Data/Delete", "parameters": [{ "$ref": "#/components/parameters/correlationId" @@ -4000,7 +4002,7 @@ }], "requestBody": {}, "responses": {}, - "summary": {}, + "summary": "Remove architectural analysis report for the specified tenant by correlation ID.", "tags": ["ArchitectureReport"] } } From f958e68769fdee4dc145a7b4f77faacaf381b6c8 Mon Sep 17 00:00:00 2001 From: Ferry To Date: Fri, 3 Oct 2025 16:52:40 +0100 Subject: [PATCH 20/28] feat: Add schemas for Architecture Report types. - TenantMetadata - SecurityPosture - ArchitectureReport - PrincipalAssignment --- specs/SHIELD.json | 185 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 182 insertions(+), 3 deletions(-) diff --git a/specs/SHIELD.json b/specs/SHIELD.json index d272af6..db12668 100644 --- a/specs/SHIELD.json +++ b/specs/SHIELD.json @@ -1545,8 +1545,184 @@ "examples": ["Privileged"], "title": "Type of security class the object(s) belongs to", "type": "string" - } - }, + }, + "ArchitectureReport": { + "description": "Container that represents the entire architecture report structure for a complete run of architectural analysis.", + "title": "Architecture Report - Complete Object", + "type": "object", + "properties": { + "tenantMetadata": { + "$ref": "#/components/schemas/ArchitectureReport.TenantMetadata" + }, + "correlation": {}, + "scheduling": { + "description": "@todo - Check with Elliot.", + "examples": ["2023-02-04T05:06:09.601Z"], + "format": "date-time", + "type": "string" + }, + "securityPosture": { + "$ref": "#/components/" + } + }, + "required": ["tenantMetadata", "correlation", "scheduling", "securityPosture"], + "examples": [{ + "correlation": { + "auditTenantAccount": "user@example.com", + "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "createdAt": "2023-02-04T05:06:09.601Z", + "reportTenantAccount": "user@example.com", + "tenantId": "123e4567-e89b-12d3-a456-426614174000", + "updatedAt": "2023-02-04T05:06:09.601Z" + }, + "scheduling": "2023-02-04T05:06:09.601Z", + "securityPosture": { + "device": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + }, + "user": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + } + }, + "tenantMetadata": { + "totalDeviceCount": 1, + "totalGuestCount": 0, + "totalMemberCount": 1, + "totalUserCount": 1 + } + }] + }, + "ArchitectureReport.TenantMetadata": { + "title": "Architecture Report - Tenant Metadata", + "description": "Metadata for the tenant.", + "type": "object", + "properties": { + "totalUserCount": { + "type": "integer", + "examples": [0, 1] + }, + "totalGuestCount": { + "type": "integer", + "examples": [0, 1] + }, + "totalMemberCount": { + "type": "integer", + "examples": [0, 1] + }, + "totalDeviceCount": { + "type": "integer", + "examples": [0, 1] + } + }, + "examples": [{ + "totalDeviceCount": 1, + "totalGuestCount": 0, + "totalMemberCount": 1, + "totalUserCount": 1 + }] + }, + "ArchitectureReport.SecurityPosture": { + "title": "Architecture Report - Security Posture", + "description": "A collection of user and device principal assignments.", + "type": "object", + "properties": { + "device": { + "type": "object", + "description": "Device principal assignment data.", + "additionalProperties": false, + "patternProperties": { + "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$": { + "$ref": "#/components/schemas/ArchitectureReport.PrincipalAssignment" + } + } + }, + "user": { + "type": "object", + "description": "User principal assignment data.", + "additionalProperties": false, + "patternProperties": { + "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$": { + "$ref": "#/components/schemas/ArchitectureReport.PrincipalAssignment" + } + } + } + }, + "examples": [ + { + "device": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + }, + "user": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + } + } + ] + }, + "ArchitectureReport.PrincipalAssignment": { + "title": "Architecture Report - Principal Assignment", + "description": "Principal assignment for the security posture data.", + "type": "object", + "properties": { + "assignedService": { + "type": "object", + "description": "Service configuration assignment used to record the set of principals that are \"benefiting\" from the service, regardless of license status.", + "additionalProperties": false, + "patternProperties": { + "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$": { + "nullable": true, + "oneOf": [ + { + "$ref": "#/components/schemas/ArchitectureReport.FeatureBreakdown" + }, + { + "type": "number", + "examples": [0, 1] + } + ] + } + }, + "examples": [{ + "234e4567-e89b-12d3-a456-426614174000": 0 + }] + } + }, + "examples": [ + { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + ] + }, + "ArchitectureReport.FeatureBreakdown": { + "title": "Architecture Report - Feature Breakdown", + "description": "List of features that are configured for the specific service plan's service configuration for the related principal.", + "type": "object", + "additionalProperties": { + "type": "boolean", + "examples": [true] + }, + "examples": [{ + "Feature X": true, + "Feature Y": false + }] + }, "securitySchemes": { "EntraID": { "type": "http", @@ -3925,7 +4101,9 @@ "post": { "description": "A route to store a new architectural analysis report information.", "operationId": "/Api/ArchitectureReport/Post", - "requestBody": {}, + "requestBody": { + + }, "responses": {}, "summary": "Store new architectural analysis report.", "tags": ["ArchitectureReport"] @@ -4057,3 +4235,4 @@ } ] } +} \ No newline at end of file From 0f3c1e7f90595086a249fe04925ac31fdc54609c Mon Sep 17 00:00:00 2001 From: Ferry To Date: Mon, 6 Oct 2025 13:38:29 +0100 Subject: [PATCH 21/28] feat: Add ArchitectureReport.ArchitectureCorrelationRecord schema. --- specs/SHIELD.json | 58 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 57 insertions(+), 1 deletion(-) diff --git a/specs/SHIELD.json b/specs/SHIELD.json index db12668..02a5675 100644 --- a/specs/SHIELD.json +++ b/specs/SHIELD.json @@ -1554,7 +1554,9 @@ "tenantMetadata": { "$ref": "#/components/schemas/ArchitectureReport.TenantMetadata" }, - "correlation": {}, + "correlation": { + "$ref": "#/components/schemas/ArchitectureReport.ArchitectureCorrelationRecord" + }, "scheduling": { "description": "@todo - Check with Elliot.", "examples": ["2023-02-04T05:06:09.601Z"], @@ -1600,6 +1602,56 @@ } }] }, + "ArchitectureReport.ArchitectureCorrelationRecord": { + "title": "Used for cross record tracking and auditing.", + "description": "Model/data structure that stores the records that contains the metadata for architecture report records.", + "type": "object", + "properties": { + "auditTenantAccount": { + "type": "string", + "description": "The user principal name used to authenticate into the tenant being audited.", + "examples": ["user@example.com"] + }, + "reportTenantAccount": { + "type": "string", + "description": "User account used to store/report the architecture report to the SHI Lab cloud service.", + "examples": ["user@example.com"] + }, + "tenantId": { + "type": "string", + "format": "uuid", + "description": "Tenant that the tool was run against.", + "examples": ["123e4567-e89b-12d3-a456-426614174000"] + }, + "correlationId": { + "type": "string", + "format": "uuid", + "description": "Unique Identifier that represents a single run of architectural analysis. This record is used to identify which architecture report records should be grouped together.", + "examples": ["a1b2c3d4-e5f6-7890-abcd-ef1234567890"] + }, + "createdAt": { + "type": "string", + "format": "date-time", + "description": "Timestamp on when the record was created. This is auto managed by sequelize.", + "examples": ["2023-02-04T05:06:09.601Z"] + }, + "updateAt": { + "type": "string", + "format": "date-time", + "description": "Timestamp on when the record was last updated. This is auto managed by sequelize.", + "examples": ["2023-02-04T05:06:09.601Z"] + } + }, + "required": ["auditTenantAccount", "correlationId", "createdAt", "updatedAt", "reportTenantAccount", "tenantId"], + "examples": [{ + "auditTenantAccount": "user@example.com", + "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "createdAt": "2023-02-04T05:06:09.601Z", + "reportTenantAccount": "user@example.com", + "tenantId": "123e4567-e89b-12d3-a456-426614174000", + "updatedAt": "2023-02-04T05:06:09.601Z" + }] + }, "ArchitectureReport.TenantMetadata": { "title": "Architecture Report - Tenant Metadata", "description": "Metadata for the tenant.", @@ -1607,18 +1659,22 @@ "properties": { "totalUserCount": { "type": "integer", + "description": "Total count of users on the tenant.", "examples": [0, 1] }, "totalGuestCount": { "type": "integer", + "description": "Total count of guests on the tenant.", "examples": [0, 1] }, "totalMemberCount": { "type": "integer", + "description": "Total count of members on the tenant.", "examples": [0, 1] }, "totalDeviceCount": { "type": "integer", + "description": "Total count of devices on the tenant.", "examples": [0, 1] } }, From a45b0055769cad6df4b6c7c259bb52b23b24865c Mon Sep 17 00:00:00 2001 From: Ferry To Date: Mon, 6 Oct 2025 13:39:32 +0100 Subject: [PATCH 22/28] feat: Add default 400 response in Architecture Report APIs --- specs/SHIELD.json | 42 +++++++++++++++++++++++++++++++++++------- 1 file changed, 35 insertions(+), 7 deletions(-) diff --git a/specs/SHIELD.json b/specs/SHIELD.json index 02a5675..f3ed9fe 100644 --- a/specs/SHIELD.json +++ b/specs/SHIELD.json @@ -4160,7 +4160,11 @@ "requestBody": { }, - "responses": {}, + "responses": { + "400": { + "$ref": "#/components/responses/400" + } + }, "summary": "Store