From 237dba72146baa0e82b750e2c064853ca2c4fb74 Mon Sep 17 00:00:00 2001 From: Joe Strickland Date: Fri, 8 Nov 2024 13:26:35 -0500 Subject: [PATCH 1/2] Added missing delegation endpoints and updated docs for #7 --- CHANGELOG.md | 6 + README.md | 3 +- .../Delegations/Add Delegation.bru | 311 ++++++++++++++++++ .../Delegations/Export Delegations.bru | 83 +++++ .../Retrieve Delegation Details.bru | 87 +++++ .../Delegations/Update Delegation.bru | 191 +++++++++++ .../Identities/Search Identities.bru | 145 ++++++++ SaaS/Cloud Visibility/Scan/Scan Status.bru | 57 ++++ SaaS/Cloud Visibility/Scan/Scan.bru | 59 ++++ SaaS/Cloud Visibility/Workspaces/Connect.bru | 79 +++++ .../Workspaces/Create AWS Account.bru | 75 +++++ SaaS/Cloud Visibility/Workspaces/Delete.bru | 71 ++++ .../Workspaces/Disconnect.bru | 75 +++++ .../Workspaces/Get Workspaces.bru | 108 ++++++ 14 files changed, 1349 insertions(+), 1 deletion(-) create mode 100644 SaaS/Cloud Visibility/Delegations/Add Delegation.bru create mode 100644 SaaS/Cloud Visibility/Delegations/Export Delegations.bru create mode 100644 SaaS/Cloud Visibility/Delegations/Retrieve Delegation Details.bru create mode 100644 SaaS/Cloud Visibility/Delegations/Update Delegation.bru create mode 100644 SaaS/Cloud Visibility/Identities/Search Identities.bru create mode 100644 SaaS/Cloud Visibility/Scan/Scan Status.bru create mode 100644 SaaS/Cloud Visibility/Scan/Scan.bru create mode 100644 SaaS/Cloud Visibility/Workspaces/Connect.bru create mode 100644 SaaS/Cloud Visibility/Workspaces/Create AWS Account.bru create mode 100644 SaaS/Cloud Visibility/Workspaces/Delete.bru create mode 100644 SaaS/Cloud Visibility/Workspaces/Disconnect.bru create mode 100644 SaaS/Cloud Visibility/Workspaces/Get Workspaces.bru diff --git a/CHANGELOG.md b/CHANGELOG.md index 898f459..2b83721 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,10 @@ # Changelog +## v1.0.3 + +### Added or Changed +- Added documentation to all Cloud Visibility API endpoints +- Changed name to Cloud Visibility from Cloud Entitlements Manager +- Added missing Cloud Visibility API endpoints for Delegation ## v1.0.2 diff --git a/README.md b/README.md index d30cd12..e70c221 100644 --- a/README.md +++ b/README.md @@ -237,10 +237,11 @@ The second variable, TEST_LOG_VERBOSE, will enable verbose logging for the API. - [ ] Add development documentation - [ ] Ensure documentation is updated for endpoints - [ ] SaaS - - [ ] Cloud Entitlements Manager + - [x] Cloud Visibility - [x] Conjur Cloud - [x] Connector Managent - [ ] Identity + - [ ] Endpoint Privilege Manager - [x] Privilege Cloud - [x] Secrets Hub - [x] Secure Cloud Access diff --git a/SaaS/Cloud Visibility/Delegations/Add Delegation.bru b/SaaS/Cloud Visibility/Delegations/Add Delegation.bru new file mode 100644 index 0000000..d924584 --- /dev/null +++ b/SaaS/Cloud Visibility/Delegations/Add Delegation.bru @@ -0,0 +1,311 @@ +meta { + name: Add Delegation + type: http + seq: 1 +} + +post { + url: https://{{identityTenantName}}-cem.cyberark.cloud/api/delegations/{{cloudPlatform}} + body: json + auth: none +} + +body:json { + { + "version": "string", + "resource": "string", + "path": "string", + "httpMethod": "POST", + "headers": { + "additionalProp1": "string", + "additionalProp2": "string", + "additionalProp3": "string" + }, + "multiValueHeaders": { + "additionalProp1": [ + "string" + ], + "additionalProp2": [ + "string" + ], + "additionalProp3": [ + "string" + ] + }, + "queryStringParameters": { + "additionalProp1": "string", + "additionalProp2": "string", + "additionalProp3": "string" + }, + "multiValueQueryStringParameters": { + "additionalProp1": [ + "string" + ], + "additionalProp2": [ + "string" + ], + "additionalProp3": [ + "string" + ] + }, + "requestContext": { + "accountId": "string", + "apiId": "string", + "authorizer": { + "claims": {}, + "scopes": [ + "string" + ] + }, + "stage": "string", + "protocol": "string", + "identity": { + "accessKey": "string", + "accountId": "string", + "apiKey": "string", + "apiKeyId": "string", + "caller": "string", + "cognitoAuthenticationProvider": "string", + "cognitoAuthenticationType": "string", + "cognitoIdentityId": "string", + "cognitoIdentityPoolId": "string", + "principalOrgId": "string", + "sourceIp": "string", + "user": "string", + "userAgent": "string", + "userArn": "string", + "clientCert": { + "clientCertPem": "string", + "subjectDN": "string", + "issuerDN": "string", + "serialNumber": "string", + "validity": { + "notBefore": "string", + "notAfter": "string" + } + } + }, + "requestId": "string", + "requestTime": "string", + "requestTimeEpoch": "2024-11-08T17:54:51.062Z", + "resourceId": "string", + "resourcePath": "string", + "domainName": "string", + "domainPrefix": "string", + "extendedRequestId": "string", + "httpMethod": "DELETE", + "path": "string", + "connectedAt": "2024-11-08T17:54:51.062Z", + "connectionId": "string", + "eventType": "CONNECT", + "messageDirection": "string", + "messageId": "string", + "routeKey": "string", + "operationName": "string" + }, + "pathParameters": { + "cloudPlatform": "AWS" + }, + "stageVariables": { + "additionalProp1": "string", + "additionalProp2": "string", + "additionalProp3": "string" + }, + "isBase64Encoded": true, + "body": { + "workspaces": [ + { + "organization": "string", + "workspaceType": "account", + "workspaceId": "string", + "workspaceName": "string" + } + ], + "entities": [ + { + "delegationId": 0, + "entityType": "Group", + "entityId": "string", + "entityName": "string", + "directoryId": "string", + "directoryName": "string", + "entityEmail": "string", + "serviceType": "string", + "userPrincipal": "string" + } + ] + } + } +} + +vars:pre-request { + cloudPlatform: +} + +assert { + res.status: eq 200 + res.body: isJson +} + +script:pre-request { + const platformTokenAuth = require('./tools/platformTokenAuth'); + + // Perform authentication usings platformToken.js tools + await platformTokenAuth.login(); +} + +docs { + ## Add Delegation + Add delegates for a given set of workspaces + + ### Request URL + https://-cem.cyberark.cloud/api/delegations/{cloudPlatform} + + #### Request Resource Information + | HTTP Method | Content Type | + | :-- | :-- | + | POST | application/json | + + #### Request Query Parameters + None + + #### Example Request Body + ``` + { + "version": "string", + "resource": "string", + "path": "string", + "httpMethod": "POST", + "headers": { + "additionalProp1": "string", + "additionalProp2": "string", + "additionalProp3": "string" + }, + "multiValueHeaders": { + "additionalProp1": [ + "string" + ], + "additionalProp2": [ + "string" + ], + "additionalProp3": [ + "string" + ] + }, + "queryStringParameters": { + "additionalProp1": "string", + "additionalProp2": "string", + "additionalProp3": "string" + }, + "multiValueQueryStringParameters": { + "additionalProp1": [ + "string" + ], + "additionalProp2": [ + "string" + ], + "additionalProp3": [ + "string" + ] + }, + "requestContext": { + "accountId": "string", + "apiId": "string", + "authorizer": { + "claims": {}, + "scopes": [ + "string" + ] + }, + "stage": "string", + "protocol": "string", + "identity": { + "accessKey": "string", + "accountId": "string", + "apiKey": "string", + "apiKeyId": "string", + "caller": "string", + "cognitoAuthenticationProvider": "string", + "cognitoAuthenticationType": "string", + "cognitoIdentityId": "string", + "cognitoIdentityPoolId": "string", + "principalOrgId": "string", + "sourceIp": "string", + "user": "string", + "userAgent": "string", + "userArn": "string", + "clientCert": { + "clientCertPem": "string", + "subjectDN": "string", + "issuerDN": "string", + "serialNumber": "string", + "validity": { + "notBefore": "string", + "notAfter": "string" + } + } + }, + "requestId": "string", + "requestTime": "string", + "requestTimeEpoch": "2024-11-08T17:54:51.062Z", + "resourceId": "string", + "resourcePath": "string", + "domainName": "string", + "domainPrefix": "string", + "extendedRequestId": "string", + "httpMethod": "DELETE", + "path": "string", + "connectedAt": "2024-11-08T17:54:51.062Z", + "connectionId": "string", + "eventType": "CONNECT", + "messageDirection": "string", + "messageId": "string", + "routeKey": "string", + "operationName": "string" + }, + "pathParameters": { + "cloudPlatform": "AWS" + }, + "stageVariables": { + "additionalProp1": "string", + "additionalProp2": "string", + "additionalProp3": "string" + }, + "isBase64Encoded": true, + "body": { + "workspaces": [ + { + "organization": "string", + "workspaceType": "account", + "workspaceId": "string", + "workspaceName": "string" + } + ], + "entities": [ + { + "delegationId": 0, + "entityType": "Group", + "entityId": "string", + "entityName": "string", + "directoryId": "string", + "directoryName": "string", + "entityEmail": "string", + "serviceType": "string", + "userPrincipal": "string" + } + ] + } + } + ``` + + #### Example Response (201 Created) + ``` + "" + ``` + + ## Response Status Codes + - 201 - Delegation added successfully + - 400 - Bad Request + - 500 - Internal server error + +} diff --git a/SaaS/Cloud Visibility/Delegations/Export Delegations.bru b/SaaS/Cloud Visibility/Delegations/Export Delegations.bru new file mode 100644 index 0000000..3b37bc8 --- /dev/null +++ b/SaaS/Cloud Visibility/Delegations/Export Delegations.bru @@ -0,0 +1,83 @@ +meta { + name: Export Delegations + type: http + seq: 3 +} + +post { + url: https://{{identityTenantName}}-cem.cyberark.cloud/api/delegations/workspace/export + body: json + auth: none +} + +body:json { + { + "filters": {}, + //"searchString": "string", + "offset": 0, + "limit": 1000 + } +} + +vars:pre-request { + cloudPlatform: AWS + workspaceId: 297915674260 + workspaceType: account +} + +assert { + res.status: eq 200 + res.body: isString +} + +script:pre-request { + const platformTokenAuth = require('./tools/platformTokenAuth'); + + // Perform authentication usings platformToken.js tools + await platformTokenAuth.login(); +} + +docs { + ## Export Delegations + Export configured delegations + + ### Request URL + https://-cem.cyberark.cloud/api/delegations/workspace/export + + #### Request Resource Information + | HTTP Method | Content Type | + | :-- | :-- | + | POST | application/json | + + #### Request Query Parameters + None + + #### Request Schema + | Parameter | Required | Description | + | :-- | :-- |:-- | + | cloudPlatform | yes | Name of Cloud Service Provider. **Valid Values:** AWS, GCP, AZURE | + | workspaceId | | | + | workspaceType | yes | Type of supported workspace. **Valid Values:** account, root, ou, directory, management_group, subscription, gcp_organization, folder, project | + + #### Example Request Body + ``` + { + "filters": {}, + "searchString": "string", + "offset": 0, + "limit": 1000 + } + ``` + + #### Example Response (201 Created) + ``` + "Workspace","WorkspaceType","Delegates" + "Example AWS Org","AWS root","Example Team" + ``` + + ## Response Status Codes + - 200 - Delegation successfully exported + - 404 - Not Found + - 500 - Internal server error + +} diff --git a/SaaS/Cloud Visibility/Delegations/Retrieve Delegation Details.bru b/SaaS/Cloud Visibility/Delegations/Retrieve Delegation Details.bru new file mode 100644 index 0000000..14eae2b --- /dev/null +++ b/SaaS/Cloud Visibility/Delegations/Retrieve Delegation Details.bru @@ -0,0 +1,87 @@ +meta { + name: Retrieve Delegation