Introduce new endpoints to support CSPM work #86
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Creating definition for new remediation endpoint with POST request
Define new endpoint that attempts to create new group and return its name, or just returns name if the resource has already been provisioned
updated spec to include the newly added /Api/Deploy/BreakGlassStatus endpoint
removed unneeded object schema
…example to match the definition Deploy.ConfigurationItem response now also includes deployStatus field Change example to accurately present available fields
updated endpoint name to match incoming schema update from @pasha-zayko
Fixed copilot pr suggested problems
…oup-and-users' into LAB-938-CSPM-main
Included optional query parameter with possible values to retrieve progress of the specific operation
Typos and text clarification
* Adding description to request remediation results Adding new schema and verb option to /Api/Deploy/Remediate path
Adding schema to describe documentation response object when data is available. Adding path to handle retrieval of the configuration item documentation.
Renamed LicenseReportV1 schemas to Report.* for consistency and updated all references. Added detailed descriptions, examples, and validation patterns to license, principal, and service plan fields. Improved API response codes and documentation for error handling and deletion endpoints.
Updated the Data-Gateway JSON schema to clarify and expand user and device principal records, including required fields and more detailed property definitions. Enhanced the structure and examples for inferred attributes and enhanced identity data, added explicit nullability, and improved descriptions for service plan and license references. These changes improve schema accuracy and documentation for integrators.
…ationId/Data * LAB-989: [SHIELD] Add Open API Spec for Discover/ArchitectureReport/Correlation/:correlationId/Data
Refactored user and device principal data schemas to use new CommonService, AssignedLicense, and PrincipalMetadata references under Report.PrincipalData. Simplified nullable property definitions and examples. Added 500 error responses to multiple API endpoints for improved error handling.
* Adding new endpoint to provide list of correlation records Listing available correlation entries for the Architecture Report
…/LAB-980_Describe-V1-LicenseReport-API-Endpoints LAB-980
Introduces the ArchitectureReportV1 schema, supporting objects, and new API endpoints for submitting, retrieving, and deleting architecture reports and correlation records. Also adds the 'Architecture Reporting' tag to the API documentation.
Replaces 'example' fields with 'examples' arrays for multiple schema objects to improve consistency and support OpenAPI standards. Also adds new CommonPrincipalAssignment, DevicePrincipalAssignment, and UserPrincipalAssignment schema definitions.
***WIP*** Replaces inline definitions of LicenseReport.CorrelationRecord and CorrelationRecordV0 with references to Report.CorrelationRecordV0. Updates references and descriptions for principal data and correlation records in architecture and report schemas for consistency. Also renames CommonPrincipalAssignment to Report.CommonPrincipalAssignment and updates related references.
Refined operationId naming for clarity and consistency across endpoints. Enhanced endpoint descriptions with permission and access details. Added 401 and 403 error responses to relevant endpoints. Updated schema references and parameter lists for improved accuracy.
Replaces various 401, 403, and 404 error responses with a unified 500 Internal Server Error response across multiple endpoints in Data-Gateway.json. Adds a description for the 500 error and changes some success response codes from 201 to 200 for consistency.
Updated the Data-Gateway JSON schema to clarify and expand user and device principal records, including required fields and more detailed property definitions. Enhanced the structure and examples for inferred attributes and enhanced identity data, added explicit nullability, and improved descriptions for service plan and license references. These changes improve schema accuracy and documentation for integrators.
Updated the descriptions for the POST and GET /Api/V1/ArchitectureReport endpoints to specify required scopes and tenant access restrictions for improved API documentation clarity.
Updated required fields and descriptions for user and device principal records, improved enhanced identity data structure to support consent-based nullability, and clarified examples and titles for correlation and principal metadata records. These changes improve schema clarity, flexibility, and alignment with consent requirements.
Updated all references of LicenseReport, LicenseReport.CorrelationRecord, and LicenseReport.LicenseData to LicenseReportV0, LicenseReportV0.CorrelationRecord, and LicenseReportV0.LicenseData in Data-Gateway.json. This change clarifies schema versioning and improves maintainability.
Added detailed example objects for Architecture Report endpoints and correlation records, updated required fields in the correlation record schema, and removed unused principal assignment schemas. Also moved and clarified endpoint summaries for improved OpenAPI documentation consistency.