new architectural analysis report.", "tags": ["ArchitectureReport"] } @@ -4170,7 +4174,11 @@ "description": "A route to retrieve the list of correlation records for the authenticated tenant.", "operationId": "/Api/ArchitectureReport/Correlation/Post", "requestBody": {}, - "responses": {}, + "responses": { + "400": { + "$ref": "#/components/responses/400" + } + }, "summary": "Retrieve correlation records for current tenant.", "tags": ["ArchitectureReport"] } @@ -4183,7 +4191,11 @@ "$ref": "#/components/parameters/tenantId" }], "requestBody": {}, - "responses": {}, + "responses": { + "400": { + "$ref": "#/components/responses/400" + } + }, "summary": "Retrieve correlation records for the specified tenant.", "tags": ["ArchitectureReport"] } @@ -4196,7 +4208,11 @@ "$ref": "#/components/parameters/correlationId" }], "requestBody": {}, - "responses": {}, + "responses": { + "400": { + "$ref": "#/components/responses/400" + } + }, "summary": "Retrieve architectural analysis report for current tenant by specified correlation ID.", "tags": ["ArchitectureReport"] }, @@ -4207,7 +4223,11 @@ "$ref": "#/components/parameters/correlationId" }], "requestBody": {}, - "responses": {}, + "responses": { + "400": { + "$ref": "#/components/responses/400" + } + }, "summary": "Delete specific architectural analysis report by correlation ID.", "tags": ["ArchitectureReport"] } @@ -4222,7 +4242,11 @@ "$ref": "#/components/parameters/tenantId" }], "requestBody": {}, - "responses": {}, + "responses": { + "400": { + "$ref": "#/components/responses/400" + } + }, "summary": "Retrieve architectural analysis reports for the specified tenant by correlation ID.", "tags": ["ArchitectureReport"] }, @@ -4235,7 +4259,11 @@ "$ref": "#/components/parameters/tenantId" }], "requestBody": {}, - "responses": {}, + "responses": { + "400": { + "$ref": "#/components/responses/400" + } + }, "summary": "Remove architectural analysis report for the specified tenant by correlation ID.", "tags": ["ArchitectureReport"] } From 24501375c0e4c3af8593ac0b70a1234a8e60b041 Mon Sep 17 00:00:00 2001 From: Ferry To Date: Mon, 6 Oct 2025 14:48:34 +0100 Subject: [PATCH 23/28] feat: Completed the first draft of the routes part of the Architecture Report APIs. --- specs/SHIELD.json | 322 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 310 insertions(+), 12 deletions(-) diff --git a/specs/SHIELD.json b/specs/SHIELD.json index f3ed9fe..6151e55 100644 --- a/specs/SHIELD.json +++ b/specs/SHIELD.json @@ -143,6 +143,40 @@ "summary": "Example search term", "description": "An example valid search term used in object filtering in a query." } + }, + "dateStart": { + "name": "dateStart", + "description": "The date string used to determine the lower bound value in a query.", + "in": "query", + "schema": { + "type": "string", + "format": "date-time", + "examples": ["2025-01-01"] + }, + "examples": { + "valid start date": { + "value": "2025-01-01", + "summary": "Example date for lower bound value in a query.", + "description": "In architecture report context, it is used to compare against the createdAt property." + } + } + }, + "dateEnd": { + "name": "dateEnd", + "description": "The date string used to determine the upper bound value in a query.", + "in": "query", + "schema": { + "type": "string", + "format": "date-time", + "examples": ["2025-01-01"] + }, + "examples": { + "valid end date": { + "value": "2025-01-01", + "summary": "Example date for upper bound value in a query.", + "description": "In architecture report context, it is used to compare against the createdAt property." + } + } } }, "securityClass": { @@ -4158,9 +4192,103 @@ "description": "A route to store a new architectural analysis report information.", "operationId": "/Api/ArchitectureReport/Post", "requestBody": { - + "content": { + "application/json": { + "schema": { + "$ref": "#/components/ArchitectureReport" + }, + "examples": { + "Sample Architecture Report Upload": { + "summary": "The architecture report being uploaded.", + "description": "An example architecture report object upload to the endpoint for storage.", + "value": { + "correlation": { + "auditTenantAccount": "user@example.com", + "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "createdAt": "2023-02-04T05:06:09.601Z", + "reportTenantAccount": "user@example.com", + "tenantId": "123e4567-e89b-12d3-a456-426614174000", + "updatedAt": "2023-02-04T05:06:09.601Z" + }, + "scheduling": "2023-02-04T05:06:09.601Z", + "securityPosture": { + "device": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + }, + "user": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + } + }, + "tenantMetadata": { + "totalDeviceCount": 1, + "totalGuestCount": 0, + "totalMemberCount": 1, + "totalUserCount": 1 + } + } + } + } + } + } }, "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/ArchitectureReport" + }, + "examples": { + "Successful upload": { + "summary": "The Architecture Report Returned", + "description": "An example architecture report object returned indicating the architecture report upload operation succeed. This should be the same as the uploaded architecture report.", + "value": { + "correlation": { + "auditTenantAccount": "user@example.com", + "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "createdAt": "2023-02-04T05:06:09.601Z", + "reportTenantAccount": "user@example.com", + "tenantId": "123e4567-e89b-12d3-a456-426614174000", + "updatedAt": "2023-02-04T05:06:09.601Z" + }, + "scheduling": "2023-02-04T05:06:09.601Z", + "securityPosture": { + "device": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + }, + "user": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + } + }, + "tenantMetadata": { + "totalDeviceCount": 1, + "totalGuestCount": 0, + "totalMemberCount": 1, + "totalUserCount": 1 + } + } + } + } + } + }, + "description": "The uploaded architecture report has been stored successfully." + }, "400": { "$ref": "#/components/responses/400" } @@ -4171,10 +4299,45 @@ }, "/Api/ArchitectureReport/Correlation": { "get": { - "description": "A route to retrieve the list of correlation records for the authenticated tenant.", - "operationId": "/Api/ArchitectureReport/Correlation/Post", - "requestBody": {}, + "description": "A route to retrieve the list of correlation records for the current authenticated tenant.", + "operationId": "/Api/ArchitectureReport/Correlation/Get", + "parameters": [ + { + "$ref": "#/components/parameters/dateStart" + }, + { + "$ref": "#/components/parameters/dateEnd" + } + ], "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "items": { + "$ref": "#/components/schemas/ArchitectureReport.ArchitectureCorrelationRecord" + }, + "minItems": 0, + "type": "array" + }, + "examples": { + "Returned Architecture Correlation Records": { + "summary": "Example Architecture Correlation Records returned", + "description": "An example of an ArchitectureReport.ArchitectureCorrelationRecord array returned.", + "value": [{ + "auditTenantAccount": "user@example.com", + "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "createdAt": "2023-02-04T05:06:09.601Z", + "reportTenantAccount": "user@example.com", + "tenantId": "123e4567-e89b-12d3-a456-426614174000", + "updatedAt": "2023-02-04T05:06:09.601Z" + }] + } + } + } + }, + "description": "OK" + }, "400": { "$ref": "#/components/responses/400" } @@ -4187,11 +4350,46 @@ "get": { "description": "Internal API route to retrieve the list of correlation records for the specified tenant, if the caller is SHI and authorized.", "operationId": "/Api/ArchitectureReport/Correlation/Tenant/:tenantId/Get", - "parameters": [{ - "$ref": "#/components/parameters/tenantId" - }], - "requestBody": {}, + "parameters": [ + { + "$ref": "#/components/parameters/tenantId" + }, + { + "$ref": "#/components/parameters/dateStart" + }, + { + "$ref": "#/components/parameters/dateEnd" + } + ], "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "items": { + "$ref": "#/components/schemas/ArchitectureReport.ArchitectureCorrelationRecord" + }, + "minItems": 0, + "type": "array" + }, + "examples": { + "Returned Architecture Correlation Records": { + "summary": "Example Architecture Correlation Records returned", + "description": "An example of an ArchitectureReport.ArchitectureCorrelationRecord array returned.", + "value": [{ + "auditTenantAccount": "user@example.com", + "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "createdAt": "2023-02-04T05:06:09.601Z", + "reportTenantAccount": "user@example.com", + "tenantId": "123e4567-e89b-12d3-a456-426614174000", + "updatedAt": "2023-02-04T05:06:09.601Z" + }] + } + } + } + }, + "description": "OK" + }, "400": { "$ref": "#/components/responses/400" } @@ -4207,8 +4405,56 @@ "parameters": [{ "$ref": "#/components/parameters/correlationId" }], - "requestBody": {}, "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ArchitectureReport" + }, + "examples": { + "Returned Architecture Report": { + "summary": "Example Architecture Report returned", + "description": "An example of ArchitectureReport object returned that represents an successful architectural analysis run result.", + "value": { + "correlation": { + "auditTenantAccount": "user@example.com", + "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "createdAt": "2023-02-04T05:06:09.601Z", + "reportTenantAccount": "user@example.com", + "tenantId": "123e4567-e89b-12d3-a456-426614174000", + "updatedAt": "2023-02-04T05:06:09.601Z" + }, + "scheduling": "2023-02-04T05:06:09.601Z", + "securityPosture": { + "device": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + }, + "user": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + } + }, + "tenantMetadata": { + "totalDeviceCount": 1, + "totalGuestCount": 0, + "totalMemberCount": 1, + "totalUserCount": 1 + } + } + } + } + } + }, + "description": "OK" + }, "400": { "$ref": "#/components/responses/400" } @@ -4222,8 +4468,10 @@ "parameters": [{ "$ref": "#/components/parameters/correlationId" }], - "requestBody": {}, "responses": { + "204": { + "description": "The specified architectural analysis report has been deleted successfully." + }, "400": { "$ref": "#/components/responses/400" } @@ -4241,8 +4489,56 @@ },{ "$ref": "#/components/parameters/tenantId" }], - "requestBody": {}, "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ArchitectureReport" + }, + "examples": { + "Returned Architecture Report": { + "summary": "Example Architecture Report returned", + "description": "An example of ArchitectureReport object returned that represents an successful architectural analysis run result.", + "value": { + "correlation": { + "auditTenantAccount": "user@example.com", + "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "createdAt": "2023-02-04T05:06:09.601Z", + "reportTenantAccount": "user@example.com", + "tenantId": "123e4567-e89b-12d3-a456-426614174000", + "updatedAt": "2023-02-04T05:06:09.601Z" + }, + "scheduling": "2023-02-04T05:06:09.601Z", + "securityPosture": { + "device": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + }, + "user": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + } + }, + "tenantMetadata": { + "totalDeviceCount": 1, + "totalGuestCount": 0, + "totalMemberCount": 1, + "totalUserCount": 1 + } + } + } + } + } + }, + "description": "OK" + }, "400": { "$ref": "#/components/responses/400" } @@ -4258,8 +4554,10 @@ }, { "$ref": "#/components/parameters/tenantId" }], - "requestBody": {}, "responses": { + "204": { + "description": "The specified architectural analysis report has been deleted successfully." + }, "400": { "$ref": "#/components/responses/400" } From c66c9c87b240709b31bbb9f0318000246ebe1e54 Mon Sep 17 00:00:00 2001 From: Ferry To Date: Mon, 6 Oct 2025 15:06:41 +0100 Subject: [PATCH 24/28] fix: Move the definitions from SHIELD.json back to Data-Gateway.json --- specs/Data-Gateway.json | 616 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 614 insertions(+), 2 deletions(-) diff --git a/specs/Data-Gateway.json b/specs/Data-Gateway.json index 08d20ff..2985e0a 100644 --- a/specs/Data-Gateway.json +++ b/specs/Data-Gateway.json @@ -1254,7 +1254,240 @@ ] } ] - } + }, + "ArchitectureReport": { + "description": "Container that represents the entire architecture report structure for a complete run of architectural analysis.", + "title": "Architecture Report - Complete Object", + "type": "object", + "properties": { + "tenantMetadata": { + "$ref": "#/components/schemas/ArchitectureReport.TenantMetadata" + }, + "correlation": { + "$ref": "#/components/schemas/ArchitectureReport.ArchitectureCorrelationRecord" + }, + "scheduling": { + "description": "@todo - Check with Elliot.", + "examples": ["2023-02-04T05:06:09.601Z"], + "format": "date-time", + "type": "string" + }, + "securityPosture": { + "$ref": "#/components/schemas/ArchitectureReport.SecurityPosture" + } + }, + "required": ["tenantMetadata", "correlation", "scheduling", "securityPosture"], + "examples": [{ + "correlation": { + "auditTenantAccount": "user@example.com", + "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "createdAt": "2023-02-04T05:06:09.601Z", + "reportTenantAccount": "user@example.com", + "tenantId": "123e4567-e89b-12d3-a456-426614174000", + "updatedAt": "2023-02-04T05:06:09.601Z" + }, + "scheduling": "2023-02-04T05:06:09.601Z", + "securityPosture": { + "device": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + }, + "user": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + } + }, + "tenantMetadata": { + "totalDeviceCount": 1, + "totalGuestCount": 0, + "totalMemberCount": 1, + "totalUserCount": 1 + } + }] + }, + "ArchitectureReport.ArchitectureCorrelationRecord": { + "title": "Architecture Report - Architecture Correlation Record", + "description": "Model/data structure that stores the records that contains the metadata for architecture report records. Used for cross record tracking and auditing.", + "type": "object", + "properties": { + "auditTenantAccount": { + "type": "string", + "description": "The user principal name used to authenticate into the tenant being audited.", + "examples": ["user@example.com"] + }, + "reportTenantAccount": { + "type": "string", + "description": "User account used to store/report the architecture report to the SHI Lab cloud service.", + "examples": ["user@example.com"] + }, + "tenantId": { + "type": "string", + "format": "uuid", + "description": "Tenant that the tool was run against.", + "examples": ["123e4567-e89b-12d3-a456-426614174000"] + }, + "correlationId": { + "type": "string", + "format": "uuid", + "description": "Unique Identifier that represents a single run of architectural analysis. This record is used to identify which architecture report records should be grouped together.", + "examples": ["a1b2c3d4-e5f6-7890-abcd-ef1234567890"] + }, + "createdAt": { + "type": "string", + "format": "date-time", + "description": "Timestamp on when the record was created. This is auto managed by sequelize.", + "examples": ["2023-02-04T05:06:09.601Z"] + }, + "updateAt": { + "type": "string", + "format": "date-time", + "description": "Timestamp on when the record was last updated. This is auto managed by sequelize.", + "examples": ["2023-02-04T05:06:09.601Z"] + } + }, + "required": ["auditTenantAccount", "correlationId", "createdAt", "updatedAt", "reportTenantAccount", "tenantId"], + "examples": [{ + "auditTenantAccount": "user@example.com", + "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "createdAt": "2023-02-04T05:06:09.601Z", + "reportTenantAccount": "user@example.com", + "tenantId": "123e4567-e89b-12d3-a456-426614174000", + "updatedAt": "2023-02-04T05:06:09.601Z" + }] + }, + "ArchitectureReport.TenantMetadata": { + "title": "Architecture Report - Tenant Metadata", + "description": "Metadata for the tenant.", + "type": "object", + "properties": { + "totalUserCount": { + "type": "integer", + "description": "Total count of users on the tenant.", + "examples": [0, 1] + }, + "totalGuestCount": { + "type": "integer", + "description": "Total count of guests on the tenant.", + "examples": [0, 1] + }, + "totalMemberCount": { + "type": "integer", + "description": "Total count of members on the tenant.", + "examples": [0, 1] + }, + "totalDeviceCount": { + "type": "integer", + "description": "Total count of devices on the tenant.", + "examples": [0, 1] + } + }, + "examples": [{ + "totalDeviceCount": 1, + "totalGuestCount": 0, + "totalMemberCount": 1, + "totalUserCount": 1 + }] + }, + "ArchitectureReport.SecurityPosture": { + "title": "Architecture Report - Security Posture", + "description": "A collection of user and device principal assignments.", + "type": "object", + "properties": { + "device": { + "type": "object", + "description": "Device principal assignment data.", + "additionalProperties": false, + "patternProperties": { + "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$": { + "$ref": "#/components/schemas/ArchitectureReport.PrincipalAssignment" + } + } + }, + "user": { + "type": "object", + "description": "User principal assignment data.", + "additionalProperties": false, + "patternProperties": { + "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$": { + "$ref": "#/components/schemas/ArchitectureReport.PrincipalAssignment" + } + } + } + }, + "examples": [ + { + "device": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + }, + "user": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + } + } + ] + }, + "ArchitectureReport.PrincipalAssignment": { + "title": "Architecture Report - Principal Assignment", + "description": "Principal assignment for the security posture data.", + "type": "object", + "properties": { + "assignedService": { + "type": "object", + "description": "Service configuration assignment used to record the set of principals that are \"benefiting\" from the service, regardless of license status.", + "additionalProperties": false, + "patternProperties": { + "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$": { + "nullable": true, + "oneOf": [ + { + "$ref": "#/components/schemas/ArchitectureReport.FeatureBreakdown" + }, + { + "type": "number", + "examples": [0, 1] + } + ] + } + }, + "examples": [{ + "234e4567-e89b-12d3-a456-426614174000": 0 + }] + } + }, + "examples": [ + { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + ] + }, + "ArchitectureReport.FeatureBreakdown": { + "title": "Architecture Report - Feature Breakdown", + "description": "List of features that are configured for the specific service plan's service configuration for the related principal.", + "type": "object", + "additionalProperties": { + "type": "boolean", + "examples": [true] + }, + "examples": [{ + "Feature X": true, + "Feature Y": false + }] + } }, "securitySchemes": { "EntraID": { @@ -4150,7 +4383,386 @@ "summary": "Update Tenant Record", "tags": ["Tenant Records"] } - } + }, + "/Api/ArchitectureReport": { + "post": { + "description": "A route to store a new architectural analysis report information.", + "operationId": "/Api/ArchitectureReport/Post", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ArchitectureReport" + }, + "examples": { + "Sample