Details + type: http + seq: 2 +} + +post { + url: https://{{identityTenantName}}-cem.cyberark.cloud/api/delegations/workspace/details + body: json + auth: none +} + +body:json { + { + "cloudPlatform": "{{cloudPlatform}}", + "workspaceId": "{{workspaceId}}", + "workspaceType": "{{workspaceType}}" + } +} + +vars:pre-request { + cloudPlatform: AWS + workspaceId: Exmaple AWS Org + workspaceType: root +} + +assert { + res.status: eq 200 + res.body: isJson +} + +script:pre-request { + const platformTokenAuth = require('./tools/platformTokenAuth'); + + // Perform authentication usings platformToken.js tools + await platformTokenAuth.login(); +} + +docs { + ## Get Delegation Details + Get the list of owners associated with the given workspace + + ### Request URL + https://-cem.cyberark.cloud/api/delegations/workspace/details + + #### Request Resource Information + | HTTP Method | Content Type | + | :-- | :-- | + | POST | application/json | + + #### Request Query Parameters + None + + #### Request Schema + | Parameter | Required | Description | + | :-- | :-- |:-- | + | cloudPlatform | yes | Name of Cloud Service Provider. **Valid Values:** AWS, GCP, AZURE | + | workspaceId | | | + | workspaceType | yes | Type of supported workspace. **Valid Values:** account, root, ou, directory, management_group, subscription, gcp_organization, folder, project | + + #### Example Request Body + ``` + { + "cloudPlatform": "AWS", + "workspaceId": "123435646342", + "workspaceType": "account" + } + ``` + + #### Example Response (200 OK) + ``` + { + "id": 0, + "cloudPlatform": "AWS", + "workspaceType": "root", + "workspaceId": "Example AWS Org", + "workspaceName": null, + "entities": [] + } + ``` + + ## Response Status Codes + - 201 - Delegation added successfully + - 400 - Bad Request + - 500 - Internal server error + +} diff --git a/SaaS/Cloud Visibility/Delegations/Update Delegation.bru b/SaaS/Cloud Visibility/Delegations/Update Delegation.bru new file mode 100644 index 0000000..77385df --- /dev/null +++ b/SaaS/Cloud Visibility/Delegations/Update Delegation.bru @@ -0,0 +1,191 @@ +meta { + name: Update Delegation + type: http + seq: 4 +} + +put { + url: https://{{identityTenantName}}-cem.cyberark.cloud/api/delegations/owner/{{id}} + body: json + auth: none +} + +body:json { + { + "cloudPlatform": "{{cloudPlatform}}", + "workspaceId": "{{workspaceId}}", + "workspaceType": "{{workspaceType}}" + } +} + +vars:pre-request { + id: +} + +assert { + res.status: eq 200 + res.body: isJson +} + +script:pre-request { + const platformTokenAuth = require('./tools/platformTokenAuth'); + + // Perform authentication usings platformToken.js tools + await platformTokenAuth.login(); +} + +docs { + ## Update Delegation Details + Update identities associated with a workspace + + ### Request URL + https://-cem.cyberark.cloud/api/delegations/owner/{id} + + #### Request Resource Information + | HTTP Method | Content Type | + | :-- | :-- | + | PUT | application/json | + + #### Request Query Parameters + None + + #### Example Request Body + ``` + { + "version": "string", + "resource": "string", + "path": "string", + "httpMethod": "POST", + "headers": { + "additionalProp1": "string", + "additionalProp2": "string", + "additionalProp3": "string" + }, + "multiValueHeaders": { + "additionalProp1": [ + "string" + ], + "additionalProp2": [ + "string" + ], + "additionalProp3": [ + "string" + ] + }, + "queryStringParameters": { + "additionalProp1": "string", + "additionalProp2": "string", + "additionalProp3": "string" + }, + "multiValueQueryStringParameters": { + "additionalProp1": [ + "string" + ], + "additionalProp2": [ + "string" + ], + "additionalProp3": [ + "string" + ] + }, + "requestContext": { + "accountId": "string", + "apiId": "string", + "authorizer": { + "claims": {}, + "scopes": [ + "string" + ] + }, + "stage": "string", + "protocol": "string", + "identity": { + "accessKey": "string", + "accountId": "string", + "apiKey": "string", + "apiKeyId": "string", + "caller": "string", + "cognitoAuthenticationProvider": "string", + "cognitoAuthenticationType": "string", + "cognitoIdentityId": "string", + "cognitoIdentityPoolId": "string", + "principalOrgId": "string", + "sourceIp": "string", + "user": "string", + "userAgent": "string", + "userArn": "string", + "clientCert": { + "clientCertPem": "string", + "subjectDN": "string", + "issuerDN": "string", + "serialNumber": "string", + "validity": { + "notBefore": "string", + "notAfter": "string" + } + } + }, + "requestId": "string", + "requestTime": "string", + "requestTimeEpoch": "2024-11-08T17:54:51.062Z", + "resourceId": "string", + "resourcePath": "string", + "domainName": "string", + "domainPrefix": "string", + "extendedRequestId": "string", + "httpMethod": "DELETE", + "path": "string", + "connectedAt": "2024-11-08T17:54:51.062Z", + "connectionId": "string", + "eventType": "CONNECT", + "messageDirection": "string", + "messageId": "string", + "routeKey": "string", + "operationName": "string" + }, + "pathParameters": { + "cloudPlatform": "AWS" + }, + "stageVariables": { + "additionalProp1": "string", + "additionalProp2": "string", + "additionalProp3": "string" + }, + "isBase64Encoded": true, + "body": { + "workspaces": [ + { + "organization": "string", + "workspaceType": "account", + "workspaceId": "string", + "workspaceName": "string" + } + ], + "entities": [ + { + "delegationId": 0, + "entityType": "Group", + "entityId": "string", + "entityName": "string", + "directoryId": "string", + "directoryName": "string", + "entityEmail": "string", + "serviceType": "string", + "userPrincipal": "string" + } + ] + } + } + ``` + + #### Example Response (201 Created) + ``` + "" + ``` + + ## Response