Reduced the required fields in the 'Report - Correlation Record V1' schema to only 'auditTenantAccount'. Updated example objects to match the new schema requirements by removing other previously required fields. Jagdish helped :)
Added 'schemaVersion' field to ArchitectureReportV1.TenantMetadata and updated its title. Revised several endpoint descriptions to refer to 'architecture report' instead of 'license report'. Standardized operationId path parameters to use colon notation for consistency.
- Eliminated duplicate LicenseReportV0.CorrelationRecord and ArchitectureReportV1.CorrelationRecord schema definitions. - Updated all references to use the shared Report.CorrelationRecordV0 and Report.CorrelationRecordV1 schemas directly for consistency and maintainability.
Updated the Data-Gateway.json specification to include 'schemaVersion' as a required field alongside 'correlation', 'tenantMetadata', and 'principalData'.
…_describe-new-v1-ArchitectureReport-endpoints-in-OpenApi Lab 981 describe new v1 architecture report endpoints in open api
Correct the output for the list of correlation records for license or architecture reports to include only usable and relevant fields
…AB-1169-interface-alignment Adjust fields to match accurate response for correlation record
Define single version of correlation record. Update references and examples to match the established data structure.
Signed-off-by: Pasha Zayko <91487789+pasha-zayko@users.noreply.github.com>
Introduces a new 'manualCreateGuideList' property to the SHIELD.json schema, including its definition, requirements, and example usage. This property provides a collection of strings to guide manual implementation for configuration items.
Reflecting the significant enhancements and changes in the packages by incrementing to the next minor version
Regenerated lock file to ensure correct values are in place
|
No dependency changes detected. Learn more about Socket for GitHub. 👍 No dependency changes detected in pull request |
There was a problem hiding this comment.
Pull request overview
This PR introduces comprehensive support for Cloud Security Posture Management (CSPM) capabilities by adding new API endpoints, schemas, and metadata structures to both SHIELD and SHI Data Gateway specifications. The changes enable architecture report generation, policy assessment tracking, remediation workflows, and enhanced configuration item documentation.
Key Changes:
- Added Architecture Report API endpoints for CSPM policy assessment and correlation record management
- Introduced remediation workflow endpoints with consent tracking and result reporting
- Enhanced Deploy configuration items with deployment state tracking and comprehensive metadata documentation
Reviewed changes
Copilot reviewed 3 out of 6 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| src/shield/TypeScript/package.json | Bumped SDK version from 3.0.10 to 3.1.0 to reflect breaking API changes |
| src/dataGateway/TypeScript/package.json | Bumped SDK version from 2.3.1 to 2.4.0 for new feature support |
| specs/SHIELD.json | Added CSPM endpoints, schemas, and enhanced existing Deploy components with metadata and state tracking |
Files not reviewed (2)
- src/dataGateway/TypeScript/package-lock.json: Language not supported
- src/shield/TypeScript/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "enum": [ | ||
| "notDeployed", | ||
| "deployed", | ||
| "Mutated", |
There was a problem hiding this comment.
The enum value "Mutated" uses inconsistent capitalization compared to other values ("notDeployed", "deployed", "error"). It should be lowercase "mutated" to maintain consistency with the camelCase naming pattern.
Suggested change
| "Mutated", | |
| "mutated", |
Updating examples for architecture to have appropriate fields and include the sample correctly as the attribute instead of top level props
* Added Api/Chat/UpdateDocs to spec * clarity improvements
Signed-off-by: Pasha Zayko <91487789+pasha-zayko@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Significant enhancements and feature additions to the SHI Data Gateway and SHIELD OpenAPI specifications, along with corresponding SDK version bumps and dependency updates. Below is a consolidated, non-redundant summary of the notable changes based on the cumulative commit differences:
SHI Data Gateway & General OpenAPI Enhancements
License Report API Improvements:
Architecture Report API Additions:
Tenant & Update API Improvements:
SHIELD Specification & CSPM Features
CSPM & Security Posture Updates:
Configuration Item Metadata:
Remediation Automation Support:
SDK & Dependency Management
SDK Package Version Updates:
Additional Quality & Maintenance