Architecture Report Upload": { + "summary": "The architecture report being uploaded.", + "description": "An example architecture report object upload to the endpoint for storage.", + "value": { + "correlation": { + "auditTenantAccount": "user@example.com", + "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "createdAt": "2023-02-04T05:06:09.601Z", + "reportTenantAccount": "user@example.com", + "tenantId": "123e4567-e89b-12d3-a456-426614174000", + "updatedAt": "2023-02-04T05:06:09.601Z" + }, + "scheduling": "2023-02-04T05:06:09.601Z", + "securityPosture": { + "device": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + }, + "user": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + } + }, + "tenantMetadata": { + "totalDeviceCount": 1, + "totalGuestCount": 0, + "totalMemberCount": 1, + "totalUserCount": 1 + } + } + } + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ArchitectureReport" + }, + "examples": { + "Successful upload": { + "summary": "The Architecture Report Returned", + "description": "An example architecture report object returned indicating the architecture report upload operation succeed. This should be the same as the uploaded architecture report.", + "value": { + "correlation": { + "auditTenantAccount": "user@example.com", + "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "createdAt": "2023-02-04T05:06:09.601Z", + "reportTenantAccount": "user@example.com", + "tenantId": "123e4567-e89b-12d3-a456-426614174000", + "updatedAt": "2023-02-04T05:06:09.601Z" + }, + "scheduling": "2023-02-04T05:06:09.601Z", + "securityPosture": { + "device": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + }, + "user": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + } + }, + "tenantMetadata": { + "totalDeviceCount": 1, + "totalGuestCount": 0, + "totalMemberCount": 1, + "totalUserCount": 1 + } + } + } + } + } + }, + "description": "The uploaded architecture report has been stored successfully." + }, + "400": { + "$ref": "#/components/responses/400" + } + }, + "summary": "Store new architectural analysis report.", + "tags": ["Architecture Report"] + } + }, + "/Api/ArchitectureReport/Correlation": { + "get": { + "description": "A route to retrieve the list of correlation records for the current authenticated tenant.", + "operationId": "/Api/ArchitectureReport/Correlation/Get", + "parameters": [ + { + "$ref": "#/components/parameters/dateStart" + }, + { + "$ref": "#/components/parameters/dateEnd" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "items": { + "$ref": "#/components/schemas/ArchitectureReport.ArchitectureCorrelationRecord" + }, + "minItems": 0, + "type": "array" + }, + "examples": { + "Returned Architecture Correlation Records": { + "summary": "Example Architecture Correlation Records returned", + "description": "An example of an ArchitectureReport.ArchitectureCorrelationRecord array returned.", + "value": [{ + "auditTenantAccount": "user@example.com", + "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "createdAt": "2023-02-04T05:06:09.601Z", + "reportTenantAccount": "user@example.com", + "tenantId": "123e4567-e89b-12d3-a456-426614174000", + "updatedAt": "2023-02-04T05:06:09.601Z" + }] + } + } + } + }, + "description": "OK" + }, + "400": { + "$ref": "#/components/responses/400" + } + }, + "summary": "Retrieve correlation records for current tenant.", + "tags": ["Architecture Report"] + } + }, + "/Api/ArchitectureReport/Correlation/Tenant/{tenantId}": { + "get": { + "description": "Internal API route to retrieve the list of correlation records for the specified tenant, if the caller is SHI and authorized.", + "operationId": "/Api/ArchitectureReport/Correlation/Tenant/:tenantId/Get", + "parameters": [ + { + "$ref": "#/components/parameters/tenantId" + }, + { + "$ref": "#/components/parameters/dateStart" + }, + { + "$ref": "#/components/parameters/dateEnd" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "items": { + "$ref": "#/components/schemas/ArchitectureReport.ArchitectureCorrelationRecord" + }, + "minItems": 0, + "type": "array" + }, + "examples": { + "Returned Architecture Correlation Records": { + "summary": "Example Architecture Correlation Records returned", + "description": "An example of an ArchitectureReport.ArchitectureCorrelationRecord array returned.", + "value": [{ + "auditTenantAccount": "user@example.com", + "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "createdAt": "2023-02-04T05:06:09.601Z", + "reportTenantAccount": "user@example.com", + "tenantId": "123e4567-e89b-12d3-a456-426614174000", + "updatedAt": "2023-02-04T05:06:09.601Z" + }] + } + } + } + }, + "description": "OK" + }, + "400": { + "$ref": "#/components/responses/400" + } + }, + "summary": "Retrieve correlation records for the specified tenant.", + "tags": ["Architecture Report"] + } + }, + "/Api/ArchitectureReport/Correlation/{correlationId}/Data": { + "get": { + "description": "A route to retrieve architectural analysis report for the specified correlation ID in the authenticated tenant.", + "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Data/Get", + "parameters": [{ + "$ref": "#/components/parameters/correlationId" + }], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ArchitectureReport" + }, + "examples": { + "Returned Architecture Report": { + "summary": "Example Architecture Report returned", + "description": "An example of ArchitectureReport object returned that represents an successful architectural analysis run result.", + "value": { + "correlation": { + "auditTenantAccount": "user@example.com", + "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "createdAt": "2023-02-04T05:06:09.601Z", + "reportTenantAccount": "user@example.com", + "tenantId": "123e4567-e89b-12d3-a456-426614174000", + "updatedAt": "2023-02-04T05:06:09.601Z" + }, + "scheduling": "2023-02-04T05:06:09.601Z", + "securityPosture": { + "device": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + }, + "user": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + } + }, + "tenantMetadata": { + "totalDeviceCount": 1, + "totalGuestCount": 0, + "totalMemberCount": 1, + "totalUserCount": 1 + } + } + } + } + } + }, + "description": "OK" + }, + "400": { + "$ref": "#/components/responses/400" + } + }, + "summary": "Retrieve architectural analysis report for current tenant by specified correlation ID.", + "tags": ["Architecture Report"] + }, + "delete": { + "description": "A route to allow customers to self service delete architectural analysis report.", + "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Data/Delete", + "parameters": [{ + "$ref": "#/components/parameters/correlationId" + }], + "responses": { + "204": { + "description": "The specified architectural analysis report has been deleted successfully." + }, + "400": { + "$ref": "#/components/responses/400" + } + }, + "summary": "Delete specific architectural analysis report by correlation ID.", + "tags": ["Architecture Report"] + } + }, + "/Api/ArchitectureReport/Correlation/{correlationId}/Tenant/{tenantId}/Data": { + "get": { + "description": "Internal API route to retrieve architectural analysis report for the specified correlation ID for the specified tenant, if the caller is SHI and authorized.", + "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Tenant/:tenantId/Data/Get", + "parameters": [{ + "$ref": "#/components/parameters/correlationId" + },{ + "$ref": "#/components/parameters/tenantId" + }], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ArchitectureReport" + }, + "examples": { + "Returned Architecture Report": { + "summary": "Example Architecture Report returned", + "description": "An example of ArchitectureReport object returned that represents an successful architectural analysis run result.", + "value": { + "correlation": { + "auditTenantAccount": "user@example.com", + "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "createdAt": "2023-02-04T05:06:09.601Z", + "reportTenantAccount": "user@example.com", + "tenantId": "123e4567-e89b-12d3-a456-426614174000", + "updatedAt": "2023-02-04T05:06:09.601Z" + }, + "scheduling": "2023-02-04T05:06:09.601Z", + "securityPosture": { + "device": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + }, + "user": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } + } + }, + "tenantMetadata": { + "totalDeviceCount": 1, + "totalGuestCount": 0, + "totalMemberCount": 1, + "totalUserCount": 1 + } + } + } + } + } + }, + "description": "OK" + }, + "400": { + "$ref": "#/components/responses/400" + } + }, + "summary": "Retrieve architectural analysis reports for the specified tenant by correlation ID.", + "tags": ["Architecture Report"] + }, + "delete": { + "description": "Internal API route to remove the specified architectural analysis report, if the caller is SHI and authorized.", + "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Tenant/:tenantId/Data/Delete", + "parameters": [{ + "$ref": "#/components/parameters/correlationId" + }, { + "$ref": "#/components/parameters/tenantId" + }], + "responses": { + "204": { + "description": "The specified architectural analysis report has been deleted successfully." + }, + "400": { + "$ref": "#/components/responses/400" + } + }, + "summary": "Remove architectural analysis report for the specified tenant by correlation ID.", + "tags": ["Architecture Report"] + } + } }, "security": [ { From a64aa6a8c5770639e4512d57db6dea3ccbfb8c86 Mon Sep 17 00:00:00 2001 From: Ferry To Date: Mon, 6 Oct 2025 15:48:58 +0100 Subject: [PATCH 25/28] fix: Restore SHIELD.json --- specs/SHIELD.json | 701 +++------------------------------------------- 1 file changed, 34 insertions(+), 667 deletions(-) diff --git a/specs/SHIELD.json b/specs/SHIELD.json index 6151e55..f0ca022 100644 --- a/specs/SHIELD.json +++ b/specs/SHIELD.json @@ -1,27 +1,6 @@ { "components": { "parameters": { - "tenantId": { - "description": "The object ID of the tenant identifier for the specific records", - "in": "path", - "name": "tenantId", - "required": true, - "schema": { - "examples": ["1d71e0fe-6e4a-464d-a690-80addf3bda55"], - "format": "uuid", - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" - }, - "examples": { - "valid correlation ID": { - "value": "1d71e0fe-6e4a-464d-a690-80addf3bda55", - "summary": "Example valid tenant ID", - "description": "An example of a valid tenant ID in type UUID." - } - } - }, "correlationId": { "description": "The object ID of the correlation identifier for the specified record.", "in": "path", @@ -143,40 +122,6 @@ "summary": "Example search term", "description": "An example valid search term used in object filtering in a query." } - }, - "dateStart": { - "name": "dateStart", - "description": "The date string used to determine the lower bound value in a query.", - "in": "query", - "schema": { - "type": "string", - "format": "date-time", - "examples": ["2025-01-01"] - }, - "examples": { - "valid start date": { - "value": "2025-01-01", - "summary": "Example date for lower bound value in a query.", - "description": "In architecture report context, it is used to compare against the createdAt property." - } - } - }, - "dateEnd": { - "name": "dateEnd", - "description": "The date string used to determine the upper bound value in a query.", - "in": "query", - "schema": { - "type": "string", - "format": "date-time", - "examples": ["2025-01-01"] - }, - "examples": { - "valid end date": { - "value": "2025-01-01", - "summary": "Example date for upper bound value in a query.", - "description": "In architecture report context, it is used to compare against the createdAt property." - } - } } }, "securityClass": { @@ -233,6 +178,40 @@ "description": "An example of valid EntraID managed user ID in type UUID." } } + }, + "dateStart": { + "name": "dateStart", + "description": "The date string used to determine the lower bound value in a query.", + "in": "query", + "schema": { + "type": "string", + "format": "date-time", + "examples": ["2025-01-01"] + }, + "examples": { + "valid start date": { + "value": "2025-01-01", + "summary": "Example date for lower bound value in a query.", + "description": "In architecture report context, it is used to compare against the createdAt property." + } + } + }, + "dateEnd": { + "name": "dateEnd", + "description": "The date string used to determine the upper bound value in a query.", + "in": "query", + "schema": { + "type": "string", + "format": "date-time", + "examples": ["2025-01-01"] + }, + "examples": { + "valid end date": { + "value": "2025-01-01", + "summary": "Example date for upper bound value in a query.", + "description": "In architecture report context, it is used to compare against the createdAt property." + } + } } }, "responses": { @@ -1580,239 +1559,6 @@ "title": "Type of security class the object(s) belongs to", "type": "string" }, - "ArchitectureReport": { - "description": "Container that represents the entire architecture report structure for a complete run of architectural analysis.", - "title": "Architecture Report - Complete Object", - "type": "object", - "properties": { - "tenantMetadata": { - "$ref": "#/components/schemas/ArchitectureReport.TenantMetadata" - }, - "correlation": { - "$ref": "#/components/schemas/ArchitectureReport.ArchitectureCorrelationRecord" - }, - "scheduling": { - "description": "@todo - Check with Elliot.", - "examples": ["2023-02-04T05:06:09.601Z"], - "format": "date-time", - "type": "string" - }, - "securityPosture": { - "$ref": "#/components/" - } - }, - "required": ["tenantMetadata", "correlation", "scheduling", "securityPosture"], - "examples": [{ - "correlation": { - "auditTenantAccount": "user@example.com", - "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "createdAt": "2023-02-04T05:06:09.601Z", - "reportTenantAccount": "user@example.com", - "tenantId": "123e4567-e89b-12d3-a456-426614174000", - "updatedAt": "2023-02-04T05:06:09.601Z" - }, - "scheduling": "2023-02-04T05:06:09.601Z", - "securityPosture": { - "device": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } - } - }, - "user": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } - } - } - }, - "tenantMetadata": { - "totalDeviceCount": 1, - "totalGuestCount": 0, - "totalMemberCount": 1, - "totalUserCount": 1 - } - }] - }, - "ArchitectureReport.ArchitectureCorrelationRecord": { - "title": "Used for cross record tracking and auditing.", - "description": "Model/data structure that stores the records that contains the metadata for architecture report records.", - "type": "object", - "properties": { - "auditTenantAccount": { - "type": "string", - "description": "The user principal name used to authenticate into the tenant being audited.", - "examples": ["user@example.com"] - }, - "reportTenantAccount": { - "type": "string", - "description": "User account used to store/report the architecture report to the SHI Lab cloud service.", - "examples": ["user@example.com"] - }, - "tenantId": { - "type": "string", - "format": "uuid", - "description": "Tenant that the tool was run against.", - "examples": ["123e4567-e89b-12d3-a456-426614174000"] - }, - "correlationId": { - "type": "string", - "format": "uuid", - "description": "Unique Identifier that represents a single run of architectural analysis. This record is used to identify which architecture report records should be grouped together.", - "examples": ["a1b2c3d4-e5f6-7890-abcd-ef1234567890"] - }, - "createdAt": { - "type": "string", - "format": "date-time", - "description": "Timestamp on when the record was created. This is auto managed by sequelize.", - "examples": ["2023-02-04T05:06:09.601Z"] - }, - "updateAt": { - "type": "string", - "format": "date-time", - "description": "Timestamp on when the record was last updated. This is auto managed by sequelize.", - "examples": ["2023-02-04T05:06:09.601Z"] - } - }, - "required": ["auditTenantAccount", "correlationId", "createdAt", "updatedAt", "reportTenantAccount", "tenantId"], - "examples": [{ - "auditTenantAccount": "user@example.com", - "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "createdAt": "2023-02-04T05:06:09.601Z", - "reportTenantAccount": "user@example.com", - "tenantId": "123e4567-e89b-12d3-a456-426614174000", - "updatedAt": "2023-02-04T05:06:09.601Z" - }] - }, - "ArchitectureReport.TenantMetadata": { - "title": "Architecture Report - Tenant Metadata", - "description": "Metadata for the tenant.", - "type": "object", - "properties": { - "totalUserCount": { - "type": "integer", - "description": "Total count of users on the tenant.", - "examples": [0, 1] - }, - "totalGuestCount": { - "type": "integer", - "description": "Total count of guests on the tenant.", - "examples": [0, 1] - }, - "totalMemberCount": { - "type": "integer", - "description": "Total count of members on the tenant.", - "examples": [0, 1] - }, - "totalDeviceCount": { - "type": "integer", - "description": "Total count of devices on the tenant.", - "examples": [0, 1] - } - }, - "examples": [{ - "totalDeviceCount": 1, - "totalGuestCount": 0, - "totalMemberCount": 1, - "totalUserCount": 1 - }] - }, - "ArchitectureReport.SecurityPosture": { - "title": "Architecture Report - Security Posture", - "description": "A collection of user and device principal assignments.", - "type": "object", - "properties": { - "device": { - "type": "object", - "description": "Device principal assignment data.", - "additionalProperties": false, - "patternProperties": { - "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$": { - "$ref": "#/components/schemas/ArchitectureReport.PrincipalAssignment" - } - } - }, - "user": { - "type": "object", - "description": "User principal assignment data.", - "additionalProperties": false, - "patternProperties": { - "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$": { - "$ref": "#/components/schemas/ArchitectureReport.PrincipalAssignment" - } - } - } - }, - "examples": [ - { - "device": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } - } - }, - "user": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } - } - } - } - ] - }, - "ArchitectureReport.PrincipalAssignment": { - "title": "Architecture Report - Principal Assignment", - "description": "Principal assignment for the security posture data.", - "type": "object", - "properties": { - "assignedService": { - "type": "object", - "description": "Service configuration assignment used to record the set of principals that are \"benefiting\" from the service, regardless of license status.", - "additionalProperties": false, - "patternProperties": { - "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$": { - "nullable": true, - "oneOf": [ - { - "$ref": "#/components/schemas/ArchitectureReport.FeatureBreakdown" - }, - { - "type": "number", - "examples": [0, 1] - } - ] - } - }, - "examples": [{ - "234e4567-e89b-12d3-a456-426614174000": 0 - }] - } - }, - "examples": [ - { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } - } - ] - }, - "ArchitectureReport.FeatureBreakdown": { - "title": "Architecture Report - Feature Breakdown", - "description": "List of features that are configured for the specific