Status Codes + - 201 - Delegation added successfully + - 404 - Not Found + - 500 - Internal server error + +} diff --git a/SaaS/Cloud Visibility/Identities/Search Identities.bru b/SaaS/Cloud Visibility/Identities/Search Identities.bru new file mode 100644 index 0000000..2223436 --- /dev/null +++ b/SaaS/Cloud Visibility/Identities/Search Identities.bru @@ -0,0 +1,145 @@ +meta { + name: Search Identities + type: http + seq: 1 +} + +post { + url: https://{{identityTenantName}}-cem.cyberark.cloud/api/identities + body: json + auth: none +} + +body:json { + { + "paginationData": { + "limit": 5, + "nextToken": 5 + }, + "filter": { + "admin": true + } + } +} + +assert { + res.body: isJson + res.status: eq 200 +} + +script:pre-request { + const platformTokenAuth = require('./tools/platformTokenAuth'); + + // Perform authentication usings platformToken.js tools + await platformTokenAuth.login(); +} + +docs { + ## Search identities + This section describes the API for retrieving a list of identities in Cloud Visibility. + + ### Request URL + https://-cem.cyberark.cloud/api/identities + + #### Request Resource Information + | HTTP Method | Content Type | + | :-- | :-- | + | POST | application/json | + + #### Request Query Parameters + None + + ### Example Request Body + ``` + { + "paginationData": { + "limit": 5, + "nextToken": 5 + }, + "filter": { + "admin": true + } + } + ``` + + #### Example Response (20O OK) + ``` + { + "next_token": "10", + "identities": [ + { + "uid": "28515795-2bad-4468-8eb7-026a68520adf#gcpIamGoogleAccount#123456789123#adam@example.com.com", + "name": "adam@example.com.com", + "admin": true, + "entitlements_analysis": [ + "vandelay-logging-project-sca", + "1012709190570", + "pivotal-valve-321402" + ], + "number_of_workspaces": 3, + "identity_type": "GCP_IAM_GOOGLE_ACCOUNT" + }, + { + "uid": "28515795-2bad-4468-8eb7-026a68520adf#gcpIamGoogleAccount#123456789123#jerry@example.com.com", + "name": "jerry@example.com.com", + "admin": true, + "entitlements_analysis": [ + "1012709190570", + "sacred-ember-321523", + "vandelay-logging-project" + ], + "number_of_workspaces": 3, + "identity_type": "GCP_IAM_GOOGLE_ACCOUNT" + }, + { + "uid": "28515795-2bad-4468-8eb7-026a68520adf#gcpIamServiceAccount#123456789123#cyberark-reconcile@resolute-might-399019.iam.gserviceaccount.com", + "name": "cyberark-reconcile@resolute-might-399019.iam.gserviceaccount.com", + "admin": true, + "entitlements_analysis": [ + "resolute-might-399019" + ], + "number_of_workspaces": 1, + "identity_type": "GCP_IAM_SERVICE_ACCOUNT" + }, + { + "uid": "28515795-2bad-4468-8eb7-026a68520adf#gcpIamGroup#123456789123#sca_6acde23b@example.com", + "name": "sca_6acde23b@say-vandelay.com", + "admin": true, + "entitlements_analysis": [ + "1012709190570" + ], + "number_of_workspaces": 1, + "identity_type": "GCP_IAM_GROUP" + }, + { + "uid": "28515795-2bad-4468-8eb7-026a68520adf#azureUser#123a12ab-1234-1234-abcd-123abcd1abcd", + "name": "John Doe", + "admin": true, + "entitlements_analysis": [ + "root-group-cbe3df52-24db-4656-b055-90f95a9a1cd8", + "163c7d59-0e21-4684-bdfd-93f4c9e33322", + "8797f551-f885-462b-bd02-7c7cb5d8ccd8" + ], + "number_of_workspaces": 3, + "identity_type": "AZURE_USER" + } + ] + } + ``` + + ### Response Codes + | Return Code | Code Number | Description | + | --- | --- | :-- | + | Success | 200 | The request succeeded. The actual response will depend on the request method used. | + | Created | 201 | The request was fulfilled and resulted in a new resource being created. | + | Accepted | 202 | The request has been accepted for processing. | + | No Content | 204 | The server successfully processed the request and is not returning any content (no response body). This code is typically returned by DELETE requests. | + | Bad Request | 400 | The request could not be understood by the server due to incorrect syntax. | + | Unauthorized | 401 | The request requires user authentication. | + | Forbidden | 403 | The server received and understood the request, but will not fulfill it. Authorization will not help and the request MUST NOT be repeated. | + | Not Found | 404 | The server did not find anything that matches the Request-URI. No indication is given of whether the condition is temporary or permanent. | + | Conflict | 409 | The request could not be completed due to a conflict with the current state of the resource. | + | Too Many Requests | 429 | The user has sent too many requests in a given amount of time ("rate limiting"). | + | Internal Server Error | 500 | The server encountered an unexpected condition which prevented it from fulfilling the request. | + | Not Implemented | 501 | The server does not support this operation due to version incompatibility. | +} diff --git a/SaaS/Cloud Visibility/Scan/Scan Status.bru b/SaaS/Cloud Visibility/Scan/Scan Status.bru new file mode 100644 index 0000000..7fed540 --- /dev/null +++ b/SaaS/Cloud Visibility/Scan/Scan Status.bru @@ -0,0 +1,57 @@ +meta { + name: Scan Status + type: http + seq: 2 +} + +get { + url: https://{{identityTenantName}}-cem.cyberark.cloud/api/scan/status + body: none + auth: none +} + +body:json { + { + "workspaceId": "string", + "platformType": "aws", + "hierarchyTreeLevel": "LEAF" + } +} + +assert { + res.body: isJson + res.status: eq 200 +} + +script:pre-request { + const platformTokenAuth = require('./tools/platformTokenAuth'); + + // Perform authentication usings platformToken.js tools + await platformTokenAuth.login(); +} + +docs { + ## Get Scan Status + Returns the status of the scan. + + ### Request URL + https://-cem.cyberark.cloud/api/scan/status + + #### Request Resource Information + | HTTP Method | Content Type | + | :-- | :-- | + | GET | application/json | + + #### Request Query Parameters + None + + ### Example Request Body + None + + #### Example Response + ``` + { + "isScanRunning": false + } + ``` +} diff --git a/SaaS/Cloud Visibility/Scan/Scan.bru b/SaaS/Cloud Visibility/Scan/Scan.bru new file mode 100644 index 0000000..5354291 --- /dev/null +++ b/SaaS/Cloud Visibility/Scan/Scan.bru @@ -0,0 +1,59 @@ +meta { + name: Scan + type: http + seq: 1 +} + +post { + url: https://{{identityTenantName}}-cem.cyberark.cloud/api/scan + body: json + auth: none +} + +body:json { + { + "workspace_id": "297915674260" + } +} + +assert { + res.status: eq 200 + res.body: isJson +} + +script:pre-request { + const platformTokenAuth = require('./tools/platformTokenAuth'); + + // Perform authentication usings platformToken.js tools + await platformTokenAuth.login(); +} + +docs { + ## Trigger Scan + Trigger CEM scan on a customer's tenant + + ### Request URL + https://-cem.cyberark.cloud/api/scan + + #### Request Resource Information + | HTTP Method | Content Type | + | :-- | :-- | + | POST | application/json | + + #### Request Query Parameters + None + + ### Example Request Body + None + + #### Example Response (200 OK) + ``` + {} + ``` + + ## Response Status Codes + - 200 - Get all workspaces + - 500 - Internal server error + + +} diff --git a/SaaS/Cloud Visibility/Workspaces/Connect.bru b/SaaS/Cloud Visibility/Workspaces/Connect.bru new file mode 100644 index 0000000..c338e2d --- /dev/null +++ b/SaaS/Cloud Visibility/Workspaces/Connect.bru @@ -0,0 +1,79 @@ +meta { + name: Connect + type: http + seq: 2 +} + +post { + url: https://{{identityTenantName}}-cem.cyberark.cloud/api/new_account/workspaces/connect + body: json + auth: none +} + +body:json { + { + "workspaceId": "196116890505", + "platformType": "aws", + "hierarchyTreeLevel": "LEAF" + } +} + +assert { + res.status: eq 200 + res.body: isJson +} + +script:pre-request { + const platformTokenAuth = require('./tools/platformTokenAuth'); + + // Perform authentication usings platformToken.js tools + await platformTokenAuth.login(); +} + +docs { + ## Connect Workspace + Connect a workspace + + ### Request URL + https://-cem.cyberark.cloud/api/new_account/workspaces/connect + + #### Request Resource Information + | HTTP Method | Content Type | + | :-- | :-- | + | POST | application/json | + + #### Request Query Parameters + None + + #### Request Schema + WorkspaceInputData + - workspaceId: string + - platformType: string [ aws, azure, gcp ] + - hierarchyTreeLevel: sring [ LEAF, NODE, ROOT ] + + WorkspaceOutputData + - num_of_leaves_to_connect: integer + - num_of_connected_leaves: integer + + #### Example Request Body + ``` + { + "workspaceId": "196116890505", + "platformType": "aws", + "hierarchyTreeLevel": "LEAF" + } + ``` + + #### Example Response (200 OK) + ``` + { + "num_of_leaves_to_connect": 1, + "num_of_connected_leaves": 1 + } + ``` + + ## Response Status Codes + - 200 - Connection successfully completed + - 500 - Internal server error + +} diff --git a/SaaS/Cloud Visibility/Workspaces/Create AWS Account.bru b/SaaS/Cloud Visibility/Workspaces/Create AWS Account.bru new file mode 100644 index 0000000..247bb77 --- /dev/null +++ b/SaaS/Cloud Visibility/Workspaces/Create AWS Account.bru @@ -0,0 +1,75 @@ +meta { + name: Create AWS Account + type: http + seq: 5 +} + +post { + url: https://{{identityTenantName}}-cem.cyberark.cloud/api/new_account/platforms/aws/workspaces + body: json + auth: none +} + +body:json { + { + "accountId": "123456789012", + "iamRoleArn": "arn:aws:iam::123456789012:role/CyberArkRoleForCEM223673983569", + "cloudTrailLogLocation": "s3://cyberarkcemtrailbucket12345678901223673983569/AWSLogs/123456789012/", + "cloudTrailRegion": "us-west-2", + "athenaResultBucketName": "cyberarkathenaresult12345678901223673983569", + "athenaRoleArn": "arn:aws:iam::22222222222:role/CyberArkRoleForCEM223673983569" + } +} + +script:pre-request { + const platformTokenAuth = require('./tools/platformTokenAuth'); + + // Perform authentication usings platformToken.js tools + await platformTokenAuth.login(); +} + +docs { + ## Create AWS Account + This method enables you to validate account configuration and if successful, onboards your accounts. + + ### Request URL + https://-cem.cyberark.cloud/api/new_account/platforms/aws/workspaces + + #### Request Resource Information + | HTTP Method | Content Type | + | :-- | :-- | + | POST | application/json | + + #### Request Query Parameters + None + + #### Request Schema + + #### Example Request Body + ``` + { + "accountId": 123456789012, + "iamRoleArn": "arn:aws:iam::123456789012:role/CyberArkRoleForCEM223673983569", + "deploymentRegion": "us-west-2" + } + ``` + + #### Example Response (200 OK) + ``` + "" + ``` + + ## Response Status Codes + - 200 - Connection successfully completed + - 500 - Internal server error + + ## Error Example Response + ``` + { + "statusCode": 400, + "contextId": "77a5e431-bde7-46fc-bb44-87de0d231196", + "message": "Validation Error:arn:aws:iam::123456789012:role/CyberArkRoleForCEM622382967619 unableToAssumeRole", + "internalCode": 656 + } + ``` +} diff --git a/SaaS/Cloud Visibility/Workspaces/Delete.bru b/SaaS/Cloud Visibility/Workspaces/Delete.bru new file mode 100644 index 0000000..60fa6cd --- /dev/null +++ b/SaaS/Cloud Visibility/Workspaces/Delete.bru @@ -0,0 +1,71 @@ +meta { + name: Delete + type: http + seq: 4 +} + +post { + url: https://{{identityTenantName}}-cem.cyberark.cloud/api/new_account/workspaces/delete + body: json + auth: none +} + +body:json { + { + "workspaceId": "string", + "platformType": "aws", + "hierarchyTreeLevel": "LEAF" + } +} + +script:pre-request { + const platformTokenAuth = require('./tools/platformTokenAuth'); + + // Perform authentication usings platformToken.js tools + await platformTokenAuth.login(); +} + +docs { + ## Delete Workspace + Delete a workspace + + ### Request URL + https://-cem.cyberark.cloud/api/new_account/workspaces/delete + + #### Request Resource Information + | HTTP Method | Content Type | + | :-- | :-- | + | POST | application/json | + + #### Request Query Parameters + None + + #### Request Schema + WorkspaceInputData + - workspaceId: string + - platformType: string [ aws, azure, gcp ] + - hierarchyTreeLevel: sring [ LEAF, NODE, ROOT ] + + WorkspaceOutputData + - num_of_leaves_to_connect: integer + - num_of_connected_leaves: integer + + #### Example Request Body + ``` + { + "workspaceId": "196116890505", + "platformType": "aws", + "hierarchyTreeLevel": "LEAF" + } + ``` + + #### Example Response (200 OK) + ``` + "" + ``` + + ## Response Status Codes + - 200 - Connection successfully completed + - 500 - Internal server error + +} diff --git a/SaaS/Cloud Visibility/Workspaces/Disconnect.bru b/SaaS/Cloud Visibility/Workspaces/Disconnect.bru new file mode 100644 index 0000000..dcf8ff4 --- /dev/null +++ b/SaaS/Cloud Visibility/Workspaces/Disconnect.bru @@ -0,0 +1,75 @@ +meta { + name: Disconnect + type: http + seq: 3 +} + +post { + url: https://{{identityTenantName}}-cem.cyberark.cloud/api/new_account/workspaces/disconnect + body: json + auth: none +} + +body:json { + { + "workspaceId": "196116890505", + "platformType": "aws", + "hierarchyTreeLevel": "LEAF" + } +} + +assert { + res.status: eq 200 +} + +script:pre-request { + const platformTokenAuth = require('./tools/platformTokenAuth'); + + // Perform authentication usings platformToken.js tools + await platformTokenAuth.login(); +} + +docs { + ## Disconnect Workspace + Disconnect a workspace + + ### Request URL + https://-cem.cyberark.cloud/api/new_account/workspaces/disconnect + + #### Request Resource Information + | HTTP Method | Content Type | + | :-- | :-- | + | POST | application/json | + + #### Request Query Parameters + None + + #### Request Schema + WorkspaceInputData + - workspaceId: string + - platformType: string [ aws, azure, gcp ] + - hierarchyTreeLevel: sring [ LEAF, NODE, ROOT ] + + WorkspaceOutputData + - num_of_leaves_to_connect: integer + - num_of_connected_leaves: integer + + #### Example Request Body + ``` + { + "workspaceId": "196116890505", + "platformType": "aws", + "hierarchyTreeLevel": "LEAF" + } + ``` + + #### Example Response (200 OK) + ``` + "" + ``` + + ## Response Status Codes + - 200 - Connection successfully completed + - 500 - Internal server error + +} diff --git a/SaaS/Cloud Visibility/Workspaces/Get Workspaces.bru b/SaaS/Cloud Visibility/Workspaces/Get Workspaces.bru new file mode 100644 index 0000000..7f8c99c --- /dev/null +++ b/SaaS/Cloud Visibility/Workspaces/Get Workspaces.bru @@ -0,0 +1,108 @@ +meta { + name: Get Workspaces + type: http + seq: 1 +} + +get { + url: https://{{identityTenantName}}-cem.cyberark.cloud/api/customer/platforms/workspaces/ + body: none + auth: none +} + +body:json { + { + "workspaceId": "string", + "platformType": "aws", + "hierarchyTreeLevel": "LEAF" + } +} + +assert { + res.body: isJson + res.status: eq 200 +} + +script:pre-request { + const platformTokenAuth = require('./tools/platformTokenAuth'); + + // Perform authentication usings platformToken.js tools + await platformTokenAuth.login(); +} + +docs { + ## Get Workspaces + This section describes the API for retrieving a list of workspaces in Cloud Visibility. + ### Request URL + https://-cem.cyberark.cloud/api/customer/platforms/workspaces + + #### Request Resource Information + | HTTP Method | Content Type | + | :-- | :-- | + | GET | application/json | + + #### Request Query Parameters + None + + ### Example Request Body + None + + #### Example Response + ``` + { + "data": [ + { + "platform": "aws", + "workspaces": [ + { + "workspace_id": "123244353563", + "workspace_status": "READY_FOR_CONNECTION", + "workspace_name": "example-internal" + }, + { + "workspace_id": "123244353563", + "workspace_status": "READY_FOR_CONNECTION" + } + ] + }, + { + "platform": "azure", + "workspaces": [ + { + "workspace_id": "12abcd12-abcd-1234-1234-ef3cb2c2e43c", + "workspace_status": "CONNECTED", + "workspace_name": "prod_nextgen_mobile" + }, + { + "workspace_id": "12abcd12-abcd-1234-1234-ef3cb2c2e43c", + "workspace_status": "READY_FOR_CONNECTION", + "workspace_name": "New-Subscription" + }, + { + "workspace_id": "12abcd12-abcd-1234-1234-ef3cb2c2e43c", + "workspace_status": "CONNECTED", + "workspace_name": "dev_nextgen_mobile" + } + ] + }, + { + "platform": "gcp", + "workspaces": [ + { + "workspace_id": "non-prod-infra-123456", + "workspace_status": "CONNECTED" + }, + { + "workspace_id": "number-prod", + "workspace_status": "READY_FOR_CONNECTION" + }, + { + "workspace_id": "number-dev", + "workspace_status": "READY_FOR_CONNECTION" + } + ] + } + ] + } + ``` +} From 5836661d10d60d78e3d1b15c75969aeb86b97b51 Mon Sep 17 00:00:00 2001 From: Joe Strickland Date: Fri, 8 Nov 2024 13:27:27 -0500 Subject: [PATCH 2/2] changed name from Cloud Entitlements Manager to Cloud Visibility --- .../Identities/Search Identities.bru | 35 ----------- .../Remediations/Get Remediation.bru | 62 ------------------- .../Scan/Scan Status.bru | 47 -------------- SaaS/Cloud Entitlements Manager/Scan/Scan.bru | 42 ------------- .../Workspaces/Connect.bru | 49 --------------- .../Workspaces/Create AWS Account.bru | 50 --------------- .../Workspaces/Delete.bru | 44 ------------- .../Workspaces/Disconnect.bru | 48 -------------- .../Workspaces/Get Workspaces.bru | 60 ------------------ 9 files changed, 437 deletions(-) delete mode 100644 SaaS/Cloud Entitlements Manager/Identities/Search Identities.bru delete mode 100644 SaaS/Cloud Entitlements Manager/Remediations/Get Remediation.bru delete mode 100644 SaaS/Cloud Entitlements Manager/Scan/Scan Status.bru delete mode 100644 SaaS/Cloud Entitlements Manager/Scan/Scan.bru delete mode 100644 SaaS/Cloud Entitlements Manager/Workspaces/Connect.bru delete mode 100644 SaaS/Cloud Entitlements Manager/Workspaces/Create AWS Account.bru delete mode 100644 SaaS/Cloud Entitlements Manager/Workspaces/Delete.bru delete mode 100644 SaaS/Cloud Entitlements Manager/Workspaces/Disconnect.bru delete mode 100644 SaaS/Cloud Entitlements Manager/Workspaces/Get Workspaces.bru diff --git a/SaaS/Cloud Entitlements Manager/Identities/Search Identities.bru b/SaaS/Cloud Entitlements Manager/Identities/Search Identities.bru deleted file mode 100644 index c40ac99..0000000 --- a/SaaS/Cloud Entitlements Manager/Identities/Search Identities.bru +++ /dev/null @@ -1,35 +0,0 @@ -meta { - name: Search Identities - type: http - seq: 1 -} - -post { - url: https://{{identityTenantName}}-cem.cyberark.cloud/api/identities - body: json - auth: none -} - -body:json { - { - "paginationData": { - "limit": 5, - "nextToken": 5 - }, - "filter": { - "admin": true - } - } -} - -assert { - res.body: isJson - res.status: eq 200 -} - -script:pre-request { - const platformTokenAuth = require('./tools/platformTokenAuth'); - - // Perform authentication usings platformToken.js tools - await platformTokenAuth.login(); -} diff --git a/SaaS/Cloud Entitlements Manager/Remediations/Get Remediation.bru b/SaaS/Cloud Entitlements Manager/Remediations/Get Remediation.bru deleted file mode 100644 index fda18ec..0000000 --- a/SaaS/Cloud Entitlements Manager/Remediations/Get Remediation.bru +++ /dev/null @@ -1,62 +0,0 @@ -meta { - name: Get Remediation - type: http - seq: 1 -} - -get { - url: https://{{identityTenantName}}-cem.cyberark.cloud/api/reduce-exposure/remediation - body: none - auth: none -} - -query { - ~identityId: - ~plaform: - ~workspaceId: - ~execTime: -} - -body:json { - { - "workspaceId": "string", - "platformType": "aws", - "hierarchyTreeLevel": "LEAF" - } -} - -script:pre-request { - const platformTokenAuth = require('./tools/platformTokenAuth'); - - // Perform authentication usings platformToken.js tools - await platformTokenAuth.login(); -} - -docs { - This section describes the API for retrieving an identity's remediations in Cloud Entitlements Manager. - - ## Schemas - - - ## Response Status Codes - - 200 - Get all workspaces - - 500 - Internal server error - - ## Example Success Response - ``` - { - "platform": "aws", - "workspaceId": "string", - "identityId": "string", - "remediations": [ - { - "UN_USED_PERMISSIONS": { - "LEAST_PRIVILEGE": { - "data": "string" - } - } - } - ] - } - ``` -} diff --git a/SaaS/Cloud Entitlements Manager/Scan/Scan Status.bru b/SaaS/Cloud Entitlements Manager/Scan/Scan Status.bru deleted file mode 100644 index ccba64a..0000000 --- a/SaaS/Cloud Entitlements Manager/Scan/Scan Status.bru +++ /dev/null @@ -1,47 +0,0 @@ -meta { - name: Scan Status - type: http - seq: 2 -} - -get { - url: https://{{identityTenantName}}-cem.cyberark.cloud/api/scan/status - body: none - auth: none -} - -body:json { - { - "workspaceId": "string", - "platformType": "aws", - "hierarchyTreeLevel": "LEAF" - } -} - -assert { - res.body: isJson - res.status: eq 200 -} - -script:pre-request { - const platformTokenAuth = require('./tools/platformTokenAuth'); - - // Perform authentication usings platformToken.js tools - await platformTokenAuth.login(); -} - -docs { - Trigger scan via public REST APIs. - - ## Response Status Codes - - 200 - Get all workspaces - - 400 - Bad request - - 500 - Internal server error - - ## Example Success Response - ``` - { - "isScanRunning": false - } - ``` -} diff --git a/SaaS/Cloud Entitlements Manager/Scan/Scan.bru b/SaaS/Cloud Entitlements Manager/Scan/Scan.bru deleted file mode 100644 index d28bcfe..0000000 --- a/SaaS/Cloud Entitlements Manager/Scan/Scan.bru +++ /dev/null @@ -1,42 +0,0 @@ -meta { - name: Scan - type: http - seq: 1 -} - -post { - url: https://{{identityTenantName}}-cem.cyberark.cloud/api/scan - body: json - auth: none -} - -body:json { - { - "workspace_id": "297915674260" - } -} - -assert { - res.status: eq 200 - res.body: isJson -} - -script:pre-request { - const platformTokenAuth = require('./tools/platformTokenAuth'); - - // Perform authentication usings platformToken.js tools - await platformTokenAuth.login(); -} - -docs { - Trigger scan via public REST APIs. - - ## Response Status Codes - - 200 - Get all workspaces - - 500 - Internal server error - - ## Example Success Response - ``` - - ``` -} diff --git a/SaaS/Cloud Entitlements Manager/Workspaces/Connect.bru b/SaaS/Cloud Entitlements Manager/Workspaces/Connect.bru deleted file mode 100644 index b32bb30..0000000 --- a/SaaS/Cloud Entitlements Manager/Workspaces/Connect.bru +++ /dev/null @@ -1,49 +0,0 @@ -meta { - name: Connect - type: http - seq: 2 -} - -post { - url: https://{{identityTenantName}}-cem.cyberark.cloud/api/new_account/workspaces/connect - body: json - auth: none -} - -body:json { - { - "workspaceId": "196116890505", - "platformType": "aws", - "hierarchyTreeLevel": "LEAF" - } -} - -assert { - res.status: eq 200 - res.body: isJson -} - -script:pre-request { - const platformTokenAuth = require('./tools/platformTokenAuth'); - - // Perform authentication usings platformToken.js tools - await platformTokenAuth.login(); -} - -docs { - This section describes the API for connecting workspaces in Cloud Entitlements Manager. - - ## Schema - WorkspaceInputData - - workspaceId: string - - platformType: string [ aws, azure, gcp ] - - hierarchyTreeLevel: sring [ LEAF, NODE, ROOT ] - - WorkspaceOutputData - - num_of_leaves_to_connect: integer - - num_of_connected_leaves: integer - - ## Response Status Codes - - 200 - Connection successfully completed - - 500 - Internal server error -} diff --git a/SaaS/Cloud Entitlements Manager/Workspaces/Create AWS Account.bru b/SaaS/Cloud Entitlements Manager/Workspaces/Create AWS Account.bru deleted file mode 100644 index 1a87afa..0000000 --- a/SaaS/Cloud Entitlements Manager/Workspaces/Create AWS Account.bru +++ /dev/null @@ -1,50 +0,0 @@ -meta { - name: Create AWS Account - type: http - seq: 5 -} - -post { - url: https://{{identityTenantName}}-cem.cyberark.cloud/api/new_account/platforms/aws/workspaces - body: json - auth: none -} - -body:json { - { - "accountId": "123456789012", - "iamRoleArn": "arn:aws:iam::123456789012:role/CyberArkRoleForCEM223673983569", - "cloudTrailLogLocation": "s3://cyberarkcemtrailbucket12345678901223673983569/AWSLogs/123456789012/", - "cloudTrailRegion": "us-west-2", - "athenaResultBucketName": "cyberarkathenaresult12345678901223673983569", - "athenaRoleArn": "arn:aws:iam::22222222222:role/CyberArkRoleForCEM223673983569" - } -} - -script:pre-request { - const platformTokenAuth = require('./tools/platformTokenAuth'); - - // Perform authentication usings platformToken.js tools - await platformTokenAuth.login(); -} - -docs { - This section describes the API for validating account configuration and if successful, onboards your accounts to Cloud Entitlements Manager. - - ## Schemas - - - ## Response Status Codes - - 200 - Get all workspaces - - 400 - Validation error - - ## Error Example Response - ``` - { - "statusCode": 400, - "contextId": "77a5e431-bde7-46fc-bb44-87de0d231196", - "message": "Validation Error:arn:aws:iam::123456789012:role/CyberArkRoleForCEM622382967619 unableToAssumeRole", - "internalCode": 656 - } - ``` -} diff --git a/SaaS/Cloud Entitlements Manager/Workspaces/Delete.bru b/SaaS/Cloud Entitlements Manager/Workspaces/Delete.bru deleted file mode 100644 index f08b414..0000000 --- a/SaaS/Cloud Entitlements Manager/Workspaces/Delete.bru +++ /dev/null @@ -1,44 +0,0 @@ -meta { - name: Delete - type: http - seq: 4 -} - -post { - url: https://{{identityTenantName}}-cem.cyberark.cloud/api/new_account/workspaces/delete - body: json - auth: none -} - -body:json { - { - "workspaceId": "string", - "platformType": "aws", - "hierarchyTreeLevel": "LEAF" - } -} - -script:pre-request { - const platformTokenAuth = require('./tools/platformTokenAuth'); - - // Perform authentication usings platformToken.js tools - await platformTokenAuth.login(); -} - -docs { - This section describes the API for deleting workspaces in Cloud Entitlements Manager. - - ## Schema - WorkspaceInputData - - workspaceId: string - - platformType: string [ aws, azure, gcp ] - - hierarchyTreeLevel: sring [ LEAF, NODE, ROOT ] - - WorkspaceOutputData - - num_of_leaves_to_connect: integer - - num_of_connected_leaves: integer - - ## Response Status Codes - - 200 - Deletion successfully completed - - 500 - Internal server error -} diff --git a/SaaS/Cloud Entitlements Manager/Workspaces/Disconnect.bru b/SaaS/Cloud Entitlements Manager/Workspaces/Disconnect.bru deleted file mode 100644 index d411722..0000000 --- a/SaaS/Cloud Entitlements Manager/Workspaces/Disconnect.bru +++ /dev/null @@ -1,48 +0,0 @@ -meta { - name: Disconnect - type: http - seq: 3 -} - -post { - url: https://{{identityTenantName}}-cem.cyberark.cloud/api/new_account/workspaces/disconnect - body: json - auth: none -} - -body:json { - { - "workspaceId": "196116890505", - "platformType": "aws", - "hierarchyTreeLevel": "LEAF" - } -} - -assert { - res.status: eq 200 -} - -script:pre-request { - const platformTokenAuth = require('./tools/platformTokenAuth'); - - // Perform authentication usings platformToken.js tools - await platformTokenAuth.login(); -} - -docs { - This section describes the API for disconnecting workspaces in Cloud Entitlements Manager. - - ## Schema - WorkspaceInputData - - workspaceId: string - - platformType: string [ aws, azure, gcp ] - - hierarchyTreeLevel: sring [ LEAF, NODE, ROOT ] - - WorkspaceOutputData - - num_of_leaves_to_connect: integer - - num_of_connected_leaves: integer - - ## Response Status Codes - - 200 - Disconnection successfully completed - - 500 - Internal server error -} diff --git a/SaaS/Cloud Entitlements Manager/Workspaces/Get Workspaces.bru b/SaaS/Cloud Entitlements Manager/Workspaces/Get Workspaces.bru deleted file mode 100644 index 4271875..0000000 --- a/SaaS/Cloud Entitlements Manager/Workspaces/Get Workspaces.bru +++ /dev/null @@ -1,60 +0,0 @@ -meta { - name: Get Workspaces - type: http - seq: 1 -} - -get { - url: https://{{identityTenantName}}-cem.cyberark.cloud/api/customer/platforms/workspaces/ - body: none - auth: none -} - -body:json { - { - "workspaceId": "string", - "platformType": "aws", - "hierarchyTreeLevel": "LEAF" - } -} - -assert { - res.body: isJson - res.status: eq 200 -} - -script:pre-request { - const platformTokenAuth = require('./tools/platformTokenAuth'); - - // Perform authentication usings platformToken.js tools - await platformTokenAuth.login(); -} - -docs { - This section describes the API for retrieving a list of workspaces in Cloud Entitlements Manager. - - ## Schemas - - - ## Response Status Codes - - 200 - Get all workspaces - - 500 - Internal server error - - ## Example Success Response - ``` - { - "data": [ - { - "platform": "aws", - "workspaces": [ - { - "workspace_id": "string", - "workspace_status": "CONNECTED", - "workspace_name": "string" - } - ] - } - ] - } - ``` -}