service plan's service configuration for the related principal.", - "type": "object", - "additionalProperties": { - "type": "boolean", - "examples": [true] - }, - "examples": [{ - "Feature X": true, - "Feature Y": false - }] - }, "securitySchemes": { "EntraID": { "type": "http", @@ -4186,385 +3932,6 @@ "summary": "Deploy Marketplace Offering", "tags": ["Marketplace"] } - }, - "/Api/ArchitectureReport": { - "post": { - "description": "A route to store a new architectural analysis report information.", - "operationId": "/Api/ArchitectureReport/Post", - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/ArchitectureReport" - }, - "examples": { - "Sample Architecture Report Upload": { - "summary": "The architecture report being uploaded.", - "description": "An example architecture report object upload to the endpoint for storage.", - "value": { - "correlation": { - "auditTenantAccount": "user@example.com", - "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "createdAt": "2023-02-04T05:06:09.601Z", - "reportTenantAccount": "user@example.com", - "tenantId": "123e4567-e89b-12d3-a456-426614174000", - "updatedAt": "2023-02-04T05:06:09.601Z" - }, - "scheduling": "2023-02-04T05:06:09.601Z", - "securityPosture": { - "device": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } - } - }, - "user": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } - } - } - }, - "tenantMetadata": { - "totalDeviceCount": 1, - "totalGuestCount": 0, - "totalMemberCount": 1, - "totalUserCount": 1 - } - } - } - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/ArchitectureReport" - }, - "examples": { - "Successful upload": { - "summary": "The Architecture Report Returned", - "description": "An example architecture report object returned indicating the architecture report upload operation succeed. This should be the same as the uploaded architecture report.", - "value": { - "correlation": { - "auditTenantAccount": "user@example.com", - "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "createdAt": "2023-02-04T05:06:09.601Z", - "reportTenantAccount": "user@example.com", - "tenantId": "123e4567-e89b-12d3-a456-426614174000", - "updatedAt": "2023-02-04T05:06:09.601Z" - }, - "scheduling": "2023-02-04T05:06:09.601Z", - "securityPosture": { - "device": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } - } - }, - "user": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } - } - } - }, - "tenantMetadata": { - "totalDeviceCount": 1, - "totalGuestCount": 0, - "totalMemberCount": 1, - "totalUserCount": 1 - } - } - } - } - } - }, - "description": "The uploaded architecture report has been stored successfully." - }, - "400": { - "$ref": "#/components/responses/400" - } - }, - "summary": "Store new architectural analysis report.", - "tags": ["ArchitectureReport"] - } - }, - "/Api/ArchitectureReport/Correlation": { - "get": { - "description": "A route to retrieve the list of correlation records for the current authenticated tenant.", - "operationId": "/Api/ArchitectureReport/Correlation/Get", - "parameters": [ - { - "$ref": "#/components/parameters/dateStart" - }, - { - "$ref": "#/components/parameters/dateEnd" - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "items": { - "$ref": "#/components/schemas/ArchitectureReport.ArchitectureCorrelationRecord" - }, - "minItems": 0, - "type": "array" - }, - "examples": { - "Returned Architecture Correlation Records": { - "summary": "Example Architecture Correlation Records returned", - "description": "An example of an ArchitectureReport.ArchitectureCorrelationRecord array returned.", - "value": [{ - "auditTenantAccount": "user@example.com", - "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "createdAt": "2023-02-04T05:06:09.601Z", - "reportTenantAccount": "user@example.com", - "tenantId": "123e4567-e89b-12d3-a456-426614174000", - "updatedAt": "2023-02-04T05:06:09.601Z" - }] - } - } - } - }, - "description": "OK" - }, - "400": { - "$ref": "#/components/responses/400" - } - }, - "summary": "Retrieve correlation records for current tenant.", - "tags": ["ArchitectureReport"] - } - }, - "/Api/ArchitectureReport/Correlation/Tenant/{tenantId}": { - "get": { - "description": "Internal API route to retrieve the list of correlation records for the specified tenant, if the caller is SHI and authorized.", - "operationId": "/Api/ArchitectureReport/Correlation/Tenant/:tenantId/Get", - "parameters": [ - { - "$ref": "#/components/parameters/tenantId" - }, - { - "$ref": "#/components/parameters/dateStart" - }, - { - "$ref": "#/components/parameters/dateEnd" - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "items": { - "$ref": "#/components/schemas/ArchitectureReport.ArchitectureCorrelationRecord" - }, - "minItems": 0, - "type": "array" - }, - "examples": { - "Returned Architecture Correlation Records": { - "summary": "Example Architecture Correlation Records returned", - "description": "An example of an ArchitectureReport.ArchitectureCorrelationRecord array returned.", - "value": [{ - "auditTenantAccount": "user@example.com", - "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "createdAt": "2023-02-04T05:06:09.601Z", - "reportTenantAccount": "user@example.com", - "tenantId": "123e4567-e89b-12d3-a456-426614174000", - "updatedAt": "2023-02-04T05:06:09.601Z" - }] - } - } - } - }, - "description": "OK" - }, - "400": { - "$ref": "#/components/responses/400" - } - }, - "summary": "Retrieve correlation records for the specified tenant.", - "tags": ["ArchitectureReport"] - } - }, - "/Api/ArchitectureReport/Correlation/{correlationId}/Data": { - "get": { - "description": "A route to retrieve architectural analysis report for the specified correlation ID in the authenticated tenant.", - "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Data/Get", - "parameters": [{ - "$ref": "#/components/parameters/correlationId" - }], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ArchitectureReport" - }, - "examples": { - "Returned Architecture Report": { - "summary": "Example Architecture Report returned", - "description": "An example of ArchitectureReport object returned that represents an successful architectural analysis run result.", - "value": { - "correlation": { - "auditTenantAccount": "user@example.com", - "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "createdAt": "2023-02-04T05:06:09.601Z", - "reportTenantAccount": "user@example.com", - "tenantId": "123e4567-e89b-12d3-a456-426614174000", - "updatedAt": "2023-02-04T05:06:09.601Z" - }, - "scheduling": "2023-02-04T05:06:09.601Z", - "securityPosture": { - "device": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } - } - }, - "user": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } - } - } - }, - "tenantMetadata": { - "totalDeviceCount": 1, - "totalGuestCount": 0, - "totalMemberCount": 1, - "totalUserCount": 1 - } - } - } - } - } - }, - "description": "OK" - }, - "400": { - "$ref": "#/components/responses/400" - } - }, - "summary": "Retrieve architectural analysis report for current tenant by specified correlation ID.", - "tags": ["ArchitectureReport"] - }, - "delete": { - "description": "A route to allow customers to self service delete architectural analysis report.", - "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Data/Delete", - "parameters": [{ - "$ref": "#/components/parameters/correlationId" - }], - "responses": { - "204": { - "description": "The specified architectural analysis report has been deleted successfully." - }, - "400": { - "$ref": "#/components/responses/400" - } - }, - "summary": "Delete specific architectural analysis report by correlation ID.", - "tags": ["ArchitectureReport"] - } - }, - "/Api/ArchitectureReport/Correlation/{correlationId}/Tenant/{tenantId}/Data": { - "get": { - "description": "Internal API route to retrieve architectural analysis report for the specified correlation ID for the specified tenant, if the caller is SHI and authorized.", - "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Tenant/:tenantId/Data/Get", - "parameters": [{ - "$ref": "#/components/parameters/correlationId" - },{ - "$ref": "#/components/parameters/tenantId" - }], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ArchitectureReport" - }, - "examples": { - "Returned Architecture Report": { - "summary": "Example Architecture Report returned", - "description": "An example of ArchitectureReport object returned that represents an successful architectural analysis run result.", - "value": { - "correlation": { - "auditTenantAccount": "user@example.com", - "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "createdAt": "2023-02-04T05:06:09.601Z", - "reportTenantAccount": "user@example.com", - "tenantId": "123e4567-e89b-12d3-a456-426614174000", - "updatedAt": "2023-02-04T05:06:09.601Z" - }, - "scheduling": "2023-02-04T05:06:09.601Z", - "securityPosture": { - "device": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } - } - }, - "user": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } - } - } - }, - "tenantMetadata": { - "totalDeviceCount": 1, - "totalGuestCount": 0, - "totalMemberCount": 1, - "totalUserCount": 1 - } - } - } - } - } - }, - "description": "OK" - }, - "400": { - "$ref": "#/components/responses/400" - } - }, - "summary": "Retrieve architectural analysis reports for the specified tenant by correlation ID.", - "tags": ["ArchitectureReport"] - }, - "delete": { - "description": "Internal API route to remove the specified architectural analysis report, if the caller is SHI and authorized.", - "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Tenant/:tenantId/Data/Delete", - "parameters": [{ - "$ref": "#/components/parameters/correlationId" - }, { - "$ref": "#/components/parameters/tenantId" - }], - "responses": { - "204": { - "description": "The specified architectural analysis report has been deleted successfully." - }, - "400": { - "$ref": "#/components/responses/400" - } - }, - "summary": "Remove architectural analysis report for the specified tenant by correlation ID.", - "tags": ["ArchitectureReport"] - } } }, "security": [ From 64efe75034b94d4ab4ca0521cfc589b231e79d18 Mon Sep 17 00:00:00 2001 From: Ferry To Date: Mon, 6 Oct 2025 16:00:08 +0100 Subject: [PATCH 26/28] refactor: Share parameters for different operations under the same API route. - also replaced nullable: true with type: "null" in PrincipalAssignment schema. --- specs/Data-Gateway.json | 407 +++++++++++++++++++++------------------- 1 file changed, 216 insertions(+), 191 deletions(-) diff --git a/specs/Data-Gateway.json b/specs/Data-Gateway.json index 2985e0a..11d964d 100644 --- a/specs/Data-Gateway.json +++ b/specs/Data-Gateway.json @@ -1255,7 +1255,7 @@ } ] }, - "ArchitectureReport": { + "ArchitectureReport": { "description": "Container that represents the entire architecture report structure for a complete run of architectural analysis.", "title": "Architecture Report - Complete Object", "type": "object", @@ -1276,9 +1276,15 @@ "$ref": "#/components/schemas/ArchitectureReport.SecurityPosture" } }, - "required": ["tenantMetadata", "correlation", "scheduling", "securityPosture"], - "examples": [{ - "correlation": { + "required": [ + "tenantMetadata", + "correlation", + "scheduling", + "securityPosture" + ], + "examples": [ + { + "correlation": { "auditTenantAccount": "user@example.com", "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", "createdAt": "2023-02-04T05:06:09.601Z", @@ -1287,29 +1293,30 @@ "updatedAt": "2023-02-04T05:06:09.601Z" }, "scheduling": "2023-02-04T05:06:09.601Z", - "securityPosture": { - "device": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } + "securityPosture": { + "device": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } } }, - "user": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } - } + "user": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } } - }, + } + }, "tenantMetadata": { "totalDeviceCount": 1, "totalGuestCount": 0, "totalMemberCount": 1, "totalUserCount": 1 } - }] + } + ] }, "ArchitectureReport.ArchitectureCorrelationRecord": { "title": "Architecture Report - Architecture Correlation Record", @@ -1330,8 +1337,8 @@ "type": "string", "format": "uuid", "description": "Tenant that the tool was run against.", - "examples": ["123e4567-e89b-12d3-a456-426614174000"] - }, + "examples": ["123e4567-e89b-12d3-a456-426614174000"] + }, "correlationId": { "type": "string", "format": "uuid", @@ -1348,18 +1355,27 @@ "type": "string", "format": "date-time", "description": "Timestamp on when the record was last updated. This is auto managed by sequelize.", - "examples": ["2023-02-04T05:06:09.601Z"] + "examples": ["2023-02-04T05:06:09.601Z"] } }, - "required": ["auditTenantAccount", "correlationId", "createdAt", "updatedAt", "reportTenantAccount", "tenantId"], - "examples": [{ - "auditTenantAccount": "user@example.com", - "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "createdAt": "2023-02-04T05:06:09.601Z", - "reportTenantAccount": "user@example.com", - "tenantId": "123e4567-e89b-12d3-a456-426614174000", - "updatedAt": "2023-02-04T05:06:09.601Z" - }] + "required": [ + "auditTenantAccount", + "correlationId", + "createdAt", + "updatedAt", + "reportTenantAccount", + "tenantId" + ], + "examples": [ + { + "auditTenantAccount": "user@example.com", + "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "createdAt": "2023-02-04T05:06:09.601Z", + "reportTenantAccount": "user@example.com", + "tenantId": "123e4567-e89b-12d3-a456-426614174000", + "updatedAt": "2023-02-04T05:06:09.601Z" + } + ] }, "ArchitectureReport.TenantMetadata": { "title": "Architecture Report - Tenant Metadata", @@ -1387,12 +1403,14 @@ "examples": [0, 1] } }, - "examples": [{ - "totalDeviceCount": 1, - "totalGuestCount": 0, - "totalMemberCount": 1, - "totalUserCount": 1 - }] + "examples": [ + { + "totalDeviceCount": 1, + "totalGuestCount": 0, + "totalMemberCount": 1, + "totalUserCount": 1 + } + ] }, "ArchitectureReport.SecurityPosture": { "title": "Architecture Report - Security Posture", @@ -1417,26 +1435,26 @@ "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$": { "$ref": "#/components/schemas/ArchitectureReport.PrincipalAssignment" } - } + } } }, "examples": [ { "device": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 } + } }, "user": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 } + } } - } + } ] }, "ArchitectureReport.PrincipalAssignment": { @@ -1450,11 +1468,13 @@ "additionalProperties": false, "patternProperties": { "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$": { - "nullable": true, "oneOf": [ { "$ref": "#/components/schemas/ArchitectureReport.FeatureBreakdown" }, + { + "type": "null" + }, { "type": "number", "examples": [0, 1] @@ -1462,15 +1482,17 @@ ] } }, - "examples": [{ + "examples": [ + { "234e4567-e89b-12d3-a456-426614174000": 0 - }] - } + } + ] + } }, "examples": [ { "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 + "234e4567-e89b-12d3-a456-426614174000": 0 } } ] @@ -1483,11 +1505,13 @@ "type": "boolean", "examples": [true] }, - "examples": [{ - "Feature X": true, - "Feature Y": false - }] - } + "examples": [ + { + "Feature X": true, + "Feature Y": false + } + ] + } }, "securitySchemes": { "EntraID": { @@ -3442,16 +3466,16 @@ "content": { "application/json": { "examples": { - "Channel Configuration Details": { - "description": "Example object returned on creation or update.", - "summary": "Channel Configuration", - "value": { - "latest": "1.12.5", - "name": "stable", - "previous": "1.12.4" - } + "Channel Configuration Details": { + "description": "Example object returned on creation or update.", + "summary": "Channel Configuration", + "value": { + "latest": "1.12.5", + "name": "stable", + "previous": "1.12.4" } - }, + } + }, "schema": { "$ref": "#/components/schemas/Update.Shield.Channel" } @@ -4399,7 +4423,7 @@ "summary": "The architecture report being uploaded.", "description": "An example architecture report object upload to the endpoint for storage.", "value": { - "correlation": { + "correlation": { "auditTenantAccount": "user@example.com", "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", "createdAt": "2023-02-04T05:06:09.601Z", @@ -4408,21 +4432,21 @@ "updatedAt": "2023-02-04T05:06:09.601Z" }, "scheduling": "2023-02-04T05:06:09.601Z", - "securityPosture": { - "device": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } + "securityPosture": { + "device": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } } }, - "user": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } - } + "user": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } } + } }, "tenantMetadata": { "totalDeviceCount": 1, @@ -4448,7 +4472,7 @@ "summary": "The Architecture Report Returned", "description": "An example architecture report object returned indicating the architecture report upload operation succeed. This should be the same as the uploaded architecture report.", "value": { - "correlation": { + "correlation": { "auditTenantAccount": "user@example.com", "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", "createdAt": "2023-02-04T05:06:09.601Z", @@ -4457,21 +4481,21 @@ "updatedAt": "2023-02-04T05:06:09.601Z" }, "scheduling": "2023-02-04T05:06:09.601Z", - "securityPosture": { - "device": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } + "securityPosture": { + "device": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } } }, - "user": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } - } + "user": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } } + } }, "tenantMetadata": { "totalDeviceCount": 1, @@ -4501,7 +4525,7 @@ "parameters": [ { "$ref": "#/components/parameters/dateStart" - }, + }, { "$ref": "#/components/parameters/dateEnd" } @@ -4521,26 +4545,28 @@ "Returned Architecture Correlation Records": { "summary": "Example Architecture Correlation Records returned", "description": "An example of an ArchitectureReport.ArchitectureCorrelationRecord array returned.", - "value": [{ - "auditTenantAccount": "user@example.com", - "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "createdAt": "2023-02-04T05:06:09.601Z", - "reportTenantAccount": "user@example.com", - "tenantId": "123e4567-e89b-12d3-a456-426614174000", - "updatedAt": "2023-02-04T05:06:09.601Z" - }] + "value": [ + { + "auditTenantAccount": "user@example.com", + "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "createdAt": "2023-02-04T05:06:09.601Z", + "reportTenantAccount": "user@example.com", + "tenantId": "123e4567-e89b-12d3-a456-426614174000", + "updatedAt": "2023-02-04T05:06:09.601Z" + } + ] } } } }, "description": "OK" - }, + }, "400": { "$ref": "#/components/responses/400" } }, "summary": "Retrieve correlation records for current tenant.", - "tags": ["Architecture Report"] + "tags": ["Architecture Report"] } }, "/Api/ArchitectureReport/Correlation/Tenant/{tenantId}": { @@ -4550,10 +4576,10 @@ "parameters": [ { "$ref": "#/components/parameters/tenantId" - }, + }, { "$ref": "#/components/parameters/dateStart" - }, + }, { "$ref": "#/components/parameters/dateEnd" } @@ -4573,14 +4599,16 @@ "Returned Architecture Correlation Records": { "summary": "Example Architecture Correlation Records returned", "description": "An example of an ArchitectureReport.ArchitectureCorrelationRecord array returned.", - "value": [{ - "auditTenantAccount": "user@example.com", - "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "createdAt": "2023-02-04T05:06:09.601Z", - "reportTenantAccount": "user@example.com", - "tenantId": "123e4567-e89b-12d3-a456-426614174000", - "updatedAt": "2023-02-04T05:06:09.601Z" - }] + "value": [ + { + "auditTenantAccount": "user@example.com", + "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "createdAt": "2023-02-04T05:06:09.601Z", + "reportTenantAccount": "user@example.com", + "tenantId": "123e4567-e89b-12d3-a456-426614174000", + "updatedAt": "2023-02-04T05:06:09.601Z" + } + ] } } } @@ -4592,16 +4620,18 @@ } }, "summary": "Retrieve correlation records for the specified tenant.", - "tags": ["Architecture Report"] + "tags": ["Architecture Report"] } }, "/Api/ArchitectureReport/Correlation/{correlationId}/Data": { + "parameters": [ + { + "$ref": "#/components/parameters/correlationId" + } + ], "get": { "description": "A route to retrieve architectural analysis report for the specified correlation ID in the authenticated tenant.", "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Data/Get", - "parameters": [{ - "$ref": "#/components/parameters/correlationId" - }], "responses": { "200": { "content": { @@ -4614,57 +4644,54 @@ "summary": "Example Architecture Report returned", "description": "An example of ArchitectureReport object returned that represents an successful architectural analysis run result.", "value": { - "correlation": { - "auditTenantAccount": "user@example.com", - "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "createdAt": "2023-02-04T05:06:09.601Z", - "reportTenantAccount": "user@example.com", - "tenantId": "123e4567-e89b-12d3-a456-426614174000", - "updatedAt": "2023-02-04T05:06:09.601Z" - }, - "scheduling": "2023-02-04T05:06:09.601Z", - "securityPosture": { - "device": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } - } - }, - "user": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } - } + "correlation": { + "auditTenantAccount": "user@example.com", + "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "createdAt": "2023-02-04T05:06:09.601Z", + "reportTenantAccount": "user@example.com", + "tenantId": "123e4567-e89b-12d3-a456-426614174000", + "updatedAt": "2023-02-04T05:06:09.601Z" + }, + "scheduling": "2023-02-04T05:06:09.601Z", + "securityPosture": { + "device": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 } + } }, - "tenantMetadata": { - "totalDeviceCount": 1, - "totalGuestCount": 0, - "totalMemberCount": 1, - "totalUserCount": 1 + "user": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } } + }, + "tenantMetadata": { + "totalDeviceCount": 1, + "totalGuestCount": 0, + "totalMemberCount": 1, + "totalUserCount": 1 + } } } } } }, - "description": "OK" + "description": "OK" }, "400": { "$ref": "#/components/responses/400" } }, "summary": "Retrieve architectural analysis report for current tenant by specified correlation ID.", - "tags": ["Architecture Report"] + "tags": ["Architecture Report"] }, "delete": { "description": "A route to allow customers to self service delete architectural analysis report.", "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Data/Delete", - "parameters": [{ - "$ref": "#/components/parameters/correlationId" - }], "responses": { "204": { "description": "The specified architectural analysis report has been deleted successfully." @@ -4674,18 +4701,21 @@ } }, "summary": "Delete specific architectural analysis report by correlation ID.", - "tags": ["Architecture Report"] + "tags": ["Architecture Report"] } }, "/Api/ArchitectureReport/Correlation/{correlationId}/Tenant/{tenantId}/Data": { + "parameters": [ + { + "$ref": "#/components/parameters/correlationId" + }, + { + "$ref": "#/components/parameters/tenantId" + } + ], "get": { "description": "Internal API route to retrieve architectural analysis report for the specified correlation ID for the specified tenant, if the caller is SHI and authorized.", "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Tenant/:tenantId/Data/Get", - "parameters": [{ - "$ref": "#/components/parameters/correlationId" - },{ - "$ref": "#/components/parameters/tenantId" - }], "responses": { "200": { "content": { @@ -4698,37 +4728,37 @@ "summary": "Example Architecture Report returned", "description": "An example of ArchitectureReport object returned that represents an successful architectural analysis run result.", "value": { - "correlation": { - "auditTenantAccount": "user@example.com", - "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", - "createdAt": "2023-02-04T05:06:09.601Z", - "reportTenantAccount": "user@example.com", - "tenantId": "123e4567-e89b-12d3-a456-426614174000", - "updatedAt": "2023-02-04T05:06:09.601Z" - }, - "scheduling": "2023-02-04T05:06:09.601Z", - "securityPosture": { - "device": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } - } - }, - "user": { - "123e4567-e89b-12d3-a456-426614174000": { - "assignedService": { - "234e4567-e89b-12d3-a456-426614174000": 0 - } - } + "correlation": { + "auditTenantAccount": "user@example.com", + "correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "createdAt": "2023-02-04T05:06:09.601Z", + "reportTenantAccount": "user@example.com", + "tenantId": "123e4567-e89b-12d3-a456-426614174000", + "updatedAt": "2023-02-04T05:06:09.601Z" + }, + "scheduling": "2023-02-04T05:06:09.601Z", + "securityPosture": { + "device": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 } + } }, - "tenantMetadata": { - "totalDeviceCount": 1, - "totalGuestCount": 0, - "totalMemberCount": 1, - "totalUserCount": 1 + "user": { + "123e4567-e89b-12d3-a456-426614174000": { + "assignedService": { + "234e4567-e89b-12d3-a456-426614174000": 0 + } + } } + }, + "tenantMetadata": { + "totalDeviceCount": 1, + "totalGuestCount": 0, + "totalMemberCount": 1, + "totalUserCount": 1 + } } } } @@ -4741,16 +4771,11 @@ } }, "summary": "Retrieve architectural analysis reports for the specified tenant by correlation ID.", - "tags": ["Architecture Report"] + "tags": ["Architecture Report"] }, "delete": { "description": "Internal API route to remove the specified architectural analysis report, if the caller is SHI and authorized.", "operationId": "/Api/ArchitectureReport/Correlation/:correlationId/Tenant/:tenantId/Data/Delete", - "parameters": [{ - "$ref": "#/components/parameters/correlationId" - }, { - "$ref": "#/components/parameters/tenantId" - }], "responses": { "204": { "description": "The specified architectural analysis report has been deleted successfully." @@ -4760,9 +4785,9 @@ } }, "summary": "Remove architectural analysis report for the specified tenant by correlation ID.", - "tags": ["Architecture Report"] + "tags": ["Architecture Report"] } - } + } }, "security": [ { From 3f43c4ea333ebfa8f5d46cdcd80f51d7b938fca8 Mon Sep 17 00:00:00 2001 From: Ferry To Date: Mon, 6 Oct 2025 16:18:11 +0100 Subject: [PATCH 27/28] fix: Malformed file caused by misplaced bracket. - also remove the dateStart and dateEnd query parameters definition. --- specs/SHIELD.json | 38 ++------------------------------------ 1 file changed, 2 insertions(+), 36 deletions(-) diff --git a/specs/SHIELD.json b/specs/SHIELD.json index f0ca022..6582b83 100644 --- a/specs/SHIELD.json +++ b/specs/SHIELD.json @@ -178,40 +178,6 @@ "description": "An example of valid EntraID managed user ID in type UUID." } } - }, - "dateStart": { - "name": "dateStart", - "description": "The date string used to determine the lower bound value in a query.", - "in": "query", - "schema": { - "type": "string", - "format": "date-time", - "examples": ["2025-01-01"] - }, - "examples": { - "valid start date": { - "value": "2025-01-01", - "summary": "Example date for lower bound value in a query.", - "description": "In architecture report context, it is used to compare against the createdAt property." - } - } - }, - "dateEnd": { - "name": "dateEnd", - "description": "The date string used to determine the upper bound value in a query.", - "in": "query", - "schema": { - "type": "string", - "format": "date-time", - "examples": ["2025-01-01"] - }, - "examples": { - "valid end date": { - "value": "2025-01-01", - "summary": "Example date for upper bound value in a query.", - "description": "In architecture report context, it is used to compare against the createdAt property." - } - } } }, "responses": { @@ -1558,7 +1524,8 @@ "examples": ["Privileged"], "title": "Type of security class the object(s) belongs to", "type": "string" - }, + } + }, "securitySchemes": { "EntraID": { "type": "http", @@ -3983,5 +3950,4 @@ "name": "Update" } ] -} } \ No newline at end of file From 394045802af364f57145764677dfb4fa160ece12 Mon Sep 17 00:00:00 2001 From: Ferry To Date: Mon, 6 Oct 2025 16:27:25 +0100 Subject: [PATCH 28/28] fix: Typo in updatedAt property in ArchitectureCorrelationRecord. --- specs/Data-Gateway.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/Data-Gateway.json b/specs/Data-Gateway.json index 11d964d..05ab398 100644 --- a/specs/Data-Gateway.json +++ b/specs/Data-Gateway.json @@ -1351,7 +1351,7 @@ "description": "Timestamp on when the record was created. This is auto managed by sequelize.", "examples": ["2023-02-04T05:06:09.601Z"] }, - "updateAt": { + "updatedAt": { "type": "string", "format": "date-time", "description": "Timestamp on when the record was last updated. This is auto managed by sequelize.",